70284 MCSE Guide to Microsoft Exchange Server 2003 Administration

1
70-284 MCSE Guide to Microsoft Exchange Server
2003 Administration

• Chapter Seven
• Configuring and Managing Exchange Server

2
Objectives

• Understand how and why additional administrative
  groups should be created
• Understand how and why additional routing groups
  should be created
• Describe front-end and back-end server
  configurations
• Describe how to manage virtual servers and
  virtual directories

3
Configuring and Managing Exchange Server

• Organizations usually need additional servers
• Greater volume of users may be hosted
• Dedicated servers perform specific tasks
• Load-balance processing across servers
• Two perspectives for organizing servers
• Connectivity
• Administrative
• HTTP virtual servers
• Grant access and transfer files to client work
  stations
• Are administered using Internet Services Manager

4
Administrative Groups

• Administrative groups
• Define admin topology for an Exchange
  organization
• Based on geography, department, division, or
  function
• Assigning administrative permissions
• Is simplified by using administrative groups
• Objects created or moved into an admin group
  object inherit its permissions
• Four objects may be created in administrative
  group
• Policies, Routing Groups, Public Folder Trees,
  Servers

5
Administrative Models

• Three administrative models organize admin groups
• Centralized, Decentralized, Mixed
• Centralized administrative model
• One group has full control over the Exchange
  servers
• Routing group need not reflect administrative
  topology
• Decentralized administrative model
• Each location has a team of Exchange
  administrators
• Groups are based on geographical or departmental
  needs
• Groups can contain policies, servers, public
  folder trees, and other objects specific to the
  group

6
(No Transcript)
7
(No Transcript)
8
Administrative Groups (continued)

• Issues migrating from Exchange Server 5.5 at
  multiple sites
• Forces use of decentralized administrative model
• Exchange 5.5 sites are created as separate admin
  groups
• Mixed administrative model
• Restricts certain administrative functions
• Does not create specialization for every function
• Create admin groups by function, not department
• Combines specialized admin functions and
  geographical factors into one model

9
(No Transcript)
10
Activity 7-1 Creating an Administrative Group

• Time Required 10 to 20 minutes
• Objective Create an additional administrative
  group
• Description Create an additional administrative
  group for your organization. By default when you
  install your first Exchange 2003 server, a
  default administrative group called First
  Administrative Group is created.

11
(No Transcript)
12
Managing Administrative Groups

• Exchange Server 2003 has two modes of operation
• Mixed mode pre-Exchange 2000 Servers are
  supported
• Native mode only Exchange 2000 Server and
  Exchange Server 2003 are supported

13
Mixed Mode

• Mixed the default operation mode for Exchange
  Server 2003
• Mixed mode accommodates Exchange Server 5.5
• Exchange 5.5 limits Exchange Server 2003
• Each admin group has only one functional routing
  group
• Mailboxes cannot be moved between servers in
  different administrative groups
• Some System Manager commands do not apply to
  Exchange Server 5.5
• You cannot edit directory object properties in
  Active Directory
• InetOrgPerson and query-based distribution groups
  are not available

14
Native Mode

• Native mode operation
• Exchange Server 2003 is not subject to mixed mode
  limitations
• Using Exchange Server 2003 you can
• Enable routing group support
• Create additional routing groups as necessary
• Native mode drawback
• It cannot work with Exchange Server 5.5 or lower
  versions

15
Routing Groups

• Routing group physical collection of servers
• The links between routing groups are assumed to
  be slow or unreliable
• Connectors join routing groups over slow WAN
  links
• Costs may be implemented on connectors
• Costs enable you to channel physical path
• Target server handles message communication
  within a routing group
• Bridgehead server handles message communication
  among routing groups

16
Routing Groups (continued)

• Bridgehead server is designated in each routing
  group
• Routing group connector is used by the bridgehead
  server to join routing groups
• Exchange System Manager is used to create
  separate routing groups
• Factors for deciding whether to set up a routing
  group
• Persistent connectivity
• Common Active Directory forest
• Relatively high bandwidth

17
Routing Groups (continued)

• Place servers prone to failure in separate
  routing groups
• Place a global catalog server in each routing
  group
• Five reasons for dividing Exchange Server 5.5
  into multiple routing groups
• Minimum requirements outlined are not met
• Messaging path must be altered to multiple hops
• Messages must be queued and sent by schedule
• Bandwidth between servers is less than 16 Kbps
• Routing client connections to specific public
  folder replicas

18
Activity 7-2 Creating a Routing Group

• Time Required 10 to 20 minutes
• Objective Create an additional routing group
  using Exchange System Manager
• Description Create an additional routing group
  within your organization. Routing groups help you
  to control mail flow and public folder referrals.
  Within a routing group, all servers communicate
  and transfer messages directly to one another.

19
(No Transcript)
20
Activity 7-3 Installing a Server into a New
Administrative Groupand Routing Group

• Time Required 90 to 120 minutes
• Objective Install an Exchange Server 2003 server
  into a second administrative and second routing
  group.
• Description With administrative groups already
  preconfigured, you are prompted during the
  installation of any new servers as to which
  administrative group and routing group you want
  to install the server into

21
(No Transcript)
22
(No Transcript)
23
(No Transcript)
24
(No Transcript)
25
(No Transcript)
26
(No Transcript)
27
Front-End/Back-End Configurations

• Front-end/back-end configuration
• Tasks are distributed between front-end/back-end
  servers
• Front-end server duties accept requests from
  clients
• Proxies requests to appropriate back-end server
• Recommended topology for the following
• Multiple server organizations
• Users of Microsoft Outlook Web Access, POP, IMAP,
  or Outlook 2003 (using RPC over HTTP)
• Front-end server specially configured
• No configuration option to designate back-end
  server

28
Advantages of Front-End/Back-End Configuration

• Three advantages of front-end/back-end topology
• Single namespace across organization
• User need not know name of server hosting mailbox
  (accessed with Web, POP, or IMAP interface)
• Ability to balance load across servers
• Front-end server handles SSL encryption/decryption
  
• Encryption/decryption offloaded from back-end
  servers
• Ability to use firewalls to protect back-end
• Front-end provides additional layer behind
  firewall
• Front-end hides back-end configuration
• Front-end authenticates mailbox/public folder
  requests

29
Front-End/Back-End Functionality

• Front-end proxies client requests to back-end
• Front-end/back-end configuration with a firewall
• Complex due to communication with Active
  Directory
• Exchange Server uses DSAccess to detect directory
  servers
• DSAccess uses LDAPs and RPCs
• RPCs require many open ports on the firewall
• High number of open ports introduces security
  issues

30
Front-End/Back-End Functionality (continued)

• Front-end/back-end configuration without a
  firewall
• Helps maintain a single namespace for e-mail
  servers
• Scalable using Outlook Web Access, POP, IMAP
• Using IMAP or POP access
• Client sends log-on request with mailbox name
• Front-end determines location of user's mailbox
• Front-end proxies request to back-end
• User is authenticated
• Back-end sends results of log-on to front-end
• Front-end presents results to user

31
Activity 7-4 Setting Up a Front-End Server
Configuration for POP and OWA Access

• Time Required 20 to 30 minutes
• Objective Configure a front-end server to act as
  a POP server for the Exchange Server 2003
  organization
• Description Configure the newly installed server
  that was created in the previous activity as a
  front-end server for POP access to the
  organization. This server will accept POP
  connections and proxy the requests to the
  back-end server on behalf of the client to
  retrieve information from the mailbox.

32
(No Transcript)
33
Front-End Server Configuration for POP and OWA
Access

• SMTP protocol should be configured on the
  front-end
• SMTP is used by IMAP and POP clients for outgoing
  communication
• Using Outlook Web Access
• HTTP client requests are sent to the front-end
  server
• Front-end server uses Active Directory to isolate
  back-end server
• Front-end server forwards request to back-end
  server
• HTTP host header remains unchanged

34
Front-End Server Configuration for POP and OWA
Access(continued)

• Exchange Server 2003 improvements for
  front-end/back-end configuration
• Kerberos authentication
• RPC over HTTP encapsulate RPC within HTTP
• Forms-based authentication

35
Managing HTTP Virtual Servers

• IIS Internet Information Services
• Provides transport services to access
  folders/mailboxes
• Uses Internet protocol (HTTP, POP, or IMAP)
• Exchange integrates with Windows 2000/2003 IIS
• Exchange stores configuration in IIS metabase
• Directory Service Metabase Synchronization
  (DS2MB)
• Part of Exchange System Attendant
• Replicates configuration changes made in Active
  Directory to the metabase
• Overrides changes made directly to the IIS
  metabase

36
Managing HTTP Virtual Servers (continued)

• Each HTTP virtual server is represented as a Web
  site
• Default Web site represents default HTTP server
• Five important HTTP virtual server directories
• Exadmin Web-based administration of the HTTP
  virtual server
• Exchange used to access mailboxes
• ExchWeb provides calendaring, address book,
  other functions
• OMA directory to which Outlook Mobile Access
  users connect to access Exchange data
• Public used to access the default public folders
  tree

37
(No Transcript)
38
Activity 7-5 Configuring an Additional Virtual
Server

• Time Required 20 to 40 minutes
• Objective Create an additional HTTP virtual
  server to host an additional domain
• Description Create an additional HTTP virtual
  server that will be configured to host an
  additional SMTP domain in three stages. A fourth
  stage will test the new virtual server.

39
(No Transcript)
40
(No Transcript)
41
Activity 7-6 Configuring Additional Virtual
Directories

• Time Required 20 to 40 minutes
• Objective Create an additional HTTP virtual
  directory to host an additional domain
• Description Create an additional HTTP virtual
  directory that will be configured to host an
  additional SMTP domain in two stages

42
Activity 7-7 Configuring Connection Values

• Time Required 10 to 15 minutes
• Objective Walk through the steps outlining how
  to configure connection settings for your HTTP
  virtual server
• Description Walk through the steps for how you
  could configure the connection limits and
  connection timeout values for your SMTP virtual
  server

43
Activity 7-8 Starting and Stopping Virtual
Servers and the World Wide Web Service

• Time Required 10 to 20 minutes
• Objective Walk through the steps outlining how
  to start and stop an HTTP virtual server and the
  World Wide Web publishing service
• Description Walk through the steps that you can
  take to stop and start HTTP virtual servers
  within your Exchange Server 2003 organization as
  well as the World Wide Web publishing service

44
Summary

• Administrative groups define admin topology
• Admin groups are based on geography, department,
  division, function
• Three approaches to administrative group design
  centralized, decentralized, mixed
• Admin group operation is based on Exchange Server
  2003 mode (native or mixed)
• Routing group collection of servers with
  high-bandwidth connectivity

45
Summary (continued)

• Routing groups are determined by physical
  topology
• Connectors join routing groups over slow WAN
  links
• Exchange Server 2003 perceives a single routing
  group (default)
• Front-end/back-end configuration distributes
  tasks
• Front-end server receives client requests

46
Summary (continued)

• Front-end servers proxy requests to back-end
• Front-end servers may or may not fall behind a
  firewall
• IIS virtual servers provide transport services
• Multiple virtual servers require one SSL
  certificate for each domain name
• HTTP virtual servers run under World Wide Web
  Publishing Service