7. Forefront Online
Protection for
Exchange
Internal Network Phone system
(PBX or VOIP)
Edge
Transport Hub Transport
Routing and Routing and policy
AV/AS
External
SMTP
servers Mailbox Unified Messaging
Stores mailbox and Voice mail and
public folder items voice access
Mobile phone
Web Client Access
browser Layer 7 LB Client connectivity
Web services
AD
Outlook (remote
user)
Outlook (local user)
Line of business application
10. Forefront Online
Protection for
Exchange
Internal Network
Exchange 2010 CAS MBX
Edge (Array) (DAG)
Transport
Layer 4 load balancing
External
SMTP
servers
Mobile phone
Web
browser
Outlook (remote Phone system
user) (PBX or VOIP)
Outlook (local user) LOB Application
11. EWS protocol
MRS proxy
protocol
SMTP
MRS
Protocols, EWS
MRSProxy
Transport Transport MRS
MRSProxy
EWS
Server Agents RPC CA Assistants
Custom WS
Assistants RPC CA
XSO MailItem Banned XSO MailItem
E2010
Business Logic
CTS Other API CTS Other API
Content Content
Store index Store index
Storage ESE File ESE File
system system
Server1 (Vn) Server2 (Vn+1)
16. Outlook Web App Outlook EAS EAC PowerShell POP/IMAP SMTP
SI
Load Balancer P
Redirect
IIS POP, SIP + RTP
Client HTTP Proxy IMAP
SMTP UM
Access SMTP
HTTP POP, IMAP
IIS
RpcProxy
POP Transpo
OWA, EAS, EWS, UM
RPS ECP, OAB
IMAP rt
RPC CA
Mailbox
MDB MailQ
17.
18.
19. Geographical DNS Solution
Sue Sue
(somewhere in NA) (traveling
mail.contoso.com in APAC)
DNS Resolution DNS Resolution via Geo-DNS
Round-Robin between # of VIPs Round-Robin between # of VIPs
VIP #1 VIP #2 VIP #3 VIP #4
DAG DAG
41. SMTP SMTP
Transport Pipeline
SMTP Receive
Delivery
Protocol SMTP Send
Queue
Agents
Categorizer
Routing
Agents
Pickup/Replay Submission Delivery Agents for
Queue other protocols
Delivery
Queue
SMTP from MBX Transport SMTP to MBX Transport
Delivery Submission
42. SMTP from Transport SMTP to Transport
Service Service
Mailbox Transport
SMTP Receive Pipeline SMTP Send
Hub Selector
Store Driver Deliver (Router)
MBX Deliver Store Driver Submit
Agents
MBX Submit
MBX Agents
Assistants
Mailbox Transport Delivery Mailbox Transport Submission
MAPI MAPI
Mailbox Store
43.
44. If you have a stretched DAG, you also have transport site resilience
Resubmits due to transport DB loss or MDB *over are fully automatic
and do
45
45. SMTP
Transport Transport
MBX Transport MBX Transport
MAPI MAPI
DB1 DB2 DB1 DB2
MBX1 MBX2
DAG
47. Exchange Server 2010 Coexistence - Autodiscover (External clients)
Clients
autodiscover.contoso.com
CAS CAS
2010 PROXY PROXY 2010
handles handles
E2010 CAS request E2013 CAS E2010 CAS request
E2010/E2007
MBX
E2010 MBX E2013 MBX E2010 MBX
Internet facing site Intranet site
48. Exchange Server 2007 Coexistence - Autodiscover (External clients)
Clients
autodiscover.contoso.co
m
E2007 CAS E2013 CAS E2007 CAS
PROXY
MBX
2013
E2010/E2007
handles
MBX
E2007 MBX E2013 MBX request E2007 MBX
Internet facing site Intranet site
49. Exchange Server 2010 Coexistence - Autodiscover (Internal clients)
Lookup SCP records in AD
Outlook Clients
Internal LB namespace
CAS CAS
2010 PROXY PROXY 2010
handles handles
E2010 CAS request E2013 CAS E2010 CAS request
E2010/E2007
MBX
E2010 MBX E2013 MBX E2010 MBX
Internet facing site Intranet site
50. Exchange Server 2007 Coexistence - Autodiscover (Internal clients)
Lookup SCP records in AD
Outlook Clients
Internal LB namespace
E2007 CAS E2013 CAS E2007CAS
MBX
2013
E2010/E2007
handles
MBX
E2007 MBX E2013 MBX request E2007 MBX
Internet facing site Intranet site
53. Clients 2010
Exchange Server 2007 andRPC/HTTP Coexistence - Outlook Anywhere
mail.contoso.com
RPC/HTTP
1. Enable Outlook Anywhere
On intranet 2007/2010 servers
HTTP HTTP
PROXY E2013 CAS PROXY 2. Client Settings
E2010/E2007 CAS E2010/E2007
CAS Enable OA Make 2007/2010 client settings
Enable OA Enable OA
Client Auth: Basic the same as 2013 Server
Client Auth: Basic Client Auth: Basic
IIS Auth: Basic IIS Auth: Basic IIS Auth: Basic
NTLM NTLM 3. IIS Authentication Methods
Must include NTLM
RPC RPC
E2010/E2007
MBX
E2010/E2007 MBX E2013 MBX E2010/E2007 MBX
Internet facing site Intranet site
58. Exchange Server 2010 Coexistence – EAS/EWS
EAS/EW
S europe.mail.contoso.com
mail.contoso.com
Layer 4 LB Layer 7 LB
Same HTTP HTTP Cross
site PROXY PROXY site
proxy proxy
E2010 CAS request E2013 CAS E2010 CAS request
E2010/E2007
MBX
E2010 MBX E2013 MBX E2010 MBX
Internet facing site Intranet site
59. Exchange Server 2007 Coexistence – EAS, EWS
EAS, EWS
legacy.mail.contoso.com mail.contoso.com europe.mail.contoso.com
Layer 7 LB Layer 4 LB Layer 7 LB
E2007 CAS E2013 CAS E2007 CAS
E2010/E2007
MBX
E2007 MBX E2013 MBX E2007 MBX
Internet facing site Intranet site
63. A Single External Namespace Example
Geographical DNS Solution
Sue Sue
(somewhere in NA) (traveling
mail.contoso.com in APAC)
DNS Resolution DNS Resolution via Geo-DNS
Round-Robin between # of VIPs Round-Robin between # of VIPs
VIP #1 VIP #2 VIP #3 VIP #4
DAG DAG
64. Multiple Namespace Example
Round-Robin
Sue between # of Sue
(somewhere na.contoso.com VIPs emea.contoso.com (traveling
in NA) in APAC)
VIP #1 VIP #2 VIP #3 VIP #4
DAG DAG
Sue Sue
(somewhere Round-Robin
(traveling
in NA) between # of in APAC)
na.contoso.local VIPs emea.contoso.local
69. 1. Prepare
Install Exchange 2010 SP3 across the ORG
Clients Validate existing Client Access using ExRCA and built-
autodiscover.contoso.com
in Test cmdlets
mail.contoso.com
Prepare AD with E2013 schema
2 4 2. Deploy Exchange 2013 servers
1
Install both E2013 MBX and CAS servers
3. Obtain and Deploy Certificates
E2010 E2010 E2013
Exchange 2010 Obtain and deploy certificates on E2013 Client
3 Servers Access Servers
HUB CAS CAS
SP3 4. Switch primary namespace to Exchange 2013 CAS
SP3
E2013 fields all traffic, including traffic from
Intranet site Exchange 2010 users
Validate using Remote Connectivity Analyzer
5 6 5. Move Mailboxes
E2010 E2013 Build out DAG
MBX MBX
Move E2010 users to E2013 MBX
6. Repeat for additional sites
Internet facing site – Upgrade first
70. 1. Prepare
Clients Install Exchange 2007 SP3 + RU across the ORG
autodiscover.contoso.com
mail.contoso.com 3 Prepare AD with E2013 schema and validate
legacy.contoso.com 2. Deploy Exchange 2013 servers
5 Install both E2013 MBX and CAS servers
1 2 3. Create Legacy namespace
Create DNS record to point to legacy E2007 CAS
4. Obtain and Deploy Certificates
Exchange 2007 Obtain and deploy certificates on E2013 Client Access
E2007 E2007 E2013
4 Servers
SP3 SP3 CAS Servers configured with legacy namespace, E2013
HUB CAS
RU
RU namespace and Autodiscover namespace
Deploy certificates on Exchange 2007 CAS
RU
Intranet site 5. Switch primary namespace to Exchange 2013 CAS
Validate using Remote Connectivity Analyzer
6 7 6. Move Mailboxes
E2007 E2013
SP3 Build out DAG
MBX
MBX Move E2007 users to E2013 MBX
Internet facing site – Upgrade first 7. Repeat for additional sites
71. 1. Prepare
Clients Install Exchange SP and/or updates across the ORG
autodiscover.contoso.com
mail.contoso.com Prepare AD with E2013 schema and validate
2. Deploy Exchange 2013 servers
1 3. Create Legacy namespace
4. Obtain and Deploy Certificates
Exchange 2010
E2010 E2010
or 2007 Servers 5. Switch primary namespace to Exchange 2013 CAS
or 2007 or 2007
HUB CAS
SP/RU 6. Move Mailboxes
SP/RU
Intranet site 7. Repeat for additional sites
E2010
or 2007
MBX
Internet facing site – Upgrade first
72. 2
1
Install both MBX and CAS
Install
Servers
MBX performs PowerShell commands − Setup.exe /mode:install
/roles:clientaccess
CAS is proxy only
− Setup.exe /mode:install
Exchange 2013 Setup /roles:mailbox
− Setup.exe /mode:install
GUI or command line /roles:ManagementTools
In-place upgrades are not supported
Updated to reflect Exchange 2013 roles
Other required parameter
- /IAcceptExchangeServerLicenseTerms
Parameters
New required parameter for license terms
acceptance
Easy to setup a single worldwide client access namespace; mail.contoso.com Can use a single access namespace/URL with Exchange 2010E2013 no longer requires multiple namespaces for site resilient solutions or site specific scenariosLoad-balanced namespaces are not required for DAGs or Mailbox servers
Clients which do recurring AutoDiscover will discover legacy namespaceSame Site/Cross Site No Internet AccessRequest hits CAS 2013 which proxies to MBX 2013 which proxies to CAS 2007For cross site, CAS 2007 in internet site proxies to CAS 2007 in intranet siteCross site with internet accessClients are already configured using site specific URLNo change and requests continue to hit site specific URL and handled by CAS 2007
Easy to setup a single worldwide client access namespace; mail.contoso.com Can use a single access namespace/URL with Exchange 2010E2013 no longer requires multiple namespaces for site resilient solutions or site specific scenariosLoad-balanced namespaces are not required for DAGs or Mailbox servers
Easy to setup a single worldwide client access namespace; mail.contoso.com Can use a single access namespace/URL with Exchange 2010E2013 no longer requires multiple namespaces for site resilient solutions or site specific scenariosLoad-balanced namespaces are not required for DAGs or Mailbox servers