Exchange Server 2000 Architecture
For Exchange Server 2000 to be functional, the following components must be functional:
* Active Directory – schema integration
* System Attendant – controls the entire Exchange 2000 server system
* Information Store:
o Hosts mailboxes and public folders.
o Public store maintains information stored in public folders.
o Mailbox store holds mailboxes and messages for individual users.
o Up to 16 individual storage groups can be kpet on a single Exchange 2000 server Each storage group can hold six individual stores.
o You should have the physical stores spread across your server’s hard disk system for maximum performance.
* SMTP service:
o For message delivery
o Hosts the advanced queuing engine.
o Note that SMTP transport requires the IIS Admin Service as it is implemented in the form of IIS.
o It is the only component that communicate directly with each other between servers.
o Communicate with Active Directory – for looking up address information.
o Communicate with Information Store – for obtaining messages from and placing messages into the Information Store.
o Communicate with Remote SMTP services – for communicating with other SMTP services over the network to transfer e-mail messages.
* Message Transfer Agent MTA:
o Not required for delivery of messages to recipients on the same computer.
o Not required for delivery of messages to recipients reachable via SMTP.
o Required for delivery of messages to X.400 systems and foreign messaging systems.
* Front end/back end architecture:
o Concentrate incoming client connections through front end servers.
o This is a way to split the incoming connections across multiple servers.
o Front end servers retrieve information about the location of a particular mailbox from Active Directory.
o Users can connect to any of the front end servers.
o Optionally, you may use software or hardware load-balancing mechanisms to randomly distribute the load.
Scenario: What will happen to the Outlook clients if the Information Store Service is stopped?
Outlook clients will not be able to log on and users currently logged on will lose their sessions. Outlook will automatically reconnect when the Information Store service is available again.
Exchange Server 2000 Installation Planning
o Exchange 2000 Server will extend the Active Directory Schema.
o You should install the first Exchange 2000 Server in the domain where the schema master resides.
o cannot span multiple Active Directory forests.
o domain in a separate forest must be isolated and integrated into the main forest BEFORE installing Exchange 2000 Server.
* Routing groups
o Network regions of high-speed connections
o Messages sent between servers in the same routing group are transferred directly and immediately with SMTP.
o Use Routing Group Connector, X.400 connector, or SMTP Connector for providing message path between Exchange 2000 routing groups.
o Can only contain servers from the same administrative group.
o Cannot span multiple administrative groups.
* Administrative groups
o You may not move mailboxes between servers in different administrative groups.
o You may not move servers between administrative groups.
o One administrative group may contain multiple routing groups.
o Included in the Exchange 2000 Setup program.
o For extending the Active Directory Schema to add Exchange-specific classes and attributes.
o For creating the directory objects for the Exchange 2000 organization.
o For assigning the specified account Exchange Full Administrator permissions.
o Included in the Exchange 2000 Setup program.
o For adding Exchange-specific configuration information to the Active Directory directory service.
o ForestPrep should be run FIRST.
* Hardware Requirement per Microsoft recommendations
o 128 to 256 MB of RAM.
o 2 gigabytes of available disk space on the drive for Exchange 2000 Server.
o 500 MB on the system drive.
o CD-ROM drive.
o Intel Pentium or compatible at 300 Megahertz or faster.
o Paging file set to twice the amount of RAM or larger.
o VGA-compatible display adapter.
* Software Requirements
o Microsoft Windows 2000 Server, Windows 2000 Advanced Server, or Windows 2000 Datacenter Server
o Service Pack 1
o Internet Information Services (IIS) 5.0 with SMTP
o Network News Transfer Protocol (NNTP) service
Scenario: You need to set up the administrator accounts for your Exchange Server 2000 implementation. What rights are available for the Exchange Administrators?
Exchange Full Administrator can administer the Exchange organization and modify permissions on Exchange configuration objects. Exchange administrator can administer the Exchange organization, but cannot modify permissions on Exchange configuration objects. Exchange View Only administrator can view configuration information only.
Exchange Server 2000 Installation, Upgrade and Integration
* Minimum installation
o Installs Exchange 2000 with the minimum number of files.
o Administrative utilities are not installed.
* Setup program maintenance mode
o Install the management utilities to the server.
o Install the management utilities to your workstation.
o In-place upgrade is only supported for version 5.5.
o From version prior to 5.5 you must upgrade Exchange Server to version 5.5 first.
o After upgrade Exchange Server 2000, update the Windows NT Server to Windows 2000.
o After uprade to Windows 2000, configure connection agreements in the Active Directory Connector and launch the Exchange 2000 Server Setup program.
* Unattended install
o To launch SETUP.EXE in CreateUnattand mode, use the command SETUP.EXE /CreateUnattend SETUP.INI.
o This will only generate the initialization file, without performing actual installation.
* Upgrade a mixed installation of various earlier server versions with minimal disruption
o Use the move-mailbox upgrade to join the existing site with an Exchange 2000 server and move Exchange resources onto the new system afterward.
o Remove the legacy Exchange Servers afterwards.
* Integrate Exchange 2000 Server into an existing Exchange Server 5.5 site
o Upgrade an existing Exchange server directly and join an existing site via in-place upgrade, OR install a fresh server and join an existing site during Setup, then migrate the Exchange 5.5 resources to the Exchange 2000 server.
Scenario: You need to connect your Exchange 2000 Server environment to previous versions in the foreseeable future. How do you ensure full backward compatibility? Operate your organization in mixed mode.
Scenario: At the end of the move-mailbox approach, you want to switch your organization into native mode. What must be done to prepare for this?
1) Remove the installations of earlier Exchange Servers in Active Directory.
2) Remove the installations of earlier Exchange Servers in the SRS database.
3) Remove the existing objects of the earlier Exchange versions in the SRS database.
4) Remove the existing objects of the earlier Exchange versions in Active Directory.
Scenario: Your server does not work because an important DLL file is missing. What should you do? Reinstall Exchange 2000 Server in maintenance mode to replace the corrupted or missing files.
* Physical connections for joining the cluster nodes
o Shared storage bus connects all nodes to the disks where the clustered data resides.
o The public network connection connects client computers to the nodes in the cluster.
o The private network connection connects the nodes in a cluster.
* Quorum Resource
o A minimum of three disk volumes are needed.
o One disk volume is designated as the quorum resource.
o The remaining volumes are assigned to separate virtual servers.
* Install Exchange 2000 Server on a Datacenter cluster
o Install and reboot one node at a time.
o You must set up all nodes using the same directories and installation options.
o You should reserve the M drive on all nodes for the Web Store of Exchange 2000 Server.
o After Exchange 2000 Enterprise Server on all nodes are installed, configure the virtual servers.
According to Microsoft, it is NOT recommended that you add Exchange 2000 Server services to the virtual server representing the cluster. The reason for this is that, by defining dedicated virtual servers for Exchange 2000, service maintenance can be simplified. To reduce performance losses, you should operate the nodes below the following theoretical limits:
* Two-node clusters – 50% of the node’s power
* Three-node clusters – 66% of the node’s power
* Four-node clusters – 75% of the node’s power
Scenario: A failover can occur in what situations? When you trigger it manually or by allowing the Cluster service to initiate it automatically in case of resource failure.
Scenario: How is a failover triggered manually? Use Cluster Administrator, right-click on an Exchange 2000 resource, then select Initiate Failure. The stopping and starting of the resource instances is performed automatically
Managing Exchange Server 2000
* Exchange System Manager
o Cannot be installed on a workstation computer.
o Can be deployed via Terminal Services or any other means that have the Exchange System Manager instance running on Windows 2000 Server remotely
o Can administer all Exchange 2000 servers that are members of administrative groups.
o You must have Administrative permissions to manage.
* Performance Tool
o Can monitor performance objects on the local computers.
o Can monitor performance objects on the remote computers.
o Can create performance chart for processor utilization, disk and network activities, and processes.
o You use it to isolate bottlenecks and determine hardware upgrades.
* Expansion Server
o You may setup another server in the same administrative group as an expansion server.
o You can designate the expansion server for each group separately.
o You do this via the Expansion Server setting in the Exchange Advanced tab.
* Mail-enabled contact objects
o Reference recipients outside the organization.
o Points to external actual recipients.
o Do not possess mailboxes.
* Multiple storage groups and multiple message stores
o Requires the Exchange 2000 Enterprise Server edition.
o Support a maximum of four storage groups.
o Each storage group supports five individual stores.
* Dedicated public folder server
o Ideal for hosting forums.
o Maintainly deployed for performance.
o Need to remove all existing user mailboxes and mailbox stores.
* Full-text index
o Often used for public store.
o After creation, you need to populate the full-text catalog.
o You should define update and rebuild intervals so that search information is always up to date.
* Moving servers between administrative groups
o The server must be reinstalled.
o You can only specify the server’s new administrative group when the administrative group already exists.
Scenario: How do you find out the currently logged on users? You retrieve the information via the Logon object under the Private Information Store object. When you select this object, status information regarding all logged on users will be displayed in the contents pane, under the Administration window.
* To receive incoming messages, your SMTP domain name must be registered in the DNS MX records.
* To send outgoing messages, you must enable Exchange 2000 Server to use Internet DNS servers.
* You can setup references to external DNS servers to your SMTP virtual server configuration. In fact, you can specify multiple DNS servers.
* To block unsolicited messages, you may configure a message filter and activate the filtering.
* Filtering can be specified so that all messages from a particular domain are filtered.
* Bridgehead server
o Handle a constant stream of messages to downstream servers.
o To optimize the throughput of messages, let the bridgehead handle all e-mail over established links and avoid additional handshakes for further connection establishments.
* Multiple routing groups are recommended if:
1. Access to public folder resources must be controlled.
2. Dedicated bridgehead servers for message transfer are desired.
3. Geographical requirements are to be considered.
4. Network traffic has to be reduced.
5. Network links are unstable.
* The first server in the routing group almost always acts as the routing group master.
* The routing group master maintains the LST for all other servers in the routing group.
* If the routing group master is to be unavailable for a period of time, you should designate a different master for avoiding inefficient message routing.
* You may designate a server as a master by using Exchange System Manager.
* Access relies on two elements
o Public folder hierarchy.
o Public folder content.
* Public folder content replication allows you to keep multiple synchronized copies of a particular public folder.
* You may use multiple replicas to distribute workload across multiple servers. This can:
o Improve response time.
o Provide fault tolerance.
* If some other users can’t see your new public folder, while users on the local server can work with the new folder, it is likely that the public folder hierarchy replication has not been completed yet.
* Routing group connectors allow public folder referrals by default.
* When you have two routing groups connected with WAN connection that has no support for remote procedure calls, all public folders must be kept locally in all routing groups, and that the content of each public folder must be replicated to at least one server in each remote routing group, so that content can be accessible.
* The receiving PFRA determine whether a replication conflict has occurred by checking whether the change number of the local message is included in the predecessor list of the updated message.
* Backfill discovers out-of-sync replicas based on message status information. When there are no changes to be replicated, status information is exchanged once per day automatically. When there are missing changes, the backfill mechanism requests them from any Information Store that has a more recent replica.
Scenario: How do you explicitly resolve design conflicts?
* Design conflicts
o Do not need to be resolved explicitly.
o The most recent changes overwrite all others.
o Public folder contacts and public folder owners are notified.
* Entirely based on the security model for Active Directory.
* You may rely on Windows 2000 security groups for Exchange 2000 administration.
* With native mode, you have the following security groups:
o Domain Local – can contain user accounts, global groups, and universal groups from any domain as well as domain local groups from the same domain.
o Global – can contain user accounts and global groups from the same domain.
o Universal – can contain user accounts, global groups, and universal groups from any domain.
o Allows a sender to add a digital signature to a message.
o For proving the message’s origin and authenticity.
o Message encryption.
o Can be used together with Signing.
o Server password is used to decrypt the KM Database Master Encryption key.
o The KM Database Master Encryption key is needed for accessing the KM database.
o Server password must be supplied during the KMS startup.
o The KM administrator enables advanced security and have a 12-character security token generated and provided to the user.
o Multiple users can be enrolled concurrently.
o Outlook sign messages by having the original message hashed. The user’s private signing key is then retrieved from the security store. The hash is encrypted using the private signing key. Finally, the encrypted hash will be added to the message as well as the user’s signing certificate.
o The user’s signing certificate contains the public signing key.
Scenario: You forgot the security password for your digital ID. How do you sign and seal messages again? Have the administrator recover the security keys for you. You use the new 12-character security token to complete the recovery by repeating the steps of enabling advanced security. Note: A new digital ID will be created for you.
o MAPI is a specification – not a messaging system by itself.
o Has interfaces at two layers: client-side specification is called the client interface, system-side specification is known as the service provider interface.
* Outlook 2000
o This client is MAPI based and is the preferred client.
o Uses the Exchange transport service to communicate with an Exchange 2000 server.
o Relies entirely on RPCs.
o You can customize the Outlook 2000 installation process via:
+ command-line options
+ transform files
* To roll out Outlook 2000 to a large number of end users:
o The best way is to install in an unattended way via a login script.
o You may launch Setup with the parameter /A to set up an administrative installation point. Fromt hat point on, you can customize using the Custom Installation Wizard.
* Messaging profile
o Can be created using Microsoft Outlook Setup Wizard.
o Contains configuration information about information services used by the Microsoft Exchange Client.
o Needed for establishing session with the underlying messaging backbone.
o A client cannot be started without a profile.
o In Windows 2000, MAPI profiles are stored in the HKEY_CURRENT_USER registry hive.
o You may include the MAPI profiles in the server-based profiles for roaming user support.
* Offline message stores
o For users to work offline with messages.
o Holds a replica of the actual server-based content.
o Messages are copied to the local hard disk.
o In contrast, a personal folder store is used to download and remove messages from the server.
* Offline folder
o Can synchronize public folders
o Allows you to work with public folders while disconnected.
* Exchange 2000 Server and Novell NetWare network integration
o You must create a corresponding Windows 2000 account for each existing Novell NetWare user.
o You use Microsoft Directory Synchronization Services (MSDSS) to synchronize account information for both systems.
Scenario: If you want to integrate Exchange 2000 Server into your Novell NetWare network, what configuration parameters of the NWLink IPX/SPX_Compatible Transport must most likely be configured? The frame type and internal network number would need to be correctly configured.
Scenario: How do you deploy MS-DOS based clients effectively? For legacy clients, you may use Terminal Services to provide users with access to Outlook 2000′s functionality.
Scenario: How do you keep messages available offline? You configure a .pst file and use Outlook’s remote mail functionality to download messages. Create an .ost file and perform synchronization with server-based messaging folders when you are online. The .ost file approach allows you to work with public folders offline.
* MX records must exist in DNS for your Internet domain.
* IIS manages all Internet client protocol engines.
* SMTP and NNTP services are integrated with Exchange 2000 Server.
* Common Internet clients supported:
o Note that LDAP access is available via Active Directory and Global Catalog servers.
* News feed
o Pull feed initiates connection to a remote USENET host for pulling information from existing newsgroups.
Scenario: To support all possible POP3/IMAP4 clients, which authentication type is appropriate? Basic Authentication, Integrated Windows Authentication and it is advised that you use SSL together with Basic Authentication if it takes place over the Internet.
Outlook Web Access (OWA)
* Based on the ISAPI of IIS 5.0.
* Requires Windows 2000 Server.
* Installed as an integral part of Microsoft Exchange Messaging and Collaboration Services.
* Allows users to gain access to Exchange 2000 with browser.
* OWA URLs are based on host or domain names, and are independent of individual mailbox or public store locations.
* In an FE/BE environment, users do not know where their mailboxes reside. OWA will look up their mailboxes on their behalf.
Exchange Web Storage
* Relies on Windows 2000 Server and IIS 5.0.
* Every item in Web Storage is accessible through an internet URL.
* Supports Web browsers and WebDAV applications via:
* Supports Internet mail or MAPI-based clients.
* Support ADO 2.5 and OLE DB applications via ExOLEDB.
* Supports events based on ExOLEDB so that workflow and process-tracking logic can be implemented.
* Web Storage System event sinks must be registered in the IIS metabase.