emory enterprise exchange 2007 tech talk

Information Technology

Emory Enterprise Exchange 2007Tech Talk


Emory Email Components

Email Team General mail flow Active Directory Exchange 2003 Enterprise Exchange 2007 Exchange Email Archiving

2


Email Team

Jay Flanagan, Manager (also IDM, Security) James Reed, Lead

Exchange, Active Directory, LearnLink, Meeting Maker

Greg Cooper, Lead Exchange, Active Directory

Terry Markert, Senior LearnLink, Exchange, Meeting Maker, Exchange Email Archiving

Learning Exchange 2007, Active Directory David Gottschalk, Senior

Eagle Mail, Mail Relays, Postini Wes Blalock (entry level)

Meeting Maker, Exchange Email Archiving Learning Windows, Unix, Postini, Eagle Mail, Mail Relays, Exchange, Active Directory

3


General Mail Flow

4


5


Mail Flow

6


Inbound Enterprise Exchange 2007 Mail Flow

7


Outbound Enterprise Exchange 2007 Mail Flow

8


Internal Exchange Mail Flow

9


Active Directory

10


Academic Site

DMZ Site

AdminSite

Emory.Edu (Empy Root)

Eu.Emory.Edu

Eu.Emory.Edu

Eu.Emory.EduEmory University

AD Site Layout

DCDC

DCDC DC

DC DC

DC

DC

DC

DC

HIPAASite

Eu.Emory.Edu

DC DC

ResNetSite

Eu.Emory.EduDC

11


Active Directory (cont’d)

All Windows 2003 Native mode Required for Exchange to operate

Emory University AD Root Domain Emory.Edu (EmoryAD)

2 Servers (AD1, URI) Child Domain EU.Emory.Edu (EmoryUnivAD)

5 Sites based upon firewall Core Admin Site (AD13, AD14, AD15) DMZ Site (AD10, AD11, AD12) Academic Site (AD2, Batman, Robin) ResNet Site (Pasteur) HIPAA Site (AD6, AD7)

Emory Enterprise Resource Forest Domain Enterprise.Emory.Net (Enterprise)

2 Sites based upon role seclusion - HIPAA Core FSMO Site (ADRF1, ADRF2) APPS Site (ADRF3, ADRF4, ADRF5)

12


Exchange 2003

13


Academic Site

DMZ Site

AdminSite

Emory.Edu (Empy Root)

Eu.Emory.Edu

Exchange ClusterServers 1 and 3

Exchange ClusterServers 2 and 4

Eu.Emory.Edu

Eu.Emory.Edu

ISA

ISA1

OWAGOODLINK

University Exchange 2003

OWADC

BHDC

DNS

DC

GC

DCDNS

BH

DCBHGC

DCBH

DCGCBH

DCGC

DNS

DCGC

BHDC

DNS

DCGC

BH

14


Enterprise Exchange 2007

15


History of Project

Started November 2006 Design Started January 2007 Implementation Started ____________________

Currently Testing with EHC IS Delays

16



17


AD Layout for Enterprise Exchange 2007

18


Enterprise Exchange 2007 AD Layout

Resource AD Forest One way trust between EHC AD Two way trust between EU AD

(two way needed for MOM) All accounts from both AD’s will be created

Can be used for other MS applications Office Communicator Suite SharePoint

19


Client Access for Enterprise Exchange 2007

20


Enterprise Exchange 2007 Client Connectivity

Outlook 2003 and 2007 – Outlook 2007 required for full functionality

Macintosh – examples include Entourage IMAPS clients – examples include Mozilla, Thunderbird, MacMail,Eudora, Outlook Express, other IMAPS clients

Outlook Web Access – IE 7 required for full functionality (lightweight version available for other browsers, i.e. FireFox, IE6 and lower, Safari, etc.)

Mobile Devices – currently ActiveSync and GoodLink; Blackberry pending governance approval

21


Client Functionality Matrix

Windows Exchange Clients Outlook 2003/2007 Outlook Web Access IMAPS clients

Send/Receive Email Y Y Y

Send/Receive Calendar Invitations

Y Y N

Use Global Address List

Y Y Y

Public Folder Access Y Y Y*

Server-based contacts Y Y N

Auto-Archiving Y N N

Group Calendar Y Y N

Recover Deleted Items Y Y N

Work Offline Y N Y

* Most IMAPS clients will be able to read and post data to public folders, however, there may be some which do not include this functionality * Information provided from University of Connecticut Web Site

22


Client Functionality Matrix Macintosh Exchange Clients Entourage X Outlook Web

AccessIMAPS clients

Send/Receive Email Y Y Y


Y Y N

Use Global Address List

Y Y Y

Public Folder Access Y Y Y*

Server-based contacts

Y Y N

Auto-Archiving N N N

Group Calendar N Y N

Recover Deleted Items

N Y N

Work Offline Y N Y

* Most IMAPS clients will be able to read and post data to public folders, however, there may be some which do not include this functionality * Information provided from University of Connecticut Web Site 23


Client Functionality Matrix

Linux Exchange Clients Outlook Web Access IMAPS clients

Send/Receive Email Y Y


Y N

Use Global Address List Y Y

Public Folder Access Y Y*

Server-based contacts Y N

Auto-Archiving N N

Group Calendar Y N

Recover Deleted Items Y N

Work Offline N Y

* Most IMAPS clients will be able to read and post data to public folders, however, there may be some which do not include this functionality * Information provided from University of Connecticut Web Site* Ximian current release only supports Exchange 2003, no current TBA from vendor on updates 24



Secure Located in HIPAA core firewall zone Remote access given only on as required basis

RSA Keyfob access required for VPN (giving 2 factor auth)

Managed security / management policies To be presented for formal approval to HIPAA steering committee in Fall

Client connectivity via SSL Except from EHC Citrix VDT

25


Enterprise Exchange 2007 (cont’d)

Highly Available Redundant Hardware Clusters for Mailbox servers Multiple redundant nodes for other server roles (CAS/HUB/EDGE)

26


Enterprise Exchange 2007 SAN

SAN Storage Symmetrix DMX 3, RAID 1, 300GB Dedicated spindles for Exchange

96 x 110GB – Databases (12 x active server) 96 x 43GB – Log volumes (12 x active server) 4 x 34GB – Public Folders DB/Logs (2 x cluster) 8 x 172GB – Recovery Volume (1 per active server)

8 x 51GB - Edge Server DB / Logs (2 x server) 8 x 94GB - Hub Server DB / Logs (2 x server)

27


Enterprise Exchange 2007 Storage

28


Enterprise Exchange 2007 Backups

Backups Designed for User self restoration

Recover Deleted Items Databases for Disaster Recovery

Full backup every x days (TBD, worst case 2 days)

Differential (w/log rollup) daily Using EMC snap software and VSS management Using EMC Legato Networker to backup to CDL

Up to 17TB CDL storage dedicated for Exchange backups

1 full backup with no compression = estimated 9TB

29


Exchange Email Archiving

30


Exchange Email Archival Overview Archive product selection under review Provides Exchange archiving / tiered storage Quota based archiving Attachment based archiving

Stub attachments and messages Quick retrieval of full message and attachments Stores stub in plain text for minimal footprint

End user restorability of deleted messages No storage limits for archived messages (300MB active mailbox limit)

Seamless recovery of archived messages31


Exchange Email Archival Overview (cont’d)

Search ability Future Compliance searching Currently allows end user search ability to own archive

Retention policies Can be used to manage compliance minimums (may eventually come for HIPAA or Sarbanes Oxley)

Can expire messages after maximum retention periods

32


Exchange Email Archival Overview (cont’d)

Targeted Clients Entourage (Macintosh) support Outlook Outlook Web Access IMAP User Access (TBD)

33


Enterprise Exchange 2007 Server Layout

Servers 12 Mailbox Servers

MS Cluster 1 – 4 Active, 2 Passive CMS Names: Exchange10, Exchange11, Exchange12, Exchange13

Contains 6 physical nodes MS Cluster 2 – 4 Active, 2 Passive

CMS Names: Exchange20, Exchange21, Exchange22, Exchange23

Contains 6 physical nodes

34


Enterprise Exchange 2007 Server Layout (cont’d)

Servers 4 Hub Servers

MTA Role 4 CAS Servers (Client Access Server)

OWA, AccessAnywhere (RPC over HTTPS), ActiveSync, MAPI/RPC, IMAPS

4 Edge Servers (border hygiene) Put in place for potential Mail Relay retirement (no ETA)

Non Domain joined for security

35


Enterprise Exchange 2007 Resource Accounts

Resource accounts available for: Rooms - assigned to a meeting location, such as a conference room, auditorium, or training room

Equipment - assigned to a resource that is not location specific, such as a portable computer projector, or microphone

Requires designated owner(s) Owners responsible for assigning delegate access for management

36


Enterprise Exchange 2007 Sponsored/Department Accounts

Current Departments can be approved to have group accounts available for shared group access

Sponsored users cannot have personal accounts; however, they can use approved departmental account for department communications

Sponsored account limitations Smaller quota Some limited functionality

New Update

37


Enterprise Exchange 2007 Calendaring

Meeting Maker will be decommissioned in August 2008

Outlook Calendaring provides Free/Busy status of both people and resources

Assisted scheduling of meetings within Outlook or OWA client

Resource Calendars – Rooms, Equipment

38


Enterprise Exchange 2007 Existing Data Migration

Eagle Mail – server side data migration IMAP mail client – local data user side migration (eg. Contacts, Distribution Lists, Distribution Groups, etc.)

Exchange 2003 – server side data migration LearnLink – POP3 user side migration (will remain in use for student interactive services and maintain separate quotas)

Departmental Email server – department dependant migration options

39


Timeline

TBD – awaiting on EHC migration completion

40


Questions?

41

emory enterprise exchange 2007 tech talk

Documents