exchange 2013 migration & coexistence

Download Exchange 2013 Migration & Coexistence

Post on 16-Apr-2017

3.749 views

Category:

Technology

0 download

Embed Size (px)

TRANSCRIPT

Exchange Server 2013 Migration and Coexistence

Exchange Server 2013 Migration and CoexistenceScott SchnollSenior Content DeveloperMicrosoft Corporationscott.schnoll@microsoft.comhttp://aka.ms/SchnollTwitter: @Schnoll

Infrastructure, communication & collaboration

AgendaUpgrade ApproachPreparing for Exchange 2013Upgrade and CoexistenceMoving MailboxesPublic FoldersManaging CoexistenceQuotas

2/11/20143Microsoft Exchange 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Functional Layering

AuthN, Proxy, Re-directProtocols, API, Biz-logicAssistants, Store, CIExchange 2010ArchitectureAuthN, Proxy, Re-directStore, CIProtocols, Assistants, API, Biz-logicExchange 2013ArchitectureClient AccessMailbox

Client AccessHub Transport,Unified MessagingMailboxHardwareLoad BalancerL4 LBL7 LB

4

Upgrading to Exchange 2013From an existing Exchange 2010 environment5

SP3

E2010 CASE2010 HUBE2010 MBXClientsInternet-facing site upgrade firstautodiscover.contoso.commail.contoso.comIntranet siteExchange 2010 Servers

SP31. PrepareVerify prerequisitesInstall Exchange 2010 SP3 or later across ORGPrepare AD with Exchange 2013 schemaValidate existing client access 4. Switch primary namespace to Exchange 2013 CASExchange 2013 fields all traffic, including traffic from Exchange 2010 usersValidate using Remote Connectivity Analyzer5. Move MailboxesBuild out DAGMove Exchange 2010 users to Exchange 2013 MBXMigrate Legacy Public Folders to Modern Public Folders6. Repeat for additional sites2. Deploy Exchange 2013 serversInstall both Exchange 2013 MBX and CAS rolesSP3SP3

E2013 CASE2013MBX

3. Obtain and deploy certificatesObtain and deploy certs on Exchange 2013 CAS

1

2

4

3

5

6

5

Upgrading to Exchange 2013From an existing Exchange 2007 environment6

RU10

E2007 SP3 CASE2007 SP3 HUBE2007 SP3 MBXClientsInternet-facing site upgrade firstautodiscover.contoso.commail.contoso.comIntranet siteExchange 2007 Servers

RU101. PrepareVerify prerequisitesInstall Exchange 2007 SP3 + RU10 or later across ORGPrepare AD with Exchange 2013 schemaValidate existing client access5. Switch primary namespace to Exchange 2013 CASValidate using Remote Connectivity Analyzer6. Move mailboxesBuild out DAG Move Exchange 2007 users to Exchange 2013 MBXMigrate legacy Public Folders to Modern Public Folders7. Repeat for additional sites2. Deploy Exchange 2013 serversInstall both Exchange 2013 MBX and CAS serversRU10RU10

E2013 CASE2013MBX

3. Create legacy namespace Create DNS record pointing to Exchange 2007 CAS4. Obtain and Deploy CertificatesObtain and deploy certificates on Exchange 2013 CASDeploy certificates on Exchange 2007 CASlegacy.contoso.com

3

1

2

5

4

6

7

6

Preparing for Exchange Server 2013

1

1

Supported coexistence scenariosExchange Server 2010 SP3 and laterExchange Server 2007 SP3 RU10 and laterSupported client access methodsRPC over HTTP is only method of connectivity for Outlook clientsEntourage 2008 for Mac, Web Services EditionOutlook for Mac 2011Exchange 2013 PrerequisitesOutlook VersionMinimum Supported VersionRecommended Version*Outlook 2013RTMAugust 2013 updateOutlook 2010SP1 + Nov 2012 Update (14.0.6126.5000 or later)June 2013 updateOutlook 2007SP3 + Nov 2012 Update (12.0.6665.5000 or later)August 2013 update

*Recommended Updates fix an issue with Outlook using the wrong Exchange 2013 Internal/External settings

1

1

8

Operating System (64-bit)Windows Server 2008 R2 SP1 or later Standard or EnterpriseStandard - for Exchange 2013 Client Access servers and standalone Mailbox serversEnterprise - for Exchange 2013 Mailbox servers in a DAGWindows Server 2012 RTM or later Standard or DatacenterWindows Server 2012 R2 (support coming in Exchange Server 2013 SP1)

Other IIS and OS components.NET Framework 4.5Windows Management Framework 3.0Unified Communications Managed API (UCMA) 4.0Exchange 2013 Prerequisites

1

1

9

Install Exchange 2010 SP3 or Exchange 2007 SP3 RU10 to all serversExtend the AD schema for Exchange Server 2013 setup /PrepareSchema or /psPrepare the Exchange organization for Exchange Server 2013 setup /PrepareAD or /pPrepare remaining AD domains that have or will have any mail enabled objects for Exchange Server 2013:Local domain setup /PrepareDomain or /pRemote domains one at a time setup /PrepareDomain:FQDN.of.domain or /p:FQDN.of.domainOr do them all at once setup /PrepareAllDomains or /padValidate existing client access using Remote Connectivity Analyzer and test cmdletshttp://www.exrca.comPreparing for Exchange Server 2013

1

1

Deploying Exchange Server 2013

2

2

Install both MBX and CAS ServersCAS is proxy onlyMBX performs PowerShell commandsUse the latest CU packageNo more SP then RU installExchange 2013 SetupGUI and command line optionsCommand line parametersNew parameter for license terms acceptanceAfter the FactYou cannot remove roles in Exchange 2013Exchange 2013 Setup12

Setup.exe /mode:install /roles:c,m,mt /IAcceptExchangeServerLicenseTerms

2

2

12

Create Legacy Namespace

3

Required for Exchange 2007 coexistence onlyUsed to access Exchange 2007 mailboxes and public folders during coexistenceCreate DNS record in internal and external DNS for legacy namespaceLegacy.contoso.comValidate legacy namespace creation using Remote Connectivity Analyzerhttp://www.exrca.com

Create Legacy Namespace141

3

14

Certificates1

4

3

End-to-end Certificate Wizard in the Exchange Admin Center (EAC)Export with private key and import to other CAS from the UIAssign services right from the UIEAC alerts when certificate is about to expireFirst notification shown 30 days prior to expirationSubsequent notifications provided dailyCertificates161

4

3

16

Minimize the number of certificatesThe same private key is required on all CAS in a site for transient CAS failures to be seamlessA unified namespace may mean the same cert is required on all sites covering the namespaceCertificates - Best Practices171

4

3

17

Minimize number of host namesUse split DNS or pinpoint DNS for Exchange host namesmail.contoso.com for Exchange connectivity on intranet and Internetmail.contoso.com has different IP addresses in intranet/Internet DNS zonesThis is not a requirement, some customers may have unique environments where different names would be helpfulDont list machine host names in certificate host name listUse load-balanced (LB) arrays for intranet and Internet access to serversUse Subject Alternative Name (SAN) certificatePublic CA providers are beginning to restrict the issuing of certs with invalid DNS namesCertificates - Best Practices181

4

3

Invalid name examples - (such as .local, .internal, etc)

18

Cutover Namespaces

5

4

Configure load balancingLayer 7 load balancers no longer required for an Exchange 2013 namespaceLayer 4 (aka no-affinity/persistence) and Layer 7 are supported for Exchange 2013 namespaceLegacy namespaceValidate creation with https://www.exrca.com/Legacy namespace should begin or continue to use Layer 7 load balancingScript the change for legacy namespaces (and have a script to revert back if required)Switch namespaces to CAS 2013Update mail and Autodiscover DNS records to point to a Exchange 2013 CAS serverExchange 2007 and Exchange 2010 Autodiscover will redirect to Exchange 2013 CAS for Exchange 2013 mailbox

Switching to Exchange 2013 CAS

5

4

Switching to CAS 2013Outlook AnywhereLayer 4 LBLayer 7 LBmail.contoso.comHTTPPROXYRPC/HTTP

Clients

E2007/E2010 MBX

Internet facing site

RPC/HTTP

Intranet facing site

E2007/E2010 MBX

OA Enabled

OA EnabledClient SettingsIIS Auth: NTLM

E2007/E2010 CAS

OAClient SettingsIIS Auth:

E2007/E2010 CASHTTPPROXY3. Client SettingsMake legacy OA settings the same as 2013 CAS so all clients get the same proxy hostname1. Enable Outlook Anywhere on all legacy CAS2. IIS Authentication MethodsIIS Auth must have NTLM enabled on all legacy CASRPCClient Auth: BasicIIS Auth: BasicNTLME2013 CASE2013 MBXRPCRPCDisabledEnabledNTLM4. DNS CutoverA low TTL on the existing record the days prior to the cutover is a good idea

5

4

Enable Outlook Anywhere on all legacy CAS to allow 2013 CAS to discover and proxy through rpcproxy.dllEnsure IIS Authentication Methods on legacy CAS have NTLM enabledMake sure external hostname matches for legacy CAS and 2013 CASTechReady132/11/2014 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Becau

Recommended

View more >