Yesterday we were offered the occasion to meet with some people (Greg Taylor & Ross Smith IV) from MS Exchange product team during an exclusive pro-exchange event. Ilse Van Criekinge also joined the party.
Here’s a twitter-style overview of the stuff we discussed.
- ExMon: community member wondered why he couldn’t see the client latency anymore when using exmon
- Somebody else explained a complicated (from the admin side) Public Folder based system for an end-user to be able to manage distribution lists themselves. Additionally this very same customer also used some public folder based contacts to hide recipients in some cases (if I understood the story correctly). Suggestion from the product team was to use ECP for most of this functionality. This would however require a lot of effort in training the end-user.
- MS IT DB Design
- DAG takes care of switching mbx db to another instance, but the default PF store is still hard-coded. So you’re in trouble if that one went down togheter with the active mailbox database. Probably fixed in next roll up, but no guarantee.
- MS IT Storage design: 300mbx/db on a single physical disk containing both the database it selves, the content index and the transaction logs. In case of hard disk failure another copy of the database in the same datacenter is activated. MS IT refreshes hardware every 3 years. During this refresh the mailbox quota is doubled. However they use thin provisioning for their mailboxes, while mailboxes have a 5Gb quota only 3Gb is available for them. When designing their solution they take 10 years of trending into account. PTSs are still allowed at Microsoft because of legal requirements around the Globe. Retention policies do exist but are opt in.
- Archiving in E2K10. Read only access does not exist as such. Suggestion was to use either single item recovery or delegation hold. Quota’s do exist in the dumpster. 20Gb warning & 30Gb error.
- Single Instance Storage: SIS is removed in E2K10. When moving from E2007 to E2010 that should not be an issue as SIS is nowhere taken into account when showing mailbox size. The counter that existed was inaccurate. SIS has been removed in favor IO improvements: search, sort, mailbox move etc. A sort of the inbox takes 1 IO operation as opposed to 7 in previous versions.
- MS IT Backup strategy: Ross discussed the case where they lost 3,5 days worth of email for 8000 users because of a SAN crash. Documented the evolution of the strategy over time.
- Storage calculator. (Ross is the author of this tool).
- CAS HA on VM; multiple CAS or rely on vmotion? MS obviously recommends setting up multiple CAS servers. Use HLB to reduce number of machines required. Aim for 80% CPU. Look at Kemp for cheap hardware load balancers.
- X500 & LegacyExchangeDN: chicken vs. the eg. Kept for backwards compatibility.
- UAG vs. TMG. White paper available. TMG mainly for outbound traffic. UAG for inbound traffic, but built on top of TMG. TMG is the way to go if you only need to publish exchange. If you need/want more than use UAG. However it cannot do certificate based mobile devices!
- Recovering entire folder structures is not possible anymore. Will probably not change.
- Outlook 2007 archiving add-on <=> No date.
- EAS mbx policy difference in RTM vs. SP1: “allow block quarantine” brought to ECP
- Outlook anywhere client certificate authentication. Smart card authentication will be possible when using Outlook 2010 SP1 + Exchange 2010 SP1 + … Will be IPSec based. White paper on the way.
- Vanity domains (as Greg called it): there’s only one common OWA legacy URL however. Use multiple OWA virtual directories or servers.
- Renaming forest with exchange server present. Not supported and never will be. Risky. Also consider SMS, SAP etc.
- Select from address; no plans. Add-ons do exist however. (e.g. http://www.howto-outlook.com/tag/mail-composing)
- HT tries to collapse multiple meeting requests. Think of an original followed up by a number of corrections.
- Operational improvements is E2010: PowerShell, ECP, out of office etc.
- Sent/deleted items in the wrong folder. I personally have a case where I cannot get the steps explained by Ilse to work.
- Recovery database
- Some more storage calculator discussions and a little demo.
Somewhere in between these friendly people from MS were kind enough to answer a number of questions provided to me by some colleagues:
1) Retiring/uninstalling the fist CAS server in a domain/site has effect on the RPCClientAccessServer attribute which can affect/interrupt mailbox access. Are there other issues we can encounter while retiring a/the first CAS or HUB or MBX server?
==> Recommendations is to always create a CASarray even when there’s only one CAS server. Other impact may be PF, OAB generation+distribution, Routing table, arbitration mailboxes, …
2) We would like to separate the traffic between our regions NA – EU (North America – Europe) and the traffic in the regions, (NA= E2K7 and EU = E2K10) is it possible to force the hub transport traffic between those sites over a/2 dedicated hub transport servers as this is easier to troubleshoot. We did it in e2k3 with routing groups.
==> Not possible
3) We want to achieve the pic below… so Outlook/mapi traffic is always connected to CAS1 and CAS2 but not to CAS3 and CAS4 as we want to separate our intern mapi traffic from owapp traffic.
All server are in the same site. CAS1 and CAS2 are in one nlb Cas3 and 4 in another NLB.
The clientaccessarray has the fqdn of the nlb of cas 1 and 2. And rpcclientaccessserver points to the clientaccessarray.
Get-clientaccessarray although gives the 4 Cas servers as members… does this also means that Outlook can connect to cas 3 and 4 as they are NOT in the nlb(which we do not want)?
==> This is possible by proper configuration of DNS aliases and NLB setup. Generally not a good idea however. I CAS2 fails or is in maintenance then CAS1 becomes a single point of failure
Last but not least there were also a number of questions I had of my own. Most of them are coming from discussion with customers in the past. They mostly confirmed my answer, which is always a good thing :-)
- Routing intra exchange org e-mail over the internet? Possible by using Riverbed for instance. Not supported. (Note: most of the comment came from the community, not from MS.)
- “Something” inbetween ISA (DMZ) & CAS (LAN). ==> you could put e.g. Cisco firewalls in front of the ISA but there’s not really any advantage in adding something between ISA & CAS.
- Secondary address resolved to primary in older versions? ==> Has always shown this behavior.