Organizations have become
increasingly reliant on email as a primary method of communication and,
as such, the messaging system in most environments has come to be
considered a mission-critical application. Any messaging downtime
results in frustrated calls to the help desk. For most organizations,
gone are the days where the email system can be taken offline during
business hours for configuration changes.
To
ensure the dependability and reliability of any application, proper
maintenance and upkeep is vital, and Exchange Server 2013 is no
exception. By implementing and performing proper management and
maintenance procedures, administrators can minimize downtime and keep
the system well tuned. However, for organizations that have been
performing structured and effective maintenance and management
practices with previous versions of Exchange, the process is the same
with Exchange Server 2013. The key is that many organizations have no
structured process in maintenance and management, and it seems like
patching and updating is only done on the operating system or on
Exchange only when a problem occurs and a patch or update is required.
Exchange
Server 2010 (and extended in Exchange Server 2013) has advanced the
health of the messaging system through the introduction of continuous
online defragmentation, compaction, and contiguity maintenance. This
has eliminated the need for routine offline database maintenance, which
dramatically reduces the need for planned downtime.
Proper Care and Feeding of Exchange Server 2013
This
section is not about how to perform common, albeit necessary,
management tasks such as using the interface to add a database.
Instead, it focuses on concepts such as identifying and working with
the server’s functional roles in the network environment, auditing
network activity and usage, and monitoring the health and performance
of your messaging system.
With each new
iteration of Exchange Server, Microsoft has greatly improved the tools
and utilities used to manage the environment. Exchange Server 2013 is
no exception. Exchange Server 2013 management can be done locally or
remotely. The administration can even be done through firewalls. There
are primary management interfaces, the Exchange Administration Center
(EAC) and the Exchange Management Shell (EMS).
Managing by Server Roles and Responsibilities
Key
in Exchange Server 2013 is the concept of role-based deployment,
allowing administrators to deploy specific server roles to meet the
requirements of their environments. Exchange Server 2013 provides three
distinct server roles: Edge Transport, Client Access, and Mailbox.
The Edge Transport Server Role
The
Edge Transport server role is responsible for all email entering or
leaving the Exchange Server organization. To provide redundancy and
load balancing, multiple Edge Transport servers can be configured for
an organization.
The Edge Transport role
is designed to be installed on a standalone server that resides in the
perimeter network. As such, it is the only Exchange server designed to not
be a member of the Active Directory (AD) domain. Synchronization with
Active Directory is provided through the use of Active Directory
Application Mode (ADAM) and a component called EdgeSync.
Edge
Transport servers can provide antispam and antivirus protection, as
well as the enforcement of Edge Transport rules based on Simple Mail
Transfer Protocol (SMTP) and Multipurpose Internet Mail Extensions
(MIME) addresses, particular words in the subject or message body, and
a Spam Confidence Level (SCL) rating. In addition, Edge Transport
servers can provide address rewriting—an administrator can modify the
SMTP address on incoming and outgoing messages.
It
is possible for an organization to avoid the use of an Edge Transport
server completely and simply configure a Hub Transport server to
communicate directly with the Internet. However, this scenario is not
recommended because it exposes your Hub Transport server to potential
attack. The Edge Transport server has a reduced attack surface to
protect against these external threats.
The Client Access Server Role
The
Client Access Server (CAS) role is similar to the front-end server in
Exchange Server 2000/2003. New to Exchange Server 2010 and 2013 is that
all clients communicate through the CAS. This is different than in
Exchange Server 2007, where Outlook clients using Messaging Application
Programming Interface (MAPI) would access the mailbox servers directly.
The CAS server mediates all client traffic, providing a single point of
communication that can be monitored to ensure consistent compliance and
security across all types of clients.
The Mailbox Server Role
The
Mailbox role will be the most familiar to administrators with previous
Exchange Server experience. As the name implies, the Mailbox role is
responsible for housing mailbox databases, which, in turn, contain user
mailboxes. The Mailbox server role also houses public folder databases
if they are implemented in the environment.
The
Mailbox server role integrates with the directory in the Active
Directory service much more effectively than previous versions of
Exchange Server allowed, making deployment and day-to-day operational
tasks much easier to complete. The Mailbox server role also provides
users with improved calendaring functionality, resource management, and
Offline Address Book downloads.
For those
familiar with Exchange Server 2007 and 2010, the Hub Transport role no
longer exists as a separate role, but instead is embedded into the
Mailbox server role as a Hub Transport service. The Hub Transport
service is responsible for managing internal mail flow in an Exchange
Server organization and is installed on a member server in the AD
domain.
The Hub Transport service handles
all mail flow within the organization, as well as applying transport
rules, journaling policies, and delivery of messages to recipient
mailboxes. In addition, Hub Transport agents can be deployed to enforce
corporate messaging policies, such as message retention and the
implementation of email disclaimers.
The
Hub Transport service accepts inbound mail from the Edge Transport
server(s) and routes them to user mailboxes. Outbound mail is relayed
from the Hub Transport service to the Edge Transport server and out to
the Internet.
The Unified Messaging server
role is also now rolled in as a service in the Mailbox server role. The
Unified Messaging service is responsible for the integration of Office
Communication Server Voice over IP (VoIP) technology into the Exchange
Server messaging system. When implementing Unified Messaging with
Exchange Server 2013, users can have access to voice, fax, and email
messages all in the same mailbox, and these messages can be accessed
through multiple client interfaces.
Managing by User Roles
Exchange
Server 2013 provides Role Based Access Control (RBAC) to the Exchange
Server platform. This permissions model applies to the Mailbox and
Client Access Server roles. RBAC has replaced the permission model used
in Exchange Server 2007 and prior. RBAC is not
used on the Edge Transport server role because the Edge Transport
security is not integrated with the other roles and is based on the
local Administrators group.
The role-based
model enables administrators to easily assign staff to one of the
predefined roles or to create a custom role that meets the
organization’s unique requirements. The RBAC permissions model is used
by the Exchange Management Shell (EMS), and the Exchange Administration
Center (EAC) (formerly known as the Exchange Control Panel and
sometimes still referenced as the ECP).
There are 12 predefined administrative roles:
• Compliance Management
• Delegated Setup
• Organization Management
• Discovery Management
• Help Desk
• View Only Organization Management
• Recipient Management
• Hygiene Management
• Public Folder Management
• Server Management
• UM Management
• Records Management
There
is a single initial user role called the Default Role Assignment Policy
role. This default role includes default role assignments, including
the following:
• MyContactInformation
• MyDistributionGroupMembership
• MyBaseOptions
• MyTextMessaging
• MyVoicemail
• MyTeamMailboxes
• MyDistributionGroups
The
administrative and user predefined roles cannot be changed. However,
new roles can be created to define precise or broad roles and
assignments based on the tasks that need to be performed in a given
organization. This is done through the RBAC User Editor.
Maintenance Tools for Exchange Server 2013
Several
tools are available to administer and manage an Exchange Server 2013
environment. There are functions within the Exchange Administration
Center, an automation and scripting shell, and several tools native to
the Windows Server 2008/2012 operating systems.
What Happened to the Exchange Management Console?
For
the past decade, Exchange has been administered through the Exchange
Management Console or EMC. However, with Exchange Server 2013, the EMC
is gone in favor of the web-based Exchange Administration Center. So
the Exchange System Manager (ESM) of Exchange Server 2003 is gone, and
the Exchange Management Console (EMC) is gone. A new era in Exchange
administration and management has begun under the new EAC.
The New Exchange Administration Center
The
Exchange Administration Center is the main administrative tool for
Exchange Server 2013. From the Exchange Administration Center, an
administrator can add users, add servers, add email routing, modify
Exchange configuration settings, set up antispam rules, set up server
transport rules, and so on. Effectively, everything that an Exchange
administrator used to be able to do in the Exchange Management Console
or Exchange System Manager is now done in the Exchange Administration
Center, shown in Figure 1.
Figure 1. Exchange Server 2013 Exchange Administration Center.
