Plan the road map for the new deployment

Source: Internet
Author: User
Tags ldap port microsoft outlook

Before continuing to deploy Microsoft ExchangeServer2010, we recommend that you read this topic to help your organization prepare for deployment.

Exchange Organization Planning

Before deploying Exchange2010, the existing infrastructure must meet specific prerequisites. See the following topics to help ensure that your organization has Exchange2010 ready:

  • Exchange 2010 System Requirements
  • Exchange 2010 prerequisites

Topology supported by Exchange 2010

Exchange2010 supports the following topology:

  • Single forest, multiple ActiveDirectory sites.
  • Multiple Forest Resource forest models); multiple ActiveDirectory sites.
  • A single ActiveDirectory site.

Exchange2010 does not support the following topology:

  • Install Exchange of earlier versions to the newly created Exchange2010 organization.

    Important:
    Earlier versions of Exchange2010 cannot be added to organizations that only use Exchange.

For more information, see deploy a multi-Forest topology.

Exchange Server 2010 deployment Assistant

ExchangeServer2010 introduces the Exchange Server deployment assistant or ExDeploy, a new Web tool that can help you deploy Exchange ). ExDeploy will ask a few questions about the current environment, and then generate a custom checklist and process to help simplify your deployment.

For more information, see the Exchange 2010 deployment assistant.

Active Directory Planning

Exchange2010 uses ActiveDirectory Lightweight Directory Service (ad lds) to store directory information and shares directory information with Microsoft Windows. For more information, see Plan Active Directory.

Network and name resolution plan

Make sure that the host records of the server running Exchange2010 are correctly registered on the Domain Name System (DNS) server of the ActiveDirectory forest. Clients and other servers use DNS as the name resolution service to find the Exchange Server. Make sure that the name resolution is correctly configured for your environment. For more information, see the following topics:

  • Domain Name System)
  • Learn about the out-of-touch namespace Solution
  • Exchange network port reference

Central Transmission Server plan

The Hub transport server role is a required role in the Exchange2010 organization. You can use the ActiveDirectory site to provide routes within the network of a single organization. The computer where the role of the central transport server is installed is deployed in the ActiveDirectory forest. It processes all the mail streams in the organization, applies the transport rules, applies the diary rules, and delivers the mail to the recipient's mailbox. Emails sent to the Internet are forwarded by the hub transport server to the edge transport server role deployed in the peripheral network. Messages received from the Internet are processed by the edge transport server before being retransmitted to the Hub transport server. The central transport server role stores all its configuration information in ActiveDirectory.

Pay attention to the following issues when you plan to deploy the central transport server role:

  • Topology optionsFirst, plan the location of the hub transport server in the Exchange physical topology. Exchange uses the ActiveDirectory site to route messages. Therefore, you must deploy at least one hub transport server in each ActiveDirectory site where the mailbox server is deployed. For more information about how to plan the locations of hub transport servers, see overview of hub transport server roles.
  • Server capabilityPlanning server capabilities includes determining how to monitor the performance of the Central Transmission Server. Performance monitoring helps you set performance benchmarks for servers. This information helps determine the capacity of the hardware configuration.
  • Transmission FunctionDetermine the transport functions to enable on the hub transport server and how to configure these features.
  • SecurityThe role of the central transport server is deployed within the Exchange organization. The transport server security of the planning center includes assigning management roles and verifying that only authorized servers can be used to establish IP connections. In addition, verify that no unnecessary services are running and that no unnecessary ports are opened. For more information, see the deployment security checklist.

Internet connection of the hub transport Server

To complete the mail flow configuration for an Exchange organization to send and receive e-mail messages over the Internet, you must configure the sender and connector to connect at least one hub transport server to the Internet. You can configure an Internet connection for a hub transport using any of the following methods:

  • You can deploy an edge transport server and subscribe it to an Exchange organization. This is the recommended deployment method. By default, the required sending connector is automatically created when edge subscription is created. In this solution, you do not need to modify the default receive connector configuration on the hub transport server. For more information, see configure Internet mail flow through the subscribed edge transport server.
  • Edge transmission servers can be deployed without having to subscribe to an Exchange organization. In this case, you must manually configure the send and receive connectors on the edge transport server and hub transport server, and because there is no data replication, therefore, recipient filtering or security list aggregation cannot be used. For more information, see configure mail flows between edge transport servers and hub transport servers without EdgeSync.
  • You can use the MicrosoftExchange hosting service or other third-party SMTP gateway servers to send and receive Internet emails. In this solution, A send connector and a receive connector must be created between the hub transport server that processes and routes Internet email messages and the external SMTP server. For more information, see configure Internet Mail flows that are hosted through Exchange or an external SMTP gateway.
  • You can directly create an Internet mail flow through the hub transport server. In this solution, you must create a send connector that routes emails to the Internet. In addition, you must modify the default receiving connector configuration so that it can be submitted by anonymous email. In this solution, you can directly connect to the Exchange2010 hub transport server over the Internet. We recommend that you do not use this topology because it exposes the Exchange2010 server and all roles installed on the server to the Internet, which increases security risks. However, we recommend that you implement an SMTP gateway based on the peripheral network, such as an edge transmission server. For more information, see configure Internet mail flow directly through the hub transport server.

    Note:
    If you choose to create an Internet mail flow directly through the hub transport server, we recommend that you install anti-spam proxy on the hub transport server to provide anti-spam protection for Exchange organizations. For more information, see enable anti-spam on the hub transport server.

    Important:
    If an Internet-facing hub transport server is configured, The send connector cannot be configured to append a specific IP address to the mail sent from the hub transport server. For example, if you assign multiple IP addresses to the Hub transport server, you cannot select the IP address that the send connector uses to relay email to the Internet. If SMTP relay is used, for example, edge Transmission Server), the IP address of the computer is appended as the mail source.

High Availability and load balancing of hub transport servers

The Shadow redundancy function in the Exchange2010 transport server can provide redundancy for emails throughout the delivery process. This solution involves a technology similar to a transfer dump program. With shadow redundancy, the delay is removed from the transport database until the transport server confirms that all the next hops of the email have been delivered. The system will re-submit the sent email to the next hop point if any of the following hops fail before the return is successfully delivered.

By default, shadow redundancy is enabled in the Exchange2010 environment. For more information about shadow redundancy, see learn about shadow redundancy.

Load Balancing can be achieved when multiple hub transport servers are installed in the same ActiveDirectory site. By default, if multiple hub transport servers are deployed in the Active Directory site, the connection to the Hub transport server automatically balances the load. If no hub transport server is available, the running hub transport server will continue to accept the connection. If all hub transport servers in the ActiveDirectory site are unavailable, messages start to queue until the hub transport server is available or the email expires.

By specifying multiple hub transport servers in the same ActiveDirectory site as the source server of the corresponding sending connector, you can achieve Load Balancing for outbound connections in the remote domain. When the source server of the send connector is located in another ActiveDirectory site, load balancing does not occur.

Note:
If the hub transport server is installed on the same hardware as the mailbox server role, load balancing may not occur. When the hub transport server role is installed on the same hardware as the mailbox server role, the local server will become the preferred server for all emails sent by users with mailboxes on the server. Therefore, in this case, there will be no real load balancing.

Network Load Balancing (NLB) can be used to provide high availability in the following cases:

  • POP's inbound SMTP connection and the name is "client <Server Name> "The default receiving connector is only created on the hub transport server.
  • An application refers to an inbound SMTP connection load balancing that submits an email to an application in an Exchange organization.
  • NLB should not be used to distribute the connection of internal routes between hub transport servers.

For more information about how to configure network load balancing, see Network Load Balancing technical reference ).

Edge Transmission Server Planning

The edge transport server role is designed to enhance anti-spam protection for Exchange organizations. The edge transport server also applies a policy to messages transmitted between organizations. This server role is deployed in the peripheral network and outside the ActiveDirectory forest. Like other Exchange2010 server roles, the edge transport server cannot access ActiveDirectory to obtain configuration and recipient information. The edge transport server uses the Active Directory Lightweight Directory Service (ad lds) Directory Service to store configuration information and recipient information.

Edge transport servers can be added to an existing Exchange organization without any organization changes. You do not have to perform any ActiveDirectory preparation steps when installing the edge transport server.

If you deploy an edge transport server to support Exchange organizations that have not yet deployed Exchange2010, you can only use a limited set of features. In this case, edge subscriptions cannot be created. Therefore, the recipient search or security list aggregation function can be used only after the Exchange2010 is deployed in the Organization.

When deploying edge transmission servers, consider the following:

  • Server capacityPlanning server capacity includes planning the performance monitoring of edge transmission servers. Performance monitoring helps you understand the operating status of the server. This information determines the capacity of the current hardware configuration.
  • Transmission FunctionEdge transmission servers can provide anti-spam protection at the edge of the network. As part of the planning process, determine the anti-spam features to be enabled on the edge transport server and how to configure these features.
  • SecurityThe edge transport server role can minimize the possibility of attacks. Therefore, it is important to properly protect and manage physical and network access to the server. Planning security helps ensure that only IP connections from authorized servers and authorized users are enabled. For more information, see the deployment security checklist. We recommend that you place the edge transmission server in the peripheral network. To ensure that the server can send and receive emails and receive recipients and configuration data updates from the MicrosoftExchange EdgeSync service, you must allow communication through the ports listed in the following table. Communication port settings of the edge Transmission Server
    Network Interface Opened Port Protocol Note:

    Inbound and Outbound Internet

    25/TCP

    SMTP

    This port must be enabled for inbound and outbound Internet mail.

    Inbound and Outbound via internal network

    25/TCP

    SMTP

    This port must be opened for the mail streams sent to and from Exchange organizations.

    Local only

    50389/TCP

    LDAP

    This port is used to establish an Active Directory connection.

    Inbound from internal network

    50636/TCP

    Protect LDAP security

    To perform EdgeSync synchronization, you must enable this port.

    Inbound from internal network

    3389/TCP

    RDP

    You can choose to open this port. It allows you to use Remote Desktop Connection to manage edge transmission servers, allowing you to manage edge transmission servers more flexibly in the internal network.

    Note:
    The edge Transmission Server role uses a non-standard LDAP port. The port specified in this topic is the LDAP communication port configured when the edge transport server role is installed. For more information, see modify ad lds configurations.

  • EdgeSyncYou can create an edge subscription to subscribe to an Exchange organization. When you create an edge subscription, the recipient and configuration data are copied from ActiveDirectory to ad lds. Subscribes to the ActiveDirectory site for the edge transport server. Then, the MicrosoftExchangeEdgeSync service running on the hub transport server of the site regularly updates ad lds by synchronizing data in ActiveDirectory. The edge subscription process automatically provides the sending connector required to enable mail flow from the Exchange organization to the Internet over the edge transport server. If you use the find recipient or security list aggregation function on the edge transport server, you must subscribe the edge transport server to the Organization.

Configure DNS settings for the edge transport server role

The edge transport server role is deployed outside the Exchange organization as an independent server in the peripheral network or a member of the ActiveDirectory domain in the peripheral network. Before installing Exchange2010, you must manually configure the correct DNS suffix for the edge transport server role. If the DNS suffix is not configured, the installation will fail.

Because the edge transmission server is usually deployed in the peripheral network, it has network interfaces connected to multiple network segments. Each CIDR block has a unique IP Address Configuration. The network interface connecting to an external CIDR block or public CIDR block must be configured to use a public DNS server for name resolution. This enables the server to resolve the SMTP domain name to the MX resource record and route the mail to the Internet.

Network Interfaces connected to internal or private network segments should be configured to use the DNS server in the peripheral network to resolve the name of the hub transport server in the organization), or should have available Hosts files. The edge transport server and the hub transport server must be able to use DNS host resolution for mutual search.

To enable name resolution for the hub transport server through the edge transport server, use one of the following methods:

  • Manually create A resource record for the hub transport server in the forward lookup area of the DNS server configured on the internal network adapter of the edge transport server.
  • Edit the Hosts file on the edge transport server to include host records of the hub transport server. The Hosts file is a local text file in the same format as the 4.3 Berkeley Software Distribution (BSD) UNIX/etc/hosts file. This file maps the host name to the IP address and stores the file in the \ % Systemroot % \ System32 \ Drivers \ Etc folder.

To enable name resolution for the edge transport server through the hub transport server, use one of the following methods:

  • Manually create A resource record for edge transport server in the forward lookup area of the DNS server configured on the hub transport server.
  • To include the host records of the edge transport server, edit the Hosts file on the central transport server located in the ActiveDirectory site of the subscribed edge transport server.

Follow these steps to configure the DNS settings of the edge transport Server:

This name cannot be changed after the edge transport server role is installed.
  • Configure DNS host name resolution for edge and hub transport servers.
  • Overwrite DNS settings

    In your environment, you may need to specify a different DNS server than the DNS server configured in the IP attribute of the Exchange Server to route mail. Therefore, you need to modify the internal DNS lookup settings and external DNS lookup settings of the transport server's attributes. These settings overwrite the settings on the network adapter to route emails. For more information, see configure edge transport server properties.

    Mailbox server Planning

    The Exchange2010 mailbox server role hosts the mailbox database and provides email storage and advanced plan services for information staff. The mailbox server role can also contain a public folder database to provide the foundation for workflow, document sharing, and other forms of collaboration. The server that installs the mailbox server role is called the mailbox server.

    Before installation, it is recommended to spend some time planning the mailbox server role deployment. When planning the mailbox database size, you must consider some factors.

    Determine database size

    The recommended maximum database size for Exchange2010 is greater than the recommended maximum database size for Exchange of previous versions.

    When planning the database size, you should also plan how to restrict the database size, that is, at the database level or at the individual mailbox level. For more information about mailbox restrictions, see the following topics:

    • Understanding mailbox database and log capacity factors
    • Exchange 2010 email server role Design Example
    • Mailbox Server Storage Design

     

    Public folder Planning

     

     

    A public folder is an optional feature in Exchange2010. Public folders are optional if Microsoft OfficeOutlook2007 or later is run on all client computers in the Organization. However, if you use the Outlook2003 client, public folders are required. In addition, if you are using a public folder to collect, organize, or share documents and other information, and want to continue this operation, you can use public folder copy to move public folder data to Exchange2010.

    For more information about public folders, see Understanding public folders.

     

     

    Client Access Server plan

     

     

    The Client Access Server role receives all client connections from Exchange2010. Computer-based clients such as Microsoft Outlook, Microsoft Entourage, and mobile phones) and browser-based clients are connected by accessing server roles through clients. The Client Access Server role provides the following functions:

    • MAPI access
    • POP3 and IMAP4 access

      Note:
      POP3 or IMAP4 client connections do not support integration with Windows authentication, which is previously called NTLM ). For more information, see the "client access feature" section in obsolete and weakened features.

    • OutlookWebApp access
    • The Automatic Discovery Service can be used to configure client computers that are running Outlook2010, Outlook2007, Entourage, and other client applications. The automatic discovery service can also configure supported mobile devices.
    • Availability service can improve the calendar and meeting arrangement experience of information staff by providing secure, consistent and up-to-date busy/idle information for computers running Outlook2007.

    When you plan to deploy Exchange2010, each ActiveDirectory site containing the Exchange2010 mailbox must have at least one computer with the client access server role installed. In each ActiveDirectory site, you can have multiple computers installed with the client access server role. To provide external client access, at least one client access server in the Organization must be Internet-oriented.

    For more information about namespace planning and Client Access Server, see Understanding Client Access Server Namespaces.

     

     

    Unified Message Server Planning

     

     

    The Unified Messaging Server role is used to provide a unified message (UM) for the Exchange2010 recipient ). UM combines voice mail, fax, and email into a single storage, which can be accessed by phone, user computer, and mobile device. You can access the voice mail, email, and calendar information in your Exchange2010 mailbox from an email client such as Outlook and OutlookWebApp.

    The Unified Messaging Server depends on the Client Access Server, Hub Transmission Server, and mailbox server. All voice mails submitted by UM-enabled user's Unified Messaging Server will be first submitted to the Exchange2010 hub transport server as SMTP mail, then, submit the email address from the hub transport server to the user's mailbox with UM enabled. To use a unified message, you must have an Exchange2010 mailbox. For more information, see learn about unified messaging.

    Generally, the simpler the topology of a unified message, the easier it is to deploy and maintain a unified message. Install as few unified messaging servers as possible, and create as few unified message objects as possible in Active Directory, which helps achieve your business and organizational goals. Compared with small organizations with relatively simple requirements for unified messaging, large enterprises with complex network and telephone environments, multiple business units, or other complex situations need to perform more detailed planning.

     

    Plan UM deployment

     

     

    You must understand the unified message of Exchange2010 and all aspects of each component and function, so as to correctly plan the infrastructure and deployment of the unified message. For more information, see learn about the unified messaging component and learn about the unified messaging function.

    The following are some aspects that should be considered and evaluated when planning Exchange2010 in the Organization:

    • Organization requirements for unified messaging
    • Telephone Network and current Voice Mail System
    • Current Data Network Design
    • Your current ActiveDirectory Environment
    • Number of users that must be supported
    • Number of required unified message servers
    • Users' storage requirements
    • IP gateways, telephone devices, and unified messaging servers

    For more information, see unified messaging overview.

    Multiple deployment options can be used for unified messaging. Each option contains several common steps that must be performed to create a Scalable high-availability system to support a large number of users. These steps are as follows:

    For more information about deploying unified messages, see the following topics:

    • Deploy a new unified mail Environment
    • Checklist: deploy a new unified mail Environment
    • Deployment and configuration input Fax

    Other planning factors should be taken into account if you want to integrate the unified messaging environment with the Office Communications Server. For more information, see learn about unified messaging and Communications Server 2007. After reading about unified messaging and Communications Server 2007, you can find details about deploying unified messaging and Office Communications Server in the following topics:

    • Deploy unified message and Communications Server 2007
    • Checklist: deploy Office Communications Server 2007 and Exchange unified messages

     

     

    Exchange client planning

     

     

    Before deploying the Exchange2010 organization, make sure that the client computers and mobile devices in the Organization meet the following requirements.

    Requirements Check

    All MAPI clients run supported Outlook versions, including Microsoft toutlook2007 and Outlook2003.

    []

    All clients of OutlookWebApp are running supported Web browsers. To use the complete feature set provided by OutlookWebApp, the client can use the following browsers on a computer running Windows XP, Windows 2003, Windows Vista, or Windows 7:

    • InternetExplorer 7 and later.
    • Firefox 3.0.1 and later versions.
    • Chrome 3.0.195.27 and later.

    On a computer running Mac OS X, the client can use:

    • Safari 3.1 and later.
    • Firefox 3.0.1 and later versions.

    On a computer running Linux, the client can use:

    • Firefox 3.0.1 and later versions.

    Clients using Web browsers that do not support the full feature set are automatically directed to the simple version of OutlookWebApp. The simple version of OutlookWebApp has been optimized to provide auxiliary functions for users such as blindness or low vision. The simple version provides fewer functions, but it is faster for some operations. If the client connection speed is slow or the computer used has very strict browser security settings, the client may need to use the simple version. You can use the simple version in almost all browsers, and the simple version has the same function in all browsers.

    []

    All mobile devices are running the supported operating systems. Windows Mobile phones are compatible with direct push technology, or Mobile phones are running other operating systems compatible with ExchangeActiveSync.

    Original article address

    View more articles

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.