- 1. 70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration Chapter Seven Configuring and Managing Exchange
Server
2. Objectives 70-284 MCSE Guide to Microsoft Exchange Server
2003 Administration
- Understand how and why additional administrative groups should
be created
- Understand how and why additional routing groups should be
created
- Describe front-end and back-end server configurations
- Describe how to manage virtual servers and virtual
directories
3. Configuring and Managing Exchange Server
- Organizations usually need additional servers
-
- Greater volume of users may be hosted
-
- Dedicated servers perform specific tasks
-
-
- Load-balance processing across servers
- Two perspectives for organizing servers
-
- Grant access and transfer files to client work stations
-
- Are administered using Internet Services Manager
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 4. Administrative Groups
-
- Define admin topology for an Exchange organization
-
- Based on geography, department, division, or function
- Assigning administrative permissions
-
- Is simplified by using administrative groups
-
- Objects created or moved into an admin group object inherit its
permissions
- Four objects may be created in administrative group
-
- Policies, Routing Groups, Public Folder Trees, Servers
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 5. Administrative Models
- Three administrative models organize admin groups
-
- Centralized, Decentralized, Mixed
- Centralized administrative model:
-
- One group has full control over the Exchange servers
-
- Routing group need not reflect administrative topology
- Decentralized administrative model:
-
- Each location has a team of Exchange administrators
-
- Groups are based on geographical or departmental needs
-
- Groups can contain policies, servers, public folder trees, and
other objects specific to the group
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 6. 70-284 MCSE Guide to Microsoft Exchange Server
2003 Administration 7. 70-284 MCSE Guide to Microsoft Exchange
Server 2003 Administration 8. Administrative Groups (continued)
- Issues migrating from Exchange Server 5.5 at multiple
sites:
-
- Forces use of decentralized administrative model
-
- Exchange 5.5 sites are created as separate admin groups
- Mixed administrative model:
-
- Restricts certain administrative functions
-
- Does not create specialization for every function
-
- Create admin groups by function, not department
-
- Combines specialized admin functions and geographical factors
into one model
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 9. 70-284 MCSE Guide to Microsoft Exchange Server
2003 Administration 10. Activity 7-1: Creating an Administrative
Group
- Time Required:10 to 20 minutes
- Objective:Create an additional administrative group
- Description:Create an additional administrative group for your
organization. By default when you install your first Exchange 2003
server, a default administrative group called First Administrative
Group is created.
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 11. 70-284 MCSE Guide to Microsoft Exchange Server
2003 Administration 12. Managing Administrative Groups
- Exchange Server 2003 has two modes of operation
-
- Mixed mode: pre-Exchange 2000 Servers are supported
-
- Native mode: only Exchange 2000 Server and Exchange Server 2003
are supported
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 13. Mixed Mode
- Mixed: the default operation mode for Exchange Server 2003
- Mixed mode accommodates Exchange Server 5.5
- Exchange 5.5 limits Exchange Server 2003
-
- Each admin group has only one functional routing group
-
- Mailboxes cannot be moved between servers in different
administrative groups
-
- Some System Manager commands do not apply to Exchange Server
5.5
-
- You cannot edit directory object properties in Active
Directory
-
- InetOrgPerson and query-based distribution groups are not
available
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 14. Native Mode
-
- Exchange Server 2003 is not subject to mixed mode
limitations
- Using Exchange Server 2003 you can:
-
- Enable routing group support
-
- Create additional routing groups as necessary
-
- It cannot work with Exchange Server 5.5 or lower versions
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 15. Routing Groups
- Routing group: physical collection of servers
- The links between routing groups are assumed to be slow or
unreliable
- Connectors join routing groups over slow WAN links
-
- Costs may be implemented on connectors
-
- Costs enable you to channel physical path
- Target server handles message communication within a routing
group
- Bridgehead server handles message communication among routing
groups
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 16. Routing Groups (continued)
- Bridgehead server is designated in each routing group
- Routing group connector is used by the bridgehead server to
join routing groups
- Exchange System Manager is used to create separate routing
groups
- Factors for deciding whether to set up a routing group:
-
- Common Active Directory forest
-
- Relatively high bandwidth
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 17. Routing Groups (continued)
- Place servers prone to failure in separate routing groups
- Place a global catalog server in each routing group
- Five reasons for dividing Exchange Server 5.5 into multiple
routing groups:
-
- Minimum requirements outlined are not met
-
- Messaging path must be altered to multiple hops
-
- Messages must be queued and sent by schedule
-
- Bandwidth between servers is less than 16 Kbps
-
- Routing client connections to specific public folder
replicas
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 18. Activity 7-2: Creating a Routing Group
- Time Required:10 to 20 minutes
- Objective:Create an additional routing group using Exchange
System Manager
- Description:Create an additional routing group within your
organization. Routing groups help you to control mail flow and
public folder referrals. Within a routing group, all servers
communicate and transfer messages directly to one another.
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 19. 70-284 MCSE Guide to Microsoft Exchange Server
2003 Administration 20. Activity 7-3: Installing a Server into a
New Administrative Group and Routing Group
- Time Required:90 to 120 minutes
- Objective:Install an Exchange Server 2003 server into a second
administrative and second routing group.
- Description:With administrative groups already preconfigured,
you are prompted during the installation of any new servers as to
which administrative group and routing group you want to install
the server into
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 21. 70-284 MCSE Guide to Microsoft Exchange Server
2003 Administration 22. 70-284 MCSE Guide to Microsoft Exchange
Server 2003 Administration 23. 70-284 MCSE Guide to Microsoft
Exchange Server 2003 Administration 24. 70-284 MCSE Guide to
Microsoft Exchange Server 2003 Administration 25. 70-284 MCSE Guide
to Microsoft Exchange Server 2003 Administration 26. 70-284 MCSE
Guide to Microsoft Exchange Server 2003 Administration 27.
Front-End/Back-End Configurations
- Front-end/back-end configuration
-
- Tasks are distributed between front-end/back-end servers
- Front-end server duties accept requests from clients
-
- Proxies requests to appropriate back-end server
- Recommended topology for the following:
-
- Multiple server organizations
-
- Users of Microsoft Outlook Web Access, POP, IMAP, or Outlook
2003 (using RPC over HTTP)
- Front-end server specially configured
- No configuration option to designate back-end server
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 28. Advantages of Front-End/Back-End
Configuration
- Three advantages of front-end/back-end topology:
-
- Single namespace across organization
-
-
- User need not know name of server hosting mailbox (accessed
with Web, POP, or IMAP interface)
-
- Ability to balance load across servers
-
-
- Front-end server handles SSL encryption/decryption
-
-
- Encryption/decryption offloaded from back-end servers
-
- Ability to use firewalls to protect back-end
-
-
- Front-end provides additional layer behind firewall
-
-
- Front-end hides back-end configuration
-
-
- Front-end authenticates mailbox/public folder requests
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 29. Front-End/Back-End Functionality
- Front-end proxies client requests to back-end
- Front-end/back-end configuration with a firewall
-
- Complex due to communication with Active Directory
-
- Exchange Server uses DSAccess to detect directory servers
-
- DSAccess uses LDAPs and RPCs
-
- RPCs require many open ports on the firewall
-
- High number of open ports introduces security issues
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 30. Front-End/Back-End Functionality (continued)
- Front-end/back-end configuration without a firewall:
-
- Helps maintain a single namespace for e-mail servers
-
- Scalable using Outlook Web Access, POP, IMAP
- Using IMAP or POP access:
-
- Client sends log-on request with mailbox name
-
- Front-end determines location of user's mailbox
-
- Front-end proxies request to back-end
-
- Back-end sends results of log-on to front-end
-
- Front-end presents results to user
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 31. Activity 7-4: Setting Up a Front-End Server
Configuration for POP and OWA Access
- Time Required:20 to 30 minutes
- Objective:Configure a front-end server to act as a POP server
for the Exchange Server 2003 organization
- Description:Configure the newly installed server that was
created in the previous activity as a front-end server for POP
access to the organization. This server will accept POP connections
and proxy the requests to the back-end server on behalf of the
client to retrieve information from the mailbox.
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 32. 70-284 MCSE Guide to Microsoft Exchange Server
2003 Administration 33. Front-End Server Configuration for POP and
OWA Access
- SMTP protocol should be configured on the front-end
- SMTP is used by IMAP and POP clients for outgoing
communication
- Using Outlook Web Access:
-
- HTTP client requests are sent to the front-end server
-
- Front-end server uses Active Directory to isolate back-end
server
-
- Front-end server forwards request to back-end server
-
- HTTP host header remains unchanged
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 34. Front-End Server Configuration for POP and OWA
Access (continued)
- Exchange Server 2003 improvements for front-end/back-end
configuration:
-
- RPC over HTTP: encapsulate RPC within HTTP
-
- Forms-based authentication
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 35. Managing HTTP Virtual Servers
- IIS: Internet Information Services
-
- Provides transport services to access folders/mailboxes
-
- Uses Internet protocol (HTTP, POP, or IMAP)
- Exchange integrates with Windows 2000/2003 IIS
- Exchange stores configuration in IIS metabase
- Directory Service Metabase Synchronization (DS2MB)
-
- Part of Exchange System Attendant
-
- Replicates configuration changes made in Active Directory to
the metabase
-
- Overrides changes made directly to the IIS metabase
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 36. Managing HTTP Virtual Servers (continued)
- Each HTTP virtual server is represented as a Web site
- Default Web site represents default HTTP server
- Five important HTTP virtual server directories:
-
- Exadmin: Web-based administration of the HTTP virtual
server
-
- Exchange: used to access mailboxes
-
- ExchWeb: provides calendaring, address book, other
functions
-
- OMA: directory to which Outlook Mobile Access users connect to
access Exchange data
-
- Public: used to access the default public folders tree
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 37. 70-284 MCSE Guide to Microsoft Exchange Server
2003 Administration 38. Activity 7-5: Configuring an Additional
Virtual Server
- Time Required:20 to 40 minutes
- Objective:Create an additional HTTP virtual server to host an
additional domain
- Description:Create an additional HTTP virtual server that will
be configured to host an additional SMTP domain in three stages. A
fourth stage will test the new virtual server.
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 39. 70-284 MCSE Guide to Microsoft Exchange Server
2003 Administration 40. 70-284 MCSE Guide to Microsoft Exchange
Server 2003 Administration 41. Activity 7-6: Configuring Additional
Virtual Directories
- Time Required:20 to 40 minutes
- Objective:Create an additional HTTP virtual directory to host
an additional domain
- Description:Create an additional HTTP virtual directory that
will be configured to host an additional SMTP domain in two
stages
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 42. Activity 7-7: Configuring Connection Values
- Time Required:10 to 15 minutes
- Objective:Walk through the steps outlining how to configure
connection settings for your HTTP virtual server
- Description:Walk through the steps for how you could configure
the connection limits and connection timeout values for your SMTP
virtual server
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 43. Activity 7-8: Starting and Stopping Virtual
Servers and the World Wide Web Service
- Time Required:10 to 20 minutes
- Objective:Walk through the steps outlining how to start and
stop an HTTP virtual server and the World Wide Web publishing
service
- Description:Walk through the steps that you can take to stop
and start HTTP virtual servers within your Exchange Server 2003
organization as well as the World Wide Web publishing service
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 44. Summary
- Administrative groups define admin topology
- Admin groups are based on geography, department, division,
function
- Three approaches to administrative group design: centralized,
decentralized, mixed
- Admin group operation is based on Exchange Server 2003 mode
(native or mixed)
- Routing group: collection of servers with high-bandwidth
connectivity
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 45. Summary (continued)
- Routing groups are determined by physical topology
- Connectors join routing groups over slow WAN links
- Exchange Server 2003 perceives a single routing group
(default)
- Front-end/back-end configuration distributes tasks
- Front-end server receives client requests
70-284 MCSE Guide to Microsoft Exchange Server 2003
Administration 46. Summary (continued) 70-284 MCSE Guide to
Microsoft Exchange Server 2003 Administration
- Front-end servers proxy requests to back-end
- Front-end servers may or may not fall behind a firewall
- IIS virtual servers provide transport services
- Multiple virtual servers require one SSL certificate for each
domain name
- HTTP virtual servers run under World Wide Web Publishing
Service