Lesson 1: Technical Features of Exchange 2000 Server | MCSE Training Kit (Exam 70-225): Microsoft Exchange 2000 Server Design and Deployment (Pro-Certification)

You don’t have to be an old hand at Exchange 2000 Server to successfully manage its implementation, but you need a minimum level of technical skill to get the essential groundwork done. Solid project preparation must include a review of product features to emphasize to management and employees the advantages of Exchange 2000 for the enterprise. If the advantages aren’t clear, why should your organization deploy Exchange 2000 at all?

This lesson discusses technical features and advantages of Exchange 2000 Server for the enterprise. You can read about the core features for messaging as well as advanced capabilities for workgroup computing and real-time communication that enable you to enhance the messaging environment of your enterprise. This lesson also introduces the specifics of available server editions and discusses important licensing matters.

After this lesson, you will be able to

Explain the technological benefits of Exchange 2000 Server
Classify the technical features of Exchange 2000 Server for a later evaluation of possible business benefits
Choose an appropriate server edition for your organization

Estimated time to complete this lesson: 90 minutes

Typical Services of Modern Messaging Systems

The primary purpose of messaging is to transmit e-mail messages over a computer network without requiring a direct connection between the message sender and recipient. Your colleagues do not need to be online for you to send them a message. E-mail may contain plain text or rich-text information, one or many attachments, and audio and video data streams. You can address it to one or many recipients simultaneously. Modern messaging systems also support workgroup solutions, such as discussion forums and document libraries, which you can use to share information with others. Real-time communication services, on the other hand, require all communication partners to be online at the same time to have a conversation. Exchange 2000 Server comes with real-time services for instant messaging, chat, and videoconferencing.

Exchange 2000 Server supports the following communication technologies:

Messaging To build a communications infrastructure for information transfer through e-mail messages.
Groupware To facilitate information sharing and knowledge management.
Real-time communication To transform a communications infrastructure into an instant messaging and conferencing environment.

Messaging with Exchange 2000 Server

Exchange 2000 Server is a client/server system, which means that client programs as well as server components are actively involved in the message handling. Users deal with client functionality primarily, and administrators are more concerned about the system components and their maintenance. As shown in Figure 1.1, important system components are the Active Directory service, the Information Store service, and the Simple Mail Transfer Protocol (SMTP) service, as well as other components, such as connectors to foreign messaging systems.

Exchange 2000 Server has advantages in the following messaging categories:

Enhanced client functionality
Enterprise-wide directory
Flexible system administration

Figure 1.1 - The basic elements of an Exchange 2000 organization
High-end Information Store architecture
Seamless Internet connectivity
Interoperability with foreign messaging systems
Advanced messaging security

Enhanced Client Functionality

To participate in messaging, your users must connect to their mailboxes, which reside on a particular server known as their home server (Figure 1.1). Exchange users typically work with a Messaging Application Programming Interface (MAPI)-based client, such as Microsoft Outlook 2000, or an Internet-based client, such as Microsoft Outlook Express or Outlook Web Access (OWA), to create and read messages.

MAPI-Based Clients

Outlook 2000 is a powerful messaging client that makes best use of all available server features. This client combines e-mail, calendar, contacts, and task management, as well as workgroup capabilities, and integrates with other Microsoft Office applications. Using Microsoft Word, for instance, you can easily accomplish a mail merge from Outlook contact objects. Outlook is a personal information manager (PIM) rather than a simple messaging client. However, the core functionalities of Outlook 2000—such as calendar, task, and contact items; rich-text formatted messages; spell checker, auto-signature, custom folder views, electronic forms, integration with Office 2000, and so forth—are not specific to Exchange. Outlook 2000 supports many messaging systems, such as Microsoft Mail for PC Networks (MS Mail), Lotus Domino Release 5, and Exchange 2000 Server, via appropriate MAPI transport drivers.

Examples of Exchange-specific features are the Rules Wizard and Out-Of-Office Assistant available on the Tools menu. These tools allow you to configure server-based rules for automatic message processing. The Information Store service of Exchange 2000 makes sophisticated data processing possible, whether or not the client is online. For instance, if you specify that you are out of the office (as shown in Figure 1.2) and a user sends you a message, the sender receives a notification in an instant, possibly informing this person that you are currently enjoying the sun in Florida instead of working with Outlook 2000 in the office. Server-based rules are also an ideal tool for dealing with junk mail. Use the Rules Wizard to instruct the server to move junk mail straight into the Deleted Items folder.

Note

Outlook’s add-in manager allows you to enable or disable Exchange- specific functionality. On the Tools menu, choose Options to display the Options dialog box. Click the Other tab, click Advanced Options, and then click Add-In Manager. In the Add-In Manager dialog box, you will find a list of selectable client extensions, many of which are Exchange-specific, such as Delegate Access, Deleted Item Recovery, Exchange Extensions Commands, Exchange Extensions Property Pages, and Server Scripting.

Figure 1.2 - Server-based message processing for out-of-office notifications

Internet-Based Clients

Outlook 2000 requires at least an Intel Pentium-compliant processor, up to 160 MB of disk space, 24 MB of random access memory (RAM) for Windows 95 and Windows 98, and 40 MB of RAM for Windows NT and Windows 2000. Modern workstations are well suited for this client, but the required hardware still represents a serious issue for many organizations. It is not that easy to upgrade 1000 computers in an instant, for example. You have three choices if your installed base is not ready for Outlook 2000: Upgrade the workstations, go for a Microsoft Terminal Server-based solution, or use an alternative client that is able to run on the current hardware.

Internet-compliant clients are an interesting alternative to MAPI clients, especially on UNIX machines where Outlook 2000 is not supported. Using a Post Office Protocol 3 (POP3)-based client, you can access the inbox of your mailbox to download e-mail, but workgroup and calendar features are not available. Internet Message Access Protocol 4 (IMAP4)-based clients are more powerful and provide access to all messaging folders, including public folders. Public folders, configured as Network News Transfer Protocol (NNTP)-based newsgroups, are also accessible from NNTP newsreader clients. Newsgroups are article-based discussion forums, usually replicated across the Internet.

Unfortunately, POP3-, IMAP4-, or NNTP-based clients are not aware of Outlook- specific functionality, such as calendar or contact items. If you want to provide personal calendaring, group scheduling, and contact management functionality, your users need to work with Outlook 2000 or OWA instead. OWA is a thin e-mail client that requires Internet Information Services (IIS) 5.0 on the server and works best with Microsoft Internet Explorer 5.0 or higher on the workstation. Figure 1.3 shows a contact object displayed in an address card view in OWA.

Figure 1.3 - Working with contact objects in Outlook Web Access

Web Storage System and Exchange Installable File System

The Web Storage System (WSS) is an integral part of Exchange 2000 Server. WSS provides access to mailboxes and public folders via Hypertext Transfer Protocol (HTTP) and Web Distributed Authoring and Versioning (WebDAV). OWA, for instance, relies on WSS and so does Exchange Installable File System (ExIFS), a remarkable solution that maps the local drive M on the computer running Exchange 2000 Server to the Information Store. Without any extra configuration, your Information Store is turned into a disk-like resource. You can use any standard Windows program to access message items. For example, you can use the DIR command to list all messages from your inbox at the command prompt. Any application that knows how to open or save a file is a potential client for Exchange 2000. You can read more about WSS in Chapter 8, "Designing Hosted Services with Microsoft Exchange 2000 Server."

Enterprise-Wide Directory

Personal computer (PC)-based networks are highly distributed environments. Unlike terminals, where all processing is done on a central host, PCs are intelligent devices that can process data on their own. Distributed environments, however, can quickly get out of control and call for sophisticated and coordinated system administration. Distributed systems management requires a global directory service, providing information about users, groups, printers, computers, servers, and so on. Novell Directory Service, Sun Directory Services, and Active Directory are examples of solutions that you can use to build an enterprise-wide directory. For Exchange 2000 Server, only Active Directory is of interest.

The following features allow you to establish an enterprise-wide directory based on Microsoft technology:

Integration of Exchange 2000 Server with X.500-based Active Directory
Support of MAPI- and Internet-based clients via Name Service Provider Interface (NSPI) and Lightweight Directory Access Protocol (LDAP) version 3
Use of Windows 2000 access control lists (ACLs) to protect messaging resources

Active Directory Integration and Access Control

Most users appreciate the fact that nobody can access their mailboxes without explicit permissions. When a user attempts to connect to a mailbox, the system must determine whether to grant or deny access. A directory service is necessary to provide the required security information. For this reason, ordinary messaging systems, such as earlier versions of Exchange Server, come with a directory service. With these older systems, after you have established your network directory to manage user accounts, permissions, and password policies, you need to start again, this time to establish a directory topology for messaging-related information, including user and mailbox settings and address lists. Obviously, separate directory services increase administrative overhead.

Exchange 2000 Server is integrated with Active Directory, as indicated in Figure 1.1, and it uses Windows 2000 ACLs to protect all network resources. The good news is that you can manage user account and mailbox settings in one central place—the enterprise-wide directory. You do not need a separate topology for messaging-related directory services, and the overhead of duplicated system administration is eliminated. For example, Active Directory allows you to manage user account and mailbox information efficiently via Windows 2000 group policies. However, there is also a snag: To be part of the same Exchange 2000 organization, all resources and user accounts must belong to the same Active Directory environment. An Exchange 2000 organization cannot span multiple Active Directory forests.

X.500, LDAP, and NSPI

Active Directory is a good choice for an enterprise-wide directory because it relies on an X.500-based structure and fully supports LDAP version 3. LDAP, among other things, gives you the ability to synchronize Active Directory with other LDAP-conforming directory services that may exist in the enterprise. Furthermore, all connectors of Exchange 2000 Server (to MS Mail, Lotus cc:Mail, Lotus Notes, and Novell GroupWise, for example) utilize LDAP to support directory synchronization with foreign messaging systems.

Messaging clients need to communicate with Active Directory to obtain Exchange 2000 directory information, such as global address lists. MAPI-based clients use the remote procedure call (RPC)-based NSPI, whereas Internet-based clients can access Active Directory via LDAP. Figure 1.4 shows an address book query performed via NSPI in Outlook 2000 and LDAP in Outlook Express. You can read more about the impact of Exchange 2000 Server on Active Directory in Chapter 3, "Assessing the Current Network Environment."

Figure 1.4 - NSPI- and LDAP-based address book searches

Flexible System Administration

It is easy to implement Exchange 2000 Server in an existing Active Directory environment—provided that Active Directory was designed with Exchange 2000 in mind and that you have the required permissions. If you run multiple servers in the organization, you can group them together for structured administration and efficient message routing. The same can be done for mailboxes and public folder resources. You don’t have to repeat the same configuration step 100,000 times just because your organization has 100,000 users, for instance.

The clever administrator also relies heavily on system monitoring. Exchange 2000 is able to inform you automatically if a problem has occurred that requires your attention. The system attempts to deal with problems right away so you can find their sources and eliminate them. For instance, Exchange 2000 servers propagate link state information (LSI) to inform all other servers in the organization about the state of connectors and servers. If a particular connector is marked as broken, the servers will route messages over different paths to their destinations.

With Exchange 2000 Server, flexible system administration is achieved through the following features:

Integration with Microsoft Management Console (MMC)
Integration with Windows Management Instrumentation (WMI)
Management of multiple servers by means of administrative and routing groups
Message tracking and journaling
Policy-based management of server, mailbox, and public folder resources
Retention of deleted messages and mailboxes
Support of mailbox quotas and message size limits

Custom Management Tools

You can use standard utilities, such as the Active Directory Users and Computers console and Exchange System Manager, to administer all aspects of the Exchange 2000 organization. You can also design your own management tools based on MMC and available MMC snap-ins. For example, you might find it handy to combine Exchange System Manager with the Active Directory Users and Computers console to manage mailbox-enabled accounts and system settings in a single MMC tool, as shown in Figure 1.5. It is likewise possible to create customized tools with reduced functionality and assign them to individual administrators to let them focus on specific tasks, such as the administration of mailbox resources.

Grouping of System Resources

Exchange 2000 servers are always members of an administrative and a routing group. Administrative groups define management boundaries. The Exchange Administration Delegation Wizard, an integral part of the Exchange System Manager snap-in, allows you to designate administrators conveniently at the organization and administrative group level. Routing groups, on the other hand, define the message-routing topology of your Exchange 2000 organization. With these groups, it is not necessary to configure administrative permissions or routing settings for every server separately.

Exchange 2000 Server supports system policies to assign configuration settings to all or a subset of servers in an administrative group. Three different types of policies are available: server policies to specify message-tracking options; mailbox policies to define maximum mailbox sizes (among other things) and configure database maintenance cycles; and public folder policies, which you can use

Figure 1.5 - Configuring a customized management utility

to manage settings similar to those of mailbox policies, such as storage limits and database maintenance cycles for public folders. A particular system policy applies to all those servers associated with it, as shown in Figure 1.6. Besides system policies, Exchange 2000 Server also supports recipient policies, which allow you to define default e-mail addresses for all or a filtered subset of recipients in the organization.

Figure 1.6 - Assigning a server policy to multiple servers

Automatic Server Monitoring and Event Logging

Instead of checking your systems manually every 30 minutes to see if everything is still all right, you can use the WMI-based monitoring features of Exchange 2000 Server to trigger e-mail or other notifications about critical system states as soon as they occur. A system enters a warning or critical state if an important service, such as the Information Store, is stopped or the system runs out of resources, such as disk space. You can define the criteria for warning and critical states in Exchange System Manager (Figure 1.7).

To obtain detailed information about problems, use the Event Viewer of Windows 2000 and other utilities, such as Performance Monitor. The Event Viewer allows you to examine error information returned by failed services. Exchange 2000 services keep a record of their activities primarily in the application event log. Performance Monitor, in turn, enables you to create performance reports. A detailed report can give you the confidence that your server hardware can handle the workload or identify areas where hardware upgrades could bring noticeable improvements.

Message Tracking and Journaling

As mentioned earlier, you can use server policies to enable the message-tracking features of Exchange 2000 Server. You can also enable message tracking individually by server, but it makes the most sense to activate it for the entire organization. This feature keeps a history of all messages that pass through your environment in log files. Using the Message Tracking Center, available in Exchange System Manager, you have the option of reading these log files to analyze the paths messages have taken through your system (Figure 1.8). You may prove that a message was indeed delivered to its recipient or discover where it got stuck.

Figure 1.7 - Automatic server monitoring based on thresholds for warning and critical states

Figure 1.8 - Information about the delivery path of a message

Message journaling, on the other hand, is a feature that forwards a copy of every message passed through the system to a journal recipient, such as a mail-enabled public folder, for archiving purposes. Laws, regulations, or internal policies may force you to enable this feature to keep a copy of every message item that was ever sent or received. In Exchange 2000 Server, message journaling is often referred to as message archiving. Do not confuse this feature with message archiving in Outlook 2000.

Mailbox Quotas and Message Size Limits

Mailbox quotas specified in a mailbox policy or per mailbox store allow you to control the use of server disk space. You can prevent users from exceeding a maximum mailbox size. Actually, you can define three thresholds (Figure 1.9). There is a limit that you can set at which the mailbox owner receives storage warnings, another limit at which the mailbox owner is prohibited to send further messages, and a third threshold that determines when to block the sending and receiving of messages entirely. To reduce the mailbox size, the owner must delete messages or download them from the server.

You also can specify a message size limit for your users, which is most useful if you have to transfer information over connections with a limited network bandwidth. Without restrictions, users may send messages with megabytes of attachments and it may take hours to transfer them. If you do not want to prevent your users from doing so, consider the configuration of separate transmission schedules for oversized messages. Most Exchange 2000 connectors support this feature to transfer large messages, for instance, overnight.

Figure 1.9 - Mailbox size limits

Deleted Item Retention

If you take a closer look at Figure 1.9, you will find settings that allow you to specify deleted item retention times. You can allow your users to recover deleted items without requiring administrator intervention by configuring an appropriate retention of deleted messages. As shown in Figure 1.9, even deleted mailbox retention is possible, which gives you the ability to recover entire mailboxes without the need for backups. However, keep in mind that this feature does not help much if the entire server has crashed. Regardless of deleted item retention, you will need to perform system backups.

High-End Information Store Architecture

You should equip your Exchange 2000 servers with enough hard disk capacity to hold all messages in the Information Store instead of forcing users to download them to their clients. They can then access their messages from multiple client machines, and it simplifies backup and restore procedures because simply backing up the server saves all the e-mails. However, depending on the number of users, this may be an enormous amount of data. How can you maintain 100 GB or more of messages on a single system? You need a flexible and very reliable Information Store system.

The following features of Exchange 2000 Server allow you to support a large number of users (as many as several thousand) on a single server:

Automatic maintenance and defragmentation of Information Store databases at specified intervals
Single-instance storage to save disk space and speed up message delivery
Support for multiple Information Store databases per server
Support of online backup and recovery operations for individual databases
Unlimited size of Information Store databases

Information Store Service and Client Access

The Information Store of Exchange 2000 is the active server component with exclusive access to the mailbox and public folder stores on the server. This eliminates the risk of database corruption due to concurrent file access from multiple clients. Absolutely no other component but the Information Store has access to the databases.

MAPI-based clients communicate with the Information Store via RPCs to download and display messaging information. The Information Store also initiates communication with MAPI-based clients whenever new messages arrive to inform the clients when they need to update their folder views. Due to the active role of the Information Store, message delivery on the same server is incredibly fast. The message appears in the recipient’s inbox in about one second. Across servers, performance depends on the quality of the network, of course. In a typical LAN environment, messages will take only minutes to arrive at their destinations.

MAPI-based clients do not need to poll the server, but Internet-based clients do. They need to check for new messages themselves because they do not contact the Information Store directly. These clients use intermediate protocol engines executed in the context of IIS virtual servers, such as the POP3 service or the IMAP4 service, which in turn contact the Information Store to obtain the desired information. All Internet transport and access protocol engines communicate with the Information Store service via a dedicated, high-performance queuing layer, known as the Exchange Interprocess Communication Layer (EXIPC), as shown in Figure 1.10.

Figure 1.10 - RPC- and Internet-based access to the Information Store

Single-Instance Storage Feature

Single-instance storage means that an item addressed to multiple recipients on the same server will only be stored as a single copy and all recipients receive an individual pointer to this object. This saves disk space and improves delivery performance. Instead of delivering a message addressed to 1000 recipients 1000 times, it delivers the same message once, saving 999 instances of delivery time. The users can access the single message and read it just as if it belonged exclusively to them. When they delete the message, only their reference is removed. If a user saves changes back into the message, the Information Store creates a new individual copy of the item for this person.

Information Store Maintenance

The more mailboxes you place in a database (that is, the more users working with a particular database), the more quickly the database file becomes internally fragmented. Every deleted message, for instance, leaves a gap of unused space in the file that is not recovered until defragmentation is performed. The Information Store defragments its databases during scheduled maintenance cycles to compact them internally and recover free space within them. Minor database inconsistencies are also fixed. It is important to note, however, that online defragmentation does not result in reduced database size. Objects are simply reordered and free space marked as available. To actually shrink a database file, you need to compact it offline using a low-level utility called ESEUTIL.EXE. It is seldom required to compact the databases.

It is advisable to keep the number of users per database at a moderate level. The Enterprise Edition of Exchange 2000 allows you to configure multiple databases per server, which helps to decrease the rate at which fragmentation occurs and reduces the size of each individual database file. It is advantageous to keep the databases at reasonable sizes, as explained later in this chapter. Multiple databases are not supported in the Standard Edition of Exchange 2000.

Note

The databases of Exchange 2000 Enterprise Server can grow beyond all limits up to the maximum capacity of the server’s disks. The store of the Standard Edition, however, is limited to 16 GB.

Backup and Restore Operations

Exchange 2000 Server comes with a full-featured backup utility that supports online backup operations (Figure 1.11). The great advantage of online backups is that users do not need to disconnect from their mailboxes for you to back up the system. Furthermore, it is possible to establish more than one backup session for multiple databases concurrently. The databases from a single storage group should be backed up in the same session, however. The Enterprise Edition allows you to create a total of four storage groups with up to five stores each. The smaller the individual database files, the faster you can complete the backup operations. The same is true for restores. You can restore individual Information Store databases separately without affecting users with mailboxes in other databases.

Figure 1.11 - The Backup program of Exchange 2000 Server

Note

It is not advisable to unnecessarily separate mailboxes in distinct databases. The single-instance storage feature is not available across multiple Information Store databases.

Backups and Transaction Logs

The Information Store is transaction-oriented, which means that new transactions (such as new messages) are first written to a transaction log file and incorporated into the Information Store databases later. By default, transaction log files are not purged until you perform a full online backup. In other words, new items will exist in two locations (the transaction log and the database) for some time. If you are not already using redundant array of independent disks (RAID), you can significantly increase the fault tolerance of the server by placing the logs and databases on different hard disks. In case the database hard disk breaks, you only need to restore the most recent backup. When you restart the Information Store service, it transfers the most recent transactions that occurred after the backup into the recovered databases. You do not lose any data because the most recent transactions are still available in the transaction log files on the other disk. You can read more about backup and restore operations in Chapter 11, "Designing a Disaster Recovery Plan for Microsoft Exchange 2000 Server."

Windows 2000 Cluster Service

It is attractive to concentrate mailboxes and public folders on a small number of powerful server machines. The fewer servers you need to maintain, the less the administrative overhead. Exchange 2000 is certainly able to handle thousands of users per server, but only on a very powerful system. As the number of users increases, so does the impact associated with unplanned downtime. If you intend to support thousands of users on a single machine, you may want to consider using a Windows 2000 cluster to achieve the required system resilience and availability. Exchange 2000 Server supports active/active server clustering, which means that all nodes of the cluster can run a virtual server instance. If one node fails, failover mechanisms take the affected virtual server offline and then online again on one of the remaining nodes (Figure 1.12).

The Windows 2000 Cluster service is the fastest emergency repair service available, but it has limitations. If the virtual server instance fails due to a hard disk problem, the failover to another node will fail for the very same reason. You can read more about clustering in Chapter 10, "Designing Fault Tolerance and System Resilience for Microsoft Exchange 2000 Server."

Note

With Windows 2000 Advanced Server, two-node clusters can be configured, and with Windows 2000 Datacenter Server, clusters with up to four nodes are supported.

Figure 1.12 - A failover of a virtual Exchange 2000 Server due to a node failure

Seamless Internet Connectivity

The Internet is the single most important global messaging environment today, and it goes without saying that every modern messaging system must support connectivity to the Internet at no extra costs. Exchange 2000 Server, for instance, supports all relevant protocol standards and Multipurpose Internet Mail Extensions (MIME). The system does not waste time with the conversion of Internet messages into Exchange formats. Instead, message conversion takes place only when MAPI-based clients request access to the items. This feature is called on-demand content conversion or deferred content conversion.

The following features are especially important when connecting an Exchange 2000 organization to the Internet:

Integration with IIS 5.0
Prevention of unsolicited commercial e-mail
Prevention of e-mail-based viruses
Support for front-end/back-end (FE/BE) server configurations
Support of firewall architectures through front-end/back-end configurations and encryption technology
Support of SMTP, POP3, IMAP4, HTTP/WebDAV, MIME, and other Internet standards

Integration with IIS

Exchange 2000 Server is seamlessly integrated with IIS 5.0. The advantage is that you can design Exchange 2000 Server subsystems for SMTP, POP3, IMAP4, and HTTP based on IIS virtual servers to configure individual protocol settings for specific groups of Internet users. A single server can appear as several virtual servers, which is particularly useful for Internet service providers (ISPs) that plan to host numerous independent Web sites for their customers on a small number of powerful servers.

Front-End/Back-End Server Configurations

ISPs that provide services to a large number of Internet clients will find FE/BE server configurations interesting. FE servers concentrate incoming client connections and connect to BE systems, where the mailbox and public folder resources reside. In other words, FE servers proxy incoming client connections to the BE systems. The main advantage of this architecture is the concentration of incoming client connections. Instead of supporting tens of thousands of potential users through a single machine, you can split the incoming connections across multiple FE servers, as indicated in Figure 1.13. For maximum scalability, it is possible to group FE servers together by means of a network load-balancing solution and BE systems through a Windows 2000 cluster.

Figure 1.13 - Distributing the workload with FE/BE configurations

Firewall Configurations and Encryption Technology

FE/BE configurations are also suitable to enforce computer security through firewalls and encryption technology. You can implement advanced firewall configurations between the clients and the FE servers and between the FE and BE systems. Hosted environments will need this form of deployment to implement a sufficient level of security. Using Secure Sockets Layer (SSL), it is possible to encrypt the communication between the FE servers and the Internet-based client programs. The FE and BE servers in turn can communicate nonencrypted information across the private network without any SSL overhead. You can read more about FE/BE configurations and computer security in Chapter 8, "Designing Hosted Services with Microsoft Exchange 2000 Server."

Prevention of Unsolicited Commercial E-Mail and Relay Restrictions

If you connect your Exchange 2000 organization to the Internet, you may become a target for those sources that waste precious resources with unsolicited commercial messages. Sooner or later, your users will receive this kind of e-mail, which can quickly get out of hand. To prevent the delivery of unsolicited messages from specific sources, activate message filtering on your SMTP virtual servers in Exchange System Manager.

Exchange 2000 also protects you from advertisers that want to send messages to your SMTP host for relaying. The system enforces relay restrictions for anonymous connections by default. If your systems accept anonymous relaying, all an advertiser has to do is compose one message, specify thousands of recipients conveniently from a database, and then send this single message to your host. Your host does all the work of sending the unsolicited message to the thousands of users on the Internet. It is, therefore, not advisable to loosen relay restrictions on systems exposed to the Internet.

Prevention of E-Mail-Based Viruses

Blocking unsolicited messages directly on the server is a basic measure to prevent viruses from spreading across your organization. Unfortunately, there is always a high risk of receiving malicious code contained in junk mail attachments. The idea is very simple. The attacker attaches a virus-infected document to a message, sends this message to you, and when you open the attachment, the malicious code is activated. The virus might then tamper with or destroy files and the configuration of your workstation. The virus might also open your client’s address book and forward the malicious message to all recipients in your organization. Your colleagues will receive the virus message with your name on the From line and open the message attachment, spreading the virus. This can end in a flood of e-mail, which can quickly overwhelm your servers. Often, the administrators must shut down their e-mail systems to prevent the virus from spreading. The messaging environment will be out of order until the administrators are able to obtain a virus scanner that can clean up the mess. Usually, the manufacturers of virus scanners react very quickly and update their virus lists within hours. Nevertheless, the denial-of-service attack would have been successful and the damage would be done.

With Exchange 2000 Server, you can put an effective end to mail worm viruses before they affect your organization. The core transport engine—the SMTP transport engine—is extensible and allows you to implement custom event sinks that fire whenever a new message is received. Virus scanners, developed specifically for Exchange 2000 Server, can use this mechanism to check every incoming message for malicious content and can block the delivery if a virus is detected. It is also possible to prevent unknown viruses from spreading. All mail viruses have one significant feature in common: They are contained in attachments (the message text itself cannot hold the virus code). With a few simple Microsoft Visual Basic Scripting Edition (VBScript) lines, you can create a custom event sink that blocks all messages from the Internet that have an attachment of any kind or forward them to an experienced administrator for inspection before they are given to the actual recipient. The blocking of critical messages is demonstrated in MCSE Training Kit: Microsoft Exchange 2000 Server Implementation and Administration.

Interoperability with Foreign Messaging Systems

Exchange 2000 Server provides connectors to MS Mail, Lotus cc:Mail, Lotus Domino/Notes, and Novell GroupWise only. Connectors to other systems are not available. If you need to connect to any other system, use X.400 or SMTP, or evaluate running Exchange Server version 5.5 on a bridgehead server. This is appropriate, for instance, if you need to connect to IBM OfficeVision/VM or any other Professional Office System (PROFS)-based or System Network Architecture Distribution Services (SNADS)-based messaging system. Exchange Server 5.5 is included in the Exchange 2000 product package.

Exchange 2000 Server supports interoperability with foreign messaging systems through the following components:

Active Directory Connector (ADC) and Site Replication Service (SRS)
Connector components to MS Mail, Lotus cc:Mail, Lotus Domino/Notes, and Novell GroupWise
Native support for 1988 X.400 standards
Native support for SMTP

Active Directory Connector and Site Replication Service

ADC and SRS are required to integrate Exchange 2000 Server seamlessly with earlier versions of Exchange and to upgrade an existing Exchange organization. The ADC allows you to synchronize the legacy Exchange directory with Active Directory. Because of this synchronization, you can ensure a common global address list for all users, whether they still reside on Exchange Server 5.5 or are migrated to Exchange 2000 Server. SRS, on the other hand, disguises the Exchange 2000 environment and presents it as a system running an Exchange directory service to ensure full compatibility with earlier versions. You can read more about ADC and SRS in Chapter 6, "Designing an Upgrade Plan to Microsoft Exchange 2000 Server."

Native Support for 1988 X.400 Standards

Exchange 2000 Server comes with a full-featured message transfer agent (MTA), which is a real X.400 system that conforms to the 1984 and 1988 CCITT (International Telecommunication Union) X.400 standards. The MTA also supports RFC 2156 MIME Internet X.400 Enhanced Relay interoperability. In addition to transmitting messages, the MTA is responsible for message conversion between the Exchange and native X.400 formats. You can use the MTA to configure X.400-based connections to foreign X.400 systems and to other computers running Exchange 2000 Server or previous versions of Exchange Server. Native support for X.400 is especially useful for organizations that currently operate an X.400-based messaging backbone.

Native Support for SMTP

In Exchange 2000 Server, the MTA has traded roles with the SMTP service. The SMTP service assumes the responsibilities of the central routing engine, which has several advantages. It ensures maximum interoperability with the Internet and other SMTP-based messaging systems. SMTP also works well even over low-bandwidth network connections with high latencies. Exchange 2000 always uses SMTP to route and transfer e-mail messages between servers in the same routing group.

The SMTP service communicates with Active Directory to determine the destination of each message based on its recipient information. A recipient may reside on the same server, on a different server within the organization, or in a foreign messaging environment with different communications, addresses, and message formats. If the recipient resides on the same server, the SMTP service simply passes the message back to the Information Store for delivery. If the recipient is on another server in the organization, the message is first transferred to the recipient’s home server and then passed to the Information Store. If the recipient is outside the organization, the SMTP service determines an appropriate messaging connector or gateway and delivers the message to the connector’s outgoing message queue, which is a repository similar to a folder in a mailbox. From this folder (that is, the outgoing message queue), the connector picks up the message, converts it into the appropriate foreign format, translates the originator and recipient addresses as required (by communicating with Active Directory), and then transfers the converted message to the foreign system, as indicated in Figure 1.1. Connectors also receive messages from foreign systems, convert them if required, and then place them in their incoming message queue in the Information Store. The Information Store service informs the SMTP service that a new message was received, which must be routed further to its final destination, and the SMTP-based routing process starts all over again. You can read more about the design of message-routing topologies in Chapter 5, "Designing a Basic Messaging Infrastructure with Microsoft Exchange 2000 Server."

Note

Detailed information about the architecture of Exchange 2000 Server and the roles of the server-based services is available in MCSE Training Kit: Microsoft Exchange 2000 Server Implementation and Administration.

Advanced Messaging Security

Messaging has evolved into a business-critical application. Exchange 2000 Server allows you to ensure the authenticity of messages and prevent disclosure of sensitive information to unauthorized persons.

The following features are the basis for advanced messaging security in Exchange 2000 Server:

Support for Secure/MIME (S/MIME) and X.509 version 3 certificates
Integration into the public-key infrastructure (PKI)
Zeroing-out database blocks after content deletion

S/MIME and X.509 Version 3

Exchange 2000 Server supports digitally signed and sealed messages within and between messaging organizations, and accepts X.509 version 3 certificates issued by Windows 2000 Certificate Services or certificate authorities (CAs) on the Internet, such as VeriSign. A signed message allows its recipients to countercheck that the originator was truly the sender and that the content has not been tampered with. A sealed message, on the other hand, contains encrypted information in unreadable form to unauthorized recipients that may have intercepted the item. Only the intended recipients are able to decrypt and read the contents. It is noteworthy that a signed message is not automatically sealed, and a sealed message does not necessarily carry a digital signature. To exchange secure messages with other organizations, you can configure certificate trust lists (CTLs) to support the foreign X.509 certificates.

Integration into Public-Key Infrastructures

To integrate Exchange 2000 Server into a PKI, you need to install Key Management Service (KMS). KMS integrates with Certificate Services of Windows 2000 Server to issue X.509 security certificates on behalf Exchange 2000 users. The KMS maintains a history of security keys in an encrypted database on the Key Management server for administrative recovery of lost security information. Recovery of lost security keys is one of the main advantages of the KMS. Without recovering security keys, users who lose their keys are unable to decrypt any existing sealed messages. The KMS is covered in more detail in Chapter 9, "Implementing Security for Hosted Services."

Zeroing-Out Database Blocks After Content Deletion

By default, it is possible to retrieve deleted messages from the Information Store databases because they are marked as deleted but not overwritten immediately. If internal policies force you to prevent the recovery of deleted messages, you need to activate the option to zero-out database blocks after content deletion. Keep in mind, however, that the zeroing is performed only during online backups after the data is written to tape, which means that the deleted items are recoverable from backup media. Make sure that the backup tapes are stored in a secure location.

Note

Zeroing-out database blocks does not prevent data recovery from backups or the download of confidential information to local hard disks prior to deletion on the server.

Workgroup Computing with Exchange 2000 Server

Groupware applications allow you to streamline business processes and facilitate the daily work of your users. Are you still using snail mail to route paper documents to internal departments? Why don’t you let Exchange 2000 Server do the job electronically? This cuts the costs for printer toner and paper and can accelerate business processes, such as the handling of holiday requests, travel expense reports, and so forth. Messaging systems are ideal for many situations where users have to report, share, or forward information.

Exchange 2000 Server offers services for workgroup computing in the following categories:

Instant workgroup solutions
Information and knowledge management
Development of Outlook- and Web-based workgroup, workflow, and resource management solutions

Exchange 2000-Based Workgroup Solutions

The principle of workgroup and workflow solutions is simple: Users run an appropriate client program, such as Outlook 2000, to post information in the form of messages, articles, documents, or other items into a public folder and share the data with other users. It is possible to replicate the items automatically within and between organizations and you can enable content indexing for fast searches and information retrieval. Public folders also give you the ability to process items automatically based on synchronous and asynchronous events, which the Information Store triggers to launch registered event sinks. An event sink is a component written in a COM+ compatible programming language, such as Microsoft Visual Basic, Microsoft Visual Basic Scripting Edition (VBScript), or JavaScript to process items. Events and event sinks are the basis of sophisticated workflow.

Instant Workgroup Solutions

Using Outlook 2000, it is easy to implement basic workgroup solutions. In the simplest case, you only need to configure a public calendar, tasks, journal, or contacts folders and your group calendar, team planner, activity tracking system, or contact management solution is ready. For instance, you may find it useful to create a public folder for task items, name it Exchange Deployment, and use it to assign the members of your deployment team individual project tasks. You can then track the activities of your project team centrally. You can also specify a folder moderator to automatically forward new items to this person for approval, corrections, or other processing. When you start implementing groupware, you will find that many solutions do not require any programming skills.

The following are examples of instant workgroup solutions:

Standard Outlook modules placed in public folders for contact, journal, and task management
Discussion groups that display items in threaded views according to conversation topics

Web-Based Workgroup and Workflow Solutions

It is also straightforward to create Web-based workgroup solutions because Exchange 2000 Server supports all popular Internet mail standards and WSS. Users can work with a broad variety of client applications, including Windows Explorer and OWA, which relies on WSS to get access to them. If the standard functionality is not sufficient, use Microsoft FrontPage 2000 to develop custom solutions based on WSS forms, which are electronic forms in Hypertext Markup Language (HTML), or use Active Server Pages (ASPs) to display the data. Web-based workgroup solutions are very attractive if you intend to build closer relationships with customers, partners, or suppliers (Figure 1.14). Every item in the Information Store is accessible through a Uniform Resource Locator (URL).

Note

The Office Developer CD, included in the product package, contains an extension to FrontPage 2000 for HTML-based forms development. It is possible to save the HTML forms directly in the WSS.

The following features facilitate the implementation of Web-based workgroup and workflow solutions:

ExIFS for seamless integration with the file system
Integration with Microsoft FrontPage 2000 to create Web sites directly in WSS

Figure 1.14 - Outlook- and Web-based information sharing
OWA to work with standard items in mailbox and public folders
Support for Extensible Markup Language (XML) for a native representation of different data types over HTTP
Support for WebDAV to access messages, documents, and other items in mailboxes and public folders from any Web browser or WebDAV-enabled client, such as Windows Explorer
WSS forms to implement custom forms based on Web pages processed by an Internet Server Application Programming Interface (ISAPI) extension or ASP and to replace the default form and view renderings of OWA
WSS to access all information in the Information Store through URLs

Enhanced Information Management

You can store and retrieve documents directly to and from document libraries implemented in public folders. If a user saves a Word document in a public folder, the Information Store promotes all document properties, such as author or document version, to the MAPI-based message store, which allows Outlook and OWA users to sort the items in public folder views. As mentioned earlier, you can enable full-text indexing and search capabilities to facilitate high-speed searches for words and phrases contained in documents and message attachments. This functionality is achieved by integrating the query engine of Exchange 2000 Server with the Microsoft Search service (Figure 1.15).

Information management is achieved through the following features:

Built-in full-text indexing and search capabilities
Cross-platform support for MAPI- and Internet-based clients
Integration with Microsoft Office 2000 based on WSS technology
Promotion of document properties to the MAPI-based Information Store

Figure 1.15 - Exchange 2000 Server and the Microsoft Search service

Development of Workgroup Solutions

If you start implementing custom solutions based on WSS forms or ASP, you soon may want to add more sophisticated program logic using a COM+ compliant programming language. Collaboration Data Objects 3.0 (CDO) is a perfect choice for workgroup solutions that run directly on the server, such as ASPs. You can also use Object Linking and Embedding Database (OLE DB) and ActiveX Data Objects (ADO) to develop database applications that combine Exchange 2000 Server with Microsoft SQL Server and other OLE DB-compliant database systems. Database developers who need to access Exchange 2000 resources will find ADO very convenient to use.

You can create alternate public folder hierarchies for Web-based solutions and replicate them to remote servers to deploy workgroup applications easily across the entire organization. This approach provides fault tolerance for mission- critical business solutions, and it allows you to optimize system response times. Instead of forcing the users to access a public folder over a slow WAN link, for instance, you can create a folder replica on both sides of the WAN and let your users work with their local copy. Exchange 2000 Server synchronizes the public folder contents automatically in the background.

Exchange 2000 facilitates the development of workgroup solutions by means of:

CDO to develop messaging solutions that run directly on the server
OLE DB and ADO to facilitate the development of database applications that combine Exchange 2000 Server with other database systems
Public folder replication to distribute workgroup applications across the organization and provide fault tolerance for mission-critical business solutions

Development of Workflow Solutions

Workflow solutions enable you to automate business processes. Every process that requires a series of actions to accomplish a particular business objective is a good candidate for workflow. At the simplest level, you add a routing slip to a Microsoft Office document to send it to other users for reviews. A moderated public folder, as discussed earlier, may also be seen as a workflow implementation. More complex business processes require further capabilities, such as tracking and audit facilities, to measure the process efficiency and resolve exceptions.

Workflow in Exchange 2000 Server is based on the concept of a central repository (that is, a mailbox or public folder) that holds the items to be processed and provides an interface to program the workflow logic. You can find a graphical tool called Workflow Designer on the Office Developer CD, included in the product package, which you can use to map out workflow processes and build a workflow skeleton. Basically, workflow solutions rely on the same technology as workgroup applications (such as WSS, CDO, OLE DB, and ADO), but they require additional elements to trigger the processing.

Workflow is an event-driven process. As mentioned earlier, Exchange 2000 supports synchronous and asynchronous events. Synchronous events occur before an item is placed in a folder. These events give you exclusive control over the item that triggered the event and are therefore well suited for workflow solutions. The CDO Workflow Engine of Exchange 2000 Server utilizes synchronous events to implement a reliable workflow infrastructure based on WSS. Asynchronous events, in contrast, fire in an arbitrary order after the item is saved and do not block the event source. Earlier versions of Exchange Server used asynchronous events because synchronous events were not available.

Exchange 2000 Server provides a reliable workflow environment by means of:

CDO Workflow Engine to provide a workflow infrastructure based on WSS
Synchronous events to trigger workflow logic that customizes the core functions
Workflow Designer to map out workflow processes and build a first skeleton of the workflow solution

Resource Management Solutions

Resource management solutions enable you to access and manipulate Active Directory objects and administer mailbox and Information Store settings. You have two key technologies available: the Exchange 2000-based CDO for Exchange Management (CDOEXM) and the Windows 2000-based Active Directory Services Interface (ADSI). You should prefer CDOEXM to create mailboxes for new users, set mailbox properties, or mail-enable contacts and public folders programmatically. ADSI, on the other hand, allows you to develop powerful directory applications that can be used to administer the entire Active Directory environment. It would be useful, for instance, to develop a solution for a human resources department that tracks job applications and new hires. The VBScript code in the workflow process may use ADSI and CDOEXM to create user accounts for new employees and mailbox-enable them automatically.

You can add management functionality to your workgroup solutions by means of:

CDOEXM to add Exchange 2000 management functionality to Web-based workgroup applications
ADSI to access and manipulate Active Directory objects

Advanced Communication with Exchange 2000 Server

Traditional workgroup solutions have one shortcoming: They are not suitable for immediate communication in real time. For example, a user help desk solution may allow your users to request technical help, get help via e-mail, and track the status of the requests in a Web browser, but such a solution does not allow the users and specialists to communicate with each other right away. More often than not, the specialist must reach for the phone and discuss the problem or visit the user on site. Real-time communication facilities (for example, Instant Messaging, Exchange Chat, or Microsoft Exchange 2000 Conferencing Server) allow your users to have a dialogue with each other without the overhead of composing and sending e-mail or traveling to a meeting in a remote location.

Exchange 2000 Server offers advanced communication services in the following categories:

Data and videoconferencing via Exchange 2000 Conferencing Server
Enhanced communication through online discussions based on Instant Messaging or Exchange Chat
Multimedia messaging via Outlook and OWA extensions

Instant Messaging, Chat, and Exchange 2000 Conferencing Server

Instant messaging (IM) is an evolving technology that allows users to have a dialogue with other users via short text messages that are posted immediately to the screen. IM users propagate presence information to their home servers to indicate when users are online, idle, or out of the office. The home servers propagate this information to all those clients that have registered interest in the presence information (Figure 1.16). Using IM, you may be able to reach your colleagues even if messaging connectors are broken or temporarily out of order for any reason.

Exchange Chat Service supports online discussions and other forms of group communication using an Internet Relay Chat (IRC)- or Extended Internet Relay Chat (IRCX)-compliant client. Chatting is very popular on the Internet and you can use it to enhance the functionality of Web-based workgroup solutions, for instance. Exchange 2000 Conferencing Server, on the other hand, is Microsoft’s most powerful real-time communication platform, enabling you to manage and coordinate virtual meetings, such as data and videoconferences. Your users can use a T.120-conforming client, such as Microsoft NetMeeting, to join a data conference and share applications or even their entire desktop, which might be an interesting feature for a user help desk solution, to continue the earlier example. When the user shares his or her desktop, a specialist can take over and control the workstation over the network. A client for videoconferences, on the other hand, is available in the form of an ActiveX control.

Note

Instant Messaging and Exchange Chat are part of the Exchange 2000 Server Enterprise Edition and do not need to be purchased separately. Exchange 2000 Conferencing Server is an extra product.

Multimedia Messaging

Multimedia messaging is not a true real-time communication service because audio and video data is attached to regular e-mail messages. If your workstation is equipped with audio and video features, you can use this feature to add multimedia

Figure 1.16 - Instant messaging with Exchange 2000 Server

presentations to your messages. To record your information, use the Microsoft Exchange Multimedia Control in OWA or the Microsoft Exchange Multimedia Extension for Outlook 2000. Keep in mind that your network must be ready to handle very large e-mail messages if your users are interested in using multimedia messaging. Exchange 2000 also supports Voice Profile for Internet Mail (VPIM), which facilitates interoperability and compatibility among voice and messaging systems.

Available Exchange 2000 Server Editions

Exchange 2000 Server has an overwhelming set of features to offer, covering the messaging needs of small through very large organizations. Each organization, however, has a unique environment and a unique set of requirements. To best address these needs, Microsoft offers three different server editions: Standard, Enterprise, and Conferencing (Table 1.1).

The Standard Edition is designed to provide essential messaging and workgroup functionality to small and medium organizations. The Standard Edition offers most but not all of the features that are available in the Enterprise Edition, which is more appropriate for large organizations and ISPs that have higher reliability and scalability requirements. Exchange 2000 Conferencing Server, on the other hand, does not provide any of the Standard or Enterprise functionality. It is Microsoft’s platform for data and videoconferencing. Conferencing Server can be installed separately and does not require an existing Exchange 2000 organization, although it is advantageous to use the systems in combination with each other.

Table 1.1 Functional Differences Between Server Editions

Feature	Standard	Enterprise	Conferencing
Active/active clustering	Not available	Available	Not available
Connectors to foreign messaging systems	Available	Available	Not available
Data conferencing	Not available	Not available	Available
Exchange 5.5 Server	Available	Not available	Not available
Exchange 5.5 Server Enterprise Edition	Not available	Available	Not available
Exchange Chat	Not available	Available	Not available*
Exchange Server 5.5 Service Pack 3	Available	Available	Not available
FE/BE configuration	Not available	Available	Not available
Instant Messaging	Available	Available	Not available
Messaging and groupware services	Available	Available	Not available
Multicast video- conferencing	Not available	Not available	Available
Office 2000 Developer Tools	Available	Available	Not available
Outlook 2000	Available	Available	Not available
Service Release 1
Outlook for Macintosh 8.2.2	Available	Available	Not available
Unlimited Information Store	Not available	Available	Not available
WSS	Available	Available	Not available
* Users may chat using Microsoft NetMeeting.

Note

Exchange 2000 Server is also available as part of Microsoft Small Business Server 2000, which is a solution designed for small organizations with fewer than 50 users. Small Business Server 2000 includes Microsoft Windows 2000 Server, Exchange 2000 Server, Microsoft Internet Security and Acceleration Server 2000, Microsoft SQL Server 2000, and Microsoft Fax Server.

Server and Client Access Licenses

Microsoft requires you to purchase two types of licenses if you want to utilize Exchange 2000 in your organization (Figure 1.17). You need to obtain a license for the actual server installation and Client Access Licenses (CALs) for every authenticated user who will access resources on the server, such as a mailbox or

Figure 1.17 - Required licenses in an Exchange 2000 organization

public folders. CALs are the same for the Standard, Enterprise, and Conferencing Server Editions and include access rights to all three editions, but server licenses must be purchased according to the server version you want to implement (Exchange 2000 Server, Exchange 2000 Enterprise Server, or Exchange 2000 Conferencing Server). For up-to-date information on licensing issues, go to http://www.microsoft.com and search on the words "Exchange 2000", "pricing", and "licensing."

Note

CALs include the right to use Outlook 2000, an Internet mail client, or OWA to access server-based resources. Windows 2000 CALs, however, are not included in Exchange 2000 CALs and must be purchased separately. Anonymous access to Exchange 2000 Server resources does not require a CAL.

Lesson Summary

Exchange 2000 Server is an example of a modern messaging and groupware system that enables you to build a reliable and secure communications infrastructure. This platform is a good choice if you want to provide your users with enhanced client functionality, for instance. It also allows you to implement an enterprise-wide directory to reduce the overhead associated with system administration. The architecture of the Information Store is powerful enough to support thousands of users on a single machine. The SMTP-based routing engine is the foundation of efficient message transfer within the organization, supporting seamless connectivity to the Internet.

Exchange 2000 Server also gives you the means to develop highly customized workgroup and workflow applications, even without programming. You can implement instant workgroup solutions and systems for knowledge management with minimum effort. You can also develop powerful Outlook- and Web-based workgroup, workflow, and resource management solutions.

Exchange 2000 Server supports real-time communication, which broadens the spectrum of communications services. These services, such as Instant Messaging, are gaining increasing importance because they allow your users to communicate without the overhead of sending e-mail messages. Instant Messaging is available in Exchange 2000 Server. Exchange Chat is available in Exchange 2000 Enterprise Server. Data and videoconferencing services require Exchange 2000 Conferencing Server.