Professional Documents
Culture Documents
M I C R O S O F T
L E A R N I N G
P R O D U C T
10233B
Lab Instructions and Lab Answer Key:
Designing and Deploying Messaging
Solutions with Microsoft Exchange
Server 2010 SP2
Information in this document, including URL and other Internet Web site references, is subject to change
without notice. Unless otherwise noted, the example companies, organizations, products, domain names,
e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with
any real company, organization, product, domain name, e-mail address, logo, person, place or event is
intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the
user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in
or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property
rights covering subject matter in this document. Except as expressly provided in any written license
agreement from Microsoft, the furnishing of this document does not give you any license to these
patents, trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational purposes only and
Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding
these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a
manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links
may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not
responsible for the contents of any linked site or any link contained in a linked site, or any changes or
updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission
received from any linked site. Microsoft is providing these links to you only as a convenience, and the
inclusion of any link does not imply endorsement of Microsoft of the site or the products contained
therein.
2012 Microsoft Corporation. All rights reserved.
Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty
/Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies. All other trademarks are
property of their respective owners
Module 1
Lab Instructions: Introduction to Designing a Microsoft
Exchange Server 2010 Deployment
Contents
Exercise 1: Evaluating an Existing Messaging Infrastructure
Exercise 2: Creating a Requirements Document
8
12
14
15
Lab Setup
For this lab, you do not require any virtual machines.
Lab Scenario
You are a messaging engineer for A. Datum Corporation, an enterprise-level organization with multiple
locations. A. Datum is an international corporation involved in technology research and investment, and is
planning to upgrade from Exchange Server 2003 to Exchange Server 2010. A. Datum currently has three
remote sites, and their headquarters. The company is pursuing an aggressive expansion plan, and will be
adding two new office locations during the upgrade project.
Location
London
Corporate
Headquarters
Internal users
12,000 currently
10,000 after the new
London office is ready
Mobile users
London (new
office)
4,000 (anticipated)
San Diego
Former head
office of
Trey Research
500
Vancouver
6,000
(continued)
Location
Internal users
Mobile users
Tokyo
5,000
Chennai (new
office)
800 (anticipated)
A. Datum has deployed a single Active Directory forest with a dedicated root domain named
Adatum.com, and three child domains in the same tree. These domains are:
EU.Adatum.com
NA.Adatum.com
AS.Adatum.com
Additionally, the organization has deployed a domain named TreyResearch.net in the San Diego location.
This domain is configured as a separate tree in the Adatum.com forest.
Adatum_Info.vsd
Domains:
2.
Complete the appropriate sections in the Current Network Infrastructure Analysis document.
3.
Complete the appropriate sections in the Current Messaging Infrastructure Analysis document.
Note
You may not be able to fill in all of the information in the documents.
Adatum_Info.vsd
Jason Carlson
31st January 2010
LondonSite
RD-LON-DC1
RD-LON-DC1
EU-LON-DC1
EU-LON-DC2
Additional notes
Additional notes
10
Jason Carlson
31st January 2010
Exchange
version and
SP level
Server
role
Location
LON-MSG-FE1
Exchange
Server 2003
Frontend
server
London
11
(continued)
A. Datum Current Messaging Infrastructure Analysis
Exchange Server Configuration
Additional notes
Settings
Administrative
groups
Administrator
groups
Routing
groups
SMTP
namespaces
Additional notes
Results: After this exercise, you should have completed the appropriate sections in the Current Messaging
Infrastructure Analysis document.
12
2.
3.
Discuss the components that you will need to include in the Exchange Server design to meet the
company requirements.
Note
You may not be able to fill in all of the information in the documents.
2.
Jason Carlson
31st January 2010
13
(continued)
A. Datum Project Requirements Analysis
Summary of additional requirements
This section lists the additional requirements identified during the requirements analysis task.
Additional requirements may include data related to additional stakeholders, required technology,
and user requirements:
Task 3: Discuss the components that you will need to include in the Exchange Server
design to meet the company requirements
You will complete these sections as a group.
What components will you need to include in the Exchange Server 2010 deployment to meet the
business requirements?
2.
What components will you need to include in the Exchange Server 2010 deployment to meet the
technical and additional requirements?
Results: After this exercise, you should have completed the A. Datum Project Requirements documents.
14
Question: How do you resolve scenarios where addressing all of the requirements will cost
significantly more than the proposed budget?
Results: After this exercise, you should have answered the preceding questions.
15
Users must be able to send and receive email from the Internet at all times.
If an Exchange Server fails, users should experience very little disruption in service, and no mail
messages should be lost.
Requests for restored mailboxes and messages must be processed as soon as possible.
16
Review the high availability requirements document that the CIO and COO have created.
2.
3.
Task 1: Review the high availability requirements document that the CIO and COO
have created
Working with group members, brainstorm a list of other information that is required to create the
SLA.
2.
Jason Carlson
31st January 2010
Questions
Results: After this exercise, you should have completed the High Availability Information document.
17
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2.
In Hyper-V Manager, click 10233B-NYC-DC1, and in the Actions pane, click Start.
3.
In the Actions pane, click Connect. Wait until the virtual machine starts.
4.
5.
Password: Pa$$w0rd
Domain: Contoso
Lab Instructions: Designing Microsoft Exchange Server 2010 Integration with the Current Infrastructure
Module 2
Lab Instructions: Designing Microsoft Exchange Server
2010 Integration with the Current Infrastructure
Contents
Exercise 1: Evaluating the Current Network Infrastructure at Contoso
Lab Instructions: Designing Microsoft Exchange Server 2010 Integration with the Current Infrastructure
Lab Setup
For this lab, you will use the available virtual machine environment. Before beginning the lab, you must
complete the following steps:
1.
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2.
Ensure that the 10233B-NYC-DC1 and 10233B-NYC-SVR1 virtual machines are running.
3.
Lab Scenario
Contoso, Ltd is planning to deploy Exchange Server 2010. You are a messaging consultant from A. Datum
Corporation, and have been tasked with verifying that the existing network infrastructure is suitable to
support Exchange Server 2010.
Once you have determined that the prerequisites are met, you will prepare the AD DS forest so that the
server deployment team can begin the Exchange Server 2010 deployment.
Note Your instructor may choose to perform this lab as a group discussion rather than an
individual activity.
Lab Instructions: Designing Microsoft Exchange Server 2010 Integration with the Current Infrastructure
2.
3.
Complete a report that provides information about necessary changes required to the network and
AD DS infrastructure, to enable support for Exchange Server 2010.
Sites
Lab Instructions: Designing Microsoft Exchange Server 2010 Integration with the Current Infrastructure
Supporting Documentation
Email thread of correspondence with Ed Meadows:
Ed Meadows
From:
Jason Carlson [Jason@adatum.com]
Sent:
1 February 2010 14:00
To:
Ed@Contoso.com
Subject: Re: Contoso Exchange Server 2010 project
Thanks; thats really helpful.
Yes, we can delegate tasks to specified individuals. Well discuss what you need when I get there. See you
next week.
Jason.
----- Original Message ----From:
Ed Meadows [Ed@Contoso.com]
Sent:
31 January 2010 13:30
To:
Jason@adatum.com
Subject: Contoso Exchange Server 2010 project
Attachments:
Contoso.vsd
Jason,
Please find attached the Visio diagram of our three AD DS sites. All three sites are connected, logically,
with the DefaultIPSiteLink site link, and with default values.
The New York City office is our head office, and supports around 500 users. Branch Office 1 has 100 users,
while the other branch has only 30 users hence the RODC. Our only Internet connection is from the NYC
offices. We have a couple of DCs there.
Our namespace is pretty straightforward; Contoso.com is the only domain.
Wed like to be able to delegate administration of specified Exchange administration tasks to couple of
individuals out at Branch Office 1. Is that easy to do? I hope all this helps, and see you here in New York
next week.
Ed
Lab Instructions: Designing Microsoft Exchange Server 2010 Integration with the Current Infrastructure
Question: What else do you need to know before you can begin deploying Exchange Server
2010?
Task 3: Complete a report that provides information about necessary changes required
to the network and AD DS infrastructure to enable support for Exchange Server 2010
Jason Carlson
11th February 2010
Requirement Overview
To determine what changes, if any, are required to the existing network and AD DS infrastructure to
support Exchange Server 2010.
Proposals
Question: The internal and external DNS zone names are the same for Contosoi.e. Contoso.com.
What issue does this raise for clients connecting to their mailboxes using Outlook Web App from
their home computers?
Question: What DNS records must you configure in the external Contoso.com DNS zone?
Question: How do you propose to support the messaging needs of users in Branch Office 2?
Question: What messaging client will you deploy to Branch Office 2?
Question: What server role must you consider deploying in the head office to facilitate inbound
and outbound messaging to and from the Internet?
Question: How many Client Access servers do you envisage needing?
Question: How many Hub Transport servers are required?
Question: Ed Meadows has explained that the administrators at the Branch Office 1 site needs to
be able to perform limited recipient management tasks. To which built-in role group should you
assign these branch administrators?
Note
Results: After this exercise, you should have completed the Contoso Exchange Server network
infrastructure report.
Lab Instructions: Designing Microsoft Exchange Server 2010 Integration with the Current Infrastructure
Achieved?
Yes or No
Yes or No
DNS requirements
Yes or No
Yes or No
AD DS management tools
Yes or No
Yes or No
Yes or No
Yes or No
Yes or No
Yes or No
Yes or No
2.
3.
2.
Evaluate whether the domain and forest functional level requirements are met.
3.
Use Adsiedit.msc to evaluate whether the Exchange schema changes are applied.
Lab Instructions: Designing Microsoft Exchange Server 2010 Integration with the Current Infrastructure
On NYC-SVR1, use Ipconfig, Ping, and NSLookup to evaluate DNS name resolution functionality.
On NYC-SVR1, evaluate whether the required Windows Server 2008 featuresincluding the required
AD DS administration toolsare installed.
2.
3.
Results: After this exercise, you should have evaluated whether your organization meets the AD DS, DNS,
and server requirements for installing Exchange Server 2010. You should have identified the additional
components that need to be installed or configured to meet the requirements.
Lab Instructions: Designing Microsoft Exchange Server 2010 Integration with the Current Infrastructure
2.
Task 1: Install the Windows Server 2008 server roles and features
1.
2.
On NYC-SVR1, in Server Manager, install the prerequisite server roles and features for Exchange
Server 2010:
For IIS:
Digest Authentication
In the 10233B-NYC-SVR1 on localhost Virtual Machine Connection window, on the File menu,
click Settings.
2.
3.
4.
5.
On NYC-SVR1, from a command prompt, run the Exchange Server setup program with the
setup /PrepareAD parameter. Configure an Exchange organization name of Contoso.
Results: After this exercise, you should have prepared the AD DS and server configuration for the
Exchange Server 2010 installation.
Lab Instructions: Designing Microsoft Exchange Server 2010 Integration with the Current Infrastructure
2.
Create a new user in the Users folder in Active Directory Users and Computers:
Password: Pa$$w0rd
On NYC-SVR1, in AD DS Users and Computers, add Adam Carter to the Help Desk group.
2.
Right-click 10233B-NYC-DC1 in the Virtual Machines list, and then click Revert.
3.
4.
5.
In the Virtual Machines pane, click 10233B-VAN-DC1, and then in the Actions pane, click Start.
Note Start the 10233B-VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.
6.
Wait for 10233B-VAN-DC1 to start, and then start 10233B-VAN-EX1. Connect to the virtual machine.
7.
Wait for 10233B-VAN-EX1 to start, and then start 10233B-VAN-EX2. Connect to the virtual machine.
8.
Wait for 10233B-VAN-EX2 to start, and then start 10233B-VAN-CL1. Connect to the virtual machine.
Module 3
Lab Instructions: Planning and Deploying Mailbox Services
Contents:
Exercise 1: Designing the Mailbox Server Deployment
10
12
14
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, do the
following:
1.
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2.
3.
Lab Scenario
You are a messaging engineer for the A. Datum Corporation, an enterprise-level organization with
multiple locations. A. Datum Corporation is an international organization involved in technology research
and investment, and it is planning to upgrade from Exchange Server 2003 to Exchange Server 2010.
You have been tasked with reviewing the current messaging infrastructure and network topology, with a
goal of planning the deployment and configuration of mailbox services. You need to make proposals
about how best to address the needs of the various stakeholders in the organization.
Finally, you need to implement part of your proposed mailbox services design.
Note Your instructor may choose to perform this lab as a group discussion rather than as
an individual activity.
2.
3.
4.
Use the Exchange 2010 Mailbox Server Role Requirements Calculator spreadsheet to determine the
configuration.
5.
Her plan to use the SAN will also not result in high availability for Mailbox servers. The server itself will be
a single point of failure. Exchange Server 2010 does not support the use of single copy clusters like
Exchange Server 2007. A DAG will be required for high availability, and each server in the DAG maintains
a copy of the database. It would be incredibly inefficient to store multiple copies of the same data on the
same SAN.
For initial planning purposes, we need to assume that well use a DAG with at least three database copies.
Two copies will be located in the location with users, and one copy will be offsite for disaster recovery.
We currently have a mailbox size limit of 50 MB for all users. However, this limit is much too small, and
many people have been able to convince their managers to approve a size increase. Almost half of the
people in the company currently have an exception on their mailbox limits, with the limit at 200 MB or
more. During a meeting last week, the CIO mentioned that when we get to Exchange Server 2010, we
would set up a mailbox size limit of 500 MB for all users and a 1 GB limit for executives or other
exceptional cases. About 25 percent of the users will fall into the exceptional category. In addition, we
want to create personal archives for the users that are double the size of the mailbox to eliminate the use
of PST files.
I have some concerns with increasing the mailbox size to this limit. The back-up system in all of our offices
doesnt have as much capacity as we would like. In some offices, we are still backing up to tape. Some of
the tape backup systems can restore at only 50 GB per hour. According to the SLA that we have in place,
we are supposed to restore any failed database within an hour of failure.
Disks: 2000 GB, 7.2K revolutions per minute (RPM) SAS 3.5
Question: In the Server Design Statistics, what information is relevant to determining server
design, and why?
Task 3: Perform high level planning for Mailbox server storage in London
Jason Carlson
2nd April 2010
Requirement Overview
Create a high level plan for Mailbox server storage in London.
Additional Information
N/A
Question: Assuming that there are 12,000 users in London, how much disk space is required for
mailbox databases?
Question: Should the disk space for Mailbox servers be SAN or DAS?
Question: If DAS is used, will the disk space use RAID or JBOD?
Question: Should transaction logs be stored on a separate LUN from database files?
Task 4: Use the Exchange 2010 Mailbox Server Role Requirements Calculator
spreadsheet to determine the configuration
1.
2.
Total Number of HA Database Copy Instances (Includes Active Copy) within DAG: 3
Database Configuration
Total Number of Tier 1 User Mailboxes: Use the data from Task 2
Projected Mailbox Number Growth Percentage: Use the data from Task 2
Total Send/Receive Capability / Mailbox / Day: Use the data from Task 2
Personal Archive Mailbox Size Limit (MB): Use the data from Task 2
Total Number of Tier 2 User Mailboxes: Use the data from Task 2
Projected Mailbox Number Growth Percentage: Use the data from Task 2
Total Send/Receive Capability / Mailbox / Day: Use the data from Task 2
Personal Archive Mailbox Size Limit (MB): Use the data from Task 2
Backup Configuration
Storage Options
3.
Server Configuration
Network Configuration:
Jason Carlson
2nd April 2010
Requirement Overview
Determine the hardware configuration for large Mailbox servers that use DAS.
Additional Information
N/A
Proposals
Question: What is the processor configuration for each server?
(continued)
A. Datum Large Mailbox server design
Question: How many databases are recommended?
Question: How many database disks are recommended for the primary datacenter servers?
Question: How many database disks are recommended for the secondary datacenter server?
Results: After this exercise, you should have determined the configuration for London mailbox servers.
10
2.
3.
Jason Carlson
2nd April 2010
Requirement Overview
Determine the configuration required to meet recipient management needs.
A. Datum recipient management configuration
Proposals
Question: How will you ensure that recipients are assigned the correct email addresses?
Question: How will you enable the IT Client Services staff to perform recipient management?
Question: How will you meet the needs for meeting room bookings?
Question: How will you address the needs for distribution group management?
Question: How will you address the need for separating the address books for A. Datum and Trey
Research?
Results: After this exercise, you should have designed the appropriate configuration for recipient
management.
11
12
2.
3.
Question: In the Server Design Interview, what points are raised that impact your public folder
deployment plan, and how do they impact it?
Jason Carlson
2nd April 2010
Requirement Overview
Determine the configuration required to meet public folder needs.
Proposals
Question: How will you address the executives desire for public folders?
Question: How will you address the IT Client Services request for a public folder?
Question: Other than the public folder for executives, which other public folders are required?
Results: After this exercise, you should have designed the appropriate configuration for public folders.
13
14
2.
3.
4.
5.
On VAN-EX1, use the Active Directory Users and Computers administrative tool to create a new
organizational unit in the root of adatum.com.
Name: Trey
2.
Open the Exchange Management Console and browse to the Mailbox node under Organization.
3.
4.
Container: \
Conditions: None
Schedule: Immediately
Container: \
Conditions: None
Schedule: Immediately
5.
6.
Create a new GAL for Trey Research by using the following command:
New-GlobalAddressList TreyGAL RecipientContainer ou=Trey,dc=adatum,dc=com
7.
15
Create a new OAB for Trey Research by using the following command:
New-OfflineAddressBook TreyOAB AddressLists TreyGAL
8.
9.
In the Exchange Management Console, create a new address book policy with the following settings:
Name: TreyABP
In the Exchange Management Shell, assign TreyABP to all users in the Trey organizational unit by
using the following command:
Get-Mailbox OrganizationalUnit Trey | Set-Mailbox AddressBookPolicy TreyABP
2.
On VAN-EX1, open the Exchange Management Console and create a new resource mailbox with the
following options:
Alias: Room100
2.
3.
Create and send a new meeting request with the following settings:
16
4.
Notice that an automatic response is received indicating that the booking was accepted by Room
100, because the request is in-policy. The response may take a minute or so to appear.
5.
Create and send a new meeting request with the following settings:
6.
Open the Microsoft Internet Explorer browser, and then connect to https://vanex1.adatum.com/owa.
7.
8.
9.
In Outlook, verify that Room 100 has accepted the meeting request.
On VAN-EX1, use the Exchange Management Console to open the Properties of the Executives
distribution group.
2.
3.
4.
Enable moderation.
Add the Executives distribution group as a sender that does not require approval.
On VAN-CL1, send a message in Outlook Web App from Andreas with the following settings:
To: Executives
Body: The Executives public folder has been created for you.
2.
View the delivery report for the New Public Folder sent item.
3.
4.
In Outlook Web App, view the delivery report for the New Public Folder sent item, and then verify its
delivery.
Results: After this exercise, you should have created and tested a public folder, a resource mailbox, and a
distribution group.
17
2.
Right-click 10233B-VAN-DC1 in the Virtual Machines list, and then click Revert.
3.
4.
Repeat these steps for 10233B-VAN-EX1, 10233B-VAN-EX2, and 10233B-VAN-CL1. Close the virtual
machine connection windows
5.
In the Virtual Machines pane, click 10233B-VAN-DC1, and then in the Actions pane, click Start.
6.
To connect to the virtual machine for the next modules lab, click 10233B-VAN-DC1, and then in the
Actions pane, click Connect.
Important: Start the 10233B-VAN-DC1 virtual machine first, and ensure that it is fully
started before starting the other virtual machines.
7.
Wait for 10233B-VAN-DC1 to start, and then start 10233B-VAN-EX1. Connect to the virtual machine.
8.
Wait for 10233B-VAN-EX1 to start, and then start 10233B-VAN-EX2. Connect to the virtual machine.
Lab Instructions: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
Module 4
Lab Instructions: Planning and Deploying Client Access
Services in Microsoft Exchange Server 2010
Contents
Exercise 1: Designing the Client Access Server Deployment
12
14
16
Lab Instructions: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1.
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2.
Ensure that the 10233B-VAN-DC1, 10233B-VAN-EX1, and 10233B-VAN-EX2 virtual machines are
running.
3.
Lab Scenario
You are a messaging engineer for the A. Datum Corporation, an enterprise-level organization with
multiple locations. A. Datum Corporation is an international corporation involved in technology research
and investment, and is planning to upgrade from Exchange Server 2003 to Exchange Server 2010.
You have been tasked with reviewing the current messaging infrastructure and network topology, and
planning the deployment and configuration of Client Access servers. You are required to make proposals
about how best to address the needs of the various stakeholders in the organization.
Finally, you are required to implement part of your proposed Client Access design.
Note Your instructor may choose to perform parts of this lab as a group discussion, rather
than an individual activity.
Lab Instructions: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
Lab Instructions: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
I have some concerns with increasing the mailbox size to this limit. The back-up system in all of our offices
does not have as much capacity as we would like. In some offices, we are still backing up to tape. Some of
the tape backup systems can restore at only 50 GB per hour. According to the service level agreement
that we have in place, we are supposed to restore any failed database within an hour of failure.
Lab Instructions: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
Lab Instructions: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
Lab Instructions: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
Adatum_CurrentPerimeterDesign.vsd
Lab Instructions: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
Adatum_CurrentADSiteDesign.vsd
Lab Instructions: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
Policy Requirements.doc
As part of the Exchange Server 2010 design process, the analysts assigned to the project have identified
the following policy requirements.
The available network bandwidth between company locations is limited. The largest message sent by
most users in the organization is 5 MB.
The graphics department regularly sent messages with 10 MB attachments. The graphics personnel
are located in London, Vancouver, and Tokyo. These messages must be delivered within the
organization.
The current limit for sending and receiving email to the Internet is 2 MB. Many users in the
organization have concerns about this limit, and would like to at least double this limit. With the
changes made to the delivery of messages to and from the Internet, the organization has agreed to
meet this expectation.
As a general rule, the design should allow for 20 percent buffer when designing message size policies.
All users must have a maximum mailbox size of 250 MB. Executives and managers must have a
maximum mailbox size of 500 MB. Each user will also have an archive mailbox that is twice the size of
the mailbox.
All users should receive a warning when their mailbox reaches 80 percent of the maximum mailbox
size, and should be prevented from sending email when their mailbox reaches 90 percent of the
maximum size.
Users should be able to recover items in their mailboxes for 7 days after the message has been
deleted from the deleted items folders. Executives should be able to recover these types of messages
for 21 days.
All users in the entire organization should be able to book meetings using any resource mailboxes,
such as meeting rooms and equipment mailboxes. When users book a meeting, they should get an
email back saying that the meeting has been accepted. No duplicate meetings should be accepted by
a meeting room. The only exceptions to this policy are two meeting rooms in London that are used
for video conferences. Any member of the Sales team in the entire organization should be able to
book the meeting room, but the meeting requests much be accepted by a member of the Sales
Support team in London.
All executives and many managers would like to use mobile devices to access the Exchange
mailboxes. Up to this point, users have not been able to access their email using mobile devices.
There is a very strong demand to make this feature available. Many executives see this as the primary
benefit of implementing the new email system.
As access to email from mobile devices becomes available, the business departments are expecting
many users will want to have the same level of access. Providing this access is a high priority for most
business departments.
10
Lab Instructions: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
The security officer is concerned about making mobile device access available for all users. He has
specified the following security requirements:
All users who will be accessing email on the Exchange server must be required to have an
alphanumeric password that is at least 6 characters long.
Users who want to download attachments to the device must have encryption enabled on the
device, and the device must be configured to lock after five failed logon attempts.
All executives and managers must be able to download attachments to their mobile devices.
Other users do not require this functionality.
The Exchange administrators do not want to be involved every time a user gets a new mobile
device, but they also do not want users to have many mobile devices associated with their
mailbox.
Compliance Requirements
The corporation reviews its sales and marketing approach every six months. All members of the Sales
and Marketing teams are involved in the reviews. During the review process, a significant amount of
email is sent between team members. Retaining this email for historical data is important, but these
emails should not be retained in user mailboxes for more than nine months. When the messages are
removed from the user mailboxes, they should easily be accessible to all members of the Sales and
Marketing teams, but should not be accessible to other users in the organization.
All messages sent to and from the Legal team must be retained in a secure location.
In order to decrease the size of user mailboxes, all messages in user mailboxes that are more than 12
months old should be deleted and placed in the deleted items folder. All messages more than six
months old in the Deleted Items folder and Sent Items folder should be deleted. This policy should
apply to all users.
Members of the Executive group should have the option of saving messages in their mailbox
indefinitely.
Lab Instructions: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
11
Internal users
Mobile users
London
Corporate
Headquarters
12,000 currently
10,000 after the new
London office is ready
London (new
office)
4,000 (anticipated)
San Diego
Former head
office of
Trey Research
500
Vancouver
6,000
Tokyo
5,000
Chennai (new
office)
800 (anticipated)
A. Datum has deployed a single AD DS forest with a dedicated root domain named Adatum.com, and
three child domains in the same tree. These domains are:
EU.Adatum.com
NA.Adatum.com
AS.Adatum.com
Additionally, the organization has deployed a domain named TreyResearch.net in the San Diego location.
This domain is configured as a separate tree in the Adatum.com forest.
12
Lab Instructions: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
2.
3.
Adatum_CurrentPerimeterDesign.vsd
Adatum_CurrentADSiteDesign.vsd
Question: In the Requirements Interview Notes document, what points are raised that impact
your Client Access server deployment plan, and why do they impact the plan?
Question: In the AD DS and Routing Interview Notes document, what points are raised that
impact your Client Access server deployment plan, and why do they impact the plan?
Lab Instructions: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
Task 3: Update the A. Datum Client Access server deployment plan document
Jason Carlson
4th April 2010
Requirement Overview
Determine the number and placement of Client Access servers within the existing network
infrastructure.
Additional Information
Identify infrastructure changes that may be required due to the proposed deployment.
Proposals
Question: With reference to the Adatum_CurrentADSiteDesign diagram, how many Client Access
servers do you propose to deploy in each site?
Question: Do you have sufficient information from the documents reviewed so far, to determine
whether some sites require additional Client Access servers?
Question: Based on the documentation you have reviewed, what client types must you support?
Question: Is it clear from the documentation that you have reviewed which sites support which
client types?
Question: While maintaining compliance with the requirements mentioned in the documentation,
can you propose changes to the client types that will simplify the configuration?
Question: Which Client Access servers do you propose to make Internet-facing?
Question: How will you configure Autodiscover to support your Client Access server model?
Note
Results: After this exercise, you should have completed the A. Datum Client Access server deployment
plan document.
13
14
Lab Instructions: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
2.
3.
Policy Requirements.doc
Question: In the A. Datum User Distribution Summary document, what points are raised that
impact your Client Access server deployment plan and why?
Jason Carlson
4th April 2010
Requirement Overview
Determine the feature configuration for Client Access servers in the A. Datum Exchange Server 2010
upgrade.
Proposals
Question: Based on the information in the A. Datum User Distribution Summary document, do you
envisage deploying additional Client Access servers in any sites?
Question: Which features must you enable on the Client Access servers to support the current
client-types?
Question: Which client protocols must you enable through the firewalls?
Lab Instructions: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
Note
Results: After this exercise, you should have completed the A. Datum Client Access server configuration
document.
15
16
Lab Instructions: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
2.
3.
In the Exchange Management Console, review the configuration for the Microsoft-Server-ActiveSync
virtual directory. The virtual directory configuration can be viewed for each Client Access server in the
Client Access node.
On VAN-EX2, in the Exchange Management Console, create a new Exchange ActiveSync Mailbox
policy with the following configuration:
Require passwords
Note
You must create and then modify the policy to configure the following two settings.
2.
3.
Apply the Exchange ActiveSync Mailbox policy to users in the Executives OU. Open Exchange
Management Shell, and then execute the following command:
Get-Mailbox -OrganizationalUnit Executives | Set-CASMailbox
-activesyncmailboxpolicy "Executive Policy"
2.
Lab Instructions: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
3.
From Phone & Voice, from within the ActiveSync Device Policy, review the Executive Policy.
Notice that text messages can be synchronized by default.
4.
All families
You will not be able to save the settings as there are no devices currently in use within the
Adatum organization. Cancel the policy creation and close all open windows.
17
Results: After this exercise, you should have deployed and configured Exchange ActiveSync for members
of the Executives group.
2.
Right-click 10233B-VAN-DC1 in the Virtual Machines list, and then click Revert.
3.
4.
Repeat these steps for 10233B-VAN-EX1, 10233B-VAN-EX2. Close the virtual machine connection
windows.
5.
In the Virtual Machines pane, click 10233B-VAN-DC1, and then in the Actions pane, click Start.
6.
To connect to the virtual machine for the next modules lab, click 10233B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the 10233B-VAN-DC1 virtual machine first, and ensure that it is fully
started before starting the other virtual machines.
7.
Wait for 10233B-VAN-DC1 to start, and then start 10223A-VAN-EX1. Connect to the virtual
machine.
8.
Wait for 10233B-VAN-EX1 to start, and then start 10223A-VAN-EX2. Connect to the virtual machine.
9.
Wait for 10233B-VAN-EX2 to start, and then start 10223A-VAN-EDG. Connect to the virtual
machine.
Lab Instructions: Planning and Deploying Message Transport in Microsoft Exchange Server 2010
Module 5
Lab Instructions: Planning and Deploying Message Transport
in Microsoft Exchange Server 2010
Contents
Exercise 1: Designing a Message Routing Topology
Lab Instructions: Planning and Deploying Message Transport in Microsoft Exchange Server 2010
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1.
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2.
3.
4.
Lab Scenario
You are a messaging engineer for A. Datum Corporation, an enterprise-level organization with multiple
locations.
You have been tasked with designing the new routing infrastructure for your organization. You must
examine the documentation that details the existing infrastructure, and then make proposals regarding
any changes you might need to make to address the organizations needs. You must also document your
proposals.
Finally, use various Exchange Server management tools to investigate the current routing topology, and
make some changes.
Note Your instructor may choose to perform this lab as a group discussion rather than an
individual activity.
Lab Instructions: Planning and Deploying Message Transport in Microsoft Exchange Server 2010
Lab Instructions: Planning and Deploying Message Transport in Microsoft Exchange Server 2010
Adatum_CurrentADSiteDesign.vsd
Lab Instructions: Planning and Deploying Message Transport in Microsoft Exchange Server 2010
Adatum_CurrentPerimeterDesign.vsd
Lab Instructions: Planning and Deploying Message Transport in Microsoft Exchange Server 2010
Microsoft Office Visio diagrams describing the A. Datum Corporation site topology.
2.
Modify the A. Datum Current AD DS Site Design diagram with proposed changes to the site design.
Adatum_CurrentADSiteDesign.vsd
Adatum_Info.vsd
Task 2: Modify the A. Datum current AD DS site design diagram with proposed
changes to the site design
1.
Use callouts in the following diagram to document proposed changes to the site design. For each
proposed change, provide:
2.
3.
Document message flow within the organization. Document the changes that you will need to make
to the AD DS configuration to enable optimal message flow.
Note
Results: After this exercise, you should have successfully modified the A. Datum AD DS site design.
Lab Instructions: Planning and Deploying Message Transport in Microsoft Exchange Server 2010
2.
Modify the A. Datum Current Perimeter Design diagram with proposed changes to the site design.
Adatum_CurrentPerimeterDesign.vsd
Adatum_Info.vsd
Task 2: Modify the A. Datum current perimeter design diagram with proposed
changes to the site design
1.
Use callouts in the following diagram to document proposed changes to the perimeter design. For
each proposed change, provide:
2.
Indicate whether you need to deploy any additional server roles in each AD DS site.
3.
4.
Indicate any other infrastructure changes that you must implement to meet your design
requirements.
5.
For each company location, document how messages are delivered to the Internet, and how inbound
messages are delivered to internal recipients.
Note
Results: After this exercise, you should have successfully designed the A. Datum messaging perimeter.
Lab Instructions: Planning and Deploying Message Transport in Microsoft Exchange Server 2010
Question: If your recommended changes are implemented, how will messages flow between
the AD DS sites? Where will messages be queued in the event of a server or network
connection failure?
Question: What conflicting requirements were presented in the scenario? How did you
resolve conflicting requirements?
Question: What additional information should you consider when designing message
routing in this scenario?
Results: After this exercise, you should have successfully improved the A. Datum AD DS and message
routing design.
Lab Instructions: Planning and Deploying Message Transport in Microsoft Exchange Server 2010
2.
3.
4.
5.
6.
7.
2.
Browse to the Organization Configuration, and view the Send Connectors tab in the Hub
Transport node.
Question: Have any connectors been configured?
2.
Use the File menu to open the most recent routing table file.
3.
4.
10
Lab Instructions: Planning and Deploying Message Transport in Microsoft Exchange Server 2010
From Organization Configuration, in the Hub Transport node, create a new Accepted Domain with
the following properties:
Name: Contoso
From Organization Configuration, in the Hub Transport node, create a new Send Connector with the
following properties:
Address: Contoso.com
Cost: 10
Task 5: Update the default site configuration with Exchange Server-specific values
1.
2.
At the Shell, type the following command, and then press Enter.
set-AdSite id Default-First-Site-Name HubSiteEnabled $true
3.
At the Shell, type the following command, and then press Enter.
set-AdSiteLink id DEFAULTIPSITELINK ExchangeCost 25
4.
Switch to VAN-EDG.
2.
3.
At the Exchange Management Shell, type the following command, and then press Enter
new-edgesubscription filename C:\EdgeSubscriptionExport.xml.
4.
5.
At the Exchange Management Shell, type the following command, and then press Enter.
copy c:\EdgeSubscriptionExport.xml \\VAN-EX1\c$
6.
Switch to VAN-EX1.
Lab Instructions: Planning and Deploying Message Transport in Microsoft Exchange Server 2010
7.
Site: Default-First-Site-Name
Note
2.
Use the File menu to open the most recent routing table file.
3.
4.
Results: After this exercise, you should have modified the message routing topology.
2.
Right-click 10233B-VAN-DC1 in the Virtual Machines list, and then click Revert.
3.
4.
Repeat these steps for 10233B-VAN-EX1, 10233B-VAN-EX2, and 10233B-VAN-EDG. Close the virtual
machine connection windows.
5.
In the Virtual Machines pane, click 10233B-VAN-DC1, and then in the Actions pane, click Start.
11
12
Lab Instructions: Planning and Deploying Message Transport in Microsoft Exchange Server 2010
6.
To connect to the virtual machine for the next modules lab, click 10233B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the 10233B-VAN-DC1 virtual machine first, and ensure that it is fully
started before starting the other virtual machines.
7.
Wait for 10233B-VAN-DC1 to start, and then start 10233B-VAN-EX1. Connect to the virtual machine.
8.
Wait for 10233B-VAN-EX1 to start, and then start 10233B-VAN-CL1. Connect to the virtual machine.
Module 6
Lab Instructions: Planning and Deploying Messaging
Security
Contents
Exercise 1: Designing Message Security
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1.
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V
Manager.
2.
Ensure that the 10233B-VAN-DC1, 10233B-VAN-EX1, and the 10233B-VAN-CL1 virtual machines are
running.
3.
Lab Scenario
You are a messaging engineer for the A. Datum Corporation, an enterprise-level organization with
multiple locations. You have been tasked with undertaking an analysis of the organizations message
security requirements. After you complete the analysis, you must update the necessary documentation.
After you have completed the message security analysis, you will investigate the organizations antivirus
and anti-spam requirements, and update the necessary documentation with your planned changes.
Finally, you will implement some of your proposals.
Note Your instructor may choose to perform this lab as a group discussion rather than an
individual activity.
Security Requirements.doc
Message Security Requirements
Before any message is sent to a recipient on the Internet, a disclaimer that has been approved by the
Legal department must be added to the message.
Messages sent to Internet recipients from members of the Sales team must have a different disclaimer
added to the message.
Messages with a Company Internal classification must be blocked from being sent to the Internet. If a
user tries to send a message with this classification to the Internet, they should receive a response
indicating that they are not allowed to send messages with this classification to the Internet.
A small group of senior executives and a few board members make up a Strategic Acquisitions team.
These users should be able to send each other messages that are clearly marked as Acquisitions
Confidential, and the messages should not ever be sent to users who are not on this team.
A. Datum has formed a strategic partnership with Contoso, Ltd. The central office for Contoso, Ltd is
located in New York. Because much of the email send between A. Datum and Contoso contains
confidential email, all messages sent between the organizations must be as secure as possible. When
viewing an email sent between the companies, users should be able to determine that the message
has been secured while in transit.
A. Datum uses a law firm based in Brussels to deal with international regulations related to their
business. All network traffic between the two firms is sent through a VPN. A. Datum needs to ensure
that all messages sent to the law firm in Brussels are sent through the VPN, and that all messages
coming from the law firm through the VPN are accepted without spam filtering.
All users in the A. Datum organization should have the option of sending secure email to any
recipients on the Internet. However, the network administrators at A. Datum do not want to manually
deploy the certificates required to enable and manage secure email. At the same time, it is important
that the users can implement and use secure email with as few problems as possible.
All messages that are sent to A. Datum must be scanned for viruses and filtered for spam before the
messages enter the network.
The messaging administrators at A. Datum have identified two third-party organizations on the
Internet that provide lists of SMTP servers on the Internet that are known to send spam messages.
The messaging administrators have also identified one organization that provides a list of SMTP
servers that are known not to be spammers. The messaging administrators would like to use the lists
provided by these organizations when configuring their anti-spam filters.
Messages sent from partner organizations such as Contoso, Ltd and the law firm in Brussels should
never be identified as spam.
The messaging administrators are planning on using content filters to block spam messages, but are
concerned that too many false positives will be filtered if they enable content filtering.
A. Datum has several distribution lists that include over 200 recipients. Users from the Internet should
not be able to send email to any of these distribution lists.
The messaging administrators at A. Datum are concerned about the number of messages coming into
the organization with spoofed SMTP domain names. They want to reduce the quantity of these sorts
of messages.
Many users are using the Safe Senders list in Office Outlook to ensure that messages from the users
on the Safe Senders list are not identified as spam. The Exchange Servers should be able to use this
information to ensure that messages from these users are not blocked before they get to the user
mailboxes.
All messages sent between users in the Exchange organization or sent to the Internet should be
scanned for viruses when the message is sent. Messages should be scanned only once for viruses
inside the organization.
All messages being sent to the Internet should be scanned for viruses as the message leaves the
organization.
If users receive a virus from an external messaging system or by downloading the virus from a
website, the virus should be detected as soon as possible in order to avoid infecting other systems.
At a minimum, antivirus files on all systems should be updated daily, and the antivirus files on all
systems that receive email directly from the Internet should be updated four times per day. If the
antivirus files on any messaging server are more than two update cycles out of date, the messaging
administrators should receive an alert.
Security Requirements.doc
2.
Modify the A. Datum Proposed Security Policies document with a proposed message security plan.
3.
Task 2: Modify the A. Datum Proposed Security Policies document with a proposed
message security plan
Complete the relevant sections of the following document. In the document, provide:
Jason Carlson
12th March 2010
Configuration details
(continued)
A. Datum Proposed Security Policies
Component
type
Configuration details
Additional notes
Note
Question: How did you address the need to exchange secure email between the A. Datum
Corporation and Contoso, Ltd?
Question: Does your organization have a requirement for the Domain Security solution?
What barriers will there be to adopting this solution?
Results: After this exercise, you should have successfully designed message security for A Datum.
Security Requirements.doc
2.
Modify the A Datum security Proposed Policies Document with a proposed antivirus and anti-spam
solution.
3.
Task 2: Modify the A. Datum Proposed Security Policies document with a proposed
antivirus and anti-spam solution
Complete both the Anti-Spam and Antivirus Solution Components sections of the following
document. In the document, provide:
Jason Carlson
12th March 2010
(continued)
A. Datum Proposed Security Policies
Anti-Spam Solution Components
Component type Configuration details
Sender ID
filtering
Safelist
aggregation
Blocked recipient
lists
Antivirus Solution Components
Component type Configuration details
Antivirus software
Antivirus software
Antivirus
stamping
Antivirus update
Additional notes
Note
Question: How did you design the antivirus and anti-spam solution for A. Datum
Corporation? How does this compare to the solution you would implement for your
organization?
Results: After this exercise, you should have successfully designed an antivirus and anti-spam strategy for
A Datum.
2.
3.
4.
5.
6.
7.
8.
9.
On VAN-DC1, open a new MMC, and add the Certificate Templates snap-in.
2.
3.
Configure the following properties for the duplicate template, and then close the Exchange
Management Console:
a.
b.
2.
3.
2.
3.
In Group Policy Management Editor, expand User Configuration, expand Policies, expand Windows
Settings, expand Security Settings, and then click Public Key Policies.
4.
Configure the Certificate Services Client Auto-Enrollment with the following options:
a.
b.
Renew expired certificates, update pending certificates, and remove revoked certificates:
Selected
10
c.
5.
Close the Group Policy Management Editor, and then close the Group Policy Management console.
Switch to VAN-CL1.
2.
Open a command prompt, and at the command prompt, type gpupdate /force, and then press
Enter.
3.
Password: Pa$$w0rd
Domain: Adatum
2.
3.
Verify the presence of a certificate based on the S/MIME Certificate template in the Current
User\Personal certificate store.
4.
2.
Accept all defaultsEXCEPT in the Welcome to the Microsoft Office 2010 wizard, click Dont make
changes and then click OK.
3.
Password: Pa$$w0rd
Domain: Adatum
2.
3.
Verify the presence of a certificate based on the S/MIME Certificate template in the Current
User\Personal certificate store.
4.
2.
Accept all defaultsEXCEPT in the Welcome to the Microsoft Office 2010 wizard, click Dont make
changes and then click OK.
11
2.
3.
4.
5.
In the Security Properties dialog box, select the following check boxes, and then click OK:
6.
In the Properties dialog box, click Close, and then click Send.
7.
Password: Pa$$w0rd
Domain: Adatum
2.
3.
4.
In the message, click the padlock symbol. Read the information, and then click Close.
5.
In the message, click the symbol next to the padlock symbol. Read the information, and then click
Close.
Results: After this exercise, you should have successfully implemented some aspects of the messaging
security design for A Datum.
2.
Right-click 10233B-VAN-DC1 in the Virtual Machines list, and then click Revert.
3.
4.
Repeat these steps for 10233B-VAN-EX1 and 10233B-VAN-CL1. Close the virtual machine connection
windows.
5.
In the Virtual Machines pane, click 10233B-VAN-DC1, and then in the Actions pane, click Start.
12
6.
To connect to the virtual machine for the next modules lab, click 10233B-VAN-DC1, and then in the
Actions pane, click Connect.
Note Start the 10233B-VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.
7.
Wait for 10233B-VAN-DC1 to start, and then start 10233B-VAN-EX1. Connect to the virtual machine.
Module 7
Lab Instructions: Planning and Deploying Messaging
Compliance
Contents:
Exercise 1: Planning a Message Transport Implementation
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must do
the following:
1.
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2.
Ensure that the 10233B-VAN-DC1 and 10233B-VAN-EX1 virtual machines are running.
3.
Lab Scenario
You are a messaging engineer for A. Datum Corporation, an enterprise-level organization with multiple
locations. A. Datum is an international corporation involved in technology research and investment, and it
is planning to upgrade from Exchange Server 2003 to Exchange Server 2010.
You are aware of the new messaging compliance features in Exchange Server 2010, and need to
determine how you will implement them to meet the needs of your organization.
Before Exchange Server 2010 sends messages to recipients on the Internet, it must add a disclaimer
that was approved by the Legal department.
Messages sent to Internet recipients from members of the Sales team must include a different
disclaimer with the messages.
Messages with a Company Internal classification must be blocked from being sent to the Internet.
When users try to send messages with this classification to the Internet, they should receive a
response stating that they are not allowed to send messages with this classification to the Internet.
A small group of senior executives and a few board members make up a Strategic Acquisitions team.
These users should be able to send each other messages that are clearly marked as Acquisitions
Confidential, and the messages should never be sent to users who are not on this team.
2.
Jason Carlson
15th Apr 2010
Requirement Overview
Determine how you will manage message transport.
Proposals
Question: Are transport rules required? If so, how should you configure them?
Question: Is message moderation required? If so, how should you configure it?
Question: Are message classifications required? If so, how should you configure them?
Note
Results: After this exercise, you should have created a message transport plan.
I have also been speaking with our auditors. They need to be able to monitor and track some
communication in the organization. One item is that all messages sent to the Executives group need to be
monitored. Auditors will review these messages from time to time. In addition, auditors need to be able to
monitor communication for specific users when legal proceedings are initiated. The auditors need the
ability to initiate this process and review all messages. It is important that no messages are deleted for the
specified users.
The main tasks for this exercise are as follows:
1.
2.
3.
Question: In the Message Compliance Interview, what points are raised that impact your
journaling and archiving plan?
Jason Carlson
15th Apr 2010
Requirement Overview
Determine how you will configure journaling and archiving.
Proposals
Question: Are personal archives required?
Question: How can users access personal archives? Does this affect which users will receive
personal archives usage?
Note
Results: After this exercise, you should have created a journaling and archiving plan.
2.
3.
Question: In the Message Compliance Interview, what points are raised that impact your MRM
plan?
Jason Carlson
15th Apr 2010
Requirement Overview
Determine how you will implement MRM.
Proposals
Question: Will you use managed folder policies for MRM? If so, how should you configure them?
Question: Will you use retention policies for MRM? If so, how should you configure them?
Note
Results: After this exercise, you should have created an MRM plan.
Prevent Company Internal classification messages from being sent to the Internet.
2.
3.
4.
5.
6.
Task 1: Prevent Company Internal classification messages from being sent to the
Internet
1.
2.
At the shell, type the following command, and then press ENTER:
New-MessageClassification -name Company Internal Displayname Company Internal
-DisplayPrecedence Highest -RetainClassificationEnabled $true
-senderdescription This message is for internal distribution only; it will not be
forwarded on to the Internet
3.
At the shell, type the following command, and then press ENTER:
new-systemmessage dsncode 5.7.999 text Internal recipients only
Internal $True language En
4.
In the Exchange Management Console, on the Hub Transport node under Organization
Configuration, create a new transport rule with the following properties:
Condition 1: sent to users that are inside or outside the organization, or partners = Outside
the organization
Exceptions: None
On VAN-EX1, open the Microsoft Internet Explorer browser, and then navigate to
https://van-ex1.adatum.com/owa.
2.
3.
4.
In the Password box, type Pa$$w0rd, and then click Sign in.
5.
6.
7.
To: bill@contoso.com
On VAN-EX1, in the Exchange Management Console, filter the Mailboxes view to list only those in
Mailbox Database 1.
2.
Select all of the mailboxes, and then enable archives in Mailbox Database 1.
2.
On the Retention Policy tab, view the properties of the Default Archive and Retention Policy.
2.
On VAN-EX1, in the Exchange Management Console, create a new retention policy tag with the
following settings:
Action to take when the age limit is reached: Delete and Allow Recovery
10
3.
Retention policy tags: Default 1 year archive, Deleted Items 30 day removal
Mailboxes: none
2.
Add a the following expression to the existing filter that prevents the Discovery Mailbox from being
displayed:
3.
After applying the filter, select all of the mailboxes, and then open Properties.
4.
On the Mailbox Settings tab, apply the Standard Mailbox Retention Policy to all of the mailboxes.
5.
Verify that the Standard Mailbox Retention Policy is applied to Paul West by viewing the Messaging
Records Management properties for his mailbox.
Results: After this exercise, you should have prevented messages classified as Company Internal from
being sent to the Internet, created a retention policy, and applied it to all of the mailboxes in Mailbox
Database 1.
2.
Right-click 10233B-VAN-DC1 in the Virtual Machines list, and then click Revert.
3.
4.
Repeat these steps for 10233B-VAN-EX1, 10233B-VAN-EX2, and 10233B-VAN-EX3. Close the virtual
machine connection windows.
5.
In the Virtual Machines pane, click 10233B-VAN-DC1, and then, in the Actions pane, click Start.
6.
To connect to the virtual machine for the next modules lab, click 10233B-VAN-DC1, and then, in the
Actions pane, click Connect.
Important: Start the 10233B-VAN-DC1 virtual machine first, and ensure that it is fully
started before starting the other virtual machines.
7.
Wait for 10223B-VAN-DC1 to start, and then start 10223B-VAN-EX1. Connect to the virtual machine.
8.
Wait for 10233B-VAN-EX1 to start, and then start 10223B-VAN-EX2. Connect to the virtual machine.
9.
Wait for 10233B-VAN-EX2 to start, and then start 10223B-VAN-EX3. Connect to the virtual machine.
Module 8
Lab Instructions: Planning and Deploying High Availability
Contents:
Exercise 1: Designing High Availability for Exchange Servers
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1.
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2.
3.
Lab Scenario
You are a messaging engineer for the A. Datum Corporation, an enterprise-level organization with
multiple locations. A. Datum Corporation is an international corporation involved in technology research
and investment, and is planning to upgrade from Exchange Server 2003 to Exchange Server 2010.
Concerns have been raised about the availability of Exchange Server 2010. Messaging has been
designated as a critical service in the organization. The existing Exchange Server 2003 organization
experienced several outages, and you want to avoid these outages in the future. You need to create a
high availability design for Exchange Server 2010.
Finally, you are required to implement part of your proposed high availability design.
Note Your instructor may choose to do this lab as a group discussion rather than an
individual activity.
The smaller sites combine all server roles on a single physical server. The San Diego site has just one
Exchange server with all server roles in the current plan.
One other issue Im concerned about is logical corruption of database copies in a DAG. I know that this is
a very rare occurrence, but I think it makes sense to protect ourselves against the possibility. As I
understand it, we can configure a delay on a database copy so that a logical corruption in the transaction
logs wont be passed on to the database copy for a period of time. I think a delay of six hours would be
sufficient.
Internal users
Mobile users
London
Corporate Headquarters
12,000 currently
10,000 after the
new London
office is ready
4,000
(anticipated)
San Diego
500
Former head office
of Trey Research Corporation
Vancouver
6,000
Tokyo
5,000
800 (anticipated)
Network Configuration
2.
3.
4.
Network Configuration
Question: In the High Availability Interviews, what points are raised that impact your high
availability design, and how do they impact it?
Question: Is there anything in the User Distribution Summary that raises high availability issues?
If so, what is it?
Question: Is there anything in the Network Configuration that raises high availability issues? If so,
what is it?
Task 3: Document the required configuration for the San Diego site
Jason Carlson
24th April 2010
Requirement Overview
Determine how high availability will be provided for all server roles in San Diego.
Additional Information
Identify infrastructure changes that may be required due to the proposed deployment.
Proposals
Question: Will this site have offsite disaster recovery? If so, where should that site be located?
Question: How do you provide high availability for Client Access servers?
Question: Is high availability required for the Edge Transport server role?
Question: How many Exchange servers will be located in this site? Which roles will they host?
Question: How will load balancing be performed for the Client Access server role?
Question: Is any additional configuration required for the Hub Transport server role
Jason Carlson
24th April 2010
Requirement Overview
Determine how high availability will be provided for all server roles in Vancouver.
Additional Information
Identify infrastructure changes that may be required due to the proposed deployment.
Proposals
Question: Will this site have offsite disaster recovery? If so, where should that site be located?
Question: How do you provide high availability for Client Access servers?
Question: Is high availability required for the Edge Transport server role?
Question: How many Exchange servers will be located in this site? Which roles will they host?
Question: How will load balancing be performed for the Client Access server role?
Results: After this exercise, you should have created a high availability design for the San Diego and
Vancouver sites.
2.
3.
4.
5.
Recover VAN-EX1.
2.
2.
Under Organization Configuration, on the Mailbox node, select the Database Availability Groups
tab and create a new DAG with the following settings:
3.
Open the properties of VancouverDAG, and then add 10.10.0.200 as an IP address for the DAG.
Note Step 3 generates a warning, because the witness server is not an Exchange Server.
This does not indicate a problem. The necessary permissions were configured in Task 1.
10
4.
Use the context menu of VancouverDAG to add VAN-EX1, VAN-EX2, and VAN-EX3 as DAG
members.
On VAN-EX3, in the Exchange Management Console, on the Database Management tab, add a copy
of Mailbox Database 1 to VAN-EX2.
2.
3.
In the Exchange Management Shell, use the following command to configure a replay lag time of six
hours for Mailbox Database 1 copy on VAN-EX3:
Set-MailboxDatabaseCopy Identity Mailbox Database 1\VAN-EX3 ReplayLagTime 0.6:0:0
4.
Use the following command to verify that the replay lag is configured correctly:
Get-MailboxDatabase Mailbox Database 1 | Format-List ReplayLagTimes
5.
Use the following command to view the status of the Mailbox Database 1 copy on VAN-EX3:
Get-MailboxDatabaseCopyStatus Identity Mailbox Database 1\VAN-EX3
2.
On VAN-EX3, refresh the Exchange Management Console to view the status of the Mailbox
Database 1 copies.
3.
If any database copy has a status of Disconnected, refresh the view again.
2.
On VAN-EX3, refresh the Exchange Management Console to view the status of the Mailbox
Database 1 copies.
Question: What is the status for Mailbox Database 1 on each server?
3.
If the status of Mailbox Database 1 on VAN-EX1 is initializing, wait a few minutes, and then click
Refresh again. You may need to select Mailbox Database 1 on VAN-EX1 to refresh its status.
Results: After this exercise, you should have implemented high availability for Mailbox Database 1 in
Vancouver.
11
2.
Right-click 10233B-VAN-DC1 in the Virtual Machines list, and then click Revert.
3.
4.
Repeat these steps for 10233B-VAN-EX1, 10233B-VAN-EX2, and 10233B-VAN-EX3. Close the virtual
machine connection windows.
5.
In the Virtual Machines pane, click 10233B-VAN-DC1, and then, in the Actions pane, click Start.
6.
To connect to the virtual machine for the next modules lab, click 10233B-VAN-DC1, and then, in the
Actions pane, click Connect.
Important: Start the 10233B-VAN-DC1 virtual machine first, and ensure that it is fully
started before starting the other virtual machines.
7.
Wait for 10233B-VAN-DC1 to start, and then start 10233B-VAN-EX1. Connect to the virtual machine.
8.
Wait for 10233B-VAN-EX1 to start, and then start 10233B-VAN-CL1. Connect to the virtual machine.
Module 9
Lab Instructions: Planning a Disaster Recovery Solution
Contents:
Exercise 1: Planning Disaster Recovery for Vancouver
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must do
the following:
1.
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2.
Ensure that the 10233B-VAN-DC1, 10233B-VAN-EX1, and 10233B-VAN-CL1 virtual machines are
running.
3.
Lab Scenario
You are a messaging engineer for A. Datum Corporation, an enterprise-level organization with multiple
locations. A. Datum Corporation is an international corporation involved in technology research and
investment, and it is planning to upgrade from Exchange Server 2003 to Exchange Server 2010.
High availability planning is complete, but the disaster recovery plan needs to be further developed.
Specifically, you need to consider the details of the messaging SLA to ensure that disaster recovery is
possible within the appropriate time frame.
Finally, you must implement part of your proposed disaster recovery plan.
Note Your instructor may choose to perform this lab as a group discussion rather than an
individual activity.
The failure of a single server should result in only minutes of downtime for users.
High availability can be considered a replacement for backup if there are at least two local copies of a
database, and a remote database copy in another site.
To consider high availability a replacement for backup, there must be one database copy that is
unaffected by logical corruption in another database copy for at least 12 hours.
Messaging functionality must be recoverable within one hour, while historical data can be recovered
up to 24 hours later.
When recovering data from a backup, there is a maximum data loss allowed of up to 4 hours.
Any location that is not configured with site resilience must archive weekly backups offsite.
2.
3.
Jason Carlson
5th May 2010
Requirement Overview
Determine how disaster recovery will be provided for all server roles in Vancouver.
Proposals
Question: Does this site require backups?
Question: Do you need to make any changes to the DAG to meet the SLA requirements?
Question: Would your backup plan change if public folders were present in Vancouver?
Results: After this exercise, you should have created a disaster recovery plan for the Vancouver site.
2.
3.
Task 3: Document the required configuration for the San Diego site
Jason Carlson
5th May 2010
Requirement Overview
Determine how disaster recovery will be provided for all server roles in San Diego.
Proposals
Question: Does this site require backups? If so, how will you perform backups?
Question: Do you need to make any changes to the DAG to meet the SLA requirements?
Question: How will you meet the recovery requirement of one hour?
Question: Would your backup plan change if public folders were present in San Diego?
Results: After this exercise, you should have created a disaster recovery plan for the San Diego site.
2.
3.
4.
5.
6.
Recover a message.
2.
Browse to the Organization Configuration node and click Mailbox. On the Database
Management tab, configure the following settings for Mailbox Database 1:
3.
4.
In the Exchange Management Shell, use the following command to enable single-item recovery for
Lucas mailbox:
Set-Mailbox Luca SingleItemRecoveryEnabled $true
On VAN-CL1, if necessary, log off, and then log on as Luca using the password Pa$$w0rd.
2.
Use the Microsoft Internet Explorer browser to connect to Outlook Web App at
https://van-ex1.adatum.com/owa.
3.
4.
5.
6.
In Roles & Auditing, go to the Administrator Roles tab, and then add Andreas Herbinger to the
Discovery Management role group.
7.
On VAN-CL1, use Outlook 2010 to send a message with the following settings:
To: Luca
2.
3.
4.
On the Folder tab, use the Recover Deleted Items option to purge the Test of SIR message.
2.
3.
4.
5.
Go to Mail Control.
6.
Keywords: SIR
7.
8.
In the search results, click [open] to view the Discovery Search Mailbox.
9.
Expand the contents of the Lucas lost message folder until you see the Test of SIR message.
On VAN-EX1, in the Exchange Management Shell, use the following command to create a new role
group with permissions to export and import mailbox contents with Andreas as a member:
New-RoleGroup Name ExportMail Roles Mailbox Import Export Members Andreas
On VAN-EX1, log off as Administrator, and then log on as Adatum\Andreas using the password
Pa$$w0rd.
2.
3.
In the Exchange Management Shell, use the following command to export the message from the
Discovery Search Mailbox to Lucas mailbox:
Search-Mailbox Discovery Search Mailbox SearchQuery Subject:SIR TargetMailbox
Luca TargetFolder Recovered
4.
On VAN-CL1, in Outlook 2010, expand all of the folders in the Recovered folder to locate the
recovered message.
Results: After this exercise, you should have implemented single-item recovery and recovered a message.
2.
Right-click 10233B-VAN-DC1 in the Virtual Machines list, and then click Revert.
3.
4.
Repeat these steps for 10233B-VAN-EX1, 10233B-VAN-EX2, and 10233B-VAN-EX3. Close the
virtual machine connection windows.
5.
In the Virtual Machines pane, click 10233B-VAN-DC1, and then, in the Actions pane, click Start.
6.
To connect to the virtual machine for the next modules lab, click 10233B-VAN-DC1, and then, in the
Actions pane, click Connect.
Important Start the 10233B-VAN-DC1 virtual machine first, and ensure that it is fully
started before starting the other virtual machines.
7.
Wait for 10233B-VAN-DC1 to start, and then start 10223B-VAN-EX1. Connect to the virtual machine.
8.
Wait for 10233B-VAN-EX1 to start, and then start 10223B-VAN-EX2. Connect to the virtual machine.
9.
Wait for 10233B-VAN-EX2 to start, and then start 10223B-VAN-EX3. Connect to the virtual machine.
Lab Instructions: Planning Microsoft Exchange Server 2010 Monitoring and Troubleshooting
Module 10
Lab Instructions: Planning Microsoft Exchange Server 2010
Monitoring and Troubleshooting
Contents
Exercise 1: Establishing a Baseline for Performance
Lab Instructions: Planning Microsoft Exchange Server 2010 Monitoring and Troubleshooting
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1.
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2.
3.
Lab Scenario
You are a messaging engineer for A. Datum Corporation, an enterprise-level organization with multiple
locations. You have been tasked with creating a performance baseline for the new Exchange Server 2010
messaging system that your colleagues are about to deploy.
Lab Instructions: Planning Microsoft Exchange Server 2010 Monitoring and Troubleshooting
2.
Configure Load Generator with suitable values to simulate the required load.
3.
On VAN-EX1, open Exchange Management Console, and then load the Performance Monitor from
the Toolbox.
2.
Create a User Defined data collector set with the following properties:
3.
Name: Baseline
Counters:
Memory
MSExchangeIS
MSExchangeIS Mailbox
MSExchangeTransport Queues
MSExchangeTransport SmtpReceive
MSExchangeTransport SmtpSend
Physical Disk
Processor
Server
System
Sample interval: 1
Task 2: Configure Load Generator with suitable values to simulate the required load
1.
2.
Open Exchange Load Generator 2010 by clicking the Start menu, pointing to All Programs, and then
clicking the Microsoft Exchange folder.
Lab Instructions: Planning Microsoft Exchange Server 2010 Monitoring and Troubleshooting
3.
b.
c.
On the Specify test settings page, under Define the total length of the simulation, in the
Hours box, type 0.
d.
Note
e.
f.
In the Mailbox Account Master Password box, type Pa$$w0rd, and then click Continue with
recipient management.
g.
On the User settings page, in the text box, type 12, and then click Distribute users evenly
across databases.
h.
Click Continue.
i.
On the Advanced recipient settings page, select the following check boxes.
Use contacts
j.
k.
On the Specify test user groups page, click the PLUS SIGN (+).
l.
In the resulting item, in the Client Type list, click Outlook 2007 Online.
m. On the Specify test user groups page, click the PLUS SIGN(+).
n.
In the resulting item, in the Client Type list, click Outlook 2007 Cached, and in the Action
Profile list, click Heavy.
o.
p.
On the Configuration summary page, click Save the configuration file as.
q.
In the Save As dialog box, in the File name box, type Baseline, and then click Save.
r.
s.
4.
5.
Start the Baseline data collector set, and switch back to VAN-DC1. Once the simulation has
completed, switch back to VAN-EX1.
Note
Lab Instructions: Planning Microsoft Exchange Server 2010 Monitoring and Troubleshooting
2.
3.
Click System Monitor. Click the red X in the toolbar repeatedly to remove all counters from the
display.
4.
Press CTRL+L.
5.
Click Log files, and then select the DataCollector01.blg log located in the Admin > Baseline > xxxx000001 folder.
6.
Counter
Memory
Pages/sec
MSExchangeIS
RPC Requests
MSExchangeIS
User Count
MSExchangeIS Mailbox
MSExchangeIS Mailbox
Messages Delivered/sec
MSExchangeIS Mailbox
MSExchangeIS Mailbox
Messages Sent/sec
MSExchangeTransport Queues
MSExchangeTransport Queues
MSExchangeTransport Queues
MSExchangeTransport SmtpReceive
Messages Received/sec
MSExchangeTransport SmtpSend
Messages Sent/sec
Physical Disk
% Disk Time
Physical Disk
Processor
% Processor Time
Server
Server
System
Note If Performance Monitor experiences problems, close and restart it. Then continue
from step 3.
Lab Instructions: Planning Microsoft Exchange Server 2010 Monitoring and Troubleshooting
7.
8.
Average
Memory Pages/sec
MSExchangeIS - User Count
MSExchangeIS - RPC Requests
MSExchangeIS Mailbox - Local delivery rate
MSExchangeIS Mailbox - Messages Delivered/sec
MSExchangeIS Mailbox - Messages Queued For Submission
MSExchangeIS Mailbox - Messages Sent/sec
MSExchangeTransport Queues - Active Remote Delivery Queue
Length
MSExchangeTransport Queues - Retry Remote Delivery Queue
Length
MSExchangeTransport Queues - Submission Queue Length
MSExchangeTransport SmtpReceive - Messages Received/sec
MSExchangeTransport SmtpSend Messages Sent/sec
Physical Disk - % Disk Time
Physical Disk - Avg. Disk Queue length
Processor - % Processor Time
Server - Pool Nonpaged Failures
Server - Work Item Shortages
System - Processor Queue Length
Note
Results: After this exercise, you should have created an Exchange Server performance baseline.
Lab Instructions: Planning Microsoft Exchange Server 2010 Monitoring and Troubleshooting
Generate additional load with Load Generator to simulate the environment of heavier than planned
for usage.
2.
Task 1: Generate additional load with Load Generator to simulate the environment
of heavier than planned for usage
1.
Switch to VAN-DC1.
2.
3.
Click Use the following saved configuration file, and then click Browse.
b.
In the Please select a configuration file dialog box, double-click Baseline.xml, and then click
Continue.
c.
On the Specify test settings page, click Continue with recipient management.
d.
On the User settings page, in the text box, type 20, and then click Distribute users evenly
across databases.
e.
Click Continue.
f.
On the Advanced recipient settings page, select the following check boxes.
Use contacts
g.
h.
On the Specify test user groups page, click the PLUS SIGN (+).
i.
In the resulting item, in the Client Type list, click Outlook 2007 Online, and in the Action
Profile list, click Heavy.
j.
On the Specify test user groups page, click the PLUS SIGN (+).
Lab Instructions: Planning Microsoft Exchange Server 2010 Monitoring and Troubleshooting
k.
In the resulting item, in the Client Type list, click Owa2010Module, and in the Action Profile
list, accept the defaults.
l.
m. On the Configuration summary page, click Save the configuration file as.
n.
In the Save As dialog box, in the File name box, type Adatum, and then click Save.
o.
p.
4.
5.
Start the Baseline data collector set, and then switch back to VAN-DC1.
6.
2.
3.
In the Performance Monitor Properties dialog box, click the Source tab, and then click Remove.
4.
5.
In the Select Log File dialog box, click Up One Level, double-click the folder ending in 000002,
double-click DataCollector01.blg, and then click OK.
6.
View the counter values, and then complete the following table.
Counter
Memory Pages/sec
MSExchangeIS - User Count
MSExchangeIS - RPC Requests
MSExchangeIS Mailbox - Local delivery rate
MSExchangeIS Mailbox - Messages Delivered/sec
MSExchangeIS Mailbox - Messages Queued For
Submission
MSExchangeIS Mailbox - Messages Sent/sec
MSExchangeTransport Queues - Active Remote Delivery
Queue Length
MSExchangeTransport Queues - Retry Remote Delivery
Queue Length
MSExchangeTransport Queues - Submission Queue
Length
MSExchangeTransport SmtpReceive - Messages
Received/sec
Average
Lab Instructions: Planning Microsoft Exchange Server 2010 Monitoring and Troubleshooting
Counter
Average
Results: After this exercise, you should have determined which server resources are likely to become
bottlenecked if server load continues to increase.
2.
Right-click 10233B-VAN-DC1 in the Virtual Machines list, and then click Revert.
3.
4.
Module 11
Lab Instructions: Upgrading to Microsoft Exchange Server
2010
Contents:
Exercise 1: Discussion: Reviewing the Exchange Server 2010 Design
Lab Setup
This lab does not require any virtual machines.
Lab Scenario
You are a messaging engineer for the A. Datum Corporation, an enterprise-level organization with
multiple locations. A. Datum Corporation is an international corporation involved in technology research
and investment, and is planning to upgrade from Exchange Server 2003 to Exchange Server 2010.
The A. Datum Corporation headquarters in London and two remote locations (Vancouver and Tokyo) are
running Exchange Server 2003 and Outlook 2003. A. Datum Corporation will be adding two new
locations, and within the next six months it plans to migrate all existing users to Exchange Server 2010 and
Outlook 2010. Much of the Exchange Server 2010 messaging system design is complete.
The Trey Research location continues to run a POP3/SMTP messaging system, which you need to migrate
to Exchange Server 2010 and integrate with the rest of the Exchange organization. The Trey Research
domain is already deployed as a separate tree in the A. Datum forest. This integration of Trey Research will
be completed after the current infrastructure is upgraded.
Use the references on the following pages for this lab.
Note Your instructor may choose to perform this lab as a group discussion rather than an
individual activity.
Adatum_ProposedADSiteDesign.vsd
Adatum_ProposedPerimeterDesign.vsd
Internal users
Mobile users
London
(corporate
headquarters)
12,000 currently
10,000 after the new
London office is ready
London
(new office)
4,000 (anticipated)
San Diego
(former head
office of Trey
Research)
500
Vancouver
6,000
Tokyo
5,000
Chennai
(new office)
800 (anticipated)
A. Datum has deployed a single AD DS forest with a dedicated root domain named Adatum.com, and
three child domains in the same tree. These domains are:
EU.Adatum.com
NA.Adatum.com
AS.Adatum.com
Additionally, the organization has deployed a domain named TreyResearch.net in the San Diego location.
This domain is configured as a separate tree in the Adatum.com forest.
Exchange_Server_2003_Configuration.doc
Location
Description
London
(corporate
headquarters)
Vancouver
Tokyo
2.
Adatum_ProposedADSiteDesign.vsd
Adatum_ProposedPerimeterDesign.vsd
Exchange_Server_2003_Configuration.doc
Answer the questions in the A. Datum Upgrade Design Questions document, and then complete the
A. Datum Upgrade Design document.
A. Datum Upgrade Design
Document Reference Number: JC060610/1
Document Author
Date
Jason Carlson
6th June 2010
Requirement Overview
Describe the upgrade strategy for the A. Datum organization.
Proposals
Question: Based on what you know about the A. Datum organization, what would be a reasonable
timeline for completing this migration?
Question: What are the factors that will affect the timeline?
Question: Where will you perform the schema upgrade?
Question: What is the process for preparing domains for Exchange Server 2010?
Question: How will you ensure that Exchange Server 2010 can coexist with Exchange Server 2003?
Question: Which site should be upgraded first?
Question: Which server role should be implemented first in that site?
(continued)
A. Datum Upgrade Design
Question: Should coexistence occur in multiple sites or a single location?
Question: How will client access be configured to allow coexistence in the first site?
Question: How will message transport be configured to allow coexistence in the first site?
Question: How will mailboxes be moved in the first site?
Question: How will you move Internet message delivery from Exchange Server 2003 to Exchange
Server 2010 and use Edge Transport servers?
Question: When you begin migrating the second site to Exchange Server 2010, what process will you
use?
Question: How will you remove Exchange Server 2003?
Note
Results: After this exercise, you should have completed the A. Datum Upgrade document.
Lab Instructions: Integrating Microsoft Exchange Server 2010 with Other Messaging Systems
Module 12
Lab Instructions: Integrating Microsoft Exchange Server
2010 with Other Messaging Systems
Contents:
Exercise: Designing Exchange Server 2010 Integration with Office 365
Lab Instructions: Integrating Microsoft Exchange Server 2010 with Other Messaging Systems
Lab Scenario
You are a messaging engineer for A. Datum Corporation, an enterprise-level organization with multiple
locations. A. Datum Corporation is an international corporation involved in technology research and
investment, and has successfully implemented Exchange Server 2010 for messaging and collaboration.
As part of the growth strategy for A. Datum Corporation, your organization has purchased their
competitor company, Northwind Traders. You must design the integration of your Exchange Server 2010
organization, and the POP3/IMAP messaging system of Northwind Traders.
Lab Instructions: Integrating Microsoft Exchange Server 2010 with Other Messaging Systems
Document the required configuration for migrating Northwind Traders email to Office 365.
Task 1: Document the required configuration for migrating Northwind Traders email to
Office 365
Jason Carlson
5th June 2010
Requirement Overview
Determine how to migrate Northwind Traders email to Office 365.
Proposals
Question: Does this scenario require a hybrid implementation of Office 365?
Question: Will inbound routing be to the on-premises Exchange Server organization or to
Office 365?
Question: Will outbound routing be centralized or decentralized?
Question: How will you configure MX records?
Question: How will you migrate mailboxes to Office 365?
Question: Will you configure single sign-on?
Lab Instructions: Integrating Microsoft Exchange Server 2010 with Other Messaging Systems
(continued)
A. Datum Corporation and Northwind Traders Integration Plan
Question: Do you need to configure a UPN to support single sign-on?
Question: What AD FS servers do you require to support single sign-on?
Question: What certificates do you need to support single sign-on?
Note
Results: After this exercise, you should have created a plan to migrate Northwind Traders email to
Office 365.
Lab Answer Key: Introduction to Designing a Microsoft Exchange Server 2010 Deployment
Module 1
Lab Answer Key: Introduction to Designing a Microsoft
Exchange Server 2010 Deployment
Contents
Exercise 1: Evaluating an Existing Messaging Infrastructure
Lab Answer Key: Introduction to Designing a Microsoft Exchange Server 2010 Deployment
Adatum_Info.vsd
Jason Carlson
31st January 2010
LondonSite
RD-LON-DC1
RD-LON-DC1
EU-LON-DC1
EU-LON-DC2
LondonSite2
EU-LON-DC3
VancouverSite
RD-TOR-DC1
NA-TOR-DC1
NA-TOR-DC2
SanDiegoSite
AD-SAN-DC1
AD-SAN-DC2
TokyoSite
RD-TOK-DC1
AS-TOK-DC1
AS-TOK-DC2
Chennai
AS-CHE-DC1
Lab Answer Key: Introduction to Designing a Microsoft Exchange Server 2010 Deployment
(continued)
A. Datum Current Network Infrastructure Analysis
Additional notes
Adatum.com Adatum.com
EU.Adatum.com
NA.Adatum.com
AS.Adatum.com
TreyResearch.net
Additional notes
Jason Carlson
31st January 2010
Server role
Location
LON-MSG-FE1
Front-end server
London
LON-MSG-BH1
Front-end server
London
LON-MSG-BE1
Back-end server
London
LON-MSG-BE2
Back-end server
London
LON-MSG-BE3
Back-end server
London
LON-MSG-BE4
Back-end server
London
LON-MSG-BE5
Back-end server
London
LON-MSG-BE6
Back-end server
London
Lab Answer Key: Introduction to Designing a Microsoft Exchange Server 2010 Deployment
(continued)
A Datum Current Messaging Infrastructure Analysis
Exchange Server Configuration
Server name
Server role
Location
LON-MSG-PF1
London
VAN-MSG-FE1
Front-end server
Vancouver
VAN-MSG-BH1
Front-end server
Vancouver
VAN-MSG-BE1
Back-end server
Vancouver
VAN-MSG-BE2
Back-end server
Vancouver
VAN-MSG-BE3
Back-end server
Vancouver
VAN-MSG-PF1
Vancouver
TOK-MSG-FE1
Front-end server
Vancouver
TOK-MSG-BH1
Front-end server
Vancouver
TOK-MSG-BE1
Back-end server
Vancouver
TOK-MSG-BE2
Back-end server
Vancouver
TOK-MSG-BE3
Back-end server
Vancouver
TOK-MSG-PF1
Vancouver
Additional notes
Settings
Administrative
groups
Administrator groups
Routing groups
SMTP namespaces
Adatum.com, TreyResearch.net
Additional notes
Lab Answer Key: Introduction to Designing a Microsoft Exchange Server 2010 Deployment
Results: After this exercise, you should have completed the appropriate sections in the Current Messaging
Infrastructure Analysis document.
2.
What are A. Datum Corporations requirements and pain points? Answers below:
Madeleine Kelly, the CEO, anticipates rapid growth and multiple acquisitions.
Karen Toh, VP Europe, says her Sales staff needs access to e-mail from anywhere.
Marcel Truempy, CIO, cited a period of unavailability that resulted in business lost; highavailability is important.
Scott MacDonald, VP North America, is concerned about legal and corporate regulatory
compliance issues.
Gareth Chan, VP Asia, needs a means of confidential communication with Contoso, Ltd.
Shane DeSeranno, Network Operations Manager, requires that all network traffic entering the
corporate network is encrypted.
Jason Carlson, Network Specialist, states that the wide area network (WAN) is pretty reliable, but
that it lacks bandwidth between some company locations.
Tzipi Butnaru, Directory Services Manager, explains that all domain controllers are running
Windows Server 2008 Service Pack 1 (SP1), and does not anticipate wanting to make additional
Active Directory Domain Services (AD DS) infrastructure changes.
Conor Cunningham, Messaging Services Manager, wants to make Outlook Web App available
to users currently using Post Office Protocol (POP) from home. Additionally, he states that many
users are requesting access to e-mail services from their mobile phones.
How can Exchange Server 2010 help address the requirements? Answers below:
Exchange Server 2010 is very scalable, and can easily support the anticipated mergers and
acquisitions.
Exchange Server 2010 supports e-mail from many devices, including web browsers and mobile
phones.
Exchange Server 2010 implements features that enable organizations to remain compliant with
legal and corporate messaging policies. Features include: messaging records management, Multimailbox search, legal hold, information rights management protection, personal archive, and
transport rules.
Exchange Server 2010 can support secure communication channels between partner
organizations.
Exchange Server 2010 supports a number of encryption methods so that only encrypted traffic
can enter the corporate network through the internal firewall.
Lab Answer Key: Introduction to Designing a Microsoft Exchange Server 2010 Deployment
Exchange Server 2010 can be configured to use the existing site configuration, or to use an
Exchange-specific site configuration; this enables a network administrator to get the most out of
their WAN links.
Exchange Server 2010 supports the POP protocol. It also supports e-mail access from web
browsers and mobile phones. The users requirement for secure anywhere-access to their e-mail
is supported.
Jason Carlson
31st January 2010
Lab Answer Key: Introduction to Designing a Microsoft Exchange Server 2010 Deployment
(continued)
A Datum Project Requirements Analysis
Project priorities and constraints
This section outlines the identified project priorities and constraints. During the requirements
analysis task, specific priorities should have been identified related to the schedule, resources, or
features that must, or must not, be included in the project:
The budget may be a constraint on the project.
Unencrypted traffic can be allowed into the perimeter network, but not to the internal network.
There may be resistance to making any changes to the Active Directory configuration.
Task 3: Discuss the components that you will need to include in the Exchange Server
design to meet the company requirements
You will complete these sections as a group.
2.
What components will you need to include in the Exchange Server 2010 deployment to meet the
business requirements?
Answer: Configure the Client Access server role to provide users with e-mail access
anywhere in the world at any time.
Answer: Configure the Hub Transport server role to enforce compliance requirements.
Answer: Configure the Client Access server role to provide access to the mailbox servers for
more messaging clients, including clients with more functionality than POP3 and mobile
clients.
What components will you need to include in the Exchange Server 2010 deployment to meet the
technical and additional requirements?
Answer: Configure Database Availability Groups, Mailbox Database Copies, and Active
Manager to provide for high availability.
Answer: Configure the messaging transport to provide a high level of security for
exchanging e-mail with partner organizations.
Results: After this exercise, you should have completed the A. Datum Project Requirements documents.
Lab Answer Key: Introduction to Designing a Microsoft Exchange Server 2010 Deployment
2.
Functional requirements
Project constraints
How do you resolve scenarios where addressing all of the requirements will cost significantly more
than the proposed budget?
Answer: This can be very complicated. In the projects early stage, the most important step is to alert
business sponsors that there may be budget issues. This enables them to prepare for a future tradeoff
discussion, or consider increasing the budget. You also may need to provide the business sponsor
with an initial proposal identifying the project components that will cost the most money.
Results: After this exercise, you should have answered the preceding questions.
Lab Answer Key: Introduction to Designing a Microsoft Exchange Server 2010 Deployment
Working with group members, brainstorm a list of other information that is required to create the
SLA.
2.
Jason Carlson
31st January 2010
Questions
10
Lab Answer Key: Introduction to Designing a Microsoft Exchange Server 2010 Deployment
Results: After this exercise, you should have completed the High Availability Information document.
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2.
In Hyper-V Manager, click 10233B-NYC-DC1, and in the Actions pane, click Start.
3.
In the Actions pane, click Connect. Wait until the virtual machine starts.
4.
5.
Password: Pa$$w0rd
Domain: Contoso
Lab Answer Key: Designing Microsoft Exchange Server 2010 Integration with the Current Infrastructure
Module 2
Lab Answer Key: Designing Microsoft Exchange Server
2010 Integration with the Current Infrastructure
Contents
Exercise 1: Evaluating the Current Network Infrastructure at Contoso
Lab Answer Key: Designing Microsoft Exchange Server 2010 Integration with the Current Infrastructure
Whether there is an existing version of Exchange Server or other messaging system installed.
What the firewall configuration is (in terms of allowed ports) and both the Windows Firewall
settings and any firewalls that separate the corporate network from the Internet.
Whether the current Domain Name System (DNS) configuration is appropriate to support
Exchange Server 2010, and both the internal DNS and external DNS.
Whether there is a certification authority (CA) in place to provide the necessary certificates for
Exchange Server. In the early test phases, using the self-signed certificates is acceptable; however,
thereafter, commercial certificates should be sought in the absence of a suitable internal Public
Key Infrastructure (PKI).
Lab Answer Key: Designing Microsoft Exchange Server 2010 Integration with the Current Infrastructure
Jason Carlson
11th February 2010
Requirement Overview
To determine what changes, if any, are required to the existing network and AD DS infrastructure to
support Exchange Server 2010.
Contoso Exchange Server network infrastructure
Proposals
Question: The internal and external DNS zone names are the same for Contosoi.e. Contoso.com.
What issue does this raise for clients connecting to their mailboxes using Outlook Web App from
their home computers?
Answer: You may need to configure split DNS to ensure host names are resolved the appropriate
internal or external IP address.
Question: What DNS records must you configure in the external Contoso.com DNS zone?
Answer: Host (A or AAAA) resource records, mail exchanger (MX) resource records, and Sender
Policy Framework (SPF) resource records are required.
Question: How do you propose to support the messaging needs of users in Branch Office 2?
Answer: As Exchange Server 2010 does not support deployment in sites that contain an RODC; the
RODC must either be removed and replaced with a full domain controller, or else the users must
use an Exchange Mailbox server in the head office site.
Question: What messaging client will you deploy to Branch Office 2?
Answer: That depends on how the RODC issue is resolved. If the RODC is removed, the users could
use Outlook Web App to ensure that the bandwidth of the connection to the head office is not
excessively consumed. If a full DC is deployed to the Branch Office 2 site, then any suitable client
including Microsoft Office Outlook 2007 or 2010could be deployed.
Question: What server role must you consider deploying in the head office to facilitate inbound
and outbound messaging to and from the Internet?
Answer: An Exchange Edge Transport server should be deployed in the perimeter network.
Question: How many Client Access servers do you envisage needing?
Answer: At least one per site where mailboxes reside; if Branch Office 2 does not host a Mailbox
server, then there is no need to provide a Client Access server there. For high availability, consider
deploying at least two Client Access servers per site.
Lab Answer Key: Designing Microsoft Exchange Server 2010 Integration with the Current Infrastructure
(continued)
Contoso Exchange Server network infrastructure
Question: How many Hub Transport servers are required?
Answer: At least one per site where mailboxes reside. If Branch Office 2 does not host a Mailbox
server, then there is no need to provide a Hub Transport server there. For high availability, consider
deploying at least two Hub Transport servers per site.
Question: Ed Meadows has explained that the administrators at the Branch Office 1 site needs to
be able to perform limited recipient management tasks. To which built-in role group should you
assign these branch administrators?
Answer: They should be assigned to the Help Desk role group.
Note
Results: After this exercise, you should have completed the Contoso Exchange Server network
infrastructure report.
Lab Answer Key: Designing Microsoft Exchange Server 2010 Integration with the Current Infrastructure
2.
On the System page, in the Windows edition section, verify that the domain controller operating
system is compatible with Exchange Server 2010 requirements.
3.
4.
Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
5.
6.
In the Contoso.com Properties dialog box, verify that the domain and forest functional levels are
compatible with the Exchange Server 2010 requirements.
7.
Click OK, and then close Active Directory Users and Computers.
8.
Click Start, in the Search box, type adsiedit.msc, and then press Enter.
9.
10. In the Connection Settings dialog box, in the Connection Point section, in the Select a well known
Naming Context list, click Configuration, and then click OK.
11. In the left pane, expand Configuration[NYC-DC1.Contoso.com], and then click
CN=Configuration,DC=Contoso,DC=com.
12. Expand CN=Services, and verify that the CN=Microsoft Exchange has not been created.
13. Close ADSI Edit.
On NYC-SVR1, click Start, in the Search box, type cmd, and then press Enter.
2.
At the command prompt, type IPConfig /all, and then press Enter. Verify that the DNS server IP
address for the Local Area Connection is 10.10.10.10.
3.
At the command prompt, type Ping NYC-DC1.contoso.com. Verify that you have network
connectivity with the domain controller.
4.
5.
At the command prompt, type set type=all, and then press Enter.
6.
At the command prompt, type _ ldap._tcp.dc._msdcs.Contoso.com, and then press Enter. Verify that
an SRV record is returned.
7.
Lab Answer Key: Designing Microsoft Exchange Server 2010 Integration with the Current Infrastructure
On NYC-SVR1, click Start, point to Administrative Tools, and then click Server Manager.
2.
In the left pane, click Features. Verify that no Windows Server 2008 features are installed, including
the Active Directory Domain Services (AD DS) management tools.
3.
In the left pane, click Roles. Verify that no Windows Server 2008 roles are installed.
4.
Click Start, and point to Administrative Tools. Verify that Internet Information Services (IIS)
Management is not listed.
5.
Click Start, click All Programs, click Accessories, click Windows PowerShell, and then click
Windows PowerShell.
6.
At the Windows PowerShell prompt, type help about_windows_powershell, and then press Enter.
Verify that about_Windows_PowerShell_2.0 is listed. It is installed with Windows PowerShell 2.0.
7.
8.
9.
10. In the Programs and Features window, click Programs and Features. Verify that Microsoft Filter
Pack 2.0 is installed.
11. Close the Programs and Features window.
Results: After this exercise, you should have evaluated whether your organization meets the AD DS, DNS,
and server requirements for installing Exchange Server 2010. You should have identified the additional
components that need to be installed or configured to meet the requirements.
Lab Answer Key: Designing Microsoft Exchange Server 2010 Integration with the Current Infrastructure
On NYC-SVR1, in Server Manager, click Features, and then click Add Features.
2.
In the Select Features page, expand Remote Server Administration Tools, expand Role
Administration Tools, expand AD DS and AD LDS Tools, expand AD DS Tools, and then select the
AD DS Snap-Ins and Command-Line Tools check box.
3.
Expand .NET Framework 3.5.1 Features, and then select the .NET Framework 3.5.1 check box.
4.
Expand WCF Activation, select the HTTP Activation check box, and then click Add Required Role
Services.
5.
Select the RPC over HTTP Proxy check box, click Add Required Role Services, and then click Next.
6.
7.
On the Select Role Services page, under Security, select the Digest Authentication check box.
8.
9.
Under IIS 6 Management Compatibility, select the IIS 6 Management Console check box.
In the 10233B-NYC-SVR1 on localhost Virtual Machine Connection window, on the File menu, click
Settings.
2.
3.
4.
5.
On NYC-SVR1, close the autoplay dialog box, and open a command prompt.
6.
7.
Results: After this exercise, you should have prepared the AD DS and server configuration for the
Exchange Server 2010 installation.
Lab Answer Key: Designing Microsoft Exchange Server 2010 Integration with the Current Infrastructure
2.
Expand Users, right-click Users, point to New and then click User.
3.
In the New Object User dialog box, in the Full Name box, type Adam Carter.
4.
In the User logon name box, type Adam, and then click Next.
5.
6.
7.
In Active Directory Users and Computers, click Microsoft Exchange Security Groups, and then
double-click Help Desk.
8.
9.
In the Enter the object names to select field, type Adam Carter, and then click OK twice.
2.
Right-click 10233B-NYC-DC1 in the Virtual Machines list, and then click Revert.
3.
4.
5.
In the Virtual Machines pane, click 10233B-VAN-DC1, and then in the Actions pane, click Start.
Note Start the 10233B-VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.
6.
Wait for 10233B-VAN-DC1 to start, and then start 10233B-VAN-EX1. Connect to the virtual machine.
7.
Wait for 10233B-VAN-EX1 to start, and then start 10233B-VAN-EX2. Connect to the virtual machine.
8.
Wait for 10233B-VAN-EX2 to start, and then start 10233B-VAN-CL1. Connect to the virtual machine.
Module 3
Lab Answer Key: Planning and Deploying Mailbox Services
Contents:
Exercise 1: Designing the Mailbox Server Deployment
10
12
Question: In the Server Design Interviews, what points are raised that impact your Mailbox server
deployment plan, and how do they impact it?
Answer:
A single server or component failure cannot be the cause of messaging system unavailability. Multiple
Mailbox servers must be deployed in each site.
The system must be scalable to grow capacity by at least 30 percent over 3 years.
There is a Storage Area Network (SAN) in London, Tokyo, and Toronto. These will be high
performance, but expensive.
San Diego and Chennai do not have a SAN and need to use direct access storage (DAS).
Mailbox sizes are increasing to 500 megabytes (MB) for basic users, and a personal archive of 1 GB.
Exceptional usersabout 25 percent of userswill have a mailbox of 1 GB and a personal archive of
2 GB.
Question: In the Server Design Statistics, what information is relevant to determining a server design, and
why?
Answer: All of the information in this document is relevant to developing a server design. This document
describes the size of mailboxes and the amount of user activity.
Task 3: Perform high level planning for Mailbox server storage in London
Jason Carlson
2nd April 2010
Requirement Overview
Create a high level plan for Mailbox server storage in London.
Additional Information
N/A
Question: Assuming that there are 12,000 users in London, how much disk space is required for
mailbox databases?
Answer: There will be 9,000 users with a 500 MB mailbox and a personal archive of 1 GB. There will
be 3,000 users with a 1 GB mailbox and a 2 GB personal archive. The total storage space potentially
required is 22.5 terabytes (TB).
The initial deployment will not require this much space because user mailboxes will not all be at
their limit, but this shows the maximum potential size.
Question: Should the disk space for Mailbox servers be SAN or DAS?
Answer: The SAN has only 10 TB free and cannot support holding even a single copy of all mailbox
data. Expanding the SAN will be very expensive. Therefore, DAS should be used.
Question: If DAS is used, will the disk space use RAID or JBOD?
Answer: Because there are three replicated copies of the data, consider using JBOD. From a
performance perspective, there is no reason to use RAID. If the final design includes more than
three data copies, JBOD should be used.
Question: What size and speed of disk do you think is appropriate?
Answer: To support the large volume of data, slower and less expensive disks such as 7200 RPM
SAS disks should be used. The 7200 RPM SAS disks are close to the same price as SATA drives but
are more reliable. You do not need disks with a higher RPM because Exchange Server 2010 has
lower I/O requirements.
Question: Should transaction logs be stored on a separate LUN from database files?
Answer: When there are multiple replicated copies, you do not need a separate LUN for
transaction logs. Recovery is performed by using an alternate copy of the database rather than by
restoring and then replaying transaction logs. In most cases, circular logging is used and there is no
option to replay transaction logs.
Task 4: Use the Exchange 2010 Mailbox Server Role Requirements Calculator
spreadsheet to determine the configuration
1.
2.
Total Number of HA Database Copy Instances (Includes Active Copy) within DAG: 3
Database Configuration
Backup Configuration
Storage Options
3.
Server Configuration
Primary Datacenter Mailbox Servers: 12 cores per server, SPECint2006 Rate of 400
Primary Datacenter Mailbox Servers: 12 cores per server, SPECint2006 Rate of 400
Network Configuration:
Jason Carlson
2nd April 2010
Requirement Overview
Determine the hardware configuration for large Mailbox servers that use DAS.
Additional Information
N/A
Proposals
Question: What is the processor configuration for each server?
Answer: 12 server cores with a SPECint2006 Rate value of 400
Question: What type of disks are being used?
Answer: 2000 GB, 7.2K RPM SAS
Question: How many databases are recommended?
Answer: The DAG requires 30 databases.
(continued)
A. Datum Large Mailbox server design
Question: How many mailboxes are recommended for each database?
Answer: 500 mailboxes are recommended for each database.
Question: What is the recommended RAM for this server?
Answer: 96 GB
Question: What is the expected CPU utilization for this server?
Answer: 33 percent
Question: What is the recommended number of LUNs on the server?
Answer: Total recommended LUNs for Exchange are 31:
30 LUNs for databases and logs
1 LUN for restores
Question: How many databases are recommended per LUN?
Answer: 1
Question: What is the total disk space required per server?
Answer: The total disk space required is approximately 53 TB (53118 GB):
51553 GB for database and log LUNs
1565 GB for a restore LUN
Question: What type of RAID is recommended?
Answer: JBOD is recommended for the primary datacenter because there are three database
copies. RAID 1/0 (also known as RAID 10) is recommended for the secondary datacenter LUNs that
hold database copies and logs. RAID 5 is recommended for the secondary datacenter restore LUN.
Question: How many database disks are recommended for the primary datacenter servers?
Answer: 31
Question: How many database disks are recommended for the secondary datacenter server?
Answer: 59
Note
Question: In the Recipient Management Interviews, what points are raised that impact your Mailbox
server deployment plan, and how do they impact it?
Answer: This entire document is relevant to the planning of recipient management. However, the specific
points raised are:
When sending mail, users must use the email address associated with their business unit, but when
receiving email, all domains must be allowed.
Information Technology (IT) Client Services staff in each location must be able to manage recipients
in that location only. Team leaders must be able to manage recipients throughout the entire
organization.
Automated booking of meeting rooms is desired, with exceptions approved by a designated person.
Jason Carlson
2nd April 2010
Requirement Overview
Determine the configuration required to meet recipient management needs.
Proposals
Question: How will you ensure that recipients are assigned the correct email addresses?
Answer: Two email address policies need to be created:
The first e-mail address policy will have a condition that matches only A. Datum recipients.
The condition could be based on recipients in specific organizational units (OUs) or
recipients with the Company defined in Active Directory Domain Services.
The second e-mail address policy will have a condition that matches only Trey Research
recipients.
Each policy will be configured with both domains. The e-mail address policy for A. Datum
Corporation will use adatum.com as the Reply To address. The e-mail address policy for Trey
Research will use TreyResearch.net as the Reply To address.
(continued)
A. Datum recipient management configuration
Question: How will you enable the IT Client Services staff to perform recipient management?
Answer: Team leaders can be made members of the Recipient Management role group. This group
has management permissions for the recipients in the entire Exchange Server organization.
New Recipient Management role groups should be created for each physical location. These role
groups will be scoped to limit management permissions to manage recipients only within a specific
OU that represents each physical location.
Question: How will you meet the needs for meeting room bookings?
Answer: Each meeting room will be created as a resource mailbox. You can then determine the inpolicy and out-of-policy settings for each meeting room. A delegate for each meeting room will be
configured to arbitrate conflicts, and approve or deny out-of-policy requests.
Question: How will you address the needs for distribution group management?
Answer: Exchange Server 2010 supports delegation of distribution group membership
management. The person that is configured as group manager is able to modify the distribution list
membership by using the Exchange Control Panel.
Question: How will you address the need for separating the address books for A. Datum and Trey
Research?
Answer: Create separate address lists for each organization and then distribute the appropriate
address lists by using address book policies. The appropriate address book policy must be
associated with each user. To simplify this you must have an identifying attribute that can be
queried when performing the assignment. You should also have an identifying attribute that can be
queried when specifying GAL members.
Note
10
Question: In the Public Folder Interviews, what points are raised that impact your public folder
deployment plan, and how do they impact it?
Answer: This entire document is relevant to the planning of recipient management. However, the specific
points raised are:
The Executives want a new public folder for private communication that is available quickly from any
location, and is not impacted by a server failure.
Requests for new public folders are being encouraged to evaluate Microsoft SharePoint as an
alternative.
Question: In the Server Design Interview, what points are raised that impact your public folder
deployment plan, and how do they impact it?
Answer: Many clients still use Microsoft Office Outlook 2003. Office Outlook 2003 clients require public
folders to access free/busy information, and to download offline address books.
11
Jason Carlson
2nd April 2010
Requirement Overview
Determine the configuration required to meet public folder needs.
Proposals
Question: How will you address the executives desire for public folders?
Answer: Since Erik has made it clear that he does not want to use SharePoint, a public folder
should be created. This public folder should be replicated to all locations in the organization for fast
access regardless of location. The replication also helps ensure high availability.
Question: How will you address the IT Client Services request for a public folder?
Answer: IT Client Services should be encouraged to use SharePoint instead of public folders. This
will provide them with many more options for collaboration.
Question: Other than the public folder for executives, which other public folders are required?
Answer: To support Office Outlook 2003 clients, the system public folders for free/busy searches
and offline address books must be available in all locations. This requires that you create at least
one public folder database in each physical location. Public folder databases will not exist in each
physical location by default.
Note
12
On VAN-EX1, click Start, point to Administrative Tools, and click Active Directory Users and
Computers.
2.
In Active Directory Users and Computers, right-click Adatum.com, point to New, and click
Organizational Unit.
3.
In the New Object Organizational Unit window, in the Name box, type Trey, and click OK.
4.
In the left pane, click Marketing then click and drag Wei Yu to the Trey organizational unit.
5.
6.
7.
Click Start, point to All Programs, click Microsoft Exchange Server 2010, and then click Exchange
Management Console.
8.
9.
10. In the New Address List wizard, on the Introduction page, enter the following settings and click
Next.
Container: \
11. On the Filter Settings page, click Browse, click Trey, and click OK.
12. Click The following specific types, select the Users with Exchange mailboxes check box, and click
Next.
13. On the Conditions page, click Next.
14. On the Schedule page, click Next to apply all changes immediately.
15. On the New Address List page, click New.
16. On the Completion page, click Finish.
17. In the Actions pane, click New Address List.
18. In the New Address List wizard, on the Introduction page, enter the following settings and click
Next.
Container: \
19. On the Filter Settings page, click Browse, click Trey, and click OK.
20. Click The following specific types, select the Resource mailboxes check box, and click Next.
21. On the Conditions page, click Next.
13
22. On the Schedule page, click Next to apply all changes immediately.
23. On the New Address List page, click New.
24. On the Completion page, click Finish.
25. Click Start, point to All Programs, click Microsoft Exchange Server 2010, and then click Exchange
Management Shell.
26. In the Exchange Management Shell, type the following command, and then press ENTER.
New-GlobalAddressList TreyGAL RecipientContainer ou=Trey,dc=adatum,dc=com
27. In the Exchange Management Shell, type the following command, and then press ENTER.
New-OfflineAddressBook TreyOAB AddressLists TreyGAL
28. In the Exchange Management Console, click New Address Book Policy.
29. In the New Address Book Policy wizard, in the Name box, type TreyABP.
30. Beside the Global address list box, click Browse, click TreyGAL, and click OK.
31. Beside the Offline address list box, click Browse, click TreyOAB, and click OK.
32. Beside the Room list box, click Browse, click Trey Rooms, and click OK.
33. Under Address lists, click Add, click Trey Users, and click OK.
34. Click New.
35. On the Completion page, click Finish.
36. Close the Exchange Management Console.
37. In the Exchange Management Shell, type the following command, and then press ENTER.
Get-Mailbox OrganizationalUnit Trey | Set-Mailbox AddressBookPolicy TreyABP
14
On VAN-EX1, open the Exchange Management Console, browse to Recipient Configuration, and
then click Mailbox.
2.
3.
In the New Mailbox window, click Room Mailbox, and then click Next.
4.
On the User Type page, click New user, and then click Next.
5.
On the User Information page, enter the following information, and then click Next.
6.
On the Mailbox settings page, in the Alias box, type Room100, and then click Next.
7.
8.
9.
10. In the Room 100 Properties window, click the Resource General tab, and then select the Enable the
Resource Booking Attendant check box.
11. Click the Resource Policy tab. Under Specify delegates of this mailbox, click Add, click Andreas
Herbinger, and then click OK.
12. Click the Resource Out-of-Policy Requests tab, click Add, click Luca Dellamore, and then click OK.
13. In the Room 100 Properties window, click OK.
2.
Click Start, point to All Programs, click Microsoft Office, and then click Microsoft Outlook 2010.
3.
4.
In the Untitled Meeting window, enter the following, and then click the Check Names button.
5.
6.
Click Send.
Notice that an automatic response is received indicating that the booking was accepted by Room
100, because the request is in-policy. The response may take a minute or so to appear.
7.
8.
9.
15
In the Untitled Meeting window, enter the following, and then click the Check Names button.
On VAN-EX1, in the Exchange Management Console, in the console tree, expand Recipient
Configuration, and then click Distribution Group.
2.
3.
4.
Under Managed by, click Add, click Conor Cunningham, and then click OK.
5.
Click the Membership Approval tab, and verify that group membership is closed.
6.
7.
8.
Select the Messages sent to this group have to be approved by a moderator check box.
9.
In the Message Moderation window, under Specify group moderators, click Add, click Luca
Dellamore, and then click OK.
10. Under Specify senders who dont require message approval, click Add, click Executives, and then
click OK.
11. In the Message Moderation window, click OK.
12. In the Executives Properties window, click OK.
16
2.
In the Untitled Message window, enter the following information and then click Send.
To: Executives
Body: The Executives public folder has been created for you.
3.
In the left pane, click Sent Items, right-click New Public Folder, and then click Open Delivery
Report.
4.
5.
In the Delivery Report window, notice that the message has been sent to the moderator, and then
click Close.
6.
In Office Outlook, in the Inbox, click the Approval requested: New Public Folder message, and read
the contents.
7.
Click the New Public Folder message, and then click Approve.
8.
In Outlook Web App, right-click New Public Folder, and then click Open Delivery Report.
9.
10. In the Delivery Report window, notice that the message has been delivered to both group members,
and then click Close.
2.
Right-click 10233B-VAN-DC1 in the Virtual Machines list, and then click Revert.
3.
4.
Repeat these steps for 10233B-VAN-EX1, 10233B-VAN-EX2, and 10233B-VAN-CL1. Close the virtual
machine connection windows
5.
In the Virtual Machines pane, click 10233B-VAN-DC1, and then in the Actions pane, click Start.
6.
To connect to the virtual machine for the next modules lab, click 10233B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the 10233B-VAN-DC1 virtual machine first, and ensure that it is fully
started before starting the other virtual machines.
7.
Wait for 10233B-VAN-DC1 to start, and then start 10233B-VAN-EX1. Connect to the virtual machine.
8.
Wait for 10233B-VAN-EX1 to start, and then start 10233B-VAN-EX2. Connect to the virtual machine.
Lab Answer Key: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
Module 4
Lab Answer Key: Planning and Deploying Client Access
Services in Microsoft Exchange Server 2010
Contents
Exercise 1: Designing the Client Access Server Deployment
Lab Answer Key: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
Adatum_CurrentPerimeterDesign.vsd
Adatum_CurrentADSiteDesign.vsd
A single server or component failure cannot be the cause of messaging system unavailability.
Multiple Client Access servers must be deployed in each site that has a deployed Mailbox server.
Microsoft Office Outlook 2003 is still in use throughout the organization. Public folders are
required to support free/busy schedule information and offline address book distribution.
Question: In the Requirements Interview Notes document, what points are raised that
impact your Client Access server deployment plan, and why?
Answer:
The sales team requires anywhere access to their email, most likely by using their cell phones.
Microsoft Exchange ActiveSync addresses this need.
Various examples cite unavailable messaging and subsequent business losses because of this
unavailability. High availability is important.
The requirements allow unencrypted traffic into the perimeter network from the Internet, but not
into the corporate network. The inner firewalls block unencrypted network traffic. When planning
Client Access protocols, consider using Secure Sockets Layer (SSL) to secure traffic.
Question: In the AD DS and Routing Interview Notes document, what points are raised
that impact your Client Access server deployment plan, and why?
Answer:
There is currently widespread use of Outlook Web App in Exchange Server 2003, so ensure that
Outlook Web App makes a positive impact on users.
Lab Answer Key: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
Simple Mail Transfer Protocol (SMTP) traffic for the Adatum.com organization currently passes to
and from the Internet through the London site.
Hypertext Transfer Protocol/Secure (HTTPS) traffic is allowed through most firewalls. Configure
Client Access servers to use SSL for services.
Only the firewall in the San Diego site allows Post Office Protocol version 3 (POP3) inbound
network traffic.
Only the London and San Diego sites allow for inbound and outbound SMTP traffic.
Task 3: Update the A. Datum Client Access server deployment plan document
Jason Carlson
4th April 2010
Requirement Overview
Determine the number and placement of Client Access servers within the existing network
infrastructure.
Additional Information
Identify infrastructure changes that may be required due to the proposed deployment.
Proposals
Question: With reference to the Adatum_CurrentADSiteDesign diagram, how many Client Access
servers do you propose to deploy in each site?
Answer: Deploy at least two in each site to address the high availability concerns raised in the
documentation.
Question: Do you have sufficient information from the documents reviewed so far, to determine
whether some sites require additional Client Access servers?
Answer: No. You also need information about the number of users connecting to the Client Access
servers. This information is provided in a supplemental document that you will review in the next
exercise.
Question: Based on the documentation you have reviewed, what client types must you support?
Answer: Messaging Application Programming Interface (MAPI), Microsoft Exchange ActiveSync,
POP3/SMTP, and Outlook Web App. Outlook Anywhere is not mentioned in this documentation.
Lab Answer Key: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
(continued)
A Datum Client Access Server Deployment Plan
Question: Is it clear from the documentation that you have reviewed which sites support which
client types?
Answer: No. Additional information is supplied in the A. Datum User Distribution Summary
document that you will review in the next exercise.
Question: While maintaining compliance with the requirements mentioned in the documentation,
can you propose changes to the client types that will simplify the configuration?
Answer: Answers will vary, but might include:
Upgrading the Office Outlook 2003 clients to Outlook 2010 would mean that Public folders
are no longer required. Additionally, this would mean that free/busy information would be
provided to users more quickly.
Replacing POP3 clients with another client type would simply firewall configuration. By
using either Outlook Anywhere or Outlook Web App, only HTTPS traffic (already permitted)
would be configured through the firewalls.
Question: Which Client Access servers do you propose to make Internet-facing?
Answer: Answers will vary. There are two choices:
Deploy Internet-facing Client Access servers in one site, and rely on redirection and/or
proxying (depending on the client type) to enable clients to connect to the appropriate
Client Access server in other sites. With this approach, you only need to configure one
namespace, which simplifies certificate deployment. However, not all client types support
redirection and proxying. For example, POP3 clients do not support redirection and
proxying.
Deploy Internet-facing Client Access servers in each site, and provide users with the
necessary URLs for the servers in the site that hosts their mailboxes. This means you must
obtain a certificate for each Client Access server, or else use a certificate that supports
multiple host names.
Question: How will you configure Autodiscover to support your Client Access server model?
Answer: Register a server connection point for each Client Access server on the Active Directory
site. This server connection point is the fully qualified domain name (FQDN) of the server that hosts
the role and is used by domain-joined computers to locate the Autodiscover service. Domaindisjoined computers use Domain Name System (DNS) to locate the Autodiscover service. Consider
modifying both these values (the server connector point and the DNS records) to match.
Note
Results: After this exercise, you should have completed the A. Datum Client Access server deployment
plan document.
Lab Answer Key: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
Policy Requirements.doc
All users who access email on the Exchange server must be required to have an alphanumeric
password that is at least six characters long.
Users who want to download attachments to the device must have encryption enabled on the
device, and the device must be configured to lock after five failed logon attempts.
All executives and managers must be able to download attachments to their mobile devices.
Other users do not require this functionality.
The Exchange administrators do not want to be involved every time a user gets a new mobile
device, but they also do not want users to have many mobile devices associated with their
mailboxes.
Question: In the A. Datum User Distribution Summary document, what points are raised
that impact your Client Access server deployment plan, and why?
Answer:
The number of internal users at each location will affect the number of required Client Access
servers.
There are a mix of remote client types at many locations, including Outlook Web App users,
Outlook Anywhere users, Office Outlook (over a virtual private network (VPN)) users, POP3 users,
and Exchange ActiveSync users.
Placement of Internet-facing Client Access servers in various sites raises the issue of the
namespace that you will use.
Using multiple Internet-facing Client Access servers means that you must carefully plan the
external URLs used on certificates. Certificates must support multiple computer names.
Lab Answer Key: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
Jason Carlson
4th April 2010
Requirement Overview
Determine the feature configuration for Client Access servers in the A Datum Exchange Server 2010
upgrade.
Proposals
Question: Based on the information in the A. Datum User Distribution Summary document, do you
envisage deploying additional Client Access servers in any sites?
Answer: Answers will vary. However, London, Toronto, and Tokyo have large numbers of users.
Two Client Access servers are probably insufficient to support timely connections to user mailboxes
and features.
Question: Which features must you enable on the Client Access servers to support the current
client-types?
Answer: Enable MAPI, Exchange ActiveSync, POP3/SMTP, Outlook Web App, and Outlook
Anywhere.
Question: Which client protocols must you enable through the firewalls?
Answer: Enable HTTPS, POP3, and SMTP.
Question: What would you do to address the security concerns raised regarding mobile clients?
Answer: Configure the following settings in Exchange ActiveSync:
At the organizational level, configure two Exchange ActiveSync Mailbox policies, one for Managers
and Executives, and one for everyone else. Configure both with the following security settings:
Require passwords
Require minimum password length of 6
Require encryption on storage card
Require encryption on device
Disallow simple password
Restrict number of failed attempts to 5
To support attachment downloads for executives and managers only, in Sync Settings, configure
the Allow attachments to be downloaded to device only for the Managers and Executives
policy.
Use Exchange Management Shell to assign the appropriate Exchange ActiveSync Mailbox policy to
the appropriate users.
Lab Answer Key: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
(continued)
A. Datum Client Access Server Configuration
Question: To support the other client types, what other configuration changes must you make?
Answer: You must:
Configure the external URLs for services that you want to make available across the
Internet. For example, to support Exchange ActiveSync, configure the external URL value on
servers providing this feature.
Start the POP3 service on Client Access servers that provide this service.
Configure a SMTP connector to support remote client relaying. Typically, you do this on the
Hub Transport server role, and then publish using a reverse proxy such as a Microsoft
Internet Security and Acceleration (ISA) Server.
Configure the required authentication settings on all services. For example, Outlook Web
App uses forms-based authentication by default.
Obtain and install the required certificates to enable SSL.
Question: While maintaining compliance with the requirements mentioned in the documentation,
can you propose changes to the client types that will simplify the configuration?
Answer: Aside from those mentioned already, you should migrate Office Outlook users that
implement a connection over a VPN to Outlook Anywhere. This avoids the need for VPNs.
Note
Results: After this exercise, you should have completed the A. Datum Client Access server configuration
document.
Lab Answer Key: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
On VAN-EX2, click Start, point to All Programs, point to Microsoft Exchange Server 2010, and
then click Exchange Management Console.
2.
In the Exchange Management Console, expand Microsoft Exchange On-Premises, expand Server
Configuration, and then click Client Access.
3.
In the result pane, click VAN-EX2, and then in the work pane, click the Exchange ActiveSync tab.
4.
5.
6.
Click the Authentication tab. Notice that Basic authentication is enabled. This is acceptable, because
SSL will be used to secure the credentials in transit.
7.
Click OK.
2.
3.
4.
Select the Allow non-provisionable devices check box. Confirm that the Allow attachments to be
downloaded to device option is selected.
5.
6.
Select the Enable password recovery check box. This will enable users to recover their Windows
Mobile password through the Exchange Control Panel.
7.
8.
9.
Select the Minimum password length check box, and then in the Minimum password length box,
type 6.
Lab Answer Key: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
Task 3: Configure Exchange ActiveSync settings from the Exchange Control Panel
(ECP)
1.
Click Start, point to All Programs, and then click Internet Explorer.
2.
3.
On the Outlook Web App webpage, in the Domain\user name box, type adatum\administrator.
4.
In the Password box, type Pa$$w0rd and then click Sign in.
5.
In the Exchange Control Panel, in the navigation pane on the left, click Phone & Voice.
6.
7.
In the results pane, click Executive Policy and then click Details.
8.
In the Executive Policy dialog box, expand Device Security. Review the settings.
9.
10. Expand Device Settings. Notice that text messaging is allowed. Click Cancel.
11. In the center pane, click ActiveSync Access.
12. Under Device Access Rules, click New.
13. In the New Device Access Rule dialog box, under Device family, click Browse.
14. Select All families and click OK.
15. Under When devices of the selected family or model try to connect, click Quarantine Let me
decide to block or allow later, and then click Save.
16. In the Error dialog box, click Close. There are currently no devices in use in the Adatum organization.
Click Cancel.
17. Close Internet Explorer.
Results: After this exercise, you should have deployed and configured Exchange ActiveSync for members
of the Executives group.
10
Lab Answer Key: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
2.
Right-click 10233B-VAN-DC1 in the Virtual Machines list, and then click Revert.
3.
4.
Repeat these steps for 10233B-VAN-EX1, and 10233B-VAN-EX2. Close the virtual machine connection
windows.
5.
In the Virtual Machines pane, click 10233B-VAN-DC1, and then in the Actions pane, click Start.
6.
To connect to the virtual machine for the next modules lab, click 10233B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the 10233B-VAN-DC1 virtual machine first, and ensure that it is fully
started before starting the other virtual machines.
7.
Wait for 10233B-VAN-DC1 to start, and then start 10223A-VAN-EX1. Connect to the virtual
machine.
8.
Wait for 10233B-VAN-EX1 to start, and then start 10223A-VAN-EX2. Connect to the virtual machine.
9.
Wait for 10233B-VAN-EX2 to start, and then start 10223A-VAN-EDG. Connect to the virtual
machine.
Lab Answer Key: Planning and Deploying Message Transport in Microsoft Exchange Server 2010
Module 5
Lab Answer Key: Planning and Deploying Message Transport
in Microsoft Exchange Server 2010
Contents
Exercise 1: Designing a Message Routing Topology
Lab Answer Key: Planning and Deploying Message Transport in Microsoft Exchange Server 2010
Adatum_CurrentADSiteDesign.vsd
Adatum_Info.vsd
Task 2: Modify the A. Datum current AD DS site design diagram with proposed
changes to the site design
1.
Use callouts in the following diagram to document proposed changes to the site design. For each
proposed change, provide:
2.
3.
Document message flow within the organization. Document the changes that you will need to make
to the AD DS configuration to enable optimal message flow.
Note
Lab Answer Key: Planning and Deploying Message Transport in Microsoft Exchange Server 2010
Adatum_ProposedADSiteDesign.vsd
Results: After this exercise, you should have successfully modified the A. Datum AD DS site design.
Lab Answer Key: Planning and Deploying Message Transport in Microsoft Exchange Server 2010
Adatum_CurrentPerimeterDesign.vsd
Adatum_Info.vsd
Task 2: Modify the A. Datum current perimeter design diagram with proposed
changes to the site design
1.
Use callouts in the following diagram to document proposed changes to the perimeter design. For
each proposed change, provide:
2.
Indicate whether you need to deploy any additional server roles in each AD DS site.
3.
4.
Indicate any other infrastructure changes that you must implement to meet your design
requirements.
5.
For each company location, document how messages are delivered to the Internet, and how inbound
messages are delivered to internal recipients.
Note
Lab Answer Key: Planning and Deploying Message Transport in Microsoft Exchange Server 2010
Adatum_ProposedPerimeterDesign.vsd
Results: After this exercise, you should have successfully designed the A. Datum messaging perimeter.
Lab Answer Key: Planning and Deploying Message Transport in Microsoft Exchange Server 2010
The current site link setting will create very inefficient message routing. By default, the
DefaultIPSiteLink site link has a cost of 100, which means that all messages will be routed directly
to the site with the closest proximity. To use the network connections with the highest bandwidth
and ensure that messages are queued outside the main offices if a destination server is
unavailable, you must make the following changes:
The LondonSite to SanDiegoSite connection must have a higher cost than the LondonSiteVancouverSite-SanDiegoSite connection.
The LondonSite to ChennaiSite connection must have a higher cost than the LondonSiteTokyoSite-ChennaiSite connection.
The VancouverSite to TokyoSite connection must have a higher cost than the VancouverSiteLondonSite-TokyoSite connection.
You must create new site links to implement these changes. At a minimum, you will need new
three new site links:
LondonSite to SanDiegoSite
LondonSite to ChennaiSite
VancouverSite to TokyoSite
The cost for the new site links must be 201 or higher, or the routes Exchange cost must be
assigned at 201 or higher.
You should merge LondonSite and LondonSite2 to address the issues of messages remaining in
the categorizer queue, and with the global address list (GAL) lookups for clients. This enables the
LondonSite clients to access the global catalog server in the LondonSite2 location, and does not
require deployment of an additional domain controller.
You must deploy at least one Mailbox server role, one Hub Transport server role, and one Client
Access server role in each site.
Recommendation: Retain the domain controller in Chennai, and build the secure server room. If
this is not done, the users in Chennai will have a very poor experience, as the logon process and
access to any email services will be very slow. As an alternative, you could propose upgrading the
network connection between Chennai and London, or between Chennai and Tokyo.
Question: If your recommended changes are implemented, how will messages flow between
the AD DS sites? Where will messages be queued in the event of a server or network
connection failure?
Answer: Message routing will flow as follows:
Lab Answer Key: Planning and Deploying Message Transport in Microsoft Exchange Server 2010
Move the mailboxes for Outlook Web App users from Chennai to London or Tokyo.
Significantly increase the bandwidth between Tokyo and Chennai, or between London and
Chennai.
Question: What additional information should you consider when designing message
routing in this scenario?
Answer: In a real-world scenario, an important additional piece of information that you need
is how many messages are sent between company locations. This may affect the design, and
in particular, this information may help to resolve some of the conflicting requirements.
Results: After this exercise, you should have successfully improved on the A. Datum AD DS and message
routing design.
Lab Answer Key: Planning and Deploying Message Transport in Microsoft Exchange Server 2010
On VAN-EX1, click Start, point to All Programs, click Microsoft Exchange Server 2010, and then
click Exchange Management Console.
2.
3.
In Exchange Management Console, click Toolbox, and then double-click Routing Log Viewer.
2.
In Routing Log Viewer, click the File menu, and then click Open log file.
3.
In the Open Routing Table Log File dialog box, click Browse server files.
4.
In the Open dialog box, double-click the most recently created file in the list.
5.
In Routing Log Viewer, on the Active Directory Sites & Routing Groups tab, expand Active
Directory sites.
6.
Expand Default-First-Site-Name.
Question: Is Default-First-Site-Name a hub site?
Answer: No
7.
Expand Servers.
8.
9.
Lab Answer Key: Planning and Deploying Message Transport in Microsoft Exchange Server 2010
In Exchange Management Console, and in the navigation pane, click Organization Configuration.
2.
In Organization Configuration, click Hub Transport, and in the results pane, click the Accepted
Domains tab.
3.
4.
In the New Accepted Domain Wizard, in the Name box, type Contoso.
5.
6.
7.
2.
In the New Send Connector Wizard, in the Name box, type Contoso Connector.
3.
In the Select the intended use for this Send Connector list, click Partner, and then click Next.
4.
5.
In the SMTP Address Space dialog box, in the Address box, type Contoso.com.
6.
Select the Include all subdomains check box, in the Cost box, type 10, and then click OK.
7.
8.
9.
Task 5: Update the default site configuration with Exchange Server-specific values
1.
Click Start, point to All Programs, click Microsoft Exchange Server 2010, and then click Exchange
Management Shell.
2.
At the Shell, type the following command, and then press Enter:
set-AdSite id Default-First-Site-Name HubSiteEnabled $true
3.
At the Shell, type the following command, and then press Enter:
set-AdSiteLink id DEFAULTIPSITELINK ExchangeCost 25
4.
Switch to VAN-EDG.
2.
Click Start, point to All Programs, click Microsoft Exchange Server 2010, and then click Exchange
Management Shell.
10
Lab Answer Key: Planning and Deploying Message Transport in Microsoft Exchange Server 2010
3.
At the Exchange Management Shell, type the following command, and then press Enter:
new-edgesubscription filename C:\EdgeSubscriptionExport.xml
4.
5.
At the Exchange Management Shell, type the following command, and then press Enter:
copy c:\EdgeSubscriptionExport.xml \\VAN-EX1\c$
6.
7.
In the Exchange Management Console, in the Actions pane, click New Edge Subscription.
8.
In the New Edge Subscription Wizard, on the New Edge Subscription page, adjacent to the Active
Directory site box, click Browse.
9.
10. On the New Edge Subscription page, adjacent to the Subscription file box, click Browse.
11. In the File name box, type C:\EdgeSubscriptionExport.xml, and then click Open.
12. On the New Edge Subscription page, click New.
13. When prompted, click Finish.
Note
In Exchange Management Console, click Toolbox, and then double-click Routing Log Viewer.
2.
In Routing Log Viewer, click the File menu, and then click Open log file.
3.
In the Open Routing Table Log File dialog box, click Browse server files.
4.
In the Open dialog box, double-click the most recent file in the list.
5.
In Routing Log Viewer, on the Active Directory Sites & Routing Groups tab, expand Active
Directory sites.
6.
Expand Default-First-Site-Name.
Question: Is Default-First-Site-Name a hub site?
Answer: Yes.
7.
8.
9.
Contoso Connector
Lab Answer Key: Planning and Deploying Message Transport in Microsoft Exchange Server 2010
11
2.
Right-click 10233B-VAN-DC1 in the Virtual Machines list, and then click Revert.
3.
4.
Repeat these steps for 10233B-VAN-EX1, 10233B-VAN-EX2, and 10233B-VAN-EDG. Close the virtual
machine connection windows.
5.
In the Virtual Machines pane, click 10233B-VAN-DC1, and then in the Actions pane, click Start.
6.
To connect to the virtual machine for the next modules lab, click 10233B-VAN-DC1, and then in the
Actions pane, click Connect.
Note Start the 10233B-VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.
7.
Wait for 10233B-VAN-DC1 to start, and then start 10233B-VAN-EX1. Connect to the virtual
machine.
8.
Wait for 10233B-VAN-EX1 to start, and then start 10233B-VAN-CL1. Connect to the virtual machine.
Module 6
Lab Answer Key: Planning and Deploying Messaging Security
Contents
Exercise 1: Designing Message Security
Review the contents of the Message Security Requirements section in the Security Requirements.doc.
Task 2: Modify the A. Datum Proposed Security Policies document with a proposed
message security plan
Complete the relevant section of the following document. In the document, provide:
Jason Carlson
12th March 2010
Configuration details
Block all messages with a Company Internal classification from being sent
to the Internet.
Send a response to users indicating they are not allowed to send messages
with this classification to the Internet.
Classification
(continued)
A. Datum Proposed Security Policies
Message Security Components
Component type
Configuration details
Configure a Receive connector that will accept connections only from the
Brussels law firms SMTP servers IP address.
Configure a Send connector that will use the law firms SMTP server as a
smart host.
Configure an address space on the SMTP Send connector that matches the
domain name of the law firm.
Configure the security on the Send and Receive connector as externally
secured.
S/MIME
configuration for
Office Outlook
Additional notes
Note
Question: How did you address the need to exchange secure email between A. Datum
Corporation and Contoso, Ltd.?
Answer: The design calls for the Domain Security solution to ensure that all email messages
are encrypted and connections are authenticated.
Question: Does your organization have a requirement for the Domain Security solution?
What barriers will there be to adopting this solution?
Answer: The Domain Security solution requires that you negotiate with the partner
organization to ensure that their Exchange Servers also are configured to support Domain
Security. This may be an issue in some organizations.
Results: After this exercise, you should have successfully designed message security for A Datum.
Review the contents of the Virus and Spam Filtering Requirements in the Security Requirements.doc.
Task 2: Modify the A. Datum Proposed Security Policies document with a proposed
antivirus and anti-spam solution
Complete both the Anti-Spam and Antivirus Solution Components section of the following
document. In the document, provide:
Jason Carlson
12th March 2010
Configuration details
Anti-spam software
Must be installed on each Edge Transport server that will accept incoming
email from the Internet.
Configure the IP Allow List setting on the Edge Transport server to use the
IP Allow List provider.
Configure the IP Block List setting on the Edge Transport server to use the
IP Block List providers.
SMTP connectors
The messages from Contoso, Ltd will not be scanned for spam, because the
messages are Domain Secured. The messages from the law firm will not be
scanned for spam, because the messages will be treated as authenticated.
In order to implement content filtering, but still ensure that not too many
false positives are filtered, configure a content filtering Quarantine mailbox,
and then regularly monitor the Quarantine mailbox for false positives.
Modify the content filter as required to reduce false positives.
Sender ID filtering
Safelist aggregation
Blocked recipient lists Add the SMTP addresses for all distribution lists with more than 200
members to the blocked recipients list on the Edge Transport servers.
Note: You can also configure the distribution list properties to accept
messages from only authenticated users.
(continued)
A. Datum Proposed Security Policies
Antivirus Solution Components
Component type
Configuration details
Antivirus software
Must be installed on each Edge Transport server that will accept incoming
email from the Internet, and on each Hub Transport server in the
organization.
Antivirus software
Antivirus stamping
Antivirus update
Additional notes
Note
Question: How did you design the antivirus and anti-spam solution for A. Datum
Corporation? How does this compare to the solution you would implement for your
organization?
Answer: Organizations will have varying requirements for designing the antivirus and antispam solutions.
Results: After this exercise, you should have successfully designed an antivirus and anti-spam strategy for
A Datum.
On VAN-DC1, click Start, in the Search box, type mmc, and then press Enter.
2.
3.
In the Add or Remove Snap-ins dialog box, in the Available snap-ins list, double-click Certificate
Templates, and then click OK.
4.
5.
In the details pane, right-click the User template, and then click Duplicate Template.
6.
In the Duplicate Template dialog box, click Windows Server 2003 Enterprise, and then click OK.
7.
In Properties of New Template dialog box, on the General tab, in the Template display name box,
type S/MIME Certificate.
8.
9.
In the Group or user names list, click Domain Users (ADATUM\Domain Users).
10. In Permissions for Domain Users, under Allow, select the Enroll and Autoenroll check boxes, and
then click OK.
11. Close Console1, and do not save changes.
Click Start, point to Administrative Tools, and then click Certification Authority.
2.
In certsrv [Certification Authority (Local)], expand AdatumCA, and then click Certificate
Templates.
3.
Right-click Certificate Templates, point to New, and then click Certificate Template to Issue.
4.
In the Enable Certificate Templates dialog box, in the Name list, double-click S/MIME Certificate.
5.
Click Start, point to Administrative Tools, and then click Group Policy Management.
2.
If necessary, expand Forest: Adatum.com, expand Domains, expand Adatum.com, and then click
Default Domain Policy. Click OK to close the Group Policy Management Console prompt.
3.
4.
In Group Policy Management Editor, expand User Configuration, expand Policies, expand Windows
Settings, expand Security Settings, and then click Public Key Policies.
5.
6.
In the Certificate Services Client Auto-Enrollment Properties dialog box, in the Configuration
Model list, click Enabled.
7.
In the Certificate Services Client Auto-Enrollment Properties dialog box, select both the Renew
expired certificates, update pending certificates, and remove revoked certificates and the
Update certificates that use certificate templates check boxes, and then click OK.
8.
Close Group Policy Management Editor, and then close Group Policy Management.
Switch to VAN-CL1.
2.
Click Start, in the Search box, type cmd, and then press Enter.
3.
At the command prompt, type gpupdate /force, and then press Enter.
4.
5.
Password: Pa$$w0rd
Domain: Adatum
2.
Click Start, in the Search box, type mmc, and then press Enter.
3.
4.
In the Add or Remove Snap-ins dialog box, in the Available snap-ins list, double-click Certificates,
and then click OK.
5.
In the console tree, expand Certificate Current User, expand Personal, and then click Certificates.
6.
Verify the presence of a certificate based on the Secure/Multipurpose Internet Mail Extensions
(S/MIME) Certificate template, and then close Console1. Do not save settings.
Click Start, point to All Programs, click Microsoft Office, and then click Microsoft Outlook 2010.
2.
3.
On the Email Accounts page, click Yes, and then click Next.
4.
5.
6.
7.
In the Welcome to the Microsoft Office 2010 wizard, click Dont make changes and then click OK.
8.
9.
Log off.
Password: Pa$$w0rd
Domain: Adatum
2.
Click Start, in the Search box, type mmc, and then press Enter.
3.
4.
In the Add or Remove Snap-ins dialog box, in the Available snap-ins list, double-click Certificates,
and then click OK.
5.
In the console tree, expand Certificate Current User, expand Personal, and then click Certificates.
6.
Verify the presence of a certificate based on the S/MIME Certificate template, and then close
Console1. Do not save settings.
Click Start, point to All Programs, click Microsoft Office, and then click Microsoft Outlook 2010.
2.
3.
On the E-mail Accounts page, click Yes, and then click Next.
4.
5.
6.
7.
In the Welcome to the Microsoft Office 2010 wizard, click Dont make changes and then click OK.
2.
In the Untitled Message (HTML) dialog box, in the To box, type Scott, and then press the CTRL+K
keys.
3.
4.
5.
6.
7.
In the Security Properties dialog box, select the following check boxes, and then click OK:
8.
In the Properties dialog box, click Close, and then click Send.
9.
10
Password: Pa$$w0rd
Domain: Adatum
2.
Click Start, point to All Programs, click Microsoft Office, and then click Microsoft Outlook 2010.
3.
4.
In the message, click the padlock symbol. Read the information, and then click Close.
5.
In the message, click the symbol next to the padlock symbol. Read the information, and then click
Close.
Results: After this exercise, you should have successfully implemented some aspects of the messaging
security design for A Datum.
2.
Right-click 10233B-VAN-DC1 in the Virtual Machines list, and then click Revert.
3.
4.
Repeat these steps for 10233B-VAN-EX1 and 10233B-VAN-CL1. Close the virtual machine connection
windows.
5.
In the Virtual Machines pane, click 10233B-VAN-DC1, and then in the Actions pane, click Start.
6.
To connect to the virtual machine for the next modules lab, click 10233B-VAN-DC1, and then in the
Actions pane, click Connect.
Note Start the 10233B-VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.
7.
Wait for 10233B-VAN-DC1 to start, and then start 10233B-VAN-EX1. Connect to the virtual machine.
Module 7
Lab Answer Key: Planning and Deploying Messaging
Compliance
Contents:
Exercise 1: Planning a Message Transport Implementation
Jason Carlson
15th Apr 2010
Requirement Overview
Determine how you will manage message transport.
Proposals
Question: Are transport rules required? If so, how should you configure them?
Answer: Yes. Four transport rules are required.
The first transport rule applies to Internet-delivered messages for the Sales group, and adds a
disclaimer to each email message.
The second transport rule applies to Internet-delivered messages for everyone except the Sales
group, and adds a disclaimer to each email message. An exception excludes members of the Sales
group.
The third transport rule applies to Internet-delivered messages with the Company Internal
classification, and blocks these messages.
The fourth transport rule applies to messages classified as Acquisitions Confidential. Exchange
Server blocks these messages if they are addressed to anyone other than the Strategic Acquisitions
team.
Question: Is message moderation required? If so, how should you configure it?
Answer: No. There are no requirements that indicate a need for message moderation.
Question: Are message classifications required? If so, how should you configure them?
Answer: Yes. You must create two classifications: Company Internal, and Strategic Acquisitions.
Note
Results: After this exercise, you should have created a message transport plan.
Question: In the Message Compliance Interview, what points are raised that impact your message
journaling and archiving plan?
Answer:
You must create personal archives to replace personal folders (PST) files.
Auditors must be able to prevent specific users from deleting messages and must be able to review
the saved messages for those users.
Auditors need to monitor and review messages sent to the Executives group.
Jason Carlson
15th Apr 2010
Requirement Overview
Determine how you will configure journaling and archiving.
Proposals
Question: Are personal archives required?
Answer: Yes. That is an explicit requirement.
Question: Should you remove PST files?
Answer: Yes. PST files are a management problem. You should prevent users from creating new
PST files, and you should provide them with instructions about how to move the content from PST
files to personal archives.
Question: How can users access personal archives? Does this affect which users will receive
personal archives usage?
Answer: Users can access personal archives by using the Microsoft Office Outlook 2010
messaging client, Office Outlook 2007, or Microsoft Outlook Web App. You may want to enable
personal archives only after users upgrade to a version of Outlook that supports personal archives.
(continued)
A. Datum Journaling and Archiving Plan
Question: Is journaling required? If so, how should you configure it?
Answer: Yes. The Executives group requires journaling. You can create a journal rule for messages
sent to this group.
Question: How can you prevent users from deleting messages?
Answer: Enable mailboxes with litigation holds to prevent the mailbox owners from deleting
messages.
Question: Can auditors prevent users from deleting messages?
Answer: Yes. You can assign auditors to the Legal Hold management role. The auditors can then
enable a litigation hold on a mailbox-by-mailbox basis.
Note
Results: After this exercise, you should have created a journaling and archiving plan.
Question: In the Message Compliance Interview, what points are raised that impact your MRM plan?
Answer:
Jason Carlson
15th Apr 2010
Requirement Overview
Determine how you will implement MRM.
Proposals
Question: Will you use managed folder policies for MRM? If so, how should you configure them?
Answer: No, you will not use managed folder policies, because there are no requirements for them.
Managed folder policies cannot archive messages.
Question: Will you use retention policies for MRM? If so, how should you configure them?
Answer: Yes, you will use retention policies, because you can meet all of the requirements by using
them. The retention policies apply if a mailbox is on Exchange Server 2010.
Create one retention policy, in which the:
Default policy tag archives messages after one year.
Archive policy tag removes deleted items after 30 days.
Personal tag allows items to not be archived.
Apply the retention policy to all mailboxes on the Exchange Server 2010 Mailbox servers.
Note
Results: After this exercise, you should have created an MRM plan.
On VAN-EX1, click Start, point to All Programs, click Microsoft Exchange Server 2010, and then
click Exchange Management Shell.
2.
At the shell, type the following command, and then press ENTER:
New-MessageClassification -name Company Internal DisplayName Company Internal
-DisplayPrecedence Highest -RetainClassificationEnabled $true
-SenderDescription This message is for internal distribution only; it will not be
forwarded on to the Internet
3.
At the shell, type the following command, and then press ENTER:
New-SystemMessage DsnCode 5.7.999 Text Internal recipients only
Internal $True Language En
4.
Click Start, point to All Programs, click Microsoft Exchange Server 2010, and then click Exchange
Management Console.
5.
6.
Click the Hub Transport node, and then, in the Actions pane, click New Transport Rule.
7.
In the New Transport Rule Wizard, on the Introduction page, in the Name box, type Company
Internal Rule, and then click Next.
8.
On the Conditions page, in the Step 1: Select condition(s) list, select the sent to users that are
inside or outside the organization, or partners check box.
9.
In the Step 2: Edit the rule description by clicking an underlined value box, click Inside the
organization.
10. In the Scope list, click Outside the organization, and then click OK.
11. In the Step 1: Select condition(s) list, select the marked with classification check box.
12. In the Step 2: Edit the rule description by clicking an underlined value box, click classification.
13. In the Select message classification window, click Company Internal, and then click OK.
14. On the Conditions page, click Next.
15. On the Actions page, in the Step 1: Select actions list, select the send rejection message to sender
with enhanced status code check box.
16. In the Step 2: Edit the rule description by clicking an underlined value box, click rejection
message.
17. In the Specify rejection message dialog box, in the Bounce message box, type Messages
classified as Company Internal cannot be sent to the Internet, and then click OK.
18. In the Step 2: Edit the rule description by clicking an underlined value box, click enhanced
status code.
19. In the Specify Enhanced Status Code dialog box, in the text box, type 5.7.999, and then click OK.
On VAN-EX1, click Start, point to All Programs and then click Internet Explorer.
2.
In the address bar for the Microsoft Internet Explorer browser, type
https://van-ex1.adatum.com/owa, and then press ENTER.
3.
4.
5.
In the Password box, type Pa$$w0rd, and then click Sign in.
6.
7.
8.
9.
10. In the menu bar, click the Permission button, and then click Company Internal.
11. Click Send.
12. After a moment, click the new message.
Question: Was the delivery successful?
Answer: No.
13. Scroll through the message.
Question: What error do you see?
Answer: #550 5.7.999 Messages classified as Company Internal cannot be sent to the Internet # #
14. Close Internet Explorer.
ON VAN-EX1, in the Exchange Management Console, expand Recipient Configuration, and then
click Mailbox.
2.
3.
Configure the filter as Database Equals Mailbox Database 1, and then click Apply Filter.
4.
5.
6.
7.
Select the Select a specific mailbox database rather than having on selected automatically
check box.
8.
Click the Browse button, click Mailbox Database 1, and then click OK.
9.
2.
Click the Retention Policy Tags tab, and then read the list of retention policy tags.
3.
Click the Retention Policies tab, and then double-click Default Archive and Retention Policy.
4.
In the Default Archive and Retention Policy Properties window, on the General tab, review the list
of retention policy tags that are part of this policy.
5.
Click the Mailboxes tab, and then review the list of mailboxes that this retention policy is applied to.
6.
Click Cancel.
On VAN-EX1, in the Exchange Management Console, in the Actions pane, click New Retention
Policy Tag.
2.
In the New Retention Policy Tag Wizard, on the Introduction page, enter the following, and then
click New:
3.
4.
5.
In the New Retention Policy Tag Wizard, on the Introduction page, enter the following, and then
click New:
Action to take when the age limit is reached: Delete and Allow Recovery
6.
7.
8.
In the New Retention Policy Wizard, on the Introduction page, in the Name box, type Standard
Mailbox Retention Policy.
9.
Click Add, click Default 1 year archive, and then click OK.
10. Click Add, click Deleted Items 30 day removal, and then click OK.
11. Click Next.
12. On the Select Mailboxes page, click Next.
13. On the New Retention Policy page, click New.
14. On the Completion page, click Finish.
2.
3.
Configure the new expression as Recipient Details Does Not Equal Discovery Mailbox, and then
click Apply Filter.
4.
5.
6.
In the User Mailbox Properties window, click the Mailbox Settings tab.
7.
On the Mailbox Settings tab, click Messaging Records Management, and then click Properties.
8.
In the Messaging Records Management window, select the Apply Retention Policy check box.
9.
Click Browse, click Standard Mailbox Retention Policy, and then click OK.
2.
Right-click 10233B-VAN-DC1 in the Virtual Machines list, and then click Revert.
3.
10
4.
Repeat these steps for 10233B-VAN-EX1, 10233B-VAN-EX2, and 10233B-VAN-EX3. Close the virtual
machine connection windows.
5.
In the Virtual Machines pane, click 10233B-VAN-DC1, and then, in the Actions pane, click Start.
6.
To connect to the virtual machine for the next modules lab, click 10233B-VAN-DC1, and then, in the
Actions pane, click Connect.
Important: Start the 10233B-VAN-DC1 virtual machine first, and ensure that it is fully
started before starting the other virtual machines.
7.
Wait for 10233B-VAN-DC1 to start, and then start 10223B-VAN-EX1. Connect to the virtual machine.
8.
Wait for 10233B-VAN-EX1 to start, and then start 10223B-VAN-EX2. Connect to the virtual machine.
9.
Wait for 10233B-VAN-EX2 to start, and then start 10223B-VAN-EX3. Connect to the virtual machine.
Module 8
Lab Answer Key: Planning and Deploying High Availability
Contents:
Exercise 1: Designing High Availability for Exchange Servers
Network Configuration
Question: In the High Availability Interviews, what points are raised that impact your high availability
design, and how do they impact it?
Answer: The High Availability Interviews raises the following points:
The Chief Information Officer (CIO) wants all locations to be highly available. A single server failure
should not affect functionality. This means that all server roles in all locations must be highly
available.
There is limited bandwidth on the wide area network (WAN) links. The WAN links may need to be
upgraded if transaction logs are replicated across them.
The major sites with more than 3,000 users should be configured with an alternate site for disaster
recovery. The alternate site for disaster recovery should be in a different city, in case of a major
infrastructure problem.
The major sites are using dedicated mailbox servers. Any restrictions caused by combining roles do
not apply in the major sites.
Existing Mailbox servers are at capacity, and should not be used to host passive database copies. The
major sites require additional Mailbox servers specifically for hosting failed-over databases.
Smaller sites are currently supported by only a single server with combined roles. An additional server
must be added to support high availability.
Logical corruption should be prevented for 6 hours in each database availability group (DAG). There
should be one lagged copy in each DAG with a 6 hour delay.
Question: Is there anything in the User Distribution Summary that raises high availability issues? If so,
what is it?
Answer: The User Distribution Summary raises the following points:
It provides information about the number of users in each site. These figures are used to determine
whether offsite disaster recovery is required.
Question: Is there anything in the Network Configuration that raises high availability issues? If so, what is
it?
Answer: The Network Configuration raises the following points:
All sites except for LondonSite2 have a connection to the Internet. All sites with a connection to the
Internet have Edge Transport servers.
SanDiegoSite does not allow inbound traffic to Client Access servers. Access to the SanDiego Client
Access servers will be proxied through other sites.
Task 3: Document the required configuration for the San Diego site
Jason Carlson
24th April 2010
Requirement Overview
Determine how high availability will be provided for all server roles in San Diego.
Additional Information
Identify infrastructure changes that may be required due to the proposed deployment.
Proposals
Question: Will this site have offsite disaster recovery? If so, where should that site be located?
Answer: No, this is a small site with only 500 users. Offsite disaster recovery is not part of the
requirements.
Question: How do you provide high availability for databases?
Answer: Provide high availability by creating a DAG.
Question: How do you provide high availability for Client Access servers?
Answer: Provide high availability by creating a client access array.
Question: How do you provide high availability for message transport?
Answer: Provide high availability by installing a second Hub Transport server.
Question: Is high availability required for the Edge Transport server role?
Answer: Yes, outgoing mail is routed through a local Edge Transport server. To make it highly
available, there should be two Edge Transport servers in the San Diego site.
(continued)
A. Datum High Availability Design for San Diego
Question: How many Exchange servers will be located in this site? Which roles will they host?
Answer: There will be four servers, and in the perimeter network there will be two Edge Transport
servers.
On the internal network, there will be two Exchange servers. Each Exchange server on the internal
network will have the Mailbox, Hub Transport, and Client Access server roles.
Question: How will databases be configured on the DAG members?
Answer: Half of the active databases will be located on each server, with passive copies on the
other server. Even though a single server has the capacity to support all mailboxes, splitting the
load may improve performance.
Each passive database copy will be configured with a 6-hour replay lag to prevent logical
corruption of both databases.
Question: How will load balancing be performed for the Client Access server role?
Answer: Hardware load balancing must be used, because DAG members cannot be part of a
Network Load Balancing (NLB) cluster.
Question: Is any additional configuration required for the Hub Transport server role?
Answer: No, you can achieve high availability just by having two Hub Transport servers.
Jason Carlson
24th April 2010
Requirement Overview
Determine how high availability will be provided for all server roles in Vancouver.
Additional Information
Identify infrastructure changes that may be required due to the proposed deployment.
Proposals
Question: Will this site have offsite disaster recovery? If so, where should that site be located?
Answer: Yes, this is a large site with 5,000 users. Offsite disaster recovery is required.
To reduce the cost of network connectivity, the offsite disaster recovery should be located in North
America. The San Diego site can be used for offsite disaster recovery. Network links to San Diego
from Vancouver may need to be improved with increased bandwidth for communication.
Question: How do you provide high availability for databases?
Answer: Provide high availability by creating a DAG, which will include a server in San Diego for
offsite disaster recovery.
(continued)
A. Datum High Availability Design for Vancouver
Question: How do you provide high availability for Client Access servers?
Answer: Provide high availability by creating a client access array in Vancouver. The client access
array in San Diego can be used when offsite disaster recovery is performed.
Question: How do you provide high availability for message transport?
Answer: Provide high availability by installing a second Hub Transport server in Vancouver. The
Hub Transport servers in San Diego will be used when offsite disaster recovery is performed.
Question: Is high availability required for the Edge Transport server role?
Answer: Yes, incoming and outgoing mail is routed through a local Edge Transport server. To make
it highly available, there should be two Edge Transport servers in the San Diego site.
Question: How many Exchange servers will be located in this site? Which roles will they host?
Answer: In the perimeter network, there will be two Edge Transport servers.
On the internal network there will be:
Two dedicated Hub Transport servers to provide high availability for message transport
within the site and between sites.
Three dedicated Client Access servers in a client access array. This ensures that even if a
Client Access server fails, there is sufficient capacity to support all users.
Three mailbox servers in Vancouver, and two additional Mailbox servers in San Diego. To
support the 6,000 users in Vancouver, two Mailbox servers are required. To provide high
availability in Vancouver, a third server is required. To provide site resilience, two Mailbox
servers are located in San Diego.
Question: How will databases be configured on the DAG members?
Answer: One third of the active databases will be located on each server, with passive copies on
another local server, and on a server in San Diego. Evenly spreading the load in Vancouver can
increase performance. In San Diego, two servers provide sufficient capacity to host all mailboxes, if
required.
Each passive database copy in San Diego will be configured with a 6-hour replay lag to prevent
logical corruption of the databases. Logical corruption is a very rare event. So, there will be no
replay lag for passive database copies in Vancouver.
Question: How will load balancing be performed for the Client Access server role?
Answer: The Client Access server role is not combined with the Mailbox server role. Therefore, NLB
can be used. It is also possible to use hardware load balancing, if desired.
Note
On VAN-DC1, click Start, point to Administrative Tools, and then click Active Directory Users and
Computers.
2.
In Active Directory Users and Computers, expand Adatum.com, and then click Builtin.
3.
4.
5.
In the Enter the object names to select box, type Exchange Trusted Subsystem, and then click
OK.
6.
7.
On VAN-EX3, click Start, point to All Programs, click Microsoft Exchange Server 2010, and then
click Exchange Management Console.
2.
3.
4.
5.
In the New Database Availability Group window, in the Database availability group name box,
type VancouverDAG.
6.
Select the Witness Server check box, and then type VAN-DC1.
7.
Select the Witness Directory check box, type C:\VanDAGWitness, and then click New.
Note Step 7 will generate a warning, because the witness server is not an Exchange Server.
This does not indicate a problem. The necessary permissions were configured in Task 1.
8.
9.
In the Exchange Management Console, right-click VancouverDAG, and then click Properties.
16. In the Exchange Management Console, right-click VancouverDAG, and then click Manage Database
Availability Group Membership.
17. In the Manage Database Availability Group Membership window, click Add.
18. In the Select Mailbox Server window, press the CTRL key while clicking to select VAN-EX1, VANEX2, and VAN-EX3, and then click OK.
19. In the Manage Database Availability Group Membership window, click Manage.
20. On the Completion page, click Finish.
On VAN-EX3, in the Exchange Management Console, click the Database Management tab, and then
click Mailbox Database 1.
2.
In the Actions pane, under Mailbox Database 1, click Add Mailbox Database Copy.
3.
In the Add Mailbox Database Copy window, click the Browse button.
4.
In the Select Mailbox Server window, click VAN-EX2, and then click OK.
5.
6.
7.
In the Actions pane, under Mailbox Database 1, click Add Mailbox Database Copy.
8.
In the Add Mailbox Database Copy window, click the Browse button.
9.
In the Select Mailbox Server window, click VAN-EX3, and then click OK.
14. In the Exchange Management Shell, type the following command, and then press ENTER:
Get-MailboxDatabase Mailbox Database 1 | Format-List ReplayLagTimes
15. In the Exchange Management Shell, type the following command, and then press ENTER:
Get-MailboxDatabaseCopyStatus Identity Mailbox Database 1\VAN-EX3
On the host computer, in the 10233B-VAN-EX1 window, click the Action menu, and then click Turn
Off.
2.
3.
On VAN-EX3, in the Exchange Management Console, in the Actions menu, click Refresh.
4.
VAN-EX1: ServiceDown
VAN-EX2: Mounted
VAN-EX3: Healthy
On the host computer, in the 10233B-VAN-EX1 window, click the Action menu, and then click Start.
2.
3.
4.
On VAN-EX3, in the Exchange Management Console, in the Actions menu, click Refresh.
Question: What is the status for Mailbox Database 1 on each server?
Answer: The status for Mailbox Database 1 on each server is as follows:
5.
VAN-EX1: Healthy
VAN-EX2: Mounted
VAN-EX3: Healthy
If the status of Mailbox Database 1 on VAN-EX1 is initializing, wait a few minutes, and then click
Refresh again. You may need to select Mailbox Database 1 on VAN-EX1 to refresh its status.
2.
Right-click 10233B-VAN-DC1 in the Virtual Machines list, and then click Revert.
3.
4.
Repeat these steps for 10233B-VAN-EX1, 10233B-VAN-EX2, and 10233B-VAN-EX3. Close the virtual
machine connection windows.
5.
In the Virtual Machines pane, click 10233B-VAN-DC1, and then, in the Actions pane, click Start.
6.
To connect to the virtual machine for the next modules lab, click 10233B-VAN-DC1, and then, in the
Actions pane, click Connect.
Important Start the 10233B-VAN-DC1 virtual machine first, and ensure that it is fully
started before starting the other virtual machines.
7.
Wait for 10233B-VAN-DC1 to start, and then start 10233B-VAN-EX1. Connect to the virtual machine.
8.
Wait for 10233B-VAN-EX1 to start, and then start 10233B-VAN-CL1. Connect to the virtual machine.
Module 9
Lab Answer Key: Planning a Disaster Recovery Solution
Contents:
Exercise 1: Planning Disaster Recovery for Vancouver
The failure of a single server should result in only minutes of downtime for users.
You can consider high availability as a replacement for backup if there are at least two local
copies of a database, and a remote database copy in another site.
To consider high availability as a replacement for backup, you must have one database copy that
is unaffected by logical corruption in another database copy for at least 12 hours.
Jason Carlson
5th May 2010
Requirement Overview
Determine how disaster recovery will be provided for all server roles in Vancouver.
Proposals
Question: Does this site require backups?
Answer: No. According to the service level agreement (SLA) requirements, you do not need to back
up a database availability group (DAG) with three copies, including site resilience. A three-member
DAG meets the requirement for no data loss when a single server fails. It also meets the
requirement for only minutes of downtime.
Question: Do you need to make any changes to the DAG to meet the SLA requirements?
Answer: Yes. The database copies in San Diego have only a 6-hour replay lag. The SLA specifies
that to use a DAG as a replacement for backup, you must have at least a 12-hour replay lag. A
longer replay lag provides more time to discover a corruption, and to stop the replay process.
(continued)
A. Datum Disaster Recovery Plan for Vancouver
Question: Are any changes required for deleted item retention?
Answer: Yes. The default retention time for deleted items is 14 days. The SLA specifies that you
must increase deleted-item retention to retain messages for 30 days. Also, you should enable
single-instance recovery on the Mailbox servers. This ensures that you can recover even harddeleted messages for the full 30 days.
Question: Are any changes required for deleted mailbox retention?
Answer: Yes. The default retention time for deleted mailboxes is 30 days. The SLA specifies that you
must increase deleted-mailbox retention to 60 days.
Question: Do you need to back up data on Client Access servers?
Answer: No, you do not need to back up each Client Access server. However, you do need to
document your configuration changes. If a Client Access server fails, you can replace it with a new
one, and then make the required configuration changes. You can copy customized webpages from
a remaining server, but it would be easier to have a copy of those pages stored elsewhere so that
you can easily restore them.
Question: Do you need to back up data on Hub Transport servers?
Answer: No. All Hub Transport configuration data is stored in Active Directory Domain Services
(AD DS), including the customized Receive connectors. When replacing a failed Hub Transport
server, reuse the same computer account to retain the configuration by installing in Recovery
mode.
Question: Do you need to back up data on Edge Transport servers?
Answer: No. There are two Edge Transport servers, so, you can export the configuration data from
the remaining server, and then import it to the new server. However, to speed up this process, you
could have a copy of the configuration data already exported and waiting for recovery.
Question: Would your backup plan change if public folders were present in Vancouver?
Answer: It depends on the type of data that is stored in the public folders. If the public folders
were being used only to support free/busy searches and offline address book downloads for
Microsoft Office Outlook 2003 clients, then a backup is not required. You can regenerate that
data. If the public folders are used for collaboration between users, then they do need to be backed
up, because public folder databases are not replicated in a DAG.
Note
Results: After this exercise, you should have created a disaster recovery plan for the Vancouver site.
The failure of a single server should result in only minutes of downtime for users.
You can consider high availability as a replacement for backup if there are at least two local
copies of a database, and a remote database copy in another site.
Messaging functionality must be recoverable within one hour. You can recover historical data up
to 24 hours later.
When recovering data from a backup, the maximum allowable data loss is four hours.
Any location that is not configured with site resilience must archive backups offsite for one week.
Task 3: Document the required configuration for the San Diego site
Jason Carlson
5th May 2010
Requirement Overview
Determine how disaster recovery will be provided for all server roles in San Diego.
Proposals
Question: Does this site require backups? If so, how will you perform backups?
Answer: Yes, the site requires backups, because the DAG does not have site resilience. Therefore,
you must perform a backup for mailbox databases. The two-member DAG will mean that the
backup is seldom required.
A disk-based backup solution is the most efficient way to perform backups. The data loss
requirements mean that a backup must be performed every four hours. If you use a disk-based
backup solutionsuch as Microsoft System Center Data Protection Managerthen each backup
will finish very quickly.
To meet the archive requirements, you must back up to tape once a week for offsite storage.
Question: Do you need to make any changes to the DAG to meet the SLA requirements?
Answer: No, this DAG does not require replay as part of the SLA, because a backup is being
performed.
Question: Are any changes required for deleted-item retention?
Answer: Yes. The default retention time for deleted items is 14 days. The SLA specifies that deleteditem retention must be increased to retain messages for 30 days. Also, you should enable singleinstance recovery on the Mailbox servers. This ensures that you can recover even hard-deleted
messages for 30 days.
Question: Are any changes required for deleted mailbox retention?
Answer: Yes. The default retention time for deleted mailboxes is 30 days. The SLA specifies that you
must increase deleted mailbox retention to 60 days.
Question: How will you meet the recovery requirement of one hour?
Answer: If a server or database fails, you can use dial-tone recovery to quickly restore basic
messaging functionality. Next, you can restore historical data to a recovery database, and merge
the historical data into the dial-tone database.
Question: Would your backup plan change if public folders were present in San Diego?
Answer: No, backups are already being performed.
Note
Results: After this exercise, you should have created a disaster recovery plan for the San Diego site.
On VAN-EX1, click Start, point to All Programs, click Microsoft Exchange Server 2010, and then
click Exchange Management Console.
2.
3.
On the Database Management tab, right-click Mailbox Database 1, and then click Properties.
4.
5.
6.
In the Keep deleted mailboxes for (days) box, type 60, and then click OK.
7.
Click Start, point to All Programs, click Microsoft Exchange Server 2010, and then click Exchange
Management Shell.
8.
In Exchange Management Shell, type the following command, and then press ENTER:
Set-Mailbox Luca SingleItemRecoveryEnabled $true
On VAN-CL1, if necessary, log off, and then log on as Luca using the password Pa$$w0rd.
2.
3.
4.
5.
6.
7.
8.
Click Roles & Auditing, and then click the Administrator Roles tab.
9.
Click the Discovery Management role group, and then click Details.
10. In the Role Group window, scroll to Members, click Add, double-click Andreas Herbinger, and then
click OK.
11. Click Save.
12. Close Internet Explorer.
On VAN-CL1, click Start, point to All Programs, click Microsoft Office, and then click Microsoft
Outlook 2010.
2.
3.
In the Untitled Message (HTML) window, type the following, and then click Send:
To: Luca
4.
In the Inbox, right-click the Test of SIR message, and then click Delete.
5.
6.
7.
8.
Click the Folder tab, and then click Recover Deleted Items.
9.
In the Recover Deleted Items From Deleted Items window, click Test of SIR, and then click the X
to purge the message.
2.
3.
4.
5.
6.
7.
8.
9.
In the New Mailbox Search window, in the Keywords area, type SIR.
20. In the new Outlook Web App window, click OK to accept the default language and time zone.
21. Click the Lucas lost message folder.
22. Expand Lucas lost message, and then click Results -date and time,.
On VAN-EX1, in the Exchange Management Shell, type the following command, and then press
ENTER:
New-RoleGroup Name ExportMail Roles Mailbox Import Export Members Andreas
On VAN-EX1, log off as Administrator, and then log on as Adatum\Andreas using the password
Pa$$w0rd.
2.
3.
In the Exchange Management Shell, type the following command, and then press ENTER:
Search-Mailbox Discovery Search Mailbox SearchQuery Subject:SIR TargetMailbox
Luca TargetFolder Recovered
4.
On VAN-CL1, in Microsoft Outlook 2010, in the folder list, expand Recovered, expand Discovery
Search MailboxDateandTime, expand Primary Mailbox, expand Lucas lost message, and then
click ResultsDateandTime.
Results: After this exercise, you should have implemented single-item recovery and recovered a message.
2.
Right-click 10233B-VAN-DC1 in the Virtual Machines list, and then click Revert.
3.
4.
Repeat these steps for 10233B-VAN-EX1, 10233B-VAN-EX2, and 10233B-VAN-EX3. Close the
virtual machine connection windows.
5.
In the Virtual Machines pane, click 10233B-VAN-DC1, and then, in the Actions pane, click Start.
6.
To connect to the virtual machine for the next modules lab, click 10233B-VAN-DC1, and then, in the
Actions pane, click Connect.
Important: Start the 10233B-VAN-DC1 virtual machine first, and ensure that it is fully
started before starting the other virtual machines.
7.
Wait for 10233B-VAN-DC1 to start, and then start 10223B-VAN-EX1. Connect to the virtual machine.
8.
Wait for 10233B-VAN-EX1 to start, and then start 10223B-VAN-EX2. Connect to the virtual machine.
9.
Wait for 10233B-VAN-EX2 to start, and then start 10223B-VAN-EX3. Connect to the virtual machine.
Lab Answer Key: Planning Microsoft Exchange Server 2010 Monitoring and Troubleshooting
Module 10
Lab Answer Key: Planning Microsoft Exchange Server 2010
Monitoring and Troubleshooting
Contents
Exercise 1: Establishing a Baseline for Performance
Lab Answer Key: Planning Microsoft Exchange Server 2010 Monitoring and Troubleshooting
On VAN-EX1, click Start, point to All Programs, point to Microsoft Exchange Server 2010, and
then click Exchange Management Console.
2.
In the console tree, expand Microsoft Exchange On-Premises (van-ex1.adatum.com), and then
click Toolbox.
3.
4.
5.
Expand Data Collector Sets, right-click User Defined, click New, and then click Data Collector Set.
6.
In the Name box, type Baseline, click Create manually (Advanced), and then click Next.
7.
On the What type of data do you want to include page, select the Performance counter check
box, and then click Next.
8.
On the Which performance counters would you like to log page, click Add.
9.
In the Available counters list, click and expand each of the following objects, and for each, click Add.
Memory
MSExchangeIS
MSExchangeIS Mailbox
MSExchangeTransport Queues
MSExchangeTransport SmtpReceive
MSExchangeTransport SmtpSend
Physical Disk
Processor
Server
System
Lab Answer Key: Planning Microsoft Exchange Server 2010 Monitoring and Troubleshooting
Task 2: Configure Load Generator with suitable values to simulate the required load
1.
2.
Click Start, point to All Programs, click Microsoft Exchange, and then click Exchange Load
Generator 2010.
3.
4.
5.
On the Specify test settings page, under Define the total length of the simulation, in the Hours
box, type 0.
6.
7.
8.
In the Mailbox Account Master Password box, type Pa$$w0rd, and then click Continue with
recipient management.
9.
On the User settings page, in the text box, type 12, and then click Distribute users evenly across
databases.
Use contacts
12. In the Number of contacts box, type 20 and then click Continue.
13. On the Specify test user groups page, click the PLUS SIGN (+).
14. In the resulting item, in the Client Type list, click Outlook 2007 Online.
15. On the Specify test user groups page, click the PLUS SIGN (+) sign.
16. In the resulting item, in the Client Type list, click Outlook 2007 Cached, and in the Action Profile
list, click Heavy.
17. Click Continue, and on the Remote configurations page, click Continue.
18. On the Configuration summary page, click Save the configuration file as.
19. In the Save As dialog box, in the File name box, type Baseline, and then click Save.
20. In the Configuration Saved dialog box, click OK.
21. Click Skip initialization phase and run the simulation immediately.
22. Switch to the VAN-EX1 computer.
Lab Answer Key: Planning Microsoft Exchange Server 2010 Monitoring and Troubleshooting
2.
3.
In the left pane, click System Monitor. Click the red X in the toolbar repeatedly to remove all
counters from the display.
4.
Press Ctrl+L.
5.
6.
In the Select Log File dialog box, double-click Admin, double-click Baseline, double-click the folder
that ends 000001, and then double-click DataCollector01.blg.
7.
8.
Click Add.
9.
10. In Available counters list, select Pages/sec, and then click Add.
11. Use the information in the following table to add additional counters.
Performance object
Counter
MSExchangeIS
RPC Requests
MSExchangeIS
User Count
MSExchangeIS Mailbox
MSExchangeIS Mailbox
Messages Delivered/sec
MSExchangeIS Mailbox
MSExchangeIS Mailbox
Messages Sent/sec
MSExchangeTransport Queues
MSExchangeTransport Queues
MSExchangeTransport Queues
Lab Answer Key: Planning Microsoft Exchange Server 2010 Monitoring and Troubleshooting
(continued)
Performance object
Counter
MSExchangeTransport SmtpReceive
Messages Received/sec
MSExchangeTransport SmtpSend
Messages Sent/sec
Physical Disk
% Disk Time
Physical Disk
Processor
% Processor Time
Server
Server
System
Note If Performance Monitor experiences problems, close and restart it. Then continue
from step 3.
12. Click OK, and then click OK again.
13. Click the down arrow on the toolbar, and then click Report.
14. View the counter values, and then complete the following table.
Counter
Memory Pages/sec
MSExchangeIS - User Count
MSExchangeIS - RPC Requests
MSExchangeIS Mailbox - Local delivery rate
MSExchangeIS Mailbox - Messages Delivered/sec
MSExchangeIS Mailbox - Messages Queued For
Submission
MSExchangeIS Mailbox - Messages Sent/sec
MSExchangeTransport Queues - Active Remote
Delivery Queue Length
MSExchangeTransport Queues - Retry Remote Delivery
Queue Length
MSExchangeTransport Queues - Submission Queue
Length
Average
Lab Answer Key: Planning Microsoft Exchange Server 2010 Monitoring and Troubleshooting
(continued)
Counter
Average
Note
Lab Answer Key: Planning Microsoft Exchange Server 2010 Monitoring and Troubleshooting
Task 1: Generate additional load with Load Generator to simulate the environment
of heavier than planned for usage
1.
Switch to VAN-DC1.
2.
3.
Click Use the following saved configuration file, and then click Browse.
4.
In the Please select a configuration file dialog box, double-click Baseline.xml, and then click
Continue.
5.
On the Specify test settings page, click Continue with recipient management.
6.
On the User settings page, in the text box, type 20, and then click Distribute users evenly across
databases.
7.
Click Continue.
8.
On the Advanced recipient settings page, select the following check boxes.
9.
Use contacts
10. On the Specify test user groups page, click the PLUS SIGN (+).
11. In the resulting item, in the Client Type list, click Outlook 2007 Online, and in the Action Profile
list, click Heavy.
12. On the Specify test user groups page, click the PLUS SIGN (+).
13. In the resulting item, in the Client Type list, click Owa2010Module, and in the Action Profile list,
accept the defaults.
14. Click Continue, and on the Remote configurations page, click Continue.
15. On the Configuration summary page, click Save the configuration file as.
16. In the Save As dialog box, in the File name box, type Adatum, and then click Save.
17. In the Configuration Saved dialog box, click OK.
18. Click Skip initialization phase and run the simulation immediately.
19. Switch to VAN-EX1.
Lab Answer Key: Planning Microsoft Exchange Server 2010 Monitoring and Troubleshooting
2.
3.
4.
In the Performance Monitor Properties dialog box, click the Source tab, and then click Remove.
5.
6.
In the Select Log File dialog box, click Up One Level, double-click the folder ending in 000002,
double-click DataCollector01.blg, and then click OK.
7.
View the counter values, and then complete the following table.
Counter
Memory Pages/sec
MSExchangeIS - User Count
MSExchangeIS - RPC Requests
MSExchangeIS Mailbox - Local delivery rate
MSExchangeIS Mailbox - Messages Delivered/sec
MSExchangeIS Mailbox - Messages Queued For
Submission
MSExchangeIS Mailbox - Messages Sent/sec
MSExchangeTransport Queues - Active Remote
Delivery Queue Length
MSExchangeTransport Queues - Retry Remote Delivery
Queue Length
MSExchangeTransport Queues - Submission Queue
Length
MSExchangeTransport SmtpReceive - Messages
Received/sec
MSExchangeTransport SmtpSend - Messages Sent/sec
Physical Disk - % Disk Time
Physical Disk - Avg. Disk Queue length
Average
Lab Answer Key: Planning Microsoft Exchange Server 2010 Monitoring and Troubleshooting
(continued)
Counter
Average
Results: After this exercise, you should have determined which server resources are likely to become
bottlenecked if server load continues to increase.
2.
Right-click 10233B-VAN-DC1 in the Virtual Machines list, and then click Revert.
3.
4.
You do not need to start any virtual machines, as this is the last lab of the course.
Module 11
Lab Answer Key: Upgrading to Microsoft Exchange Server
2010
Contents:
Exercise 1: Discussion: Reviewing the Exchange Server 2010 Design
Adatum_ProposedADSiteDesign.vsd
Adatum_ProposedPerimeterDesign.vsd
Exchange_Server_2003_Configuration.doc
Answer the questions in the A. Datum Upgrade Design Questions document, and then complete the
A. Datum Upgrade Design document.
A. Datum Upgrade Design
Document Reference Number: JC060610/1
Document Author
Date
Jason Carlson
6th June 2010
Requirement Overview
Describe the upgrade strategy for the A. Datum organization.
Proposals
Question: Based on what you know about the A. Datum organization, what would be a reasonable
timeline for completing this migration?
Answer: Answers will vary. Because this upgrade does not require any client reconfigurations for
users, the organization could pursue a fairly aggressive timeline. Estimates for completing the
upgrade should range from 3 to 12 months.
Question: What are the factors that will affect the timeline?
Answer: Factors that will impact the upgrade time line include:
Project budget
Resource availability (both personnel and hardware)
Test requirements
Question: Where will you perform the schema upgrade?
Answer: The schema upgrade must be done in the domain where the Schema Master is located. As
a best practice, you should disable schema replication on the Schema Master while performing the
upgrade. After the upgrade is successfully completed, you can re-enable replication. In a large
organization, allow enough time for the schema upgrade to replicate to all domain controllers
before you prepare the domains.
(continued)
A. Datum Upgrade Design
Question: What is the process for preparing domains for Exchange Server 2010?
Answer: Each domain with Exchange Server 2010 users or servers must be prepared. After the
schema upgrade has replicated to all domain controllers, you can run the setup with the
PrepareAllDomains option.
Question: How will you ensure that Exchange Server 2010 can coexist with Exchange Server 2003?
Answer: Run setup with the PrepareLegacyExchangePermissions option.
Question: Which site should be upgraded first?
Answer: London is the best site to upgrade first. The most experienced Exchange Server
administrators are likely located in London, as well as the central team of administrators who have
permission throughout the organization. London is also the site with the most users and the frontend servers for Exchange Server 2003.
Question: Which server role should be implemented first in that site?
Answer: The Client Access server role should be implemented first. It is required to provide
coexistence between Exchange Server 2003 and Exchange Server 2010.
Question: Should coexistence occur in multiple sites or a single location?
Answer: In general, it is better to limit coexistence to a single location to simplify the migration
process. If only a single location has coexistence, it is easy to configure message routing with a
single routing group connector. If time constraints dictate that multiple locations must have
coexistence, it is possible, but complexity increases.
Question: How will client access be configured to allow coexistence in the first site?
Answer: A client access array will be configured in the London site. The client access array will use
the external name of mail.adatum.com, which is currently used by the load-balanced front-end
servers for Exchange Server 2003. A new legacy.adatum.com name will be configured for the loadbalanced front-end servers. The Exchange Server 2010 Client Access servers will be configured with
the legacy URL for the Exchange Server 2003 front-end servers.
All users will initially connect to mail.adatum.com. Outlook Web Access users with Exchange
Server 2003 mailboxes will be redirected to the Exchange Server 2003 front-end servers. The
Exchange Server 2010 Client Access server will proxy connections for ActiveSync users. The
Exchange Server 2010 Client Access server will communicate directly with Exchange Server 2003
computers hosting mailboxes for Outlook Anywhere users.
Question: How will message transport be configured to allow coexistence in the first site?
Answer: The initial installation will have a single routing group connector between Exchange
Server 2010 and the London routing group. This will allow messages to be delivered between
Exchange Server 2003 and Exchange Server 2010.
Question: How will mailboxes be moved in the first site?
Answer: Mailboxes can be moved from Exchange Server 2003 to Exchange Server 2010 as soon as
all of the Exchange Server 2010 infrastructure is in place in London. Live mailbox moves are not
supported from Exchange Server 2003 to Exchange Server 2010. So, you will need to move
mailboxes outside of standard business hours or arrange for downtime to move mailboxes.
(continued)
A. Datum Upgrade Design
Question: How will you move Internet message delivery from Exchange Server 2003 to Exchange
Server 2010 and use Edge Transport servers?
Answer: Edge transport servers can be introduced before Exchange Server 2010 Hub Transport
servers, but there is no reason to do so because there is already an anti-spam solution in place.
After Exchange Server 2010 Hub Transport servers are introduced, then you can implement Edge
Synchronization, which simplifies the management of Edge Transport servers.
After Edge Synchronization is configured, then you can direct incoming messages to the new Edge
Transport servers rather than the existing anti-spam appliances. To support outgoing mail directly
from Exchange Server 2010 to the Internet, you must create a send connector. Then you must
disable outbound mail delivery from Exchange Server 2003 to the Internet.
Question: When you begin migrating the second site to Exchange Server 2010, what process will
you use?
Answer: The same process as was used in London. The Client Access server will be implemented
first, and then other server roles. After you verify that message delivery and all services work
correctly, you can begin migrating mailboxes in the site.
To ensure that message delivery is efficient, you should create an additional routing group
connector between Exchange Server 2010 and the routing group for the second site.
Question: How will you remove Exchange Server 2003?
Answer: Exchange Server 2003 cannot be completely removed until all mailboxes are migrated to
Exchange Server 2010. Any Exchange Server 2003 computers that no longer have mailboxes can be
uninstalled. Care should be taken to ensure that bridgehead servers are not accidentally removed,
which could affect message routing.
The Exchange Server 2003 front-end servers should be the last servers removed. They must remain
in place to provide external Outlook Web Access connectivity for all external users with Exchange
Server 2003 mailboxes.
Note
Results: After this exercise, you should have completed the A. Datum Upgrade document.
Lab Answer Key: Integrating Microsoft Exchange Server 2010 with Other Messaging Systems
Module 12
Lab Answer Key: Integrating Microsoft Exchange Server
2010 with Other Messaging Systems
Contents:
Exercise: Designing Exchange Server 2010 Integration with Office 365
Lab Answer Key: Integrating Microsoft Exchange Server 2010 with Other Messaging Systems
Jason Carlson
5th June 2010
Requirement Overview
Determine how to how migrate Northwind Traders email to Office 365.
Proposals
Question: Does this scenario require a hybrid implementation of Office 365?
Answer: Yes. For the best interoperability between the on-premises Exchange Server organization
for A. Datum and Office 365, you should implement a hybrid scenario.
Question: Will inbound routing be to the on-premises Exchange Server organization or to
Office 365?
Answer: Inbound routing should be through the on-premises Exchange Server organization. This
allows the Edge Transport server in London to perform anti-spam and antivirus scanning for all
messages. Using Microsoft Forefront Online Protection for Exchange (FOPE) in Office 365 to scan
all messages would be expensive because additional licenses for FOPE would need to be purchased
for thousands of A. Datum Corporation users that do not have Office 365 mailboxes.
Question: Will outbound routing be centralized or decentralized?
Answer: Outbound routing will be centralized through the on-premises Exchange Server
organization. This is the only way that the legal disclaimer that includes the company logo can be
applied to all outbound messages.
Question: How will you configure mail exchanger (MX) resource records?
Answer: After the mailboxes are moved, you should direct the MX records for
northwindtraders.com to the Edge Transport servers in the A. Datum Corporation data
center in London. The MX records for adatum.com are already directed to the Edge
Transport server in the A. Datum Corporation data center in London.
Question: How will you migrate mailboxes to Office 365?
Answer: The only option for migrating mailboxes from a POP3/IMAP messaging system to
Office 365 is to use the IMAP migration. This migrates mailbox contents through an Internet
message access protocol (IMAP) connection.
Lab Answer Key: Integrating Microsoft Exchange Server 2010 with Other Messaging Systems
(continued)
A. Datum Corporation and Northwind Traders Integration Plan
Question: Will you configure single sign-on?
Answer: Yes. There are 800 users at Northwind Traders. That large number of users will generate
many help desk calls if they cannot use the same user credentials for email logon as they use
internally for AD DS.
Question: Do you need to configure a user principal name (UPN) to support single sign-on?
Answer: Yes. You need to verify that the UPN for the adatum.com domain is configured to be
adatum.com. This matches the email addresses of the users. This should be configured before
directory synchronization begins as part of the hybrid deployment.
Question: What Active Directory Federation Services (AD FS) servers do you require to support
single sign-on?
Answer: To be highly available, there should be two load balanced federation servers and two load
balanced federation server proxies. The federation servers can be installed on existing domain
controllers because there are fewer than 1,000 users. The federation server proxies can be installed
on existing web or proxy servers in the perimeter network.
Question: What certificates do you need to support single sign-on?
Answer: Single sign-on with AD FS requires two certificates. One SSL certificate is installed on the
Default Web Site of the federation servers and federation server proxies. The subject of this
certificate needs to be an Internet routable domain name that matches the DNS name configured
for load balancing on federation servers and federation server proxies. The subject name also needs
to match the DNS name that is configured as the Federation Service name.
The federation servers also use a token-signing certificate that is automatically generated. No
configuration is required for the token-signing certificate.
Results: After this exercise, you should have created a plan to migrate Northwind Traders email to
Office 365.