Exchange Server is probably the most well-known of the .NET Enterprise Servers. Almost any organization will tell you that messaging, (a term which includes the most familiar form of message, email) is one of their most mission-critical applications, placing Exchange firmly in the spotlight. In many ways, Exchange is the perfect .NET Enterprise Server: It exists primarily to provide services directly to end users, rather than to developers or systems administrators. Exchange even has its own preferred client application, Microsoft Outlook, which takes full advantage of Exchange’s many features. Exchange is also the first of the .NET Enterprise Servers to repy completely upon Active Directory. While earlier versions of Exchange had their own directories and address lists, Exchange 2000 Server doesn’t: It relies entirely on Active Directory.
| For more information on prior—and future—versions of Exchange Server, see “Exchange Server,” p.704 |
Exchange Server is also the most constantly changing .NET Enterprise Server. As one of Microsoft’s most popular server applications, Exchange gets the most requests for new and changed features. Exchange 2000 Server, in fact, is so different from its predecessors that you might think Microsoft just started from scratch, instead of revising the earlier version (they didn’t, but a whole lot did change). In this chapter, I’ll introduce you to Exchange Server’s array of enterprise features, its new architecture, and the wide range of clients it supports. I’ll also show you several sample Exchange Server network designs, giving you a great starting point for incorporating Exchange into your own environment.
Note
Because prior versions of Exchange were so well-known and widely adopted, I’ll do a lot of comparisons between Exchange 2000 Server and those prior versions. The idea is to help leverage your existing Exchange knowledge to learn the new version. However, don’t worry if you’ve never worked with any version of Exchange. In addition to making comparisons, I’ll explain everything in enough detail that you’ll get all the benefit from this chapter.
Exchange’s primary purpose is email, although it supports other forms of messaging as well. Exchange is a server-based messaging system, which means the server receives email on behalf of users, and stores that email for the users. Users can connect to the server and view their email directly on the server, without having to download it to their client computers. Or, users can download the email to their client computers, which is useful for mobile users who can’t remain connected to the server while working with their email.
Exchange stores messages in an information store. The information store is simply a database, running on Microsoft’s Extensible Storage Engine (ESE). The ESE is the same database engine used by SharePoint Portal Server and Active Directory. The ESE is optimized for hierarchical storage, which is exactly what messaging systems need. Think about how an email Inbox is arranged into a hierarchy of folders and messages, much like the file system on a computer’s hard drive. The ESE is a transaction-based database, which means that changes submitted to the server are first written to a special transaction log. The appropriate data is loaded from the database into the server’s memory and changed. Every few seconds, the changed data in memory is written back out to the database, and the transaction log is marked to indicate which transactions are now safely in the database, or committed. In the event of a server failure, any changes still in memory would normally be lost. However, when Exchange restarts, it examines the transaction log for uncommitted transactions. If it finds any, it simply repeats those transactions, preventing a loss of data.
Note
The transaction process is very similar to the way SQL Server’s transaction-based database system works.
Exchange has a number of unique concepts around its messaging databases. A database, in Exchange terminology, consists of an EDB file that contains data formatted in either HTML or rich text, which includes most email messages. The database also includes an STM file, which includes other content—mainly file attachments such as audio or video formats—in their native format. The STM file is capable of streaming data, which means clients can begin using file attachments such as video and audio after receiving just the beginning of the file, and continue playing or using the file while the server continues to send it. The streaming technique provides a much better user experience than requiring users to wait until an entire file transfers to their client before allowing them to use that file.
Most Exchange Servers will contain at least two databases: a public store and a private store. The private store is where all personal email messages and their associated attachments are stored. A public store contains Exchange’s public folders, which can include discussion groups and other information designed to be accessible by groups of individuals within an organization (or even by Internet users). Within each store, Exchange uses single-instance storage. This means the store usually doesn’t contain more than one copy of a message. If the server receives a message addressed to 10 recipients, it keeps only one copy of the message, and includes pointers indicating which users received the message. When the last user deletes the message, the message is removed from the store.
Unlike prior versions of Exchange, each Exchange 2000 Server computer can contain multiple databases, enabling you to spread your users’ mailboxes across multiple files.
Note
The ability to configure multiple stores and databases is unique to Exchange’s Enterprise Edition. Currently, the Standard Edition is restricted to a single store with a single database.
Databases can be individually stopped, started, and restored, which helps minimize the number of users who are affected by a corrupted database file or other file-specific failure. Managing a large number of database files can be complex, however, so Exchange also has a concept called storage groups. A storage group is a set of private and/or public message stores that share a single set of transaction log files. Storage groups enable you to maintain large servers more easily, because you can administer the storage group as a single unit, rather than having to individually manage each store within the storage group. Exchange manages each storage group with a separate server process, which means you can also use storage groups to help evenly distribute a single Exchange server’s processing load. For example, if you have six private store databases on a server, configuring them into three storage groups will help ensure that each group receives approximately the same portion of the server’s processing power. Figure 10.1 shows the relationship between a server, databases, storage groups, and transaction logs.
Exchange supports a number of different messaging protocols, the most important of which is the Internet-standard Simple Mail Transport Protocol, or SMTP. Prior versions of Exchange used the industry-standard X.400 messaging protocol internally, translating to other protocols as necessary. With the growth of the Internet and the increase in Internet-based email sent through organizations, Microsoft decided to switch Exchange 2000 Server’s native messaging protocol to SMTP. SMTP offers faster processing than X.400, making Exchange more efficient. Exchange continues to interact with X.400-based messaging systems (including older versions of Exchange) by translating SMTP to X.400 whenever required.
Exchange also supports the Post Office Protocol (POP3) and the Internet Messaging Application Protocol (IMAP4), two very common Internet-based messaging protocols. The POP3 protocol is designed to enable clients to retrieve email from a mail storage server, such as Exchange. POP3 and IMAP4 contain no provisions for sending email; clients use SMTP, often delivering email to Exchange, which then routes, or relays, the message to its final destination. IMAP4 enables users to work with email that’s on the server, without requiring them to download the email to their client. IMAP4 also supports mail folder hierarchies, which POP3 does not. For users who’ve created complex hierarchies of mail folders to manage their email, IMAP4 provides a more efficient and natural way to work with their message stores.
Exchange provides support for the Network News Transport Protocol (NNTP), which is used to manage Internet newsgroups, or discussion groups. Exchange public folders can be exposed via NNTP, enabling news clients such as Outlook Express to provide users with access to open or moderated discussion forums. Exchange also accommodates Internet users through the Web’s HTTP protocol. This support is provided through Outlook Web Access (OWA), a special Web site installed along with Exchange. OWA is a Web application that mimics the look and behavior of Outlook 2000, providing Outlook users with a Web-accessible way to access their email, contacts, calendars, and so forth. OWA is one of the most popular mobile email solutions, because it leverages a user’s existing expertise with the Outlook interface, while providing a secure means of remotely accessing email and other Exchange-based information.
Because Exchange is completely integrated with Active Directory, it can take advantage of Active Directory’s own security features. In prior versions of Exchange, permissions on mailboxes and public folders were assigned to mailboxes, because they represented security principals within Exchange. You could assign permissions to distribution lists, too, which functioned as groups. Now, you simply assign permissions directly to Active Directory users and groups, just like you assign file permissions on a file server.
Tip
If you’re migrating from Exchange 5.5 to 2000 (or later), this new security integration can cause problems. Migration tools must try to map Exchange 5.5 mailbox-oriented permissions to Active Directory accounts and groups; if the tools aren’t able to find a one-to-one match for all of the entries on a permissions list, the permissions list is set to allow access only to the Administrator. So your migrations should include a review of your 5.5 permissions to make sure they’ll match up with Active Directory security principals during the migration process.
Exchange 2000 Server introduced a new add-on product called Exchange Conferencing Server. Conferencing Server builds upon the Exchange platform by adding videoconferencing and collaboration capabilities, which are completely integrated with the basic Exchange product. Users can use their Outlook calendars to schedule videoconferences, and join those conferences directly from Outlook when the time arrives. Conferences can be conducted through a number of industry standards, including T.120 and H.323 (used by Microsoft NetMeeting).
Server-based conferencing is more powerful than peer-to-peer conferencing (which is how NetMeeting is usually used), because servers can provide multiparty audio and video stream, enabling each conference participant to see and hear all of the other participants. Further, Exchange Conferencing Server relies on multicast technology to provide better network throughput.
In any TCP/IP network, there are basically two ways to send data: directly to another computer, or to a special multicast address. For videoconferencing, direct transmission is inefficient, because the conferencing server has to relay the conference data stream independently to each participant. With even just a few participants, the server can quickly become overwhelmed. Broadcasts enable the server to send only one copy of the data, but it’s received by all computers, even if they are not participating in the conference. Furthermore, broadcasts are limited to a single network segment, and cannot cross routers. Multicasts provide a combination of the direct transmission and broadcast methods. In a multicast, clients are given a special IP address when they join a conference. The server sends one copy of the conference’s data stream to that special IP address, and all clients who want to participate in the conference pick up the traffic sent to the special multicast IP address. Routers can be programmed to forward traffic destined to the multicast address, making the multicast work across large networks. Multicasting makes the most efficient use of network resources while delivering video, audio, and other conference data.
In addition to video and audio conferencing, Exchange Conferencing Server supports data conferencing, which includes multiuser collaboration tools, such as multiparty application sharing. This technology enables, for example, all conference participants to work in a shared copy of Microsoft Word on a single shared document, much as they might work on an easel pad during a physical conference.
Note
Architecting Exchange Conferencing Server requires interactions between Active Directory, Exchange, and your network. Because conference architecture can be so complex, I won’t focus on it in this book. Instead, I’ll concentrate on the basic Exchange and Active Directory architecture needed to implement Exchange. If you do decide to implement Conferencing Server in your environment, starting with a solid Exchange/Active Directory architecture (which I’ll show you how to create) will make the implementation much easier.
Instant messaging has become one of the new “killer apps” for corporate environments, enabling users to quickly send messages to one another across the network. Unfortunately, many companies prohibit the use of instant messaging systems, because most of them—such as Yahoo! Messenger, AOL Instant Messenger, and MSN Messenger—also allow employees to easily communicate with individuals outside their organization, making the instant messaging concept seem like a productivity-killer.
There’s no reason, however, that you can’t implement your own internal-only instant messaging system. Such a system requires two basic components: Presence services act as a directory of users who are currently online, enabling other users to locate and contact them, while messaging services actually relay messages from one user to another. Exchange can provide both services to your network. In fact, a single Exchange server can easily support 15,000 or more instant messaging users, making it a relatively inexpensive investment. Exchange only works with the MSN Messenger client (called Windows Messenger in Windows XP), or with the shareware “universal” clients that interoperate with the MSN Messenger network.
Tip
One great reason to implement an instant messaging infrastructure is Windows XP’s Remote Assistance feature. By enabling users to use XP’s built-in Windows Messenger, you also enable users to send assistance requests to one another across the Messenger system. Messenger represents the easiest way to send those requests (although other techniques are available), and provide an easy-to-understand experience for novice users who rely on Remote Assistance to solve problems.
Exchange implements the two components of instant messaging—presence and message routing—as two separate functions. You can designate home servers, which are Exchange servers that accept instant messaging connections from clients. Message routers are separate servers responsible for routing messages between users on different home servers. Smaller environments can make do with a single home server and forgo a dedicated router, but providing the router function as a separate entity enables you to create more scalable architectures for very large environments. Figure 10.2 shows a complex instant messaging architecture that utilizes multiple home servers and routers.
Exchange also provides chat services to users. The Exchange 2000 Chat Service is based on the Internet-standard Internet Relay Chat (IRC). Chat services are implemented as communities, which correspond to a single IP address and port on a server (a single server can host multiple communities). Communities exist on only one server, and can’t be spread across multiple servers; as a community grows in size you’ll either need to split it up into multiple communities which can be hosted on separate servers, or upgrade to more powerful server hardware. A single moderately powerful server can support more than 20,000 chat users.
Communities are divided into channels, with each channel representing a particular topic of discussion. Each channel has its own member list, and each channel can be configured with a variety of discussion options:
Open discussions allow anyone in the channel to type a message that can be seen by all other members of the channel. Members can also send private messages to one another, a technique called whispering.
Moderated discussions allow the moderator and designated individuals to send messages to the entire channel; members can also send private messages to one another. Moderated discussions are often used for sales presentations, where a moderator and presenter can “speak” freely, and can accept questions from the “audience.”
Microsoft provides chat client software called Comic Chat. Exchange also supports any IRC-compliant chat client, including popular freeware and shareware choices such as PIRCH, mIRC, and others.
Note
If you’re familiar with America Online’s “chat rooms,” a little translation to IRC terminology may help you better understand Exchange’s chat services. AOL itself represents a chat community, with multiple channels—chat rooms—available to users. Anyone present in a channel is a member of it. Like AOL chat rooms, channels can have moderators, who have the capability of banning users from the channel (among other capabilities). Unlike AOL chat rooms, which are restricted to a maximum of 23 users each, IRC channels can have an almost unlimited number of members at once.
Exchange also supports IRC extensions, which use the IRCX protocol. Developed by Microsoft, IRCX channels are visible only to clients that support the IRCX protocol. IRCX channels offer additional commands and features not found in regular IRC channels, such as enhanced user and channel management features.
Perhaps the biggest new feature in Exchange 2000 Server is its multi-tier architecture. Prior versions of Exchange combined all of the product’s capabilities onto each server in your environment. In other words, a single server could contain mailboxes and public folders, provide services to clients, and so forth. While Exchange 2000 can be used in the same fashion, you can also break Exchange into multiple tiers of functionality. For example, you might designate a set of back-end servers that do nothing but handle messaging databases, storing messages for users. A separate tier of servers might accept client connections via IMAP4, acting as a gateway for users to access the email stored on the back-end servers. Figure 10.3 shows a basic multi-tier architecture.
It’s a simple fact that servers waste time when they have to do more than one thing. Keep in mind that a server’s microprocessor can only do one thing at a time. Multitasking is really an illusion in which the processor jumps between tasks so rapidly that it seems to be doing them all at once. The switching process involves a certain amount of overhead, however. On the larger scale of an application server such as Exchange, focusing on a single task makes the server more efficient at that task. Microsoft, for example, was able to reduce the number of Exchange computers in its corporate environment when moving to Exchange 2000 Server, because it could designate each server to handle specific tasks.
Exchange supports a number of different clients:
Microsoft Outlook is the premier messaging client for Exchange, providing access to multiple IPM types, conferencing features, and so forth. Outlook can act as an RPC client, connecting directly to Exchange back-end servers, or as a POP3 or IMAP client, accessing Exchange and other Internet-based mail servers.
Outlook Express enables users to access Exchange email via POP3 or IMAP protocols, and also provides NNTP access to newsgroups hosted on Exchange.
MSN/Windows Messenger is an Exchange-compatible instant messaging client.
Internet Explorer is the best Web browser to use when accessing OWA. Internet Explorer 5.5 and higher includes built-in XML support that makes using OWA faster and more efficient.
Microsoft Chat (2.5 or higher) is an IRCX-compatible chat client that works well with Exchange chat services.
Microsoft NetMeeting is a free videoconferencing solution that provides entry-level conferencing and collaboration capabilities, and is compatible with Exchange Conferencing Server.
Unfortunately, if you’re looking for a single client that does it all, you’re out of luck (although Outlook is perhaps the closest you’ll come). Most of the preceding clients are included with later Windows operating systems, such as Windows XP, but Microsoft Chat, for example, is a separate download (it’s also on the Exchange 2000 Server CD). NetMeeting doesn’t take advantage of all of Exchange Conferencing Server’s features, although you can use more powerful third-part T.120-compatible conferencing clients along with Conferencing Server.
As with many other .NET Enterprise Servers, Microsoft sells Exchange in a couple of different editions. The big version is Enterprise Edition, which includes clustering support and no restrictions on how Exchange can be deployed. The less-expensive Standard Edition lacks clustering support, and also includes a number of restrictions on how the product can be used:
You can create only one database per server.
Databases are restricted to a maximum size of 16GB.
You cannot take advantage of Exchange’s three-tier architecture.
Servers cannot be clustered.
Servers do not support chat functionality.
Essentially, Standard Edition is appropriate if you need only one or two Exchange computers with fewer than 1,000 users apiece. For larger environments, the additional flexibility offered by Enterprise Edition is a must.
Note
Exchange Enterprise Edition will run on the Standard editions of Windows 2000 Server or Windows .NET Server. However, to take advantage of clustering, you need to use Windows 2000 Advanced Server or Datacenter Server, or Windows .NET Enterprise Server or Datacenter Server.
Exchange is one of the only .NET Enterprise Servers that is still licensed on a per-client basis, rather than per-processor, so it makes sense to use powerful, multi-processor servers that can support as many users as possible. You’re paying by the user, so supporting them with as little server hardware as possible will help save money.
| For more information on Exchange licensing costs and models, see “Exchange Server,” p. 169 |
Unlike many of the other .NET Enterprise Servers, Exchange Server pretty much stands alone, with the obvious exception of Active Directory. Exchange does make extensive use of a number of TCP/IP protocols, and it’s useful to understand how they all work before adding Exchange to your environment. Finally, Exchange can take advantage of Windows’s Certificate Services to provide message encryption and digital signatures. It’s a good idea to understand how Certificate Services fits with Exchange if you intend to build a secure messaging infrastructure.
Exchange Server’s reliance on Active Directory is absolute. While many of the other .NET Enterprise Servers can use Active Directory to store configuration information, or to assign permissions to domain users, Exchange Server simply won’t function without Active Directory. In prior versions of Exchange, Exchange itself maintained mailboxes, and linked those mailboxes to a specific NT domain account, thereby granting that account permission to use the mailbox. However, the domain account and the mailbox were always managed independently.
With Exchange 2000 Server, Exchange maintains the contents of mailboxes, but Active Directory itself maintains the definition of the mailbox. Any Active Directory user account can be mailbox-enabled, a process which links the account to a mailbox store in Exchange. Mailbox-enabling an account also extends the account’s attributes to include messaging-specific properties, such as the maximum amount of space the user’s mailbox may consume on the server. All management of the mailbox is performed from within Active Directory interfaces like Active Directory Users and Computers.
Active Directory also acts as Exchange’s Global Address List (GAL). Active Directory groups, including Universal Distribution Groups, can be used as mailing lists from within Exchange. Active Directory can also contain contacts, which represent the email addresses of external users, and enable Exchange users to easily store shared contact information within Active Directory. Whenever users type a new email message, Active Directory is used to ensure that the recipient addresses they provide are correct, a process called address resolution.
In fact, address resolution represents one of the most important interactions between Exchange and Active Directory. In prior versions of Exchange, Outlook clients would contact the Exchange Server directly to perform address resolution and GAL searches. In Exchange 2000 Server, however, Outlook clients contact the Exchange server to receive a list of Active Directory domain controllers configured as Global Catalog (GC) servers. Outlook then contacts the GC server directly to complete the address resolution. This behavior distributes the messaging load across a larger number of servers, but it places a heavy additional load on the domain controllers designated as GC servers. In fact, many organizations find that they need to double or even triple the number of GC servers in their environments to accommodate Exchange.
Tip
Microsoft has run through a number of problems with the GC server and Outlook interaction. Early on, Outlook clients would lock up if the GC server referenced by Exchange wasn’t available. The problems have been mostly corrected in Exchange Service Pack 2 and Outlook 2002 (which is included in the Office XP suite).
Exchange is aware of Active Directory domain and site configurations, although a single Exchange organization can span multiple sites domains, provided they are all contained within the same Active Directory forest. Additionally, each Active Directory forest can contain only one Exchange organization.
Although prior versions of Exchange have made ever-increasing use of Internet technologies, Exchange 2000 Server is built entirely around open Internet-standard protocols and technologies, including
SMTP. Used as the native message transport within and between Exchange Server computers.
POP3. Used by clients to retrieve email from Exchange-based mailboxes.
IMAP4. Used by clients to work with email on the Exchange Server computer, as well as to retrieve email from Exchange-based mailboxes. You can think of IMAP as a souped-up version of POP3.
HTTP. Exchange Server uses this Web-based protocol to provide Outlook Web Access services to Web-based clients.
IRC. Used by chat clients to interact with Exchange-hosted chat sessions.
LDAP. While Exchange Server itself doesn’t provide a directory, it does use LDAP to access Active Directory, which contains all of Exchange’s user and configuration information.
DNS. Exchange Server and Windows 2000 and higher clients rely heavily on DNS to locate Exchange services and other servers on the network.
Understanding the protocols that Exchange Server uses can help you configure your network to better support Exchange Server and Exchange clients. For example, if you’ve got Exchange Server computers spread out across a distributed network, you can program your routers to prioritize SMTP traffic, thereby making communication between Exchange Server computers more efficient. If you need users to be able to access their email from outside a firewall, then you’ll need to select protocols—POP3, IMAP4, or HTTP—to allow through the firewall and into the Exchange Server computer.
Note
I don’t ever recommend connecting an Exchange Server computer directly to the Internet, even if you’re servicing only Internet-based users. Always place a firewall in front of Exchange to protect the server.
Ideally, you shouldn’t even configure the firewall to pass traffic directly through to the Exchange Server computer. Instead, use a firewall that can pretend to be an email server, and have it accept and analyze incoming email packets. Acceptable packets—ones that are well-formed and don’t contain any viruses—can then be forwarded to the Exchange Server for processing. Microsoft Internet Security and Acceleration (ISA) Server is a firewall product with this reverse publishing capability.
| For more details on how ISA Server can help protect an Exchange Server computer, see “Technology Capabilities,” p. 308. |
Exchange doesn’t directly integrate with Windows’s Certificate Services, but it can benefit from the digital certificates that Certificate Services creates. Exchange includes its own Key Manager application, which enables you to easily manage the certificates (keys) that your Exchange users need. Exchange uses certificates for two primary purposes:
Encryption. Exchange enables users to encrypt messages with digital certificates, rendering the message useless to anyone who doesn’t have the decryption key. Exchange supports public key encryption, which means senders must retrieve the recipients’ public keys, and use those keys to encrypt the message’s contents. The recipients then use their private keys to decrypt the message. Outlook provides the user interface and functionality necessary to encrypt messages, retrieve public keys, and so forth.
Digital signatures. Exchange enables users to digitally sign messages. The signature process requires Exchange to calculate a checksum, which is a unique value based on the contents of the message. Any changes to the message’s contents result in a different checksum. The checksum is then encrypted with the sender’s private key and included in the message. Recipients obtain the sender’s public key to decrypt the checksum and compare it to their own checksum calculation. If the two match, the recipient knows that the sender really did send the message (because nobody else would have the sender’s private key), and that the message didn’t change in transit (because the checksums matched). Another technique is to send an entire encrypted copy of the message, rather than a checksum, for comparison by the recipient.
Exchange is designed to use certificates from almost any source, including commercial certificate authorities like Thawte (www.thawte.com) or VeriSign (www.verisign.com). However, within an organization, it’s easier and much less expensive to create your own certificate authority using Windows Certificate Services (or another certificate system), and issue your own certificates to your users.
| For more information on Certificate Services, see “Windows Enterprise Technologies,” p. 87 |
Exchange Server doesn’t integrate directly with any of the other .NET Enterprise Servers, although it obviously relies heavily on Windows 2000 Server (or Windows .NET Server) to provide Active Directory services. Exchange Server can, however, benefit from the services offered by other .NET Enterprise Servers, even if it doesn’t integrate with them directly. For example, ISA Server can provide protection for an Exchange Server computer from Internet-based attacks, as I’ve already mentioned.
Exchange Server can provide useful services to complement the other .NET Enterprise Servers, too. For example, if you’re running Commerce Server, then there’s a good chance that you’ve got an e-commerce Web site (since that’s the whole point of Commerce Server). Web sites often include communities, which enable the site’s users to interact with one another and share information. Commerce Server doesn’t provide any community features, but Exchange Server does, in the form of chat rooms, newsgroups, and instant messaging features. Exchange might be a good fit for Web sites based on Content Management Server as well, providing those sites with user interaction capabilities.
The one .NET Enterprise Server that Exchange explicitly does not integrate with is SharePoint Portal Server (SPS). SPS and Exchange are based on the same core storage engine (the ESE), making it impractical (if not outright impossible) to run both products on the same server. The two products are perfectly happy to coexist on the same network, but they’re too much alike to live on the same actual computer; like most close siblings, they tend to fight over the same resources and cause nothing but trouble.
As I’ve already discussed, Exchange relies heavily on domain controllers and Global Catalog (GC) servers in your Active Directory architecture. That means one of your biggest Exchange integration tasks is understanding how Exchange will impact your Active Directory infrastructure. Here are some tips:
Exchange extends the Active Directory schema, so Active Directory replication will require a bit more bandwidth as you populate the directory with mailbox-enabled users. You should make sure your site topology and wide area network (WAN) links are capable of carrying the additional traffic. Exchange does not impose much in the way of additional continuous overhead; once the directory is populated, changes to individual users are propagated individually throughout the domain, reducing replication traffic.
Exchange clients such as Outlook 98 SR2 and higher are designed to get a global catalog (GC) server reference from their Exchange server, and then direct all Global Address List (GAL) lookups to that GC server. Exchange tries to load balance across the available GC servers, and prefers to refer clients to GC servers in the server’s own domain. Prior to Outlook 2002 (in Office XP), Outlook may hang if a referred GC server becomes unavailable (once referred, clients tend to stick with the same GC server). Outlook 2002 and later recover more gracefully, asking the Exchange server for a new reference.
Exchange itself requires access to a GC server, and will try to load balance its access across the GC servers in the same Active Directory site as the Exchange Server computer. Make sure Exchange always has at least one GC in the same site.
Exchange also requires access to a domain controller, and will select a single domain controller within the same domain as the Exchange Server computer. Ideally, this domain controller should be in the same site as Exchange. I generally recommend that every site with an Exchange computer also include a domain controller in the same domain as Exchange, and that the domain controller serve as a GC server.
In the following sample designs, I’ll include not only physical network information, but also indications of which domain Exchange Server computers belong to, and where domain controllers and GC servers are placed. I’ll do this by indicating each Exchange Server computer’s domain along with the server name, including the domain name along with any domain controllers (shown as “DC” in the diagrams), and include a “GC” tag for domain controllers that host a copy of the global catalog.
The simplest Exchange design is the same design Exchange administrators have been building since the product’s first version. Shown in Figure 10.4, this design includes all of Exchange’s services on a single computer. As shown, you might include a second server to host instant messaging and chat functions, if you need them in your organization. This design is suitable for small organizations with perhaps 1,000 mailboxes or fewer, and relatively moderate messaging volumes.
Suitable hardware for this kind of computer includes large RAID 5 hard drive arrays, multiple processors (2–4), and plenty of RAM—generally as much as you can install in the server hardware you’ve selected, or as much as your edition of Windows will support. Fast network connections are a must, especially to the supporting Active Directory domain controller and GC servers.
The disadvantage of single-server Exchange designs is that Exchange—like any other database engine—can only scale up so far, meaning that you can only upgrade server hardware to a certain point. Once you’re running on a eight-processor computer with 8GB of RAM, you’ve pretty much hit the ceiling of what hardware can do for you. If such a server still isn’t capable of supporting your business needs, then you need to scale out, by adding additional servers to handle the workload. Scaling out in Exchange means breaking the server into two tiers, as shown in Figure 10.5. Multiple front-end servers can accept protocol connections from users, and all talk to a single back-end Exchange computer which does nothing but handle the system’s message stores. Each front-end server can host one or more protocols, enabling you to provide the right number of front-end servers for each protocol, based on that protocol’s popularity. For example, you might provide the most POP3 servers if your client base mainly uses Outlook Express, or more HTTP servers if your clients make heavy use of Outlook Web Access.
When the back-end storage server can’t keep up with the workload of the front-end, you can scale the back-end separately. While front-end servers can run on relatively inexpensive servers (thus creating a server farm not unlike a Web farm with many smaller-sized Web servers), back-end servers require fast drive arrays, significant amounts of memory, and other high-end resources. Scaling the back-end is therefore a more serious and costly decision. It also requires you to partition your back-end, splitting your user mailboxes between back-end servers, as shown in Figure 10.6.
One nice feature of Exchange’s architecture is that you don’t have to worry about moving mailboxes between back-end servers. Exchange’s front-end servers automatically determine where mailboxes are physically located. Users simply have to connect to a front-end server, and that server will locate the user’s mailbox on the appropriate back-end server. As a result, you can move mailboxes whenever you need to without having to reconfigure your clients.
Distributing Exchange across a number of different sites is more difficult than using Exchange in a single site, because of the relationship between Exchange, domain controllers, GC servers, and Active Directory itself. Figure 10.7 shows what is perhaps an ideal design from a management standpoint, with all Exchange back-end servers located in a central office, and front-end servers deployed to branch offices. Notice the relationship between domain controllers and GC servers in those branch offices.
Caution
The network is the weakest link in these distributed designs. If a branch office loses its connection with the central office, that branch office’s users will have no access to email.
Larger organizations with distributed IT departments may find multiple back-end Exchange Server computers easier to manage. In Figure 10.8, each major division of the company has a centralized Exchange back-end, with distributed front-end servers for that division’s employees. Some sites house front- and back-end servers for multiple divisions, but again notice the relationship between Exchange and the Active Directory servers.
When slow network links are a problem, you have two options. You could simply forgo local Exchange servers completely, and force users to access their email and other Exchange information through a low-bandwidth solution such as Outlook Web Access. That’s rarely an acceptable solution, since users prefer the richer, always-connected environment that regular Outlook offers. In those cases, you may need to include a complete Exchange Server computer in the branch office, perhaps using a computer that doubles as a DHCP or file server for the office as well.
Tip
I don’t recommend installing Exchange on an Active Directory domain controller. Both the Exchange and Active Directory functions will suffer from lowered performance, and both are heavily used by network clients. Having an Exchange Server computer double as a DHCP or DNS server is less risky, but does still place a lot of eggs in one basket. It would be better to have one of the domain controllers serving as a DNS and DHCP server, particularly since functions such as the Windows DNS Server service can be integrated with Active Directory for fault tolerance.
Figure 10.9 shows what the network might look like. Notice again the strategic placement of Active Directory domain controllers and GC servers. Also notice that the rest of the organization—with faster wide-area links—continues to use a centralized back-end. The biggest potential problem in this case is a user from the “slow” office visiting a “fast” office, and having to access their email across the slow wide-area link.
Perhaps the most difficult Exchange configurations come into play in multi-domain environments. Exchange can easily span domains that exist within the same forest, but the risk of poor performance due to badly placed Active Directory domain controllers and GC servers is very real. The trick is to always remember the domain controller and GC server requirements of Exchange and Exchange clients, which I’ve already discussed. Figure 10.10 shows an example of a multi-domain environment, and how domain controllers and GC servers support Exchange.
Exchange is far from the only messaging product in the world. While older, client-based systems such as cc:Mail and Microsoft Mail have pretty much gone by the wayside, products such as Lotus Notes/Domino, a wide array of Internet-based mail servers, and even gradually dying solutions such as Novell GroupWise exist that provide alternatives to Microsoft’s messaging solution. Of these alternatives, I’ll focus on Notes and the Internet-technology products; GroupWise enjoys relatively few new deployments and many shops are actively trying to migrate away from the product.
IBM’s Lotus Notes product (the server component is named “Domino”) has been Exchange’s primary rival since Exchange’s introduction. Notes achieved a lot of early market share because it included application development capabilities, enabling organizations to build workflow and other collaborative applications right within Notes. Notes’s recent development has turned the Domino server component into a full-fledged Web server, making the product suitable for deploying certain types of Web-based applications, especially intranet applications. Notes also has the advantage of running on a wide range of operating systems, including Windows and even IBM’s AS/400 (getting Notes running on the AS/400 was a driving factor behind IBM’s acquisition of the Lotus company several years ago).
Internally, Notes’s storage engine is a bit less sophisticated than Exchange’s, using a store-and-forward technology that’s more than a decade old. Ironically, Exchange actually offers more robust application development capabilities, with its complete integration with both the Windows operating system and Microsoft’s COM software development architecture. Unfortunately, Exchange’s software development features are—and always have been—less readily accessible than Notes’s, making it more difficult for software developers to understand and leverage Exchange’s capabilities in application development. Even today, with significant workflow and data capabilities, few organizations build applications on Exchange.
Note
A number of organizations like to practice functional compartmentalization, an idea that simply means “we don’t use our mail server to run applications.” These organizations feel that running applications on their messaging platform is putting a bit too many eggs into one basket, and instead reserve the messaging system for messaging, and build applications elsewhere.
Both Microsoft and IBM have presented strong cases for their products, each claiming that their platform offers a lower total cost of ownership, faster return on investment, and so forth—simply proving the point that you can make numbers say anything you want. Organizations with a heavy investment in Microsoft technologies tend to opt for Exchange; companies with a history of using IBM products—or Notes’s messaging predecessor, cc:Mail—tend to stick with the Notes/Domino platform. I’m obviously a strong fan of Exchange, but I heartily recommend that you perform a competitive analysis of both products within your organization.
| I show you how to analyze and compare products in Chapter 4. See “Assessing Business Needs,” p. 130 |
The popularity of Internet protocols such as POP3, IMAP, and HTTP have resulted in an array of inexpensive mail server products—such as iMail—based on those standards. Many organizations that need nothing more than basic message storage and retrieval are taking advantage of these systems to provide inexpensive, easy-to-maintain solutions for their users.
These products invariably accept email via the SMTP protocol, send outgoing email via SMTP, and enable users to retrieve their mail by using a POP3 or IMPA4 client, or via a Web-based interface. These products rarely include any collaborative features, and rarely provide contacts, calendaring, notes, and the other features often associated with Exchange Server and Outlook. However, despite their lack of features, these solutions are usually only a few hundred dollars, can run on a computer costing less than $2,000, and often require little to no maintenance. Some companies provide “black box” solutions based on the SMTP/POP3/IMAP4/Web mixture, enabling you to simply plug the box into your network for an instant email server. These boxes can run from a few hundred dollars to less than $2,000, and provide a no-configuration, no-maintenance way to provide basic email to a small organization.
As one of Microsoft’s most popular products ever, you certainly can’t ignore Exchange Server. Odds are, if you’re reading this book (and therefore interested in Microsoft technologies), you probably have at least an older version of Exchange already in your environment. Exchange Server has grown into much more than a mail server, providing complete communications capabilities, including chat, newsgroups, instant messaging, and even teleconferencing. In this chapter, you learned about the various services Exchange can provide to your organization, and you learned about Exchange’s basic architectural components. You also learned how to add Exchange to a variety of different network designs, utilizing Exchange’s multi-tier architecture to provide more efficient messaging services to your users.