Index []network deployments, 317 pro grammin , 263–264 Cluster Continuous Re plication (CCR), 33,...

IndexNote to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations.

AABP (Address Book Policies), 36

absolute scope in RBAC

permissions, 105

acceptance testing, 329–330

access. See data access

access control entries (ACEs),

103, 112

access control lists (ACLs), 103, 112

actions in EOP, 173

activation rules in mail apps, 293

Active Directory

contact photos in, 234

deployment, 322–323

distribution groups, 243

forest merging, 150

integration

Exchange 2000/2003, 28–29

Exchange 2007, 30

Exchange 2010, 35

mail fl ow, 43

site-based routing, 31

split permissions model,

124–125

Active Directory Certifi cate

Authority, 151

Active Directory Federation

Services (ADFS)

authentication, 73

Exchange Online, 149

single sign-on, 139

Active Directory Lightweight

Directory Services (AD LDS), 173

Active Directory Migration Tool

(ADMT), 336

Active Directory Rights

Management Service (AD RMS),

188–190

Add-MailboxPermission

cmdlet, 237

Add-MailboxPermissions

cmdlet, 274

Add-ManagementRoleEntry

cmdlet, 113, 120

add-on solutions, 297

Add-RoleGroupMember cmdlet, 115

Address Book Policies (ABP), 36

address books

in collaboration, 234–235,

234–235–

offl ine, 336, 338

ADFS (Active Directory Federation

Services)

authentication, 73


single sign-on, 139

ADFS Proxy servers, 73

Admin Audit Log agent, 122, 122admin audit logging, 121–122

Admin Roles tab, 125

administration management, 127

EAC

access to, 134–135

hybrid deployments, 135

new features, 132–134,

133–134PowerShell, 135–136

scenarios, 127–131

scripts, 136

tools, 131–132

administrator auditing, 36, 195–196,

196, 209

ADMT (Active Directory Migration

Tool), 336

Advanced Encryption Standard

(AES), 191–192

Advanced Query Syntax (AQS)

fi lter, 279

AFR (annual failure rate), 63

alerting, 357–358

AllSigned execution mode, 136

analysis paralysis, 6

annual failure rate (AFR), 63

antimalware protection, 175–177

antispam protection, 175–177

antivirus program

deployment, 327

appendices in compliance

policies, 206

application integration in

migration, 352–353

application programming interface

(API), 261, 264–268

appointments, 285

AQS (Advanced Query Syntax)

fi lter, 279

architectural concepts, 27

Exchange 2000/2003, 28–30

Exchange 2007, 30–34


Exchange 2013. See Exchange

2013 overview

Architecture Summary section in

design, 14–15

archive mailboxes, 36

archiving, in-place, 208

AS (Availability service), 332

association of RBAC roles,

107–111

assumptions, documenting, 8

Attachment Filter Agent, 175

attachments, photo, 291–292

attacks, security, 160–161, 180

auditing

administrator activity,

195–196, 196administrator login, 36

capabilities, 193–194, 194mailbox activity, 194–195

authentication

Client Access servers, 45

clients, 315

EWS, 270, 272–273

mailboxes, 273–274

two-factor, 179–183, 310

autoconfi guration in DAGs, 55

Autodiscover

confi guring, 255

Exchange 2007, 32


POX, 270–271

SOAP-based, 271–272

automatic database reseed, 54, 88

automatic mailbox mapping, 237

Automatic Replies feature, 232

availability. See high

availability (HA)

COPYRIG

HTED M

ATERIAL

374 | AVAILABILITY DATA SHARING • COMPLEXITY IN SECURITY

availability data sharing

inter-org migration, 332

intra-org migrations, 337

Availability service (AS), 332

Average Mailbox Size metric, 91

Average Message Size in KB

metric, 91

average seek time metric, 84

Bback pressure feature, 31

background database maintenance

(BDM), 93

Background Database Maintenance

Throughput Requirements

value, 94

bandwidth

DAG replication, 76–78, 77networks, 20, 317

Bandwidth Calculator, 20, 317

batches, migration, 353

BDM (background database

maintenance), 93

best copy and server selection

(BCSS), 55

best copy selection (BCS), 55

best effort mail delivery, 56

BIG-IP appliance, 147

Bing Maps app, 293, 293BitLocker, 187–188, 191

Blackberry Enterprise Service, 191–192

brick confi guration, 51

Bring Your Own Device (BYOD)

strategies, 191

build-time validation, 98

built-in management roles, 107–111

bulk edit EAC functionality, 132

business availability, 358

business logic in RBAC, 119–121

business requirements, 4–6, 14

business support issues in

migration, 350

BYOD (Bring Your Own Device)

strategies, 191

bypass, antimalware, 176

CC-SOX (Keeping the Promise for a

Strong Economy Act), 309

calibrated workloads, 97

capacity

high availability, 68

increasing, 82, 83mailboxes, 86

sizing, 21

transaction logs, 359–360

CAS. See Client Access Server (CAS)

CCR (Cluster Continuous

Replication), 33, 80

CDO (Collaboration Data Objects)

model, 304–305, 309

CDO 1.2 VBS scripts, 290–292

certifi cates

clients, 180, 315

connection encryption, 314

deployment, 325


IPSec, 180

SAN, 69

SharePoint, 254–255, 255Check-SiteMailboxConfi g.ps1

script, 258

CI (content indexing)

Exchange Search service,

278–279

migrations, 343

trending, 360

Client Access Server (CAS)

design, 18

for EWS, 263

Exchange 2007, 32

Exchange 2013, 45–47,77 46, 51, 53

Exchange Hybrid, 73

Client Access Server (CAS) arrays

Exchange 2010, 38

Exchange 2013, 54

clients, 299

CDO, 304–305, 309

certifi cates, 180, 315

connectivity, 41

data encryption, 314–315


EAS, 303–304

email experience, 232–233

EWS, 300–301

Exchange Online support,

153–154

importance, 305

inventory, 310–313, 311MAPI, 300, 309

network usage, 317, 77 318performance, 315–317, 77 316

POP/IMAP, 301–302, 308–309

protocol offl oading, 41

regulatory compliance, 309

responsiveness, 306

security, 309–310, 314–315

supportability, 306–308,

313–314

throttling, 36, 318–319

types, 299

user experience, 305–306

web browsers, 302–303

cloud

encryption, 191

Exchange Online Protection,

172–173


message hygiene services,

170–172

network deployments, 317

programming, 263–264

Cluster Continuous Replication

(CCR), 33, 80

cmdlet usage in RBAC,

121–122, 122Coca Cola email system, 161

code. See also programming

connecting, 263

snippets, 263

collaboration

address books, 234–235,

234–235–

distribution groups, 242–245,

244–245–

email, 232–235, 234–235–

overview, 231–232

public folders, 240–242, 241–242–

resource mailboxes, 238–240,

238–239–

shared mailboxes,

235–238, 236site mailboxes. See SharePoint

site mailboxes

training, 233–234

Collaboration Data Objects (CDO)

model, 304–305, 309

COM (Component Object

Model), 304

communication, compliance, 229

company-mandated storage

platforms, 95–96

company regulations, 202

complexity in security, 162

COMPLIANCE • DEPLOYMENT | 375

compliance, 199

clients, 309–310

communication, 229

in design, 15

legal department, 203

migration issues, 353

overview, 199–200

policies, 203–206

regulations, 200–203

requirements, 203–205

scenarios

global banking company,

219–228, 221, 223–228HR issues, 209–213

sensitive data, 213–218

solutions, 206–209

Compliance Management

settings, 194

Component Object Model (COM), 304

compression, database, 81

Confi gure-EnterpriseApplication.

ps1 script, 273

Confi gure Synchronization

Connections option, 252, 252confi gure write scopes, 116

Connection Filtering Agent, 175

connections

code, 263

encryption, 314

EWS, 270

Exchange Online, 141–143

fi ltering, 172

SharePoint to Exchange,

256–259

connectors

Exchange 2007, 31

Exchange 2013, 43

source servers, 43

consequences in compliance

policies, 206

constraints, 7–8

contacts

creating, 284

photos, 234, 234–235– , 5 291–292

Contacts folder, 290–291

Content Filter Agent, 175

content fi ltering, 172

content indexing (CI)

Exchange Search service,

278–279

migrations, 343

trending, 360

Continuous Replication Circular

Logging (CRCL), 360

conversation view, 232

cooling factor in high

availability, 67

corporate security policy, 163

cost

complexity, 162

downtime, 62–63

Exchange Online, 140, 142

storage, 86–87, 9677

coverage in compliance policies, 206

CRCL (Continuous Replication

Circular Logging), 360

cross-forest migration, 331

DDAC (Database Activation

Coordination) mode, 75–76, 76DAC (Datacenter Activation

Coordination) mode, 38

DACLs (discretionary access control

lists), 274

DAGs. See database availability

groups (DAGs)

data access, 183

data at rest, 186–193, 189data in transit, 184–186, 186fi rewalls, 180

long-term storage, 193–197

mailboxes, 274–278

mobile devices, 191–193

unauthorized, 162, 177–183

data corruption events, 357

data encryption

clients, 314–315

end-to-end, 190–191


data jurisdiction laws, 163

Data Leak Prevention (DLP)

templates, 44

data leakage, 152–153

Data Loss Prevention (DLP), 207

Data Protection Act (DPA), 200, 309

data retention requirements, 204

data sharing. See also collaboration



data sovereignty, 151–152

Database Activation Coordination

(DAC) mode, 75–76, 76

database availability groups

(DAGs), 19

Exchange 2010, 37–38, 81


nodes, 74

planning, 73–78, 75–77replication, 20

security in transit, 185

database copies in DAG, 74

database reseed, 88

database size in DAG, 73

DatabaseList scope option, 114

DatabaseRestrictionFilter scope

option, 114

Datacenter Activation Coordination

(DAC) mode, 38

de-duplication, 280

Default Role Assignment Policy,

117–118, 118, 244

defense in depth, 170

DelegatingOrgWide RBAC role

assignments, 111

delegation in EWS, 274, 289–290

delivery agents, 266

denial-of-service (DoS) attacks, 180

deployment, 321

acceptance testing, 329–330

Active Directory preparation,

322–323

certifi cates, 325

clients, 328–329

EAC, 135

Exchange 2013, 41, 57

Exchange Online

hurdles, 150–156

planning and preparation,

145–150

into existing organization,

324–325

fi rewalls, 327–328

high availability, 72–73

information resources, 321

load balancer, 326–327

operating system-based

antivirus programs, 327

preproduction load testing, 329

publishing to Internet, 328

required documentation,

321–322

rollout process, 323–325

SMTP considerations, 325

updates for, 323

376 | DEPLOYMENT PHASE FOR REQUIREMENTS • EVOLUTION OF EXCHANGE 2013

deployment phase for

requirements, 3

design

bandwidth requirements, 20

Client Access server, 18

detail in, 12

documents, 2–4, 11. See alsodesign document sections


Exchange solution sizing, 20–23

fi nishing, 24–25

future proofi ng, 25

living documents, 24

Mailbox, 18–19

overengineering, 25

requirements in, 3, 11

security, 170

simplicity, 25

VM Requirements, 19–20

design document sections, 12

Architecture Summary, 14–15

Business Requirements, 14

compliance framework, 15

Executive Summary, 13

external publishing, 15

Functional Specifi cation, 14

high-availability, 16–17

index, 13

interoperation with third-party

applications, 16

migration and legacy

integration requirements,

15–16

transport design, 17

Vision and Scope document, 14

destination database availability

group, 43

detail in design, 12

DirectAccess, 181

Directory Sync (DirSync)

Exchange hybrid, 139


directory synchronization in

IMAP, 348

Disable-CmdletExtensionAgent

cmdlet, 122

Disable-Mailbox cmdlet, 113–114

disaster recovery (DR), 66

discontinued features


Exchange 2013, 42

discovery search, 37

discretionary access control lists

(DACLs), 274

Disk Space Requirements table, 93

distribution groups (DG)



overview, 242–245, 244–245–

distribution of DAG databases,

74–75, 75DLP (Data Leak Prevention)

templates, 44

DLP (Data Loss Prevention), 207

DNS domains in Exchange Online,

146–147

DNS round robin, 326

documenting

assumptions, 8


design, 2–3, 11

requirements, 2

Domain Security, 184

domains

Active Directory, 323


failure, 64

DoS (denial-of-service) attacks, 180

double-hop inter-org migration, 349

downloading contact photo

attachments, 291–292

downtime cost, 62–63

DPA (Data Protection Act), 200, 309

DR (disaster recovery), 66

drives

capacity increases, 82, 83failure rate, 63–64

dumpster of folders, 274

EEAC. See Exchange Administration

Center (EAC)

EAS (Exchange ActiveSync)

protocol

encryption, 191–192

features, 268, 308–309

overview, 303–304

ECP (Exchange Control Panel),

36, 127

Edge Transport server

Exchange 2007, 32

Exchange 2013, 43

security, 173–174

EdgeSync feature, 173

eDiscovery feature

compliance, 208–209

in design, 16

in-place, 279–283

Keyword Query Language,

280–281

results of operations, 281–282

with SharePoint, 45

working with, 282–283

editions of Exchange 2013, 42

effective RBAC permissions,

121–122, 122EHS (Exchange Hosted

Encryption), 191

Einstein, Albert, 356

email

collaboration with, 232–235,

234–235–

mailboxes. See mailboxes

single instanced, 28

EmailMessage class, 285

EMP (Exchange Management

Console), 127–128

EMS (Exchange Management Shell),

102, 135–136

Enable-SPFeature cmdlet, 258

encryption

clients, 314–315

end-to-end, 190–191


end-to-end encryption, 190–191

end-user expectations in

migration, 351

endpoints in migration, 353–354

Enterprise edition, 42

entities in mail apps, 293

envisioning phase for

requirements, 3

EOP (Exchange Online Protection),

171–173, 174EPA (Exchange Server Profi le

Analyzer), 92

ESE (Extensible Storage Engine)

description, 28

lost fl ush detection, 363–364

ESW Managed API, 269

evergreen service contracts, 141–142

evolution of Exchange 2013, 27–28

Exchange 2000/2003, 28–30



Exchange 2013. See Exchange

2013 overview

EWS. SEE EXCHANGE WEB SERVICES • EXTENDED SUPPORT | 377

EWS. See Exchange Web Services

(EWS)

EWS impersonation, 273

EWSEditor tool, 263

Excel for trend predictions,

364–365, 364exceptions in EOP, 173

Exchange 4.0–5.5 storage, 79–80

Exchange 2000/2003

features, 28–30

storage, 80

Exchange 2007

features, 30–34

storage, 80–81

Exchange 2010

features, 34–39

migration to, 349

storage, 81–82

Exchange 2013 overview, 39–42

autodiscover, 49–51

Client Access servers, 45–47,77 46,

51–53

discontinued features, 42

editions, 42

high availability, 54–56

mail fl ow, 43–44

mailbox servers, 51–52

management, 44–45

name space reduction, 47–49,9

48–49online integration, 57

public folder databases, 52

role separation, 45–54, 46,

48–49sizing, 20–23

transport, 42–43, 51, 53

Unifi ed Messaging, 54

Exchange 2013 Server Role

Requirements Calculator, 93–94, 93Exchange ActiveSync (EAS)

protocol

encryption, 191–192

features, 268, 308–309

overview, 303–304

Exchange ActiveSync Logo

Program, 304

Exchange Administration Center

(EAC), 44, 102

hybrid deployments, 135

malware, 176

new features, 132–134, 133–134for RBAC, 125–126, 126security, 134–135, 194

Exchange application integration

inter-org migration, 335–336


Exchange Client Monitor (ExMon)

tool, 310–311, 311Exchange Client Network

Bandwidth Calculator, 20, 317

Exchange Control Panel (ECP),

36, 127

Exchange Event Trace, 311

Exchange Health Manager Service

process, 56

Exchange Health Manager Worker

process, 56

Exchange Hosted Encryption

(EHS), 191

Exchange hybrid. See Exchange

Online

Exchange Mailbox Server Role

Requirements Calculator, 342

Exchange Management Console

(EMP), 127–128

Exchange Management Shell (EMS),

102, 135–136

Exchange native data protection

(backupless) solutions, 91

Exchange Online, 128, 137

benefi ts, 140–141

client support, 153–154

data leakage, 152–153

data sovereignty, 151–152

deployment hurdles, 150–156

deployment planning and

preparation, 145–150

design overview, 143

DNS domains, 146–147

drawbacks, 141–143

External Publishing

Infrastructure, 139–140

infrastructure overview,

137–140, 138proof of concept, 145

single sign-on, 155

solution design, 144–145

solution requirements, 143–144

UPNs, 151

Virtual Desktop Infrastructure,

155–156

Exchange Online Protection (EOP),

171–173, 174Exchange Search service, 278–279

Exchange Server Profi le Analyzer

(EPA), 92

Exchange Setup Wizard, 125

Exchange Solution Reviewed

Program (ESRP) - Storage

platform, 95

Exchange store search, 279

Exchange Trusted Subsystem, 112,

124–125

Exchange Web Services (EWS), 32,

261, 268–269

authentication, 270, 272–273

availability data sharing, 332

best practices, 296

as client, 300–301

connections, 270

delegation, 274, 289–290

Exchange 2007, 32

FreeBusy lookups, 288–289

identifi ers, 275, 277

in-place eDiscovery, 279–283

item creation, 283–286

mail apps for Outlook,

292–296, 293mailboxes

accessing, 274–278

authentication, 273–274

MailTips, 287–288

migrating CDO 1.2 VBS scripts,

290–292

out-of-offi ce settings,

286–287

POX Autodiscover, 270–271

proxy objects, 269

raw SOAP, 269

searching for items,

278–279

on SharePoint server,

254, 254SOAP-based Autodiscover,

271–272

WSDL, 269

Exchange Windows

Permissions, 112

Exclusive scope option, 114

Executive Summary

compliance policies, 205

design sections, 13

EXHTTP nodes, 51

existing organization, deployment

into, 324–325

ExMon (Exchange Client Monitor)

tool, 310–311, 311extended property defi nitions, 275

extended support, 314

378 | EXTENSIBLE STORAGE ENGINE • HYBRID SERVERS

Extensible Storage Engine (ESE)

description, 28

lost fl ush detection, 363–364

external publishing in design, 15

External Publishing Infrastructure,

139–140

external URL publishing



Ffailover, 66–67

failure, planning for, 63–65

failure domains, 20, 64

FAIs (folder associated items), 274

Farm Confi guration Wizard,

249,9 249FAST Search technology, 343

fi le-level protection, 171

fi le share witness, 74

fi ltering

AQS, 279

Contacts folder, 291

FIM (Forefront Identity Manager),

150, 332, 341

FindFolders operation, 275

FindItems operation, 275

fi rewalls

access rules, 180


FOIA (Freedom of Information

Act), 201

folder associated items (FAIs), 274

folders

mailboxes

access, 276–277

properties, 275–276, 276public. See public folders

Forefront Identity Manager (FIM),

150, 332, 341

Forefront Online Protection for

Exchange (FOPE), 172

foreign systems, migrations from,

346–348

FreeBusy lookups, 288–289

Freedom of Information Act

(FOIA), 201

front-end servers, 29

Front End Transport service, 51

functional documents for

requirements, 3–4

functional requirements, 4, 7

Functional Specifi cation in design, 14

functionality, 41

future proofi ng in design, 25

GGAL (Global Address List)

synchronization



GALSync management agent, 332

Gartner report, 171

geographic affi nity, 41

Get-DistributionGroup cmdlet, 239

Get-Mailbox cmdlet, 111, 118, 194

Get-ManagementAssignment

cmdlet, 121

Get-ManagementRole cmdlet, 107

Get-ManagementRoleAssignment

cmdlet, 121

Get-ManagementRoleEntry cmdlet,

113, 121

Get-RoleGroup cmdlet, 109

Get-ServerHealth cmdlet, 368

Get-WebServicesVirtualDirectory

cmdlet, 263

GetHoldOnMailboxes

operation, 280

GetItem request, 292

GetSearchableMailboxes

operation, 280

GetUserAvailiblity operation, 288

GFE (Good For Enterprise), 335

Global Address List (GAL)

synchronization



Good For Enterprise (GFE), 335

Goodman, Steve, 313, 365

Gossage, Matt, 356

granular permission models,

112–113

Griffi n, Stephen, 305

Group Naming Policy, 243–244,

244–245–

groups

distribution, 242–245, 244–245– ,5336, 338

email metrics, 233

RBAC, 115

HHA. See high availability (HA)

hardening servers, 162

hardware for storage, 95–96

HBA (host bus adapter) device

drivers, 80

Health Insurance Portability and

Accountability Act (HIPAA),

201–202

high availability (HA), 8

achieving, 67–69

components, 60–62, 61DAG planning, 73–78, 75–77defi ning, 59–60, 66

downtime costs, 62–63

Exchange 2000/2003, 29



Exchange 2013, 40–41, 54–56


hybrid deployment, 72–73

namespace planning, 69–72,

70–72planning for failure, 63–65

strategy and requirements in

design, 16–17

terms, 65–67

transport, 69

HIPAA (Health Insurance

Portability and Accountability

Act), 201–202

host bus adapter (HBA) device

drivers, 80

Host IO and Throughput

Requirements table, 94

hosting

Exchange 2010, 36

Exchange 2013, 45

HTTPS tunnels, 300

Hub Transport Server (Hub/HT), 32

Huiyuan Juice Group, 161

Hybrid Confi guration Wizard

EAC, 135

Exchange 2010, 39


hybrid deployments, 102. See alsoExchange Online

availability, 72–73

EAC, 135

Exchange 2013, 57

hybrid servers, 139

IDENTIFICATION OF ORGANIZATION IN COMPLIANCE POLICIES • LOADPROPERTIESFROMITEMS METHOD | 379

Iidentifi cation of organization in


identifi ers in EWS, 275, 277

identity federation, 139

IdFix tool, 146

IMAP (Internet Message Access

Protocol), 299

in inventory, 312–313


immutability of data, 204–205

in-place archiving, 208

in-place discovery reports, 196, 197in-place eDiscovery, 279–283

In-Place Holds mechanism, 86, 208,

221–222

indefi nite holds, 221

Independent Software Vendors

(ISVs), 297

indexes

content, 278–279, 9 343, 360

design documents, 13

Information Rights Management

(IRM)


data at rest, 186–190, 189security compliance, 310

Information Store process, 52

Information Technology

Infrastructure Library (ITIL), 363

Input/Output Operations Per

Second (IOPS), 22, 80, 83–85

integrity of data, 204–205


availability data sharing, 332


double-hop, 349

Exchange application

integration, 335–336

external URL publishing, 335

GAL synchronization, 332

mail fl ow, 333–334

mailbox moves, 340–341

mailbox permissions, 334

mobile device reconfi guration,

334–335

offl ine address book, 336

Outlook client reconfi guration,

331–332

public folder data

synchronization, 333

Inter-Organization Replication

(IORepl) tool, 333, 343

interdependency of component

systems, 61–64, 61internal antimalware and antispam

protection, 175–177

Internet access

infrastructure, 147

Internet Information Services

Manager, 250

Internet Message Access Protocol

(IMAP), 299



Internet Security and Acceleration

(ISA) servers, 178

interoperation

Lotus Notes, 346

third-party applications in

design, 16

intersite replication bandwidth,

76–78, 77intra-org migrations, 336–338

inventory

clients, 310–313, 311monitoring, 365–366, 365

Iometer tool, 97

IOPS (Input/Output Operations Per

Second), 22, 80, 83–85

IORepl (Inter-Organization

Replication) tool, 333, 343

IPSec, 180–181

IRM (Information Rights

Management)


data at rest, 186–190, 189security compliance, 310

ISA (Internet Security and

Acceleration) servers, 178

ISVs (Independent Software

Vendors), 297

IT availability, 358

items in mailboxes

access, 277–278

properties, 275–276, 276ITIL (Information Technology

Infrastructure Library), 363

JJavaScript API for Offi ce, 294

JBOD (just a bunch of disks)


multiple databases for,

88–90, 89solutions, 85–86

Jetstress tool

description, 94


storage validation using, 96–98

journaling, 199–200, 207, 30977

KKeeping the Promise for a Strong

Economy Act (C-SOX), 309

Kerberos Constrained Delegation

(KCD) preauthentication, 178

keyloggers, 161

Keyword Query Language (KQL),

225, 280–281

keywords attribute, 50

Llarge audience threshold, 233

latency

cloud, 263–264


network, 147, 361

trending, 361, 363

Launch The Farm Confi guration

Wizard option, 249

LCR (Local Continuous

Replication), 33

leakage of data, 152–153

least-cost routing, 31

legacy integration requirements in

design, 15–16

legacy migration, 348–349

legacy name space, 324–325

legacy protocols in design, 16

legacyExchangeDN attribute, 334

legal department compliance, 203

legal discoveries, 282

Linux MAPI implementations, 311

litigation holds, 36–37, 208

litigation reports, 196, 197Live@edu service, 299

load balancers, 326–327

load testing in deployment, 329

LoadGen tool, 97, 329

LoadPropertiesFromItems method,

292, 296

380 | LOCAL CONTINUOUS REPLICATION • MIGRATIONS

Local Continuous Replication

(LCR), 33

Log Parser, 312

log shipping, 33

logging, audit, 121–122, 209

Logman tool, 311, 311long-term storage, 193–197

lost fl ushes, 357, 363–364

Lotus Notes, migration from,

346–347

MMA (Managed Availability), 55–56,

367–369

MA (management agent), 332

macros in Outlook, 307

mail apps for Outlook, 292

EWS operations for, 295

overview, 293–294, 293permission levels, 294–295

Mail client, 300

mail fl ow




Mail Recipient Creation role, 123

Mail Tips, 232

mailbox delivery group, 43

Mailbox Replication Service (MRS),

339–340

Mailbox Server Role Requirements

Calculator, 20, 93–94, 93–95Mailbox Transport service, 53

Mailbox Transport Delivery

service, 53

Mailbox Transport Submission

service, 53

mailboxes

auditing, 194–195, 195, 2095authentication, 273–274

capacity requirements

increases, 86

data access, 274–278

databases

trending, 359

volume size in

migrations, 342

design, 18–19

Exchange 2010, 36

inter-org migrations, 340–341

mapping, 237

moving, 338–343

permissions

inter-org migrations, 334


reporting, 194–195, 195resource, 238–240, 238–239–

servers

Exchange 2007, 32


shared, 235–238, 236site. See SharePoint site

mailboxes

MailTips, 287–288

makeEWSRequestAsync

method, 295

malware

prevalence, 160

protecting against, 170–172,

175–177

threats, 160–161

Managed Availability (MA), 55–56,

367–369

managed stores, 52

management, 101

administration. Seeadministration management

Exchange 2000/2003, 29



Exchange 2013, 40, 44–47

RBAC. See Role-Based Access

Control (RBAC)

tools, 131–132

trends, 101–102

management agent (MA), 332

management scope in RBAC

permissions, 105

MAPI (Messaging Application

Programming Interface), 299–300

CDO connections, 309

Exchange 2010, 38

Exchange 2013, 47

in inventory, 310–311, 311mapping mailboxes, 237

MCS (Microsoft Consulting

Services), 150

Mealiffe, Jeff, 24

meeting requests, 285

megacycles, 23

memory sizing, 23–24

merging Active Directory

forests, 150

message queue, trending, 360–361

Message Records Management

(MRM), 208

message throttling, 35

Message Transfer Agent (MTA), 28

Messages Received per Mailbox per

Day metric, 91

Messages Sent per Mailbox per Day

metric, 91

MessageWare, 181

Messaging Application

Programming Interface (MAPI),

299–300

CDO connections, 309

Exchange 2010, 38

Exchange 2013, 47

in inventory, 310–311, 311MFCMapi editor, 276, 276Microsoft Consulting Services

(MCS), 150

Microsoft Federation Gateway

(MFG), 139

Microsoft Mail, 28

Microsoft Malware Protection

Center (MMPC), 164

Microsoft Management Console

(MMC), 29

Microsoft Security Response Center

(MSRC), 164

Microsoft Solutions Framework, 3

migration batches, 353

migrations, 331

application integration, 352–353

business support issues, 350

CDO 1.2 VBS script to

PowerShell EWS Managed

API script, 290–292

compliance, 353

content indexing, 343

in design, 15–16

end-user expectations, 351

endpoints, 353–354

foreign systems, 346–348

improvements, 353–354

inter-org. See inter-org

migration

intra-org, 336–338

legacy, 348–349

Mailbox Replication Service,

339–340

moving mailboxes, 338–343

planning issues, 350–351

MIMECAST COMPANY • PERCENTTIMEINMAILBOXRPC PARAMETER | 381

problems, 349–353

public folder data, 343–346

seamless vs. velocity issues,

351–352

storage capacity, 342–343

Mimecast company, 161, 200

MMC (Microsoft Management

Console), 29

MMPC (Microsoft Malware

Protection Center), 164

mobile devices

data access, 191–193

device reconfi guration



shared mailboxes, 237–238

monitoring

alerting, 357–358

inventory, 365–366, 365Managed Availability, 55,

367–369

overview, 355–357

trending, 358–365

Workload Management,

369–371

moving mailboxes, 338–343

MRM (Message Records

Management), 208

MRS (Mailbox Replication Service),

339–340

MRTG (Multi Router Traffi c

Grapher), 362, 362MSExchangeHMHost.exe

process, 56

MSExchangeHMWorker.exe

process, 56

MSRC (Microsoft Security

Response Center), 164

MTA (Message Transfer Agent), 28

Multi Router Traffi c Grapher

(MRTG), 362, 362multi-tenant messaging system, 138

multi-tenant model, 36

multiple Active Directory

forests, 150

multiple JBOD databases, 88–90, 89“must” security requirements, 168

MX records, 325

MyBaseOptions role, 117

MyContactInformation role, 117

MyDistributionGroupMembership

role, 117

Nnamespace

planning, 69–72, 70–72reduction, 47–49, 9 48–49

NEAR operator, 281

network perimeter zones, 177–178

networks

bandwidth, 20, 317

client usage, 317, 77 318high availability, 67

latency, 147, 361

unauthorized access, 162,

177–183

utilization trending,

361–364, 362New-AdminAuditLogSearch

cmdlet, 122

New-App cmdlet, 296

New-MalwareFilterPolicy

cmdlet, 176

New-ManagementRole cmdlet,

113, 120

New-ManagementRoleAssignment

cmdlet, 115–116, 120

New-ManagementScope cmdlet, 114

new-migrationbatch cmdlet, 353

new-MigrationEndpoint cmdlet, 354

New-MoveRequest cmdlet, 341

New-OutlookProtectionRule

cmdlet, 190

New-RoleAssignmentPolicy cmdlet,

117–118

New-RoleGroup cmdlet, 115, 121

New-SPTrustedSecurityTokenIssuer

cmdlet, 256

nines in availability, 59–60

non-service-affecting failures, 357

nonfunctional requirements, 4, 7

Novell GroupWise, migration

from, 347

OOAB (offl ine address book)



OAuth

confi guring, 256–257

EWS, 272

Offi ce 365

migration to, 349

SSO, 135

Offi ce 365 Dedicated service, 138

Offi ce 365 Directory Sync

Exchange hybrid, 139


offl ine address book (OAB)



ONEAR operator, 282

online integration

Exchange 2010, 39

Exchange 2013, 57

OnRamp for Offi ce 365 tool, 145

operating system-based antivirus

program deployment, 327

Organization Management role

group, 107–111

organization security compliance,

309–310

out-of-offi ce (OOF) settings,

286–287

out of process hosts, 294

Outlook

client reconfi guration



mail apps for, 292–296, 293support, 306–307

Outlook Anywhere

connections, 300

Outlook Web App (OWA), 181

contact photos, 234, 234–235–

Exchange 2013, 44

feature availability, 307–308

mail apps for, 292–296, 293spell check, 303

web browsers, 302–303

OutlookSpy editor, 276

overengineering, 25

Ppaging, 277

partitioning, 41–42

password sync, 347

Patriot Act, 201

Payment Card Industry Data

Security Standard (PCI-DSS), 202

percentage availability, 59

PercentTimeInAD parameter, 318

PercentTimeInCAS parameter, 318

PercentTimeInMailboxRPC

parameter, 318

382 | PERFORMANCE • REPLY ALL PROBLEMS

performance

clients, 315–317, 77 316Lotus Notes, 347

storage platforms, 96

Performance Monitor tool, 363

perimeter protection, 171

permissions

effective, 121–122, 122intra-org migrations, 337

mail apps, 294–295

mailbox, 334

RBAC, 104–105, 104shared mailboxes, 235, 235SharePoint, 257

split, 36, 123–125

Personal Storage Table (PST)

fi les, 199

PHI (protected health

information), 201

phishing attacks, 160–161

PhoneFactor, 181

photos, contact, 234, 234–235– , 5291–292

pilots, 145

Plain Old XML (POX) Autodiscover,

270–271

planning

database availability, 73–78,

75–77Exchange Online deployment,

145–150

for failure, 63–65

migration issues, 350–351

namespace, 69–72, 70–72RBAC management strategy,

105–107

platform-level protection, 171

POC (proof of concept), 145

policies


RBAC role assignments,

117–119, 9 117–77 119Post Offi ce Protocol (POP3),

299–302


support, 308–309

power


storage platforms, 96

PowerShell

EWS. See Exchange Web

Services (EWS)

execution modes, 136

POX (Plain Old XML) Autodiscover,

270–271

predicted random IOPS metric,

84–85

Prepare-MoveRequest.ps1 script,

334, 341


Primary Safety nets, 56

probability of failure,

63–64

probe engines, 55, 367

processes

in compliance policies, 206


processor megacycles requirements

per mailbox, 23

processor sizing, 22–23

Product Certifi cations team, 164

production POCs, 145

profi le analysis, 91–92

profi le fi les in migration, 332

Profi le Synchronization service,

247–248, 251–253, 251–253–

programming

API choices, 264–268

cloud considerations,

263–264

connecting code, 263

EWS. See Exchange Web

Services (EWS)

EWSEditor, 263

overview, 261–263

project roles, 2

proof of concept (POC), 145

protected health information

(PHI), 201

Protocol Analysis Agent, 175

proximity searches, 282–283

proxy bypass solution, 147

proxy objects, 269

Proxy/Redirect feature, 45

PST Capture tool, 210, 216

PST (Personal Storage Table)

fi les, 199

public folders

for collaboration, 240–242,

241–242–

data synchronization

databases, 52



Exchange 2007, 32


publishing

external, 15, 139–140

to Internet, 328

URL, 335

Purple Zone, 178

Qquery-based holds, 221

quorums

DAC mode, 38

DAG, 74–76

RRackspace hosts, 102

raw SOAP, 269


Control (RBAC)

ReadItem permission, 295

ReadWriteMailbox

permission, 295

receive agents in SMTP, 266

receive connectors

in design, 16

Exchange 2007, 31

Exchange 2013, 43

Recipient Filter Agent, 175

recipient write scopes, 116

recovery point objectives (RPOs),

65, 66, 362

recovery time objectives (RTOs),

66, 66Regular RBAC assignments, 111

regulations, 200–203

regulatory compliance, 309

regulatory policies, 163

relative scope in RBAC

permissions, 105

Remote Client Access, 179–183

Remote Procedure Call (RPC)

protocol, 300

RemoteSigned execution

mode, 136

Remove-Mailbox cmdlet, 121

Remove-RoleGroupMember

cmdlet, 115

replication

bandwidth, 20, 76–78, 77CCR, 33, 80

LCR, 33

MRS, 339–340

public folders, 240–241

Reply All problems, 233

REPORTING • SECURITY | 383

reporting

administrator activity,

195–196, 196capabilities, 193–194, 194mailbox activity, 194–195

system availability, 358

trending. See trending

requirements, 1–2

business, 4–6


constraints, 7–8

in design, 11

elicitation, 8, 167–170

in framework, 3–4

implementing, 12

storage, 90–92

technical, 6–7

types, 4

VM, 19–20

requirements defi nition phase, 3

reseed

automatic, 54, 88

planning, 78

resource mailboxes, 238–240, 0 238–239–

responders in Managed

Availability, 56

Restricted execution mode, 136

Restricted permission, 295

restrictions in search, 275

retention holds, 36–37

retention of data, 204

revenue requirements, 5

revision dates in compliance

policies, 206

rights in distribution groups,

244, 244rights policy template, 188

risk requirements, 5

Role-Based Access Control

(RBAC), 102

business logic, 119–121


EAC for, 125–126, 126Exchange 2010, 36

overview, 103–104

permissions, 104–105, 104effective, 121–122, 122granular models,

112–113

split, 123–125

planning management strategy,

105–107

roles

assignment policies,

117–119, 117–77 119assignments, 111,

115–117

built-in management,

107–111

creation, 113–114

groups, 115

scope creation, 114

role-based mailboxes, 235

role groups

RBAC, 107–111, 115

reports, 196, 197role separation

Exchange 2000/2003, 29


Exchange 2010, 37

Exchange 2013, 40, 45–54, 46,

48–49roles


establishing, 2


Control (RBAC)

rollout process, 323–325

rotational latency

metric, 84

rotational latency + average seek

time metric, 84

rotational speed metric, 84

round-trip time (RTT), 363

routable DAGs, 43–44

routing

Exchange 2010, 35

Exchange 2013, 43

routing agents, 266

RPC (Remote Procedure Call)

protocol, 300

RPC Averaged Latency

counter, 363

RPC Client Access service, 37

RPOs (recovery point objectives),

65, 66, 362

RTOs (recovery time objectives),

66, 66RTT (round-trip time), 363

rules in EOP, 173

Run A Per-Mailbox Litigation Hold

report, 196

Run An Administrator Role Group

Report settings, 196

SS/MIME (Secure/Multipurpose

Internet Mail Extensions),

190–191, 315

safelist aggregation, 173

Safety Nets, 56, 69

SAN (Subject Alternate Name)

certifi cates, 69

SANs (storage area networks), 64

Sarbanes-Oxley Act (SOX), 202, 309

SCC (single copy clusters), 33–34, 81

schema in Active Directory, 322

SCL (Spam Confi dence Level)

rating, 175

SCOM (System Center Operations

Manager), 356

scopes in RBAC, 105, 114, 116

SCP records, 50

SCR (standby continuous

replication), 33, 80

scripts, 136, 290–292, 313

SDL (Security Development

Lifecycle) framework, 164

seamless issues in migration,

351–352

Search-AdminAuditLog cmdlet,

122, 195

Search-MailboxAuditLog

cmdlet, 195

SearchFilters, 275

searching for items, 278–279

SearchMailboxes operation, 280

Secure by Default, 164–166

Secure by Design, 167

Secure/Multipurpose Internet Mail

Extensions (S/MIME),

190–191, 315

Secure the Perimeter (STP), 178

security, 159

clients, 309–310, 314–315

cloud, 170–173, 174compliance policies, 205

conversations, 162–164

design overview, 170

EAC, 134–135

Edge Transport server, 173–174

malware and spam, 170–172,

175–177

meaning, 159–160

need for, 161–162

remote client access, 179–183

threats, 160–161

384 | SECURITY DEVELOPMENT LIFECYCLE • STANDARD EDITION

trustworthy computing,

164–170

unauthorized network access,

177–183

Security Development Lifecycle

(SDL) framework, 164

Security Group Creation and

Membership role, 123

Security Industry Alliances

teams, 164

self-service management of


self-signed certifi cates, 30–31

send connectors

Exchange 2007, 31

Exchange 2013, 43

Sender Filter Agent, 175

Sender ID Agent, 175

sender policy framework (SPF), 173

sender-recipient fi ltering, 172

server health, 368–369, 9 368–369server lists, 43

server-to-server authentication, 272

Server Virtualization Validation

Program (SVVP), 19

ServerList scope option, 114

ServerRestrictionFilter scope

option, 114

service-affecting failures, 357

service-level agreements (SLAs),

65, 91

service outages in Exchange

Online, 141

serviceBindingInformation

attribute, 50

Set-ADServerSettings cmdlet, 116

Set-ClientAccessServer cmdlet, 255

Set-DatabaseAvailabilityGroup

cmdlet, 55, 185

Set-DistributionGroup cmdlet, 239

Set-ECPVirtualDirectory

cmdlet, 134

Set-ExecutionPolicy cmdlet, 136

Set-ImapSettings cmdlet, 312

Set-Mailbox cmdlet, 117–118, 194

Set-MalwareFilteringServer

cmdlet, 176

Set-ManagementRoleEntry

cmdlet, 114

Set-PopSettings cmdlet, 312

Set-SendConnector cmdlet,

184–185

Set-SPAppPrincipalPermission

cmdlet, 257

Set-TransportConfi g cmdlet, 185

Set-WebServicesVirtualDirectory

cmdlet, 263

SetHoldOnMailboxes operation, 280

shadow redundancy

Exchange 2010, 38

Exchange 2013, 56

Shadow Safety Nets, 56

shared mailboxes, 235–238, 236shared permissions model, 123

SharePoint site mailboxes, 16

Exchange connections, 256–259

Exchange integration, 44–45

implementing, 247

overview, 245–247, 77 246prerequisites, 247–248, 248server confi guration, 248–255,

249–255–

server preparation, 255

SQL, 248, 248“should” security requirements, 168

Simple Network Management

Protocol (SNMP)

alerting, 357

in deployment, 325

Exchange 2013, 51

mail fl ow, 333–334

MRTG, 362

receive agents, 266

simplicity

design, 25

EAC, 133–134

single copy cluster (SCC),

33–34, 81

single instanced email, 28

single item recovery (SIR), 274

single points of failure, 68

single sign-on (SSO)

ADFS, 139

authentication in EWS, 273


Offi ce 365, 135

SIR (single item recovery), 274

site collections, 250–251, 251site mailboxes. See SharePoint site

mailboxes

sizing

database, 73

memory, 23–24

processors, 22–23

servers, 21

storage, 21–22

SLAs (service-level agreements),

65, 91

Smith, Ross, IV, 93, 367

SNMP. See Simple Network

Management Protocol (SNMP)

SOAP, 262, 268–272

soft deleted items, 274

software support for Exchange

Online, 153–154

SolarWinds monitoring, 356

solid-state (SSD) technology, 83

solutions in Exchange Online

design, 144–145


solution alignment

workshop, 143

SOX (Sarbanes-Oxley Act), 202, 309

space in storage platforms, 96

spam

prevalence, 160


175–177

threats, 161–162

Spam Confi dence Level (SCL)

rating, 175

Spamhaus database, 172

spear phishing, 161

SPECint benchmark, 23

spell check in OWA, 303

SPF (sender policy

framework), 173

split brain

DAC mode, 38

DAG, 74

split permissions

Exchange 2010, 36

RBAC, 123–125

spoofi ng, 172–173

SQL installation, 248, 248SSD (solid-state) technology, 83

SSL

SharePoint certifi cates,

254–255, 255Web applications

creating, 249–250, 250site collections, 250–251, 251

SSO. See single sign-on (SSO)

stability in Exchange Online,

140–141

Standard edition, 42

STANDBY CONTINUOUS REPLICATION • USER ACCEPTANCE TESTING | 385

standby continuous replication

(SCR), 33, 80

StartTLS command, 184

Stehle, Matt, 263

storage, 79

capacity

increases, 82, 83, 86

mailbox, 86

migrations, 342–343

trending, 359

costs, 86–87

design overview, 90

Exchange 2000/2003, 29–30

Exchange 2007, 34

Exchange 2010, 39

Exchange 2013, 41, 56

hardware, 95–96

history, 79–82

improvements, 87–90, 89IOPS performance, 83–85

mailbox server role

requirements calculator,

93–94, 93–95requirements gathering,

90–92

sizing, 21–22

validation using Jetstress,

96–98

storage area networks (SANs), 64

store search, 279

STP (Secure the Perimeter), 178

Subject Alternate Name (SAN)

certifi cates, 69

supportability of clients, 306–308,

313–314

SVVP (Server Virtualization

Validation Program), 19

switchover, 66–67

Symantec Intelligence Report, 160

Symantec Policy Based

Encryption, 191

synchronization

Exchange Online,

146–148

IMAP directories, 348

public folder data, 333

User Profi le Synchronization

service, 247–248, 251–253,

251–253–

system availability types, 358

System Center Operations Manager

(SCOM), 356

Ttarget Exchange mailboxes, 290

task requests, 285

TCP ports, 51, 53

Technical Adoption Program, 352

technical requirements, 6–7

tenants in Exchange hybrid, 138

testing user acceptance, 329–330

Thiel, Greg, 367

thinking phase for requirements, 3

third-party products, 297

interoperation with, 16

storage devices, 91–92

Threat Management Gateway

(TMG), 178

threats, security, 160–161

three nines availability, 59

throttling

clients, 36, 318–319

cloud, 264

messages, 35

time-based holds, 221

time for one rotation metric, 84

Tivoli Data Protection, 193

Tivoli Storage Manager, 193

TLS (Transport Layer Security), 184

TMG (Threat Management

Gateway), 178

token authentication, 272–273

tokenized structures, 268

top-level roles, unscoped, 119–121

Total Database Required IOPS per

database value, 94

TPM (Trusted Platform Module),

187, 191

tracking/protocol log trending, 361

trading disclosure regulations, 202

training collaboration, 233–234

transaction logs

capacity trending, 359–360

volume size in migrations,

342–343

transport

design, 17

Exchange 2000/2003, 29

Exchange 2007, 30–31, 34

Exchange 2010, 35

Exchange 2013, 40, 42–43, 51, 53

high availability, 56, 69

transport agents, 35, 266

transport dumpster, 31, 34

Transport Layer Security (TLS), 184

transport rules, 31, 207

TransVault Insight tool, 216

TransVault Migrator tool, 222

trending, 358–359

content index, 360

Excel predictions, 364–365, 364mailbox databases, 359

message queue, 360–361

network utilization,

361–364, 362tracking logs, 361

transaction log capacity,

359–360

Triple Data Encryption Standard

(Triple DES), 192

Trusted Platform Module (TPM),

187, 191

Trustworthy Computing (TwC)

initiative, 164

requirement elicitation, 167–170

Secure by Default, 164–166

Secure by Design, 167

tunnels, HTTPS, 300

two-factor authentication (2FA),

179–183, 310

UU.S. Patriot Act, 201

ubiquitous computing, 159–160

unauthorized network access, 162,

177–183

Unifi ed Access Gateway (UAG),

147, 178

Unifi ed Messaging

design, 19

Exchange 2007, 32

Exchange 2010, 37

Exchange 2013, 54

United Kingdom, Data Protection

Act in, 200

Unrestricted execution mode, 136

unscoped top-level roles, 119–121

unsupported clients in Exchange

Online, 153–154

updates for deployment, 323

upgrades, version-to-version, 348

UPNs (User Principal Names), 151

UPSS (User Profi le Synchronization

Service), 247–248, 251–253,

251–253–

user acceptance testing, 329–330

386 | USER EXPERIENCE FOR CLIENTS • XML MANIFEST FILES

user experience for clients, 305–306

user locations in high

availability, 67

user mailbox activity, auditing and

reporting, 194–195, 195user partitioning, 41–42

User Principal Names (UPNs), 151

user profi les, 179

analysis, 91–92

UPSS, 247–248, 251–253,

251–253–

user throttling, 318–319

VVBA (Visual Basic for

Applications), 307

VDI (Virtual Desktop

Infrastructure), 155–156

velocity issues in migration,

351–352

version-to-version upgrades, 348

versioning, 41

violations in compliance policies, 206

VIP (Virtual Internet Protocol), 255

Virtual Desktop Infrastructure

(VDI), 155–156

Virtual Internet Protocol

(VIP), 255

virtualization

failure domains, 64



Virus Scanning API (VSAPI), 175

viruses

antivirus program

deployment, 327


175–177

threats, 160–161

Vision and Scope document,

3, 14

Visual Basic for Applications

(VBA), 307

Visual Studio Express, 263

Volume Requirements tab, 94

Volume Shadow Copy Service

(VSS), 216

volumes in JBOD, 85

VPN connections, 181

VSAPI (Virus Scanning API), 175

VSS (Volume Shadow Copy

Service), 216

Wweb browsers, 302–303

web clients in inventory, 311–312

Web Services Description Language

(WSDL), 269

WellKnownFolderName

enumeration, 277, 291

“What” in RBAC permissions, 105

“Where” in RBAC permissions, 105

“Who” in RBAC permissions,

104–105, 104Workload Management (WLM),

369–371

write scopes in RBAC, 116

WSDL (Web Services Description

Language), 269

XXML manifest fi les, 294

Index []network deployments, 317 pro grammin , 263–264 Cluster Continuous Re plication (CCR), 33,...

Documents

Transcript of Index []network deployments, 317 pro grammin , 263–264 Cluster Continuous Re plication (CCR), 33,...