Managing your exchange architecture

Managing your Exchange Architecture LEARN EXCHANGE – PART 2

© 2014 Veeam Software. All rights reserved. All trademarks are the property of their respective owners.

Niels Engelen System Engineer, Veeam Software [email protected]

Johan Huttenga System Engineer, Veeam Software [email protected]

Recap: Last Session

We’ve discussed: ‐ Exchange 2013 Architecture

‐ Deployment Planning

‐ Installing Exchange 2013

Last Time our session on the 21st of August

Session Overview

We’ll be discussing: ‐ Exchange Management

‐ Troubleshooting Mail Flow

‐ Compliance Policies (including DLP and Email Archiving)

‐ Monitoring Exchange (Events, SCOM, and Best Practice Analyzer)


Co-Existence

Popular Question from last session

Co-Existence with Exchange 2010 and 2007

‐ You’ll need to plan carefully (will need Exchange 2010 SP3 or higher, Exchange 2007 SP3 rollup 10 or higher and Exchange 2013 CU2 or higher)

‐ Make sure that you’ve verified DNS namespaces, and that Outlook Anywhere is enabled on the older Exchange servers.


Exchange Management

Management Tools Exchange 2013

Exchange Admin Center (http://<server>/ecp)

Exchange Management Shell

PowerShell baby! Exchange 2013

‐ Mailbox management: ‐ New-Mailbox, Get-Mailbox, Enable-Mailbox, Remove-Mailbox,...

‐ Mailbox configuration: ‐ New-MailboxFolder, Get-MailboxFolder, New-MailMessage

Remember: Get-Help <cmdlet>

For example, Get-Help Get-Mailbox

PowerShell baby! Exchange 2013

‐ Active Directory

‐ Anti-spam and anti-malware

‐ Client Access

‐ Cmdlet extension agent

‐ Email address and address book

‐ Federation and hybrid

‐ High availability

‐ Mail flow

‐ Mailbox

‐ Mailbox database

‐ Mailbox server

‐ Move and migration

‐ Organization

‐ Permissions

‐ Policy and compliance

‐ Security

‐ Server health, monitoring, and performance

‐ Sharing and collaboration

‐ Unified Messaging

‐ Users and groups

Certificate Management Exchange 2013

‐ You’ll need to configure split brain DNS, UPN (User Principal Names) accepted domains, and then setup certificates for public facing CAS servers.

‐ You can have a look at the details here: www.msexchange.org/articles-tutorials/exchange-server-2013/management-administration/managing-certificates-exchange-server-2013-part1.html

DAG Management Exchange 2013

‐ A single NIC for DAG members is supported, but members must have the same networks (for MAPI and Replication traffic). Remember binding order!

‐ Don’t use circular logging for VSS support.

‐ Having a few DAGs that are smaller instead of really large ones (improved

DAG replication), but having less disks reduces snapshot creation time for VM backup. Remember witness file shares!

‐ You can change heartbeats to avoid cluster failover (multi-site

deployments):

cluster /prop

Maintenance Mode for Mailbox Servers

‐ Ensures that your users wont be affected by patching and hardware maintenance.

Exchange 2013

Set-ServerComponentState <server> -Component HubTransport -State Draining -Requester Maintenance Restart-Service MSExchangeTransport #if server is multi-role: Restart-Service MSExchangeTransport Restart-Service MSExchangeFrontEndTransport Redirect-Message -Server <server> -Target <MailboxServerFQDN> Suspend-ClusterNode <server> Set-MailboxServer <server> -DatabaseCopyActivationDisabledAndMoveNow $True Get-MailboxServer <server> | Select DatabaseCopyAutoActivationPolicy Set-MailboxServer <server> -DatabaseCopyAutoActivationPolicy Blocked Set-ServerComponentState <server> -Component ServerWideOffline -State Inactive -Requester Maintenance


Troubleshooting Mail Flow

Mail Transport

‐ SMTP is used to transfer messages (send and receive) in and out of the email organization.

Exchange 2013

Oh no, something is wrong

‐ Delivery reports can be run in the Exchange Admin Center


PowerShell baby!

‐ Exchange 2013 is all about PowerShell

‐ Test health and functionality of your servers

‐ All cmdlets start with Test-

‐ Pre-defined scripts! ‐ C:\Program Files\Microsoft\Exchange Server\V15\scripts

‐ Or using


Get-Command -Verb Test | Where Module -match $env:computername

PS: cd $exscripts

PowerShell baby!

‐ Creating the test user:

‐ Testing the mailflow:

‐ Testing DAG replication:


.\new-TestCasConnectivityUser.ps1

Test-MailFlow

Test-ReplicationHealth –Identity <server>

Get-MailboxDatabaseCopyStatus

‐ Testing the Outlook Web Service

‐ Testing if all the Mailbox Databases are ok

‐ Testing if you can use a mobile device to a mailbox

Test-ActiveSyncConnectivity

Test-OutlookWebServices

PowerShell baby! Troubleshooting Mail Flow

Test-MAPIConnectivity –Server <server>


Compliance Policies

Messaging policy and compliance

‐ In-place eDiscovery & hold

‐ Auditing

‐ Data Loss Prevention

‐ Retention Policies

‐ Journaling

Compliance Management

In-place eDiscovery & hold

‐ In-place eDiscovery ‐ Search mailbox data

‐ Copy them to a Discovery mailbox

‐ In-place hold: preserve ESI! ‐ Search mailbox data

‐ Preserve messages from deletion, modification and tampering


Auditing

‐ Reports to find changes made ‐ Mailboxes

‐ Configuration settings

‐ Even log administrators mailboxes!

‐ Enabled per mailbox


Set-Mailbox -Identity “Johan" -AuditEnabled $true Set-Mailbox -Identity “Niels" -AuditEnabled $false

Data Loss Prevention

‐ Protect sensitive data from being send or deleted

‐ Comes pre-defined with regulatory standards


Retention policies

‐ MRM: Messaging Records Management

‐ How long should messages be retained?

‐ Where should the messages be retained?

‐ Should all messages be retained for the same period?


Journaling

‐ Not the same as archiving!

‐ Record all communications via a transport agent

‐ Can be configured on internal, external or all messages

‐ Reports can be generated for audits



Email Archiving

Making sure the Exchange server runs smoothly

‐ Exchange 2013 is designed to use less IOPS.

Exchange archiving

What do we need?

‐ An archive database

‐ Enable the archive option per mailbox

‐ Optional: multiple archives (used in most cases)

‐ Optional: automated archival

Exchange archiving

‐ Easy setup: all done via the Exchange Administration Center ‐ PowerShell is also supported!

What do we need?

‐ Creating the archive database

Exchange archiving

What do we need?

‐ Enabling archiving for a user

Exchange archiving


Monitoring Exchange

Using Event Viewer

An overview of logs for monitoring, compliance and troubleshooting.

Exchange monitoring

Using SCOM

An overview of all components: state, health, and performance

Exchange monitoring

Using BPA

Is integrated with Office 365, and allows you to review your environment for issues, and provides additional information where necessary.

Exchange monitoring

Further Reading and References

We will be doing a third part of this series, and will publish some supporting material as well at veeam.com.

However if you’d like there is a lot more detailed information available (some of which

we used to create this series):

http://microsoftvirtualacademy.com

http://blogs.technet.com/b/exchange/ (you had me at EHLO)

Next time

We’ll be discussing: ‐ Exchange Security

‐ High Availability and Recovery

‐ Built-in and Veeam Instant Recovery as well Item-level recovery

‐ Exchange patch testing with Veeam’s Virtual Lab

Niels Engelen System Engineer, Veeam Software [email protected]

Johan Huttenga System Engineer, Veeam Software [email protected]

Questions?

Managing your exchange architecture

Software

Transcript of Managing your exchange architecture