Module 2

Designing Microsoft® Exchange Server 2010

Integration with the Current Infrastructure

Module Overview

• Designing the Network Infrastructure

• Designing the Active Directory Infrastructure

• Designing the DNS Infrastructure

• Planning Exchange Server Administration

Lesson 1: Designing the Network Infrastructure

• Identifying the Network Requirements for Exchange Server 2010 Deployments

• Identifying the Internet Access Considerations for Client Access

• Identifying the Network Considerations for Client Access

• Identifying the Network Considerations for Message Routing

Identifying the Network Requirements for Exchange Server 2010 Deployments

AD DS

Routing topology Internet

southsouth

nwtradersnwtraders

comcom

westwest easteast

orgorgnetnet

DNS

Identifying the Internet Access Considerations for Client Access

Mobile device security

Public computer access

Certificates

Firewall ports

High availability

Load balancing

DNS configuration

Device types

Identifying the Network Considerations for Client Access

AD DS

Site design Public Key Infrastructure

Perimeter network

Identifying the Network Considerations for Message Routing

Global catalog

Site designRouting topology

Edge configuration

Lesson 2: Designing the Active Directory Infrastructure

• Identifying the AD DS Design Owners

• Designing the Active Directory Forest

• Designing the Active Directory Domain

• Designing the Active Directory Sites for Exchange Server 2010

• Deploying Exchange Server 2010 Servers in Active Directory Sites

• Designing a Domain Controller Placement Strategy

• Discussion: Considerations for Modifying the Current Active Directory Design

• Planning for AD DS Preparation to Support the Exchange Server 2010 Deployment

Identifying the AD DS Design Owners

• An individual administrator or group of administrators who are responsible for the overall design and management of the Active Directory infrastructure

• Personnel responsible for the regular Active Directory administration

Active Directory design owners include:

Designing the Active Directory Forest

Forest option Description

No forest

• In this design, a computer is running the Edge Transport server role that uses AD LDS for storing server configuration information

Single forest

• Exchange Server is installed in a single Active Directory forest that spans the whole organization

• This is the easiest deployment to maintain

Resource forest

• Exchange Server is installed in an Active Directory forest that does not contain the recipient accounts

• This requires a one-way forest trust

Cross-forest

• Exchange Server is installed into multiple, different Active Directory forests

• This may require directory and availability synchronization between forests

Designing the Active Directory Domain

Domain option Description

Single domain The most common domain deployment for small and medium-sized businesses

Multiple domains in the same Active Directory tree

Contains a single, top-level parent domain, and all of the domains share a contiguous DNS namespace with that parent domain

Multiple domains in multiple Active Directory trees

Contains multiple top-level parent domains with multiple DNS namespaces

Designing the Active Directory Sites for Exchange Server 2010

All Exchange Server roles use Active Directory sites*All Exchange Server roles use Active Directory sites*

• Understand the rationale for the current Active Directory site design

• Consider using a centralized Exchange Server deployment

• Consider modifying the Active Directory site design

When designing the Active Directory site configuration:

*except the Edge Transport server role

Deploying Exchange Server 2010 Servers in Active Directory Sites

• Determine whether to place a server running the Mailbox server role in the Active Directory site

• Place a Hub Transport server role and Client Access server role in the site, when placing a Mailbox server role in the site

• Determine whether to place multiple Hub Transport or Client Access servers in each site

Considerations for deploying Exchange servers in an Active Directory site:

Designing a Domain Controller Placement Strategy

• Deploy at least one global catalog server in each site that contains an Exchange Server

• Do not run Exchange Server 2010 on computers that also function as Windows domain controllers

• Upgrade domain controllers and global catalog servers to 64-bit hardware when an Active Directory organization contains more than 20,000 objects

• Implement Exchange server processors to global catalog server processors in an 8:1 ratio in each site

Considerations for placement of domain controllers and global catalog servers:

Discussion: Considerations for Modifying the Current Active Directory Design

15 min15 min

• What is the impact of changing the Active Directory design in a large, complex company?

• How can you balance the complications of modifying the current Active Directory design with the optimal Exchange Server-based design?

• How can you help an organization determine whether to modify the Active Directory design?

Planning for AD DS Preparation to Support the Exchange Server 2010 Deployment

Consider the following factors when preparing AD DS to support Exchange Server:

• Delegation of preparation tasks

• Coexistence with earlier Exchange Server versions

• Domain preparation

• Schema preparation

Lesson 3: Designing the DNS Infrastructure

• Considerations for DNS

• What Is Split DNS?

• Designing a DNS Infrastructure for Exchange Server

Considerations for DNS

• Disjoint namespace considerations

• WINS is not usually required by Exchange 2010

• DNS must be configured correctly

• Service (SRV) resource records, mail exchanger (MX) resource records, Host resource records, and Sender Policy Framework (SPF) resource records configuration

What Is Split DNS?

Internal

External

Adatum.com Adatum.com

HostRecord type IP address

www CNAME Webserver1.adatum.com

Relay CNAME Exchange1.adatum.com

Webserver1 A 192.168.1.200

Exchange1 A 192.168.0.201

HostRecord type IP Address

www A 131.107.1.200

Relay A 131.107.1.201

MX Relay.adatum.com

Your DNS infrastructure should support the following Exchange Server functionalities:

Designing a DNS Infrastructure for Exchange Server

• Client-to-server resolution

• Server-to-server resolution

• Inbound delivery from the Edge server to the Hub server

• Inbound delivery to the Edge server from the Internet

• Outbound delivery from the Edge server to the Internet

• Outbound delivery from the Hub server to the Edge server

Lesson 4: Planning Exchange Server Administration

• Exchange Server 2010 Permissions

• What Is the Default Role Based Access Control Configuration?

• Designing a Custom Management Delegation Strategy

• Designing a Management Tool Strategy

• Demonstration: How to Manage Exchange Server 2010

Exchange Server 2010 Permissions

• Management role groups

• Management role assignment policies

• Direct user role assignment

The Exchange Server 2010 permissions model is based on:

What Is the Default Role Based Access Control Configuration?

• Organization Management

• View-Only Organization Management

• Recipient Management

• UM Management

• Discovery Management

• Records Management

• Server Management

• Help Desk

• Public Folder Management

• Delegated Setup

The following are built-in role groups

Designing a Custom Management Delegation Strategy

You can customize the default administrative model in these ways:

• Modify assignment policies

• Configure custom role groups

Designing a Management Tool Strategy

Exchange Server 2010 provides a number of management tools:

• Exchange Management Console

• Exchange Management Shell

• Windows Remote PowerShell

• Exchange Control Panel

Demonstration: How to Manage Exchange Server 2010

In this demonstration, you will see how to use the Exchange Server 2010 management tools

Lab: Designing Exchange Server Integration with the Current Infrastructure

• Exercise 1: Evaluating the Current Network Infrastructure at Contoso

• Exercise 2: Determining Suitability for Exchange Server 2010

• Exercise 3: Preparing the AD DS Forest For Exchange Server 2010

• Exercise 4: Configuring Exchange Server Delegation

Logon information

Estimated time: 30 minutes

Lab Review

• In Exercise 1, Contoso is using a unified namespace – i.e. the internal and external domain names are the same (Contoso.com). If the internal domain name was different, for example Contoso.priv, what issues would this raise when you deployed Exchange Server?

• Instead of deploying an Edge Transport server in the head office to handle e-mail to and from the Internet, what other options could you consider?

Lab Scenario

• Contoso, Ltd is planning to deploy Exchange Server 2010. You are a messaging consultant from A. Datum Corporation, and have been tasked with verifying that the existing network infrastructure is suitable to support Exchange Server 2010.

• Once you have determined that the prerequisites are met, you will prepare the AD DS forest so that the server deployment team can begin the Exchange Server 2010 deployment.

Module Review and Takeaways

• Review Questions

• Best Practices