Exchange 2013 CU1 and Co-Existence

Last night (2nd April) the Exchange team finally released the Exchange 2013 Cumulative Update 1 (CU1) patch that we have been waiting for to permit co-existence with previous versions of Exchange. (http://blogs.technet.com/b/exchange/archive/2013/04/02/released-exchange-server-2013-rtm-cumulative-update-1.aspx)

I’ve had a very quick look at this today in my lab environment to see what Exchange 2013 Co-existence looks like out the box.

The first job was to update my Lab Exchange 2010 server to SP3 (required for co-existence) – straightforward enough though it does, as expected, require downtime of Exchange Services to apply the Service Pack, and SP3 also includes an AD Schema update too, so – full backup of AD first!  FYI SP3 is a slipstreamed install and now supports Server 2012.

Next I created a new Server 2012 VM and joined it to my Lab domain. The only pre-requisites, other than Server 2012 Roles & Features, are the Microsoft Unified Communications Managed API 4.0 Runtime (http://www.microsoft.com/en-GB/download/details.aspx?id=34992) and the Office 2010 64Bit FilterPack SP1 (http://www.microsoft.com/en-GB/download/details.aspx?id=26604).

Now I could run the downloaded CU1 Exchange-x64.exe file to unpack the installation files and run Setup.exe.

The Exchange 2013 CU1 installation now runs through with an option to install all required Roles and Features on the server, very helpful other then requiring a re-boot to complete the install, before then needing to re-running setup.exe to actually start the install.

The install itself is, as expected, very straightforward with the only real option being which role or roles to install (Only CAS or Mailbox roles now in 2013).

Once installed the fun starts – as Exchange 2013 no longer has the Exchange Management Console all administration is via the web based “Exchange Control Panel”. This is great but, at this point my Administrator mailbox still resides on the Exchange 2010 server so when I login to the 2013 URL my session is proxied to 2010, presenting me with the 2010 ECP and no knowledge of the Exchange 2013 world!

A quick check of TechNet and I find this:-

If your mailbox
exists on an Exchange 2010 Mailbox server, the Exchange 2010 ECP will
automatically load in your browser. This is by design. You can access the EAC
by adding the Exchange version to the URL. For example, to access the EAC whose
virtual directory is hosted on the Client Access server CAS01-NA, use the
following URL:
https://CAS01-NA/ecp?ExchClientVer=15.

So now I can connect to the 2013 ECP and see all my 2010 objects I test moving a mailbox from my 2010 server – this all works as expected by creating a “New Migration Batch” which even sends me a mail when complete. I can login to the mailbox using OWA and get the new clean, modern interface to send a test mail.

The mail sends to mailboxes on 2010 and I can reply back to 2013 successfully  – job done!

I’ll play with this lab more over the coming weeks and if I find anything of interest I’ll let you know.

 

Advertisements

Good news & Bad news – Exchange 2013 Coexistence

Good news, Microsoft yesterday (12/02/13) finally announced the release of SP3 for Exchange 2010 and Exchange 2007 SP3 RU10 – these are the pieces we have been waiting for since Exchange 2013 was released back in early December to allow installation into an existing environment.

Bad news,   To do this, install Exchange Server 2013 Cumulative Update 1 (CU1). You cannot install Exchange Server 2013 in your existing Exchange Server 2010 organization by using Exchange Server 2013 RTM installation media.

At this time Exchange 2013 CU1 is slated for release Q1 2013 – looks like we will have to wait a little bit longer!

Exchange 2013 – Coexistence with previous products (Updated)

Exchange 2013 is now available in Preview form for an anticipated launch late this year or early next.

If you are thinking of waiting for the new products before you migrate from Exchange 2003, please be aware of the following information:-

Exchange Server Coexistence

As is standard practice, Microsoft will not support more than two previous versions of a product. This means that there will not be any coexistence capability between Exchange 2013 and Exchange 2003. Therefore to migrate from 2003 to 2013 will require the additional step of migrating onto Exchange 2010 first, and removing all trace of Exchange 2003, before you can migrate onto Exchange 2013.

Active Directory Requirements

Active Directory is required to contain at least one Windows 2008, 2008R2 or 2012 Domain Controller.

Client Restrictions

Outlook clients earlier than Outlook 2007 are not supported. Email clients on Mac operating systems that require DAV, such as Entourage 2008 for Mac RTM and Entourage 2004, are not supported.

Exchange 2013 Preview supports the following minimum versions of Microsoft Office Outlook and Microsoft Entourage for Mac:

  • Outlook      2013 Preview
  • Outlook      2010 SP1 with April 2012 Cumulative Update
  • Outlook      2007 SP3 with July 2012 Cumulative Update
  • Entourage      2008 for Mac, Web Services Edition
  • Outlook      for Mac 2011

Also note that Outlook 2013 Preview will not connect to Exchange 2003.

UPDATE

Since Exchange 2013 has now been through RTM and has now become GA (http://blogs.technet.com/b/exchange/archive/2012/12/03/exchange-server-2013-reaches-general-availability.aspx) you might think you can move into co-existence, this unfortunately is not the case. Microsoft have stated that the required Service Packs (SP3 for 2010, SP3 RU9 for 2007) won’t be made available until Q1 2013. This means that, unless you want to install a “green field” system, you will have to wait until next year before you can look at introducing Exchange 2013 into your environment.

This is very frustrating but as soon as I can get hold of the SP I’ll be testing the co-existence capabilities of 2013.

MEC Day 3

After 3 ½ days it’s all over. As I write this I’m sitting in Orlando International Airport trying to lose a couple of hours before my flight boards!

Todays interactive sessions have been varied and interesting, here is a brief overview:-

Exchange 2013 Load Balancing

This is a topic that comes up regularly when I am deploying Exchange 2010. The general reaction when discussing LB is that it’s either Expensive or unreliable.

Exchange 2010 had no active concept of an array, it was essentially just multiple, individual servers with no awareness of each other, this has changed in 2013.

The Exchange 2013 CAS role is essentially an intelligent proxy, all the client rendering technology is now located in the Mailbox role, meaning that the CAS servers could, in theory, be load balanced by Round Robin DNS or Windows Network Load Balancing with no problem, until there is a service failure. This is where true “Service Aware” Load Balancers come in, with WNLB or RRDNS the request would still be sent to a server that was responding to TCP requests but Exchange services had failed. Intelligent load balancing would detect the service failure and not pass any traffic to that node until the issue is resolved.

Another challenge with WNLB is that if using client affinity, it will see an entire remote IP subnet as a single client, routing all traffic from that subnet to a single CAS server – not an optimal solution in a large estate but still valid for small farms (e.g. 4 servers).

The use of Layer 7 load balancers is no longer necessary but is still supported.

The 2013 CAS role, when used in a co-existence environment with 2010 will perform service monitoring of all discovered 2010 CAS servers every 60 seconds to enable it to effectively proxy traffic to the most appropriate host.

Another discussion broke out around TMG and options moving forward, but nothing more came out of this then from the day 2 discussions other than that SSL offloading is not supported in 2013 RTM.

Public Folder Migration

Much has been made of the “Modern Public folders” in Exchange 2013, especially as 5 years ago Microsoft stated that Public Folders wouldn’t be in the next version of Exchange (2010).

From a client perspective, the Modern Public Folders will appear and behave exactly as the old ones they currently use. Any LoB applications using Public Folders should still work, although some MAPI calls have changed slightly.

From an Admin perspective, things have changed.

Modern Public Folders are now stored in Mailboxes and, as such, can be protected by a Database Availability Group.

As they are stored in a Mailbox Database the old Multi-Master replication model has gone. Only one copy of a database can be active at any time (standard DAG behaviour), so this might introduce performance challenges for some clients.

Migration from 2010 to 2013 needs to be performed as a Cutover – it is not supported to have old & Modern Public Folders co-existing.

A number of PowerShell scripts are included to ease the migration to Modern Public Folders to ensure that all attributes, permissions, etc get migrated to the new hierarchy.

Ironically, the permissions model is “the same as before”!

Exchange 2013 Site resiliency

As this was another interactive session it didn’t cover many of the planning aspects it promised but being run by Greg Theil & Scott Scnoll it was a good session to attend anyway.

A lot of discussion around Datacentre RTO, such as “Does the clock start ticking before or after the operator gets called?”, “It’s far easier to have success with a 3 hour RTO that a 1 Hour RTO”

Greg was very persistent that until you have done multiple test failovers you cannot be confident that your failover plan works – ideally test monthly or at least quarterly.

Discussions around DAC mode (datacentre activation coordination) highlighted that when performing recovery the primary DC servers must be shut down to avoid the risk of “Split Brain”

Finally some product detail around DAG’s in 2013:-

  • The setup will automatically setup the Networks
  • Multiple subnets will be consolidated automatically
  • Additional NIC’s (e.g. iSCSI) will be shown as cluster networks and will need to be manually removed
  • The “Enable manual control” option allows the naming of networks & enable/disable replication etc
  • DAG member Exchange versions cannot be mixed – create a new 2013 DAG & use mailbox move.
  • There is no database portability between versions

Virtualisation in Exchange 2013

This was a little bit dry – not the best session to end on!

All two roles (!) in 2013 are fully supported in a virtual environment

Availability is built into Exchange (with DAG’s) so clustering of the virtual platform is just a mechanism for dealing with hardware failure and bringing servers back into service again.

Live Migration is supported, Quick Migration requires the server to be shut down before & cold booted after the migration.

Virtual machine Snapshots are not supported by Exchange (including Hyper-V replica)

Windows Server 2012 adds new functionality:-

  • Removed the 4 CPU limit – a problem in larger Exchange implementations
  • Allows the use of SMB 3.0 storage for Hyper-V, but still not directly for Exchange
  • Deduplication – not supported by Exchange
  • ODX (using intelligent SAN storage to move data natively) – not supported by Exchange (wouldn’t want multiple DAG nodes using the same storage/controller anyway)

That’s it for now. Once I get back to the UK and gather my thoughts and notes I may add some further detail.

Thanks for reading!

MEC Day Two

OK, so another day of Exchangeness has been and gone, here are my highlights.

Keynote

The keynote this morning was “Geek out with Perry!” with Microsoft’s Perry Clarke.

The format of this was intended to start the “interactive” element of MEC with Perry responding to (scripted) questions from members of the audience, unfortunately it was a little slow and lacking energy, especial as it was the first session after a night at Universal Islands of Adventure with all the food & drink you could ask for!

The presentation was performed on an 87″ Perceptive Pixel (recently purchased by Microsoft) touch screen where Perry was using OneNote to illustrate his answers.

Topics covered were

  • The use of “cheap” drives rather than “enterprise disk” (only a 5% difference in failure rate)
  • SSD (Not a good fit for Exchange from usage patterns or ROI perspective)
  • Will MS’ focus on the cloud reduce the emphasis of on-premise products (No!, experience from cloud service will add features and functions to on-prem)
  • Lowering of IOPS (99% over the last 10 years)

And finally, what is the upgrade story from Exchange 2003 to Exchange 2013. “It’s at least as good as the 5.5 to 2007 story!”. “These organisations are obviously risk averse as they are still running 13 year old technology”.

Two options:-

  1. Move to the cloud, there will not need to be any ROI justification for future upgrades
  2. Move to Exchange 2010 now, then migrate to Exchange 2013 SP1 when you are ready.

 

Exchange 2013 High Availability

This session was interactive (a unique feature of MEC, encouraging 2-way communication between the experts and delegates), so discussion were a little “off-topic” at times.

The Experts leading the session were Greg Thiel & Scott Schnoll, both very experienced and knowledgeable with a good sense of humour.

Key information from the session

  • Automatic site failover requires the Witness server to be on a separate, 3rd, site.
  • With only 2 sites available site failover performs like 2010 BUT can fail roles only if wanted (e.g. just CAS role).
  • If a DAG node drops out of a cluster for 5 minutes, but can still be contacted via RPC then it won’t be failed over.
  • The new Auto re-seed capability in 2013 DAG’s requires the use of volume mount points.
  • Windows Server 2012 Storage Spaces will be supported in 2013, Deduplication won’t.
  • Datacentre failover will prompt a client redirect (HTTP) using Geo-DNS, this may not work on some ‘phones as their redirect behaviour varies from device to device.
  • If a server is put into Maintenance mode by SCOM it won’t affect Managed Availability.

An interesting conversation occurred around DR sites, Greg suggesting the DR site DAG member(s) should be used actively all the time in production as this proves the site & service rather than hoping it will all work in a disaster.

Exchange 2013 Database and Store Enhancements

A rather heavy interactive session full of stats and specs

  • 50% IOPS reduction from 2010 to 2013.
  • By supporting multiple databases per volume IOPS are maximised.
  • Isolation of individual store issues is achieved by having a store process per database.
  • A single, badly behaving, mailbox cannot impact the entire database.
  • Database Schema elements are optimised for Sequential I/O
  • All Exchange virtual machines should use Fixed RAM not dynamic.

Exchange 2013 Upgrade for Exchange 2007 and Exchange 2010

A very interesting session, for more than one reason!

Some key points:-

  • Co-existence will require 2010 SP3 or a 2007 rollup, both to be available early next year
  • Outlook 2003 is not supported with Exchange 2013
  • New & old Public folders cannot co-exist (I may need to get further clarification on this)
  • Active Directory will need a 2008R2 DC but only needs 2003 Functional Level

Pretty much for any protocol the process is to move the namespace to point to the Exchange 2013 CAS and that will deal with proxying requests to the legacy servers.

One less appealing fact was highlighted – OWA redirecting to 2007 via a 2013 CAS will prompt a second time for authentication – not ideal. This may be resolved in the released product.

An interesting discussion then broke out around the discontinuation of TMG, over 75% of delegates in the room raised their hands when asked who used TMG with Exchange currently. The Microsoft line is “you have options”, stick with TMG, use UAG, have no Reverse Proxy. The current Exchange 2010 rules in TMG will need slight modifications to support 2013.

 

Oh, and I got to play with the 87″ touch screen in the exhibition hall – I need one of those!

Final day tomorrow and the trip home, watch this space for my updates

 

MEC Day One Breakouts

Just a quick overview of my findings from yesterdays breakout sessions before I start day two.

Managed Availability

This session gave an overview of this great sounding new feature in Exchange 2013. As mentioned in the Keynotes, this has come from the Office 365 support team who need to monitor & maintain all the servers but don’t like getting a call at 2am just to restart a service!

The focus of this service is End User SLA, which as we all know is what really matters in the real world.

The expertise has come from System Centre and Exchange teams so the added benefit is better focused reporting in SCOM.

The whole concept is to monitor the service and react appropriately if something goes wrong, as an example:-

An OWA user experiences a crash, the system will initially perform a reset of the IIS APP Pool, this could resolve the problem. If the problem occurs again, or is not resolved then the next step might be to perform a failover to another server (User focus remember) this should resolve the problem for the user. The Server Admin will now be alerted but only has to resolve a problem on a passive server, not a live one, and once resolved the service will become available again on all servers.

Sounds good – can’t wait to try it out!

Security & Protection

This session highlighted the security features added to Exchange 2013.

Some stats to start, 30% of Exchange servers have no AV installed (better in some countries than others). More than 90% of mail is spam, only 5% is important.

Following the recent announcement that Forefront for Exchange will be discontinued, a “Basic” anti-malware engine will ship with Exchange 2013. This is based on the same engine as SCEP & Security Essentials.

It is recommended to use an external product such as Exchange Online Protection (I’m personally a big fan of Mimecast or Websense). By using EOP you would be able to get consistent protection & reporting for hybrid environments.

The new engine is built into the transport service so can be configured using transport rules.

The other Security feature was DLP. This is becoming very important and the feature looked pretty good.

A number of standard templates are included (e.g. Credit card numbers, social security, etc) to allow you to create protection rules.

These rules are displayed to Outlook users by “Policy Tips”, just like mail-tips, to explain to the user that they cannot send this content, with a possible override if permitted on that particular rule (all overrides are logged).

Once again, something to look at and test.

Exchange Hybrid Deployments

This final session of the day covered an area that I feel will be more & more significant in the coming months, so I was surprised that the room was fairly empty.

A quick overview of the possible migration options from on-premise to Office 365 was given:-

  • IMAP
  • Cutover
  • Staged
  • Hybrid

Key takeaway here is that Exchange 2010 is not supported for Staged migration.

The appeal on the Hybrid environment is that the two worlds are synchronised to the point that mailbox migrations work just like on premise – a migrated user will just have to restart Outlook to connect to the new service (as long as the environment has been correctly configured)

When using Exchange 2013 for Hybrid deployments, the oldest on-premise server you can have is Exchange 2007 and the Office 365 service must be the new wave 15.

Exchange 2010 will need Service Pack 3 installed to co-exist – this will be released early next year (I assume to tie in with the 2013 launch).

The Hybrid configuration Wizard has been greatly improved to make the deployment simpler, but I get the impression that it still relies on having a number of prerequisites in-place before you begin.

 

So a good day yesterday, now to go and grab some breakfast and see what today has to offer….

 

MEC

As those of you who follow me on Twitter will have realised, I am in Orlando this week to attend the Microsoft Exchange Conference for my employer – EACS Ltd.

This used to be a yearly conference until 10 years ago when it was discontinued, but now it’s back and with a new Exchange product just around the corner it seemed to be a good time get maximum value from the event.

I arrived last night after dealing with 45 minute delays on the M25 getting to Gatwick (fortunately I had given myself plenty of time for just such a problem) and a 9 hour flight – with a 15 minute wait for a stubborn alligator to move off the taxiway before we could get to the terminal at Orlando!

I have today been down to the conference centre (all part of the hotel I am staying in) and registered to receive the obligatory bag & goodies

Although I have spotted and talked to a number of other delegates (yes – geeks are easy to spot, especially when wearing their badges already!!), tonight is the first Networking event where all the delegates get the opportunity to meet and have a look around the exhibition hall for the first time, then tomorrow the sessions start in anger with a full agenda all day kicked off by two keynote sessions.

Watch this space (and my Twitter feed) for updates on what is announced and information I learn….