Exchange 2016 – What can we look forward to?

With the release of Exchange Server 2016 slated for the end of the year it seemed a good time to have a look at what new capabilities it will bring over the existing Exchange 2013 product.

Clients

Let’s start with the area that everyone sees – client access.

All access is now via secure HTTPS encrypted connections, whether using the full Outlook client or the newly renamed “Outlook on the web” (formerly Outlook Web App), ensuring data is secure when in transit. While MAPI over HTTP is now the default communication protocol between Outlook and Exchange, clients that don’t support it will fall back to Outlook Anywhere (RPC over HTTP).

Outlook on the web has been enhanced to provide platform-specific experiences for phones (for both iOS & Android), including a “Premium” Android experience for phones when using Chrome on Android 4.2 or later. Search suggestions & refiners have been introduced to anticipate what the user’s looking for and refine that search with contextually-aware filters (such as date range, senders, etc).

Exchange 2016 also brings support for the Active Directory Authentication Library (ADAL) authentication model in Outlook clients on Windows, Android, and other platforms. ADAL enables functionality like two-factor authentication to help improve security of your data.

Server Architechture

With the advent of increasingly more powerful servers the primary design goal for Exchange 2016 is now for simplicity of scale, hardware utilization, and failure isolation. Therefore with Exchange 2016 the number of server roles has been reduced to two: the Mailbox and Edge Transport server roles.

The Mailbox server in Exchange 2016 includes all of the server components from the Exchange 2013 Mailbox and Client Access server roles:

  • Mailbox services include all the traditional server components found in the Exchange 2013 Mailbox server role: the Client Access protocols, Transport service, Mailbox databases, and Unified Messaging. The Mailbox server handles all activity for the active mailboxes on that server
  • Client Access services provide authentication, limited redirection, and proxy services. Client Access services don’t do any data rendering and offer all the usual client access protocols: HTTP, POP and IMAP, and SMTP

Exchange 2016 now allows you to proxy traffic from Exchange 2013 to Exchange 2016 in addition to Exchange 2016 to Exchange 2013. This new flexibility gives you more control in how you move to Exchange 2016.

The Edge Transport role, as in previous versions, is typically deployed in your perimeter network, outside your internal Active Directory forest to handle all internet-facing mail flow, and is designed to minimize the attack surface of your Exchange deployment.

Cloud and Hybrid

When you choose to configure a hybrid deployment in Exchange 2016, you’ll be prompted to download and install the wizard as a small app. The wizard will function the same as in previous versions of Exchange, with a few new benefits:

  • The wizard can be updated quickly to support changes in the Office 365 service
  • The wizard can be updated to account for issues detected when customers try to configure a hybrid deployment
  • Improved troubleshooting and diagnostics to help you resolve issues that you run into when running the wizard
  • The same wizard will be used by everyone configuring a hybrid deployment who’s running Exchange 2013 or Exchange 2016

In addition to Hybrid Configuration Wizard improvements, multi-forest hybrid deployments are being simplified with Azure Active Directory Connect (AADConnect). AADConnect introduces management agents that will make it significantly easier to synchronize multiple on-premises Active Directory forests with a single Office 365 tenant.

Hybrid deployments will support the new modern authentication model in Outlook described earlier.

Exchange ActiveSync clients will be seamlessly redirected to Office 365 when a user’s mailbox is moved to Exchange Online.

Advertisements

Exchange 2013 Improvements

As Exchange 2013 has been available since December 2012 and the 2nd Cumulative Update has just been released it seemed a good time to write an overview of what it offers over previous versions

Hybrid Cloud

The ability to use a cloud service to reduce fixed costs is becoming a key factor with any new system but for many businesses there are still many drivers to maintain some data locally “on premise”. Exchange 2013 makes this Hybrid configuration simpler to maintain than in any previous release, allowing you to host (for example) Sales teams and engineers on the Cloud, Office 365 or Exchange Online offerings whilst still maintaining the HR team and compliance staff on a Local Exchange instance but all using a shared, common domain name and address list. Administration is all performed from the same Web Based “Exchange Admin Console” (EAC) console irrespective of where the users are physically hosted.

Data Loss Prevention

Until now the ability to detect sensitive information being sent out of the business has been left to external systems inspecting e-mail sent from Exchange. Exchange 2013 has introduced the ability to create rules, using templates, that identify & control how sensitive data such as Credit card and National Insurance numbers is treated. If Outlook 2013 is being used then “Policy Tips” are used to display the rules to end users if this type of data is detected and, dependant on the rules, can allow the user to override with a  justification which is then logged for future auditing.

Public Folders

Public Folders have had a complete redesign in Exchange 2013 to take advantage of the Database Availability Group (DAG) replication model. Now based on Mailboxes, Public Folders no longer use a “Multi-Master” replication model to  remove the risk of corruption and increase availability. To the Outlook user the Public Folders still appear just as they always have.

Client Connectivity

All Outlook client connections now use RPC over HTTPS (Outlook Anywhere) irrespective of where they are initiated from, increasing security and maximising performance over slower connections. Outlook 2007, 2010 and 2013 are all supported.

Outlook Web App is supported on all modern browsers and now features an Offline mode where it can be used without any connection to the server. OWA is full optimised for use on ‘phones and Tablets as well as desktops and laptops.

High Availability

Exchange 2013 uses DAGs and mailbox database copies, along with other features such as single item recovery, retention policies, and lagged database copies, to provide high availability, site resilience, and  data protection. The high availability platform, the Exchange Information Store and the Extensible Storage Engine, have all been enhanced to provide greater availability, easier management, and to reduce costs. The Managed Availability feature monitors the system and will take action to maintain user connections if possible as well as alerting Administrators of events.

Migrations

Migration and co-existence with Exchange 2007 and 2010 are fully supported (at specific Service Pack & Update levels) and permit a low risk, phased migration onto the new platform.

 

MEC Day One Breakouts

Just a quick overview of my findings from yesterdays breakout sessions before I start day two.

Managed Availability

This session gave an overview of this great sounding new feature in Exchange 2013. As mentioned in the Keynotes, this has come from the Office 365 support team who need to monitor & maintain all the servers but don’t like getting a call at 2am just to restart a service!

The focus of this service is End User SLA, which as we all know is what really matters in the real world.

The expertise has come from System Centre and Exchange teams so the added benefit is better focused reporting in SCOM.

The whole concept is to monitor the service and react appropriately if something goes wrong, as an example:-

An OWA user experiences a crash, the system will initially perform a reset of the IIS APP Pool, this could resolve the problem. If the problem occurs again, or is not resolved then the next step might be to perform a failover to another server (User focus remember) this should resolve the problem for the user. The Server Admin will now be alerted but only has to resolve a problem on a passive server, not a live one, and once resolved the service will become available again on all servers.

Sounds good – can’t wait to try it out!

Security & Protection

This session highlighted the security features added to Exchange 2013.

Some stats to start, 30% of Exchange servers have no AV installed (better in some countries than others). More than 90% of mail is spam, only 5% is important.

Following the recent announcement that Forefront for Exchange will be discontinued, a “Basic” anti-malware engine will ship with Exchange 2013. This is based on the same engine as SCEP & Security Essentials.

It is recommended to use an external product such as Exchange Online Protection (I’m personally a big fan of Mimecast or Websense). By using EOP you would be able to get consistent protection & reporting for hybrid environments.

The new engine is built into the transport service so can be configured using transport rules.

The other Security feature was DLP. This is becoming very important and the feature looked pretty good.

A number of standard templates are included (e.g. Credit card numbers, social security, etc) to allow you to create protection rules.

These rules are displayed to Outlook users by “Policy Tips”, just like mail-tips, to explain to the user that they cannot send this content, with a possible override if permitted on that particular rule (all overrides are logged).

Once again, something to look at and test.

Exchange Hybrid Deployments

This final session of the day covered an area that I feel will be more & more significant in the coming months, so I was surprised that the room was fairly empty.

A quick overview of the possible migration options from on-premise to Office 365 was given:-

  • IMAP
  • Cutover
  • Staged
  • Hybrid

Key takeaway here is that Exchange 2010 is not supported for Staged migration.

The appeal on the Hybrid environment is that the two worlds are synchronised to the point that mailbox migrations work just like on premise – a migrated user will just have to restart Outlook to connect to the new service (as long as the environment has been correctly configured)

When using Exchange 2013 for Hybrid deployments, the oldest on-premise server you can have is Exchange 2007 and the Office 365 service must be the new wave 15.

Exchange 2010 will need Service Pack 3 installed to co-exist – this will be released early next year (I assume to tie in with the 2013 launch).

The Hybrid configuration Wizard has been greatly improved to make the deployment simpler, but I get the impression that it still relies on having a number of prerequisites in-place before you begin.

 

So a good day yesterday, now to go and grab some breakfast and see what today has to offer….

 

MEC Day One Keynotes

So, day one, a celebration of our “Exchangeness”! Apparently were all a little bit zany and think outside the box.

This innovation is what drives the Exchange team to create new technologies like ActiveSync that is now the standard for mobile device mail in a world where 1 in 7 people own a smart-phone.

To capitalise on this spirit a new community website has been launched – www.IamMec.com

One of the key themes repeated through the day is that of product feedback from the Cloud services, such as Office 365, into the on-premise server products, to make products more manageable and give a better experience to the Information Worker.

A good example of this feedback is Managed Availability – built into Exchange 2013 to deal with the majority of server failures without intervention by an operator. Other features include the Exchange Admin Console (EAC) designed to scale (Including Multi-Forest support) without adding complexity.

Hybrid co-existence between Exchange 2013 and Office 365 was also discussed, including the detail that Microsoft themselves run multiple versions of Exchange in-house, hosted and on-premise.

The new Outlook was discussed, key points being the simplified experience and integration of Apps into the interface (that will also work in OWA as the code is the same). This version of OWA is the closest in look and feel to the full Outlook client ever, it will even work offline and across all devices from PC’s to tablets & ‘phones (not just Microsoft).

Other key details mentioned in the Opening keynote were that DLP is now present in Exchange 2013 as well as “basic” AV & Anti-Spam technology.

The Technical Keynote followed with Ross Smith from the Exchange Group.

A discussion of Server Roles followed, explaining that the 5 split roles were introduced for Exchange 2007, partly as a means of working around the CPU constraints at that time. It has since become clear that the minimum 3 roles always have to be installed, maintained & upgraded together and within the local AD site as a closely coupled unit. This also has issues such as Load Balancing and too many certificate namespaces to manage.

The new split of just CAS & Mailbox roles removes these dependencies, allowing geo-splitting CAS & Mailbox roles and no constraints on upgrading individual servers. All communication is now between Protocol services and not directly to the Store Process.

All communication is now over HTTPS, RPC over TCP in no longer used. ALL client access is now via the CAS role, even Public Folders.

IOPS have been reduced again, now 99% reduced over Exchange 2003 – creating the opportunity to use cheap 7200RPM disks to allow larger mailboxes of 100GB – I think we might need more convincing about that!

Finally Public Folders – they are now stored in the Mailbox Database which means they can be protected by a DAG, but that also means they can only have one active copy, unlike in the past, so there may be a performance impact over slower links.

Overall, a lot of interesting information that will be drilled down into over the breakouts following these keynotes.

Are we all Zany? – Probably a little. Do we think outside the box? – Definitely!