New in Exchange 2003 SP1 - The ability to consolidate sites even from 5.5 to Exchange 2003! 

Prerequisites:

• The fix from KB article 836489 must be installed on 5.5 servers. 
• Target server must be Exchange 2003 SP1
• All ADCs must be running Exchange 2003 SP1 code.
• Must be 2-way CA to each site.

It is also recommended that all your Public Folders be centralized already.  After consolidation there is a tool called exprofre.exe that will fix your Outlook profiles.  Mailbox rules will continue to work after the move.  DL membership will continue to work.

Cool, huh?  Makes you want to know when SP1 will be released huh?  Soon...  Real soon...

Introduced today was the Best Practices Analyzer for SQL Server.  This is interesting to Exchange Admins because next is the Best Practices Analyzer for Exchange 2003.  This tool swill take a look at your environment and make recommendations based on what it finds.  Also, if there is a configuration that is wrong in Windows that affects Exchange, we will let you know.

There was a demo of ISA server which had a wizard for setting up RPC/HTTPS for Outlook 2003.  Also they set up a Virtual pipe between sites instead of using leased lines.  Microsoft saved 3 Million dollars by do this recently.

Exchange 2003 allowed us to reduce our servers from 114 mailbox server to 38.

We are making it so that you have a single way to deploy patches across all Microsoft applications.  So soon you can update your Exchange servers and all Microsoft products the same way you update Windows automatically.

At least 66% of all e-mail is spam.  The Exchange Intelligent Message Filter released free today and allows you to move the filters from the client to the server.  This blocks around 90% of all spam.  Spoofing would allow mail to go into the in-box instead of the junk mail.  There is nothing in normal SMTP specs that prevents spoofing.  Caller-ID allows you to check the IP address of the sending server and prevent the mail to even get into the server if the server is not the correctly published outgoing email server for the domain of the spoofed address.  This will be in the Exchange Edge Services.

The demo showed that spoofed email wouldn't even get through.  The external mail servers for a domain will be published as a XML blob in DNS.

SMS 2003 = Ability to download all the updates and target just the machines that need that update.
MOM 2005 console is new and servers will provide an alert if there are problems.  If the problem occurs the client will try to tell you why it occurred.

Future updates can be rolled back by using the /u parameter. 

Free for all Tech-Ed 2004 Attendees:
SMS 2003
MOM 2005 Express
Services for Unix

How to get information workers to use Extranet sites - SharePoint Services allows you to self-provision these.  With WSS you can manage how much space can be used for each self-provisioned site.  You can also manage sites that haven't been used for a while and remove them after contacting owners.

Active Directory Federation Services allows you to exchange public keys with other organizations and add them to your AD and then collaborate using SharePoint.

Email and Information on any device.  Device management Feature Pack prevents rogue devices on your network.  
We can push the configuration of Outlook so that users can use RPPC/HTTP through policies. 

In the future if an external client gets a link to something in the Intranet administrators could securely provision access to those locations in the Extranet.  This allows you to not only share email but Terminal services and file shares without creating a VPN access - ANYWHERE Access

DSI - Dynamic Systems Initiative - Windows Systems Center ("Indy").
Allows you to model rollouts based on industries.  This demo showed the Exchange wizard.  First you fill in the information or get it from MOM and SMS. Then it will tell you what is the recommended topology.  Then it will simulate the performance to see if we are in range.  It will even simulate latency reports for users.  It can tell you what is it going to be like to send email from one site to another under medium load. This is a glimpse of the power that will be in the DSI.

Roadmap

NOW (2004)
Windows 2003 SP1
Biztalk 2004
HIS 2004
ISA 2004
MOM 2005
Windows Update
Systems Center 2005
Virtual Server 2005

Yukon (2005)
Windows 2003 Server Release 2
Visual Studio 2005
SQL 2005
Biztalk
HIS
Commerce Server
Exchange Edge Services

Longhorn Wave
Longhorn Stuff...

I attended the session entitled: “General Session: Exchange Server Today and Tomorrow”.  Most of the presentation covered what was called the 9 most frequently asked questions.  I know that I don't get asked these questions that much, but that may explain why this session was a level 200 session.  There was some good content so I will share...

9.  How do I know that I can trust Exchange 2003?

• Exchange worked with the Windows team and Office team tightly on this product.  It shows.  Just look at how well Outlook works with RPC over HTTPS and how much OWA looks like Outlook.
• Microsoft constantly is running the newest code on their servers and updates them every week.  It is not released until it is done and ready.

8.  How can I better manage my infrastructure?

• Backup and Restore (Snapshot  and Recovery Storage Groups)
• Microsoft's internal IT has been able to restore 158 GB set of 5 databases in 2 minutes and 1 hour to play through the logs.
• System Management
• Enhanced ESM - Queues management
• Exchange Management Pack for MOM in Exchange 2003 - Used to cost $795 now free.  Exchange is the biggest MOM customer

Service Pack 1:

• In Testing got 99.975% uptime before RTM.
• Updated tools for Exchange 5.5 Cross-site mailbox mailbox moves
• RSG Wizard
• VSS can now do differential or incremental snapshots
• Easier RPC/HTTP setup and configuration

Separate SP1 Downloads:

• Outlook Exchange Profile Update tool
• OWA Web Admin tool
• Enhanced Journaling (Compliance Support)
• Management Pack Config Wizard
• Domain Rename Fix-up (XDR-Fix-up)

Demo of RSG Wizard
Allows you to merge data or copy data.  Copying the data will create a folder with the name “Recovered Data (Date)“ that allows the end user to pull the items that were accidentally deleted.  Merge would be useful in a Dial-tone restore scenario.

7.  How can I effectively fight Junk email and Viruses with Exchange?

Exchange 2003  
 VSAPI 2.1
 Protocol Level Spam filtering

IMF
 Server side
 Based on SmartScreen Technology
 Examines and applies SCL (spam confidence level) rating
 Works with 3rd Party Solutions

Edge Services (2005)
 Email protection security at boundary of network
 Extensible Platform
Caller ID advertises in small XML blob in DNS and interprets if the sender is a legitimate address.

DEMO of IMF:
To set up IMF got to Global Settings in ESM / Message delivery properties
There you will see the IMF tab.  Here you set two places for SCL to be filtered.  One is at the server level to archive messages, the other is at what level to put message in the Junk Mail folder on the client.  At the server level on the gateway you will see a folder in the file system called “UCE Archive” where you can view the archived spam if you choose to archive it.  On the client level, if legitimate mail gets put in the Junk Mail folder, you can add the sender as a Contact or safe users list.
IMF is now available for all customers.  This was initially going to be available to Software Assurance customers only, but hey its security right?  All of us need this.

6.  Best way to deploy Exchange 2003?

• Prepare well
• Download documentation
• Evaluate possible partners
• Do technical review to assess infrastructure impact
• Design AD together with Exchange and plan deployment
• Test migration scenario
• Deploy Correctly
• Deploy AD
• Upgrade to SP3 and SP1 (then move mailboxes)
• Upgrade Supporting infrastructure and incorporate new technologies

5.  Does Active Directory add any value?

Top benefits according to customers:
   Centralized, streamlined network management
   Tighter user account security and single sign-on
   Centralized directory and Exchange integration

Overall 94% of customers are satisfied with AD

K2 Sports reduced IT teams' workload by 50% with implementation of AD.

4.  How do I provide Cost effective communications and collaboration?

Exchange 2003 is part of the Windows Server System, which means that it is “Trustworthy, Familiar, Cost-effective.“

DEMO - Integration between Exchange and other servers
When you add new recipients to messages in Outlook you get smart-tags that pull information from various sources like AD, Free/busy, etc.
When you insert a document you have the option to insert it as a shared attachment on a SharePoint Server instead.
When you create a meeting request you can also create a meeting workspace on SharePoint Server as well.
Search capability SPS can search Public Folders.

3.  I'm a Lotus Customer: Should I consider Exchange?

Exchange has the best Outlook server and Office integration
Exchange easier to administrate and has a lower TCO than Notes/Domino
Best Application integration with Windows Server
Partners offer broad range of solutions on Windows Server System
SP1 has R6 Connector and Notes App Analyzer

2.  Who else is deploying Exchange 2003

Wragge and Company
Siemens
Ren Ci Hospital
Hyundai and Kia
Pacific Life Insurance

Top reasons:

• Remote Access
• OWA
• Site server consolidation
• Windows Server System ("better together")
• Active Directory
• System Stability

1.  Future Exchange Expectations?

Coming in 2005
Best practices analysis tools for Exchange
Edge Services

Future
Enhanced calendaring
Email lifecycle management
Enhanced mobility
Enhanced security and anti-spam
Improved TCO and manageability
Longhorn server support
64-bit
WSS Common engineering criteria
Web Services and Web Parts

Internally at Microsoft, when you submit a Dr. Watson dump, they all get put into what we call buckets.  This gives us the ability to see which issues are occurring the most frequently and prioritize them.  During the Keynote, Steve Balmer mentioned that this capability will be available for Developers who use Visual Studio 2005.  Also, we developed ways to make sure that security issues like buffer over runs are checked for in our code.  We now are building those tools into Visual Studio 2005 as well.  I think it is cool that Microsoft is sharing our internal tools with our customers to “help them reach their potential”.

When the top CEOs met at the CEO Summit with Microsoft, the #1 question from CEOs and their wives was:  “When are you getting rid of Spam?”  First of all, this shows that a lot of people depend on Microsoft to resolve issues that are not even caused by us, but because of our huge market share and impact, we must try to help.  Second, it shows that the word is getting out that we are making efforts to reduce, if not eliminate, Spam.  We are doing this on 3 fronts:

• Protection Filters - SmartScreen, filtering at the network edge, the server, and the desktop with ongoing updates.
• Prevention Agents - Attack detection, sender reputation, and zombie viruses.
• Prove Identity and Purpose - Caller ID, computational cycles, certificates, and trusted safe lists.

Tune in tomorrow for more news about the future direction of Exchange.

OK, so we released the news that SP1 is available for download a few hours sooner than I thought we would.  You can download it now.

The release notes are probably the first place you should start to find out what is in it:
http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/sp1rn.mspx

The ability to rename Domains is now supported with Exchange 2003.

Those of you looking for the exprofre.exe tool will need to download the Exchange Profile Update Tool at the following link:
http://www.microsoft.com/downloads/details.aspx?FamilyId=56F45AC3-448F-4CCC-9BD5-B6B52C13B29C&displaylang=en

Gotta attend the first session of Tuesday here at Tech-Ed, where we are announcing the release of Exchange 2003 SP1 (again), so I'll post some more information later.

As part of the Coordinated Spam Reduction Initiative (CSRI), Microsoft is pushing to get introduced as a standard Caller ID for e-mail.  They are not working alone on this.  They are working with Amazon.com, Brightmail, and Sendmail and expect that this will be widely adopted..  Hotmail has already implemented part of this by publishing externally on their DNS servers the outgoing email servers and expect to be checking inbound email addresses by this summer.  To get the details about how this will work please take a look at the following links:

Information on CSRI:
http://www.microsoft.com/mscorp/twc/privacy/spam_csri.mspx

Technical details about Caller ID for e-mail:
http://www.microsoft.com/mscorp/twc/privacy/spam_callerid.mspx

 

Well, I made it to San Diego for Tech-Ed 2004.  I got a chance to look some slides for the roadmap for the future of Exchange, and some of the announcements that will be made here.  It is all great news.  As soon as the announcements are made public, I'll post them up here for you guys that didn't get to come.  Those of you that are here, let me know if you would like to hook up for lunch or breakfast some time.

There are three areas that Microsoft is focusing on in their fight against Spam. 

1. Proof of Identity and Evidence - This will be done with the Coordinated Spam Reduction Initiative (CSRI) using Caller-ID and Computational Puzzles.
2. Protect against unwanted email - This can be done with some of the Exchange 2003 anti-spam enhancements, and also being proactive and preventing the spam from reaching the internal network using Edge Services.
3. Detect unwanted email -  This is done using IMF with SmartScreen technology, 3rd party AV integration, and the Outlook 2003 anti-spam solutions on the client.

More Detail…

Proof: CSRI Roadmap
How will we distinguish legitimate high volume senders from spammers?  Caller-ID fights domain spoofing and allows all domains to protect their domain from being used by spammers trying to spoof using their address.  As long as they add their outgoing email server in their external DNS they will fine as long as the receiving email servers have Caller-ID.

How will we distinguish legitimate low volume senders from spammers?  We could use computational puzzles.  This would make a sender that hasn't sent mail to the domain first verify that they are truly a real person by answering a question first (perhaps by reading the text from a picture and replying with it).  If they answered correctly they could be trusted.  Also, over time, spam filters will become more effective.  The end result will be that spam would no longer be as profitable.

Proof: Caller-ID
Senders publish IP addresses for outbound email servers in DNS in an email policy document that is stored as a TXT record.  Receivers of email then can determine purported responsible domain of each message by doing a query against the DNS servers for the email policy document of the purported domain and perform domain spoofing test.  If it passes, it can let the email through.

So what would you get if you were to try to spoof an email using a microsoft.com domain against an Exchange Edge Server?  This nifty error:
550 Originating IP <> is not registered in the email policy document of sender domain microsoft.com

How do you publish a Caller-ID?
Create an _ep TXT record in the following XML format:

<ep.xmlns=http://ms.net/1>
 <out>
   <m>
     <a>IP Address of outgoing servers</a>
   </m>
 </out>
</ep>

How do you query from this using NSLOOKUP?  Microsoft and Hotmail have already published their outgoing server, so lets look at microsoft.com.  Here is the output from a command prompt.

C:\>NSLOOKUP
> set q=txt
> _ep.microsoft.com

Non-authoritative answer:
_ep.microsoft.com       text =

        "<ep xmlns='http://ms.net/1' testing='true'><out><m>"
        "<mx/><a>213.199.128.160</a><a>213.199.128.145</a><a>207.46.71.29</a><a>
194.121.59.20</a><a>157.60.216.10</a><a>131.107.3.116</a><a>131.107.3.117</a><a>
131.107.3.100</a>"
        "</m></out></ep>"

Cool, yeah?

Protect: Message Taxonomy
We can keep messages from coming to us by looking at the IP address that it comes from.  Using Global allow and deny lists in Exchange 2003 you can currently manually configure this.  Also you can use DNS Block lists if you like.

We can keep messages from coming to us by blocking the specific sender's email address.  We can filter messages sent from particular email addresses or domains.  Also, if you know that external email will not com from users in your own domain you can at least prevent internal spoofing.

We can filter the recipients of messages as well.  We should block messages to non-existent recipients or specific email recipients like internal Distribution Lists.
Did you know that 54% of mail sent to Microsoft is sent to people that don't exist?  Can you imagine what would happen if we sent NDRs back for each of these?  Since many of these messages are not legitimate mail we would then get NDRs from the NDRs that we sent even adding more to our email load.

Detect: Anti-Spam (AS) infrastructure
Microsoft's Edge Services will support partner integration.  We will expose message properties for authenticated and allowed connections and add per message a Sender Confidence Level rating (SCL) tag.  The details for developers on how to do this is already documented in the Exchange SDK.  Find more information at the following links:
 http://msdn.microsoft.com/exchange
 http://msdn.microsoft.com/library/en-us/e2k3/e2k3/ast_anti_spam.asp

Detect: Exchange Intelligent Message Filter (IMF)
This is included in Exchange 2003 with the release of SP1.  It is based on SmartScreen Technology developed by Microsoft Research.  It is an extension only on Exchange 2003 and will not be on Exchange 2000.  It can coexist with 3^rd part solutions.  Administration is dome from the Exchange System Manager console

Detect: Outlook 2003 enhancements
This allows user specified safe and blocked senders lists.  If you receive email that is placed in your Junk E-mail folder because of an SCL that was assigned to the message, you can prevent this from happening in the future by adding the user to your safe recipients list or your contacts.  Wether a message is moved to the Junk E-mail folder or not is determined by the Exchange 2003 Mailbox Store based on users lists which are stored there and the SCLs that are put there by IMF or a Client filter.  Outlook also blocks all external content by default (Web beacons).  This is to prevent spammers from knowing that the email address is valid because it was downloaded from one of their Web servers.

Detect: Anti-Virus (AV) Infrastructure
You have two options as to where to scan in Exchange 2003.  You can scan at the Transport level (VSAPI 2.5) or the Store level (VSAPI 2.5, 2.0).  Exchange 2003 has backward compatibility with VSAPI 2.0, but added the ability to see additional message properties including the sender email address.  Also added was more detailed error reporting.

Future: Exchange Edge Services
The emphasis for this product is on security, extensibility, manageability, and supportability.  Core goals are to build a high quality, reliable, secure and scalable SMTP stack that is manageable and easy to deploy.  The platform will be very extensible and will focus on anti-spam out of the box.

The primary implementation of the Edge servers will be SMTP.  It will stand on its own.  This means there will be no infrastructure requirements, Active Directory hard dependencies, domain membership requirements and no Firewall changes required.  It is designed to address your important Internet scenarios of handling Internet email traffic, protection from spam e-mail, content filtering, and routing of all messages.  The platform will be .NET Framework based allowing you to use Visual Studio to create agents.  It can run in secure sandbox environments.  It will have rich APIs that allow you to see the queue infrastructure and have full control of message properties.

Where you used to have different server handling different roles you could implement Edge services to handle all of them including: anti-spam, Internet gateways, content filtering, and routing.