I attended the session entitled: “General Session: Exchange Server Today and Tomorrow”. Most of the presentation covered what was called the 9 most frequently asked questions. I know that I don't get asked these questions that much, but that may explain why this session was a level 200 session. There was some good content so I will share...
9. How do I know that I can trust Exchange 2003?
8. How can I better manage my infrastructure?
Service Pack 1:
Separate SP1 Downloads:
Demo of RSG WizardAllows you to merge data or copy data. Copying the data will create a folder with the name “Recovered Data (Date)“ that allows the end user to pull the items that were accidentally deleted. Merge would be useful in a Dial-tone restore scenario.
7. How can I effectively fight Junk email and Viruses with Exchange?
Exchange 2003 VSAPI 2.1 Protocol Level Spam filtering
IMF Server side Based on SmartScreen Technology Examines and applies SCL (spam confidence level) rating Works with 3rd Party Solutions
Edge Services (2005) Email protection security at boundary of network Extensible PlatformCaller ID advertises in small XML blob in DNS and interprets if the sender is a legitimate address.
DEMO of IMF:To set up IMF got to Global Settings in ESM / Message delivery propertiesThere you will see the IMF tab. Here you set two places for SCL to be filtered. One is at the server level to archive messages, the other is at what level to put message in the Junk Mail folder on the client. At the server level on the gateway you will see a folder in the file system called “UCE Archive” where you can view the archived spam if you choose to archive it. On the client level, if legitimate mail gets put in the Junk Mail folder, you can add the sender as a Contact or safe users list.IMF is now available for all customers. This was initially going to be available to Software Assurance customers only, but hey its security right? All of us need this.
6. Best way to deploy Exchange 2003?
5. Does Active Directory add any value?
Top benefits according to customers: Centralized, streamlined network management Tighter user account security and single sign-on Centralized directory and Exchange integration
Overall 94% of customers are satisfied with ADK2 Sports reduced IT teams' workload by 50% with implementation of AD.
4. How do I provide Cost effective communications and collaboration?
Exchange 2003 is part of the Windows Server System, which means that it is “Trustworthy, Familiar, Cost-effective.“
DEMO - Integration between Exchange and other serversWhen you add new recipients to messages in Outlook you get smart-tags that pull information from various sources like AD, Free/busy, etc.When you insert a document you have the option to insert it as a shared attachment on a SharePoint Server instead.When you create a meeting request you can also create a meeting workspace on SharePoint Server as well.Search capability SPS can search Public Folders.
3. I'm a Lotus Customer: Should I consider Exchange?
Exchange has the best Outlook server and Office integrationExchange easier to administrate and has a lower TCO than Notes/DominoBest Application integration with Windows ServerPartners offer broad range of solutions on Windows Server SystemSP1 has R6 Connector and Notes App Analyzer
2. Who else is deploying Exchange 2003
Wragge and Company SiemensRen Ci HospitalHyundai and KiaPacific Life Insurance
Top reasons:
1. Future Exchange Expectations?
Coming in 2005 Best practices analysis tools for ExchangeEdge Services
FutureEnhanced calendaringEmail lifecycle managementEnhanced mobilityEnhanced security and anti-spamImproved TCO and manageabilityLonghorn server support64-bitWSS Common engineering criteriaWeb Services and Web Parts
There are three areas that Microsoft is focusing on in their fight against Spam.
More Detail…
Proof: CSRI RoadmapHow will we distinguish legitimate high volume senders from spammers? Caller-ID fights domain spoofing and allows all domains to protect their domain from being used by spammers trying to spoof using their address. As long as they add their outgoing email server in their external DNS they will fine as long as the receiving email servers have Caller-ID.
How will we distinguish legitimate low volume senders from spammers? We could use computational puzzles. This would make a sender that hasn't sent mail to the domain first verify that they are truly a real person by answering a question first (perhaps by reading the text from a picture and replying with it). If they answered correctly they could be trusted. Also, over time, spam filters will become more effective. The end result will be that spam would no longer be as profitable.
Proof: Caller-IDSenders publish IP addresses for outbound email servers in DNS in an email policy document that is stored as a TXT record. Receivers of email then can determine purported responsible domain of each message by doing a query against the DNS servers for the email policy document of the purported domain and perform domain spoofing test. If it passes, it can let the email through.
So what would you get if you were to try to spoof an email using a microsoft.com domain against an Exchange Edge Server? This nifty error:550 Originating IP <> is not registered in the email policy document of sender domain microsoft.com
How do you publish a Caller-ID?Create an _ep TXT record in the following XML format:
<ep.xmlns=http://ms.net/1> <out> <m> <a>IP Address of outgoing servers</a> </m> </out></ep>
How do you query from this using NSLOOKUP? Microsoft and Hotmail have already published their outgoing server, so lets look at microsoft.com. Here is the output from a command prompt.
C:\>NSLOOKUP> set q=txt> _ep.microsoft.comNon-authoritative answer:_ep.microsoft.com text =
"<ep xmlns='http://ms.net/1' testing='true'><out><m>" "<mx/><a>213.199.128.160</a><a>213.199.128.145</a><a>207.46.71.29</a><a>194.121.59.20</a><a>157.60.216.10</a><a>131.107.3.116</a><a>131.107.3.117</a><a>131.107.3.100</a>" "</m></out></ep>"Cool, yeah?
Protect: Message TaxonomyWe can keep messages from coming to us by looking at the IP address that it comes from. Using Global allow and deny lists in Exchange 2003 you can currently manually configure this. Also you can use DNS Block lists if you like.
We can keep messages from coming to us by blocking the specific sender's email address. We can filter messages sent from particular email addresses or domains. Also, if you know that external email will not com from users in your own domain you can at least prevent internal spoofing.
We can filter the recipients of messages as well. We should block messages to non-existent recipients or specific email recipients like internal Distribution Lists.Did you know that 54% of mail sent to Microsoft is sent to people that don't exist? Can you imagine what would happen if we sent NDRs back for each of these? Since many of these messages are not legitimate mail we would then get NDRs from the NDRs that we sent even adding more to our email load.
Detect: Anti-Spam (AS) infrastructureMicrosoft's Edge Services will support partner integration. We will expose message properties for authenticated and allowed connections and add per message a Sender Confidence Level rating (SCL) tag. The details for developers on how to do this is already documented in the Exchange SDK. Find more information at the following links: http://msdn.microsoft.com/exchange http://msdn.microsoft.com/library/en-us/e2k3/e2k3/ast_anti_spam.asp
Detect: Exchange Intelligent Message Filter (IMF)This is included in Exchange 2003 with the release of SP1. It is based on SmartScreen Technology developed by Microsoft Research. It is an extension only on Exchange 2003 and will not be on Exchange 2000. It can coexist with 3rd part solutions. Administration is dome from the Exchange System Manager console
Detect: Outlook 2003 enhancementsThis allows user specified safe and blocked senders lists. If you receive email that is placed in your Junk E-mail folder because of an SCL that was assigned to the message, you can prevent this from happening in the future by adding the user to your safe recipients list or your contacts. Wether a message is moved to the Junk E-mail folder or not is determined by the Exchange 2003 Mailbox Store based on users lists which are stored there and the SCLs that are put there by IMF or a Client filter. Outlook also blocks all external content by default (Web beacons). This is to prevent spammers from knowing that the email address is valid because it was downloaded from one of their Web servers.
Detect: Anti-Virus (AV) InfrastructureYou have two options as to where to scan in Exchange 2003. You can scan at the Transport level (VSAPI 2.5) or the Store level (VSAPI 2.5, 2.0). Exchange 2003 has backward compatibility with VSAPI 2.0, but added the ability to see additional message properties including the sender email address. Also added was more detailed error reporting.
Future: Exchange Edge ServicesThe emphasis for this product is on security, extensibility, manageability, and supportability. Core goals are to build a high quality, reliable, secure and scalable SMTP stack that is manageable and easy to deploy. The platform will be very extensible and will focus on anti-spam out of the box.
The primary implementation of the Edge servers will be SMTP. It will stand on its own. This means there will be no infrastructure requirements, Active Directory hard dependencies, domain membership requirements and no Firewall changes required. It is designed to address your important Internet scenarios of handling Internet email traffic, protection from spam e-mail, content filtering, and routing of all messages. The platform will be .NET Framework based allowing you to use Visual Studio to create agents. It can run in secure sandbox environments. It will have rich APIs that allow you to see the queue infrastructure and have full control of message properties.
Where you used to have different server handling different roles you could implement Edge services to handle all of them including: anti-spam, Internet gateways, content filtering, and routing.
New in Exchange 2003 SP1 - The ability to consolidate sites even from 5.5 to Exchange 2003!
Prerequisites:
It is also recommended that all your Public Folders be centralized already. After consolidation there is a tool called exprofre.exe that will fix your Outlook profiles. Mailbox rules will continue to work after the move. DL membership will continue to work.
Cool, huh? Makes you want to know when SP1 will be released huh? Soon... Real soon...
As part of the Coordinated Spam Reduction Initiative (CSRI), Microsoft is pushing to get introduced as a standard Caller ID for e-mail. They are not working alone on this. They are working with Amazon.com, Brightmail, and Sendmail and expect that this will be widely adopted.. Hotmail has already implemented part of this by publishing externally on their DNS servers the outgoing email servers and expect to be checking inbound email addresses by this summer. To get the details about how this will work please take a look at the following links:
Information on CSRI:http://www.microsoft.com/mscorp/twc/privacy/spam_csri.mspx
Technical details about Caller ID for e-mail:http://www.microsoft.com/mscorp/twc/privacy/spam_callerid.mspx
Internally at Microsoft, when you submit a Dr. Watson dump, they all get put into what we call buckets. This gives us the ability to see which issues are occurring the most frequently and prioritize them. During the Keynote, Steve Balmer mentioned that this capability will be available for Developers who use Visual Studio 2005. Also, we developed ways to make sure that security issues like buffer over runs are checked for in our code. We now are building those tools into Visual Studio 2005 as well. I think it is cool that Microsoft is sharing our internal tools with our customers to “help them reach their potential”.
When the top CEOs met at the CEO Summit with Microsoft, the #1 question from CEOs and their wives was: “When are you getting rid of Spam?” First of all, this shows that a lot of people depend on Microsoft to resolve issues that are not even caused by us, but because of our huge market share and impact, we must try to help. Second, it shows that the word is getting out that we are making efforts to reduce, if not eliminate, Spam. We are doing this on 3 fronts:
Tune in tomorrow for more news about the future direction of Exchange.
OK, so we released the news that SP1 is available for download a few hours sooner than I thought we would. You can download it now.
The release notes are probably the first place you should start to find out what is in it:http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/sp1rn.mspx
The ability to rename Domains is now supported with Exchange 2003.
Those of you looking for the exprofre.exe tool will need to download the Exchange Profile Update Tool at the following link:http://www.microsoft.com/downloads/details.aspx?FamilyId=56F45AC3-448F-4CCC-9BD5-B6B52C13B29C&displaylang=en
Gotta attend the first session of Tuesday here at Tech-Ed, where we are announcing the release of Exchange 2003 SP1 (again), so I'll post some more information later.
Introduced today was the Best Practices Analyzer for SQL Server. This is interesting to Exchange Admins because next is the Best Practices Analyzer for Exchange 2003. This tool swill take a look at your environment and make recommendations based on what it finds. Also, if there is a configuration that is wrong in Windows that affects Exchange, we will let you know.
There was a demo of ISA server which had a wizard for setting up RPC/HTTPS for Outlook 2003. Also they set up a Virtual pipe between sites instead of using leased lines. Microsoft saved 3 Million dollars by do this recently.
Exchange 2003 allowed us to reduce our servers from 114 mailbox server to 38.
We are making it so that you have a single way to deploy patches across all Microsoft applications. So soon you can update your Exchange servers and all Microsoft products the same way you update Windows automatically.
At least 66% of all e-mail is spam. The Exchange Intelligent Message Filter released free today and allows you to move the filters from the client to the server. This blocks around 90% of all spam. Spoofing would allow mail to go into the in-box instead of the junk mail. There is nothing in normal SMTP specs that prevents spoofing. Caller-ID allows you to check the IP address of the sending server and prevent the mail to even get into the server if the server is not the correctly published outgoing email server for the domain of the spoofed address. This will be in the Exchange Edge Services.
The demo showed that spoofed email wouldn't even get through. The external mail servers for a domain will be published as a XML blob in DNS.
SMS 2003 = Ability to download all the updates and target just the machines that need that update.MOM 2005 console is new and servers will provide an alert if there are problems. If the problem occurs the client will try to tell you why it occurred.
Future updates can be rolled back by using the /u parameter.
Free for all Tech-Ed 2004 Attendees:SMS 2003MOM 2005 ExpressServices for Unix
How to get information workers to use Extranet sites - SharePoint Services allows you to self-provision these. With WSS you can manage how much space can be used for each self-provisioned site. You can also manage sites that haven't been used for a while and remove them after contacting owners.
Active Directory Federation Services allows you to exchange public keys with other organizations and add them to your AD and then collaborate using SharePoint.
Email and Information on any device. Device management Feature Pack prevents rogue devices on your network. We can push the configuration of Outlook so that users can use RPPC/HTTP through policies.
In the future if an external client gets a link to something in the Intranet administrators could securely provision access to those locations in the Extranet. This allows you to not only share email but Terminal services and file shares without creating a VPN access - ANYWHERE Access
DSI - Dynamic Systems Initiative - Windows Systems Center ("Indy").Allows you to model rollouts based on industries. This demo showed the Exchange wizard. First you fill in the information or get it from MOM and SMS. Then it will tell you what is the recommended topology. Then it will simulate the performance to see if we are in range. It will even simulate latency reports for users. It can tell you what is it going to be like to send email from one site to another under medium load. This is a glimpse of the power that will be in the DSI.
Roadmap
NOW (2004)Windows 2003 SP1Biztalk 2004HIS 2004ISA 2004MOM 2005Windows UpdateSystems Center 2005Virtual Server 2005
Yukon (2005)Windows 2003 Server Release 2Visual Studio 2005SQL 2005BiztalkHISCommerce ServerExchange Edge Services
Longhorn WaveLonghorn Stuff...