We have a green light to talk about some of the upcoming Exchange 2010 features in more depth now. Greg did an OWA post and this one is about UM.
Has the UM architecture changed?
No, it is the same. As you see above, the architecture for Exchange 2010 UM is the same as Exchange 2007 UM. You have your UM role connecting to either directly via SIP to the PBX or via a SIP gateway.
What’s new in UM administration?
With the new Role Based Access Control (RBAC) there are new UM roles:
−Administer any and all UM functionality
−Administer any and all UM functionality
−UM Recipient Administrator
−Provision UM mailbox, PIN reset, clear lockout
−Provision UM mailbox, PIN reset, clear lockout
−UM Prompt Administrator
−Update Dial Plan and/or Auto Attendant prompts
−Update Dial Plan and/or Auto Attendant prompts
You can also create any type of custom UM admin role that might be needed.
Any new voicemail codec support?
Yes, we now have MP3 support. This is good news for schools with lots of iPhones and Blackberries.
Do you have Personal auto attendant capabilities?
Yes, you can have find me and custom attendants. You can also setup conditional rules such as if I am set to Out of Office play this set of menus, if I am at Work play this set, etc.
What about my red lamp or Message Waiting Indicator (MWI)?
Yes, we now have MWI native within Exchange 2010.
You can also do SMS notification when a voicemail arrives.
In Exchange 2007, many education customers who deployed UM at first thought the red lamp was critical to deployment but after initial pilots it was noted that the majority of folks check their inbox well before they check their phone. That being said, it is nice for your die hard phone end users you can provide them MWI out of the box now.
Do you have Voice to text transcription?
Yes, Exchange 2010 now has the ability to transcribe an audio voicemail into text as part of the body of the voicemail now. It is slated to be around 75% accurate for English.
You may say that doesn’t sound very valuable but I really like this feature for two reasons:
1) You can preview voicemails while in a meeting
2) You can preview the voicemail on your phone when in a noisy location
What are some other UM enhancements I should know about?
The ability to play the VM right from your Windows Mobile client without having to download the voicemail attachment, double click it, etc.
What about hosted Voicemail in the cloud?
Yes, Exchange 2010 will support hosted UM in the cloud. If the decision is to move your faculty and staff to BPOS/Exchange Online you can also get voicemail in the cloud.
Stay tuned. We will have several more blog posts on other Exchange 2010 features this month.
Some great new changes coming with Exchange 2010 Active Sync.
We have many more partners beyond Windows Mobile that have licensed the ActiveSync protocol for syncing email to your mobile device. Here are just a few:
What has changed for the Exchange 2010 architecture?
ActiveSync has same connectivity flow as Exchange 2007.
What are some new Exchange Server 2010 ActiveSync features?
Block/Allow/Quarantine list You can setup a single list to block/allow mobile devices as needed. You can also quarantine devices such as new untested devices, etc.
You can setup a single list to block/allow mobile devices as needed. You can also quarantine devices such as new untested devices, etc.
Over the Air Update Mode You can now push new Outlook Mobile updates/new versions to Windows Mobile 6.1 and above. This is really nice since you no longer have to wait for a new Windows Mobile OS version to obtain a new version of Outlook Mobile.
Over the Air Update Mode
You can now push new Outlook Mobile updates/new versions to Windows Mobile 6.1 and above. This is really nice since you no longer have to wait for a new Windows Mobile OS version to obtain a new version of Outlook Mobile.
SMS Sync The ability to send SMS text messages through Exchange and EAS is used to sync SMS message with user’s mobile device. Benefits of SMS sync: •User can use OWA, Outlook, and Outlook Mobile to respond •SMS messages are backed up on the server •Recipients can respond to messages •User can switch “screens” while still seeing all their messages
The ability to send SMS text messages through Exchange and EAS is used to sync SMS message with user’s mobile device.
Benefits of SMS sync:
•User can use OWA, Outlook, and Outlook Mobile to respond
•SMS messages are backed up on the server
•Recipients can respond to messages
•User can switch “screens” while still seeing all their messages
IMAP/POP3 service discovery You can now autodiscover/autoconfigure the IMAP/POP3 settings from your mobile device by just specifying your email address.
IMAP/POP3 service discovery
You can now autodiscover/autoconfigure the IMAP/POP3 settings from your mobile device by just specifying your email address.
What are some new Outlook Mobile features?
Conversation view is invaluable. This really allows you to have a nicer mobile email experience when trying to skim through your onslaught of emails.
As you can see on the left, the new Outlook Mobile allow for threaded conversations (see highlighted conversation with 18 messages condensed). The view on the right is the current Outlook Mobile experience with the deluge of 18 additional emails in the inbox.
You can now see which emails you have replied to or forwarded.
You can now ignore threads, move always threads to folders, etc from your mobile device. Ignore thread may become quite a popular feature. :)
Very nice that your nicknames follow you now. Especially useful for external recipients you email often.
You no longer have to download the voicemail attached like before (right). You just hit play and hear the VM. The other feature that I really like is the ability to see a transcription of the voice mail in the body of the message. Very useful for meetings, noisy airports, where you can’t play the VM.
I love this feature. It is awesome since you can now at a quick glance from your phone see the Free/busy info vs. breaking out the laptop, etc.
As you can see, there are some very useful features coming to Exchange Server 2010 ActiveSync and the new Outlook Mobile.
Here is a summary of the new Exchange 2010 archiving/retention features:
What is Personal Archive?
•A secondary mailbox that is configured by the administrator
•Appears alongside a user’s primary mailbox in Outlook or Outlook Web Access.
•PSTs can be dragged and dropped to the Personal Archive
•Mail in primary mailbox can be moved automatically using Retention Policies
•Archive quota can be set separately from primary mailbox
Can I have my personal archive on a secondary server?
For the best performance (search, retrieve, copy, etc), it was determined it would be best to be on the same server.
What is the user experience in a personal archive?
Can I search both my local mailbox and personal archive at once?
Yes, you can both search all subfolders or advanced search.
What are retention policies?
Retention policies in Exchange 2010 are the ability to expire emails either in folders or at the item level.
Are there e-discovery tools available now?
Yes, with Role Based Access Control (RBAC) and this new tool you can perform a legal search across mailboxes if needed and delegate this role to compliance officers, legal, etc.
Can I search archives and current mailboxes?
Yes and you can also search different content types.
Is there any reduction in IOPS?
Yes, another huge 70% reduction in IOPS with Exchange Server 2010. This is on top of the 70% IOPS reduction from Exchange Server 2007.
What does this mean for my storage requirements?
The Exchange 2007 IOPS reduction meant you could leverage Direct Attach SAS disk storage cabinets vs. traditional SAN for Exchange 2003.
With the additional Exchange Server 2010 IOPS reduction, this means you can deploy even a lower cost storage solution such as Direct Attach with SATA disks and still maintain excellent performance.
If you begin to use some of the triple database replication copy scenarios for database high availability, you could even begin to use JBOD SATA (RAID-less) storage.
The idea behind this logic is since you are maintaining 3+ copies of your database spread over multiple JBOD SATA disks the value of using RAID disk sets adds little value or unnecessary additional performance.
Are there true cost savings with using DAS SATA or JBOD SATA?
With the samples below, you can see with a 2GB mailbox using DAS with SATA drives you can drop the server/storage capex by 38% vs. DAS with SAS drives!
Here is a sample with High availability, you can see a 75% reduction in capex vs. Exchange 2007 when using Database Access Groups (new term for Exchange 2010 high availability) with JBOD SATA storage.
Note: These are preliminary performance and cost figures, and more detailed information will be available when Exchange 2010 launches.
Today, we announce OCS 2007 R2 virtualization support for certain OCS 2007 R2 roles. This includes our own Hyper-V technology as well as other SVVP certified virtualization technologies. I know a lot of schools have been waiting for this since they want to reduce HW footprints, etc.
What OCS R2 functionality is supported on a virtual server?
· IM (including remote access, federation, and Public IM Connectivity)
· Group Chat
What R2 roles are supported and not supported as a virtual server/guest?
Here is a matrix which lays it out nicely:
Why are some roles not supported as a virtual guest?
Virtualization of the other OCS voice, video, LiveMeeting, desktop sharing roles are not supported because of possible quality issues with real-time media.
What are the virtualization requirements?
Sample Hyper-V OCS R2 configuration showing FE, Group Chat and Edge as virtual guests:
The sample Hyper-V architecture above was stress tested to support 40,000 IM users and 10,000 Group Chat users.
For more on this, download the OCS R2 Hyper-V virtualization whitepaper here.
I was asked this from a school district in Southern California who was rolling out OCS R2 and enterprise voice for the all their faculty and staff.
The answer depends on your OCS R2 architecture and whether your access is from internal or external networks. For most schools, a single pool would apply and therefore a director would be optional depending on your external access security requirements.
Here is some information gathered from our product team to think about when considering a director:
Director traffic flow with External user access:
Director traffic flow with Internal user access:
What are the benefits of directors?
Security: In an environment with an access edge and no director, unauthenticated traffic will be sent to your production pool for authentication. The director lets you isolate that unauthenticated traffic to a server that is less critical (Director). Some schools will find this very critical even in single pool deployments. Other schools more than likely won't care.
Performance: For remote users, the director will proxy all SIP traffic. Without directors and with multiple pools, you have to pick a pool that will proxy the traffic. This could potentially have a performance impact to the users homed on that pool.
When I should I use a director server?
Environments with multiple pools and remote access: The director serves a critical role as the "next hop" inbound from the edge and proxies traffic from remote users to the appropriate pool. A director should always be used when the customer has multiple pools and remote users.
Environments with multiple pools and no remote access: The only supported solution that provides automatic configuration of Communicator involves configuring the internal DNS records to point the client to the director. Some customers will be uncomfortable requiring the use of a remote director to sign into a local pool and may prefer an unsupported solution that involves configuring DNS differently (or use manual or group policy-based configuration).
Environments with one pool and remote access: The benefit of preventing unauthenticated SIP traffic from reaching the user pool may be sufficient to justify a director.
Environments with one pool and no remote access: Even if the customer is not currently planning multiple pools, during migrations or for piloting different versions or configurations, it will be required to establish multiple pools. Start the design with no director but add it as part of the project that installs the second pool.
The director or the pool doesn't really know if the user is external or internal. All it knows is whether it is the first hop or not (based on VIA headers). The default behavior of every OCS front end (whether in a director pool or a user pool) is to redirect traffic to the correct home server if it is the first hop and proxy the traffic if it is not.
Exchange Online will be migrating to Exchange 2010 code after we RTM Exchange 2010.
Exchange 2010 in the cloud will address some limitations we currently have with Exchange 2007 Online. Frankly, there are some features of an Exchange 2007 on-premises deployment that you just can’t get in the cloud. With Exchange 2010, the full features of the server are available in the cloud as well.
Second, there will be improved coexistence between hosted and on-premises Exchange deployments. Many schools are considering a hybrid model for e-mail, where they move some e-mail services to the cloud and keep some on-premises. Recognizing this, we’ve designed Exchange 2010 on-premises deployments so that they are easy to extend to the cloud.
Third, a new level of management and control will become available for the administrator with hosted Exchange environments. New web-based management capabilities will be added, and familiar Exchange administration tools, like the Exchange Management Console and PowerShell, will be able to connect to Exchange Online for the first time.
The bottom line here is that because the capabilities of Exchange 2010 are provided as a service as well as a server, you have the freedom to choose the right deployment option for your school without sacrificing functionality. Whether you deploy Exchange Server 2010 on-premises, host your mailboxes with Exchange Online, or combine these two options in a hybrid deployment, your users get business-class messaging and collaboration tools that they need to be productive.
I mentioned that Exchange 2010 brings new features to Online for the first time. There are some Exchange Server features that are not available with today’s Exchange Online Standard offering. They range from relatively minor features, such as customizing the OWA login page, to marquee Exchange 2007 features like Transport Rules, Managed Folders, and Unified Messaging. These features light up in Exchange Online when the service is upgraded to Exchange 2010. Other features, like IMAP access, POP access, SMTP relay, mail forwarding (server-side), “send as” capabilities for shared mailboxes, journaling to on-premises archive, footers, and disclaimers, are scheduled to be implemented in the Exchange Online service even before the Exchange Server 2010 update. Naturally, these will be carried forward when the service is upgraded to Exchange 2010. Contact your sales team for details on today’s deployment of Exchange Online and features.
In addition to eliminating old feature gaps, Exchange Online adds new features from Exchange Server 2010. Because Exchange 2010 was built with services in mind, these new features available in the service right from the start. I don’t have time all the new features for users and service administrators that come in Exchange 2010, but I’ve highlighted a few of them here:
• E-Discovery capabilities across mailboxes
• MailTips to help users prevent email mistakes
• Archiving capabilities to eliminate the need for PSTs
• Transport rules that can apply RMS policies to prevent valuable or sensitive data from leaking out of the organization
One of the great things about having an online deployment, is that you get new features like this much faster and with less effort. The datacenter staff does the heavy lifting of migration and upgrade tasks, leaving you with the ability to roll out up new features that will move your business forward and delight end users. And, it allows you to focus your time and attention on academic priorities.
Here are some of the other features: Conversation view, ignore/move conversation, POP account aggregation, server-side RSS feeds, IM and presence in OWA, SMS in OWA, Firefox and Safari support for OWA premium, OWA side-by-side calendars, shared nickname cache across OWA/Outlook, federated calendar sharing, federated contact sharing, mobile free/busy status, mobile read/reply state, mobile SMS sync, over the air update for Outlook Mobile, mobile device block/allow list, UM message waiting indicator, voicemail preview, call answering rules, protected voice mail, journal decryption, Messaging Records Management 2.0, litigation hold, moderated DLs, self-service distribution groups, self-service message tracking.
In my next blog I’ll discuss management, coexistence and migration to Exchange Online in Exchange 2010.
This was a question coming from an education customer in Minnesota deploying OCS R2 Group Chat Server:
Their Group Chat client was working but the Group Chat administrator console was not. It was getting this error:
“Cannot sign in because of a problem with the chat room service….”
Server 2 received error while subscribing to peer 1, <1> <net.tcp://ocsgroupchat.campus.xxx.edu:8011/MGC/PeerService> <ChannelServer>. Details: Identity check failed for outgoing message. The expected DNS identity of the remote endpoint was 'ocsgroupchat.campus.xxx.edu' but the remote endpoint provided DNS claim 'ocscontent.xxx.edu'. If this is a legitimate remote endpoint, you can fix the problem by explicitly specifying DNS identity 'ocscontent.xxx.edu' as the Identity property of EndpointAddress when creating channel proxy.
Here are some support steps I found to check on your Group Chat Server installation that can relate to this error:
1. Verify the certificate assigned to the group chat server it should have both Server and Client Authentication. If you have only server authentication, sign in to admin console will fail with above error.
2. Above service accounts must be part of RTCUniversalServerAdmins group and also Administrators group of the group chat server. Also add the user name (admin account) with which you are going to sign in to group chat.
3. Enable the admin account along with the above five service accounts for SIP communication on OCS 2007 server R2. Configure them for Federation,PIC,Remote User Access and Enhanced presence.
4. From SQL server management studio ->Security->Logins, Make sure all the above service accounts and admin account, are there. Then here Login properties, General-> default database for each of the account should be "GCDB", Under user mapping->check db_owner for all the service accounts.
5. Under GC admin sign in console->Edit Accounts Settings->Automatic Configuration->Uncheck "Use my Windows credentials to log in automatically" , then under Office communications Server leave Host "blank", select encrypted radio button, under Group Chat Server Settings leave Use default server address box unchecked and server address as "OCSchat service account uri"
6. C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys re-add the Lookup Service account and the Channel Service account and give them full control to this folder and re-apply full control to all the files in it and try to restart the services.
In their case, Step 6 resolved the Group Chat Admin Console error above.
For more on what is OCS R2 Group Chat Server read my other post here.
Great Post Mark. The changes for Exchange 2010 keep coming. It’s great to see the maturity of product!!!
Today I’d like to update everyone on HA options in Exchange 2010. In Exchange 2007 we introduced CCR, LCR, SCC, and SCR (in SP1). So what is new and improved?
Improved Mailbox Uptime
CCR & SCR have been evolved into a unified solution and failover is now at the database level rather than the server level and is significantly faster will improve SLA’s. We increased the number of replicated copies from which can be configured. We now support 16 replicas.
Spending less time managing and deploying the solution, also improves uptime for users -- Exchange managing the failover process, allowing you to deploy the solution in an incremental fashion and making it as easy to stretch the solution across datacenter in different sites. These changes will help reduce the operational costs of deploying and managing the solution.
By improving the performance of Exchange, we are able to provide more storage options which provides more flexibility to users (RAID-less, JBOD). These IO performance reductions mean that users are able to take advantage of larger low-cost disks and when combining that with the high availability features can consider some new deployment scenarios around RAID-less disk configurations. The net result is a reduction in storage costs while being able to provide users with larger mailboxes.
End to End Availability
Beyond the mailbox databases themselves the bigger issue of end-to-end availability has been enhanced by reducing the number of messages which can be lost while being sent between transport servers and enabling users to stay online when their mailbox is being moved.
Here is Don McLovin’s new Exchange 2010 environment at Contoso University. Tomas is the lead Exchange and Active Directory administrator for Contoso U. He has overall responsibility for providing messaging and communications services to all of Contoso’s employees. Don’s primary challenge is to maintain high levels of availability with a flat or shrinking budget year-over-year.
There are 5 servers in the main datacenter in Paris that host mailboxes. These mailbox servers are grouped to provide automatic failover. The group of servers is known as a Database Availability Group. Each mailbox database has 3 instances, which we’ll refer to as copies, placed on separate servers to provide redundancy. At any given time, only 1 of the 3 database copies is active and accessible to clients. This gives us database centric failover and all the failover is managed within Exchange.
The Client Access Server manages all communications between clients and databases. Outlook clients no longer connect directly to mailbox servers, as they did in previous versions of Exchange.
When a client such as Outlook connects to Exchange, it first contacts the CAS Server.
The CAS Server determines where the user’s active database is located ( in our case the user is on DB1 which is currently active on Mailbox Server 1), and forwards the request to the appropriate server.
When the client sends an e-mail , the active database is updated. Then, through log shipping , the other 2 passive copies of the database are updated.
Let’s say that a disk fails , affecting one of the databases on Mailbox Server 1. In previous versions of Exchange, the administrator would need to failover all the databases on Mailbox Server 1 to recover from this failure, or else restore the Database 1 from a tape backup. However, Exchange’s new architecture supports database-level failover, so Database 1 has automatically fails over to Mailbox Server 2 without affecting the other databases.
The Outlook client, having lost its connection to the database, automatically contacts the CAS Server to reconnect.
The CAS Server determines which mailbox server has the active copy of the users’ database. It connects the client to Mailbox Server 2.
When new mail is sent , the active database on Mailbox Server 2 is updated. The second copy of the database is also updated through log shipping. The end user is unaware that anything has happened, and McLovin can replace the failed disk drive at his leisure.
The administrator can set up to 16 copies per database to meet the Service Level Agreements for his users. For a special category of users, Tomas keeps a 4th database copy on a mail server in a geographically remote location. This server is located in a different Active Directory site, but is kept up-to-date over the Wide Area Network using the same replication technology as the other servers. (No stretching of subnets) If a hurricane, earthquake, or other catastrophe should shut down the main datacenter, this remote server can be activated and readied for client access in about 15 minutes.
Database Availability Group – often referred to as a ‘DAG’ - Set of up to 16 Mailbox servers that communicate to manage failures that affect individual databases. Any server in a DAG can host a copy of a mailbox database from any other server in the DAG.
Mailbox Servers - When a server is added to a database availability group (DAG), it works with the other servers in the DAG to provide automatic, database-level recovery from database, server, or network failures.
Mailbox Databases - Databases are ‘disconnected’ from servers and Exchange 2010 adds support for up to 16 copies of a single database. Only Mailbox databases, not Public Folder databases, can be replicated.
Database Copies - Storage groups removed, so log shipping replication now operates at the database level. transaction logs are replicated to one or more other Mailbox servers, and replayed into a copy of a mailbox database that is stored on those servers. Note that you can't replicate outside the DAG (key difference from SCR)
Active Manager - DAGs use a new component in Exchange 2010 called Active Manager, which is a process which runs on each Mailbox Server. Active Manager manages which database copies should be active and passive
Now that we’ve introduced the concept of a DAG to you Part II will dive into more details on DAG operation.
Database Availability Group (DAG)
When an administrator creates a DAG, it is initially empty, and an object is created in Active Directory that represents the DAG. The directory object is used to store relevant information about the DAG, such as server membership information. When an administrator adds the first server to a DAG, a failover cluster is automatically created for the DAG. DAGs use a subset of Windows Failover Clustering technologies, namely, the cluster heartbeat, cluster networks, and the cluster database (for storing data that changes or can change quickly such as database mount status, replication status, and last mounted location).
•File Share Witness (FSW) is configured for the cluster, but must be server outside the DAG.
•Although a Windows Failover Cluster is created, no cluster resources are created and all DAG administration is managed from Exchange. Failover management is also managed entirely within Exchange.
•Replication of database copies, and failover of those database copies, can only be with servers which are members of the same DAG.
•In Exchange 2007 database server either hosted only active or passive copies of a database. In Exchange 2010, a server within a DAG can hold both Active and passive copies of databases, so the mailbox server needs to service both of these types of databases.
•Executes Store services on active mailbox database copies.
•Executes Replication services on passive mailbox database copies.
•Active definition of health – Is Information Store capable of providing email service against it?
•Passive definition of health – Is Replication Service able to copy logs and play them into the passive copy?
•Each server can host up to 100 database copies.
Because DAGs rely on Windows Failover Clustering, they can only be created on Exchange 2010 Enterprise Edition Mailbox servers that are running Windows Server 2008 Enterprise or Windows Server 2008 Datacenter. In addition, each Mailbox server in the DAG must have at least two network interface cards in order to be supported.
A failover or switchover occurs at the database level. Since a failover now only involves a database, rather than an entire server, the failover time has been reduced from around 2 mins to 30 seconds which considerably improves the client experience.
Database names for Exchange 2010 must be unique within the Exchange organization, as these are now Organization-wide objects rather than being tied to a server. Within a DAG a database may have a copy on any server within the DAG.
When a mailbox database has been configured with one or more database copies, the full path for all database copies must be identical on all Mailbox servers that host a copy.
Mailbox Database Copy
Only one copy of a database can be active with a DAG
Continuous replication has the following basic steps: Database seeding; Log copying; Log inspection; Log replay
Exchange Server 2007 utilized SMB and notifications to get logs. Exchange Server 2010 utilizes TCP sockets and notifications to the source about which logs are required on the target.
Exchange 2010 supports options encryption and compression of the logs. These features are set at the Database Availability Group Level.
After the log files have been inspected, they are placed within the log directory so that they can be replayed in the database copy. Before the Replication service replays the log files, it performs a series of validation tests.
Once these validation checks have been completed, the Replication service will replay the log iteration.