Exchange Products and Features Demo
What is Exchange
Currently the most popular enterprise class mail server products
Market share of 70% (2011 data)
Microsoft Message collaboration platform in the core product
Exchange版本:exchange server 2007(2006.11.30)exchange server 2010(2009.11)exchange 2013(2012.10)
Exchange2010 new features
ONE
Five server roles
1) mailbox (email roles): mainly responsible for mail storage ---- DAG
2) (Client Access role): mainly provide an interface for users to access exchange (MAPI, HTTP, POP3, IMAP)
3) HUB (Hub Transport role): primarily responsible for the transmission of e-mail
4) Edge (Edge Transport role): receiving and sending internet messages, turn spam
5) Um (Unified Messaging role): Sending voice mail, voice response
A, exchange server installation work at least three roles (mailbox, hub, cas)
B, mailbox, hub, cas, um can be installed on a server, the edge server role and it must be installed on a separate server
C, mailbox, hub, cas, um computer must join the domain, and the edge server role must be installed on a computer in a workgroup.
D, UM role must be deployed or when voip pbx gateway
Larger database capacity
Exchange server 2007:
Standard Edition: 5 ----- 2TB database
Enterprise Edition: 50 Database ---- 2TB
Exchangeserver 2010
Standard Edition: 5 Database ---- 2TB
Enterprise Edition: 100 Database ---- 2TB
More simple and reliable high availability (DAG)]
---- ----- availability
Mailbox
Exchange server 2007----cluster
Exchange server 2007: 1) LCR (Local Continuous Replication)
2) ccr (cluster continuous replication),
3) scc (Single Copy Cluster) ---- cluster
Exchange server 2010-DAG
1)16(cluster)
2) Multi-DB, NLB
More secure access (fore front)
Forefront for exchange server
Forefront TMG-----exchange
Owa(outlook web app)
Half ------ -----
Exchange 2003、2007:outlook web access
Exchange server 2010:outlook web app
1) achieve office outlook 90% 2) Support multi-vendor browsers
More closely integrated with AD
------AD-----
AD----exchange、lync、sharepoint、system center
Automatic discovery / ADRMS / ECP
-----adrms----
For office documents (word, excel, ppt, outlook, one note, infopath), outlook authority control
1) excel ----- only sales, only to see 10 days, can not print, can not be copied.
2) outlook ---- forwarding is not allowed, not allowed to copy
Mailbox server role (mailbox)
Store user mailboxes and public folders (not recommended)
To achieve high availability for the Mailbox role by DAG
Is not responsible for mail transport
You should not be accessed directly from the internet
It must be a member of the Active Directory
It should be connected to a fast storage device, such as SAN
Client Access server role (CAS)
Provides an interface for users to access exchange
You need to bundle a certificate on this role to ensure safety
Deployed in every Active Directory site has a mailbox server
You need quick link to the mail server
Should be deployed in the internal network
Hub Transport role (HUB)
Mail routing
The optional anti-virus and anti-spam protection
Mail policy compliance
You need a fast network link to the Mailbox server and GC
Each site in a mail server is required
Edge Transport server role (edge)
Internet mail delivery
Virus protection and spam
Edge Transport Rules
Address Rewriting
Can not be deployed along with other server roles
Not a member of an Active Directory domain
It should be deployed in the DMZ
Unified Messaging server role (UM)
Telephone answering
Receive faxes
Outlook voice access
Should not be accessed directly from the internet
You need to be able to access the mail server, the Hub Transport service and GC
You need access to a IP-pbx or voip gateway device
Exchange 2010 version
Standard and Enterprise Editions
Standard Edition supports five database, Enterprise Edition supports 100 databases
Unified media to identify the appropriate product version of the password entered.
Re-enter the key can be Standard Edition to the Enterprise Edition upgrade
The product key can not be applied to downgrade from Enterprise Edition to Standard Edition
Exchange server 2010 deployment
issue:
Prerequisites Exchange
| Domain functional level is at least windows server 2000 native mode The forest functional level is at least windows server 2003 mode Schema host must be more than windows server 2003 sp1 system Each site has a GC, operating system version windows server sp1 All exchange server must delete all 5.5 |
First, the need Active Directory Schema, the domain architecture
Second, the domain functional level version of the operating system ------ domain defining a domain controller
Window 2000 mixed mode, windows 2000 native mode, server 2003, server 2008, server2008 R2
、server 2012
Third, host operating fsmo ---- 1) schema host
Expansion schema must satisfy two conditions A: schema Admins must belong to Group B: With schema domain controller that the host must be able to work 2) domain naming master 3) PDC 4) RID 5) infrastructure master
Four, GC global catalog server, global catalog server
The computer must be GC gc domain controller is a special domain controller, conventional DC database holds information on all the objects of the present field; GC and information stored in the database for all objects throughout the forest
Exchange System Preparation
Component Requirements (typical)
Os: windows server 2008 sp2 x64 / R2 Standard Edition, Enterprise Edition
Microsoft powershell 2.0
Microsoft.net frameworks 3.5
AD management tool
Iis
Microsoft filter pack2.0
Net. Tcp port sharing services since the launch of service to adjust
Can I install Exchange on a domain control? Yes, but strongly recommended.
Demos exchange deployment
Exchange initial configuration
Exchange server 2010 Client Access
Client access method (1)
Mapi access
1, client access methods customized Microsoft exchange server access model, which is recommended by Microsoft exchange of
2, the client must install microsoft office outlook
3, the client uses mapi way to access exchange is a dynamic port
Note: Because of the way the MAPI mail, outlook and exchange port connection is dynamic, so if users need to dial the public Internet VPN to allow client access through the exchange Map
In the fixed port exchange 2007,2010 may be encapsulated into the dynamic ports in https, "outlook anywhere"
4, local mail storage Mapi client in cache * .ost file, and save the same exchange server database
5, Mapi client should be done regularly archive
Client access method (2)
Note: Pop3 --- 110 POP3S: 995
SMTP---25 SMTPS:25,ISA/TMG(465),Exchange(587)
Pop3 access -------- smtp
1, the most common public network incoming mail protocol
2. By default, messages received in the local * .pst, when a message is received local, server-side data will be deleted
3, pst file size limit (outlook xp: 2GB; office 2003.2007: 20GB; office 2010: 50GB)
4, pop3 protocol only the "Inbox" message received local
5, by default exchange pop3 service is not enabled
Client access method (3)
Owa visit
Under 1, by default, exchange can only be accessed by way of https
2, the user interface can be DIY owa login circumstances according to the company
Owa change the image path:
C:\program files\microsoft\exchange server\v14\client access\owa\14.2.639.21\thems\base
https://technet.microsoft.com/en-us/library/ee633483.aspx
http://telnetport.blog.51cto.com/3576840/697223
3, at the login screen, there is the difference between public and private computers
4, in the login interface, outlook web app light option
5, Owa at the time of authentication, need to "domain \ username" format
Exchange server 2010 Client Access Security
Exchange Secure Access
By default, Mapi way is secure
Demo: implementation of mail pop3s
Demo: https achieve send and receive mail
1, CA (certificate authority) and certificates What is the difference?
CA: The server is a service primarily used for the computer (user) to issue a certificate, called a server installation of CA certificate server
Certificate: CA acquired from a file (tool)
2. What is the role certificate?
1) security encryption -------- https: //
2) Authentication ------ U Shield
3, how to obtain a certificate?
1) purchase a certificate from a certificate provider public network
www.versign.com www.ssl.com www.wosign.con
2) Install Certificate Services on the internal server, and then be promulgated by the CA certificate
4. What is the difference Certificate and house purchase in the public network deployment CA deployment?
1) the same point: from the perspective of secure, encrypted, exactly the same
2) the difference between:
A: public certificate purchased online, the default case all clients are trusted issuing CA; CA default under the user's own deployment of mistrust
B: need to go up when a lot of encryption CA certificate validity checking, if the CA can not work properly, check it will end in failure, this can not be achieved encryption
Note: exchange certificate is a multi-domain certificate
Exchange server 2010 public release
TMG is the most important function of the network is divided into a large plurality of N network know
案列:----exchange服务器发布
1)允许内部网络到公网收发email,浏览网页
2)不允许财务部门的计算机上网
一个网段或者几个ip
3)阻止用户访问www.icell.com.cn
4)阻止下载exe或者扫描下载
Forefront TMG功能介绍和演示
发布smtp,pop3
发布https协议
Outlook Anywhere功能测试
SSL桥接模式大概步骤
1、必须把exchange证书私钥导入到TMG服务器
2、务必确保TMG信任内部CA
3、在TMG中能解析出exchange访问的域名
Exchange server 2010邮件收发
邮件的收发过程:
客户端把邮件上传到邮件服务器中的“发送列表” 邮件服务器根据收件人的地址转换成MX对应的A记录(ip地址)寻找收件人的邮件服务器
----公网的邮件服务器间传输邮件一定是SMTP协议(25)---匿名访问
Exchange 2010边缘服务器部署和应用
一、边缘服务器功能
是内部服务器和公网smtp服务器间的一道安全屏障
主要作用:接收和发送公网邮件,防病毒、防垃圾邮件
二、部署条件
1、工作组环境的服务器(DNS地址指向内部DNS)
2、添加域名后缀
3、在内部dns添加A记录指向边缘服务器
4、Microsoft.net.framework3.5
5、ADLDS(活动目录轻型目录服务)
6、RSAT-ADDS(活动目录域管理工具)
三、边缘服务器部署
四、边缘订阅
1、主要让HUB服务器把域中的信息同步给Edge上的ADLDS数据库
2、能够自动配置HUB、Edge和internet的邮件流
3、边缘订阅是定向的,只能HUB服务器把域信息同步给Edge,使用的端口是50636
使用exchange management shell工具将边缘服务器的配置信息导出.xml格式文件
例如:new-edgesubscription -filename “c:\edgefile.xml”
测试是否能同步:test-edgesynchronization
同步:strat-edgesynchronization
五、反垃圾邮件
Exchange 2010 UM部署和应用演示
UM功能基本介绍
演示案列介绍
Lync部署
Exchange um部署
语音整合
Exchange 2010 实用功能演示(上)
议题
1、设置单封邮件大小
-----发送邮件----
1)如果设置全局中单封邮件,公司内部发送(MAPI,OWA)默认可以 2)如果公司内部使用SMTP(587端口)发邮件,需要设置587端口的连接器 3)如果控制发送到外网的单封邮件,必须修改‘’发送连接器‘’中单封邮件大小
-----接收邮件-----
1)全局中接收邮件的大小2)如果控制接收外网单封邮件,必须修改“接收连接器“中邮件大小
个人:个人邮件大小权限大于全局
2、设置邮箱大小
1)全局
2)个人
3、代表发邮件:
使用场景(老板与秘书)
4、查看用户邮箱
使用场景:调查员工通过邮箱泄露商业机密
5、邮件存档
1)在客户端outlook设置,邮件存储在本地
2)在exchange服务器上创建存档数据库,数据存档在服务器上
6、https自动跳转
7、owa页面修改过期密码
在exchange注册表的
HEEY_LOCAL-MACHINE\SYSTEM\CurrentControlset\services\MSExchange owa下
新建数值名称:ChangeExpiredPasswordEnabled值 类型:reg_DWORD数值数据:1
8、邮件审核发送
常用场景:(经理——下属)关系
Exchange 2010 实用功能演示(中)
一、使用owa更改密码
二、为用户添加照片
Regsvr32 schmmgmt.dll
1、是AD中thumbnailphoto字段
2、在EMS中,使用如下命令完成插入
Import-RecipientDataProperty -Identity "XXX" -Picture -FileData ([Byte[]]$(Get-Content -Path "C:\p\x.jpg" -Encoding Byte -ReadCount 0))
3、使用ADSIEDIT进行校验
4、拓展:使用sharepoint个人portal来上传照片
三、分层通讯录
1、如果exchange server sp1及以上版本自带功能,如果without sp1,需要扩张ADDS架构,参考http://support.microsoft.com/kb/973788
2、配置过程
3、DistinguishedName
4、MsExchHABRootDepartmentLink
5、MsOrg-lsOrganizational-配置通讯组是否 启用分层通讯录
6、MsDS-HABseniorityIndex-设置优先级,数值越大,优先级越高
四、Exchange和ADRMS整合
1、ADRMS与office的整合
2、ADRMS与exchange的整合
五、传输规则案列
1、案列:传输规则中加入RMS规则
2、添加免职声明
3、邮件审批
六、资源邮箱
1、资源邮箱记录了资源的使用情况
2、使用资源实现会议室预定
Exchange 2010 高可用(上)
历数exchange高可用发张历程
Exchange 2010高可用模型
一、mailbox-DAG
DAG部署前提条件
1)os:win2008 enterprise / Datacenter
2)exchange 2010标准版和企业版支持
3)DAG是CCR增强功能
4)DAG服务依赖故障转移群集服务,最多支持16个副本
5)DAG在部署的时候不需要共享存储,为中小型企业大大节约成本
DAG是CCR扩展来的
1)不需要共享存储
2)使用群集服务
3)最多支持16个节点(受操作系统限制)
4)配置DAG的服务需要两块网卡
5)在DAG架构中,需要见证服务器,可以是HUB,也可以是同域中的一台member server
DAG的见证服务器要求
1、当DAG成员为偶数是,需要见证服务器实现和维护仲裁,如果为奇数是=时候,不需要见证服务器
2、见证服务器不能是DAG的成员,一般建议hub、dc充当见证服务器。
3、见证服务器必须与DAD位于一个AD林中
4、一台见证服务器可以充当多个DAG的见证,但是每个DAG见证需要有自己独立的目录
二、hub-nlb
(出去)发送连接器 接收连接器(进来)
三、cas-cas array
1、内网
2、外网(outlook anywhere /防火墙/DNS)
3、用户访问方式
1)Owa,2)pop3,3)outlook(Mapi)
Exchange2007和2010
Outlook方式:在exchange2007中直接到mailbox
在exchange2010中找Cas
Exchange 2010高可用(主要)
1、Mailbox-Dag 2、HUB-NLB 3、CAS-CAS Array
Mail角色高可用介绍
演示:配置mailbox高可用
高可用概念
“高可用性”(high Availability)通常来描述经过专门设计具备容错功能的系统,从而减少停工时间,而保持其服务的高度可用性。
工作组计算机实现discover配置
Exchange 2010 高可用(下)