Integrating ISA Server 2006 with Microsoft Exchange 2007 (eBook)

Front Cover 1
Integrating ISA Server 2006 with Microsoft Exchange 2007 2
Copyright Page 3
Lead Author 4
Technical Editor 4
Contributing Authors 5
Contents 6
Foreword 16
Chapter 1: Introducing Exchange Server 2007 SP1 18
Introduction 19
What’s New? 19
Features They Couldn’t Finish in Time 19
Public Folders through OWA 20
S/MIME 20
Monthly Calendar View 20
OWA Customization 20
Right-Click Move/Copy 21
Server-Side Rules 22
Bulk Mailbox Creation 22
Import/Export PST Files 25
Public Folder Management 26
POP3/IMAP4 Management 26
More GUI Options 26
Message Size Limits on AD Site Links and Routing Group Connectors 28
Management 29
Toolbox 29
Messaging Records Management on Default Folders (with Std CAL) 30
Monitoring Online Defragmentation 30
Management Console “Export List” 30
Windows Server 2008 Support 31
IP Version 6 31
Virtualization 32
High Availability 32
Standby Continuous Replication 32
Multi-Subnet Failover Clusters 33
Cluster Monitoring/Reporting 33
I/O Performance on Passive Node 34
More Efficient Cluster Failover 34
Continuous Replication over Redundant Networks 34
Client Access 35
ActiveSync 35
Mobile Device Policies 35
File Server Access via Windows Mobile 36
Direct Push Performance Improvements 36
Remote Wipe Confirmation 37
ActiveSync Default Mailbox Policy 37
Sync State with Mailbox Moves 37
Outlook Web Access 37
WebReady Document Viewing Enhancements 37
Create/Edit Personal Distribution Lists 38
Transport 38
TransportConfig Object Cloning 38
Priority Queuing 38
Scoped Connectors 39
Unified Messaging 39
Quality of Service (QoS) Using DiffServ 39
InBand Fax Tone Detection 39
SP1 Features with Office Communications Server 2007 39
Web Services 40
System Requirements/Recommendations 40
X64 Architecture-based Computer 40
Windows Server 2008 Prerequisites 41
Upgrading to Service Pack 1 42
Prepare Active Directory 43
Schema 43
Active Directory 43
Domains 43
Upgrade Order 43
Upgrading Clustered Mailbox Servers 44
Upgrading a Cluster 44
Chapter 2: Architecting an Exchange Server 2007 Solution 48
Introduction 49
Areas of Usage for Exchange Server 2007 49
Using the Exchange Management Console 50
Main Aspects of the Exchange Management Console 51
Organization Configuration 55
Server Configuration 56
Recipient Configuration 57
Toolbox 58
Using the Exchange Management Shell 59
Recipient Management 60
Identifying Different Types of Recipients 60
Public Folder Management 62
Managing Public Folders with Outlook 2007 63
Public Folder Databases and the Exchange Management Console 64
Storage Groups 69
Using Storage Groups 69
Multiple Databases 70
Creating Storage Groups 72
Managing Storage Groups 74
Server Role Management 74
Server Roles Deployment 76
Creating SMTP Connectors 77
Message Routing 77
Transport Protocols 78
Edge Transport and Hub Transport Servers 79
Edge Transport Deployment and Management 79
Installing Active Directory Application Mode 80
Deploying the Edge Transport 80
Verifying the Edge Transport Server’s DNS Suffix 81
Subscribing the Edge Transport Server to the Exchange Server 2007 Organization 81
Exporting an Edge Subscription File on the Edge Transport Server 83
Copying the Edge Subscription File to a Hub Transport Server 84
Importing the Edge Subscription File on a Hub Transport Server 84
Management Shell Management 85
Verify Synchronization Success 86
Force Synchronization 86
Forefront Client Security 86
Managing Anti-Spam Features of Exchange Server 2007 88
Content Filtering 88
Summary 91
Chapter 3: Guarding Microsoft Exchange Server and Outlook Web Access 92
Introduction to Microsoft Forefront Server for Exchange 93
Implementing Microsoft Forefront Server for Exchange 93
Planning a FSE Deployment 94
Antivirus Scanning 94
Message Filtering 96
Installing Forefront Server for Exchange 98
Configuring Microsoft Forefront Server for Exchange 103
Settings 104
Scan Job 104
Transport Scan Job 105
Real Time and Manual Scan Jobs 106
Antivirus 107
Scanner Updates 109
Redistribution Server 111
Templates 111
General Options 113
Diagnostics 114
Logging 115
Scanning 116
Background Scanning 118
Filtering 119
Content 119
Keyword 121
File 122
Allowed Senders 124
Filter Lists 125
Operate 125
Run Job 126
Schedule Job 127
Quick Scan 128
Report 128
Notification 128
Incidents 129
Quarantine 130
The Importance of Securing Outlook Web Access 132
The Security Problem 132
The Security Solution 134
Securing Your OWA Connection 135
Publishing Outlook Web Access in the Internet Application Gateway 135
Adding OWA to the IAG (Portal) 136
IAG 2007 136
Server Roles 137
Activating the Configuration 144
Client to Connect to the IAG 145
IAG Portal Web 146
Redirect the Trunk on SRV1 147
“Client” to Connect to the IAG 148
Examining the Rules Added to the ISA Configuration 149
ISA Rules 149
Securing the Outlook Web Access Interface 150
IAG Server 150
Summary 155
Chapter 4: Publishing Exchange 2007 156
Introduction 157
Lab Configuration 158
Setting up a Lab 159
Why Use ISA Server 2006? 160
The Benefits of ISA Server 2006 160
Web Publishing Rules 161
Typical ISA Server Configurations 168
Front-end or Edge Firewall 169
Back-end Firewall 170
Configuration Options/Requirements 171
Single-Homed ISA Server 172
Dual-Homed ISA Server 173
Multihomed ISA Server 174
Security and Authentication 174
User Validation Methods 174
Pre-Authentication 176
The Pre-Authentication Process 176
Kerberos Constrained Delegation 177
Pre-Authenticating Using NTLM and Certificates 178
Using Certificates 179
What about Standard Certificates? 181
Creating SSL Certificates for Exchange 181
Organization Name 182
Subject Alternative Names 182
Creating the Certificate Request 182
Importing the Certificate 186
Transporting the Certificate 186
The Autodiscover Service 188
Outlook and Autodiscover 189
Internal Autodiscover Process 190
External Autodiscover Process 192
Autodiscover Scalability 194
Publishing Autodiscover to the Outside World 194
Methods of Publishing Outlook Anywhere and Autodiscover (with ISA Server 2006) 195
Use a Subject Alternative Name Certificate 196
Unencrypted HTTP 196
SRV Record-based Autodiscover 196
Autodiscover HTTP Redirect 198
Creating the Autodiscover Redirect 199
Redirects for Additional Domains 202
Using a Separate IP Address and Listener 202
Using Two Publishing Rules 203
Using a Single Publishing Rule 205
Autodiscover for Multiple SMTP Domains 209
Use a Wildcard Certificate 213
Publish Everything Using .autodiscover.domain.com 215
Outlook Anywhere and NTLM Authentication 215
Windows Vista and NTLM Security 220
Authentication Using Client Certificates 221
Client Certificates 222
Public or Private Certificates 222
Configuring Certificate Security for Mobile Devices 223
Infrastructure 223
Prerequisites 224
Configuration 225
Web Listener 225
Publishing Rule 227
Kerberos Delegation 228
Client Access Server Configuration 228
Enrolling Mobile Device Client Certificates 229
Restrict the Certificates Clients Can Present 231
ActiveSync Policies 232
Publishing for Resilience 233
ISA Server Enterprise 233
Firewall Arrays 234
Network Load Balancing 234
Enterprise and Array Policies 235
Network Load Balancing for Client Access and Hub Servers 235
NLB for Exchange Services, and Their Supportability 237
Configuring an NLB CAS and Hub Cluster 238
Notes on Unicast and Multicast 238
SMTP Traffic—Incoming 249
Configuring the Receive Connector 251
Testing the Connector 252
SMTP Traffic—Outgoing 253
Using an External Edge Transport Server 255
EdgeSync 256
Enabling EdgeSync 257
Client Access 257
Publishing Web Services Using a Web Farm 258
Creating the Web Farm Publishing Rule 261
Load Balancing Mechanisms 263
Session-based Affinity 263
IP-based Affinity 263
Publishing All Web-based Exchange Services to the Web Farm 263
Other Client Protocols 265
The Value of SAN Certificates 266
Internal SAN Certificates 266
A Typical Certificate Infrastructure 267
Troubleshooting 269
General Troubleshooting 269
Outlook Anywhere Problems 271
ActiveSync Troubleshooting 271
ISA Best Practice Analyzer 272
Chapter 5: High Availability with Exchange 2007 274
Introduction 275
High Availability Strategies and Options 275
Server Resilience 275
Site Resilience 276
Lab Configuration 276
New and Improved in SP1 279
Standby Continuous Replication 279
Windows 2008 Support 280
Multiple Site Failover 280
DHCP Support 281
IPv6 282
New Quorum Models 282
Replication over Redundant Cluster Networks 284
Performance Improvements 285
Passive Node Log Replay 285
Database Checksumming and Passive Node Backups 286
Page Dependencies and Partial Merges 286
Transport Dumpster Improvements 288
Reporting and Monitoring Improvements 288
Management Console Additions 288
Local Continuous Replication 289
Requirements 290
Implementing LCR 290
Managing and Monitoring LCR 292
Cluster Continuous Replication 294
Requirements 296
Implementing CCR on Windows Server 2008 297
Networking 297
Cluster Quorum 298
Installing Exchange on the Cluster 299
Enable Replication over a Redundant Network 301
Testing Replication 303
Configuring the Transport Dumpster 303
Standby Continuous Replication 304
Requirements and Features 306
SCR and Public Folders 307
Implementing SCR on Windows Server 2008 308
Activating SCR 308
Storage Planning 308
Moving the Databases in a CCR Environment 310
Configuring Replication 311
Creating a New SCR-Enabled Storage Group 313
Checking Passive Copy Integrity 313
Database Activation 316
SCR Deployment Scenarios 316
Nonclustered Mailbox Servers 316
Clustered SCR Target Mailbox Servers 317
LCR/SCR Combination 317
Economics of Continuous Replication 318
Troubleshooting High Availability Configurations 319
Chapter 6: Disaster Recovery Options 322
Introduction 323
Test Environment 323
Backing up Exchange 324
Data Retention 325
Backup Methods 326
Streaming and VSS-based Backups 327
Other Snapshot Backups 328
Backing up in HA Configurations 328
Backing up with Data Protection Manager 328
Database Backups 329
Log Synchronization 331
Storage 332
Server Protection 332
Prerequisites 335
Exporting Mailboxes 335
Manually Backing up Using PowerShell 335
Restoring and Recovering Exchange 336
Recovery Tools in Exchange 336
Toolbox Tools 336
Database Recovery Management 336
Database Troubleshooter 338
Command-Line Tools 338
Database Recovery 339
Restoring Databases to Another Server 339
Mailbox Recovery 339
Limitations 340
Dial-Tone Recovery for Immediate Service Continuation 340
Create Empty Database and Get Users Online 341
Exchange Recovery Mode 341
Restore or Repair the Original Database 342
Swapping the Databases 344
Merging the Databases 345
On Dial-Tone Portability 347
Recovery in Continuous Replication Scenarios 347
Activating an LCR Database Copy 347
Modifying the Exchange Configuration 348
Modifying Operating System Parameters 349
Recovering from a CCR Database Failure 351
Prepare/Repair and Mount the Passive Database 351
Bring the Broken Node Back Online 353
Repair Database Replication 353
Activating an SCR Database Copy 354
Activation Using a Clustered Mailbox Server 355
The DR Scenario 355
Preparing the Database(s) for Recovery 355
Configuring the Clustered Mailbox Server 357
Recovering the Databases 359
Disadvantage of Using a Clustered Target Server 359
Activation Using Database Portability 360
Restore the Database 360
Configure the Destination Storage Group and Database 361
Mount the Database 363
Modify Active Directory Settings 363
Activation Using a Standalone Server Recovery 364
Restore the Database 365
Prepare the Exchange Target 365
Check the Database 366
Bring Database Online 366
Restoring SCR after a Recovery 367
Reconfiguring SCR Replication 367
Removing a Clustered Mailbox Server 368
Managing the Controlled Switchover 368
Transport Queue Database Recovery 368
Recovering a Queue Database 369
Summary 371
Index 372