Sunday, March 22, 2009

How to Migrate from Exchange 2000/2003 to Exchange 2007 "Transitioning Guidelienes"

The transition process from Exchange 2003 to Exchange 2007 is a relatively straightforward process and involves the following high level tasks:

  1. Prepare the Active Directory directory service, you can extend the Active Directory schema and create the Active Directory objects and universal security groups to support Exchange 2007 before you install the server roles. Run setup.com /PrepareAD from the command line on the domain controller that is the schema master at the forest root. When you run setup.com /PrepareAD, the task setup.com /PrepareLegacyExchangePermissions also runs to create the universal security group that is granted permissions to send e-mail to Exchange 2007 Hub Transport servers.
  2. Supress minor link state updates on all Exchange 2003 front end servers.
  3. Deploy Exchange 2007 CAS/HUB servers in the same organization/forest as the existing Exchange 2003 servers and choose FE_SERVERNAME as the routing group connector destination

    Note: Using an Exchange Server 2003 front-end server together with an Exchange 2007 Mailbox server is not supported.
  4. Configure the routing group connector to use all Hubs servers.
  5. Deploy the Edge servers
  6. Configure the external firewall to allow for outbound SMTP traffic from the Edge servers.
  7. Configure Edge Sync subscription and rest of the Edge settings.
  8. Configure the external firewall 1:1 NAT for both Edge servers to allow for incoming SMTP traffic.
  9. Delete the old SMTP connectors.
  10. Deploy Exchange 2007 mailbox servers
  11. Configure Public folder replication
  12. Configure the CAS web services virtual directories by following the below steps:

    a. Configure CAS OWA virtual directories to support integrated authentication and to set the the external URL

    b. Configure Outlook Anywhere internal/external URLs with Integrated authentication and set the External/Internal URLs

    c. Configure ActiveSync external URL

    d. On the Exchange 2003 backend clusters; configure the ActiveSync virtual directory to use Integrated Authentication

    e. Configure OAB URLs using the Exchange Management Console and configure it to use HTTPS instead of HTTP
  13. Configure rest of the CAS settings
  14. Publish the ActiveSync through ISA 2006
  15. Test co-existence between both servers:

    a. GAL co-existence is automatically achieved since all servers share the same Active Directory information. This means the GAL will appear the same for both Exchange 2007 and 2003 users

    b. Email connectivity between Exchange 2003 to Exchange 2007 servers will automatically be enabled because of the Routing Group Connector created by the installation of the Hub server role
  16. Move sample mailboxes using the Exchange 2007 move mailbox wizard or cmdlet as a test for the migration

    Note: You do not need to move your existing contacts or distribution groups. They will be available in Active Directory even if you remove your Exchange 2003 or Exchange 2000 servers
  17. On an Exchange 2007 server, for each offline address book (OAB), move the generation process to an Exchange 2007 server. For detailed steps, see How to Move the Offline Address Book Generation Process to Another Server.
  18. Upgrade the email address policies
  19. Upgrade the address lists

    Note: Use the LDAP to OPATH converter tool
  20. Change the routing group connectors to use the Exchange 2003 backend server
  21. Decommission Exchange 2003 Front End servers
  22. Move rest of the mailboxes to the Exchange 2007 mailbox cluster

    Note: If you have any Exchange 2003 or Exchange 2000 recipient policies that have not been applied, moving the mailboxes to an Exchange 2007 server will force the recipient policies to be re-evaluated and applied. Before you move mailboxes, make sure that you want to apply all of the existing recipient policies. If you have an existing recipient policy that you do not want to apply, clear the automatically update e-mail address based on e-mail address policy check box in Active Directory Users and Computers. For more information, see the Exchange Server Team Blog article Yes, Exchange 2007 really enforces Email Address Policies.

    Note: The old Exchange 2003 backend will be running for at least 1 week in order to allow Outlook clients to automatically update their profile to point to the new Exchange 2007 mailbox cluster, otherwise, if the cluster is decommissioned immediately, clients will not be able to access their mailboxes until their profiles are modified to use the new Exchange mailbox server. KOC must ensure that all Outlook clients will logon at least once during this week for their profiles to be updated. Clients that do not logon before the old cluster is decommissioned must be updated manually. Exprofile can be configured to run as a logon script for the MAPI users to automatically configure their Outlook profiles to use the new mailbox server.
  23. Remove the Exchange 2003 backend servers. The decommissioning of the Backend servers should be conducted after making sure that all clients are redirected to the Exchange 2007 servers
  24. Remove the last Exchange 2003 server from the organization. For detailed steps, see http://technet.microsoft.com/en-us/library/bb288905(EXCHG.80).aspx
    Note that these are just a guidelines to help in your migration planning, i'm not covering all of the scenarios and situations which will vary according to the environment design & setup.

I hope the above steps will be useful to the readers, as the above steps i always use in my deployments for customers.

Tuesday, March 10, 2009

Best Practices and Guidelines for Hyper-V with Exchange Server 2007 SP1

Am Back Again :)

Today we will talk about the new Hyper-V technology support for the Messaging virtualization from Microsoft, Microsoft released its hardware virtualization software a while ago and eventually the Exchange Server 2007 SP1 is supported in the production environment, in able to make it supported, certain aspects and conditions must be met otherwise you will put yourself in unsupported situation, in this document we will refer to the Windows Server 2008 that will hold the Hyper-V component and will host the virtual servers as the Root, the Virtual Machine that will be running on the Hyper-V are called the Guest, so let's start..

First let's list some of the supported software to fully function in the production over a virtualized environment, below are the list with the latest updates on 26th August 2008:
  • Microsoft Application Virtualization (App-V)
  • Microsoft BizTalk Server
  • Microsoft Commerce Server
  • Microsoft Dynamics AX
  • Microsoft Dynamics CRM
  • Microsoft Dynamics NAV
  • Microsoft Exchange Server (Except UM role)
  • Microsoft Forefront Client Security
  • Microsoft Intelligent Application Gateway (IAG)
  • Microsoft Forefront Security for Exchange (FSE)
  • Microsoft Forefront Security for SharePoint (FSP)
  • Microsoft Host Integration Server
  • Microsoft Internet Security and Acceleration (ISA) Server
  • Microsoft Office Groove Server
  • Microsoft Office PerformancePoint Server
  • Microsoft Office Project Server
  • Microsoft Office SharePoint Server and Windows SharePoint Services
  • Microsoft Operations Manager (MOM) 2005
  • Microsoft Search Server
  • Microsoft SQL Server 2008
  • Microsoft System Center Configuration Manager
  • Microsoft System Center Data Protection Manager
  • Microsoft System Center Essentials
  • Microsoft System Center Operations Manager
  • Microsoft System Center Virtual Machine Manager
  • Microsoft Systems Management Server (SMS)
  • Microsoft Visual Studio Team System
  • Microsoft Windows HPC Server 2008
  • Windows Server 2003 Web Edition
  • Microsoft Windows Server Update Services (WSUS)
  • Windows Web Server 2008

Conditions to support Exchange Server 2007:

  • In Microsoft virtualization environment, it must be Windows Server 2008 Hyper-V x64 (Not Virtual Server NOT virtual PC)
  • The Virtualization software other than Microsoft Hyper-V must pass the Server Virtualization Validation Program SVVP (at this moment only Hyper-V passed this test)
  • Exchange Server 2007 must be with SP1 or later
  • Exchange Server 2007 with SP1 must be installed on a guest operating system running Windows Server 2008 x64
  • Support high availability and Exchange clustering Local Continuous Replication, Cluster Continuous Replication, Single Copy Cluster and Standby Continuous Replication. However when using Quick Migration with Hyper-V the CCR and SCC will not be supported.
    Exchange Server 2007 installed without the Unified Messaging Server role, the UM server role is not yet supported
  • If you will use virtual hard disks, Only Fixed Size Disks are supported. Differencing, dynamically expanded or any virtual storage are not supported, ONLY FIXED SIZE HARD DISK is supported as virtual disk type
  • The Root Server (the one that run the Hyper-V components) must be dedicated server for that purpose, it's not supported to install any other software on the Root server, it should function only as Hyper-V Server
  • Hyper-V include a feature called snapshots that you can revert the system back to this captured state, but it's not supported with Exchange Server 2007 Virtual Guest as the Snapshot is not Exchange-Aware
  • The virtual processor-to-logical processor mapping must not exceed 2:1 otherwise it's not supported, that's mean if you have server with two processors with dual core, that's make total of 4 logical processors, the maximum supported is 2:1 which is 8 CPUs in this case, note that these 8 CPUs is the maximum allowed per ALL guests on the same root
  • hardware-based VSS solutions is not supported to back up virtualized Exchange Server

Guidelines, Recommendations and best practices:

  1. Use pass-through SCSI storage disks or internet iSCSI storage for better performance
  2. Before creating virtual disk, it's recommended to start disk defragment on the root server to reduce disk fragments
  3. Install the integration services on the guest operating system
  4. Ensure that an enforced Data Execution Prevention (DEP) must be available and enabled on the hardware level
  5. Keep in mind that if you will use Windows Server 2008 datacenter Edition, you physical memory can support up to 1 TB (TERABYTE) of memory, with enterprise edition you limited to 64 GB, and for standard only 32 GB of memory
  6. Hyper-V is supported on physical computers with up to 16 logical processors.
  7. You can use TPM chip with Bit Locker ® security feature of Windows Server 2008 to secure your virtual hard disks
  8. The virtual fixed size hard disk is limited in size to 2040 Gigabyte of disk space, while the pass-through physical disks are not limited to a space
  9. You can take up to 50 snapshots of per guest, it's supported only to make your backup solution for a recovery of Exchange disasters
  10. When allocating the number of virtual processors don't forget the root server share of the
    Use Windows System Resource Manager WSRM to control the resources utilization
  11. When calculating the total number of virtual processors required by the root machine, you must also account for both I/O and operating system requirements. In most cases, the equivalent number of virtual processors required in the root operating system for a system hosting Exchange virtual machines is 2. This value should be used as a baseline for the root operating system virtual processor when calculating the overall ratio of physical cores to virtual processors. If performance monitoring of the root operating system indicates you are consuming more processor utilization than the equivalent of 2 processors, you should reduce the count of virtual processors assigned to guest virtual machines accordingly and verify that the overall virtual processor-to-physical core ratio is no greater than 2:1.
  12. The Exchange server guest machine's storage and network design requires additional considerations for the root machine, specifically, the impact to the CPUs on the root machine. In some hardware virtualization environments (such as Hyper-V), all I/O requests that are made by guest virtual machines are serviced through the root machine. In these environments, we recommend that no other I/O intensive applications (for example, Microsoft SQL Server) be deployed on guest machines that are hosted on the same root machine as Exchange server guest machines.
  13. Use multiple network adapters for network-intensive VM workloads, and management
  14. Ensure your storage hardware has I/O bandwidth and capacity to meet current and future needs of the VMs.
  15. Consider Placing VMs with highly disk-intensive workloads on different physical disks will likely improve overall performance
  16. If using clustering, make one Exchange cluster node on one Root, and the other node on another Root to truly achieve high availability