Acronyms Management and Monitoring Exchange Server 2007 Management Pack for Exchange Server 2007 High-Level Architecture

t and Monitoring Exchange Server 2007 Management Pack for Exchange Server 2007 High-Level Architecture Edge Transport Server Role
System Center Operations Manager 2007
The Edge Transport server runs in the perimeter network and provides message hygiene and security over untrusted networks.
With the Exchange Management Shell, administrators can
manage every aspect of Microsoft Exchange Server 2007. Operations Active Directory Requirements Anti-spam and antivirus filters
They can enable new e-mail accounts and configure Manager Active Directory Forest · Domain functional level at Windows 2000 native or · Connection Filter
Microsoft Exchange EdgeSync service pushes information
from Active Directory to ADAM instance on Edge Transport server
Exchange management tools include: Server higher.
SMTP connectors, store database properties, transport · Address Rewriting Agent · The Edge Transport server role cannot coexist on the using secure LDAP:
· Exchange Management Shell · Schema master must run Windows Server 2003 SP1 or
AD agents, and more.
Active Directory Active Directory Site Active Directory Site · Edge Rule Agent Synchronize recipient information (every 4 hours)

priority
Monitor all Exchange later. same computer with any other server role.
Active Directory · Exchange Management Console · Sender ID Agent Synchronize configuration information (every 1 hour)
Server Roles Domain · At least one domain controller, in each domain, running · Recommendation: Install Edge Transport server role
Exchange Management Shell · Recipient/Sender Filter
ADAM · Exchange Help file Controller Windows Server 2003 SP1 or later.
· Content Filter
on a computer that is not part of a domain.
· At least one global catalog server (running Windows
Active Directory Application Mode Key features of the Exchange Management Shell: · Exchange Best Practices Analyzer tool Key Monitoring Scenarios · Attachment Filter
Server 2003 SP1 or later) in every Active Directory site ADAM Active Directory Site
BITS · Exchange Troubleshooting Assistant tool · Virus Scanning
· Command-line interface · Are all Exchange services running? Hub Hub which hosts Exchange Server 2007. Internet Instance
Background Intelligent Transfer Service · Piping of data between commands · Are all databases mounted and do disks have LD Transport · Recommendation: 4:1 ratio of Exchange processors to Edge Transport
CAS · enough free space? AP Transport global catalog server processors
·
Structured data support
· Can Microsoft Office Outlook 2007 clients
Unified Server
Server Server SMTP Send
TCP Port 50636

AP
Extensive support for scripting AD Domain DNS Connector
Client Access Server Messaging

LD
· Safe scripting connect and is performance good? Controller Microsoft Exchange Hosted Services MX

LD

LDAP
SMTP Send Connector
DNS · Is e-mail flowing between servers?

AP
· Access to cmd.exe commands Server SMTP TLS
Record SMTP Receive AD Domain
Domain Name Service · Trusted scripts Cmdlet · Is Exchange performing efficiently and reliably? Only requires one MX record (resolves to the Exchange
Connector SMTP Receive Connector Controller
· · Is Exchange configured correctly and is it secure? IP Hosted Services network). Allows IP address of Hub Transport Server
EWS Profile customization
corporate e-mail server to remain hidden.
Incoming Deliver
· Extensible shell support gateway SMTP Hub Transport
Exchange Web Services E-mail server
Export Import
The Exchange Server 2007 Management VoIP Global Datacenter Network
IIS Pack for System Center Operations
Internet Information Services · Exchange Management Shell built on Microsoft Windows PowerShell technology. Manager 2007 contains rules to monitor a Edge Subscription
IMAP4 · Exchange Management Console uses the same Windows PowerShell cmdlets as those comprehensive array of server health Run once to establish connection and automatically configure SMTP connectors
Hosted

MAPI RPC
available via the Exchange Management Shell. indicators and create alerts when Quarantine to route e-mail to and from the Exchange Organization and the Internet.
Internet Message Access Protocol 4 Non-delivery

Edge Blocking Services

problems are detected, or when Archive
· All administrative actions are scriptable in Exchange Server 2007 using Windows PowerShell. receipt
OAB Discard

Hosted Encryption
reasonable thresholds are exceeded.
MA Hosted
Offline Address Book PI or Filtering
OWA RP
Outlook Web Access PBX C

SM
Hosted
PBX
Unified Messaging Server Role

VoIP

TP
Hub Transport Server Role

Ed
Client Continuity
Private Branch Exchange

ge
Mailbox Access

TLS
Syn
POP3 Server Server

c
Post Office Protocol 3 The Unified Messaging server role enables Unified Messaging for an Exchange Server 2007 organization. Unified Messaging The Hub Transport server role handles all e-mail flow inside the organization, applies transport rules, applies journaling

(TC
PSTN combines voice messaging, fax, and e-mail messaging into a single messaging infrastructure. Exchange Web

P
Quarantine policies, and delivers messages to a recipient's mailbox.

506
Suspected Spam
Public Switched Telephone Network Active Directory
Services
& Content

36)
RPC Active Directory UM Objects Domain Controller
HTTPS · Exchange Server 2007 topology relies on the Active Directory site
Remote Procedure Call MAPI RPC The Hub Transport server role must be deployed
Consolidation: Place all Internal External topology for internal routing and does not have its own configuration.
SIP
Supports incoming fax
Business (and TCP/IP NetBIOS in every Active Directory site that contains other
Dial Plan services. A fax message is Unified Messaging servers file sharing) Firewall Firewall · Messages are sent directly from the source server to the target
Session Initiation Protocol sent to the user's mailbox as Unified in a central location, and Applications Mailbox Exchange Server 2007 server roles.
server, reducing the number of hops a message takes during
SMB Messaging Client Server

MAPI RPC
Users Auto Attendant 1 an e-mail message with a .tif 2 then deploy IP gateways in delivery.
Server Message Block Auto Attendant 2 image file attached. Server 3 each of your branch offices. Access Categorizer: Component of the · If network problems or firewalls prevent a message from being sent
SMS 4 3 Server Microsoft Exchange Transport service directly to the target server, the message is delivered to a Hub
External E-mail that processes all incoming messages
Short Message Service

HTTPS
UM Mailbox Policy 1 Transport server as close as possible to the destination, following a

Internet
and determines what to do with the least-cost route calculated using the site link costs.
SMTP UM Mailbox Policy 2 4
messages based on information about
5 Hub Transport
Simple Mail Transfer Protocol Unified Server Edge Transport the intended recipients. Hub Transport Server
SOAP UM Hunt
Messaging
Servers IP Gateway Server Microsoft Exchange Active
Simple Object Access Protocol Group RPC over HTTP Internal Pickup Directory Directory Topology service
4 Replay Directory · Transport Rules
TLS Outlook Client
UM IP 3
Internal · Exchange Configuration
Transport Layer Security One Inbox To use anti-spam features on the

SMTP RECEIVE Connectors

Gateway 6 Firewall
· Active Directory Site Topology
Hub Transport server, register the
UM Unified messaging puts all a
Internal Clients
Store Driver
· Outlook Web Access RPC over HTTP (Outlook Anywhere), HTTPS agents in a configuration file and
Unified Messaging PBX UM-enabled user’s e-mail, · Exchange ActiveSync enable features by running Exchange E-mail messages
VoIP voice, and fax messages into · POP3 and IMAP4 clients Management Shell script. from OUTBOX
PBX 2 Perimeter Network
Voice over IP IP PBX their Exchange 2007 mailbox External Clients
WSS Outlook Voice Access UM Web Services that can be accessed from a · Outlook Anywhere Submission Queue E-mail messages
ISA Server 2006 and Exchange Server · Outlook Web Access
Windows SharePoint Services 1. UM-enabled user dials the subscriber
variety of devices. Exchange Server 2007 includes the following server roles: Installing Exchange Server Roles 2007 were developed to coexist and
E-mail FROM Internet to INBOX
· Exchange ActiveSync
Internal Phones

access number configured on a dial plan. If server roles are not installed on a single provide an increased level of security · POP3 and IMAP4 clients Categorizer
2. A UM server associated with the dial plan Mailbox Server Back-end server that can host mailboxes and public folders. computer, install the Exchange Server 2007 for your messaging environment.
server roles on separate computers in the Agent Processing Forefront Security for Exchange
checks Active Directory for address and Exchange E-mail
2 1 Server antivirus agent (Optional)
access information. following order: FROM other AD sites Submitted messages
Mailbox Client Access Server Middle-tier server that supports the Microsoft Outlook Web
Client Access

Legend
3. User logs on to mailbox. Server 1. Client Access server role Coexistence with Exchange 2000 and Exchange 2003
Server
4. Interaction with the user’s mailbox can
Access (OWA), Microsoft Exchange ActiveSync and Outlook Anywhere client 2. Hub Transport server role Edge Transport Recipient Resolution
· Exchange Organization in Exchange Native Mode (Subscribed to Hub
Journaling agent
occur using the voice user interface or the PSTN Play on Phone applications and the POP3 and IMAP4 protocols. The Client Access server also 3. Mailbox server role
· Exchange Server 2007 routing group Transport Server) Routing · When a message matches a journal

DWBGZMFD01QNBJR (Caesar cipher)

touch tone interface. The mailbox owner 4. Unified Messaging server role Hub Transport
1. User receives a voice mail message and selects the Play on hosts Exchange Web Services. (DWBGZMFD01QNBJR) is created only for coexisting rule a journal report is generated
can: (Different AD Site)
1 Phone option in Outlook 2007 or Outlook Web Access. They with earlier versions of Exchange. Content Conversion (with the original message as an
· listen to their voice mail messages can either use the number already configured or enter a new Unified Messaging Server Middle-tier server that combines voice messaging, fax, Exchange Server Installation attachment) and is submitted to the
· · Routing Group Connector is required between Exchange
play e-mail messages 1 number. and e-mail messaging into a single messaging infrastructure. Exchange Server 2007 available in two platform Agent Processing journal SMTP address.
· access their calendar Server 2003 and Exchange Server 2007 (created during
2. Outlook uses https to communicate with the UM Web versions: Routed messages

SMTP SEND Connectors

· setup).
x64
take action on meeting requests · 64-bit version for live production
· get contact information
Services located on the Client Access server. The Client Hub Transport Server E-mail routing server that routes e-mail within the Exchange · Exchange Server 2003 computers cannot interoperate
Transport Rules agent
Access server talks via SIP to the UM server. environments. · Prevent inappropriate content from
Anti-spam Auto Attendant · locate and call a user in the directory organization. · 32-bit version only for non-production
with the Unified Messaging server role. Exchange 2003 Message Packaging
entering or leaving the organization.
3. UM server fetches the appropriate message from the mailbox mailboxes cannot be Unified Messaging–enabled.
server role. environments (such as labs, training, demo, Exchange E-mail · Message Classification (e.g. Filter
Fax External Phones Edge Transport Server E-mail routing server that typically sits at the perimeter of · Exchange 2003 Front-ends cannot talk to Exchange Delivery
and evaluation environments). TO other AD sites confidential information).
4. UM server puts the phone number the user entered through Server 2007 Mailbox Server Roles. Queues
the UM outbound dialing rules and sends the call. The the topology and routes e-mail in to and out of the Exchange organization. Remote Delivery – · Track or archive messages that are
Exchange Server 2007 can be installed on · No in-place upgrade on existing Exchange server. Install
Business Client Access Call Answering endpoint phone (internal or external) will then ring and play
All Exchange server roles can be deployed on the same server except the Edge server role. Windows Server 2003 SP2, Windows Server new Exchange Server 2007 server into existing Same Exchange
Local Delivery
sent to or received from specific
the voice message when the user picks up the phone. Organization individuals.
Application Server 1. Call initiated and call recipient does not answer. 2003 R2 SP2 or Windows Server 2008. organization, and move data to new server.
E-mail TO Internet (Same AD site)
(Different AD site) · Redirect inbound and outbound
2. Call redirected to UM server. UM Auto Attendant messages for inspection before
3. UM server contacts Active Directory (using dial plan + Series of voice prompts or .wav files that callers hear, instead of a delivery.
extension number) to get e-mail address information. human operator, when they call an organization. · Apply disclaimers to messages.
4. UM server contacts the user’s mailbox to play the individual’s If e-mail is sent from another Active Remote Delivery –
· Provides corporate or informational greetings
Disabled greeting and captures voice mail message. Directory site to the Internet, these e- Internet E-mail
Domain Controller · Provides custom corporate menus (can have multiple levels) mails are first relayed to the Active Journaling agent
User Account
Client Access Server Role
5. Completed voice mail message sent to Hub Transport server
· Provides directory search function that enables a caller to search Directory site where Edge Transport · Journaling agent applied again so
for delivery.
servers are subscribed. changes that are made by the
6. Voice mail message delivered to user’s mailbox. the organization's directory for a name Transport Rules agent do not bypass
For incoming fax messages the same process is used;
· Enables a caller to connect to the telephone of, or leave a message the Journaling agent.
however, T.38 is used instead of RTP for communication. for, users The Client Access server role supports the Microsoft Outlook Web Access, Microsoft Exchange ActiveSync client applications, and the POP3 and IMAP4
Edge Transport protocols. The Client Access server role also supports services, such as the Autodiscover service and other Exchange Web Services.
Exchange Search
Server You must deploy a Client Access server role in
Intranet each Active Directory site that contains the
Exchange Web Services (EWS) SharePoint and File Share WebReady Document Mailbox Server Access
Mailbox server role.
Mailbox Server Role
· Access Offline Address Book
High Availability
Integration Viewing converts Office
AD Domain Mailbox
OWA users can have read- and PDF file attachments · Access messages, free/busy CAS Proxy and Redirection
Autodiscover Controller Server
only access to documents to HTML for OWA clients. data, client profile settings
Fax File Shares service query
on WSS document libraries
The Mailbox server role hosts mailbox and public folder databases. It also provides advanced scheduling services for Microsoft Client Access server AD Site - US AD Site - Australia
or Windows file shares. Microsoft Exchange Server 2007 includes built-in features that can provide quick recovery, high availability,
Exchange Web Services
Office Outlook users, generates the offline address book, provides services that calculate e-mail address policies and address lists Autodiscover Service
and site resiliency for Exchange Server 2007 Mailbox servers.
Clients using EWS

for recipients, and enforces managed folders. Messaging Records Management Exchange Data Service · Provides data redundancy without
· Provides service redundancy service redundancy
For non-clustered Mailbox servers, the Messaging records management makes it easier to keep messages Availability Service
Resource Booking Attendant Mailbox server role can be deployed that are needed to comply with company policy, government regulations,
HTTPS
2
without data redundancy · Partition data for performance and
SMB · Only active/passive Mailbox recovery
IIS

Synchronization Service
Firewall Hub Transport Server Delegate with any combination of the Client or legal needs, and to remove content that has no legal or business value.
SOAP
Proxy configuration supported Public Network Server · Ensure sufficient disk space, CPU
Access, Hub Transport, and Unified
Disabled User 1 Select a managed default folder or create a managed custom folder. Notification Service and memory resources
Messaging server roles installed. TP Most OWA configuration settings
Private Network
Account 2 Delete after HT Mailbox Server Mailbox Server
Based on policy
180 days 2 Apply managed content Managed Folder Service File are stored in Active Directory. Proxy Active Node Passive Node
settings: Accept, Calendar Concierge is a suite of new Shares
Resource Booking
Decline, or Forward calendar improvements that includes:
Inbox
settings to folders. CAS in user’s mailbox AD site Storage
Copy, verify and
Storage
12 Attendant Controller Controller
Important Information request to Delegate · Scheduling Assistant (Outlook 2007 Journal for
Autodiscover Service OWA Single Sign-On for internal not available on Internet. OWA replay logs
Room Mailbox safekeeping Windows Failover cluster built
and OWA 2007) R&D · Allows clients to locate the server via AD or DNS clients using Windows integrated will proxy user requests to the
SharePoint using Microsoft Windows Active Passive
Outlook · Calendar Attendant · Used by Outlook 2007 to retrieve profile information
3 Create a managed folder Services authentication CAS in the mailbox AD Site. Cluster service and Shared Storage Array
Find room or · Resource Booking Attendant 4 Apply managed folder mailbox Exchange Web shared storage.
equipment 1 mailbox policy. policy to user’s mailboxes. Exchange Data Service Services DB Logs Logs DB
Equipment · Provides read/write access to mailbox and public Outlook Redirection DB Logs Quorum
Internet Calendar Attendant Add “180 day Inbox” 1 CAS in user’s mailbox AD site
Mailbox Server Mailbox
Without any client interaction, automatically:
Add “R&D” folder Add “180 day Inbox”
Add “R&D” folder
folder mail, contacts, tasks, and calendar data Web
OWA · Encapsulates calendaring and messaging business
Configure resources to auto-accept and set booking · puts new meetings on the calendar as logic Access Australian available on the Internet, but user Enable LCR (database copied)
Single Copy Cluster (SCC)
policies using OWA or Exchange Management Shell. tentative appointments
Schedule managed folder assistant. The managed folder
User accesses different OWA URL.
· updates existing meetings with new 5 Synchronization and Notification Services Shared storage cluster (no replication) Local Continuous Replication (LCR)
assistant creates managed folders and enforces content · Alerts on changes in mailbox folders and public OWA shows page telling user the
· Limits who can book resources information
settings. IMAP4 and POP3 Can use same URL and SSL server Replication to a local disk set
· Enforces maximum meeting duration · deletes out-of-date meeting requests folder data correct OWA URL for their home High Availability for
Offline Address Book Outlook · Schedules meetings only during working hours
· Provides mailbox and public folder synchronization services installed but certificate for Outlook Anywhere, site.
Only the Mailbox server role can be installed in a failover cluster

· Forwards out-of-policy requests to delegates for approval

· Messages in managed folders are periodically processed by
Exchange according to the mailbox policies.
services disabled by default SSL Outlook Web Access, and Mailbox Servers
· Provides conflict information for declined meetings · When a message reaches a retention limit, it is deleted, flagged Availability Service Exchange ActiveSync Cluster Continuous Replication (CCR) Standby Continuous Replication
for user attention, or the event is simply logged. · Retrieves live Free/Busy information for Exchange IMAP4 & POP3 Replication within a cluster Replication to a standby server
Server 2007 mailboxes Notification Subscription
· Journaling of messages occurs the next time the managed folder
Generate Offline Address Book assistant runs after the message is put in the folder. · Retrieves published Free/Busy from Public Folders
OWA Authentication Failover cluster built using Mailbox Server Mailbox Server
Microsoft Exchange generates the new OAB files, (for legacy mailboxes or legacy Outlook clients) Queues of “item Microsoft Windows Cluster Hub Transport Server
Outlook Web Access Public Folder Options
Site A (Active) Site B (Passive)
compresses the files, and then places the files on a local · Retrieves meeting time suggestions change events” service, using a Majority Node
share. Exchange Mailbox Assistants · Standard (Basic, Digest, Set (MNS) quorum with file Witness File Share
Exchange Search held on CAS
share witness (KB 921181).
Copy, verify and
Windows Integrated) replay logs Built-in delay for
Direct Push Synchronize e-mail, contacts, calendar, tasks
·
OAB Distribution

Generates full text index Public Network log replay activity

· Forms-based Mailbox Server

RPC over HTTPS

technology provides Mailbox Server
· Indexes new messages as they arrive Cellular · ISA Server forms-based Poll CAS change queue every 2 minutes Active Node Private Network
Passive Node
Active Passive
immediate message
Smartphone Telephone Web-based Offline Address Search · Indexes attachments Network Wireless
· Smart card and certificate (Every 6 minutes after inactivity)
delivery to mobile LAN DB Logs Logs DB
Client Access server replicates Book · Configured automatically · RSA SecurID Copy, verify and
files from the Mailbox server devices (no reliance on
Remote Device Wipe can be OWA Notifications replay logs
SMS for notification). Enable SCR (database copied)
initiated by administrator or · New e-mail and calendar items Active Passive
nt Sto Mailbox and Public Folder Databases Download Offline Public Folder · Unread counts in folder list Primary Datacenter Standby Datacenter
lie n ra user through OWA, if device (Source) (Target)
ge Address Book Logs
Exchange administrators can C lost or stolen. access available · Future calendar reminders DB Logs DB
Administration

Unified Messaging Voice Mail configure the method by which ok ctio Exchange storage group: Logical container for Exchange using BITS
No VPN OWA · Source server can be stand-alone,
· Designed for site resilience
Public folder the address books are u tlo ne databases and associated system and transaction log files. Local Device Wipe can be within OWA
LCR, CCR, or SCC.
· Keep a third copy of data at a remote
Server distributed. O on Recovery storage group (RSG): Special administrative initiated through policy if required! · Provides full redundancy · Target must be standalone or
location
C Enable CCR (database copied) · Single subnet not required
storage group that allows recovery of data from a backup Set ActiveSync mailbox policies maximum number of OWA Light Client of data and services passive.
· Can span multiple Active Directory sites
or copy of a database without disturbing user access to for user groups – password password attempts exceeded. · Faster for slow connections · No single point of failure
·
Outlook Client Connection current data. Supports 1:many and many:1 replication
· Outlook clients inside your firewall can access a Mailbox databases: Holds data that is private to an
settings, etc. If no policy assigned, · Works with non-IE browsers
Mailbox server directly to send and retrieve messages. individual user and contains mailbox folders that are default settings apply. · Good for blind and low-vision High Availability for Other Exchange Server Roles
Windows Exchange Administration Outlook Anywhere
SharePoint Services
· Outlook Anywhere enables Outlook 2007 and Outlook
2003 clients to connect to Exchange servers over the Administrator-only computer retrieves:
generated when a new mailbox is created for that user.
Stored as an Exchange database (.edb) file. Exchange ActiveSync
Outlook Web Access users · Client Access server - Deploy multiple identically configured · Unified Messaging server - Deploy multiple Unified
Microsoft Office Outlook 2007/2003 Outlook Web Access lets you access OWA Premium Client
Internet by using RPC over HTTP. This feature · Active Directory topology information from Public folder databases: Holds public folder information. servers; use network load balancing (hardware or software) to Messaging servers and configure two or more per dial plan.
Exchange ActiveSync lets you synchronize data between your mobile clients connect to Exchange servers
requires a least one Client Access server. the Microsoft Exchange Active Directory Only one public folder database per server. If all of your your Exchange 2007 mailbox from all · Full OWA functionality distribute client connections.
device and Exchange Server 2007. Many smartphones are supported
·
over the Internet by using RPC over major Web browsers. · Designed for IE6 and IE7 ·
To send free/busy information and client profile settings Topology service client computers are running Office Outlook 2007, public
between an Outlook client and a Mailbox server, you must · e-mail address policy information folders are optional in Exchange Server 2007. including all Windows Mobile devices. HTTP. Hub Transport server - Deploy multiple Hub Transport Edge Transport server - Multiple Edge Transport servers
have the Client Access server role installed. · address list information servers in each Active Directory site; resiliency is built-in. can be subscribed to the same Active Directory site.

Microsoft Exchange Server 2007 Component Architecture microsoft.com/exchange

© 2007 Microsoft Corporation. Active Directory, ActiveSync, Forefront, Internet Explorer, Microsoft, Outlook, SharePoint, Windows, Windows Mobile, Windows PowerShell, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All rights reserved. Other trademarks or trade names mentioned herein are the property of their respective owners.
Authors: Martin McClean & Astrid McClean (Microsoft Australia)