Exam Reviews

The Design of a Messaging Freeway

Exam 70-225 tests your ability to think through the complex workings of an Exchange 2000 system in enterprises ranging from the small to the huge and multi-national.

• By Barry Shilmover
• 04/01/2001

I found the Exchange 5.5 exam to be one of the hardest ever released by Microsoft. With exam 70-225, Exchange once again becomes one of the toughest tests out there. It’s designed for administrators who have installed Exchange 2000 in large (5,000 or more clients) implementations, spanning multiple geographic locations. Passing it demonstrates that you know the inner workings of Exchange and have a full understanding of its design and implementation criteria.

This exam uses most of the new Microsoft testing technologies. The beta included several different case study testlets. We were presented with a plethora of data about the organization, including information such as the current infrastructure, current and future needs, available technical staff and a large number of exhibits to complicate matters. This test is loaded with the new “build-tree-and-reorder” and “select-and-place” style of questions. Download the case study-based test demo from www.microsoft.com/
trainingandservices (choose Testing Innovations from the left menu) and practice answering the sample questions.

In build-tree-and-reorder questions, you get a scenario at the top of the dialog box. Then you must select the items or actions from one window that applies to the scenario and move them to another window. In the second window, you must put the items or actions in the order indicated by the scenario. These questions are exceptionally difficult because they test not only if you know what must be done, but also the exact order in which actions should take place. In one type of question you might be presented with a typical scenario at the top of the dialog box. You’ll have to design the network by dragging different servers to their desired locations and configuring the physical connections between them (Figure 1). Don’t expect feedback to suggest whether you’re answering the question correctly.

Figure 1. A portion of a select-and-place exam demo from Microsoft’s Training and Services Web site.

Analyzing Business Requirements
The bulk of the objectives under this heading involve the analysis of your current and future network infrastructure. You need to remember that Exchange 5.5 defines the administrative and messaging boundaries somewhat differently from Exchange 2000.

In Exchange 5.5 the site is key to this definition of boundaries; a site defines the administrative boundaries. All administrators within the site technically have the same rights assigned to them. Similarly, the site defines what servers are to communicate information with each other. Both boundaries are one and the same. The criteria for choosing what servers belong in what site must therefore include the administrators who need access to the server as well as the speed of connections between the servers.

In Exchange 2000, however, these boundaries don’t need to match — in fact, they don’t even have to resemble each other. The rights granted to administrators in Exchange 2000 are much more flexible than those in Exchange 5.5. Instead of the term, “site,” Microsoft introduced the concepts of administrative groups and routing groups.

Administrative groups are the boundaries that define which administrators are allowed to administer the grouped servers, while the routing groups define which servers are to communicate with each other. The fact that the site connector (as it was known in Exchange 5.5) is now known as the routing group connector should give that away.

Tip: Spend time understanding the differences between administrative and routing groups.

Remember that Exchange 2000 is built on Internet technologies and protocols. This affects the way that Exchange 2000 communicates with other servers on the network. In a pure Exchange 5.5 implementation the servers within the site communicate using the Message Transfer Agent (MTA). When an Exchange 2000 server is introduced into the site, it also must communicate using the MTA (mostly because the Exchange 5.5 servers only understand communication from the MTA). However, in a pure Exchange 2000 implementation or when two Exchange 2000 servers communicate with each other, the Simple Mail Transfer Protocol (SMTP) is used.

Tip: Remember that the default and preferred protocol used by Exchange 2000 to communicate is SMTP.

This is key because SMTP is the main way that Exchange 2000 communicates with other remote servers, both Exchange and non-Exchange.

Analyzing Existing and Planned Resources
An Exchange 2000 server can take on one of three roles: as a mailbox server, a public folder server or a bridgehead server. Any combination of roles is also possible. This is no different from Exchange 5.5. A mailbox server simply maintains a private mailbox store (or multiple mailbox stores). The server receives all user e-mail and routes it to the appropriate store and mailbox. In a public folder server, the opposite is true. No private mailbox stores exist. Instead, one or more public mailbox stores exist. Finally, a bridgehead server acts as a router, routing information between different Exchange 2000 sites.

Tip: Understand the different roles that Exchange 2000 servers can take on. Did you know that Exchange 2000 server can use Exchange 2000 Conferencing Server as a dedicated chat or instant messaging server?.

The way that remote Exchange 2000 servers communicate has changed somewhat. SMTP is the dominant protocol used for sending information back and forth between servers, which all but eliminates the need for high-speed connections between them. This makes connections to remote locations a relatively straightforward task.

In Exchange 5.5 it was up to the directory service on each server within the site to replicate directory information (such as public folders, distribution groups and mailboxes). These tasks are no longer controlled by Exchange but by Active Directory (AD). Since AD will take care of these objects, Exchange 2000 no longer needs the bandwidth involved with the data replication. When Exchange 2000 requires any information from AD, it makes Lightweight Directory Access Protocol (LDAP) queries to the Global Catalog (GC) servers.

Tip: Exchange 2000 no longer controls its own directory. This allows for a single, hierarchical directory to be maintained for the entire organization.

Client access to the Exchange 2000 servers doesn’t change much. In fact, if you were to upgrade your messaging infrastructure to Exchange 2000 from 5.5 over the weekend, most users wouldn’t notice a change, since Exchange 2000 still supports all client protocols including MAPI, IMAP4, POP3 and HTTP. That’s on the surface.

Underneath the hood, however, we find some important changes. First, recall that Exchange 2000 no longer maintains any directory information, getting it from AD instead. This poses a problem with some clients. They expect this information from the server. To solve this problem, the server either does a proxy or a referral.

When an older Outlook client (Outlook 98 SR1 and earlier) makes a request for directory information from Exchange 2000, the server performs an LDAP query with the GC on behalf of the client and sends the results back. As far as the client is concerned, the Exchange server performed the query locally. In newer clients (Outlook 98 SR2 or higher), however, Exchange 2000 responds to the query with a referral to a GC. The client will then make its own LDAP query directly to the GC.

Designing a Messaging Solution
Herein lies the bulk of your mission for this topic. As its title states, this is a designing and deploying exam. I’ve already covered several of the objectives you need to understand, including administrative groups, routing groups, server roles and client access issues. Also important to know: how to secure Exchange 2000 installations, how Exchange 2000 co-exists with other messaging systems, and how to design inter-organizational connections and synchronizations.

Tip: Understand the differences between the front- and back-end servers and the ports that need to be opened on the firewall for the different communication protocols. Don’t forget that these ports differ when using SSL.

Exchange 2000 introduces the concept of front- and back-end server. Front-end servers are placed either on the outside of a firewall or in its trusted or DMZ area. Users on the Internet then go to this server to access e-mail and directory information. The front-end server then communicates—through specific ports open on the firewall—with the back-end server on the internal network. It’s the back-end servers that store all the mailbox and public folder information.

Front- and back-end servers, however, only protect your Exchange 2000 server from external attacks. A large number of attacks occur from within the organization. There are a couple of ways to protect your servers from internal attack. The first simply builds upon the front- and back-end servers. More and more organizations are installing firewalls between their servers and their client network. The Exchange 2000 front- and back-end server topology can accomplish this task.

The second method ensures that only people with the correct authentication can access resources. With the introduction of Windows 2000, Kerberos became the security protocol of choice. Exchange 2000 leverages this protocol to ensure that the clients authorized to access the resources are actually who they say they are.

Fault Tolerance and Data Recovery
Exchange 2000 allows an administrator to perform a wide range of fault tolerance and data recovery tasks. As with Exchange 5.5, Exchange 2000 uses a transactional database. All modifications to the databases are written to the transaction logs before being committed to the database. Therefore, I have a couple of recommendations.

First, use RAID 5 arrays for your system. Remember, we’re focused on large, enterprise-wide Exchange 2000 solutions. Assume that cost is no object. In this imaginary world, if you’re given the option of placing each set of log files and databases on their own RAID 5 arrays (or even duplexed RAID 5 arrays), then take it! While most of us will never see servers with six or seven duplexed RAID 5 arrays, the possibility is there.

Tip: Circular logging should be turned off for fault tolerance. Use as many RAID 5 arrays as possible. It’s especially important to separate the database and its transaction logs onto separate physical hard drives.

Second, ensure that circular logging on the servers is disabled. If the option is enabled, all transaction logs will be overwritten when they become full, effectively removing any fault tolerance from the system.

Backing up the system hasn’t changed much from Exchange 5.5, except that you now have the ability to back up different databases and storage groups at different times.

Tip: Learn the steps involved in creating storage groups and public and private stores and mounting and dismounting them.

You have the ability to dismount specific databases, taking those databases offline while keeping the rest of the installed databases online.

Deploying Your Messaging Solution
Exchange 2000 Enterprise Server leverages Win2K Advanced Server’s Active/ Active clustering capabilities. Before Win2K, most Windows-based clusters used the Active/Passive model. In this model, one of the servers runs the services, say, Exchange 2000, while the other is dormant, awaiting failure of the Active node. Should that node fail, the Passive node starts up its services and takes over the desired task (in our case, Exchange).

The Active/Passive model has some inherent problems. First, the Active node doesn’t always believe that it has failed. It’s not uncommon for the Active node to stop responding to Exchange client requests, but still not pass control to the Passive node. Also, the Passive node normally sits idle while the Active node processes all client requests.

Tip: Understand what an Active/Active cluster does and how it helps organizations build fault-tolerant Exchange 2000 messaging solutions.

In an Active/Active cluster, both nodes can actively process all client requests. Should one of the nodes stop responding to client requests, the second node can automatically mount the failed node’s databases and process the requests. Since the Exchange 2000 services are already running on both nodes, the time to bring the clients of the failed node back online is greatly reduced.

Experience Is the Key
Pass this exam and your peers will look up to you as someone who truly understands how Exchange 2000 operates and communicates. You’ll prove that you know how to design and implement messaging systems ranging from the small organization to the huge multi-national, enterprise networks.

And did I mention that it’s tough? Exchange 2000 is robust in the way that it uses administrative and routing groups. To get through the exam, you should be able to build a complex Exchange 2000 organization in a relatively small number of computers (say, 10 to 15). If you have access to such resources, install, back up, break, and restore the system until you truly understand how each component acts and reacts. Good luck!