In-Depth

Under the Hood of Exchange 2013: What's New

The upgrade to Redmond's flagship messaging platform includes a new Admin Center, compliance enhancements and architectural improvements.

Many IT pros have managed Microsoft Exchange Server since its inception. My own 15-year experience began with Exchange 5.5, launched in November 1997. One of the issues I addressed early on was using the Active Directory Connector (ADC) to connect Exchange 5.5 with Active Directory. I remember when Microsoft integrated native instant messaging into Exchange Server 2000, which it later pulled out in favor of its own server application that we now know as Lync.

I also recall the front-end, back-end deployment solutions with Exchange Server 2003. When Exchange Server 2007 arrived we saw five server roles and four high availability (HA) solutions using continuous replication. And with Exchange Server 2010 we saw those HA solutions merged down into one database availability group (DAG) solution. Because I've seen it all, I feel comfortable saying that, after spending several months evaluating the new Microsoft Exchange Server 2013, I'm blown away by the new features, which warrant the attention of anyone with an older release of the company's flagship e-mail platform. It all starts with new administration capabilities.

A New Admin Center
Exchange 2007 introduced the Exchange Management Console (EMC), a GUI that uses the Microsoft Management Console (MMC) format with Windows PowerShell commands driving all administrative actions. It also brought forth the Exchange Management Shell (EMS), offering an all- Windows PowerShell-driven command-line method of administration for Exchange. With Exchange Server 2010 we saw the return of the EMC and EMS, but Microsoft also added a Web-based version of GUI administration called the Exchange Control Panel (ECP). It was lame to start with, but Microsoft improved it with the first service pack and it was clear this would be the future of Exchange administration. So you can imagine my surprise when Microsoft removed the EMC in Exchange Server 2013, leaving only the Exchange Admin Center (EAC) in its place. (Note: Microsoft still provides the EMS as well.)

I also wasn't prepared for such a radical change in terms of layout for administration, with Features highlighted on the left column, tabs up at the top, and a Details pane to the right where the Actions pane is in an MMC console (see Figure 1). This is a dramatic move and takes some getting used to, especially because Microsoft decided to redesign everything in its new Windows UI experience, which many still call "Metro."


[Click on image for larger view.]
Figure 1. The new Exchange Admin Center.

I have to admit I truly hated the new EAC upon first glance at the MVP Summit in Redmond in early 2012. I said as much to the team. But it really grew on me. I like that I can use the browser settings to adjust the font and choose a more appealing one. I wish I could alter the color scheme because I find it -- like the Office 2013 Metro versions -- too bright and lacking in color. I do find breaking things into features is much better than the way it was in the EMC with things broken down by Organization, Servers and Recipients.

One of the best things about the new EAC is that it's Web-based and fully functional (unlike the ECP in Exchange Server 2010), so you can use URLs to access it both internally and externally -- as long as you have DNS configured and make sure the firewalls aren't blocking access. This is much better than having to install the MMC-based EMC on a system to manage your Exchange organization.

New (or Legacy) Server Role Architecture
I call the new Server Role Architecture "legacy" because it's extremely 2003-esque. Gone are the five server roles, replaced with the Client Access role and the Mailbox role. The Client Access role is made up of the Client Access server (CAS) role and some of the transport capabilities of the Hub Transport role. The Mailbox role consists of the Mailbox role, the Unified Messaging role and pieces of the Hub Transport role. The Edge Transport role is still available through Exchange Server 2010, but you'll have to wait and see if there will be an update at some point in the future. As of now, there's no Edge Transport server role in Exchange Server 2013.

Some have wondered why there was a change back to a front-end Client Access, back-end Mailbox solution. It actually goes back to the reason for the division of server roles in the first place. There were constraints -- notably CPU performance -- with the technology back in 2007 when the server role model was provided. As CPU horsepower increased and became less expensive, it became more reasonable to combine roles. In fact, for quite some time the direction from the Exchange team has been to perform typical deployments of Exchange Server 2010, which is where the three main roles (CAS, Mailbox and Hub Transport) are deployed together.

In addition to a reduction in roles down to two internal roles, there's a change in the role of Microsoft's RPC-based Messaging API (MAPI). Historically Outlook used two transport options for RPC traffic: HTTP or TCP. With Exchange 2013, all Outlook clients now connect using just RPC over HTTP, otherwise known as Outlook Anywhere. This adjustment might seem to make the client connection more convoluted, but it actually has several benefits. There's no longer a need for the RPC Client Access service on the CAS. As a result, there's a reduction in namespaces needed -- hence, you no longer need two for the RPC Client Access service for a site-resilient design. In fact, the overall minimal namespaces required drops from eight down to two, thanks to the many changes made.

A New Managed Store
What you may know as the Information Store process in legacy Exchange is now called the Managed Store, and is completely rewritten in C#. When you look at your processes you'll note that there are two: the Microsoft.Exchange.Store.Service and the Microsoft.Exchange.Store.Worker process. What's interesting about this change is -- along with several improvements that aid in improving resiliency and provide improved diagnostics to allow improvements going forward for the future iterations of the store -- the new Managed Store mounts each database with its own worker process. Each mount request spins up a new worker process, so a failure on the part of one process won't impact the other process or database, should it hang.

You can see a server that has multiple databases mounted and, therefore, multiple worker processes, although only one Store.Service process (Figure 2). Another important adjustment with the Managed Store is the inclusion of the FAST search engine, offered as an option in SharePoint 2010 and included with the new SharePoint 2013. The addition of FAST really enhances search and indexing.


[Click on image for larger view.]
Figure 2. The new Managed Store processes.

Compliance Enhancements
Exchange Server 2013 enhances all the existing features of 2010 by providing much better mailbox search through the In-Place eDiscovery and Hold feature, improved auditing, enhanced use of retention policies, in-place archiving, journal rules and more, all shown under the Compliance Management features in the EAC (Figure 3).


[Click on image for larger view.]
Figure 3. The Compliance Management feature set of tabs.

Through the new In-Place eDiscovery and Hold feature you can configure a mailbox search through all mailboxes or selected ones. You can focus on keywords, a date range, To and From, and message types through the search query. At the same time you can use the In-Place Hold feature to place content matching the search query in selected mailboxes on hold either indefinitely or for a specified number of days relative to their received date. This new In-Place Hold is recommended over Litigation Hold (aka Legal Hold) because it provides a more granular hold capability. With Legal Hold you place all items on hold indefinitely or until the hold is removed. With In-Place Hold you have the search query and can place multiple holds for a defined period, so there's a greater level of flexibility. Hence, Legal Hold has been -- as they say in Microsoft-speak -- deprecated. That means it's still available but the company recommends you move forward and use In-Place Hold.

Another new compliance feature is called Data Loss Prevention (DLP). DLP policies are based on the same principles as transport rules in that you have conditions, actions and exceptions. Using predefined templates you can quickly and easily enforce some key regulatory and business policy needs. You can also build your own rules or modify the templates.

Note that you can select a DLP policy and quickly enforce it to protect your organization from having people e-mail important information such as their Social Security numbers or credit-card numbers (see Figure 4). You can warn them of the danger or you can prevent them from sending it, depending on how strictly you wish to enforce the DLP policy.


[Click on image for larger view.]
Figure 4. The DLP policy template.

For a list of DLP policy templates supplied in Exchange Server 2013 click here.

Collaboration Mailboxes
Microsoft has also made major and minor enhancements to collaboration mailboxes. These include shared mailboxes, site mailboxes and Public Folders, which are now nested inside Public Folder mailboxes.

Shared mailboxes are not new to Exchange, and their purpose in allowing multiple users to read and respond to e-mails through delegated access hasn't changed. Exchange Server 2013 lets you easily create shared mailboxes right from within the EAC through the Recipients feature. The value is still the same in that you can have generic, common mailboxes that can be responded to by multiple individuals (which is great for departments or common e-mail types such as [email protected] or [email protected]).

Site Mailboxes are new to Exchange Server 2013 and require a SharePoint 2013 server to create the mailbox properly. Essentially these mailboxes allow greater collaboration by keeping the e-mail portion of correspondence within Exchange storage and the document portion within SharePoint. This way, you can use Outlook (though only Outlook 2013) to view data stored in SharePoint, which allows for all the coauthoring and versioning features over those documents. There are some immediate drawbacks here in that you need SharePoint 2013 and Outlook 2013 to make use of these supposed Public Folder eradicators. However, if you already plan on having the latest 2013 solutions, you might find these to be a much better solution to the current division we seem to have regarding collaboration data between Exchange and SharePoint communication.

Microsoft has renamed Public Folders as Modern Public Folders (like DC Comics with the new 52 -- and, yes, you're a geek if you know exactly what I'm talking about), and they have become quite easy to use through the EAC. In times past you created a separate Public Folders database and established your Public Folders hierarchy. Then you set up additional Public Folders databases around your Exchange organization and established replicas of key folders that you wanted to place closer to people depending on their content and location.

With Modern Public Folders you no longer create a Public Folder database. You create a Public Folder mailbox and this mailbox goes into a mailbox database. You can then create Public Folders that reside within that mailbox. You can create more than one mailbox, although the first one retains the primary position in the hierarchy (see Figure 5). On the upside, you can take advantage of the built-in HA features through DAGs to ensure passive copies of your Public Folders structure. Unfortunately, you can't place replicas of the mailbox closer to people who are accessing that data. But unlike site mailboxes, you don't need SharePoint 2013, nor do you have to use Outlook 2013 to utilize these Modern Public Folders (see Figure 6).


[Click on image for larger view.]
Figure 5. Modern Public Folder mailboxes.



[Click on image for larger view.]
Figure 6. Public Folders.

Anti-Malware
Exchange Server 2010 has built-in anti-spam features that remain available in Exchange Server 2013. If you aren't using an Edge Transport server, you might want to enable these features using the Install-AntiSpamAgents.ps1 script to get them added to your Mailbox server. Once enabled, you can configure the Content Filter agent, the Sender ID agent, the Sender Filter agent, the Recipient Filter agent and the Protocol Analysis agent for sender reputation. One thing to note is that the anti-spam settings are no longer configurable through the UI, and require you to use the EMS to configure these agents once installed. Now, however, Exchange has built-in malware protection. There's a Protection feature in the EAC that leads to malware policies you can configure with configuration settings (see Figure 7).


[Click on image for larger view.]
Figure 7. Malware Detection Response settings.

Overall Assessment
We're not talking about a newcomer here. Exchange remains the primary solution for in-house, on-premises enterprise messaging. And Office 365 is gaining ground as a leading solution for hosted enterprise messaging as well. The question folks ask me with regard to Exchange Server 2013 always comes down to this: Should I move my organization toward it?

Here's the honest truth. If you're working with Exchange Server 2003 or earlier, migration to 2013 will be a bit of a pain. You'll need a third-party solution to help you do it as a single hop, or you'll need to make a hop to Exchange Server 2010 and then to 2013. It's easy to make the case for a move from Exchange Server 2003, because mainstream support is already over and extended support will end on April 8, 2014. So you have to move forward. The question is whether you move to 2010 and then to 2013, or straight to 2013 with a third-party tool.

There's support for a transition from Exchange Server 2007 and 2010, but 2007 requires a roll-up to make this happen and 2010 requires Service Pack 3. As of this writing, neither one of those things has been released yet. In the end, only you can determine if these new features are worth making the move. Every organization is different and the needs of each vary.

My own preference is for the latest and greatest technology. And I can honestly say Exchange Server 2013 has enough new features to warrant serious consideration.

Editor's note: This article was updated with the following corrections: Exchange 5.5. shipped November 1997, not February 1998. Also Microsoft did not remove MAPI from Exchange 2013, just the TCP support in the RPC transport that MAPI uses.  


Featured

comments powered by Disqus

Subscribe on YouTube