Feeds

My Exchange conversion

Exchange Server 2010 heals 2007 release trauma

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Sysadmin blog Recently I had the opportunity to walk through complete installs of Exchange Server 2003 and Exchange Server 2010. Although I have used Exchange Server 2007 for the past two years, as with Vista, I prefer to pretend it never happened.

Installing Exchange 2003 on my personal server was like spending time with an old friend: you can’t remember why you like each other, but you’ve spent so much time together that it doesn’t matter anymore. Exchange 2010 and I are newly acquainted, but there are some sleek features that make my life easier. I have a feeling we’re going to get along just fine. Unlike the previous iteration, which I am politely ignoring, Exchange 2010 is a polished product.

The meat of Exchange 2010 is in Unified Communications integration and web/mobile access. Exchange’s Unified Communications enhancements work with OCS and your IP-enabled PBX so your voice, text and mobile communications are in one hub.

The enhancements made to web and mobile email access are more mundane, but more broadly useful. To make full use of Exchange’s web and mobile features, Exchange 2010 requires you have several domain names, depending on which services you wish to make available. At minimum, if you want to use Outlook Web Access and Outlook Anywhere, you need a certificate such as exchange.company.com. This gets messier if you want to use autodiscovery, or if you use a separate domain name internally than externally - for example: company.local internally versus company.com externally.

Exchange 2010 is all about autodiscovery. Whether you are using Outlook Anywhere, OWA, Activesync, or any of the mobile and web-enabled bits of Exchange, the client elements are designed to seek out autodiscover.company.com, where they expect to find a web server hosting a file called autodiscover.xml. Generally, this webserver is an instance of IIS running on one of your corporate exchange servers; Exchange will automatically update the important files locally.

Autodiscover.xml contains all the key domain bits of configuration that your client software needs to find and talk to Exchange, preferably over nothing more than an SSL link. Exchange and its clients expect you to have SSL certificates for exchange.company.com and autodiscover.company.com. If your internal domain is different from the external, they will expect you to have a certificate for that too. The fun part: this must all be one certificate. Exchange asks for a proper Unified Communications – Single Alternate Name (UC/SAN) SSL certificate, capable of supporting multiple external domains (without using *.company.com) as well as containing your internal domain.

Do this and everything works quite well out of the box. You will have a painless experience installing and maintaining the connectivity elements. If you try to make Exchange’s mobile and web components work without a UC/SAN cert, be prepared to abandon autodiscover entirely. You will also be in for a session of PowerShell tinkering.

Thanks to the joys of having a very small budget, I tend to focus a lot on how to accomplish my goals with as little cash outlay as possible. Under no circumstances should you cheap out on the SSL certificate for Exchange. UC/SAN SLL certificates cost more than a bog-standard single-name SSL cert, but it is simply not worth the hassle of trying to get Exchange to work any other way.

Microsoft’s previous generation of software had extensive growing pains, but making the jump from Exchange 2003 to Exchange 2010, it’s remarkable how far we’ve come. Finally, Microsoft has reliable and easy-to-configure non-VPN remote access for Outlook. With autodiscover properly set up, all users need to know is their e-mail address. ®

Internet Security Threat Report 2014

More from The Register

next story
Docker's app containers are coming to Windows Server, says Microsoft
MS chases app deployment speeds already enjoyed by Linux devs
IBM storage revenues sink: 'We are disappointed,' says CEO
Time to put the storage biz up for sale?
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
'Urika': Cray unveils new 1,500-core big data crunching monster
6TB of DRAM, 38TB of SSD flash and 120TB of disk storage
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
SDI wars: WTF is software defined infrastructure?
This time we play for ALL the marbles
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.