/
Deploy Microsoft Exchange Server 2016 Deploy Microsoft Exchange Server 2016

Deploy Microsoft Exchange Server 2016 - PowerPoint Presentation

lily
lily . @lily
Follow
344 views
Uploaded On 2022-06-21

Deploy Microsoft Exchange Server 2016 - PPT Presentation

Brian Day Senior Program Manager Exchange Customer Experience Team Jeff Guillet Exchange MVP amp Principal Systems Architect at Strategic Products and Services BRK3220 Go to the Exchange booth and ask for a TAP PM ID: 921381

2016 exchange fabrikam 2013 exchange 2016 2013 fabrikam server 2010 corp oos mail mailbox http site client emea proxy

Share:

Link:

Embed:

Download Presentation from below link

Download Presentation The PPT/PDF document "Deploy Microsoft Exchange Server 2016" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Slide1

Deploy Microsoft Exchange Server 2016

Brian DaySenior Program Manager, Exchange Customer Experience TeamJeff GuilletExchange MVP & Principal Systems Architect at Strategic Products and Services

BRK3220

Slide2

Go to the Exchange booth and ask for a TAP PM

Tell us about your Office 365 environment/or on-premises plans

Get selected to be in a program

Try new features first and give us feedback!

Start now by emailing davidesp@Microsoft.com or by visiting this blog post: Exchange On-Premises TAP Program accepting nominations

Pre-Release Programs TeamBe first in line!

Slide3

Preparing for Exchange 2016

Slide4

Environmental and Client requirements

Exchange 2016 supports coexistence withExchange 2010 SP3 RU11 and laterExchange 2013 CU10 and laterExchange 2016 requires

Windows Server 2008 R2 Forest Functional Level

Windows Server 2008 and later Active Directory Global Catalog servers in all Exchange sites

Outlook client minimum requirementsOutlook 2010 SP2 (with KB2956191 and KB2965295) or laterOutlook 2013 SP1 (with KB3020812) or laterOutlook 2016Outlook for Mac 2011 or laterNo longer supportedOutlook 2007, Outlook for Mac 2008 EWS EditionMAPI/CDO Package

Slide5

Server requirements

Exchange 2016 is supported on full GUI installs ofWindows Server 2012Windows Server 2012 R2Windows Server 2016 (RTM only, no pre-release builds. Requires CU3 or later.)Exchange 2016 requires

.NET Framework 4.5.2 or 4.6.x (More on that later!)

Windows Management Framework 4.0

Unified Communications Managed API (UCMA) 4.0

Slide6

Server requirements

Optional RequirementsOffice Online Server (Bits available only via Volume License Service Center) Provides OWA the ability to preview attachments No long using 3

rd

party licensed software to

do previewingSharePoint 2016 Provides the ability to use “cloudy attachments” Send a link to a OD4B doc instead of a full file attachment.

Slide7

.NET 4.6.1 and 4.6.2

.NET 4.6.1 supported if the following hotfixes are installedWindows Server 2008 / 2008 R2 (For Exchange 2013 CU13 or later) https://support.microsoft.com/kb/3146716

Windows Server 2012

https://support.microsoft.com/kb/3146714

Windows Server 2012 R2https://support.microsoft.com/kb/3146715.NET 4.6.2 to become supported with 2013 CU15 and 2016 CU4. No additional hotfixes required with 4.6.2.NET 4.6.2 to become mandatory with 2013 CU16 and 2016 CU5. Setup will block installation if 4.6.2 is not detected

Slide8

Windows Management Framework

What should we expect to see?Did the OS ship with it? It is supported.e.g. Windows Server 2016 ships with WMF5, therefore Exchange 2016 CU3 or later can use WMF5 if installed on Windows Server 2016, but not if installed on Windows Server 2012 R2 as that OS did not ship with WMF5.

Do you have to install it to use it? Then it is not supported.

Slide9

Servicing Model

Slide10

Exchange 2016 Servicing Model

Exchange 2016 continues the Cumulative Update model as well as standalone critical updates for CUn and CUn-1 versions when applicable.

CUs are shipped quarterly and critical updates (e.g. security updates) will be released as needed on “patch Tuesday.”

Service packs will not be shipped for Exchange 2016.

Only versions CUn and CUn-1 will be serviced for product fixes.Customers with hybrid relationships to O365 are required to be on one of the two most recent updates for their major Exchange version, be it 2010, 2013, or 2016 as of today.Application bits are now distributed in ISO format. Yes, you can mount/extract to a network share and then install.

Slide11

Virtualization

Slide12

Exchange 2016 Virtualization

A valid deployment model for some scenarios.Stay true to the virtualization requirements.Design as physical, deploy to virtual.

Slide13

Coexistence

Slide14

Short version…

Same story as Exchange 2010 + Exchange 2013No legacy name spaces requiredExchange 2016 can proxy down to 2010Exchange 2010 cannot up-level proxy to 2016Deploy enough 2016 to cover all of 2010’s client load.

Exchange 2010 + Exchange 2016

Slide15

Short version…

No legacy namespaces requiredExchange 2016 can proxy down-version to 2013Exchange 2013 can proxy up-version to 2016

Exchange 2013 + Exchange 2016

Slide16

Option 2, let Exchange 2016 down-version proxy.

Condensed stepsPrep your environment (server versions, DFL/FFL, schema, AD, domains, etc…)Install 2016Configure Exchange 2016 server URLs as you would have Exchange 2013

Import the certificate(s) to 2016 server(s)

Swing the load balanced namespaces over from 2013 to 2016

Setup your DAG(s)Start moving mailboxesRepeat for all Internet facing sites and then repeat for non-Internet facingMove incoming mail flow to deliver to 2016 first once it makes sense (>50% moved)Coexisting with Exchange 2013 + 2016

Slide17

Option 1, let Exchange 2013 up-version proxy.

Condensed stepsPrep your environment (server versions, DFL/FFL, schema, AD, domains, etc…)Install 2016 (I like to use a deployment AD site.)Configure Exchange 2016 server URLs as you would have Exchange 2013

Import the certificate(s) to 2016 server(s)

Setup your DAG(s)

Start moving mailboxesRepeat for all Internet facing sites and then repeat for non-Internet facingMove incoming mail flow to deliver to 2016 first once it makes sense (>50% moved) Swing the load balanced namespaces over from 2013 to 2016Recommended: Gradually introduce 2016 servers into the existing LB pool.Supported: Cutover to all 2016 servers at onceCoexisting with Exchange 2013 + 2016

Slide18

Client Connectivity Flow for 2013 + 2016

Protocol/App

Exchange

2013 user accessing an Exchange 2016 namespace

Exchange 2016 user accessing an Exchange 2013 namespaceRequires

No additional namespace

No additional

namespaces

OWA/ECP

Mailbox mounted in the same AD Site: Exchange 2016

proxies to Exchange 2013 Mailbox Role server in the local AD site with the active DB copy

Mailbox mounted in an Internal only AD site: Exchange 2016 proxies to the Exchange 2013 Mailbox Role server in the remote AD site with the active DB copy

Mailbox mounted in an External facing AD site: Exchange 2016 proxies to the Exchange 2013 Mailbox Role server with

the

active DB copy, or issues a silent/SSO

cross-site r

edirect to

the site’s

ExternalURL

, your choice.

*

*

= The

ExternalURL

in the remote AD site could resolve to Exchange 2016 or 2013 as both are capable of getting the traffic to Exchange 2013 mailboxes in that site.

Mailbox mounted in the same AD Site: Exchange 2013

proxies to Exchange 2016 Mailbox server in the local AD site with the active DB copy

Mailbox mounted in an Internal only AD site: Exchange 2013 proxies to the Exchange 2016 Mailbox server in the remote AD site with the active DB copy

Mailbox mounted in an External facing AD site: Exchange 2013 proxies to the Exchange 2016 Mailbox server with

the

active DB copy, or issues a silent/SSO

cross-site r

edirect to

the site’s ExternalURL, your choice. ** = The ExternalURL in the remote AD site could resolve to Exchange 2016 or 2013 as both are capable of getting the traffic to Exchange 2016 mailboxes in that site.EASOutlook AnywhereEWSPOP/IMAPRemote PowerShellMAPI/HTTPExchange 2016 proxies to Exchange 2013 Mailbox Role server with the Active DB copyExchange 2013 proxies to Exchange 2016 Mailbox server with the Active DB copyAutodiscoverExchange 2016 proxies the request to the Exchange 2013 Mailbox role server with the active DB copyExchange 2013 CAS proxies the request to the Exchange 2016 Mailbox server with the active DB copyOABExchange 2016 proxies the request to an OAB generation mailbox with the OAB or a shadow copy of the OABExchange 2013 proxies the request to an OAB generation mailbox with the OAB or a shadow copy of the OAB

18

Slide19

Exchange 2016/2013/2010 Coexistence

Layer 4 or 7 LB

2013 CAS

IIS

HTTP Proxy

2013 MBX

Protocol Head

DB

2016 Client Access

Services

IIS

2016 Store

Protocol Head

DB

Site Boundary

2010 CAS

Protocol Head

2010 MBX

Store

DB

Layer 7 LB

europe.mail.contoso.com

mail.contoso.com

19

RPC

HTTP Proxy

Always hit the server with the active DB copy for that user.

OWA/ECP redirects where appropriate.

Slide20

Client Access

Services

IIS

2016 Store

Protocol Head

DB

Exchange 2016/2013/2010 Coexistence

Layer 4 or 7 LB

2013 CAS

IIS

HTTP Proxy

2013 MBX

Protocol Head

DB

Site Boundary

2010 CAS

Protocol Head

2010 MBX

Store

DB

Layer 7 LB

europe.mail.contoso.com

mail.contoso.com

20

RPC

HTTP Proxy

2016 MBX Server

OWA/ECP redirects where appropriate.

Slide21

Client Access

Services

IIS

2016 Store

Protocol Head

DB

Exchange 2016/2013/2010 Coexistence

Layer 4 or 7 LB

2013 MBX

Protocol Head

DB

Site Boundary

2010 CAS

Protocol Head

2010 MBX

Store

DB

Layer 7 LB

europe.mail.contoso.com

mail.contoso.com

21

RPC

HTTP Proxy

2016 MBX Server

OWA/ECP redirects where appropriate.

Slide22

CAS replacement process w/up-version proxy

2016

MBX

2013 MBX

E13 CAS

2013 CAS

2013 CAS

2013 MBX

2013 MBX

2013 MBX

LB is sending traffic to 2013 CAS services

Exchange 2016 is introduced

Exchange 2016 CAS services added to LB pool

Exchange 2013 CAS services removed from LB pool

More Exchange 2016 introduced and added into LB pool

More 2013 CAS services removed from LB pool

More Exchange 2016 introduced and added to LB pool

Final 2013 CAS services removed from LB pool

2016

MBX

2016

MBX

2016

MBX

LB to Client Access Services

Client Access Services to Mailbox

2013 Client Access to 2016 Mailbox

Not Shown: Intra-2016 Server Traffic

Slide23

Hybrid Connectivity

Slide24

Upgrading Exchange servers only for Hybrid?

Short answer:

Long answer:

It depends…

Upgrade to 2016

Only if using a shared SMTP namespace

Slide25

Should I install 2013/2016 for hybrid?

Exchange 2010

MRS

Slide26

Should I install 2013/2106 for hybrid?

MRS

Exchange 2013

Exchange 2010

Slide27

Does the guidance change for 2016?

Exchange 2013

MRS

2016

Add Servers when ready

Slide28

Namespace Planning and Load Balancer Recommendations

Slide29

Unbound namespace

It does not matter what datacenter the client accesses to reach their mailbox.Exchange is allowed to route the client traffic to the appropriate datacenter.Proxying a heavy amount of client traffic between datacenters is expected/normal/ok.

Bound namespace

We force clients to connect to specific datacenters depending on where the mailbox is mounted.

Exchange is relieved of routing most client traffic between datacenters.It is not expected to proxy a heavy amount of client traffic between datacenters.What Namespace Models Do We Have

Slide30

This may affect your planned names. Know this ahead of time!

Layer-7 with SSL Bridging or (less likely) SSL pass-through or (even less likely) SSL offloadingAll protocols/apps will likely share a name

Layer-4 with SSL pass-through

If you want service health awareness of each protocol/app then you will need additional names

e.g. owa.mail.contoso.com, ews.mail.contoso.com, ecp.mail.contoso.com, etc…If you can live without service health awareness you can share a name across protocols/apps, but you reduce the LB’s ability to react to single services being offline and will impact users.How Will You Be Load Balancing?

Slide31

Unbound namespace

Layer-7 with SSL BridgingConfigured to watch the vDir /healthcheck.htm resultsNo Affinity for Exchange services

One Caveat: Use session affinity with the ‘

ExchangeCookie

’ when performing hybrid mailbox moves.Affinity required for Office Online Server namespace connectionsTCP timeout Longer than the OS under Exchangee.g. if Exchange’s OS TCP timeout is 15 minutes, the LB cannot use 10 minutes.Round Robin Load DistributionLeast Connections can be used, but is a far 2nd place and should only be used if your device supports a slow ramp feature

Current Load Balancing Recommendation

Slide32

Exchange 2010 + 2016 Unbound Model

outlookrpc.us.corp.fabrikam.com

*

outlookrpc.emea.corp.fabrikam.com

*

Exchange 2010

Multi-Role Server

Exchange 2010

Multi-Role Server

Exchange 2016

Exchange 2016

autodiscover.fabrikam.com

mail.fabrikam.com

mail.corp.fabrikam.com

*

mail.fabrikam.com

mail.corp.fabrikam.com

*

* = Internal DNS Only

oos.us.fabrikam.com

oos.us.corp.fabrikam.com

*

Office Online Server

oos.emea.fabrikam.com

oos.emea.corp.fabrikam.com

*

Office Online Server

Slide33

Exchange 2010 + 2016 Unbound Model

Internal Only DNS Recordsmail.corp.fabrikam.comoutlookrpc.us.corp.fabrikam.com (Not on the certificate)outlookrpc.emea.corp.fabirkam.com (Not on the certificate)oos.us.corp.fabrikam.com

oos.emea.corp.fabrikam.com

Internal+External

DNS Recordsautodiscover.fabrikam.commail.fabrikam.comoos.us.fabrikam.comoos.emea.fabirkam.com

9 Names7 Names on the certificate

Slide34

Exchange 2013 + 2016 Unbound Model

Exchange 2013

Multi-Role Server

Exchange 2013

Multi-Role Server

Exchange 2016

Exchange 2016

autodiscover.fabrikam.com

mail.fabrikam.com

mail.corp.fabrikam.com

*

mail.fabrikam.com

mail.corp.fabrikam.com

*

* = Internal DNS Only

When Using Up-Version Proxy

When Using Down-Version Proxy

oos.us.fabrikam.com

oos.us.corp.fabrikam.com

*

Office Online Server

oos.emea.fabrikam.com

oos.emea.corp.fabrikam.com

*

Office Online Server

Slide35

Exchange 2013 + 2016 Unbound Model

Internal Only DNS Recordsmail.corp.fabrikam.comoos.us.corp.fabrikam.comoos.emea.corp.fabrikam.comInternal+External

DNS Records

autodiscover.fabrikam.com

mail.fabrikam.comoos.us.fabrikam.comoos.emea.fabrkam.com7 Names

7 Names on the certificate

Slide36

Exchange 2010 + 2013 + 2016 Unbound

mail.fabrikam.com

autodiscover.fabrikam.com

mail.corp.fabrikam.com

*

mail.fabrikam.com

mail.corp.fabrikam.com

*

Exchange 2013

Multi-Role Server

Exchange 2013

Multi-Role Server

Exchange 2016

Exchange 2016

* = Internal DNS Only

oos.us.fabrikam.com

oos.us.corp.fabrikam.com

*

Office Online Server

oos.emea.fabrikam.com

oos.emea.corp.fabrikam.com

*

Office Online Server

When Using Up-Version Proxy

When Using Down-Version Proxy

Exchange 2010

Multi-Role Server

Exchange 2010

Multi-Role Server

outlookrpc.emea.corp.fabrikam.com

*

outlookrpc.us.corp.fabrikam.com

*

Slide37

Exchange 2010 + 2013 + 2016 Unbound

Internal Only DNS Recordsmail.corp.fabrikam.comoos.us.corp.fabrikam.comoos.emea.fabrikam.comoutlookrpc.corp.fabrikam.com (Not on the certificate)outlookrpc.us.fabrikam.com (Not on the certificate)

outlookrpc.emea.fabrikam.com

Internal+External

DNS Recordsautodiscover.fabrikam.commail.fabrikam.comoos.us.fabrikam.comoos.emea.fabrikam.com

9 Names7 Names on the certificate

Slide38

OOS Namespace Logic in 2016 CU1 and later

Previously in 2016 RTM, we always used OOS’ external URL for attachment viewing. However, in CU1 and later…OWA Virtual Directory ParametersIsPublic

:

$True/$False

WacViewingOnPublicComputersEnabled: $True/FalseBoth $True = Use External OOS URL and/or External SharePoint URL instead of internal URLs.IsPublic $True + WacViewingOnPublicComputersEnabled $False = Don’t allow OOS viewing if the client came in through this vDir.

Slide39

MAPI/HTTP

Slide40

The answer should always be yes!

MAPI/HTTP will be enabled by default when…Exchange 2016 is the first Exchange server in a greenfield Exchange orgThe first Exchange 2016 server is installed in an Exchange 2010-only orgThe first Exchange 2016 server is installed in an Exchange 2013 org if MAPI/HTTP is

already

enabled

MAPI/HTTP will not be enabled by default when…The first Exchange 2016 server is installed in an Exchange 2013 org when MAPI/HTTP is not already enabledMAPI/HTTP … to enable or not to enable.

Slide41

You want options? The MoMT team gave you options!

So MAPI/HTTP, how can I ease into it?

Slide42

Scenario…

An Exchange 2013 org with MAPI/HTTP disabled is migrating to Exchange 2016.Goal… only enable MAPI/HTTP for users as they are migrated to 2016

Leave the organization level

MapiHttpEnabled

as $FalsePrior to moving mailboxes use Set-CasMailbox from the 2016 EMS to set MapiHttpEnabled to $True on the 2013 mailboxes.Move the mailboxes to 2016Once all mailboxes are on 2016, set MapiHttpEnabled to $True at the organization levelUse Set-CasMailbox on all 2016 mailboxes to set MapiHttpEnabled to $Null so the organization level value is inherited once again.

So MAPI/HTTP, how can I ease into it?

Slide43

Public Folders

Slide44

2016 CU2 or later support 1,000 PF mailboxes*

*= 99 allowed for hierarchyEXO also now supports 1,000 PF mailboxes.2016 CU2 and after use a push replication model for more predictable and hierarchy change sync.

Public Folders Changes

Slide45

Outlook for Mac now supports legacy public folders with KB3142577 installed and 2016 CU2 or 2013 CU13.

More details at: https://blogs.technet.microsoft.com/exchange/2016/07/25/outlook-for-mac-and-public-folder-access/

Public Folders Changes

Slide46

Outlook 2016 no longer respects

ecWrongServer.2013/2016 users must use a DefaultPublicFolderMailbox that resides in a 2007/2010 database with the same PublicFolderDatabase value configured.

Legacy Public Folders and Outlook 2016

Slide47

Outlook On The Web & Office Online Server

Slide48

Office Online Server and

OOtW

Exchange 2016

Exchange 2016

autodiscover.fabrikam.com

mail.fabrikam.com

mail.fabrikam.com

* = Internal DNS Only

oos.emea.fabrikam.com

oos.emea.corp.fabrikam.com

*

Office Online Server

oos.us.fabrikam.com

oos.us.corp.fabrikam.com

*

Office Online Server

Slide49

Before Attachment Viewing is Configured

No Native App Installed

Native App Installed

That’s all folks!

Slide50

Configure the WAC discovery endpoint per mailbox server

Restart MSExchangeOWAAppPool

If you are missing

WACDiscoveryEndpoint

on Set-MailboxServer, run Setup /PrepareAd to update RBAC.Configuring Attachment Viewing

[PS]

C:\>Set-MailboxServer E16LAB-E2K16-101 –

WACDiscoveryEndpoint

https://oos.us.corp.e16lab.com/hosting/discovery

[PS]

C:\>Get-MailboxServer E16LAB-E2K16-101 | FL

WACDisc

*

WACDiscoveryEndpoint

: https://oos.us.corp.e16lab.com/hosting/discovery

[PS]

C:\>Get-MailboxServer E16LAB-2K16-101 | FL

WACDiscovery

*

WACDiscoveryEndpoint

:

Slide51

After Attachment Viewing is Configured

Look, Mom, two options now!

The new side-by-side (

SxS

) view

Slide52

OOtW

/ OOS logical flow…

Exchange 2016

Office Online Server

Exchange uses discovery URL to ask OOS which file types it can view and edit.

OOS returns table of supported file types

User opens mail with a supported file type. OWA requests doc URLs for the supported file types.

Exchange builds URL with

Auth

token, app URL, and Attachment ID and returns it to OWA.

User clicks attachment within OWA and spawns an

iFrame

OOS retrieves document content from Exchange

OOS renders content to client in web client (e.g. Word Web App)

3

1

2

4

5

6

7

OWA Client

Slide53

What is

WACDiscovery?

It tells you “stuff.”

Lots and lots of stuff.

Think of it like Office Web App Server’s version of Autodiscover.

Slide54

For On-Premises Cloudy Attachments you’ll need…

OOS setup and working with Exchange

SharePoint 2016 configured for

MySites

SharePoint WOPI Binding established with OOS via

New-SPWOPIBinding

OAuth configured on SP to trust EX (Script available soon)

OAuth configured on EX to trust SP (Script shipped with Exchange)

Configure OWA Mailbox Policy

InternalSPMySiteHostURL

and

ExternalSPMySiteHostURL

values and policy assigned to users.

Or the OWA

vDirs

themselves if you need server-level granularity.

Slide55

A few random nuggets.

Slide56

Exchange 2010 + Exchange 2016

Follow the current Exchange 2010 / Exchange 2013 guidance http://aka.ms/kerbcoexist20102013

Exchange 2013+ Exchange 2016

A single ASA used for both 2013 and 2016 servers in the same environment.

Exchange 2010+ Exchange 2013+ Exchange 2016Two ASAs where one is 2010 and the other is shared with 2013 & 2016. The 2010 ASA is for RPC connections The 2013/2016 ASA is for all HTTP connectionsKerberos Authentication

Slide57

PreferenceMoveFrequency

in 2016 CU2 DAGsWith all DAG nodes on CU2 or later the servers will periodically activate DB copies with the lowest Activation Preference number if a lossless activation is possible.

Prior to CU2 the script RedistributeActiveDatabases.ps1 had to be scheduled or run manually.

Can be disabled by setting

PreferenceMoveFrequency to the value of [System.Threading.Timeout]::InfiniteTimeSpanWhy are my databases moving around?

Slide58

Move all system mailboxes from 2010/2013 to 2016

SystemMailbox{1f05a927-d5d7-47a6-b498-f5266abdf909}SystemMailbox

{bb558c35-97f1-4cb9-8ff7-d53741dc928c}

SystemMailbox

{e0dc1c29-89c3-4034-b678-e6c29d823ed9}FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042Migration.8f3e7716-2011-43e4-96b1-aba62d229136Can’t save admin tasks to the admin audit log or export itCan’t start eDiscovery searchesCan’t start migration batches with 2016 target DBsAnd more…System Mailbox Moves After Install

Slide59

Go to the Exchange booth and ask for a TAP PM

Tell us about your Office 365 environment/or on-premises plans

Get selected to be in a program

Try new features first and give us feedback!

Start now by emailing davidesp@Microsoft.com or by visiting this blog post: Exchange On-Premises TAP Program accepting nominations

Pre-Release Programs TeamBe first in line!

Slide60

Deploy, ramp-up on new services and onboard new users with Microsoft FastTrack:

http://fasttrack.microsoft.com/

Slide61

Join the Microsoft Tech Community

to collaborate, share, and learn from the experts:http://techcommunity.microsoft.com

Slide62

From your PC or Tablet visit MyIgnite at

http://myignite.microsoft.com

From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting

https://aka.ms/ignite.mobileapp

Please evaluate this session

Your feedback is important to us!

Slide63