If you would like to read the other parts in this article series please go to:
- 16 Tips to Optimize Exchange 2013 (Part 1)
- 16 Tips to Optimize Exchange 2013 (Part 2)
- 16 Tips to Optimize Exchange 2013 (Part 3)
13. Better Together: Outlook 2013, Windows Server 2012 R2, SharePoint 2013, Lync 2013
Clients, Servers and Operating Systems, there are a lot of components involved on any Exchange Server solution. As you can imagine, there are strong dependencies between all of them, meaning that should be no surprise that keeping them at the latest and greatest version (unless unsupported) will contribute to a better experience overall.
The latest version of Outlook provides the best and richest experience when used with Exchange Server 2013. The TechNet article Outlook 2013 features supported by different versions of Exchange Server has a very good explanation and a detailed table of features, from which I’d like to highlight the ones that are exclusively available with Exchange Server 2013:
|Apps for Outlook||An app for Outlook is a cloud-enabled application that integrates rich, scenario-focused content and services together with Outlook 2013. Get apps for Outlook from the Office Store. Exchange Administrators can make specific apps for Outlook available to their end-users if their Exchange accounts are on Exchange Server 2013.|
|Data Loss Prevention||Data loss prevention (DLP) is a new feature area in Exchange Server 2013. DLP capabilities help you protect sensitive data, by using deep content analysis, and inform users of internal compliance policies.
Exchange Server 2013 offers built-in DLP policies that are based on regulatory standards such as personally identifiable information (PII) and payment card industry data security standards (PCI). DLP is extensible so that it can support other policies that are important to your business. Additionally, the new Policy Tips in Outlook inform users about policy violations before they send data, thus helping them to prevent sharing sensitive information with unauthorized people by mistake.
For information about how to configure Data Loss Prevention and Policy Tips with Exchange Server 2013, see Data Loss Prevention and Policy Tips.
|Site Mailboxes||Site mailboxes improve collaboration and user productivity by allowing access to both SharePoint 2013 documents and Exchange email that use the same client interface. A site mailbox consists of SharePoint 2013 site membership (owners and members), shared storage through an Exchange Server 2013 mailbox for email messages and a SharePoint 2013 site for documents, and a management interface that addresses provisioning and life-cycle needs.
Site mailboxes require Exchange Server 2013 and SharePoint Server 2013 integration and configuration. For more information, see Configure site mailboxes in SharePoint Server 2013.
Table 5: Features Available with Exchange Server 2013
Windows Server 2012 R2
It’s true that when Exchange Server 2013 was launched, Windows Server 2012 R2 was not yet supported, but the release of Service Pack 1 for Exchange made the 2 products fully compatible. Here’s a small list of the main benefits:
- Prerequisites: .NET Framework 4.5 and Windows Management Framework 4.0 are included with Windows Server 2012 R2 and don’t need to be installed separately.
- Windows Server 2012 R2 leverages all the new features and functionality included with Windows Management Framework 4.0.
- Better DAGs: Windows Server 2012 R2 automatically takes advantage of the improvements in and changes to Windows Failover Clustering (WFC) in Windows Server 2012 R2. For more information, please read Windows Server 2012 R2 and Database Availability Groups.
SharePoint 2013 and Lync 2013
Exchange Server 2013 includes many features that integrate with SharePoint 2013 and Lync 2013. As explained in the TechNet article Integration with SharePoint and Lync, together, these products offer a rich suite of features for enterprise scenarios, such as eDiscovery and collaboration using site mailboxes.
For a more detailed visualization of all the available features, I strongly recommend downloading the poster Feature Integration Across Microsoft Office Products, with architecture illustrations (Figure 23) and a nice table like the following one:
Table 6: Feature Integration Across Microsoft Office Server Products
Figure 23: Exchange Integration with Unified Messaging, Lync and SharePoint
Here’s a brief description of the features that work across Microsoft Office server products:
Integrating Voice in Your Exchange Organization
There are three types of voice integration with Unified Messaging:
- With a legacy PBX and VoIP gateway. VoIP gateway translates TDM protocols to VoIP protocols
- With an IP enabled PBX (IP PBX). The IP PBX translates the TDM protocols to VoIP protocols
- With Lync Server. An advanced IP gateway and Mediation server translate the TDM protocols into VoIP protocols
SharePoint eDiscovery Center
- Perform eDiscovery searches across SharePoint 2013 sites, documents, and file shares; Exchange Server 2013 mailboxes; and Lync 2013 archived conversations and meetings stored in Exchange 2013
- Place an In-Place Hold on Exchange 2013 mailboxes and SharePoint 2013 sites
- OAuth authentication (service and user impersonation)
- Uses Exchange 2013 Role-Based Access Control (RBAC) permissions for eDiscovery searches from SharePoint 2013
- Multi-Mailbox Search API to search mailbox content
- Preview search results
- Export eDiscovery search results (from Exchange) to PST file(s) with appropriate metadata stored in EDRM XML
- Functionally comprised of SharePoint 2013 site membership (owners and members), shared storage through an Exchange 2013 mailbox for email messages and a SharePoint 2013 site for documents, and a management interface that addresses provisioning and lifecycle needs
- AutoDiscover to determine CAS endpoints
- OAuth authentication (service and user impersonation)
- Site Mailboxes provisioned and managed from SharePoint 2013
- SharePoint Team Site documents displayed in Site Mailboxes in Outlook 2013
- Inbox messages can be read from SharePoint 2013
- REST (Representation State Transfer) API used to synchronize updates from SharePoint to Site Mailbox over HTTPS
- SharePoint 2013, Lync 2013 client, and Outlook 2013 use the Outlook Web App Options page to add or update user photos
- High-resolution user photos stored in Exchange 2013 mailbox; Low-resolution user photos stored in Active Directory
- User photos accessed by Outlook Web App, Outlook, SharePoint 2013, and Lync 2013
- Archives Lync 2013 conversations and meetings in Exchange 2013 mailboxes
- OAuth authentication
- Archive conversations using EWS
- Compliance management (Hold and eDiscovery) of Lync content using Exchange 2013
- Unified Contacts Store, with Lync 2013 contacts stored in Exchange 2013 mailbox
14. Migrate to the Latest Version and Prepare for the Future
There are a few compelling reasons to migrate to the latest Exchange Server 2013, most of them can be found in this nice table with a comparison of features for the last 3 versions of Exchange Server, Comparing versions of Exchange Server. And if you’re still not convinced, take a look in the What’s new in Exchange 2013 TechNet page.
The architecture changes (fewer server roles, single namespace support, enhanced DAG) make Exchange much more robust and resilient, and the improved security and compliance features (DLP, RMS) should be sufficient to drive the migration to the latest version. Nevertheless, the RTM version of Exchange 2013 only supported greenfield deployments, we had to wait until the release of CU1 to be possible a migration from a previous version, as explained in this blog post: Released: Exchange Server 2013 RTM Cumulative Update 1.
Things to consider before a migration from Exchange Server 2007 and/or 2010:
- Document yourself by reading important technical information:
- Use the Exchange Server Deployment Assistant to improve the on-premises or hybrid Exchange Server deployment experience.
- Offline Address Book (OAB) – make sure all of your Exchange 2007/2010 Mailbox Databases have an actual value populated for their Offline Address Book. If they are currently blank, will result in each of these Mailbox Databases switching to use the Exchange 2013 Offline Address Book that gets created during installation of your first Exchange 2013 Mailbox Server. All the Outlook Cached Mode clients on these Mailbox databases will then start a full OAB download, which can bring your network down.
- Disable IPv6 on the Exchange 2007 servers. Some connections between Exchange 2007, that has both the Mailbox and Client Access server roles installed, and Exchange 2013 don’t work correctly when IPv6 is enabled.
- Outlook clients earlier than Outlook 2007 SP3 are not supported. Email clients on Mac operating systems that require DAV, such as Entourage 2008 for Mac RTM and Entourage 2004, are not supported. The following minimum versions of Microsoft Outlook and Microsoft Entourage for Mac are required:
- Outlook 2013 (15.0.4420.1017)
- Outlook 2010 Service Pack 1 with the Outlook 2010 November 2012 update (14.0.6126.5000).
- Outlook 2007 Service Pack 3 with the Outlook 2007 November 2012 update (12.0.6665.5000).
- Entourage 2008 for Mac, Web Services Edition
- Outlook for Mac 2011
- There is a known error with Outlook 2007 when you try to share your calendar. Further information on KB 2836889.
- Another known issue is that users who access shared mailboxes are constantly prompted for credentials. More information on KB 2834139.
- Legacy Public Folders. Exchange Server 2013 doesn’t store public folders in the same way legacy versions of Exchange did. Exchange 2013 stores public folders in a mailbox database within a special mailbox type called a public folder mailbox. For important information, please read FAQ: Public folders.
Regarding the future version of Exchange Server there’s not much information available yet, but as a good practice consider the following:
- Have your Active Directory in a good health, clean from dead objects and consolidated according to your needs.
- Discontinue the remaining Exchange 2007 or 2010 servers.
- Upgrade the clients to the latest version of Outlook.
- Make sure you have an Exchange backup strategy in place.
15. Publish Exchange Securely
When Microsoft announced the end-of-life (EOL) for its Forefront products TMG and later UAG, panic installed in the Exchange community. How could now Exchange be securely published, where could a fine replacement be found? Although this might sound controversial, the truth is that the world and the security threats have changed and nowadays a properly managed and monitored Exchange deployment does not require the pre-authentication mechanisms provided by the defunct Forefront products.
This topic was largely discussed on the online community, even the Exchange Team published a couple of blog posts about this matter:
- Life in a Post TMG World – Is It As Scary As You Think?
- Part 1: Reverse Proxy for Exchange Server 2013 using IIS ARR (Part 2 and Part 3)
So, what are the options to publish Exchange services today?
- TMG: although it reached EOL, Microsoft will support it until 2020. If you have it and like it, use it.
- UAG: same as TMG, supported until 2020, perfectly fine to use it with Exchange if you feel comfortable with it. Might have some limitations, since it doesn’t work with MAPI over HTTP.
- ARR: Application Request Routing is an IIS extension that provides Web application scalability and reliability through rule-based routing, client and host name affinity, load balancing of HTTP server requests, and distributed disk caching. It will allow you to publish Exchange, but with some limitations:
- No pre-authentication, anonymous connections still hit Exchange servers
- No PowerShell
- No special monitoring capabilities
- No High Availability
- It’s probably not the strategic choice for application publishing from Microsoft
- WAP: Web Application Proxy is a role built in to Windows Server 2012 R2. It’s focused on browser and device based access and with strong ADFS, OAUTH and tokens support. WAP is the direction the Windows team are investing in these days. It can currently offer pre-authentication for OWA access, but not for Outlook Anywhere or ActiveSync.
- LB with pre-auth: a couple of LB vendors saw the opportunity and are trying to be replacement for what TMG and UAG used to do. Usually this solution does a fine job of load balancing and providing pre auth, but from a security perspective doesn’t add much regarding the inspection of an Exchange packet.
- Other reverse proxies: although I’m convinced TMG had an overwhelming market share in this space, other reverse proxies are supported and can perfectly be used with Exchange.
Figure 24: Web Application Proxy (WAP)
Since this is a “tips and tricks” kind of article, my personal advice is to use Web Application Proxy (WAP) for the following reasons:
- WAP is built in to the OS and is the strategic choice for application publishing from Microsoft
- WAP provides pre-authentication for OWA traffic
- Pre-authentication functionality for Outlook Anywhere, MAPI/HTTP, Oauth and Exchange ActiveSync is coming in future releases
- PowerShell ready
For more information, please read Web Application Proxy Walkthrough Guide.
16. JBOT – Just a Bunch of Tips
And finally, to conclude this article, here’s a bunch of loose tips
- An Exchange infrastructure should also be eco-friendly, consider these tips to save power:
- When sizing Exchange Server, try not to focus exclusively on performance, balance between energy efficiency and throughput, knowing the kind of hardware you’ll be using
- If possible, use large slow drives, as these help to conserve power
- Regarding CPU & memory, use the strictly necessary for your needs
- Configure Windows Power Options to use the “Balanced” plan for power efficiency, instead of “High Performance” (test it first to avoid performance issues)
- Configure BIOS to allow OS to manage power
- Distributing databases on a DAG
- Utilize DB copy ActivationPreference and MaximumPreferredActiveDatabases parameters to ensure a well-balanced distribution of active copies
- Consider regular utilization of RedistributeActiveDatabases.ps1 to maintain balance
- During localized high load events, redistribute active copies to migrate load
- To significantly reduce time to get localized cmdlet updates, update PowerShell help with the cmdlet Update-ExchangeHelp
- EAC Command Logging is back, allowing you to see the Exchange Management Shell commands that the console executes. To activate it, in the far-right drop-down menu, to the right of the name of the account which you use to log-in, click Show Command Logging (Figure 25).
Figure 25: EAC Command Logging
- Add new document formats to be indexed. Use the New-SearchDocumentFormat cmdlet to add a format-specific filter to those used by Exchange search.
- Register Filter Pack IFilters with Exchange 2013 to add attachment types to be used with transport rules.
- Follow Scott Schnoll’s Exchange Server 2013 Tips & Tricks session for the latest tips about Exchange Server. This has become a regular session on major Microsoft technical events.
These tips and best practices were collected from several technical sources (including sessions from some major Microsoft events), gathered from the vast Exchange Community, and are also the result from real situations in the field.
Please keep in mind that some of the present recommendations may change in the future, as new cumulative updates or new versions of the products are made available. The engineering teams can also make some changes on their recommendations, based on experience or due to hardware advances. In either case, the best to do is to keep up with the plethora of technical information and news widely available on the Internet (remember tip #1).
If you would like to read the other parts in this article series please go to: