In-Depth

Major Messaging on Exchange 2000

Exchange 2000 is as different from Exchange 5.5 as Windows 2000 is from NT 4.0. This feature briefing will bring you up to date on this big new release.

As everyone knows, Windows 2000 is a significant upgrade to Microsoft’s cornerstone operating system. But the fundamental improvements in Win2K have another side—BackOffice products can reap the benefits of its rich new features. Nowhere is this more evident than in the next version of Microsoft’s messaging system. Exchange 2000 makes a great leap forward in Microsoft messaging technology, taking advantage not only of Windows 2000 (to such an extent that it requires Win2K Server to run—no Windows NT for this product), but also improving existing functionality and adding additional messaging services. In this article, we’ll show you some of the highlights, based on Release Candidate 1.

AD: A Good Thing for Exchange

One of the most significant new services provided by Windows 2000 is Active Directory, the distributed, standards-based directory that is the security subsystem of Win2K. This full-functioning directory service provides a central source for enterprise directory information. Here’s evidence of the fact that Exchange 2000 takes full advantage of AD—Exchange no longer has its own directory. Rather, all directory services, both mail recipients and configuration information, are stored in AD. Is this a good thing? Absolutely! Let’s look at why.

First, functionality. In addition to the operational impact of having a single repository for enterprise data, there are several key technical benefits of AD. Those include granular access control, an extensible directory schema, and improved lightweight directory access protocol (LDAP) support.

Next, granular access control. With AD, each object has its own access control list (ACL). This allows you to set the permissions for each object and in turn control access to the directory at a detailed level. With this capability, you as the Exchange administrator can store important information in the directory that can be accessed only by certain users, administrators, or applications. For example, as employees come and go, you may want your Human Resources department to create and delete users in AD. However, you don’t want HR personnel to be able to add additional SMTP address definitions for users, or to change a user’s storage limits. AD lets you define attribute-level access for this type of security structure.

Schema extensibility is another plus. AD schema extensions are available for use with Exchange applications, users and other programs in the enterprise. The advantage of a single directory schema such as that used by AD, Exchange, and other enterprise applications is the commonality it brings to different applications.

And then there’s performance. By having a single directory across the enterprise that provides directory services to multiple applications, you’ll experience an overall increase in performance and efficiency.

In Windows NT 4.0 and Exchange 5.5 environments, there are two directories: the NT domain directory and the Exchange 5.5 directory. Each replicates information to different servers in a variety of ways. As a single directory, AD eliminates this unnecessary redundancy. Furthermore, AD can be segmented into multiple domains, with a Global Catalog providing insight across domains. This gives organizations the opportunity to control where domain data is replicated, while still giving applications and users access to other domain data via the Global Catalog. This contrasts with Exchange 5.5, where the entire Exchange 5.5 directory is replicated to every Exchange server in the organization. Last, AD replicates attribute level changes, whereas Exchange 5.5 replicates at the object level. This means an overall reduction in the amount of replication traffic when you compare similar Exchange 5.5 and Active Directories.

Ease-of-use is another argument for incorporating AD in Exchange 2000. Using AD as a directory service provides a single administrative framework for the enterprise. AD users, managed through the Active Directory Users and Computers MMC snap-in, include Exchange 2000 attributes. This means that a single tool can be used to manage AD users and Exchange mailboxes. With this type of framework, a line has been drawn between Exchange recipient management and configuration management. Recipient management is done through AD management tools, whereas Exchange configuration management is done through Exchange management tools.

Finally, consolidating directories can simplify things greatly under AD. Consolidation unifies objects of similar type; the most obvious is the user object and the mailbox object. Others include Exchange distribution lists that have become AD mail-enabled groups. Exchange custom recipients have become AD mail-enabled contacts. Unifying these objects has several advantages. For example, with Windows NT 4.0 and Exchange 5.5, if a user joined the Engineering group of an organization, the NT administrator would have to add the user to the NT group Engineering to grant the user access to Engineering resources. The Engineering distribution list manager would have to add the user to the Engineering distribution list. When using AD, the user would only have to be added to the mail-enabled security groups Engineering to have access to Engineering resources and to receive messages sent to the Engineering group.

Architectural Changes

Along with moving its directory to Windows 2000, Exchange has undergone several other significant alterations. These include architectural changes that affect how messages are stored and transported across the enterprise.

Information Stores

In Exchange 5.5, a single information store service manages two information stores, one private and one public. There’s no practical limit to the size these information stores can reach. (Well, actually, there’s a 16-terabyte limit.) Consequently, Exchange information stores can grow quite large if unchecked and can be the limiting factor that requires multiple servers. The information store can grow so large that it can’t be backed up or restored from backup in a reasonable amount of time.

With Exchange 2000, it’s possible to have multiple public and private information stores on a single server. This means that very large Exchange 5.5 information stores can be divided into multiple Exchange 2000 information stores, which can be mounted and dismounted, backed up, and restored independently of each other.

Figure 1. MAPI, which isn't technically a protocol, allows for client access directly to the information store.

Information stores are divided into storage groups. With Exchange 2000 Release Candidate 1, there can be up to four storage groups per Exchange 2000 server. (It was possible to have 15 storage groups in Exchange 2000 beta 3, but that number appears to have been reduced for the final product.) Each storage group has a single set of transaction logs for the information stores in that storage group.

Each storage group can host up to six information stores. However, Microsoft recommends that no more than five information stores be created per storage group. When the Exchange database utility ISINTEG is run, it needs to be able to mount a temporary information store in the storage group. If six information stores exist in the storage group, one of the other five information stores will have to be dismounted before ISINTEG can run against the troubled database.

As with previous version of Exchange, Exchange 2000 offers a variety of client access methods to the information store:

  • NNTP: Before you can install Exchange 2000, you must have installed NNTP on the Win2K server. NNTP provides NNTP clients access to public folders. You can create discussion threads to specific public folders for external use; internal users can access the public folder with Outlook 2000 or Outlook Web Access.
  • SMTP: Exchange 2000 uses SMTP as its primary protocol for moving messages throughout the organization. Exchange 2000 extends the Windows 2000 SMTP stack to support Exchange-specific commands for communicating routing information and more.
  • HTTP, POP3, and IMAP: As with previous versions of Exchange, POP3 and IMAP4 client access is supported. However, POP3 and IMAP4 have moved out of the information store and to Internet Information Server 5.0.

Protocols

Another significant architectural change to Exchange 2000 is in the area of transport protocols. In Exchange 5.5, most client access protocols were hosted in the Information Store. With Exchange 2000, client access has been moved from the information store to IIS 5.0.

Front-end/Back-end Servers

Here’s an added benefit of having IIS host the protocol stacks for Exchange 2000: the ability to define Exchange 2000 front-end and back-end servers. This configuration offers a new concept for Exchange: the ability to route client traffic (except MAPI). An Exchange 2000 front-end server relays client access protocols (again, except MAPI) to the appropriate back-end server. This way, a user need only know the name of the front-end server that will route the client protocol to the user’s back-end server.

Dismantling Sites

Up to this point, Exchange sites have defined three important components of product design. Site boundaries define:

  • How messages are routed through the organization (point-to-point between servers within a site and across connectors between sites).
  • A security context. Sites are a primary security context, used to apply an administrative model to the messaging environment.
  • A portion of the namespace. Sites, under Organization, are a building block for the Exchange X.500-like directory.

Each of these components is evaluated when you’re defining an Exchange site topology and may have different and conflicting design considerations. The best site topology for messaging routing may be very different than the ideal site topology for administering the messaging environment—yet there can be only one site topology.

Exchange 2000 breaks up the concept of a site into three individually designed and manageable components, as shown in Figure 2. With sites broken up into separately configurable components, Exchange 2000 offers much more configuration and management flexibility. (The amount of flexibility depends on whether Exchange 2000 is running in Native Mode or Mixed Mode. To support coexistence, Mixed Mode Administrative Groups and Routing Groups are coupled to closely resemble Exchange Sites.)

Figure 2. Exchange 2000 has dismantled the Exchange site into Routing Groups, Administrative Groups, and the Active Directory namespace.

Administration the Way You Want It

Exchange 2000 configuration objects are divided into manageable groups called Administrative Groups. Objects such as servers, public folder trees, policies, and routing groups are assigned the same ACL permissions as the administrative groups they’re contained in. You can create administrative groups, independently of routing groups, to implement the administrative model you want (when in Exchange 2000 native mode).

Microsoft Management Console

Gone is the Exchange Administrator tool. As with all Windows 2000 applications, the Microsoft Management Console (MMC) is used to administer Exchange 2000. A series of snap-ins allows for varied administrative interfaces that you can customize for various tasks. An added bonus is right-click menus, as shown in Figure 3.

Figure 3. The Exchange System Manager (a set of MMC snap-ins) replaces the Exchange Administrator tool.

Administrative Group Rules

There’s less flexibility with Exchange 2000 RC1 Administrative Groups than there was in Beta 3. Servers must be installed in an Administrative Group and can’t be moved between administrative groups. The administrative group into which a server is installed is used to build the server’s distinguished name (DN). Changing the DN of a server, or any object for that matter, is no trivial task. This functionality was introduced in Exchange 5.5 Service Pack 2; Microsoft plans to offer a similar tool after Exchange 2000 is released.

Administrative Group Strategies

New to RC1 is the Administration Delegation Wizard. This wizard steps you through applying permissions to the administrative group, as shown in Figure 4. With this tool, you can take an administrative model that fits your organization and apply it to the Exchange 2000 portion of AD.

Figure 4. The Administration Delegation Wizard steps you through applying security to your Exchange organization.

Administrative Groups offer flexibility that will allow organizations to re-evaluate how they’re currently managing their messaging environments. For example, many organizations have a central IS group that’s responsible for the overall administration of the messaging structure. There are additional administrative roles at remote locations that are responsible for the local servers, public folders, and the like. In this type of environment, it’s possible to create an Administrative Group for the central IS group that contains all Routing Groups, Public Folder hierarchies, and policies for the organization. (Note that the server can only reside in a routing group outside the Administrative group when Exchange 2000 is in Native Mode.)

Only administrators in this group would be able to manage routing groups, their connectors, and so forth. The remote locations would then have their own Administrative Groups, containing their local servers, allowing those administrators to perform local administration of those objects. This is shown in Figure 5.

Figure 5. An Exchange 2000 administrative model that centralizes routing groups and public folder hierarchies in a centralized Administrative Group, with remote Administrative Groups managing only local servers.

Routing the Way It Should Be

As administration has moved to Administrative Groups, message routing in Exchange 2000 has moved to Routing Groups. Routing Groups perform message routing similar to how it was performed with Exchange sites. Messages are sent point-to-point between servers in the same routing group and are routed across connectors between routing groups. There are three main differences in the way message routing works in Exchange 2000:

  • SMTP is the primary transport between Exchange 2000 servers in a routing group, rather than RPC.
  • The preferred connector is the Routing Group Connector. In the spirit of the Exchange 5.5 Site Connector, multiple bridgeheads can be defined in each routing group. However, SMTP is again used to transport messages, rather than remote procedure calls (RPCs).
  • The routing and selection process is greatly enhanced by a Link State Algorithm (LSA). LSA allows each Exchange 2000 server to select the most efficient route available to deliver messages.

The use of SMTP between servers within a routing group will likely change the criteria by which routing groups are designed, when compared to Exchange sites. It’s unnecessary to have the bandwidth between servers within a routing group to support RPC. Rather, routing groups will be designed to control message flow. Routing Groups also dictate Public Folder access. Clients will search for an instance of a given public folder in the Routing Group for which the user’s mailbox resides. Searching for the instance of a public folder across routing groups is defined at the Routing Group Connector.

Link State

Each Exchange 2000 server knows the status of all connectors in the organization—whether each is up or down. Unlike previous versions of Exchange, a server sending a multi-hop message knows that all connectors are up between its routing group and the destination routing group. If there’s no route available because a connector two hops away is down, the server queues the message until the route becomes available.

All this is accomplished with the help of an algorithm with its roots in network packet routing. Each server hosts a Link State database. One server in the routing group is designated as the Routing Group Master. When a connector fails, the bridgehead that discovered the failure notifies the Routing Group Master (TCP port 691). The Routing Group Master then notifies all other Exchange 2000 servers in the routing group. If any of these servers is a bridgehead to other routing groups, they in turn notify the bridgehead in the opposing routing group (TCP port 25). That bridgehead then notifies its Routing Group Master, and so forth. The failed connector state is thus propagated throughout the organization (see Figure 6).

Figure 6. When a connector fails, link state information is passed to the routing group master, which in turn notifies all Exchange servers of the failure. Bridgehead servers notify bridgeheads in other routing groups of the failure.

Traditional Exchange site topologies have been hub-and-spoke, to avoid message ping-ponging between sites. With LSA, Routing Groups can be designed in a full-mesh topology without messages bouncing between routing groups looking for an available route.

Improved Services

Regarding services, little has gone untouched in RC1 of Exchange 2000. As you can see from the change in architecture, most components were enhanced during this upgrade process, and many others completely rewritten. Some of the highlights are included below.

Outlook Web Access

One component that underwent a great deal of development was Outlook Web Access (OWA). Introduced in Microsoft Exchange Server version 5.0, OWA provides access to Exchange Server information from Microsoft Internet Explorer or other HTML browsers.

The enhancements to OWA in Exchange 2000 increase performance and scalability. This was accomplished through major architectural changes on the server as well as the client when using IE 5.0. These enhancements include:

  • Support for XML and Dynamic HTML. This allows some functions to take place at the client rather than the server, which increases performance and gives OWA a closer look and feel to Outlook 2000.
  • Support for an extended version of HTTP named WebDAV (Distributed Authoring and Versioning, RFC 2581).
  • Support for embedded items and ActiveX objects.
  • Support for public folders that contain Contacts and Calendar items.
  • Friendly URLs. User mailboxes, personal folders, and public folders can be accessed with a simple URL.
  • Support for multimedia messages, including video (in RC1).

OWA is not Outlook 2000. While it can be very useful to roaming and remote users alike, it still lacks many of the features found in Outlook 2000. These include digital encryption and signature support, inbox rules, message searches, and three-pane views. You can view and create calendar items, but much of the calendar functionality found in Outlook 2000 isn’t available (such as appointment list views, free and busy details, meeting attendee acceptance, multi-day and all-day events, task lists, and exporting data).

New Services

Along with improvements in existing services, Exchange 2000 has several new communication services. These services provide expanded access to data stored on Exchange servers and increased methods of communication beyond simple messaging.

Web Store

Exchange 2000 databases are exposed to the file system through the Exchange Installable File System (EXIFS). This means that folders in Exchange 2000, such as a user’s inbox or a public folder, can be mapped to a network drive. That sounds simple enough, but it could change the way Exchange is used in many organizations. Rather than having Web servers hosting data accessed by Web browsers, file servers hosting data accessed by network clients, and messaging servers hosting data accessed by Outlook, all these clients can access data hosted in the Web Store. Furthermore, when this data is located in a public folder, it can be replicated around the organization to provide efficient, reliable access.

How the Web Store will be used (and what its final name will be) in the shipping version of Exchange 2000 is yet to be seen. Having it there strengthens Exchange as an ideal platform for knowledge management and collaborative applications, since it increases the means for getting to data.

Instant Messaging

Instant Messaging (IM) is thought by many to be for the casual AOL or Internet user trying to avoid long-distance phone calls. However, many corporate organizations are realizing the advantages of Instant Messaging; it allows users to see “presence” information about other users. That information can include whether someone is online, online but inactive, busy, or out of the office. Instant Messaging is real-time—meaning communication between users happens immediately. This makes it ideal for ad hoc or urgent communication. For example, Edgar may have a workstation at his desk, a laptop he takes to meetings, and a home computer, all on the corporate network. If Bill needs to get an answer to an important question from Edgar, Bill can see if Edgar is online. If Edgar is online, say in a meeting with his laptop, Bill can initiate an Instant Message to get his question answered.

Exchange 2000 uses the Rendezvous Protocol (RVP) for Instant Messaging. Using this protocol and the presence database, an organization could create a custom application that sends an urgent message to everyone online. Note that Instant Messages aren’t stored—once the Instant Messaging session is closed, the messages are gone.

Data Conferencing Services

In addition to Instant Messaging, Exchange 2000 provides data conferencing services. The Microsoft Exchange 2000 Data Conferencing Server gives users the ability to hold multi-user Web browser-based conferences that include video, audio, shared whiteboard, direct file transfer, and chat.

Data Conferencing services are divided into two categories; multi-cast services based on TAPI 3.0 that will provide audio and video sessions, and T.120 services, which provide everything else. In RC1, data conferencing rooms are created using the Exchange System Manager. Outlook 2000 users can schedule other users and the data conferencing room for an on-line conference. When the conference time arrives, the Outlook 2000 users simply right-click on the calendar item and choose Join Conference. A Web browser is opened and the user joins the conference (see Figure 7). This will be a separate product when Exchange 2000 is released, but won’t be included in Exchange standard or enterprise edition.

Figure 7. The MSN Messenger is the default Instant Messaging client for Exchange 2000.

Big Differences, Big Payoff

Exchange 2000 is as different from Exchange 5.5 as Windows 2000 is from NT 4.0. Therefore, it’s important to learn as much as you can about this product, set up a lab for testing, and carefully plan upgrade paths and coexistence scenarios before initiating your Exchange 2000 deployment. Microsoft is committed to making deployment of Exchange 2000 as painless as possible. There are already numerous white papers available at www.microsoft.com/exchange on the various components that make up Exchange 2000. Take the time to educate yourself so you can enjoy working with this outstanding messaging system.

Featured