Hosted Exchange: Can it Work for You?
If you don't have the time, money or manpower to run your own messaging environment, it may be time to consider hosted Exchange.
- By John S. Moh
- August 01, 2004
I've decided to join Gold's Gym. With the high upfront costs of fitness equipment, I figured this was a cheaper and better solution than trying to go it alone. Gold's experienced certified personal trainers are helping me design and implement a fitness plan. With their support, I'm reaching my goal. But if the service ever goes south, I can always leave, because I have the pay-as-you-go plan.
The Gold's Gym approach isn't all that different from a hosted Exchange service provider. At the fitness center, as in the data center, you'll find some expensive hardware. This is why it quickly becomes all about selling gym memberships or Exchange seats—that expensive hardware is a fixed cost. As is the case at Gold's Gym, hosted Exchange service providers normally employ experienced Microsoft Certified Professionals to help their customers. And similar to how Gold's Gym offers free weekly passes, hosted Exchange service providers offer free monthly trials.
Having spent the past four years in the hosted Exchange world, I've seen how it can provide a compelling benefit to small, medium and even some large enterprises.
What is Hosted Exchange?
Hosted Exchange is a fully managed service—designed, implemented and supported by a service provider. Although it's rarely differentiated, there are two offerings: multi-tenant, also known as shared hosted Exchange, and single-tenant, also known as dedicated hosted Exchange. For this article, I'll focus on the much more common multi-tenant offering, where two or more isolated tenants (customers) share the same Active Directory and Exchange infrastructure.
Typically, shared hosted Exchange solutions are large-scale and highly
centralized. In addition, they're built on a high-performance, high-availability infrastructure (hardware-based load balancers and SSL accelerators, redundant routers and switches, redundant servers, and Storage Area Networks). AD is deployed in a single forest, single domain, and single site configuration with an Organizational Unit (OU) assigned to each tenant. For redundancy, at least two Global Catalog servers and at least two Exchange front-end servers are deployed. All Exchange back-end servers are Exchange virtual servers, clustered.
Exchange is deployed in a single Organization with a Recipient Policy, Global Address List, Address List, Offline Address List and a top-level public folder within the root public folder tree, assigned per tenant.
Isolation from other tenants is achieved with Security Groups and Access Control Lists, and by stamping rarely used attributes. For example, the msExchQueryBaseDN attribute on all user objects in a tenant is set to the distinguishedName attribute of its assigned OU. This limits Outlook Web Access-based Address List searches to the members of their OU. Nearly all shared hosted Exchange solutions are deployed with a service management system. This system—typically a Web portal—gives end users, customer administrators, resellers and the wholesaler a central point of access to provision and administer the service.
Finally, hosted Exchange service providers claim their service is cheaper and better than what could be built and maintained in-house. They argue that your total cost is reduced because you share the same infrastructure and applications with other tenants. At the same time, reliability, security and scalability is improved because the service is handled by folks whose core business is designing, implementing and supporting Exchange.
Why Hosted Exchange?
In addition to the "better and cheaper" claim, which all outsourcers tout, two factors are making hosted Exchange a legitimate option for many small, medium and even large enterprises.
- The market is maturing. The role and value of a hosted Exchange service provider is better understood now than it was four years ago when Exchange 2000 first shipped. And if you're facing a decision on whether to upgrade your existing messaging systems to Exchange 2003, you may never find a better time to consider the hosted option.
- The technology is getting better. Perhaps the most apparent technology improvement is the ability to connect to Exchange servers over the Internet with RPC over HTTPS using Outlook 2003. Prior to this, service providers published MAPI with ISA Servers, deployed VPNs, or ran with fixed RPC ports. RPC over HTTPS finally delivers an efficient standard for the industry. When published through ISA, it truly provides secure Exchange access over the Internet.
Hosted Exchange also benefits from the native mobility features within Exchange 2003. The features are a significant improvement over deploying Exchange 2000 with Mobile Information Server, a step some providers took to offer mobility with Exchange 2000. Full access to e-mail, calendar and contacts through Server ActiveSync and Outlook Mobile Access on a Windows Mobile Pocket PC Phone or a Smartphone is hard to overlook.
In addition, Outlook Web Access for Exchange 2003 offers the ability to create custom OWA Themes, giving providers an opportunity to further brand their service offering. The ability to modify the appearance and the functionality of OWA by using segmentation was available in Exchange 2000; but now, with the improvements in OWA such as forms-based authentication with HTTP compression, customizable logon page, and Spell-check, it's worth the effort.
|A Hosted Exchange Success Story
Can hosted Exchange be cheaper? Can it lower your total cost of ownership? For Walter Pinson III of Pinson3 Systems, the answer is yes. He says that "the barrier to entry is totally removed. We would have had to commit thousands of dollars to internally roll out the capabilities that we enjoy and now depend on."
Can hosted Exchange be better than going it alone? Can it enable you to focus on your core business? "The answer here is simple," explains Walter. "We started out trying to bring up our own Exchange 2003 and VPN environment, and it became apparent very quickly that it was taking our focus away from where it needed to be. We are a small business and our time is better spent serving our current customers and acquiring new ones."
Evaluating Service Providers
To determine whether hosted Exchange is cheaper for your organization, you need to understand the total cost. The cost breakdown looks like this:
- Hidden costs
- Move-in, move-out costs
- Add-on costs
- Fixed costs
Of these, understanding where hidden costs lie—and avoiding service providers who try to hide them—is most important.
For instance, are there any fees associated with Exchange updates or upgrades? A good service provider shouldn't charge you for upgrades to the next Exchange version. The rule of thumb is that whatever service plan you choose, any cost associated with tasks that fall under the fully-managed promise should be included in the fixed cost. They include:
- 24-by-7-by-365 monitoring with tier 2 and 3 support
- Delegated administration and training
- Server and mailbox backup
- Disaster recovery
- Patch management
- Everything else associated with delivering the service level agreement (SLA)
Move-in costs refer to setup, implementation and migration fees, which can vary widely. Make sure you discuss them up front, to help determine your total cost.
Move-out costs are incurred if you decide to migrate out of the hosted system. Before signing up with a service provider, understand the consequences, penalties and options for moving out. It's also a good idea to understand how disagreements will be handled: Are accounts inactivated for non-payment or when payments are in dispute? What does inactivation entail: can't send e-mail, can't receive e-mail or both?
Add-on costs can involve fees for extra storage, e-mail archiving or fees for third-party wireless access, such as BlackBerry devices.
Fixed cost is the predictable monthly fee you pay per seat (see "What Does it Cost?"). It's best to look for an on-demand plan, paying month-to-month, or pay-as-you-go agreements without long-term commitments. This way, if the service is bad, you can always leave.
Before offloading your messaging needs to a provider, carefully evaluate its reliability, security and scalability claims. Aside from the obvious—checking for references and a successful track record—look for experience and expertise. And definitely try out the provider's services for a month.
Your provider's reliability claims should be backed by SLAs, proactive monitoring and a commitment to continuous improvement.
- Service Level Agreements: Hosted Exchange SLAs, simply put, are about your priorities and the provider's promises.
Your priorities must be clear to the service provider. For example, in the event of a disaster, what's more important to your business: the ability to send and receive e-mail or the availability of your mailbox content? Without a clear understanding of what's important, your provider may not focus on the right task. To that end, SLAs should be about more than service availability. In fact, anything important to the customer—quick data restores and recoveries, timely application updates and upgrades—should be covered by the provider's SLA.
The provider's promises must be clear to you. For example, what if MAPI access is down but OWA access is up. Is it really an outage? After all, you can still send and receive e-mail. What if your provider notifies you of an outage one day before it happens; is that planned or unplanned? Without a clear understanding of your provider's promises, you may not get the reliability you're looking for.
Keep in mind that shared SLAs are typically written to meet the needs of all tenants. Special SLA requirements typically require a dedicated solution.
- Proactive Monitoring: If there's an unplanned outage and you don't notice it, was it really an outage? What if you notice the outage an hour after it began? When did this outage really start—an hour ago, or now, when you became aware of it? Whether detected by the provider or you, the customer, outage notification and reporting should be automatic. In fact, it should be a direct outcome of proactive monitoring. If your provider is claiming reliability, its system should be proactively monitored, checked for problems that get resolved before they cause down time. Ask potential providers how they monitor their Exchange servers and whether they'll share reports on a regular basis.
- Continuous Improvement: A reliable hosted Exchange service is more than the mere absence of single points of failure—or single points of success—in the provider's solution. It's also about eliminating needless complexity which can make the solution difficult to support. Reliability is a continual journey involving people, processes and technology. This is why it's important to evaluate your provider's reliability claims against its commitment to continuous improvement.
Good hosted Exchange service providers offer protection from spam and unwanted content, and viruses and worms.
- Protection from spam and unwanted content: Your provider's spam and unwanted content protection solution should allow for per-tenant customization. It should be simple to administer and configure, with advanced filtering, analysis and updating capabilities. Look for comprehensive reporting integrated with the service management system.
- Protection from viruses and worms: For anti-virus protection, e-mail should be scanned at the store and gateway with multiple scan engines. Your provider's chosen application should perform real-time detection and removal of viruses, provide quarantine management to contain the spread of viruses, and customizable configuration and notifications.
When evaluating patch management capabilities, look for more than products and tools. Are there signs of a process? Does it sit within an overall configuration and release management process? More often than not, patch management is more about the people and processes than technology. Look for a provider that has a well-defined process for testing patches.
If you're counting on your provider to keep up with your business growth, make sure it has a mature service management system and a tested solution. Without these, it's difficult to scale hosted Exchange.
- Mature Service Management System: A mature hosted Exchange service management system contains at least two components.
– A back-end automated service provisioning component for AD and Exchange. This eliminates the need to manually create OUs, Exchange Recipient Policies, Global Address Lists, Address Lists, Offline Address Lists and top-level public folders within the root public folder tree. This component should be transactional, allowing for complete rollback if any one of these steps happens to fail.
– A front-end delegated administration component—otherwise known as a self-service portal—giving customers the ability to self-administer services, including any add-on service options. Here, customer administrators can perform common administrative tasks such as password resets and adding and deleting users. This component should include a reporting module, generating reports on SLA compliance, usage statistics and billing.
Of the two components, focus on evaluating the self-service portal. Make sure documentation, training and support are readily available. Otherwise, you may be calling your provider often.
- Tested Hosted Exchange Solution: Your service provider should know the breakpoints of its solution; if not, it's a sign the system may not have been properly tested. This is especially important in a shared environment, where seat count and user profiles are unpredictable. The provider should have a clear understanding of subscription vs. concurrency and how those numbers influence capacity planning decisions.
|What Does it Cost?
Typical price range: Approximately $10 to $20 per month for a full-featured Exchange 2003 seat.
Some common factors determining price per seat:
- Number of seats
- Length of contract
- Mailbox size
An example using $15 a month per seat with typical discounts*
- For 10 users on a pay-as-you-go (month-to-month) contract: $150 monthly, $1,800 yearly
- For 500 users (10 percent discount) on a one-year contract (10 percent discount): $6,000 monthly, $72,000 yearly
- For 1,000 users (25 percent discount) on a two-year contract (25 percent): $7,500 monthly, $90,000 yearly
* The type and percentage of discounts will vary widely between service providers
No Substitute for Experience
Experientia docet—experience teaches—speaks to the claim that hosted Exchange expertise is gained from experience. And experienced providers will be good at setting priorities, being practical and employing process.
Hosted Exchange should be a core business offering from your service provider. Take for example an ISP with an existing customer base to sell to, but no hosted Exchange solution. Rather than developing one, it decides to re-label someone else's to sell as its own. With a partial knowledge of the offering and incomplete control over service delivery, the ISP struggles to meet the needs of customers. Meanwhile, the wholesaler, whose priority is its direct customers, is of little help. As a customer, it's important to choose a provider whose priority is making hosted Exchange its core business.
Don't confuse re-labeling with reselling. Resellers lease or borrow infrastructure and application capacity from wholesalers to sell to customers. The subtle difference is that service delivery is completely up to the wholesaler. In re-labeling, however, service delivery is shared. If your service provider is a reseller, evaluate the wholesaler behind the service.
Large-scale AD and Exchange deployments on a high-availability infrastructure can be extremely complex. Applying multi-tenant configurations doesn't make it any easier. The best hosted Exchange solutions meet requirements while keeping deployments as simple as possible.
A good example of this is an application service provider (ASP) who, after promising several resellers their own unique password policies, took a single domain multi-tenant system and moved it to a root child domain configuration. The outcome: a complex environment riddled with support issues caused by unnecessary complexity. The same requirement could have been met by simply deploying a separate single-forest, single-domain environment for each reseller, which is what eventually happened. Keep simplicity in mind as you evaluate your provider's solution. Otherwise, you may end up with poorly supported service.
One of the best lessons experience teaches is the importance of process. Lack of well-defined processes can seriously undermine your provider's ability to consistently deliver on its reliability, security and scalability claims.
Nowhere is process more important than in a shared system, where any change has the potential to affect all tenants. More than just technology, process is about people carrying out proven, repeatable, documented steps. It should also be measured for effectiveness and continuously adjusted. Whether it's change management or patch management, look for signs of maturity from your provider. Otherwise, you may end up with an inconsistent service.
If a provider can't convince you of its experience and expertise during a trial, you're probably better off with a different provider. The key is to make sure the service you're test driving is the actual production system, and not a dedicated trial system.
|The Good and Bad of Hosted Exchange
- Hands-off service that enables you to focus on your core business
- Fixed-cost (predictable) service, with no high upfront capital costs
- Reliable service, with 99.5 percent or better SLAs
- Secure service, with protection from spam and unwanted content as well as viruses and worms
- Scalable service that keeps up with your business growth or reduction
- Expert service, with experienced MCPs designing, implementing and managing your system
- Low-risk service, with try-before-you-buy and pay-as-you-go options
- Move-in (setup or implementation) costs can vary widely
- Add-on costs can vary widely
- Pre-established password policies
- Performance is based, in part, on your connectivity to the Internet
- Limited customization of Exchange and Active Directory
- Limited or no integration with in-house systems
- SLAs are written to meet the needs of all tenants
30-Day Test Drive
Timing should drive the adoption of hosted Exchange, as the market continues to mature, and the technology continues to improve. As more companies and organizations start considering hosted Exchange as a legitimate option, so will more service providers. The word on the street is that telecommunications companies and other big players will take over the market and offer cheaper and better hosted Exchange with more integrated features such as unified communications. I think of them like the new YMCA coming to my neighborhood: I'll have to check them out, and if they are cheaper and better, I can always switch from Gold's Gym thanks to my pay-as-you-go contract.
Before I signed up with Gold's Gym, I took a tour, asked questions and even tried out the services for a week. Before you sign up with a hosted Exchange service provider, understand the total cost and carefully evaluate reliability, security and scalability claims. Look for signs of experience and expertise, then validate it all by taking a month-long test drive.