Exchange 2019 – Thoughts so far…

Alive and well indeed!

The Public Preview of Exchange 2019 has been available since late June and I’ve been running it through the ringer to learn all I can before the final release this year. In that time, I’ve not yet found that one thing the makes the release exciting for me but there are several things that come very close!

First, is the increase in server resources. While machine hardware continues to improve, Microsoft’s Preferred Architecture for Exchange also increases. Exchange 2019 supports 48 processes as its predecessor but the supported memory increases from 192GB to 256GB. We are condensing servers and moving further away from virtualization my friends! This is an important move for Microsoft since it better supports a cloud architecture plus it allows your large On-Prem environments to further reduce your own footprints.

Other density-driven improvements include using Solid State Drives (SSD) for specific indexing data and another “new” indexing engine. Sorry about the quotes, but this is not the first-time indexing has been changed and I’m holding out for more solid testing before I drink the Bing Kool-Aid. Indexing is back inside the store and so it replicates (again) to the secondary copies. I have high hopes this will speed up searches and Outlook launches. The Bing search engine is terrific of course but we’ll know more about its performance/stability once we see it in action and can perform some real-world testing inside Exchange.

Will the use of Server Core reduce the monthly security updates?

Probably the most exciting change is the inclusion of Windows Server Core as a supported Operating System. While this will certainly lower the attack surface and help stabilize the server, I’m not sure it will reduce the patching cycles as I once hoped. Perhaps it was my own wishful thinking but I had concluded that OS security patches could be reduced if the OS has no UI! Unfortunately, the Windows Update Catalog shows no security patch distinction with Server Core so the same monthly patches are recommended for now. I am wondering if that will change.

Will the ECP now allow for truly global searches?

At present, large organizations must use PowerShell to create a New-ComplianceSearch and then execute .\MBSearchFromComplianceSearch.ps1 to convert it to a Mailbox Search when the search scope is large. For large companies with tens of thousands of mailboxes, this usually means training for the legal teams or a 3rd party tool. The Office365 compliance tools are SAWWWEEET and don’t have this limitation so I’m still hoping some of that trickles down to On-Prem.

Looking forward to Ignite!

In the last 6 weeks, I’ve noted a few other questions and only a couple of concerns so I look forward to what information they release at Ignite.  For example, the Bing indexing changes weren’t in the public preview so real-world testing is a bit limited. Honestly, this version is more dramatic of a change than 2013–>2016 and so most of us are impatiently awaiting the final release!

I’ll keep you posted as I learn more.

 

Advertisements

Arm yourself for battle against an email virus outbreak

The onslaught of ransomware and devious social engineering efforts means it’s only a matter of time before your organization is hit with a major email virus outbreak.

Administrators should prepare on-premises Exchange — and themselves — to quickly stem the bleeding when that malware lands in a user’s inbox. And while the techniques to protect on-premises Exchange Server aren’t new, they are important steps to reduce the effects of an attack. Even if the antivirus scanner fails to detect the threat, there are ways to isolate affected mailboxes, slow the proliferation and even stop the spread of a virus. Have procedures, processes and scripts in place to fight off an email virus outbreak before trouble starts.

The risk chart also indicates the appropriate response based on the severity and distribution of the threat. For example, a widespread distribution of the destructive Locky ransomware warrants a far greater response than when the Tinba malware hits a single mailbox. Use this chart as a baseline to assemble a threat-response plan.

Follow this link to get the processes and scripts you can use to help slow down the attack.

Prevent Extended Exchange Outages

Small problems can turn into large ones in Exchange environments that aren’t regularly monitored, causing the system to deteriorate quickly to the point of outage or even total failure.

There are a few areas to watch to prevent outages in single-sever Exchange environments and large enterprises with multiple servers. Here are three of the most common causes of extended Exchange outages.

Failed/Incomplete Disaster Recovery Plan

A failed recovery is the most common cause of extended Exchange outages. It may sound like circular logic, but if the Exchange environment is down for multiple days, the root cause of the failure is no longer relevant. Don’t let indecision and untested processes fuel a crisis. Every Exchange shop needs to have a detailed plan to recover each of the following: single mailbox, single database, single server and the entire environment.

While there are a number of third-party products that handle disaster recovery, tools and processes included with Microsoft Exchange and Windows Server are good options because Microsoft offers support and documentation for different disaster scenarios. Microsoft provides guidance on how to restore the following — a single mailbox from a database backup, an Exchange Server, a DAG Member Server and dial tone portability, which can solve failures of a mailbox database, server or entire site.

Use these procedures regularly to understand the process and test backups. The processes to restore a database and a single mailbox are not invasive; administrators can perform these procedures on live servers. It’s best to perform these on weekends and after hours to minimize the potential effect on end users.

For the rest of the article, please follow this link to my complete article at Tech Target.

 

Reconnected!

Recognition is always appreciated and last month Microsoft honored me by including me in the MVP Reconnect Program. Its a privilege to be included in the group once more and to be reconnected with so many brilliant and talented people again.

dsc00051

20 Years of Exchange

It was an honor and privilege to be included in a small gathering last night celebrating the 20thdsc00024 Anniversary of Microsoft Exchange. The product group, MVPs and the writers/Rock-Stars were all there to commemorate the landmark achievement.

There were folks in that room who gave me opportunities many years ago to publish articles and chapters in books. Because of their trust and support I was able to branch off and write many more articles, to speak at events and to expand my own horizons within the field. In fact as I looked around the room and shook hands I was humbled by the realization of how many of them have helped me over the years.

This event was not about strategizing the future of email, our careers or even the future of Exchange. This gathering was a pure trip down memory lane and an opportunity for us to reacquaint and reconnect. I don’t know if there will be another version of Exchange but I will continue to help the Exchange community as we continue our migration into the cloud.

Office 365 eDiscovery bolsters an admin’s compliance arsenal

Many organizations contemplating a move to Office 365 have major concerns about security and compliance. Some may even abandon plans to move to the cloud because of compliance worries. Many of the legal and regulatory tasks administrators perform with on-premises Exchange Server can now be replicated with the updated Office 365 eDiscovery tool and other compliance utilities.

Microsoft recently shifted the location of Exchange management tools, and it put most of the retention and compliance utilities in the Office 365 Security & Compliance Center. In fact, the Office 365 eDiscovery feature has more power and versatility than similar tools in on-premises Exchange Server 2013 and 2016, and the Office 365 Exchange administrator console.

Last week, TechTarget published my entire article with walk-throughs, screenshots and lost of details. Follow this link for more details: Office 365 eDiscovery

Exchange 2016 upgrade considerations

For more detailed explanations, scripts and recommendations please follow this link to my article on TechTarget.

It’s tough to leave a good thing. Let’s face it: Exchange 2010 was a solid release. Not only did it bring native support for public folders but it also had direct Remote Procedure Call connections with the option of HTTPS, built-in antispam tools and great third-party support for just about anything we wanted — fax, antivirus and even BlackBerry Enterprise Services.

Unfortunately, Exchange 2010 and the organizations that depend on it are on borrowed time. Microsoft ended mainstream support in early 2015 and extended support is not an option for most of us, so it’s time to start planning an upgrade.

There are well-known compatibility and migration issues that can be solved in advance. With good preparation and planning, Exchange administrators can make the upgrade to Exchange 2013 or 2016 practically invisible to end users. If you follow my list of top five items to handle, then the switch should be fairly painless.

5. Load balancing

Load balancing is not an issue for smaller shops but there are specific differences between Exchange 2010 and later versions that need attention, depending on whether you use F5, NetScaler, or some other hardware or software options.

4. DNS namespaces and certificate planning

What we are really talking about is the names used for Outlook Anywhere (OA), Outlook Web App (OWA), Exchange Control Panel (ECP), ActiveSync (AS), EWS, Offline Address Book (OAB) and Autodiscover. It sounds like a lot but most administrators combine the namespaces for many of these.

3. Third-party compatibility

An organization that relies heavily on a particular add-on should talk to its vendor as soon as possible to see if it can offer a transition plan. Vendors that provide fax, compliance, e-discovery, mobile synchronization or security services, antivirus, backup and recovery, unified messaging and other services do not always have a clear path to newer versions of Exchange.

2. Exchange public folders

I have rated public folders so high because I have seen companies struggle with the transition work in this area for more than a year and severely delay the move from Exchange 2010. The process of moving the folders is cumbersome but even more difficult is the effort needed to identify and determine if a folder and its contents can be removed instead of migrated.

1. Exchange clients

Client software gets top billing in this list. Exchange 2013 and 2016 do not support direct RPC connections for MAPI so you will have to use Outlook 2007 or newer. Also, make sure the Outlook clients are patched.

This is the short list from the entire article but hopefully it helps you with your planning.