planning for exchange server 2007 client access servers
TRANSCRIPT
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
1/144
Planning for Exchange Server 2007 ClientAccess Servers
Microsoft Corporation
Published: June 2007
Author: Microsoft Exchange Documentation eam
Abstracthe purpose of this document is to help !ou plan !our Microsoft Exchange "er#er 2007 Client
Access ser#er deplo!ment$ he information and procedures included in this document focus
on the planning considerations for the design of an Exchange 2007 Client Access ser#er
infrastructure$
Important:
his document is a deplo!ment%specific compilation of se#eral Exchange 2007 &elp
topics and is pro#ided as a con#enience for customers 'ho 'ant to #ie' the topics in
print format$ o read the most up%to%date deplo!ment topics( #isit the Exchange
"er#er 2007 )ibrar!$
http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320 -
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
2/144
*nformation in this document( including +,) and other *nternet -eb site references( is sub.ect
to change 'ithout notice$ +nless other'ise noted( the companies( organi/ations( products(
domain names( e%mail addresses( logos( people( places( and e#ents depicted in examples
herein are fictitious$ o association 'ith an! real compan!( organi/ation( product( domain
name( e%mail address( logo( person( place( or e#ent is intended or should be inferred$
Compl!ing 'ith all applicable cop!right la's is the responsibilit! of the user$ -ithout limiting
the rights under cop!right( no part of this document ma! be reproduced( stored in or
introduced into a retrie#al s!stem( or transmitted in an! form or b! an! means 1electronic(
mechanical( photocop!ing( recording( or other'ise( or for an! purpose( 'ithout the express
'ritten permission of Microsoft Corporation$
Microsoft ma! ha#e patents( patent applications( trademar3s( cop!rights( or other intellectual
propert! rights co#ering sub.ect matter in this document$ Except as expressl! pro#ided in an!
'ritten license agreement from Microsoft( the furnishing of this document does not gi#e !ou
an! license to these patents( trademar3s( cop!rights( or other intellectual propert!$
4 2007 Microsoft Corporation$ All rights reser#ed$
Microsoft( M"%D5"( -indo's( -indo's Media( -indo's Mobile( -indo's ( -indo's
Po'er"hell( -indo's "er#er( -indo's 6ista( Acti#e Director!( Acti#e"!nc( Excel( orefront(
*nternet Explorer( 5utloo3( "harePoint( "mart"creen and 6isual 8asic are either registered
trademar3s or trademar3s of Microsoft Corporation in the +nited "tates and9or other
countries$
All other trademar3s are propert! of their respecti#e o'ners$
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
3/144
ContentsPlanning for Exchange "er#er 2007 Client Access "er#ers$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$
Contents$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ ;
Planning for Exchange 2007 Client Access "er#ers$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
"ecurit! Planning for Client Access "er#ers$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ >
"i/ing Client Access "er#ers$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$?
@eneral "i/ing ,ecommendations$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 7
,eference Architecture Anal!sis$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$7
,ecommended Performance Counters$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$2?
Client Access$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 2
5utloo3 -eb Access$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 2
Exchange Acti#e"!nc$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$2
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
4/144
+nderstanding Exchange Acti#e"!nc Mailbox Policies$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ ;
+nderstanding Mobile De#ice Connecti#it!$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ =?
Cellular Connecti#it!$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$=?
-ireless Connecti#it!$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$=7
+nderstanding Mobile De#ices$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ =7
Exchange Acti#e"!nc Enabled De#ices$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ =7De#ices Enabled for Exchange Acti#e"!nc$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$=
Exchange Acti#e"!nc ,eporting "er#ices$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ >
@enerating Exchange Acti#e"!nc ,eports$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$>
A#ailable Exchange Acti#e"!nc ,eports$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$>2
*nterpreting the *nternet *nformation "er#ices )og iles$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$>2
5#er#ie' of P5P; and *MAP=$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ >
5#er#ie' of Prox!ing$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 7?
5#er#ie' of ,edirection$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 0
Prox!ing 'ith et'or3 )oad 8alancing$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$;
"ummar! of Client Access Methods$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$?
Prox!ing Performance and "calabilit!$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$7
5#er#ie' of Client Access "er#er "ecurit!$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$5#er#ie' of "") for Client Access "er#ers$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
5#er#ie' of +sing *"A "er#er 200? for Client Access$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
+nderstanding "ecurit! for 5utloo3 An!'here$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$?
+sing an Ad#anced ire'all "er#er for 5utloo3 An!'here$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$?+sing "") 'ith 5utloo3 An!'here$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ ?
Configuring Authentication for 5utloo3 An!'here$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$7
Configuring "") for 5utloo3 An!'here$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$7
"") Deplo!ment 5ptions for 5utloo3 An!'here$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Configuring Authentication for 5utloo3 An!'here$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
8asic Authentication and 5utloo3 An!'here$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Direct ile Access$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 2>
Data Access +sing 5utloo3 -eb Access$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 2>
Configuring -eb 8eacon and &M) orm iltering in 5utloo3 -eb Access$$$$$$$$$$$$$$$$$$$$$$$$27
Controlling -eb 8eacon and &M) orm iltering$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$2
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
7/144
Configuring Authentication for 5utloo3 -eb Access$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$2H
5utloo3 -eb Access
70H 5utloo3
An!'here
Exchange Acti#e"!nc:
> reuests per
second
>00 concurrent users
5utloo3 -eb Access:
20 reuests persecond
00 concurrent users
5utloo3 An!'here:
=0 reuests per
second
(=00 concurrent
users
Exchange Acti#e"!nc: >00
5utloo3 -eb Access: 2(=0
5utloo3 An!'here: (
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
21/144
O#tloo% An$here
A select group of Client Access ser#ers 'as used to anal!/e 5utloo3 An!'here performance$
Microsoft measured the total number of -eb connections on each ser#er to determine pea3loads( as 'ell as the number of connection attempts per second 1sec$ able = lists the
performance ob.ect( counter( and instance used to measure these #alues$
1able * 4al#es to #se hen meas#ring O#tloo% An$here connections
Ob5ect Co#nter Instance ,escription
-eb ser#ice Current Connections Kotal he current number
of connections
established 'ith the
-eb ser#ice$
-eb ser#ice Connection
Attempts9sec
Kotal he rate at 'hich
connections to the
-eb ser#ice are
being attempted$
able > pro#ides details about the collected #alues for the preceding load%indicating
performance counters for three of the Client Access ser#ers used to anal!/e
5utloo3 An!'here performance$
1able 6 +ni#e O#tloo% An$here #sers per server )#ring a pea% one.ho#r perio)
Server +ni#e #sers Connection attempts
per secon)
C#rrent connections
CA" ;( ;>$2 22(0;
After anal!/ing the collected data( it 'as found that processor utili/ation 'as not significantl!
affected b! user load for 5utloo3 An!'here$ 5#erall processor utili/ation 'as stable atapproximatel! 2= percent at pea3 load$ )sass$exe and the 'or3er process 1-;'p$exe
hosting the ser#ice 'ere the primar! processor load generators and sho'ed good correlation
'ith total CP+ utili/ation$ )sass$exe and -;'p$exe also sho'ed the highest memor! load(
'ith )sass$exe sho'ing significantl! higher memor! usage than an! other process$ o
indications of net'or3 bottlenec3s 'ere detected( and no significant dis3 acti#it! be!ond
logging and paging 'as obser#ed$
22
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
22/144
O#tloo% &eb Access
A select group of Client Access ser#ers 'as used to anal!/e 5utloo3 -eb Access
performance$ 5n the test ser#ers(
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
23/144
Note:
he A#erage ,euest ime counter also includes Ping ,euest ime( 'hich
significantl! increases A#erage ,euest ime #alues$ As a result( the A#erage,euest ime counter is not a good indicator of general response times$
1able 7 Performance )ata collecte) for Exchange ActiveS$nc
Performance co#nter 4al#e
A#erage ,euest ime 0=$7 sec
Ping Commands Pending 20;$$0( are all
supported$
*f !ou use a de#ice that has -indo's Mobile >$0 and the Messaging "ecurit! and eature
Pac3 1M"P installed( !our mobile de#ice 'ill support Direct Push$ Direct Push is a
technolog! that is built into Exchange Acti#e"!nc that 3eeps a mobile de#ice continuousl!
s!nchroni/ed 'ith an Exchange mailbox$
or more information about Exchange Acti#e"!nc( see the follo'ing:
5#er#ie' of Exchange Acti#e"!nc
Deplo!ing Exchange Acti#e"!nc
Managing Exchange Acti#e"!nc
POP( an) I'AP*n addition to supporting MAP* and &P clients( Exchange "er#er 2007 also supports P5P;
and *MAP= clients$ 8! default( P5P; and *MAP= are installed but the ser#ices are disabled
'hen !ou install the Client Access ser#er role$
or more information about P5P; and *MAP=( see the follo'ing:
&o' to "tart and "top the P5P; "er#ice
&o' to "tart and "top the *MAP= "er#ice
1he Availabilit$ Servicehe Exchange 2007 A#ailabilit! ser#ice impro#es free9bus! data access for information
'or3ers b! pro#iding secure( consistent( and up%to%date free9bus! data to computers that are
running Microsoft 5ffice 5utloo3 2007$ 5utloo3 2007 uses the Autodisco#er ser#ice to obtain
the +,) of the A#ailabilit! ser#ice$ he Autodisco#er ser#ice resembles the Domain ame
"!stem 1D" -eb ser#ice for 5utloo3 2007$ Essentiall!( the Autodisco#er ser#ice helps
5utloo3 2007 locate #arious -eb ser#ices( such as the Microsoft Exchange +nified
Messaging( 5ffline Address 8oo3( and A#ailabilit! ser#ices$
2
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
29/144
or more information about the A#ailabilit! ser#ice( see the follo'ing:
Managing the A#ailabilit! "er#ice
1he A#to)iscover Servicehe Autodisco#er ser#ice enables 5utloo3 clients and some mobile de#ices to recei#e their
necessar! profile settings directl! from the Exchange ser#er b! using the clients domain
credentials$ hese settings automaticall! update the client 'ith the information that is needed
to create the users profile$
or more information about the Autodisco#er ser#ice( see the follo'ing$
5#er#ie' of the Autodisco#er "er#ice
+nderstanding Exchange Acti#e"!nc Autodisco#er
Managing the Autodisco#er "er#ice
Ne Client "#nctionalit$
Man! client%side impro#ements in features and functionalit! are included in
Microsoft Exchange 2007 +nified Messaging$ he ne' features include the
5utloo3 -eb Access client that has +nified Messaging configuration pages( 5utloo3 6oice
Access for subscriber access( a #oice mail client for Microsoft 5ffice 5utloo3 2007( and an
impro#ed 5utloo3 experience on mobile de#ices$ his section pro#ides information about thene' and impro#ed client features that are included in Exchange 2007 +nified Messaging$
Microsoft Exchange 2007 also includes se#eral feature and functionalit! impro#ements for
the information 'or3er$ hese include impro#ements and enhancements to calendaring and
messaging records management$
+nifie) 'essaging+nified Messaging is ne' to the Microsoft Exchange product famil!$ +nified Messaging
enables Exchange 2007 recipients to store e%mail( #oice mail( and fax messages in one
*nbox$ "e#eral client%side features are a#ailable to recipients 'ho are enabled for +nified
Messaging$ or more information about the ne' +nified Messaging client features( see Client
eatures in +nified Messaging$
Note:
-hen !ou are using Microsoft Exchange Acti#e"!nc on a mobile de#ice( !ou can
open a #oice message in !our mailbox and listen to the attached $'ma file that
contains the #oice message$ he ad#anced +nified Messaging features found in the
;0
http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320 -
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
30/144
premium #ersion of 5utloo3 -eb Access( such as the #oice mail configuration
options( are una#ailable in 5utloo3 -eb Access )ight$
Ca#tion:
-hen !ou are using 5utloo3 -eb Access )ight and Poc3et *nternet Explorer on a
mobile de#ice( !ou ma! be able to listen to a #oice message b! using the $'ma
attachment that is described in Client eatures in +nified Messaging$ &o'e#er( this
configuration is not supported$
O#tloo% &eb Access5utloo3 -eb Access in Exchange 2007 has been redesigned to enhance the end%user
experience and producti#it!$ 5utloo3 -eb Access includes man! ne' features and
impro#ements that are not found in earlier #ersions of Microsoft Exchange$ eatures such assmart meeting boo3ing( -indo's "harePoint "er#ices and -indo's file shares integration(
and the abilit! to manage mobile de#ices are no' a#ailable$ 5utloo3 -eb Access also
includes impro#ements in search( reminders( the 5utloo3 -eb Access address boo3( and
other messaging options$
or more information about the ne' client features found in 5utloo3 -eb Access( seeClient
eatures in 5utloo3 -eb Access$
Exchange ActiveS$nc an) 'obilit$
Exchange 2007 offers a significantl! impro#ed 5utloo3 user experience on mobile de#ices$ *talso includes impro#ed securit! and better mobile de#ice management$ o additional
soft'are or outsourcing fees are necessar! to access data from a mobile de#ice b! using
Exchange Acti#e"!nc$ or more information about the ne' client features found in
Exchange Acti#e"!nc( see Client eatures *n Exchange Acti#e"!nc$
Calen)aringhe impro#ed calendaring feature in Exchange 2007 helps resol#e reliabilit! issues(
enhances the scheduling process( and encourages more sharing of calendar information$
5#erall( these impro#ements ma3e Microsoft Exchange and 5utloo3 calendaring a more
reliable and efficient tool for time management$
Cache) Exchange 'o)eBou can configure the clients on !our net'or3 that are using earlier #ersions of 5utloo3 and
5utloo3 2007 to use Cached Exchange Mode 'ith Exchange 2007$
&o'e#er( Exchange 2007 pro#ides a ne' notification mechanism for 5utloo3 2007 clients
;
http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320 -
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
31/144
that enables the clients that are running in Cached Exchange Mode to start do'nloading ne'
messages more uic3l! than 'ith earlier #ersions of Microsoft Exchange$
'essaging !ecor)s 'anagemento compl! 'ith legal( regulator!( or business process reuirements( man! organi/ations must
process( filter( modif!( andjournal1for'ard e%mail messages that are transferred to and from
their organi/ation and the *nternet and bet'een people in the organi/ation$ Administrators
can use the messaging records management features in Exchange 2007 to help users and
organi/ations 3eep the messages the! need for business or legal reasons and to
discard messages that the! do not ha#e to 3eep$ his is done b! using managed folders$
Managed folders in the users mailbox to 'hich retention policies ha#e been applied$ he
administrator or the user puts these managed folders in the users mailbox( and then the user
sorts messages into the managed folders according to organi/ation polic!$ Messagesincluded in these managed folders are periodicall! processed according to the retention
policies$ -hen a message reaches a retention limit( it can be .ournaled( deleted( mo#ed to
another folder( or mar3ed as past its retention date$
"or 'ore Information
or more information about Exchange 2007 +nified Messaging( see +nified
Messaging$
or more information about Exchange 2007 5utloo3 -eb Access( see 5#er#ie' of
5utloo3 -eb Access$
or more information about Exchange 2007 mobilit! and Exchange Acti#e"!nc( see
5#er#ie' of Exchange Acti#e"!nc$
or more information about ne' and impro#ed information 'or3er functionalit!( see
e' *nformation -or3er unctionalit!$
Overvie of Exchange ActiveS$nc
8! default( 'hen !ou install the Client Access ser#er role on a computer that is running
Microsoft Exchange "er#er 2007( !ou enable Microsoft Exchange Acti#e"!nc$Exchange Acti#e"!nc lets !ou s!nchroni/e a mobile de#ice 'ith !our Exchange 2007
mailbox$
;2
http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320 -
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
32/144
Overvie of Exchange ActiveS$ncExchange Acti#e"!nc is an Microsoft Exchange s!nchroni/ation protocol that is optimi/ed to
'or3 together 'ith high%latenc! and lo'%band'idth net'or3s$ he protocol( based on &P
and M)( lets de#ices such as bro'ser%enabled cellular telephones or Microsoft -indo's
MobileN po'ered de#ices access an organi/ations information on a ser#er that is running
Microsoft Exchange$ Exchange Acti#e"!nc enables mobile de#ice users to access their e%
mail( calendar( contacts( and tas3s and to continue to be able to access this information 'hile
the! are 'or3ing offline$
Note:
Exchange Acti#e"!nc can s!nchroni/e e%mail messages( calendar items( contacts(
and tas3s$ Bou cannot use Exchange Acti#e"!nc to s!nchroni/e notes in
Microsoft 5utloo3$
Ne "eat#res in Exchange ActiveS$ncExchange Acti#e"!nc has been enhanced in Exchange "er#er 2007$ he follo'ing are some
of the ne' and enhanced features:
"upport for &M) messages
"upport for follo'%up flags
"upport for fast message retrie#al
Meeting attendee information
Enhanced Exchange "earch
-indo's "harePoint "er#ices and +ni#ersal aming Con#ention 1+C document
access
P* reset
Enhanced de#ice securit! through pass'ord policies
Autodisco#er for o#er the air pro#isioning
"upport for 5ut of 5ffice configuration
"upport for tas3s s!nchroni/ation
Direct Push
Note:
he abilit! to use Autodisco#er depends on the mobile de#ice operating s!stem that
!ou are using$ ot all mobile de#ice operating s!stems that support s!nchroni/ation
'ith Exchange "er#er 2007 also support Autodisco#er$ or more information about
;;
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
33/144
'hich operating s!stems support Autodisco#er( contact the manufacturer of !our
mobile de#ice$
Note:
Man! of these features reuire the use of the latest #ersion of -indo's Mobile that is
currentl! in de#elopment$
or more information about the ne' features in Exchange Acti#e"!nc( see Client eatures in
Exchange Acti#e"!nc$
'anaging Exchange ActiveS$nc8! default( Exchange Acti#e"!nc is enabled$ All users 'ho ha#e an Exchange mailbox can
s!nchroni/e their mobile de#ice 'ith the Microsoft Exchange ser#er$
Bou can perform the follo'ing Exchange Acti#e"!nc tas3s:
Enable and disable Exchange Acti#e"!nc for users
"et policies such as minimum pass'ord length( de#ice loc3ing( and maximum failed
pass'ord attempts
*nitiate a remote 'ipe to clear all data off a lost or stolen de#ice
,un a #ariet! of reports for #ie'ing or exporting into a reporting solution
Sec#rit$ in Exchange ActiveS$nc
Bou can configure Exchange Acti#e"!nc to use "ecure "oc3ets )a!er 1"") encr!ption for
communications bet'een the Exchange ser#er and the mobile de#ice client$ Certificate%
based authentication 'or3s 'ith a self%signed certificate( a certificate from an existing public
3e! infrastructure( or a third%part! commercial certificate$ Bou can use certificate%based
authentication together 'ith other securit! features( such as local de#ice 'ipe and a de#ice
pass'ord( to turn the mobile de#ice into a smartcard$ he pri#ate 3e! and certificate for client
authentication are stored in memor! on the de#ice$ *f an unauthori/ed user tries to b!pass the
de#ice pass'ord( all user data is purged$ his includes the certificate and pri#ate 3e!$ or
more securit!( !ou can deplo! ,"A "ecur*D t'o%factor authentication on the Exchange
ser#er$
,evice Sec#rit$ "eat#res in Exchange ActiveS$nc
*n addition to the abilit! to configure securit! options for communications bet'een the
Exchange ser#er and !our mobile de#ices( Exchange Acti#e"!nc offers the follo'ing features
to enhance the securit! of mobile de#ices:
!emote ipe *f !our de#ice is lost( stolen( or other'ise compromised( !ou can
issue a remote 'ipe command from the Exchange "er#er computer or from an! -eb
;=
http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320 -
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
34/144
bro'ser b! using Microsoft 5ffice 5utloo3 -eb Access$ his command erases all data
from the mobile de#ice$
,evice passor) policies Exchange Acti#e"!nc lets !ou configure se#eral optionsfor !our de#ice pass'ord$ hese options include the follo'ing:
'inim#m passor) length
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
35/144
Cellular telephones that ha#e -indo's MobileN >$0 and the Messaging O "ecurit!
eature Pac3 1M"P and later #ersions of -indo's Mobile soft'are$
Cellular telephones or mobile de#ices that are produced b! Exchange Acti#e"!nclicensees and are designed specificall! to be Direct Push compatible$
8! default( Direct Push is enabled in Exchange 2007$ Mobile de#ices that support Direct
Push issue a long%li#ed &P" reuest to the Exchange ser#er$ he Exchange ser#er
monitors acti#it! on the users mailbox and sends a response to the de#ice if there are an!
changes( such as ne' or changed e%mail messages or calendar or contact items$ *f changes
occur 'ithin the lifespan of the &P" reuest( the Exchange ser#er issues a response to
the de#ice that states that changes ha#e occurred and the de#ice should initiate
s!nchroni/ation 'ith the Exchange ser#er$ he de#ice then issues a s!nchroni/ation reuest
to the ser#er$ -hen s!nchroni/ation is complete( a ne' long%li#ed &P" reuest is
generated to start the process o#er again$ his guarantees that e%mail( calendar( contact( and
tas3 items are deli#ered uic3l! to the mobile de#ice and the de#ice is al'a!s s!nchroni/ed
'ith the Exchange ser#er$
,irect P#sh 1opolog$
igure illustrates a t!pical Exchange "er#er 2007 topolog! that is configured for Direct
Push$ his figure assumes that !ou ha#e the Client Access ser#er role and the Mailbox ser#er
role installed on t'o separate Exchange "er#er computers$ Bou can also install both ser#er
roles on the same ph!sical Exchange 2007 computer$
"ig#re ,irect P#sh Netor% ,esign
;?
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
36/144
Direct Push operates in the follo'ing 'a!:$ A mobile de#ice that is configured to s!nchroni/e 'ith an Exchange 2007 ser#er
issues an &P" reuest to the ser#er$ his reuest is 3no'n as a ping$ he reuest
tells the ser#er to notif! the de#ice if an! items change in an! folder that is configured to
s!nchroni/e in the next > minutes$ 5ther'ise( the ser#er should return an &P 200 5
message$ he mobile de#ice 'ill then stand b!$ he >%minute time span is 3no'n as a
heartbeat inter#al$
2$ *f no items change in > minutes( the ser#er returns a response of &P 200 5$
he mobile de#ice recei#es this response( resumes acti#it! 1called waking up( and
issues its reuest again$ his restarts the process$
;$ *f an! items change or ne' items are recei#ed 'ithin the > minute heartbeatinter#al( the ser#er sends a response that informs the mobile de#ice that there is a ne' or
changed item and the name of the folder in 'hich the ne' or changed item resides$ After
the mobile de#ice recei#es this response( it issues a s!nchroni/ation reuest for the
folder that has the ne' or changed items$ -hen s!nchroni/ation is complete( the mobile
de#ice issues a ne' ping reuest and the 'hole process starts o#er$
;7
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
37/144
Direct Push depends on net'or3 conditions that support a long%standing &P" reuest$ *f
the carrier net'or3 for the mobile de#ice or the fire'all does not support long%standing
&P" reuests( the &P" reuest is stopped$ he follo'ing steps describe ho' Direct
Push operates 'hen a mobile de#ices carrier net'or3 has a time%out #alue of ; minutes$
$ A mobile de#ice issues an &P" reuest to the ser#er$ he reuest tells the ser#er
to notif! the de#ice if an! items change in an! folder that is configured to s!nchroni/e in
the next > minutes$ 5ther'ise( the ser#er should return an &P 200 5 message$ he
mobile de#ice then stands b!$
2$ *f the ser#er does not respond after > minutes( the mobile de#ice 'a3es up and
concludes that the connection to the ser#er 'as timed out b! the net'or3$ he de#ice
reissues the &P" reuest( but this time uses a heartbeat inter#al of eight minutes$
;$ After eight minutes( the ser#er sends an &P 200 5 message$ he de#ice 'ill
then tr! to gain a longer connection b! issuing a ne' &P" reuest to the ser#er thathas a heartbeat inter#al of 2 minutes$
=$ After four minutes( a ne' e%mail message is recei#ed and the ser#er responds b!
sending an &P" reuest that tells the de#ice to s!nchroni/e$ he de#ice s!nchroni/es
and reissues the &P" reuest that has a heartbeat of 2 minutes$
>$ After 2 minutes( if there are no ne' or changed items( the ser#er responds b!
sending an &P 200 5 message$ he de#ice 'a3es up and concludes that net'or3
conditions 'ill support a heartbeat inter#al of 2 minutes$ he de#ice 'ill then tr! to gain
a longer connection b! reissuing an &P" reuest that has a heartbeat inter#al of ?
minutes$
?$ After ? minutes( no response is recei#ed from the ser#er$ he de#ice 'a3es up andconcludes that net'or3 conditions cannot support a heartbeat inter#al of ? minutes$
8ecause this failure occurred directl! after the de#ice tried to increase the heartbeat
inter#al( it concludes that the heartbeat inter#al has reached its maximum limit$ he
de#ice then issues an &P" reuest that has a heartbeat inter#al of 2 minutes
because this 'as the last successful heartbeat inter#al$
he mobile de#ice tries to use the longest heartbeat inter#al the net'or3 supports$ his
extends batter! life on the de#ice and minimi/es the amount of data that is transferred o#er
the net'or3$ Mobile carriers can specif! a maximum( minimum( and initial heartbeat #alue in
the registr! settings for the mobile de#ice$
Config#ring ,irect P#sh to &or% 1hro#gh >o#r "ireall
or Direct Push to 'or3 through !our fire'all( !ou must open the follo'ing ports:
*f !ou ha#e the Client Access ser#er role and the Mailbox ser#er role installed on t'o
separate Exchange "er#er computers( !ou must open CP port ;> for the ,PC locator
ser#ice on an! internal fire'all that is bet'een the t'o Exchange "er#er computers$
;
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
38/144
CP port ==; is reuired for "ecure "oc3ets )a!er 1"") and must be opened
bet'een the *nternet and the Exchange "er#er computer that has the Client Access
ser#er role installed$
*n addition to opening ports on !our fire'all( for optimal Direct Push performance( !ou should
increase the time%out #alue on !our fire'all from the default to > to ;0 minutes$ he
maximum length of the &P" reuest is determined b! the follo'ing settings:
he maximum time%out that is set on the fire'alls that control the traffic from the
*nternet to the Exchange ser#er that has the Client Access ser#er role installed
he fire'all time%outs that are set b! the mobile carrier
A short time%out #alue causes the de#ice to initiate a ne' &P" reuest more freuentl!$
his can shorten batter! life on !our de#ice$ or more information about ho' to configure
!our fire'all( see the*"A "er#er Product Documentation$
"or 'ore Information
or more information about Direct Push and ho' to s!nchroni/e mobile de#ices 'ith
Exchange 2007( see the follo'ing:
&o' to Configure Mobile De#ices to "!nchroni/e 'ith Exchange "er#er
+nderstanding Mobile De#ices
+nderstanding Mobile De#ice Connecti#it!
+n)erstan)ing Exchange ActiveS$nc'ailbox Policies
his section discusses Exchange Acti#e"!nc mailbox policies and ho' the! can be used in
!our Microsoft Exchange "er#er 2007 en#ironment$
OvervieExchange Acti#e"!nc mailbox policies let !ou appl! a common set of polic! or securit!
settings to a user or group of users$ able summari/es the settings that !ou can specif! b!
using Exchange Acti#e"!nc mailbox policies$
1able Exchange ActiveS$nc mailbox polic$ settings
;
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
39/144
Setting ,escription
Allo' non%pro#isionable de#ices Allo's older de#ices 1those that do not
support Exchange Acti#e"!nc mailbox
policies to connect to Exchange 2007 b!
using Exchange Acti#e"!nc$
Allo' simple pass'ord Enables or disables the abilit! to use a simple
pass'ord such as 2;=$
Alphanumeric pass'ord reuired ,euires that a pass'ord contains numeric
and non%numeric characters$
Attachments enabled Enables attachments to be do'nloaded to the
mobile de#ice$
De#ice encr!ption enabled Enables encr!ption on the de#ice$
Pass'ord enabled Enables the de#ice pass'ord$
Pass'ord expiration Enables the administrator to configure a
length of time after 'hich a de#ice pass'ord
must be changed$
Pass'ord histor! he number of past pass'ords stored in the
users mailbox$ A user cannot reuse a
pre#iousl! stored pass'ord$
Polic! refresh inter#al Defines ho' freuentl! the de#ice updates
the Exchange Acti#e"!nc polic! from the
ser#er$
Maximum attachment si/e "pecifies the maximum si/e of attachments
that are automaticall! do'nloaded to the
de#ice$
Maximum failed pass'ord attempts "pecif ies ho' man! times an incorrect
pass'ord can be entered before the de#ice
performs a 'ipe of all data$
Maximum inacti#it! time loc3 "pecifies the length of time a de#ice can go
'ithout user input before it loc3s$
Minimum pass'ord length "pecifies the minimum pass'ord length$
Pass'ord reco#er! Enables the de#ice pass'ord to be reco#ered
from the ser#er$
+C file access Enables access to files stored on +ni#ersal
aming Con#ention 1+C shares$
=0
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
40/144
Setting ,escription
-"" file access Enables access to files stored on
Microsoft -indo's "harePoint "er#ices sites
or example( !ou can create a polic! that !ou appl! to all users in !our Exchange
organi/ation$ able 2 lists the settings that this polic! could ha#e$
1able 2 Sample Exchange ActiveS$nc mailbox polic$ settings for all #sers
Setting 4al#e
Allo' non%pro#isionable de#ices alse
Allo' simple pass'ord alse
Alphanumeric pass'ord reuired rue
Attachments enabled rue
De#ice encr!ption enabled rue
Pass'ord enabled rue
Pass'ord expiration 0 da!s
Pass'ord histor! pass'ords stored
Maximum attachment si/e >00 3ilob!tes 18
Maximum failed pass'ord attempts =
Minimum pass'ord length =
+C file access Disabled
-"" file access Disabled
Note:
Bou do not ha#e to specif! all polic! settings 'hen !ou create a ne'
Exchange Acti#e"!nc mailbox polic!$ An! polic! setting that !ou do not explicitl! set
'ill retain its default #alue$
Exchange Acti#e"!nc mailbox policies can be created in the Exchange Management Console
or the Exchange Management "hell$ *f !ou create a polic! in the Exchange Management
Console( !ou can configure onl! a subset of the a#ailable settings$ Bou can configure the rest
of the settings b! using the Exchange Management "hell$
Bou do not ha#e to assign a user to an Exchange Acti#e"!nc mailbox polic!$ able ;
summari/es the polic! settings that are used if !ou do not assign a user to a polic!$
=
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
41/144
1able ( ,efa#lt Exchange ActiveS$nc settings
Setting 4al#e
Allo' non%pro#isionable de#ices rue
Allo' simple pass'ord alse
Alphanumeric pass'ord reuired alse
Attachments enabled rue
De#ice encr!ption enabled alse
Pass'ord enabled alse
Pass'ord expiration +nlimited
Pass'ord histor! 0
Polic! refresh inter#al +nlimited
Document bro'sing enabled rue
Maximum attachment si/e +nlimited
Maximum failed pass'ord attempts =
Maximum inacti#it! time loc3 > minutes
Minimum pass'ord length =
Pass'ord reco#er! Disabled
+C file access Enabled
-"" file access Enabled
Exchange ActiveS$nc 'ailbox Polic$ Examplesigure 2 illustrates ho' Exchange Acti#e"!nc mailbox policies can be created to control a
#ariet! of settings for three different groups of users$
=2
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
42/144
"ig#re 2 Example of Exchange ActiveS$nc mailbox policies
"or 'ore Information
or more information about ho' to manage Exchange Acti#e"!nc b! using policies( see
Managing Exchange Acti#e"!nc 'ith Policies$
+n)erstan)ing !emote ,evice &ipe
5ne of the enhanced features a#ailable in Microsoft Exchange "er#er 2007 is the abilit! to
perform a remote de#ice 'ipe of a mobile de#ice$ ,emote de#ice 'ipe is a feature that
enables the Exchange ser#er to set a mobile de#ice to delete all data the next time that the
de#ice connects to the Exchange ser#er$
A remote de#ice 'ipe returns a de#ice to its factor! default condition$ his can be useful'hen a de#ice is lost( stolen( or other'ise compromised( or 'hen a de#ice has to be
reassigned from one user to another$
OvervieMobile de#ices can store sensiti#e corporate data and pro#ide access to man! corporate
resources$ *f a de#ice is lost or stolen( that data can be compromised$ hrough
=;
http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320 -
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
43/144
Exchange Acti#e"!nc policies( !ou can add a pass'ord reuirement to !our mobile de#ices$
his reuires that users enter a pass'ord to access their de#ice$ -e recommend that( in
addition to reuiring a de#ice pass'ord( !ou configure !our de#ices to automaticall! prompt
for a pass'ord after a period of inacti#it!$ he combination of a de#ice pass'ord and
inacti#it! loc3ing pro#ides more securit! for !our corporate data$
*n addition to these features( Exchange 2007 pro#ides remote de#ice 'ipe$ Bou can issue a
remote 'ipe command from the Exchange Management "hell$ +sers can issue their o'n
remote 'ipe commands from the 5utloo3 -eb Access user interface$
he remote de#ice 'ipe feature also includes a confirmation function that 'rites a timestamp
in the s!nc state data of the users mailbox$ his timestamp is displa!ed in
5utloo3 -eb Access and in the users mobile de#ice properties dialog box in the Exchange
Management Console$
Important:
*n addition to resetting the de#ice to factor! default condition( a remote de#ice 'ipe
also deletes an! data on an! storage card that is inserted in the de#ice$ *f !ou are
performing a remote de#ice 'ipe on a de#ice in !our possession and 'ant to retain
the data on the storage card( remo#e the storage card before !ou initiate the remote
de#ice 'ipe$
!emote ,evice &ipe vs? 3ocal ,evice &ipe
)ocal de#ice 'ipe is the mechanism b! 'hich a de#ice 'ipes itself 'ithout the reuest
coming from the ser#er$ *f !our organi/ation has implemented Exchange Acti#e"!nc policies
that specif! a maximum number of pass'ord attempts and that maximum is exceeded( the
de#ice 'ill perform a local de#ice 'ipe$ he result of a local de#ice 'ipe is the same as that
of a remote de#ice 'ipe$ he de#ice is returned to its factor! default condition$ -hen a de#ice
performs a local de#ice 'ipe( no confirmation is sent to the Exchange ser#er$
"or 'ore Information
or more information about the remote de#ice 'ipe feature( see the follo'ing:
&o' to Perform a ,emote -ipe on a De#ice
Clear%Acti#e"!ncDe#ice
==
http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=79424http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=79424 -
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
44/144
+n)erstan)ing Exchange ActiveS$nc
A#to)iscoverMicrosoft Exchange "er#er 2007 introduces a ne' ser#ice that ma3es it easier to pro#ision
de#ices for end users$ he Autodisco#er ser#ice simplifies the pro#isioning of !our mobile
de#ice b! returning the reuired s!stem settings after !ou enter !our e%mail address and
pass'ord$ 8! default( the Autodisco#er ser#ice is enabled in Exchange 2007$
Overvie of A#to)iscover ith ExchangeActiveS$nc
*f !our mobile de#ice supports Autodisco#er( !ou can configure !our de#ice to s!nchroni/e'ith Exchange 2007$ igure ; illustrates this s!nchroni/ation process$
"ig#re ( +sing A#to)iscover ith Exchange ActiveS$nc
$ he user enters their e%mail address and pass'ord on the de#ice$
2$ he de#ice connects to a root D" ser#er to retrie#e the +,) for the Autodisco#er
ser#ice and the *P address for the users domain$
;$ he de#ice uses a "ecure "oc3ets )a!er 1"") connection to connect through the
fire'all to the Autodisco#er ser#ice #irtual director!$ he Autodisco#er ser#ice assembles
the M) response based on the ser#er s!nchroni/ation settings$
=$ he Autodisco#er ser#ice sends the M) response through the fire'all o#er "")$
his M) response is interpreted b! the de#ice and s!nchroni/ation settings are
configured automaticall! on the de#ice$
=>
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
45/144
Note:
he abilit! to use Autodisco#er depends on the operating s!stem of the mobile
de#ice that !ou are using$ ot all mobile de#ice operating s!stems that supports!nchroni/ation 'ith Exchange "er#er 2007 support Autodisco#er$ or more
information about operating s!stems that support Autodisco#er( contact the
manufacturer of !our de#ice$
Note:
-indo's Mobile >$0 and -indo's Mobile ?$0 do not support Autodisco#er$
"or 'ore Information
or more information about ho' to manage the Autodisco#er ser#ice( see Managing the
Autodisco#er "er#ice$
+n)erstan)ing 'obile ,evice Connectivit$
A 'ide #ariet! of mobile de#ices can s!nchroni/e 'ith Microsoft Exchange "er#er 2007$ Most
mobile de#ices that s!nchroni/e 'ith Exchange 2007 are cellular telephones$ hese
de#ices can run operating s!stems such as -indo's Mobile( "!mbian( Palm( and o3ia$ or
an o#er#ie' of the different mobile de#ices that are enabled for Exchange Acti#e"!nc( see
+nderstanding Mobile De#ices$
,egardless of the t!pe of de#ice that !ou select( there are t'o primar! 'a!s to connect toExchange 2007: b! using cellular connecti#it! and b! using 'ireless connecti#it!$ his section
pro#ides an o#er#ie' of the t'o connecti#it! options$
Cell#lar Connectivit$All mobile de#ices that are enabled for Exchange Acti#e"!nc can use cellular connecti#it! to
s!nchroni/e 'ith Exchange 2007$ here are se#eral different t!pes of cellular data net'or3s$
,egardless of the t!pe of cellular data net'or3 that !our mobile de#ice uses( the method of
s!nchroni/ation is the same$ *f the operating s!stem of !our de#ice is -indo's Mobile >$0
'ith the Messaging O "ecurit! eature Pac3 or -indo's Mobile ?$0( s!nchroni/ation is
accomplished through Direct Push$ *f !our de#ice has another operating s!stem( manual
s!nchroni/ation is used$ -hen a de#ice uses Direct Push to s!nchroni/e 'ith
Exchange 2007( it establishes a long%standing &P" connection 'ith the Exchange ser#er$
-hen the connection is first established( the de#ice sets a 'hat is called a heartbeat inter#al$
he default heartbeat inter#al is > minutes$ *f an! ne' messages are added to monitored
folders on the Exchange ser#er 'ithin this heartbeat inter#al( the ser#er informs the de#ice
and the de#ice initiates s!nchroni/ation$ -hen s!nchroni/ation is complete( a ne' &P"
=?
http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320 -
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
46/144
reuest is initiated and the process is repeated$ or more information about Direct Push( see
+nderstanding Direct Push$
Cellular data plans can charge b! the minute( b! the megab!te( or offer unlimited datatransfer$ -hen !ou use a cellular data connection 'ith Exchange 2007 Direct Push( 'e
recommend purchasing an unlimited data plan$
&ireless Connectivit$Man! of the mobile de#ices that are enabled for Exchange Acti#e"!nc can connect to a
'ireless )A$ Connecting to a 'ireless )A can pro#ide faster net'or3 speeds and better
co#erage in areas 'here cellular co#erage is unreliable$ *n addition( 'ireless access is
sometimes offered at commercial locations such as coffee shops and boo3 stores$ he
primar! disad#antage to using 'ireless connecti#it! is that Direct Push 'ill not 'or3 o#er a
'ireless )A$ +sers 'ho connect o#er a 'ireless )A can perform manual s!nchroni/ations
or configure scheduled s!nchroni/ations as freuentl! as e#er! fi#e minutes$
"or 'ore Information
or more information( see the follo'ing:
+nderstanding Mobile De#ices
+nderstanding Direct Push
+n)erstan)ing 'obile ,evices
Mobile de#ices that are enabled for Exchange Acti#e"!nc enable users to access most
of their Microsoft Exchange mailbox data an! time( an!'here$ here are a #ariet! of different
de#ices that are enabled for Exchange Acti#e"!nc$ hese include -indo's Mobile po'ered
de#ices( o3ia de#ices( and Palm de#ices$ his section pro#ides an o#er#ie' of these mobile
de#ices$
Exchange ActiveS$nc Enable) ,evicesExchange Acti#e"!nc is a communications protocol that enables mobile access( o#er the air(
to e%mail messages( scheduling data( contacts( and tas3s$ Exchange Acti#e"!nc is a#ailable
on -indo's Mobile po'ered de#ices and third%part! de#ices that are enabled for
Exchange Acti#e"!nc$
Exchange Acti#e"!nc offers Direct Push technolog!$ Direct Push uses an encr!pted &P"
connection that is established and maintained bet'een the de#ice and the ser#er to push
ne' e%mail messages and other Exchange data to the de#ice$
=7
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
47/144
o use Direct Push 'ith Exchange 2007( !our users must ha#e a mobile de#ice that is
running -indo's Mobile >$0 'ith the Messaging O "ecurit! eature Pac3 or another mobile
operating s!stem that is designed to support Direct Push$
Note:
he Messaging O "ecurit! eature Pac3 includes support for Direct Push( ser#er%
based securit! policies( remote de#ice 'ipe( as3 s!nchroni/ation( global address
boo3 loo3up( and man! other features$
Exchange ActiveS$nc "eat#res
Exchange Acti#e"!nc pro#ides access to a #ariet! of features$ hese features enable !ou to
enforce de#ice securit! policies$ 8! using Exchange 2007( !ou can configure multiple
Exchange Acti#e"!nc policies and control 'hich de#ices can s!nchroni/e 'ith !our
Exchange ser#er$ Exchange Acti#e"!nc enables !ou to send a remote de#ice 'ipe command
that 'ipes all data from an existing de#ice in case that de#ice is lost or stolen$ +sers can also
initiate a remote de#ice 'ipe from Microsoft 5ffice 5utloo3 -eb Access$
or more information about Exchange Acti#e"!nc( see5#er#ie' of Exchange Acti#e"!nc$
Note:
Access to some of the features described in this section reuire either -indo's
Mobile >$0 'ith the Messaging O "ecurit! eature Pac3 or the next #ersion
of -indo's Mobile soft'are that is currentl! in de#elopment$ or more information(
see !our de#ice documentation$
,evices Enable) for Exchange ActiveS$nc+sers can ta3e ad#antage of Exchange Acti#e"!nc b! selecting mobile de#ices that are
compatible 'ith Exchange Acti#e"!nc$ hese de#ices are a#ailable from a #ariet! of
manufacturers$ Most of these de#ices do not support Direct Push$ &o'e#er( the! do support
s!nchroni/ation 'ith Microsoft Exchange$ or more information( see the de#ice
documentation$
"ome of the de#ices that are compatible 'ith Microsoft Exchange include the follo'ing:
No%ia o3ia offers Mail for Exchange on their Eseries mobile de#ices$ E%mail(
calendar( and contact data can be s!nchroni/ed o#er a cellular net'or3 or a 'ireless
)A$
Son$ Ericsson "on! Ericsson offers Exchange Acti#e"!nc support on se#eral of
their ne'er smartphone de#ices$ he! also support Direct Push through a third%part!
program$
=
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
48/144
Palm Palm offers t'o smartphones that ha#e the -indo's Mobile >$0 operating
s!stem$ hese de#ices support Direct Push$ Palm also supports Exchange Acti#e"!nc on
the reo ?>0 and ?0 series smartphones$ hese de#ices do not support Direct Push$
'otorola Motorola has its o'n s!nchroni/ation frame'or3 that enables o#er%the%air
s!nchroni/ation through Exchange Acti#e"!nc on a #ariet! of its de#ices$
S$mbian "!mbian )imited licenses Exchange Acti#e"!nc for use in the "!mbian
operating s!stem$ his operating s!stem is an open standard operating s!stem for mobile
telephones$
&in)os 'obile Softare "eat#re 'atrix
Mobile de#ices that ha#e a #ersion of -indo's Mobile soft'are as their operating s!stem
offer the greatest functionalit! 'hen s!nchroni/ing 'ith Exchange 2007$ able = illustrates
some of the features that are a#ailable 'ith the different #ersions of
-indo's Mobile soft'are$
1able * &in)os 'obile softare feat#re matrix
=
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
49/144
Operating S$stem Pro)#ctivit$
Enhancements
Sec#rit$
Enhancements
A)ministration
Enhancements
-indo's Mobile ?$0 Direct Push
&M) e%mail
support
Message
flags
Quic3
message retrie#al
Enhanced
calendar #ie's
Meeting
attendee
information
5ut of 5ffice
management
Exchange se
arch
-indo's "h
arePoint "er#ices
and -indo's fileshare 1+C
document access
Enforcement
of
Exchange Acti#e
"!nc mailbox
policies
,emote
de#ice 'ipe
Certificate%
based
authentication
"9M*ME
support 1'ith
Exchange 2007 "
P
De#ice
storage card
encr!ption
,ights
management
support
Detailed
de#ice monitoring
Error
reporting
-indo's Mobile
po'ered de#ices 'ith
the Messaging O
"ecurit! eature
Pac3
Direct Push
@lobal
address boo3
loo3up
as3
s!nchroni/ation
Enforcement
of
Exchange Acti#e
"!nc mailbox
policies
,emote
de#ice 'ipe
Certificate%
based
authentication
"9M*ME
support 1'ith
Exchange 2007 "
P
Microsoft 5pe
rations Manager
integration and
reporting
Diagnostic
tas3s and health
monitoring
>0
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
50/144
Operating S$stem Pro)#ctivit$
Enhancements
Sec#rit$
Enhancements
A)ministration
Enhancements
All -indo's Mobile
po'ered de#ices
"!nchroni/ation
of e%mail
messages(
calendar( and
contact data
"ecure
"oc3ets )a!er
1"") encr!ption
8asic
authentication
*ntegration
'ith *nternet
"ecurit! and
Acceleration
1*"A "er#er
Microsoft 5pe
rations Manager
integration and
reporting
Diagnostic
tas3s and health
monitoring
or more information about ho' to manage -indo's Mobile po'ered de#ices( #isit the
-indo's Mobile Center -eb site$
Exchange ActiveS$nc !eporting Services
Microsoft Exchange "er#er 2007 and Exchange Acti#e"!nc offer a 'ide #ariet! of features
for both users and administrators$ As an administrator( it is important that !ou 3no' the
#olume and usage patterns of !our deplo!ment$ his information can help !ou effecti#el!
manage !our Exchange Acti#e"!nc deplo!ment( better understand user producti#it!( and
plan for future needs$ ,eporting in Exchange Acti#e"!nc for Exchange "er#er 2007 is a
-indo's Po'er"hell tas3 that compiles a set of *nternet *nformation "er#ices 1**" logs and
processes to create a series of output files$ Each file is a separate report that can help !ou
understand !our Exchange Acti#e"!nc deplo!ment$ his section pro#ides an o#er#ie' of the
cmdlet !ou can use to generate these reports and information about the content of these
reports$
enerating Exchange ActiveS$nc !eports
Bou can generate Exchange Acti#e"!nc reports b! using the Export.ActiveS$nc3og cmdlet$his cmdlet lets !ou specif! a #ariet! of input parameters$ hese parameters include the
location of the **" log files( the start dates and the end dates for the reports( and the output
path for the reports$ o run this cmdlet( !ou must be delegated the permissions associated
'ith the Exchange "er#er Administrator or Exchange 5rgani/ation Administrator role$ Bou
must also ha#e read access to the director! 'here the **" logs are located$ or more
information about the s!ntax of the Export.ActiveS$nc3og cmdlet( see Export%
Acti#e"!nc)og$
>
http://go.microsoft.com/fwlink/?LinkID=62636http://go.microsoft.com/fwlink/?LinkId=79424http://go.microsoft.com/fwlink/?LinkId=79424http://go.microsoft.com/fwlink/?LinkID=62636http://go.microsoft.com/fwlink/?LinkId=79424http://go.microsoft.com/fwlink/?LinkId=79424 -
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
51/144
Available Exchange ActiveS$nc !eportshere are a #ariet! of Exchange Acti#e"!nc reports a#ailable$ hese reports include the
follo'ing:
Exchange ActiveS$nc +sage !eport his report includes a #ariet! of monitored
parameters$ hese include the total b!tes that ha#e been sent and recei#ed in addition to
a count of each t!pe of item that 'as sent and recei#ed$ *tem t!pes are e%mail messages(
calendar items( contact items( and tas3 items$
@its !eport his report lets !ou see the total number of s!nchroni/ation reuests
that are processed per hour( in addition to the total number of uniue de#ices that are
initiating s!nchroni/ation reuests$
@11P Stat#s !eport his report pro#ides a general o#er#ie' of the performance of
the Client Access ser#er$ *t includes a summar! of the #arious error response codes andthe percentage of the time each code 'as encountered$
Polic$ Compliance !eport his report pro#ides information about the number of
full! compliant( partiall! compliant( and noncompliant de#ices$ A full! compliant de#ice is
one that has accepted the Exchange Acti#e"!nc polic! and can implement all aspects of
the polic!$ A partiall! compliant de#ice is one that has accepted the polic!( but has a
mobile de#ice operating s!stem that is unable to enforce all aspects of the polic!$ A
noncompliant de#ice is either unable to accept the polic! or has re.ected the polic!$
+ser Agent 3ist his report returns the total number of uniue users( organi/ed b!
mobile de#ice operating s!stem$
Interpreting the Internet Information Services3og "iles
able > lists the #arious elements of the Exchange Acti#e"!nc **" logs$ *n the log file( each
element is separated b! an underscore character$
>2
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
52/144
1able 6 Elements of the Exchange ActiveS$nc protocol logs
3etter i)entifier Element name ,efinition Possible val#es
6 Protocol #ersion he protocol #ersion
that the de#ice is
using to s!nchroni/e
'ith the
Exchange ser#er$
4al#e 'eaning
20 6ersion
2
2> 6ersion
2$>
2 6ersion
2$
20 6ersion
2$0
0 6ersion
$0
! !pe he t!pe of folder
that is being
s!nchroni/ed$
4al#e 'eaning
Em E%mail
Co Contacts
Ca Calendar
a as3s
id older *D he *D of the folder
that is being
s!nchroni/ed$
Positi#e *nteger
c older count he number of
folders that are being
s!nchroni/ed$
Positi#e *nteger
>;
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
53/144
3etter i)entifier Element name ,efinition Possible val#es
ilt ilter t!pe he data that the
user reuested$ 4a
l#
e
'
ea
ni
n
g
E.
m
ail
C
al
e
n
)
ar
1a
s%
s
0
o
filt
er
B
e
s
B
e
s
Be
s
d
a
!
b
a
c3
B
e
s
o
o
2 ;
d
a!s
b
a
c3
B
e
s
o
o
;
'
e
e
3
b
a
c3
B
e
s
o
o
= 2
'
e
e
3s
b
B
e
s
B
e
s
o
>=
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
54/144
3etter i)entifier Element name ,efinition Possible val#es
"t "!nc t!pe he t!pe of
s!nchroni/ation that
is being performed$
4al#e 'eaning
irst
s!nc
" "ubseu
ent s!nc
, ,eco#er
! s!nc
* *n#alid
s!nc
"3 "!nc 3e! he actual s!nc 3e!
that is used bet'een
the mobile de#ice
and the
Exchange ser#er$
Positi#e integer
Cli: Client statistics "tores the count of
each t!pe of acti#it!
from the Client$5utput is in the form
Cli: 0A0C3D1F0E$
I)entifier
val#e
'eaning
A Adds
C Changes
D Deletes
etches
E Errors
>>
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
55/144
3etter i)entifier Element name ,efinition Possible val#es
"#r: "er#er statistics "tores the count of
each t!pe of acti#it!
from the ser#er$
5utput is in the form
Svr:2A0C2D1F1E$
I)entifier
val#e
'eaning
A Adds
C Changes
D Deletes
etches
E Errors
E umber of errors his is the number of
errors encountered in
a reuest$
Positi#e integer
*o *tems opened his is the number of
items that ha#e been
opened$ his feature
has not !et been
implemented$
Positi#e integer
&b &eartbeat inter#al his indicates the
&eartbeat inter#al
that is used for the
ping command$
Positi#e integer
"sp "harePoint
documents
his is the number of
files that ha#e been
accessed from
-indo's "harePoint
"er#ices$
Positi#e integer
"spb "harePoint b!tes his is the number of
b!tes that ha#e been
accessed from
-indo's "harePoint
"er#ices$
Positi#e integer
+nc +C files his is the number of
files that ha#e been
accessed through
-indo's file shares$
Positi#e integer
>?
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
56/144
3etter i)entifier Element name ,efinition Possible val#es
+ncb +C b!tes his is the number of
b!tes that ha#e been
accessed through
-indo's file shares$
Positi#e integer
Att Attachments his is the number of
attachments that
ha#e been retrie#ed$
Positi#e integer
Attb Attachment b!tes he number of b!tes
that ha#e been
retrie#ed for
attachments$
Positi#e integer
P3 Polic! 3e! recei#ed he element that is
used b! the client
and ser#er to
correlate
ac3no'ledgements to
a particular polic!
setting$
ot applicable
Pa Polic! ac3no'ledge
status
he element that
indicates success if
all the polic! settings
'ere applied
correctl!$
4al#e 'eaning
Polic!'as
successf
ull!
applied
2 Polic!
'as
partiall!
applied
; Polic!
'as notapplied
>7
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
57/144
3etter i)entifier Element name ,efinition Possible val#es
5of 55f action he action that is
performed on the 5ut
of 5ffice status stored
on the
Exchange ser#er$
4al#e 'eaning
@et ,etrie#e
s the
55
status
and
message
"et "ets the
55
status
and
message
+ser*nfo +ser information
action
he parameter that
specifies retrie#al of
the user information
data$
@et
De#Model De#ice model he de#ice
information that is
supplied b! the
de#ice manufacturer$
Possible #alues
include manufacturer
name( model name(
and model number$
De#*ME* *ME* he *nternational
Mobile Euipment
*dentit! 1*ME*$ *t is a
>%digit code that is
assigned to each
de#ice$
"tring
De#ame De#ice friendl! name his element stores
the users description
of their de#ice$
"tring
De#5" De#ice 5" he operating s!stemthat is running on the
de#ice$
"tring
De#)ang De#ice 5" language he locali/ed
language of the
de#ice operating
s!stem$
"tring
>
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
58/144
3etter i)entifier Element name ,efinition Possible val#es
Error Error he error section of
the reuest$
"tring
" "tatus his element returns
the status of the
de#ice$
"tring
A sample log for a de#ice s!nchroni/ation might appear as follo's:
B3og42(D1$:EmD"i):(7D"cD"ilt2DSt:SDS:906DSrv:a0c0)0s0e0rDP%22802(9(
DS
"or 'ore Information
or more information about reporting for Exchange Acti#e"!nc( see the follo'ing:
Export%Acti#e"!nc)og
&o' to @enerate Exchange Acti#e"!nc ,eports
Overvie of POP( an) I'AP*
his section describes the Post 5ffice Protocol #ersion ; 1P5P; and *nternet Message
Access Protocol 6ersion =re# 1*MAP= functionalit! for Microsoft Exchange "er#er 2007$
8! default( P5P; and *MAP= are disabled in Exchange 2007$ o use these protocols( !ou
must first start the P5P; and *MAP= ser#ices on the computer that is running Exchange 2007
that has the Client Access ser#er role installed$
POP( an) I'AP* ProtocolsMessaging s!stems that are based on P5P; and *MAP= are best suited for home and
personal use 'here reuirements for data reco#erabilit! and securit! are lo'$ P5P; 'as
designed to support offline mail processing$ -ith P5P;( e%mail messages are remo#ed from
the ser#er and put on the local P5P; client$ his puts the data management and securit!
responsibilit! in the hands of the user$ *MAP= offers offline and online access( but li3e P5P;(
*MAP= does not offer ad#anced collaboration features such as scheduling and group
scheduling and tas3 and contact management$
>
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
59/144
'anaging POP(FI'AP* "eat#res-ith Exchange 2007( !ou can manage all the ser#er settings for P5P; and *MAP= b! using
the Exchange Management "hell$ or more information about ho' to use the Exchange
Management "hell to manage P5P; and *MAP=( see Managing P5P; and *MAP=$
Note:
here is no user interface in the Exchange Management Console for P5P; and
*MAP=$ o manage these protocols( !ou must use the Exchange Management "hell$
"or 'ore Information
or more information about ho' to enable P5P; and *MAP= for use 'ith
Exchange 2007( see Enabling P5P; and *MAP= on a Client Access "er#er$
or more information about managing the client functionalit! a#ailable in
Exchange 2007 for P5P; and *MAP=( see Managing P5P; and *MAP=$
Overvie of O#tloo% &eb Access
8! default( 'hen !ou install the Client Access ser#er role on a computer that is running
Microsoft Exchange "er#er 2007( !ou enable
Microsoft 5ffice 5utloo3 -eb Access$ 5utloo3 -eb Access lets !ou access !our
Exchange 2007 mailbox from an! -eb bro'ser$
Overvie of O#tloo% &eb Access5utloo3 -eb Access has been redesigned for Exchange "er#er 2007 to create a ne' loo3(
add ne' features( and impro#e usabilit!$ or more information about 5utloo3 -eb Access
features( seeClient eatures in 5utloo3 -eb Access$
'anaging O#tloo% &eb Access-hen !ou install the Client Access ser#er role( four default #irtual directories are created to
enable access to content that is stored on Exchange ser#ers b! using a -eb bro'ser$ 5f the
four #irtual directories( the #irtual director! named o'a is used most freuentl!$ or more
information about 5utloo3 -eb Access #irtual directories( seeManaging 5utloo3 -eb
Access 6irtual Directories in Exchange "er#er 2007$
*n Exchange 2007( the most common 5utloo3 -eb Access management tas3s can be
accomplished in the Exchange Management Console$ All these tas3s( and man! other tas3s(
can be accomplished b! using the Exchange Management "hell$ Bou 'ill still ha#e to use
?0
http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320 -
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
60/144
tools such as *nternet *nformation "er#ices 1**" Manager for some tas3s( such as configuring
"ecure "oc3ets )a!er 1"") or setting up simple +,)s for users$
or more information about ho' to manage 5utloo3 -eb Access( see the follo'ing:
Managing 5utloo3 -eb Access
Managing 5utloo3 -eb Access "ecurit!
Overvie of O#tloo% An$here
he 5utloo3 An!'here feature for Microsoft Exchange "er#er 2007 lets !our
Microsoft 5ffice 5utloo3 2007 and 5utloo3 200; clients connect to their Exchange ser#ers
o#er the *nternet b! using the ,PC o#er &P -indo's net'or3ing component$ his section
describes the 5utloo3 An!'here feature and the benefits of using 5utloo3 An!'here$
O#tloo% An$here an) Exchange 2007Exchange "er#er 200; enabled users to use the -indo's ,PC o#er &P Prox! component
to access their Exchange information from the *nternet$ his technolog! 'raps remote
procedure calls 1,PCs 'ith an &P la!er$ his allo's the traffic to tra#erse net'or3
fire'alls 'ithout reuiring ,PC ports to be opened$ Exchange 2007 builds on this
functionalit! and greatl! reduces the difficult! of deplo!ing and managing this feature$ o
deplo! 5utloo3 An!'here in !our Exchange messaging en#ironment( !ou .ust ha#e to enable
at least one Client Access ser#er b! using the Enable 5utloo3 An!'here -i/ard$
-enefits of +sing O#tloo% An$herehere are se#eral benefits to using 5utloo3 An!'here to enable 5utloo3 200; and
5utloo3 2007 clients to access !our Exchange messaging infrastructure$ he benefits are as
follo's:
,emote access to Exchange ser#ers from the *nternet$
Bou can use the same +,) and namespace that !ou use for
Microsoft Exchange Acti#e"!nc and 5utloo3 -eb Access$
Bou can use the same "ecure "oc3ets )a!er 1"") ser#er certificate that !ou use for
both 5utloo3 -eb Access and Exchange Acti#e"!nc$
+nauthenticated reuests from 5utloo3 cannot access Exchange ser#ers$
Clients must trust the certification authorit! that issues the certificate$
Bou do not ha#e to use a #irtual pri#ate net'or3 16P to access Exchange ser#ers
across the *nternet$
?
http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320 -
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
61/144
Bou must allo' onl! port ==; through !our fire'all( because 5utloo3 reuests use &P o#er
"")$ *f !ou alread! use 5utloo3 -eb Access 'ith "") or Exchange Acti#e"!nc 'ith "")(
!ou do not ha#e to open an! additional ports from the *nternet$
,eplo$ing O#tloo% An$hereDeplo!ing 5utloo3 An!'here for !our organi/ation is no' a straightfor'ard process$ he
follo'ing recommendations should be follo'ed to successfull! deplo! 5utloo3 An!'here:
+se at least one Client Access server per site *n Exchange 2007( a site is a
net'or3 location 'ith high%band'idth connecti#it! bet'een all computers$ -e
recommend that !ou install at least one Client Access ser#er in each site that is
dedicated to pro#iding client access to the Exchange 2007 computer that has the Mailbox
ser#er role installed$ &o'e#er( !ou can ha#e multiple Client Access ser#ers in each site
for increased performance and reliabilit!$
Enable O#tloo% An$here on at least one Client Access server -e recommend
that !ou ha#e one Client Access ser#er in each site that has 5utloo3 An!'here enabled$
his lets 5utloo3 2007 clients connect to the Client Access ser#er that is closest to a
users mailbox$ +sers 'ill connect to the Client Access ser#er that is in the site together
'ith the Mailbox ser#er that contains their mailbox b! using &P"$ his minimi/es the
ris3 associated 'ith using remote procedure calls 1,PCs across the *nternet$ +sing
,PCs across the *nternet can ad#ersel! affect performance$
or more information about ho' to enable 5utloo3 An!'here( see &o' to Enable 5utloo3
An!'here$
'anaging O#tloo% An$hereBou can Manage 5utloo3 An!'here b! using the Exchange Management Console or the
Exchange Management "hell$ 8! default( 'hen !ou enable 5utloo3 An!'here on a Client
Access ser#er( all users 'ho ha#e mailboxes on Exchange 2007 Mailbox ser#ers are enabled
for 5utloo3 An!'here$ or more information about ho' to manage 5utloo3 An!'here( see
Managing 5utloo3 An!'here$
Coexistence5utloo3 An!'here can be used in en#ironments 'here Exchange 200; is still being used$ *f
!ou ha#e users 'ho ha#e mailboxes located on Exchange 200; ser#ers( and these users are
using 5utloo3 2007 or 5utloo3 200;( !ou must configure these clients manuall!$ or more
information about 5utloo3 An!'here coexistence( see &o' to Configure 5utloo3 An!'here
'ith Exchange 200;$
?2
http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320 -
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
62/144
!ecommen)ations for O#tloo% An$here
his section pro#ides recommendations for using 5utloo3 An!'here in !our Exchangeinfrastructure$
-e recommend that !ou use the follo'ing configuration 'hen !ou use Exchange 'ith
5utloo3 An!'here:
N13' a#thentication over Sec#re Soc%ets 3a$er
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
63/144
he certificate date is incorrect$
herefore( !ou must ma3e sure that the client computers trust the certification authorit!$
Additionall!( if !ou use !our o'n certification authorit!( 'hen !ou issue a certificate to !ourClient Access ser#er( !ou must ma3e sure that the Common Namefield or the Iss#e) to
field on that certificate contains the same name as the +,) of the Client Access ser#er that is
a#ailable on the *nternet$ or example( the Common Namefield or the Iss#e) tofield must
contain a name that resembles mail$contoso$com$ hese fields cannot contain the internal
full! ualified domain name of the computer$ or example( the! cannot contain a name that
resembles m!computer$contoso$com$
"or 'ore Information
or more information about 5utloo3 An!'here( see the follo'ing:
5#er#ie' of 5utloo3 An!'here
Managing 5utloo3 An!'here
Deplo!ing 5utloo3 An!'here
Overvie of the A#to)iscover Service
Microsoft Exchange "er#er 2007 includes a ne' Microsoft Exchange ser#ice named the
Autodisco#er ser#ice$ he Autodisco#er ser#ice configures client computers that are running
Microsoft 5ffice 5utloo3 2007$ he Autodisco#er ser#ice can also configure supported mobilede#ices$ he Autodisco#er ser#ice pro#ides access to Microsoft Exchange features for
5utloo3 2007 clients that are connected to !our Microsoft Exchange messaging en#ironment$
he Autodisco#er ser#ice must be deplo!ed and configured correctl! for 5utloo3 2007 clients
to automaticall! connect to Microsoft Exchange features( such as the offline address boo3(
the A#ailabilit! ser#ice( and +nified Messaging 1+M$ Additionall!( these Exchange features
must be configured correctl! to pro#ide external access for 5utloo3 2007 clients$ or more
information( see &o' to Configure Exchange "er#ices for the Autodisco#er "er#ice$
he Autodisco#er ser#ice uses a users e%mail address and pass'ord to pro#ide profile
settings to 5utloo3 2007 clients and supported mobile de#ices$ *f the 5utloo3 2007 client is
.oined to the domain( the users domainaccount is used$
Note:
he Autodisco#er ser#ice is a#ailable for 5utloo3 2007 clients and some mobile
de#ices$ Earlier #ersions of 5utloo3( including Microsoft 5utloo3 200;( cannot use
the Autodisco#er ser#ice$
?=
http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320 -
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
64/144
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
65/144
he "CP ob.ect contains the authoritati#e list of Autodisco#er ser#ice +,)s for the forest$ Bou
can update the "CP ob.ect b! using the Set.ClientAccessServercmdlet$ or more
information about the Set.ClientAccessServercmdlet( see "et%ClientAccess"er#er$
Important:
8efore !ou sa#e the ne' Acti#e Director! ob.ect( ma3e sure that the Authenticated
+sers account has ,ead permissions for the "CP ob.ect$ *f users do not ha#e the
correct permissions( the! 'ill be unable to search for and read items$
or more information about "CP ob.ects( see Publishing 'ith "er#ice Connection Points$
igure = illustrates ho' a client connects to a Client Access ser#er the first time from inside
the internal net'or3$
"ig#re * 1he A#to)iscover service process for internal access
or external access( the client locates the Autodisco#er ser#ice on the *nternet b! using the
primar! "MP domain address from the users e%mail address$ Depending on 'hether !ou
ha#e configured the Autodisco#er ser#ice on a separate site( the Autodisco#er ser#ice +,)
'ill be either https:99Fsmtp-address-domainG9autodisco#er9autodisco#er$xml or
https:99autodisco#er$F smtp-address-domainG9autodisco#er9autodisco#er$xml$ igure >
illustrates a simple topolog! 'ith a client connecting from the *nternet$
"ig#re 6 1he A#to)iscover service process for external access
??
http://go.microsoft.com/fwlink/?LinkId=79424http://go.microsoft.com/fwlink/?LinkId=72744http://go.microsoft.com/fwlink/?LinkId=72744http://go.microsoft.com/fwlink/?LinkId=79424http://go.microsoft.com/fwlink/?LinkId=72744 -
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
66/144
-hen the client connects to the Acti#e Director! director! ser#ice( the client loo3s for the
"CP ob.ect that 'as created during "etup$ *n deplo!ments that include multiple Client Access
ser#ers( an Autodisco#er "CP ob.ect is created for each Client Access ser#er$ he "CP
ob.ect contains the ServiceBindingInfoattribute that has the QD of the Client Access
ser#er in the form of https:99CA"09autodisco#er9autodisco#er$xml( 'here CA"0 is the
QD for the Client Access ser#er$ 8! using the user credentials( the 5utloo3 2007 client
authenticates to Acti#e Director! and searches for the Autodisco#er "CP ob.ects$ After the
client obtains and enumerates the instances of the Autodisco#er ser#ice( the client
connects to the first Client Access ser#er in the enumerated list and obtains the profile
information in the form of M) data that is needed to connect to the users mailbox and
a#ailable Microsoft Exchange features$
,eplo$ment Options for the A#to)iscoverService
Deplo!ing the Autodisco#er ser#ice is onl! one step in ma3ing sure that !our
Microsoft Exchange ser#ices( such as the A#ailabilit! ser#ice( can be accessed b!
5utloo3 2007 clients$ hese ser#ices must be deplo!ed and configured correctl! for clients to
recei#e the correct profile configuration information from the Autodisco#er ser#ice$ or more
information about ho' to deplo! !our Microsoft Exchange ser#ices( see&o' to Configure
Exchange "er#ices for the Autodisco#er "er#ice$
-e recommend that !ou consider ho' to deplo! the Autodisco#er ser#ice 'hen !ou plan the
Client Access ser#er infrastructure for !our Exchange messaging en#ironment$
?7
http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320 -
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
67/144
or more information about ho' to deplo! the Autodisco#er ser#ice( see Deplo!ment
Considerations for the Autodisco#er "er#ice$
"or 'ore Information
or more information about ho' to deplo! and manage the Autodisco#er ser#ice( see the
follo'ing:
Deplo!ment Considerations for the Autodisco#er "er#ice
&o' to Configure Exchange "er#ices for the Autodisco#er "er#ice
Managing the Autodisco#er "er#ice
,eplo$ment Consi)erations for theA#to)iscover Service
he Autodisco#er ser#ice for Microsoft Exchange "er#er 2007 pro#ides automatic profile
configuration for Microsoft 5ffice 5utloo3 2007 clients that are connected to !our Exchange
messaging en#ironment$
A#to)iscover Service 1opolog$ !e#irements
or the Autodisco#er ser#ice to function correctl! for 5utloo3 2007( !ou must ma3e sure that!our Exchange organi/ation meets the follo'ing reuirements:
Bou must ha#e at least one Exchange 2007 Client Access ser#er installed in !our
Exchange deplo!ment$ or Exchange features such as the A#ailabilit! ser#ice and
+nified Messaging( !ou must also ha#e the +nified Messaging( Mailbox( and &ub
ransport ser#er roles installed on the Client Access ser#er or another ser#er$
he Exchange 2007 Acti#e Director! schema must be applied to the forest 'here the
Autodisco#er ser#ice 'ill be running$
Connecting to the A#to)iscover Service fromthe Internet
*f !ou are pro#iding external access to Microsoft Exchange b! using 5utloo3 An!'here
1formerl! 3no'n as ,PC o#er &P( and !ou 'ant !our 5utloo3 2007 clients to be
automaticall! configured b! using the Autodisco#er ser#ice( !ou must install a #alid "ecure
"oc3ets )a!er 1"") certificate on the Client Access ser#er that includes both the common
name 1for example( mail$contoso$com and a "ub.ect Alternati#e ame for
?
http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320http://go.microsoft.com/fwlink/?LinkId=65320 -
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
68/144
autodisco#er$contoso$com$ or information about ho' to configure !our "") certificate to use
a "ub.ect Alternati#e ame( see &o' to Configure "") Certificates to +se Multiple Client
Access "er#er &ost ames$Additionall!( !ou must correctl! configure !our Exchange
ser#ices( such as the A#ailabilit! ser#ice( before the Autodisco#er ser#ice can pro#ide the
correct external +,)s to clients$ or more information( see &o' to Configure Exchange
"er#ices for the Autodisco#er "er#ice$
-hen the client tries to connect to !our Microsoft Exchange deplo!ment( the client locates
the Autodisco#er ser#ice on the *nternet b! using the primar! "MP domain address from the
users e%mail address$ 8ased on 'hether !ou ha#e configured the Autodisco#er ser#ice to
ha#e a separate name from !our organi/ations existing D" host name( the Autodisco#er
ser#ice +,) 'ill be either https:99Fsmtp-address-domainG9autodisco#er9autodisco#er$xml or
https:99autodisco#er$F smtp-address-domainG9autodisco#er9autodisco#er$xml$ or example( if
the users e%mail address is monicaRcontoso$com( the Autodisco#er ser#ice should be
located at either https:99contoso$com9autodisco#er$xml orhttps:99autodisco#er$contoso$com9autodisco#er9autodisco#er$xml$ his means that !ou must
ha#e a host record for the Autodisco#er ser#ice added to !our external D" /one$
or more information( see &o' to Configure the Autodisco#er "er#ice for *nternet Access$
+sing '#ltiple Sites for Internet Access to the A#to)iscoverService
-e recommend hosting the Autodisco#er ser#ice on a separate site if !ou manage a
freuentl! #isited -eb site that also hosts !our e%mail traffic$ o host the Autodisco#er ser#ice
on a separate site on the same computer as other Exchange features( follo' these steps:
Note:
Bou must use one *P address per site$
$ from a certification authorit! 1CA that the client computer trusts$ *f !ou ha#e decided to
host the Autodisco#er ser#ice on a separate site( see &o' to Configure "") Certificates
to +se Multiple Client Access "er#er &ost ames$
?
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
69/144
;$
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
70/144
-
8/12/2019 Planning For Exchange Server 2007 Client Access Servers
71/144
herefore( if a client in the +"%contoso site has a mailbox located in the Europe%contoso site
and tries to locate the Autodisco#er ser#ice( the client can select the ser#ice instance that has
siteS+"%contoso or siteSEurope%contoso$
*f !ou do not specif! site scope for the Autodisco#er ser#ice( the client might return the
autodiscoverInternalUriparameter for the APAC%contoso site because of the slo' connection
to the +"%contoso site$
Note:
*f !ou do not configure a specific set of Acti#e Director! sites for clients to use(
5utloo3 2007 'ill randoml! select Client Access ser#ers to use to access the
Autodisco#er ser#ice$
or more information about site affinit!( see &o' to Configure the Autodisco#er "er#ice to
+se "ite Affinit!$
Config#ring the A#to)iscover Service for'#ltiple "orests
Bou can deplo! Microsoft Exchange b! using multiple forests$ 'o of the multiple forest
deplo!ment scenarios are the resource forest topolog! and the multiple trusted forest
topolog!$ he follo'ing sections describe ho' the Autodisco#er ser#ice is used in these t'o
deplo!ment scenarios$
Config#ring the A#to)iscover Service in a !eso#rce "orest1opolog$
*f !ou are using a resource forest topolog!( user accounts reside in one forest 1referred to as
a user account forest and Microsoft Exchange is deplo!ed in a separate forest 1referred to as
a resource forest$ *n this scenario( the client contacts Acti#e Director! in the user account
forest to locate the +,) for the Autodisco#er ser#ice$ 8ecause the ser#ice is hosted in the
resource forest( !ou must update Acti#e Director! in the user account forest to include the
information that Acti#e Director! reuires to enable the client to access the resource forest$ o
do this( !ou must create an Autodisco#er "CP pointer record in Acti#e Director! in the user
account forest$ he Autodisco#er "CP pointer record includes the )ight'eight Director!
Access Protocol 1)DAP +,) of the resource forest that the client 'ill use to locate
the Autodisco#er ser#ice$
o create the Autodisco#er "CP pointe