Thursday, May 19, 2011

Real-World Site Resilience Design in Microsoft

*a manual disaster recovery process used to recover from a complete site failure
*not automatic but can be automated.
*goal: make sure you have a copy of data and someone can bring it up
*not just technology: people, process, and the procedures... these along with the technology will allow for successful site resilience
*what is the cost of losing your HA solution? make sure this out weighs the the cost for putting in SR. You can also do SR for dedicated DBs.

*IE has 20 min cache for address, you can set your DNS TTL for OWA down to 5 sec, but you won't get a redirect unless you close out IE and reOpen

*The failback URL, make sure to include failback URL.

Microsoft Exchange Online in Microsoft Office 365: Migration Case Study

*860K mailboxes moved from on prem to o365.
*interesting strategy: user's online accounts were created, dial tone mailboxes were created, user data was imported in separately. this strategy allowed the migration to happen very fast. the school/districts involved had tools to migrate exchange data to online solution - 180 schools/entities were uploading data concurrently. early on during the pilot test, full armor (vendor) noticed that the data export was failing - b/c so much data was coming into online service, the hosted system saw this as DOA and closed down the connection. the lesson learned here is to work with the migration specialist from MS prior to migrating your data

*full armor wrote up a tool that aids in migration, Quest now owns it and it's downloadable

Microsoft Lync 2010: Core Voice Planning and Deployment

New features:
*CAll Park

*Unassigned numbers
-handles numbers that are valid for your org but not assigned t0 a user phone
-you can transfer these calls to a predetermined destination
-create and manage an unassigned number

*location and enhanced 911
-now includes a location information server (LIS) for clients that require locations
-populate LIS DB with (in order of preference): wireless access point (BSSID), LLDP orot, LLDP switch, subnet, MAC
-you can configure LIS with powershell
-LIS is required for 911 enabling and routing
-will need to partner with e911 partner
-will work with IM
-can be used for location based emergency routing outside of US

*Private line:
-not listed on AD
-bypass most inbound call routing rules
-calls will fail if coming from ocs 2007 R2, this feature uses a new attribute

*Caller ID presentation controls
-you can configure caller id mask per trunk

*Monitoring
*Common Area Phone support
-enables low cost iP phones to be placed in common area

*IP Phone Infrastructure requirements
-LLDP-MED supported
-POE supported
-DNS requirement is the same as R2
-DHCP requirements are new:

*Analog Device Management
*Voice Routing - Trunk Translation
*Media Service Colocation
-you can consolidate meditation servers in the central DC

*malicious call trace

*Exchange UM
-only supported UM for lync
-will support exchange 2007 sp1 and beyond
-will support multiple forest: lync can be in one and exchange can be in the other
-hosted EUM as part of O365 is also now supported
-need to configure edge for shared domain when using o365

Routing and setup:
*dial plans:
-require e.164
-lync clients normalized dialed number before the yare sent to the server
-normalization rules are specified using regular expression

*planning for dial plans
-identify all areas within tghe organization that have local dialing requirements
-identify the valid number patterns for each
-try to standardize on an or wide scheme
-determine dial plan scope
-dial plans are obtained by UC clients through the inband provisioning process via the scope of the dial plan policy

locking down outlook anywhere by device

look into using ipsec w/certificate:
http://technet.microsoft.com/en-us/network/bb531150a

Microsoft Exchange Online in Microsoft Office 365: Simple Migration Live!

(this lectures applies to more med/small size companies)
*office 365 includes tools for planning
*not interoperable with BES (send as permissions are not migrated over), announcement has been made that BES will be supported in the future

*hybrid/staged mode offers more reach features, with journal rules, transport rules..

*cutover: for migrations with less than 1000 users, require outlook anywhere, public 3rd party cert, identity management in the cloud, review docs from http://help.outlook.com/

*demo:
-the migration tools offer a reporting capability similar to mailbox move reports from on prem version

*staged:
-requirements: require directory sync
-allows for migration in phases
-the planning is different from cutover, you have to specify the users you want to migrate within a CSV file where as in cutover, you discover them.
-when you kick off the sync, the emails are forwared to a migrated user on O.365, no need for final delta sync
-first phase of mailbox copy: copy of all folder structure, start from latest item to the oldest item
-incremental sync phase: copy the delta

*troubleshooting tips:
-performance issue: why is the migration so slow? limiting factors: proc, memory, disk IO and network latency and bandwidth. You can adjust throttle by adjusting concurrent moves. you can load balance your source site,

-connectivity: you can use test exchange connectivity tool. one common error is 'unable to set targetAddress' this is because you are using the wrong migration mode. if you have exchange 2010/2010 sp1 you should use hybrid. User mail not migrated:(1) due to large size (greater than 24mg), (2)due to bad items

-client side requirements: user needs to run connector, once this is installed, it allows the user to connect to o365. the connector tool also will move rules, this tool will try to fix the rules if it's broken and will involve users input

-Not migrate: send as permissions, dumpuster, dynamic DL, public folder, you can't go back - will not migrate back

-hybrid (download EXL311)

Wednesday, May 18, 2011

Lync & Exchange

*it's been announced that a IOS client for Lync will be released before the end of year

BOF12-ITP - Exchange Unified Messaging

*update language packs often for the voice recognition/transcription
*prevent VMs being forwarded by using naming convention of the VMs - use a transport rule
*load testing UM - difficult to do, you must be able to test from the gateway
*top 5 gotchas:
-gateway selection
-know what you are providing to your users
-reverse lookup of the number, related to some translation on the PBX side, you may have a extra digit and the number does not match the number on the directory or the contact
-mis use of sip secure, sip URI, extension... with Lync integration is easy - make sure you have the right certificates

*MWI
-not all versions of cisco has been tested with UM
-make sure you communicate with cisco cm team for any updates
-solid network connection, look for acknowledgement
-UM exchange telephony advisor

Tuesday, May 17, 2011

Best Practices for Virtualization of Microsoft Exchange 2010

key points (full notes are available from slide deck)
*snapshots are NOT supported. exchange is always moving forward in time
*VSS backup of root for pass through disks for iscsi disks connected to initiator in guest
*the new exchange calculator will account for virtualization
*don't forget network needs

*UM and Virtualization
-4 virtual proc is a must, lab tests shows poor voice quality, 40 concurrent connections tested fine with 4 VP/16GB memory
-Exchange is very multi CPU aware, take advantage of using as many vCPUs
-take advantage of HUB/MBX multirole deployment, there's a extra feature you get when you deploy these together (any benefit of combining MBX/CAS?)

*Storage considerations:
-Exchange storage must be fixed VHD
-Exchange storage must be block level, will not support NAS

*take advantage of the DAC mode available with 2010

*clustering the hytper v host:
-make sure to take account of heart beat time out for the DAG
-quick migration is not supported for exchange
-live migration is supported and complete shutdown and bringing it up on another machine is supported

*general guide line, dedicate resource for exchange do not set it for dynamic adjusting resources. the auto tuning adds no value to exchange.

Update on support for exchange and virtualization

Monday, May 16, 2011

Send on behalf of a security group/distribution group

exchange 2010 UM now supported on hyper V!!

http://blogs.technet.com/b/exchange/archive/2011/05/16/announcing-enhanced-hardware-virtualization-support-for-exchange-2010.aspx

Exchange Server 2010 Tips and Tricks - Scott Schnoll, scott.schnoll@microsoft.com

announcements:
*UM roles are supported on Hyper V.(http://bit.ly/ke0lbw)
*kerberos authentication is recommended over default setting of 'negotiate', NTLM bottleneck (check http://t.co/fpd6sNa)
*SSL offloading updates: http://technet.microsoft.com/en-us/library/ee633481.aspx
*JetStress 1.0.0.11 (4/1/2011)
*IE9 breaks EMC,work around: this is a IE bug, you can use task manager to MMC.exe)


basics
*~70 million mailboxes are being hosted on cloud for this build
*support more languages than ever
*standard ed (up to 5 DBs/server), Enterprise (100 db/server), hybrid edition (only version you can use to connect your 2007 version to office 365, it acts as a gateway to connect to the cloud)
*exchange 2010 SP1 RU 3 has been pulled and updated twice! make sure you have version 3 (14.1.287.1)

planning/deployment tools
http://technet.microsoft.com/en-us/exdeploy2010
*includes tools for deploying to cloud and as well as hybrid mode
*updated mailbox server requirements calculator:14.4
*https://www.testexchangeconnectivity.com

scripts and troubleshooters
*Mailbox assistants troubleshooter (sp1) - repairs mailboxes on the backend (e.g., free busy, resource booking...)
-test-AssistantHealth (run with -ResolveProblems, starts the service or restarts the service if it's hung)
*Troubleshoot-Database.ps1 detects excessive log growth issues and takes actions
-this script will see if it's a user that's causing this problem
-defaults defined in 'storeTSConstants.ps1'
-looks at your top 25 users, you have an option to quarantine the users causing the log growth
-if the log generation is still an issue, the script will remove the database from provisioning

*Troubleshoot-databaseLatency.sp1 - this is being used by SCOM
-this will tell you if you are exceeding the threshold, you know if you are not pushing too much data and you are hitting the threshold, this could be a early sign of disk failure

*TroubleShoot-CI.ps1 - detects problems with content index catalogs

*Move-TransportDatabase.ps1 - useful for moving transport path for transport servers


the powershell (useful one liners)

get-queue | get-message | where {$_.messaegsubject -ewq "subject"} | remove-message
(use withNDR parameter to specify NDR ussage)

get-counter -computerName -counter "\msexchangeReplication (*)\contiunous replication =- block mode active"

0 = file mode
1 = block mode

get-date' get-mailboxserver | for each {$_.get-databasecopystatus -mailboxserver $_.identity - dumpsterstatisticcs | ? {$_.summarycopystatus ne 'mounted"}} | foreach {$_.dumpsterstatistics}


get-whitespace.ps1 - will be posted this later

getting all logon stats from outlook (logon time, last access time, client version, and adapter speed)

get-logonStatistics -server

*by default outlook 2010 doesnt transmit IP address or mac address, you have to create a registry entry - the key will be posted

Screen shot of owa mini

Exchange 2010 SP2: featuring GAL segmentation

four new features so far:
*owa mini
-administered through EMS: set-owamailboxpolicy name-owalightenabled:$true
-completed rewrite from ground up
-alternate version of owa interface

*hybrid configuration wizard: (marrying the on premise exchange w/office 365)
-visit session on Wed for a walk through rm206
-80%reduction work from before

*address book policies/GAL segmentation:
-reasons for using this feature: leagal compliance, optimization, hosting reasons
-the white paper posted for exchange 2007 will not work
-going from allow/deny model to direct assignment to the user
-when a user is connected and is part of the address book policy, the associated GAL will be visible
-no need for a OU hierarchy to manage the users for GAL
-you can create separate OABs based on the policies
-the address book policy assignment is part of the mailbox creation from EMC and EMS
-custom attributes are still the most affective way of setting filters for DLs


*Caveats
-outlook for MAC will not be subject to ABP (Address Book Policy), it accesses AD directly
-you can't put the CAS role on the GC as well
-if you span DLs over ABP, you need to disable group management in ECP as ECP uses get-group which ignores ABP
-ABP are not legal separation
-ABP does not hide lync presence across the org

*Random facts:
-second half of 2011, 20 Million lines of code written in 6-7 languages, more than half are for testing.
-forms based authentication is the key to single sign on when hosting multiple sites of AD
-check: https://blogs.technet.com/b/exchange
-sp2 tap is available

sp2 will involve schema changes
there are about 500 bug fixes for this one

Teched 2011 - Atlanta