Sample Chapters from Microsoft Exchange

Sample Chapters from Microsoft Exchange

multiple antivirus scan engines and file-filtering capabilities . Forefront Protection provides distributed protection for Exchange servers with the Mailbox server, Hub

Transport server, and Edge Transport server roles . Although you can install Forefront

Protection on Exchange servers with these roles to gain substantial antivirus protection, you do not need to install Forefront Protection on Exchange servers with only the Client Access server or Unified Messaging server role .

You can use the Forefront Protection Setup program to install the server and management components . The management components include the Forefront

Server Security Administration Console and the Forefront Management Shell .

When you are working with the console, you can configure the way real-time and scheduled scanning for viruses and spyware works . In the shell, you’ll find Forefront-

specific cmdlets for performing similar tasks .

Exchange Server and Windows

When you install Exchange Server and Forefront Protection for Exchange Server on a server operating system, Exchange Server and Forefront Protection make extensive modifications to the environment . These modifications include new system services, integrated authentication, and new security groups .

Services for Exchange Server

When you install Exchange Server and Forefront Protection for Exchange Server on

Windows, multiple services are installed and configured on the server . Table 1-1 provides a summary of key services, how they are used, and which server components they are associated with .

TABLE 1-1

Summary of Key Services Used by Exchange Server 2010

SERvICE NAME DESCRIPTION SERvER ROLE

IIS Admin

Microsoft Exchange

Active Directory

Topology

Enables the server to administer the IIS metabase . The IIS metabase stores configuration information for Web applications used by Exchange . All roles need IIS for WinRM and remote Powershell . CAS needs IIS for OWA and Web services

Client Access

Provides Active Directory topology information to Exchange services . If this service is stopped, most Exchange

services will not be able to start .

Hub Transport,

Mailbox, Client

Access, Unified

Messaging

Microsoft Exchange

Address Book

Manages client address book connections for Exchange Server .

Client Access

Exchange Server 2010 Administration Overview

ChAPTEr 1 11

TABLE 1-1 Summary of Key Services Used by Exchange Server 2010

SERvICE NAME DESCRIPTION SERvER ROLE

Microsoft Exchange

Anti-Spam Update

Maintains the antispam data for Forefront Protection on an Exchange server .

Hub Transport,

Edge Transport

Microsoft Exchange

EdgeSync

Provides EdgeSync services between Hub and Edge servers .

Hub Transport

All Microsoft Exchange

File Distribution

Distributes Exchange data to other

Exchange servers .

Microsoft Exchange

Forms Based Authentication

Provides form-based authentication for Outlook Web App and the Web

management interface .

Microsoft Exchange

IMAP4

Provides IMAP4 services to clients .

Client Access

Client Access

Microsoft Exchange

Information Store

Manages the Microsoft Exchange

Information Store . This includes mailbox stores and public folder stores .

Microsoft Exchange

Mail Submission

Submits messages from the Mailbox server to the Hub Transport servers .

Mailbox

Mailbox

Microsoft Exchange

Mailbox Assistants

Manages assistants that are responsible for calendar updates and booking resources .

Microsoft Exchange

Mailbox Replication

Enables online mailbox moves by

processing mailbox move requests .

Microsoft Exchange

Monitoring

Provides support for monitoring and diagnostics .

Mailbox

Client Access

All

Microsoft Exchange

POP3

Provides Post Office Protocol version

3 (POP3) services to clients .

Client Access

Microsoft Exchange

Protected Service

Host

Provides secure host for Exchange Server services .

All

Mailbox Microsoft Exchange

Replication Service

Provides replication functionality used for continuous replication .

Microsoft Exchange

RPC Client Access

Manages client remote procedure call

(RPC) connections for Exchange Server .

Client Access

Microsoft Exchange

Search Indexer

Controls indexing of mailboxes to

improve search performance .

Mailbox

12 ChAPTEr 1

Exchange Server 2010 Administration Overview

TABLE 1-1

Summary of Key Services Used by Exchange Server 2010

SERvICE NAME DESCRIPTION

Microsoft Exchange

Server Extension for Windows Server

Backup

Provides extensions for Windows Server

Backup that allow you to backup and recover Exchange application data using

Windows Server Backup .

SERvER ROLE

All

Microsoft Exchange

Service Host

Provides a host for essential Exchange services .

Microsoft Exchange

Speech Engine

Provides speech processing services for

Microsoft Exchange . If this service is stopped, speech recognition services will not be available to unified messaging clients .

All

Unified

Messaging

Mailbox Microsoft Exchange

System Attendant

Provides monitoring, maintenance, and

Active Directory lookup services .

Microsoft Exchange

Throttling

Provides throttling functions to limit the rate of user operations .

Microsoft Exchange

Transport

Provides mail transport for Exchange

Server .

Microsoft Exchange

Transport Log

Search

Provides search capability for Exchange transport log files .

Mailbox

Hub Transport,

Edge Transport

Hub Transport,

Mailbox

Microsoft Exchange

Unified Messaging

Enables voice and fax messages to be stored in Exchange and gives users telephone access to e-mail, voice mail, the calendar, contacts, or an automated attendant .

Microsoft Forefront

Server Protection ADO/EWS

Navigator

Navigates the objects in Active Directory for Forefront Protection by connecting with Exchange Web Services (EWS) or

Exchange ActiveX Data Objects (ADO) to retrieve objects .

Unified

Messaging

Forefront

Protection

Microsoft Forefront

Server Protection

Controller

Controls the interaction between Forefront

Protection and the Microsoft Exchange

Information Store . Ensures that Forefront

Protection initializes properly with the information store . The Microsoft Forefront

Server Security Controller starts and stops scan jobs and applies engine updates .

Forefront

Protection

Exchange Server 2010 Administration Overview

ChAPTEr 1 13

TABLE 1-1

Summary of Key Services Used by Exchange Server 2010

SERvICE NAME DESCRIPTION

Microsoft Forefront

Server Security

Eventing Service

Processes incidents, and manages quarantine logging, performance logging, and notifications .

SERvER ROLE

Forefront

Protection

Microsoft Forefront

Server Security for

Exchange Registration Service

Ensures the Forefront Transport Agent is registered with Exchange Server .

Microsoft Forefront

Server Security Mail

Pickup

Provides mail pickup services for Forefront Protection .

Microsoft Forefront

Server Security

Monitor

Monitors the information store, SMTP/

IMS, and Forefront Protection processes to ensure that Forefront Protection

provides continuous protection .

Microsoft Search

(Exchange)

Secure Socket

Tunneling Protocol

Service

Web Management

Service

Windows Remote

Management

Service

World Wide Web

Publishing Services

Provides search services for mailboxes, address lists, and so on .

Provides support for Secure Socket

Tunneling Protocol (SSTP) for securely connecting to remote computers .

Enables remote and delegated

management for the Web server, sites, and applications .

Implements the WS-Management protocol . Required for remote management using the Exchange console and

Windows PowerShell .

Provides Web connectivity and administration features for IIS .

Forefront

Protection

Forefront

Protection

Forefront

Protection

Hub Transport,

Mailbox

Client Access

Client Access

All

Client Access

Exchange Server Authentication and Security

In Exchange Server 2010, e-mail addresses, distribution groups, and other directory resources are stored in the directory database provided by Active Directory . Active

Directory is a directory service running on Windows domain controllers . When there are multiple domain controllers, the controllers automatically replicate directory data with each other using a multimaster replication model . This model allows any

14 ChAPTEr 1

Exchange Server 2010 Administration Overview

domain controller to process directory changes and then replicate those changes to other domain controllers .

The first time you install Exchange Server 2010 in a Windows domain, the installation process updates and extends Active Directory to include objects and attributes used by Exchange Server 2010 . Unlike Exchange Server 2003 and earlier releases of Exchange, this process does not include updates for the Active Directory

Users And Computers Snap-In for Microsoft Management Console (MMC), and you do not use Active Directory Users And Computers to manage mailboxes, messaging features, messaging options, or e-mail addresses associated with user accounts . You perform these tasks using the Exchange Management tools .

Exchange Server 2010 fully supports the Windows Server security model and relies on this security mechanism to control access to directory resources . This means you can control access to mailboxes and membership in distribution groups and you can perform other Exchange security administration tasks through the standard

Windows Server permission set . For example, to add a user to a distribution group, you simply make the user a member of the distribution group in Active Directory

Users And Computers .

Because Exchange Server uses Windows Server security, you can’t create a mailbox without first creating a user account that will use the mailbox . Every Exchange mailbox must be associated with a domain account—even those used by Exchange for general messaging tasks . For example, the SMTP and System Attendant mailboxes that Exchange Server uses are associated by default with the built-in System user . In the Exchange Management Console, you can create a new user account as part of the process of creating a new mailbox .

Note

To support coexistence with Exchange Server 2003, all Exchange Server 2010 servers are automatically added to a single administrative group when you install

Exchange Server 2010. This administrative group is recognized in the Exchange System

Manager in Exchange Server 2003 as “Exchange Administrative Group.” Although

Exchange Server 2003 uses administrative groups to gather Exchange objects for the purposes of delegating permission to manage those objects, Exchange Server 2007 and Exchange Server 2010 do not use administrative groups. Instead, you manage

Exchange servers according to their roles and the type of information you want to manage using the Exchange Management Console. You’ll learn more about this in

Chapter 3, “Exchange Server 2010 Administration Essentials.”

Exchange Server Security Groups

Like Exchange Server 2007, Exchange Server 2010 uses predefined universal security groups to separate administration of Exchange permissions from administration of other permissions . When you add an administrator to one of these security groups, the administrator inherits the permissions permitted by that role .

The predefined security groups have permissions to manage the following types of Exchange data in Active Directory:

Exchange Server 2010 Administration Overview

ChAPTEr 1 15

n

Organization Configuration node This type of data is not associated with a specific server and is used to manage databases, policies, address lists, and other types of organizational configuration details .

n

Server Configuration node This type of data is associated with a specific server and is used to manage the server’s messaging configuration .

n

Recipient Configuration node This type of data is associated with mailboxes, mail-enabled contacts, and distribution groups .

Note

In Exchange Server 2010, databases have been moved from the Server Configuration node to the Organization Configuration node. This change was necessary because the Exchange schema was flattened and storage groups were removed. As a result of these changes, all storage group functionality has been moved to the database level.

The predefined groups are as follows: n

Delegated Setup Members of this group have permission to install and uninstall Exchange on provisioned servers .

n

Discovery Management Members of this group can perform mailbox searches for data that meets specific criteria .

n

Exchange All Hosted Organizations Members of this group include hosted organization mailbox groups . This group is used to apply Password

Setting objects to all hosted mailboxes .

n

Exchange Servers Members of this group are Exchange servers in the organization . This group allows Exchange servers to work together .

n

Exchange Trusted Subsystem Members of this group are Exchange servers that run Exchange cmdlets using WinRM . Members of this group have permission to read and modify all Exchange configuration settings as well as user accounts and groups .

n

Exchange Windows Permissions Members of this group are Exchange servers that run Exchange cmdlets using WinRM . Members of this group have permission to read and modify user accounts and groups .

n

ExchangeLegacyInterop Members of this group are granted send-to and receive-from permissions, which are necessary for routing group connections between Exchange Server 2010 and Exchange Server 2003 . Exchange Server

2003 bridgehead servers must be made members of this group to allow proper mail flow in the organization . For more information on interoperability, see Chapter 2 .

n

Help Desk Members of this group can view any property or object within the Exchange organization and have limited management permissions, including the right to change and reset passwords .

n

Hygiene Management Members of this group can manage the antispam and antivirus features of Exchange .

16 ChAPTEr 1

Exchange Server 2010 Administration Overview

Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement

Table of contents