Embed Size (px)
Citation preview
Winter 2005-2006
Hosted Messaging and Collaboration version 3.5 Solution ComponentsHosted Messaging and Collaboration version 3.5 Solution Components
Philippe MaurentPrincipal ConsultantMicrosoft EMEA / Communication Sector
AgendaAgenda
Hosted Messaging and Collaboration Solution Hosted Services Technical Overview
Hosted Exchange 2003
Microsoft® Live Communications Server 2005
Microsoft Windows® SharePoint® Services
Overview of Hosted Messaging and Collaboration Provisioning
Monitoring Hosted Messaging and Collaboration with Microsoft Operations Manager (MOM) 2005
Hosted Messaging and Collaboration Reporting
Overview of Hosted Messaging and Collaboration—User ExperienceOverview of Hosted Messaging and Collaboration—User Experience Multi-tenant hosting of small and medium-sized business organizations
(SMBs) Customer isolation in Active Directory®, Exchange address lists
Consumer users
Clients and protocols HTTP – Microsoft Outlook® Web Access (OWA) POP3/IMAP4 RPC over HTTP(s) – Outlook 2003 SIP – Windows Messenger and Presence integration Mobility features including ActiveSync® and DirectPush
Automated provisioning
Delegated administration
Security features Internet Security and Acceleration (ISA) 2004 Intelligent Message Filter (IMF) anti-spam solution
Outlook 2003Outlook 2003
The features of Outlook 2003 include: RPC over HTTP(s) (No VPN, Over the Internet)
Cached Exchange mode
Data compression
P.S. Need Windows XP client computers
+ RPC over HTTPS configuration Web site (RPC config.)
Connectivity for Mobile Devices Connectivity for Mobile Devices
Hosted Exchange 2003 allows service providers to enable the same features for mobile clientsas Exchange Server 2003.
This includes: ActiveSync: Allowing users to use mobile devices to
access their e-mail and their Contacts, Calendar, and Tasks folders
Always-Up-To-Date (AUTD) New version : “Direct Push”
Outlook Mobile Access (OMA)
New Exchange 2003 SP2 Mobility featuresNew Exchange 2003 SP2 Mobility features
Always-Up-To-Date version 2 – “Direct Push” No reliance on SMS for notifications World-wide capable
GAL (Global Address List) Lookup Allows over-the-air lookup of corporate contacts or GALs
stored on the Exchange server
Mobile Device Policies Enable/Require personal identification number (PIN) on
device Minimum PIN length Set PIN restrictions: length, alphanumeric Device can wipe local store after X incorrect PIN tries
Remote wipe capability, if device is lost Configurable globally or per user
How Does Direct Push Work?How Does Direct Push Work?
4. If new mail arrives 4. If new mail arrives before heartbeat interval before heartbeat interval expires, Exchange 2003 expires, Exchange 2003 notifies device that notifies device that changes have occurred changes have occurred in the mail boxin the mail box
1. Device sends “PING” 1. Device sends “PING” request to Exchange 2003 request to Exchange 2003 SP2 serverSP2 server
2. Exchange 2003 holds 2. Exchange 2003 holds the request pending until the request pending until heartbeat interval expiresheartbeat interval expires
5. Device promptly 5. Device promptly requests Server to send requests Server to send mail. Upon completion, mail. Upon completion, go to step 1go to step 1
3. If no mail 3. If no mail arrives before arrives before heartbeat expires, heartbeat expires, device sends device sends another “PING” another “PING” requestrequest
Windows Mobile Windows Mobile 5.0 Device with 5.0 Device with MSFPMSFP
Server running Server running Exchange 2003 Exchange 2003 SP2SP2
Direct Push = Device interacts directly Direct Push = Device interacts directly with Exchange Server 2003 SP2with Exchange Server 2003 SP2
Exchange/WindowsExchange/Windows MobileMobile
HTTP(s)HTTP(s)
GAL (Global Address List) LookupGAL (Global Address List) Lookup
Policy enforcement and Remote WipePolicy enforcement and Remote Wipe
Outlook Web Access (OWA)Outlook Web Access (OWA) The OWA interface now closely resembles the user interface of Outlook 2003
(Microsoft Internet Explorer 5.01 or later is required) Richer functionality — OWA now has a feature set that is comparable to
Outlook, which includes: Forwarding of meeting requests Desktop alerts for new mail An “add to contacts" feature The ability to set the number of items to view per page The capability for meeting invitees to set their preferred reminder time for
meetings The ability to open the calendar in its own window from a meeting request,
thus enabling users to evaluate the calendar and meeting request at the same time
Server-side spelling checker for 14+ languages Enhanced security and privacy — OWA provides improved security and
privacy with the following new features: Secure/Multipurpose Internet Mail Extensions (S/MIME) support (Internet
Explorer 6.0 and Microsoft Windows 2000 or later required) Forms-based authentication that enables support for a timed logoff after a
period of inactivity "Spam beacon" blocking to help protect a user's e-mail address privacy from
spammers
Live Communications Server 2005 Hosting OverviewLive Communications Server 2005 Hosting Overview Live Communications Server 2005 Hosting
provides instant messaging and presence awareness for customers you host
Presence awareness allows users to discover if their coworkers are available for Hosted Exchange following: Collaboration
Communication
Sharing information
Live Communications Server 2005 Hosting FeaturesLive Communications Server 2005 Hosting Features
Live Communications Server 2005 Hosting: Uses Session Initiation Protocol (SIP) as main
protocol
Multi-tenant hosting (same as Hosted Exchange)
End-to-end secure communication: Transport Layer Security protocol (TLS) and mutual-TLS From client to server, server to server, and server to client
Architecture and features: Home servers are using a “Pool architecture” (servers farm) Microsoft SQL Server storage for Live Communications
Server databases
No virtual private network (VPN) requirement
Automated provisioning of users and SIP domains
Microsoft Office Communicator 2005Enterprise Grade User Experience IntegratesMicrosoft Office Communicator 2005Enterprise Grade User Experience Integrates Rich presence
Instant messaging
Contacts search
Schedule integration
Custom notes
Phone integration
LM integration
Application sharing
Audio/Video
File transfer
Presence usage – Office 2003 (Outlook)Presence usage – Office 2003 (Outlook)
Microsoft Office 2003 applications are consuming the presence information from the Windows Messenger client API
Presence & additional directory
information
Windows SharePoint Services (WSS)Windows SharePoint Services (WSS)
Team sites
Project team collaboration
Ad hoc tasks Document sharing Meetings Surveys Discussions
Virtual organizations
Content editing and publishing
Subscriptions and alerts
Self-service site creation
Drag and drop site customization
Winter 2005-2006
HMC Provisioning
Overview of Hosted Messaging and Collaboration Provisioning (1 of 2)Overview of Hosted Messaging and Collaboration Provisioning (1 of 2)
The Hosted Messaging and Collaboration provisioning system builds upon the Microsoft Provisioning System (MPS) and the Solution Platform:
Hosted Exchange
Microsoft Windows SharePoint Services Hosting
Microsoft Office Live Communications Server 2005 Hosting
Overview of Hosted Messaging and Collaboration Provisioning (2 of 2)Overview of Hosted Messaging and Collaboration Provisioning (2 of 2)Delegated Administration: Active Directory Hosted Exchange 2003 Windows SharePoint Services Live Communications Server 2005 Hosting Plans Provisioning Events Automated Resource Management
Hosted Exchange 2003 Provisioning FunctionalityHosted Exchange 2003 Provisioning Functionality Create Organizations and Users:
Simple Mail Transfer Protocol (SMTP) domains
Active Directory organizational unit (OU)
User object
User Management
Group memberships
Mailboxes: Mailbox enable
Global address list (GAL), offline address list (OAL), Address List (AL) First Messaging API (MAPI) user initiates creation
Segmentation of Exchange Features via Service Plans
Automated Resource Allocation
Hosted Exchange 2003 SP2 Mobility ProvisioningHosted Exchange 2003 SP2 Mobility Provisioning Hosted Exchange Mobility Namespace:
Encapsulates all business logic for Hosted Exchange Mobility provisioning tasks
Mobile Policies: Stored in the MPS Plans database Applied to the User object in Active Directory:
Enable/require PIN on device Minimum PIN length PIN complexity Device inactivity time before user needs to enter PIN
again Device wipes local store after X incorrect PIN tries
Hosted Exchange Provisioning EnhancementsHosted Exchange Provisioning Enhancements Transactional creation of distribution lists:
Lists can be managed from Outlook client
MAPI Enable/Disable: Previous releases hid MAPI capability based on
Group Membership
Exchange 2003 SP2 extends the msExchProtocolSettings Active Directory attribute to expose MAPI enable/disable
Hosted Exchange Namespace sets this attribute appropriately when creating a mailbox
Sample Service Plans (these are sample plans)Sample Service Plans (these are sample plans) Base Mail:
Mail with Post Office Protocol (POP), Internet Message Access Protocol (IMAP), and a 10-megabyte (MB) mailbox
Microsoft Outlook Web Access (OWA) messaging and contacts
Gold Mail: Mail with POP, IMAP, and a 20-MB mailbox OWA messaging, calendar, tasks, and contacts
Platinum Mail: Consumer Mail with POP, IMAP, and a 20-MB mailbox Full OWA without Public Folder support
Platinum Plus Mail: Business Mail with POP, IMAP, and a 20-MB mailbox Full OWA Remote procedure call (RPC) over HTTP – Outlook 2003
Windows SharePoint ProviderWindows SharePoint Provider
Some of the provisioning tasks that Windows SharePoint Provider can implement are as follows:
Add, create, or delete SharePoint sites
Return permissions collections for a SharePoint site
Add, modify, or remove permissions for a specified collection of existing users or groups
Return site properties
Gather information about site and group memberships
Add user accounts to specified cross-site groups
Remove, update, or query users from a site or site collection
Return the URLs of sites and subsites
Live Communications ServerLive Communications Server
Live Communications Resource Manager: Manages auto-allocation of users to Live Communications
Server application pools
Managed Live Communications: Encapsulates logic for enabling and configuring a user for
Live Communications Server
Hosted Live Communications: Combines Active Directory Provisioning, Resource
Management, and Service Plans for Live Communications Server
Couples Managed Live Communications and Live Communications Resource Manager procedures into unified transactions
Currently dependent on Hosted Exchange
Winter 2005-2006
HMC Monitoring and Reporting
Hosted Exchange 2003 Monitoring Management PackHosted Exchange 2003 Monitoring Management PackHelps monitor your system in the following ways:
Provides a selected subset of the following: Exchange 2003 Management Pack rules Customer-developed rules
Tracks service availability, monitors server health, and reports managed server events
Contains 154 rules organized within 32 PRGs The parameters of each rule meet typical service
provider needs KBs created specifically for hosting scenario Rules provide enhanced health checks on MAPI
connections, RPC Ping, and Mail flow
Hosted Messaging and Collaboration ReportingHosted Messaging and Collaboration Reporting Proactively leverage MOM management packs
Collect data into a SQL database for long-term storage and analysis using SQL Reporting Services: MOM Performance Counters
Custom Windows Management Instrumentation (WMI) data collection applications: Active e-mail user report for Microsoft Services
Provider License Agreement (SPLA) reporting Mailbox usage statistics Microsoft Windows SharePoint site usage statistics
MOM Reporting Architecture for Hosted Messaging and CollaborationMOM Reporting Architecture for Hosted Messaging and Collaboration
For More Information: See “MOM Architecture" in the Monitoring and Reporting chapter of the Microsoft Solution for Hosted Messaging and Collaboration version 3.5 documentation.ii
Hosted Exchange ReportsHosted Exchange Reports
Active E-Mail Users Last 30 Days
By Exchange Database
Mailbox Utilization
Hosted Exchange System Usage Quick Facts
Hosted Exchange Mailbox Utilization
Active E-Mail Users by Exchange Database
Inactive E-Mail Users
Inactive E-Mail Users Last 30 Days
Hosted Exchange Mailbox Upsell
Hosted Exchange Usage Profile
And many more. …
HMC Reporting – other applicationsHMC Reporting – other applications
Intelligent Message Filter (IMF) reports. These reports present information on the Exchange IMF, including performance data and statistics:
Number of messages scanned, deleted, rejected, archived, and assigned to each Spam Confidence Level rating.
Number of messages scanned and assigned an unsolicited commercial e-mail (UCE) rating the previous day.
Performance statistics - Several performance objects are presented for each server running Exchange IMF (SMTP front-end).
Sharepoint Hosting reports Top Windows SharePoint Services Sites Site Utilization System Usage Quick Facts Upsell assistance
Live Communications Server 2005 Hosting reports
Winter 2005-2006
Multi-Layer E-Mail Security
Better Together with ExchangeBetter Together with Exchange
Internet
Eliminate spam and viruses before they reach your network with multiple scanning engines
Rapid identification and quickest response to latest threats
Unparalleled reliability and scalability
Protect against internal threats with multiple scanning engines
Enforce content policies in e-mail
Provide additional layer of defense against the latest viruses, worms and spam
Securely and easily enable remote access to Exchange e-mail
Enhance server protection with pre-authentication of users
Improve security of OWA sessions from unmanaged clients
ISA ServerISA Server
FrontBridge Managed ServicesFrontBridge Managed Services Antigen On-Premise SoftwareAntigen On-Premise SoftwareISA ServerISA Server
External ProtectionExternal Protection Internal ProtectionInternal Protection
Multi-Layer E-Mail SecurityMulti-Layer E-Mail Security
Exchange Exchange 2003 IMF2003 IMF
Email Services from FrontBridge in ASPEmail Services from FrontBridge in ASP
FrontBridge Services (choice of one or/and two services) Security: Anti-Spam, Anti-Virus (4 engines), content filtering, encryption Continuity: Web interface for end-users if internal network (Mail Server) not available Archiving and Compliance: answer new laws requirements (Sarbanes Oxley, Basel II, etc.), legal
search, etc.
Benefits: TCO: fixed costs per user per month, independently on the volume of messages Internal IT resources optimization: reduction or re-organization Improved efficiency: filtering in the cloud, bandwidth improvement in internal network Security reinforced: against DHA, DOS, etc. SLA and SLO on availability and quality of service
Worldwide Presence 4 000 customers: large customers mainly
InternetInternet
Email Email FlowFlow
FirewaFirewallll End-userEnd-userMail ServerMail Server
FrontBridFrontBridgege
Security Features – ISA 2004Security Features – ISA 2004
Internet Security and Acceleration (ISA) 2004 enterprise edition Full blown edge firewall
Wide variety of firewall edge scenarios VPN, Proxy and Cache
Advanced application layer filtering Built in MS-specific filters Defense in Depth
Very easy to use Easy installation and setup Easy policy configuration Reduced risk of configuration mistakes
Open platform for 3rd party extensions
High performance
Highly secure platform
Private Certificate
TraditionalTraditionalFirewallFirewall
TraditionalTraditionalFirewallFirewall
OWAOWAClientClient
Web server prompts for Web server prompts for authentication — any Internet user authentication — any Internet user
can access this promptcan access this prompt
SSLSSLSSLSSL
SSL tunnels through SSL tunnels through traditional firewalls because traditional firewalls because
it is encrypted…it is encrypted…
……which allows viruses and which allows viruses and worms to pass through worms to pass through
undetected…undetected…
……and infect internal servers!and infect internal servers!
ISA ServerISA Server
Authentication delegationAuthentication delegationISA Server pre-authenticates users, ISA Server pre-authenticates users, eliminating multiple dialog boxes eliminating multiple dialog boxes
and only allowing valid traffic and only allowing valid traffic throughthrough
ISA Server 2004 – HTTP FilterISA Server 2004 – HTTP Filter
SSL or SSL or HTTPHTTP
SSL or SSL or HTTPHTTP
SSLSSLSSLSSL
ISA Server can ISA Server can decrypt and inspect decrypt and inspect
SSL trafficSSL traffic
Inspected traffic can be sent to the internal Inspected traffic can be sent to the internal server re-encrypted or in the clear.server re-encrypted or in the clear.
HTTP filterHTTP filter(including URL (including URL
analysis)analysis)
HTTP FilterHTTP Filter can stop Web can stop Web attacks at the network edge, attacks at the network edge,
even over encrypted SSLeven over encrypted SSL
InternetInternet
Public Certificate
Web Servers protection – HTTPs web server(ex: OWA)
Web Servers protection – HTTPs web server(ex: OWA)
Security Features - IMFSecurity Features - IMF
Intelligent Message Filter (IMF) anti-spam solution – part of Exchange 2003 SP2
Should be activated on the SMTP gateways (Exchange SMTP front-ends)
Works in conjunction with Outlook 2003 and Outlook Web Access.
How IMF works IMF is deployed on the front line Exchange 2003 gateways IMF examines messages and gives each an SCL value
[0-9] Two thresholds: Gateway and Store Messages with a high SCL values are filtered at the gateway
Aggressive gateway threshold settings – higher filtering rate at the gateway
Reduces impact to users and the rest of the infrastructure SCL store level spam filtering
Assigned SCL rating persists with the message If SCL > msExchUceStoreActionThreshold value, then Junkmail
Exposing SCL in Outlook http://blogs.msdn.com/exchange/archive/2004/05/26/142607.aspx
Do you have any questions?Do you have any questions?
Back-end and Front-end Server ArchitectureBack-end and Front-end Server Architecture
Sample architectures – 10KSample architectures – 10K
