Exchange 2000 Operations Guide Version 1.
ii ISBN: 1-4005-2762-7 Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless oth erwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred.
iii Contents Chapter 1 Introduction 1 Microsoft Operations Framework (MOF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . How to Use This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Efficiency, Continuity, and Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Chapter Outlines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
iv Contents Tuning Active Directory Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tuning Outlook Web Access (OWA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Hardware Upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents v Chapter 5 Protection Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Chapter Start Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Chapter End Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Chapter Sections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
vii Content Lead Andrew Mason – Microsoft Prescriptive Architecture Group Key Authors Paul Slater – ContentMaster Kent Sarff – Microsoft Consulting Services Sasha Frljanic – Microsoft Consulting Services Reviewers Jon LeCroy – Microsoft ITG Thomas Applegate – Microsoft ITG Erik Ashby – Microsoft Exchange 2000 Product Group Chase Carpenter – Microsoft Consulting Services
1 Introduction Introduction Welcome to the Microsoft® Exchange 2000 Server Operations Guide. This guide is designed to give you the best information available on managing operations within an Exchange 2000 environment. To manage Exchange in a day-to-day environment, an operations team needs to perform a wide variety of procedures, including server monitoring, backup, verification of scheduled events, protection against attack, and user support.
2 Microsoft Exchange 2000 Operations Guide — Version 1.0 Optimize cost, performance, capacity, and availability. Release Approved SLA Review Track and resolve incidents, problems, and inquiries quickly. Facilitate CRM. Introduce new service, solutuions, technologies, systems, applications, hardware, and Release Review Execute day-to-day operations tasks effectively. Operations Review Figure 1.1 MOF Process Model multiple data centers.
Chapter 1: Introduction It is not essential to be a MOF expert to understand and use this guide, but a good understanding of MOF principles will assist you in managing and maintaining a reliable, available, and stable operations environment. If you wish to learn more about MOF and how it can assist you to achieve maximum reliability, availability, and stability in your enterprise, visit www.microsoft.com/mof for more detailed information.
4 Microsoft Exchange 2000 Operations Guide — Version 1.0 Efficiency Continuity Storage Management Hardware Upgrades Performance Monitoring Performance Tuning Exchange System Policies Capacity Management Disaster Recovery Support Anti-Virus Event Monitoring Change Management Group Policies UPS Recovery Testing Availability Monitoring Availablity Management Backup Security Policies Firewall Issues Exchange System Policies AD Group membership Security Figure 1.
Chapter 1: Introduction 5 This guide covers all three areas described above. Although the chapters are structured according to Microsoft operations principles, you will find information about all of these areas in the guide. Chapter Outlines This guide consists of the following chapters, each of which takes you through a part of the operations process. Each chapter is designed to be read in whole or in part, according to your needs.
6 Microsoft Exchange 2000 Operations Guide — Version 1.0 ◆ Availability monitoring ◆ Proactive monitoring ◆ Availability prediction Chapter 5 – Protection To protect your Exchange environment from failure, you need good protection from intrusion and attack, along with a documented and tested disaster-recovery procedure to cope with system failure. The chapter shows how to ensure that your server running Exchange is protected against these eventualities.
Chapter 1: Introduction 7 to be created at this stage, because waiting until the system is live could be too late. The operations team should be using the planning phase (and in some cases the deployment phase) to test procedures that are defined, such as those for disaster recovery. Planning and deployment are covered in more detail as part of the Exchange 2000 Upgrade Series. You will find this at the following Web site: http://www.microsoft.com/technet/exchange/guide/default.
8 Microsoft Exchange 2000 Operations Guide — Version 1.0 Performance Here you show the performance you would expect from each of the previously mentioned features.
Chapter 1: Introduction 9 Summary This chapter has introduced you to this guide and summarized the other chapters in it. It has also provided brief descriptions of both service level agreements and planning and deployment. Now that you understand the organization of the guide, you can decide whether to read it from beginning to end, or whether you want to read selected portions.
2 Capacity and Availability Management Introduction In the vast majority of cases, the load on your Exchange 2000 Server computers will increase over time. Companies increase in size, and as they do, the number of Exchange users increases. Existing users tend to use the messaging environment more over time, not only for traditional e-mail, but also for other collaborative purposes (for example, voicemail, fax, instant messaging, video conferencing).
12 Microsoft Exchange 2000 Operations — Version 1.0 Chapter Sections This chapter covers the following procedures: ◆ Capacity management ◆ Availability management ◆ Performance tuning ◆ Hardware upgrades After reading this chapter, you will be familiar with the requirements for capacity and availability management in an Exchange 2000 environment and the steps necessary to ensure that the requirements of your SLA are met.
Chapter 2: Capacity and Availability Management 13 resulted in specialized hardware for specialized functions, for example, in the case of frontend servers. To ensure that you manage capacity appropriately for your Exchange 2000 server, you need a great deal of information about current and projected usage of your server running Exchange. Much of this information will come from monitoring. You will need information about patterns of usage and peak load characteristics.
14 Microsoft Exchange 2000 Operations — Version 1.0 3. Divide this figure by the maximum mailbox size you have determined for the server (again listed in your SLA). This will give you the number of mailboxes you can put on the database. As an example, assume that your SLA defines a recovery time of four hours for a database. In testing, your recovery solution can restore 2 gigabytes (GB) of Exchange data per hour and your maximum mailbox size is 75Mb.
Chapter 2: Capacity and Availability Management 15 To deal with this problem, you should continually monitor available disk space on your servers running Exchange. If the RAID array containing the stores gets close to half full, an alert should be sent indicating the problem, and that the Exchange Database might need to be defragmented offline. To do this, perform an alternate server restore (see Chapter 5 for details) and then defragment the database on this alternate server.
16 Microsoft Exchange 2000 Operations — Version 1.0 Of course, just because you have allowed for a certain amount of downtime per server per month, this does not mean that you have to use it, and in most cases you will not. On the other hand, just because you haven’t performed offline maintenance one month does not mean that the hours can be carried over to the following month.
Chapter 2: Capacity and Availability Management 17 Decreasing Single Points of Failure You can maintain availability in Exchange 2000, even in the event of a failure, provided you ensure that it is not a single point of failure. In some areas, such as database corruption, it is not possible to eliminate single points of failure, but in many cases you can guard against individual failures and still maintain reliability. An obvious example is the directory.
18 Microsoft Exchange 2000 Operations — Version 1.0 the disk subsystem becomes a single point of failure once that hot spare is invoked. If you have robust systems in place, you must ensure that any failures are resolved promptly. Make sure that you have notification and monitoring procedures in place and a system for resolving problems. Remember that Exchange relies on Active Directory and Global Catalog servers to function.
Chapter 2: Capacity and Availability Management 19 One area where you can guard against problems is database errors. Database errors can be caused by a number of factors, but they are typically hardware related. You will be able to minimize these by doing the following: ◆ Ensure that your hardware is on the Hardware Compatibility List ◆ Checking Event Viewer for database-related errors ◆ Periodically running the Information Store Integrity Checker (isinteg.
20 Microsoft Exchange 2000 Operations — Version 1.0 While obtaining the best performance from your Exchange 2000 computers is always an important goal, it is crucial to be cautious in your tuning changes. You should track all alterations in case you make a change that inadvertently reduces performance. Making one change at a time makes it easy to identify which change needs to be reversed. Customer variation is probably the greatest variable in tuning Exchange for optimum performance.
Chapter 2: Capacity and Availability Management 21 and “Edit Registry Information” Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running the Microsoft Windows NT® or Microsoft Windows® 2000 operating system, you should also update your emergency repair disk (ERD). No Performance Optimizer The Performance Optimizer (also known as PerfWiz) is an Exchange 5.5 tool that enables you to specify how an Exchange 5.
22 Microsoft Exchange 2000 Operations — Version 1.0 Tuning Considerations The efficiency and capacity of Microsoft Exchange 2000 depends on the administrator’s choices of server and storage hardware, and on the installation’s topology. These should be chosen based on expected types and levels of usage. Exchange can be made more efficient through changes to various registry settings on the Exchange computer.
Chapter 2: Capacity and Availability Management 23 servers. These areas are beyond the scope of the Exchange 2000 Operations Guide. If you need to tune your Exchange 2000 MTA, consult the deployment section of the Exchange 2000 Server Upgrade Series, available on the following Web site: http://www.microsoft.com/technet/exchange/guide/default.asp Tuning SMTP Transport When messages arrive into Exchange 2000 through the SMTP protocol, the data is written to disk in the form of an NTFS file (.EML).
24 Microsoft Exchange 2000 Operations — Version 1.0 8. Navigate to the following path: Configuration Container\ CN=Configuration, CN=Services, CN=Microsoft Exchange, CN=, CN=Administrative Groups, CN=, CN=Servers, CN=, CN=Protocols, CN=SMTP, CN=1. 9. Right-click the CN=1 object, and then choose Properties. 10. Select Both from the Select which properties to view drop-down list. 11.
Chapter 2: Capacity and Availability Management 25 your server becomes low on kernel memory, your system becomes unresponsive. To regain control of your server, you must restart it to free up the kernel memory. Table 2.1 shows the registry parameters you might need to alter if you are to make performance gains on servers with more than 1 GB RAM. Table 2.
26 Microsoft Exchange 2000 Operations — Version 1.0 reduced to 10,000, SMTP will refuse any inbound mail after the queue reaches 10,000 messages. You may need to alter the following registry entry if the Exchange 2000 computer is running out of memory because the number of incoming messages is too great for the server to process: ◆ Location. HKEY_LOCAL_MACHINE\Software\Microsoft\Exchange\Mailmsg ◆ Parameter. MaxMessageObjects (REG_DWORD) ◆ Default setting.
Chapter 2: Capacity and Availability Management 27 scenario, the online maintenance occurs during the night (by default) when very few users are logged on, so the load on the Active Directory servers should be very low. The extra domain controller load created by online maintenance should not be a problem in this scenario. If Exchange 2000 is installed in a global data center, serving customers from multiple time zones, the default online maintenance time could become an issue.
28 Microsoft Exchange 2000 Operations — Version 1.0 It is critical that the backup time for any database within a storage group does not conflict with the maintenance times of any database within the same storage group. If it does, backup will terminate the online defragmentation portion of the store online maintenance and the database might never finish defragmenting.
Chapter 2: Capacity and Availability Management 29 Extensible Storage Engine (ESE) Heaps When Exchange 2000 is installed on servers with more than four processors, you might notice high virtual memory usage by the Extensible Storage Engine (ESE) multi-heap. This can lead to performance problems, especially when the server has more than one GB of memory, and many databases and storage groups have been configured.
30 Microsoft Exchange 2000 Operations — Version 1.0 Factors which affect the virtual address-space size in the Store.exe process include the following: ◆ Initial allocation on start-up ◆ Number of storage groups and databases on the server ◆ Number of threads running ◆ Size of the store-database cache Prior to increasing the maximum cache size, it is recommended that you use the Windows 2000 performance monitor to monitor the memory of the server under normal load.
Chapter 2: Capacity and Availability Management 31 7. Click Set after changing the Edit Attribute field for the attribute and then click OK. 8. Close the ADSI Edit tool by closing the MMC console application. 9. Wait for Active Directory replication to replicate this new value throughout the forest (this might take some time—using ADSIEdit elsewhere in the organization will show you how replication is proceeding). 10. Restart the Microsoft Exchange information store service on the Exchange 2000 computer.
32 Microsoft Exchange 2000 Operations — Version 1.0 6. 7. 8. 9. 10. 11. 12. Type SHOW VALUES and press Enter. Type SET MAXACTIVEQUERIES TO 40 and press Enter. Type COMMIT CHANGES and press Enter. Type SHOW VALUES and press Enter. Verify that the new setting is shown. Type Q and press Enter. Type Q and press Enter. Note: This setting will be replicated to all Active Directory servers within the forest. You do not have to restart domain controllers or Global Catalog servers for this to take effect.
Chapter 2: Capacity and Availability Management 33 IsGC = REG_DWORD 0x1 HostName = REG_SZ GC_DomainName.CompanyName.com PortNumber = REG_DWORD (0xCC4 by default or 0xCC5 for SSL) Note: Domain controller entries are defined independently of Global Catalog server entries, so it is conceivable that a static list would be used to locate Global Catalog servers, whereas a dynamic list would be used to find domain controllers.
34 Microsoft Exchange 2000 Operations — Version 1.0 deleted. In addition, each time the user accesses Outlook Web Access, the browser will send an “is modified” request for each static file cached; therefore, even if a future Service Pack does modify \Exchweb content, the browser will immediately pick up the changes. Changing this setting does not involve the registry. Instead, you will need to perform the following steps: 1. Start the Internet Services Manager.
Chapter 2: Capacity and Availability Management 35 Hardware Upgrades Exactly when hardware upgrades are required depends on the results of your capacity planning. If you plan your capacity well, you will be able to predict when hardware upgrades are required, which is particularly important when there are long lead times on hardware.
3 Change and Configuration Management Introduction Exchange 2000 Server is highly configurable and has the potential for huge variation in hardware and software configuration. It is also likely to be one of the most important elements of your IT environment. For Exchange to run as smoothly as you hope, providing the best possible service to users, you need to make sure that your environment is carefully managed.
38 Microsoft Exchange 2000 Operations Guide — Version 1.0 Prerequisites By now you have defined a set of acceptable service level agreements for your Exchange environment and you understand the concepts of availability management that were discussed in Chapter 2, “Capacity and Availability Management.
Chapter 3: Change and Configuration Management 39 Change can be broadly categorized into four groups, each requiring its own style of management. The groups are: ◆ Major change. Significantly impacts the IT environment, and requires major resources to plan, build, and implement (for example, upgrading all Exchange 2000 Server hardware). ◆ Significant change. Requires substantial resources to plan, build and implement (for example, upgrading to a new Service Pack). ◆ Minor change.
40 Microsoft Exchange 2000 Operations Guide — Version 1.0 Step 2 – Change Manager Assesses the RFC The change manager receives the RFC and records it in the change management log. The manager examines the RFC, checking to see if it is a complete and practical proposal.
Chapter 3: Change and Configuration Management 41 change. In this case, expertise with Exchange and hardware is very important. In fact, the change manager may decide to appoint an OEM vendor representative to the change advisory board. The change advisory board determines the hardware upgrade schedule, according to IT executive committee recommendations.
42 Microsoft Exchange 2000 Operations Guide — Version 1.0 Figure 3.1 The Change Management Process Minor and Standard Changes The advantage of minor and standard changes is that individuals with less authority can be pre-assigned the permissions to perform them. This is perfectly fine, because the changes themselves are not likely to cause significant problems when implemented.
Chapter 3: Change and Configuration Management 43 the user in the appropriate Windows 2000 groups and create the Exchange 2000 mailbox with the appropriate settings for that user. Over time, your team will build a set of custom tools that are used frequently to administer standard changes. Those tools and others will likely be used for implementing larger changes.
44 Microsoft Exchange 2000 Operations Guide — Version 1.0 schedule information, and work orders. It is the responsibility of the change initiator, change manager, and change owner to ensure that you have appropriate documentation about the change.
Chapter 3: Change and Configuration Management 45 Another example is hardware tracking. Imagine that your hardware vendor releases a new firmware version for the standard network adapter that you use in some or all of your servers. If you track firmware versions of each network adapter, and the relationship of each network adapter to a system, and the relationship of a system to a rack location, it is straightforward to identify the physical location of each network adapter requiring the firmware upgrade.
46 Microsoft Exchange 2000 Operations Guide — Version 1.0 ◆ Service Packs ◆ Hot fixes ◆ Anti-virus software ◆ Fax/voice mail Gateways ◆ Monitoring software ◆ Backup software ◆ Network equipment connecting the servers ◆ Processes and procedures ◆ Documentation ◆ Exchange users ◆ RFCs Each configuration item will have attributes associated with it. Take as an example the Exchange software.
Chapter 3: Change and Configuration Management 47 Configuration Management Relationships Many of the main benefits of configuration management come from the relationships between the configuration items that are defined in the structure of the configuration management database. Getting these relationships correct is vital for successful configuration management. The relationships grow more complex the more configuration items you have.
48 Microsoft Exchange 2000 Operations Guide — Version 1.0 Here, the printer is related to the server because it is connected to it. Exchange 2000 Server is licensed to the server hardware. The hot fix is another configuration item, but one that clearly has a relationship to the server running Exchange on which it is installed. Of course with more configuration items, this process is significantly more complicated. To see this, take a look at a slightly more complex example. Figure 3.
Chapter 3: Change and Configuration Management 49 Defining Configuration Items When defining configuration items you need to decide how deeply you want to go in recording the them. Too many configuration items makes the relationships too difficult to manage and costs start to increase.
50 Microsoft Exchange 2000 Operations Guide — Version 1.0 which connectors will be affected by taking a server running Exchange offline for maintenance, only to find when they actually examine the servers that different connectors are present. The configuration management database is initially populated by an inventory of your existing hardware, software, tools, and processes. The configuration management database contents change over time as the result of implemented changes of all kinds.
Chapter 3: Change and Configuration Management 51 Security Security is a vital component of configuration management. The only way in which you can maintain control over your configuration and ensure that the configuration management database is accurate is by ensuring that only authorized personnel change configuration items and that only authorized personnel can make the corresponding changes to the configuration management database.
52 Microsoft Exchange 2000 Operations Guide — Version 1.0 Summary Whatever the size of your organization, you should consider the processes described here and how they can benefit your organization. Remember that the change initiator, the change manager, the change advisory board, and the IT executive board are just descriptions of roles in your organization and can easily overlap. Many organizations have some difficulty justifying the cost of implementing configuration management.
4 Enterprise Monitoring Introduction Monitoring is an essential part of successful Exchange 2000 Server operations. Through effective monitoring, you are able to determine if you are meeting service level agreements, and if you are not, which areas are causing problems (known as reactive monitoring).
54 Microsoft Exchange 2000 Operations Guide — Version 1.0 Performance Monitoring Performance Monitoring is the monitoring of existing system(s) to ensure that optimum use is made of the hardware resources, and that agreed performance levels can be maintained. Performance Monitoring allows you to determine if your server running Exchange 2000 is meeting the performance standards you have defined in your service level agreements (SLAs).
Chapter 4: Enterprise Monitoring 55 Exchange 2000 Objects and Counters to Monitor Every Exchange 2000 performance object has at least one counter associated with it. For information on particular counters, in Performance Monitor, click Select Counters from List, select a counter, and then click Explain. Table 4.1 shows the various Exchange services and resources and the associated performance objects that you can monitor. Table 4.
56 Microsoft Exchange 2000 Operations Guide — Version 1.
Chapter 4: Enterprise Monitoring 57 Information Store Counters MSExchangeIS For this object, monitor the following counters: ◆ User Count – This displays the number of people currently using the Information Store (not the number of connections). It is impossible to properly judge the performance of a server running Exchange unless you know how many people are using it. ◆ RPC Requests – This shows the number of client requests currently being processed by the store.
58 Microsoft Exchange 2000 Operations Guide — Version 1.0 ◆ ◆ ◆ ◆ ◆ ◆ rarely greater than zero. A reading of greater than zero shows that the server is receiving more messages than it can process. If this number increases steadily over time, there is probably a problem with the Exchange Store you are trying to deliver to. Categorizer Queue Length – This shows the number of messages waiting for advanced address resolution.
Chapter 4: Enterprise Monitoring 59 MSExchangeIM Virtual Servers If you are running Instant Messaging in your organization, you may find that the organization quickly becomes as reliant on Instant Messaging as it is on e-mail. It is therefore important that you monitor Instant Messaging Counters. You should examine the following: ◆ Current Online Users – This shows the number of users logged on to the server.
60 Microsoft Exchange 2000 Operations Guide — Version 1.0 Table 4.
Chapter 4: Enterprise Monitoring 61 Subsystem Object Counter Processor Processor Interrupts/sec Processor %Processor Time The creation of indexes by Full Text Indexing generally uses a great deal of processor time. However, a low priority thread is used, so it does not necessarily cause performance issues.
62 Microsoft Exchange 2000 Operations Guide — Version 1.0 Centralized Monitoring In an enterprise environment, you can reduce operations costs dramatically if you can capture performance data in a central location. Doing so moves the load of monitoring from the monitored server to the centralized server and also allows you to compare the performance of similarly configured servers and ensure a consistent response in the event of a problem with a server running Exchange.
Chapter 4: Enterprise Monitoring 63 Event Monitoring When Exchange 2000 Server is running smoothly, event monitoring does not seem especially important. However, when performance is poor, you will quickly see the benefits of event monitoring. Event Viewer is a useful source of information about Exchange 2000 Server, along with log files that you may choose to generate. Large organizations may require an application such as Microsoft Operations Manager for reporting on Exchange 2000 Server events.
64 Microsoft Exchange 2000 Operations Guide — Version 1.0 One of the difficulties of viewing event logs is knowing which events are more worrisome than others. In some cases, Exchange 2000 Server issues Stop events, which record temporary issues that resolve themselves in the course of time. In other cases it records warning events, which are indicative of more substantial problems.
Chapter 4: Enterprise Monitoring 65 NetIQ AppManager contains useful features to help with Event monitoring. It detects whether any servers have written critical error messages to the Event Log and automates responses to actions, including issuing SNMP traps. Availability Monitoring To meet your availability SLAs, you need to ensure that, as much as possible, you protect against downtime.
66 Microsoft Exchange 2000 Operations Guide — Version 1.0 have other Exchange services that are vital to the user experience in your environment (for example, if Instant Messaging is used heavily in your organization). Monitoring Resources You can monitor other resources using the Monitoring and Status tool. To do so, click Add on the Monitoring tab and select the resources you want to monitor. These resources are monitored to see if they pass two thresholds.
Chapter 4: Enterprise Monitoring 67 Status The details pane of the Status container allows you to view the status of servers and connectors in your organization. The Status container shows the following server states: ◆ Available – This shows that the server is online and all the main services are running normally. ◆ Unreachable – This shows that one of the main services on the server is down. ◆ In Maintenance Mode – This shows that monitoring is disabled on this server for maintenance.
68 Microsoft Exchange 2000 Operations Guide — Version 1.0 Client Monitoring While it is very important to monitor the availability and performance of servers running Exchange, domain controllers, and the network, none of these directly cover one critical area – the experience of the Exchange end user. This area can be very challenging because your clients can differ greatly. They may be HTTP, POP3, or IMAP4 clients running over an intranet or the Internet.
Chapter 4: Enterprise Monitoring 69 Summary It is impossible to operate servers running Exchange efficiently if you do not know what they are doing. It is very important to ensure that you always have enough information about your Exchange environment to predict problems and to verify that you are meeting your service level agreements. However, there is such a thing as too much information.
5 Protection Introduction By its very nature, Exchange 2000 Server has a public face. You will be offering e-mail and other functionality to a large number of users. In many cases those users will not only be able to collaborate with other users in their own company, but also with others across the Internet. This high visibility makes it potentially more subject to attack than other services.
72 Microsoft Exchange 2000 Operations Guide — Version 1.0 Chapter Sections This chapter covers the following procedures: ◆ Protection against hacking ◆ Anti-virus measures ◆ Disaster recovery procedures ◆ Recovery testing ◆ Backup ◆ Restore Protection Against Hacking Whenever you consider protecting your organization against malicious attack, it is worth recalling one of the golden (and most disillusioning) rules of security: the majority of attacks on a network security come from inside.
Chapter 5: Protection 73 To keep your Exchange Server computers secure, look carefully at group memberships. One of the most critical groups you should monitor is the Exchange Domain Servers Group. Any user or computer account that is a member of the Exchange Domain Servers account has full control of the Exchange Organization, so it is extremely important to secure membership of this group.
74 Microsoft Exchange 2000 Operations Guide — Version 1.0 operating. In a multi-firewall environment, the firewalls are generally manufactured by a number of different vendors, which can make management issues even more complex.
Chapter 5: Protection Source Destination Service Protocol and port Screened Subnet Internal/Private Network HTTP TCP 80 Screened Subnet Internal/Private Network RPC EP Mapper TCP 135 Screened Subnet Internal/Private Network KERBEROS TCP UDP 88 Screened Subnet Internal/Private Network LDAP TCP 389 Screened Subnet Internal/Private Network NETLOGON TCP 445 Screened Subnet Internal/Private Network DSAccess (GC) TCP 3268 Screened Subnet Internal/Private Network TCP High Ports TCP
76 Microsoft Exchange 2000 Operations Guide — Version 1.0 You are likely to be protecting against viruses at several levels. These may include at the firewall level, outside or at the SMTP Gateway, at each Exchange Server and at the client level. You should of course bear in mind that non e-mail bound viruses can affect Exchange, so all your servers running Exchange should be protected against viruses in the same way that clients are.
Chapter 5: Protection 77 In some cases you will receive a warning about a new virus before an update to your antivirus software is proposed. The first thing to do here is to verify that the virus is genuine. Many problems are in fact caused by hoax virus notifications. Ensure that the virus is a genuine problem by checking with your anti-virus vendors.
78 Microsoft Exchange 2000 Operations Guide — Version 1.0 Blocking Attachments at the Client One of the best ways of protecting against virus infection is to block particular attachments from running. Attachments may be blocked at the server level, but they may also be blocked at the client. You can install a security patch on Microsoft Outlook 98 and Outlook 2000. This patch is built into Outlook 2000 Service Release 2 and Outlook 2002 (a component of Microsoft Office XP).
Chapter 5: Protection File Extension File Type .msp Microsoft Windows Installer patch .mst Microsoft Visual Test source files .pcd Photo CD image, Microsoft Visual compiled script .pif Shortcut to MS-DOS programs .reg Registration entries .scr Screen saver .sct Windows script component .shb Shell Scrap object .shs Shell Scrap object .url Internet shortcut .vb VBscript file .vbe VBscript encoded script file .
80 Microsoft Exchange 2000 Operations Guide — Version 1.0 Disaster Recovery Procedures Chapter 2, “Capacity and Availability Management,” examined ways of minimizing system failures. As mentioned there, to reduce overall downtime you need to look at how frequently a system is down, alongside how long it takes to bring a system back up again. For more information on Availability Management, refer to Chapter 2.
Chapter 5: Protection 81 Your servers running Exchange will potentially consist of multiple stores and storage groups. When backing up stores online, your backup utility will ensure that the appropriate .stm, .edb and .log files are backed up. Although you can back up stores individually, you should back up storage group by storage group. Each store within a storage group is backed up in series, one immediately after the other.
82 Microsoft Exchange 2000 Operations Guide — Version 1.0 The metabase changes frequently during routine Exchange operations, so you should back up your metabase as often as you back up your server running Exchange. Successful backup of the metabase will prevent you from having to reconfigure settings when restoring the server.
Chapter 5: Protection 83 Restoring To ensure a swift restore of Exchange 2000, you will need the following items: ◆ Available Hardware. ◆ Microsoft Windows 2000 Server and Exchange 2000 Server software, plus any appropriate service packs and hot fixes. ◆ Any other required Microsoft or third-party software. ◆ Full drive backups of the system drives and other logical drives where critical applications or data are installed. ◆ System state backups. ◆ Exchange database backups.
84 Microsoft Exchange 2000 Operations Guide — Version 1.0 Once again, you would be advised to define your SLAs so that mailbox recovery is not possible outside the period of time you specified in the Administrator program. While mailbox recovery is possible outside of this time span, dependent upon your backup software, you may have to restore an entire Exchange database to a server in a different Windows 2000 forest to get the appropriate missing mailbox.
Chapter 5: Protection 85 Full Exchange Server Recovery In any area where a server running Exchange is liable to fail, you will need hardware to perform the restore. Lack of redundant hardware can often be the most significant factor in downtime resulting from a full server failure. If you standardize your hardware for each Exchange 2000 server role, you can significantly reduce the number of standby Exchange 2000 computers required, and make recovery more of a standard procedure.
86 Microsoft Exchange 2000 Operations Guide — Version 1.0 However, this does not mean that an Active Directory failure makes Exchange 2000 completely unusable. You should be able to recover an Exchange Organization, provided you have access to information about the Exchange configuration, including the Exchange storage group and store names for each server, plus a key item, known as the legacyExchangeDN attribute for each administrative group.
Chapter 5: Protection 87 In training your staff, you should note that restoring to another online server while the first is online is a very difficult procedure to the majority of disaster recovery procedures, because you have to recover to a different forest under those circumstances. The best way to simulate the type of restore you may have to perform in an emergency is using a test network that is completely separate from the main network.
6 Support Introduction The more you can do with a product, the more you can do wrong. Exchange 2000 Server is an extremely diverse and complex product. If you use Exchange to its full potential, you will be exposing more functionality to your users than ever before, thus creating more and tougher challenges for the support environment than ever before. To offer effective support to an Exchange 2000 Server environment, you first need to define what is being supported.
90 Microsoft Exchange 2000 Operations Guide — Version 1.0 Providing Support for End Users It is likely that almost everyone in your organization will be an e-mail user. All of those users may require support at some point in time. In most environments, it is critical to maintain service as much as possible to all users. A single user without e-mail may cost the organization large amounts of money and present the organization in a bad light to any outsiders who want to e-mail that user.
Chapter 6: Support 91 ◆ Server hardware problems (servers running Exchange or domain controllers) ◆ Server connectivity problems (to domain controllers, other servers running Exchange or the Internet) Educating your users is one of the key ways to reduce support costs. If users know how to use their clients efficiently and effectively, they will need to contact the Service Desk much less frequently. This results in fewer Service Desk incidents and reduced costs.
92 Microsoft Exchange 2000 Operations Guide — Version 1.0 number of protocols supported. For example, you may choose to only support OWA as the means of access outside the firewall. Not all of these problems are necessarily client issues. End users will be directly affected by problems at the server level. The main difference is that client issues generally affect small numbers of users, whereas server issues normally affect larger numbers of users.
Chapter 6: Support 93 Dealing with User Problems You must have a mechanism for dealing with user problems once they are reported. The first step in this process is to determine the scope of the problem.
94 Microsoft Exchange 2000 Operations Guide — Version 1.0 If individual users have problems, it is generally inappropriate to post update information to the intranet. In those circumstances, you should contact the user directly. If the user’s e-mail client is unavailable, call or send an instant message. However, if only one e-mail client is unavailable, you could remind your users that they can use other clients to access mail.
Chapter 6: Support 95 To help you with Exchange problem management, you should create dependency charts for a number of scenarios.
96 Microsoft Exchange 2000 Operations Guide — Version 1.0 Do not simply rely upon your own knowledge base. The Microsoft Knowledge Base (available with TechNet or on http://support.microsoft.com) is a very useful record of support issues that have been encountered by Microsoft.
Glossary Access Control Entry – ACE An object such as a user or group that is present on an Access Control List. Access Control List – ACL A description of security permissions applied to an object, property, or resource. An ACL normally includes membership (ACEs) and the associated actions or manipulations that each member can perform on the item. Active Directory The Windows 2000 directory service. This replaces the Security Accounts Manager (SAM) in Microsoft Windows NT version 4.0.
98 Microsoft Exchange 2000 Operations Guide — Version 1.0 ActiveX Data Objects – ADO A programming layer built on top of OLE DB that allows high-level programming languages such as Visual Basic and VBScript to access an underlying data store through a common query language. In this instance, a data store can be Active Directory, the Exchange 2000 store, or a SQL database. Administration group A collection of servers running Exchange 2000 that can be administered as a single unit.
Glossary 99 Ciphers A cipher is a mathematical function for encrypting and decrypting data. It is performed on readable clear text data to convert it to an unreadable version called cipher text. There are four types of ciphers: symmetric, asymmetric, block, and stream Clear item A message that is not encrypted and is thus readable. Collaboration Data Objects 1.21 – CDO 1.
100 Microsoft Exchange 2000 Operations Guide — Version 1.0 Conferencing Management Service – CMS The network service that coordinates the booking of virtual resources for online meetings in the Exchange Conference Service. Each site (not domain) normally has an active Conferencing Management Service to allow fast connection for data conferencing users. Conference Technology Provider – CTP A provider of data conferencing services such as real-time video, audio, and telephony integration.
Glossary 101 Domain controller A server that can authenticate users for a domain. There must be at least one domain controller in each domain within the forest. Each domain controller holds a complete replica of the domain naming context that the server is in and a complete replica of the configuration and schema naming contexts for the forest. A domain controller can be promoted and demoted through the Dcpromo utility. Domain mode An Active Directory domain can be in either mixed mode or native mode.
102 Microsoft Exchange 2000 Operations Guide — Version 1.0 Enterprise See Forest. Encryption Encryption is the mathematical transformation of data from a readable, clear text form, into an unreadable, cipher text form. The transformation generally requires additional secret information available only to the sender and intended recipient. This information is called a key. The key allows the message to be encrypted by the sender, and decrypted only by the intended recipient using the recipient’s private key.
Glossary 103 EXIPC (formerly known as Epoxy) A queuing layer that allows the Internet Information Server (IIS) and store processes (Inetinfo.exe and Store.exe) to shuttle data back and forth very quickly. This is required to achieve the best possible performance between the protocols and database services on a server running Exchange 2000. Conventional applications require the processor to switch contexts when transferring data between two processes. Exchange Server 5.
104 Microsoft Exchange 2000 Operations Guide — Version 1.0 (MMC) snap-in. There is only one policy for global catalog attribute replication in the forest. A global catalog will listen on port 3268 for LDAP queries (that are global to the forest), and port 389, which standard domain controllers use (for local domain queries). A domain controller can be made into a global catalog (and vice versa) by selecting or deselecting a check box in the Active Directory Sites and Services MMC snap-in.
Glossary 105 Messaging service in Exchange 2000 uses a Microsoft published protocol called Rendezvous Protocol (RVP) while IMPP is being ratified Internet Messaging Access Protocol version 4 – IMAP4 A standard-based protocol for accessing mailbox information. IMAP4 is considered to be more advanced than POP3 because it supports basic online capabilities and access to folders other than the Inbox. Exchange Server 5.x and Exchange 2000 both support IMAP4.
106 Microsoft Exchange 2000 Operations Guide — Version 1.0 Messaging Application Programming Interface – MAPI The API that is used by Microsoft messaging applications such as Outlook to access collaboration data. MAPI, or more specifically, MAPI Remote Procedure Calls (RPC), is also used as the transport protocol between Outlook clients and servers running Exchange. Metabase A store that contains metadata such as that used by Internet Information Server IIS to obtain its configuration data.
Glossary 107 OLE DB An Application Programming Interface (API) that allows low-level programming languages such as C and C++ to access dissimilar data stores through a common query language. OLE DB is seen as the replacement for Open Database Connectivity (ODBC). Data stores such as those in Exchange 2000 and SQL Server allow for OLE DB access, which makes application development easier and faster.
108 Microsoft Exchange 2000 Operations Guide — Version 1.0 Public folder tree (also known as public folder root and top level hierarchy – TLH) A collection of public folders created under the same hierarchical namespace. Previous releases of Exchange server used only a single tree (called: All Public Folders), whereas multiple trees can be defined in Exchange 2000. Each tree is a unit of hierarchy replication and can be replicated to one or more Public MDBs. A Public MDB can host only one tree.
Glossary 109 principal (usually with no logon rights) associated with it, and a resource mailbox owner (with their own personal mailbox) is given delegated access to the resource mailbox. Routing group A collection of Servers running Exchange 2000 that can transfer messaging data to one another in a single-hop without going through a bridgehead. In general, Exchange computers within a single routing group have high-bandwidth, resilient network links between each other.
110 Microsoft Exchange 2000 Operations Guide — Version 1.0 SASL Simple Authentication and Security Layer. Defined in RFC2222. Schema The metadata (data about data) that describes the use of objects within a given structure. In Active Directory, the schema governs the type of objects that can exist and the mandatory and optional attributes of each object. Windows 2000 Active Directory has an extensible schema that allows third parties to create their own object classes.
Glossary 111 Site Consistency Checker – SCC (also known as the SKCC) The updated version of the Exchange Server 5.5 Knowledge Consistency Checker (KCC) that works in conjunction with (and is part of) the Exchange Site Replication Service to ensure that knowledge consistency of sites, administration groups and Active Directory domains is maintained when interoperating between Exchange 2000 and Exchange 5.5.
112 Microsoft Exchange 2000 Operations Guide — Version 1.0 System attendant One of the core Exchange 2000 services that performs miscellaneous functions (usually related to directory information) such as generation of address lists, offline Address Books, and directory lookup facilities. T.120 A standards-based protocol used with Exchange Data Conferencing. Clients such as Microsoft NetMeeting are T.120 compatible. User In Active Directory, this is a security principal (a user who can log on to the domain).
Glossary 113 Web-DAV See Distributed Authoring and Versioning. Web Storage System The database architecture in Exchange 2000. Previous releases of Exchange only exposed data such as public folders through MAPI, whereas Exchange 2000 exposes all of its data through MAPI, HTTP, OLE DB and Win32 layers. This means that an object stored in a public folder can be retrieved and manipulated through a Web browser or a standard client with a network redirector.
