Explore enhancements to everything from deployment on Windows Server 2008 to OWA
| Executive Summary:|
Take a tour through one Exchange administrator’s top 12 favorite features in Exchange Server 2007 SP1. In this unusually feature-rich service pack, the number one pick is the ability to install Exchange 2007 SP1 on Windows Server 2008.
Exchange Server 2007 SP1 is an unusually feature-rich service pack. In addition to containing rolled-up information from all previously released updates, SP1 has many new and enhanced features. It was so hard to limit myself to 10 favorites that I’ve decided to cover the top 12 instead. Then I’ll let you in on a few caveats to be aware of before you install SP1. (For more information about Exchange 2007 SP1 features, see the Learning Path accompanying this article.)
1. Installing Exchange 2007 on Server 2008
For ease of deployment alone, the most important new functionality in SP1 is the ability to install Exchange 2007 on Windows Server 2008. To run Exchange 2007 on Server 2008, you’ll need to install Windows PowerShell, and configure Microsoft IIS 7.0. For articles providing detailed information on these tasks, see the Learning Path.
You need the full version of Server 2008 to install Exchange 2007 SP1; you can’t use the Server Core version. Because installation of Exchange 2007 RTM isn’t supported on Server 2008, you must use a fresh installation of Exchange 2007 SP1, the non-upgrade version. The Exchange 2007 SP1 package contains the full Exchange installation, so it can be used for fresh installations. An upgrade from Exchange 2007 RTM to SP1 is possible only on Windows Server 2003 SP1 or later, but keep in mind that it's not possible to uninstall Exchange 2007 SP1 after it's installed. The only way to remove Exchange 2007 SP1 is to perform a full reinstallation of Exchange 2007 RTM.
2. IPv6 Support for Exchange Services on Server 2008
When you install Exchange 2007 SP1 on Server 2008, you can use IPv6 as a default protocol for Exchange. You should also enable IPv4 on your Exchange server, otherwise IPv6 won’t work. Implementing IPv6 can affect the functionality of some Exchange components. For example, Unified Messaging (UM), Sender reputation, IP Allow list, and IP Block list providers won’t work at all with IPv6, and some other components such as Send and Receive connectors might be partially affected. I strongly recommend that you become very familiar with IPv6 and its effects on Exchange 2007 before starting to use it. For more information about IPv6 and Exchange 2007 SP1, see the list of articles in the Learning Path.
3. Standby Continuous Replication
Exchange 2007 RTM introduced two new concepts of redundancy—local continuous replication (LCR) and cluster continuous replication (CCR). With SP1, you get one more—standby continuous replication (SCR).
Continuous replication provides data availability and redundancy by letting administrators enable and maintain online a second copy of each mailbox database. If a database fails, a database copy can be activated (automatically in CCR, manually in LCR) and turned into a production database within minutes. This wastes much less time than locating a backup tape in order to restore data. However, both LCR and CCR have some limitations. LCR is intended for use on only one server, with separate hard disks for database copies. This isn’t full redundancy because all the other hardware on the server could still fail; only the disks are redundant. CCR uses two servers to hold a copy of the Exchange database in active/passive clustering. However, these two servers must be on the same subnet (this requirement doesn't apply if Exchange is used on Server 2008), and you can’t have more than one passive copy.
SCR opens up new possibilities for creating a high-availability messaging system by allowing the use of standby recovery servers at another site (site resilience). SCR uses the same log shipping and replay technology used by LCR and CCR, but with two important differences: You can create more than one replication target per storage group, and you can specify the delay time for replication. This means that transaction logs won't be replayed immediately on the passive copy. Instead, they’ll replay after the period of time you specify, which gives you the option to delete them if necessary and keep the passive copy clean. SCR lets you use continuous replication to replicate Mailbox server data from a standalone Mailbox server or from a clustered Mailbox server in a single copy cluster (SCC) or CCR environment. With SCR in SP1, the ability to create additional copies of each database means that high availability and site resilience are not mutually exclusive—you can have both. For more information on how to implement SCR, see the Learning Path.
4. CCR Improvements
In Exchange 2007 RTM, seeding of the replica database (as well as transaction log copying) occurs over a public network; this situation changes slightly in Exchange 2007 SP1, which lets you create one or more mixed networks in the cluster. A mixed network is a cluster network that supports both internal cluster heartbeat traffic and client traffic for log shipping. SP1 also enables you to specify a specific mixed network to use for seeding.
SP1 includes the new Manage Clustered Mailbox Server wizard in the Exchange Management Console (EMC), which you can use to move clustered mailbox servers, and there are a few improvements to monitoring and reporting in CCR environments. If you’re worried about performance in CCR, you should know that SP1 brings I/O reductions on the disks containing passive copies of storage groups in continuous replication environments. Also, you can expect faster moving of clustered mailbox servers between nodes.
5. ActiveSync Policies and Direct Push Improvements
Compared to Exchange 2007 RTM, SP1 has many more configurable options for mobile users. Every user now has the default mobile policy assigned. You can modify the default policy to change the settings for all users or create new policies for subsets of users. Also, every policy you create can be selected as the default, which means that it’s applied to all users who don’t already have an explicitly assigned policy. These policies give you much more control of mobile devices. You can control hardware usage (e.g., Bluetooth, camera, storage card), as well as control application usage on Windows Mobile (WM)–based devices using the Default Properties dialog box Device tab, shown in Figure 1. SP1 password policies for mobile devices are much more detailed than in the RTM version, and SP1 provides a set of options for configuring ActiveSync features on the mobile device. Unfortunately, current WM 6.0–based devices can’t take advantage of most of the new options. You’ll have to wait for WM 6.1. However, these new policies for mobile devices will make them much more manageable.
SP1 also has improved Direct Push synchronization, which reduces the amount of traffic needed to keep the HTTPS connection between client and server. Also, the synchronization uses better compression, so Direct Push should use less bandwidth.
6. Management Consoles for Public Folders, POP3, and IMAP4
You manage public folders only through Exchange Management Shell (EMS) in the RTM version of Exchange 2007. SP1 brings you a graphical console interface for public folders. The new Public Folder Management Console (shown in Figure 2), located in a toolbox node of EMC, allows you to view all current public folders, create new ones, and manage some basic settings. The new Exchange Public Folder Administrator role in SP1 gives you tight control over distributed administration.
In Exchange 2007 RTM, you can manage POP3 and IMAP4 protocols only via PowerShell. SP1 provides a GUI for these two protocols in the Client Access role in the Server configuration node. The available set of options for these protocols is similar to the options in Exchange 2003.
7. Send As and Full Access Permissions Management
In Exchange 2007 RTM, to delegate permissions you have to configure advanced security permissions on a user account. SP1 simplifies the process—you right-click a mailbox in EMC, choose either Send As or Full Access permissions, and then select the user from AD to whom you want to delegate these rights. If you grant yourself Full Access to someone’s mailbox, you can open it with no limitations by using the additional mailbox feature in Outlook or in Outlook Web Access (OWA). Figure 3 shows the Manage Full Access Permission Wizard. By granting Send As permission to someone’s mailbox, you’ll be able to enter that user’s mail address in the From field when you send a message. Because these new features are now very easily accessible through EMC, you should be very careful in granting administrative rights.
8. Remote Wipe Confirmation
In the Exchange 2007 RTM version of OWA, if a user executes a Remote Wipe from an OWA interface, there’s no response indicating whether the command completed successfully. In SP1, a confirmation message is sent acknowledging the Remote Wipe request. When users make the request from OWA, they receive a confirmation email message. When the administrator uses EMC or EMS to issue the request, both the administrator and the user receive a confirmation email message. So now, if a device is lost or stolen, you can destroy your data and receive verification. Or, you can cancel Remote Wipe if you have issued it by mistake.
9. S/MIME Support in OWA and WM 6.0
With Exchange 2007 SP1, you can download and install the S/MIME control and use it in OWA to send digitally signed or encrypted messages, as well as open incoming messages of that kind; Figure 4 shows the E-Mail Security Options page. The S/MIME feature is supported only for OWA Premium users running Internet Explorer 7.0. Users of mobile devices running WM 6.0 can now send and read digitally signed or encrypted messages from their mobile devices, which wasn’t possible before SP1. To use signing and encryption on a mobile device, you must first install your personal certificate and configure ActiveSync to use it. Be aware that digital signing and encryption can affect the performance of your mobile device.
10. Public Folder Access in OWA
Although Microsoft wanted to make customers stop using public folders and use Microsoft Office SharePoint Server (MOSS) services instead, response was slower than expected. In Exchange 2007 RTM, Web access to public folders is missing, but you can use a local SharePoint server from OWA. In response to customer requests, access to public folders in OWA is back again in SP1. Now users can either browse through public folder structure using the OWA interface or access internal SharePoint sites. However, no administration of public folders is allowed via the OWA interface.
11. Manage Personal Distribution Lists, Folders, and Rules in OWA
Exchange 2007 SP1 lets users create and manage personal distribution lists (DLs) in the OWA interface, just as they can in the full version of Outlook. Move and Copy commands have been added to the OWA UI, allowing users to move and copy folders (and messages) by right-clicking them and choosing appropriate options. Moreover, managing of server-side rules is also included, so now you can use the same set of rules for message management in both Outlook and OWA; Figure 5 shows the rules. However, proceed with caution because in some scenarios, when you’re managing rules in Outlook and in OWA, rules can be deleted.
12. Monthly View in OWA Calendar
The monthly view feature was mysteriously missing from Exchange 2007 RTM, so users were limited to the daily and weekly view in their calendars. In SP1, it's back, so you can enjoy a full-featured calendar in OWA.
Before You Install SP1
Now you’ve seen my favorite features in SP1, but the picture would not be complete without giving you the caveats I’ve found, as well. So here are my recommendations.
Before beginning an SP1 installation, make sure to complete all previously started roll-up package setup procedures. Otherwise, SP1 will not install. Setup will also fail if you’ve changed the Fully Qualified Domain Name (FQDN) of the default Receive connector (on a Hub Transport server); you need to change it back to the default value (FQDN or NetBIOS name of server) before starting the setup procedure for SP1. Many administrators change the default FQDN of the Receive connector to represent the public name of the Exchange server instead of the internal one.
If you’re using Forefront Security for Exchange Server, you’ll want to update it for Exchange 2007 SP1 support. Make sure that Forefront services are disabled during the upgrade process. System and technical requirements for SP1 are the same as for Exchange 2007 RTM.