Happy Thanksgiving to all my American readers!
While you’re all tucking into turkey, the rest of us are sweating over hot keyboards (memo to self, time to look into laptop’s cooling capabilities) and interpreting the latest missive emitting from the EHLO blog.
In this case, the ever-erudite Greg Taylor goes into print to explain how to publish Exchange 2013 to the Internet using the Threat Management Gateway (TMG). The subject matter might strike you as strange, given that Microsoft announced their intention of discontinuing TMG alongside their other on-premises security products in September. Why therefore bother to go to the trouble of documenting how to use a soon-to-cease product (licenses still available until December 2012) alongside the brand-new-and-sparkling (which can’t be really deployed yet because Exchange 2010 SP3 isn't available yet).
In fact, the Exchange team, in particular Greg Taylor, is simply repeating the advice given at conferences such as MEC and TEC when he pointed out that:
a) TMG is very popular in the Exchange community where it is extensively used as a reverse proxy
b) Microsoft won’t stop mainline support for TMG until April 2015
c) Why worry, be happy, and something will come along that’s much better than TMG by then
QED. Or for those who weren’t forced to ingest Latin at school, something that needed to be demonstrated, in this case the wisdom of continuing to use TMG. And that’s exactly what Greg shows as he explains the publishing rules that are necessary to make the wonders of Exchange 2013 available to the Internet.
But there’s more. Buried in the text are two interesting discussions about new aspects of Exchange 2013. The first is the cloud app model, something that I know you’re all waiting to use as the prospect of being able to consult Bing Maps to find out where the sender of a message is located will bring joy to many. Or so the folks who demo the feature tell us. Greg says that the apps are cool and that’s good enough for me, but I do have a nagging doubt that Bing Maps will be able to cope with the more remote areas of Ireland. I’m sure that they’ll do better than Apple Maps, which insists that an airport is located in a garden close to me, some 25 km from where it should be.
In any case, the new apps need special attention if you want people to be able to use them when connected out there on the ‘net. The great thing is that you now have to create rules that feature values like this:
Path Tab: /firstname.lastname@example.org/*
Another triumph of user-friendly technology can be seen in the values used here!
In reality there’s a good reason why such an obscure value is required. As explained in the article, arbitration mailboxes (first seen in Exchange 2010) are involved, in this case one that is responsible for a persisted capability called “OrganizationCapabilityClientExtensions”. In effect, when you want to use one of the apps, you need to connect to something to have an identity, and that’s where the arbitration mailbox comes into the picture. Exchange 2013 uses quite a few arbitration mailboxes for different purposes. Another recent EHLO post covering how Exchange 2013 manages the Offline Address Book (OAB) reveals how a different arbitration mailbox is involved in storing the OAB files.
When you think about it, it’s pretty natural that an email server might use mailboxes to store stuff. The fact that they’re weird and wonderful mailboxes shouldn’t take away from the fact that arbitration mailboxes reside in a mailbox database and can be moved around like regular user mailboxes. Exchange 2010 uses arbitration mailboxes for a small number of purposes, such as message moderation. Exchange 2013 ups the ante and uses them for more.
And now I have bothered you enough for today, so please return to the remnants of your turkey and enjoy the rest of Thanksgiving.
Follow Tony @12Knocksinna