The release of updates for the Microsoft Exchange Deployment Assistant (EDA) to cater for the latest versions of Exchange 2010 and Exchange 2007 and the changing technical landscape (all explained in the EHLO blog) is very welcome. Generally I am a big fan of anything that helps to guide the deployment of technology in an intelligent manner and it’s good that Microsoft devotes the necessary resources to keep EDA updated.
The caveat of course is that the recommendations generated by any tool have to be taken with the proverbial grain of salt. The recommendations are based on solid research and knowledge of best practice, but the very nature of any tool that attempts to understand the problems facing human beings is a total lack of context. In other words, the tools work extremely well in certain circumstances but less well when faced with some of the edge conditions facing administrators in the real world. For this reason, it’s absolutely essential that anyone who runs EDA takes the time to assess the output in the context of the company’s business requirements and operational environment for email.
I also note the release of the first version of EDA for Exchange 2013. By necessity, this version is limited to greenfield deployments and hybrid connectivity with . Without CU1, no deployment can occur alongside Exchange 2010 and Exchange 2007 servers, so EDA doesn’t attempt to cover these scenarios. As the EHLO post says, “These additional scenarios will be added in the coming months.”
On another topic, when browsing other articles on different web sites, I came across Steve Goodman’s commentary on using PinPoint DNS with Exchange. The recommendations offered in the article make eminent sense, if only because a decision by the CA/Browser Forum will implement “new standards for certificate issuance, stating that no certificate will be issued with an invalid top-level-domain expiring after November 1, 2015” (if you’re interested in the full logic behind the decision, you can download the forum’s document on “Guidance on the Deprecation of Internal Server Names”). The net effect of the decision by the CA/Browser Forum (including Microsoft) is that you can no longer buy three-year certificates that contain internal names (those not published to the Internet), which then brings the question of how to plan to secure client connections for Exchange deployments.
Split DNS is the classic solution for the problem of presenting different DNS names to external connections and internal connections. Split DNS obviously still works, but I very much prefer the precision and clarity of the PinPoint solution. Having just a single set of names for services such as Autodiscover and ActiveSync sounds like an excellent approach. Once DNS is configured properly, it will take care of everything. I had dinner with Steve and a number of other MVPs in Bellevue at the recent MVP Global Summit. Steve said then that he wrote articles late at night, almost for relaxation. Sounds good!
Also at the MVP Summit, I sat down with Richard Campbell, the avuncular host of RunAs Radio and recorded a chat about Exchange 2013 and the current state of play. The program is now available for download on the RunAs Radio site. Although it lasts 36 minutes, it really was just a chat between two friends – almost like a discussion about technology in the pub. I do hope its content is somewhat better than most pub chats…
Follow Tony @12Knocksinna