270 likes | 296 Views
Learn about University of Wyoming’s issues and solutions migrating from Exchange 2007 to Exchange 2010, including architectural changes, early adoption challenges, authentication protocols, load balancer configuration, and more. Find out about Colorado State University's reasons for migration, prep work, and migration steps.
E N D
Migrating Exchange 2007 to Exchange 2010 Robert Morrison Mark VanScoyk University of Wyoming Westnet, January 2012
Exchange 2010 architectural change “Unlike previous versions, clients no longer connect directly to the Information Store on the Mailbox server role to access mailbox data. Instead, clients connect to a set of services on the Client Access server (CAS) role and services within the CAS role access mailbox data using MAPI/RPC from the Mailbox server on behalf of the connecting user. This architectural change provides many benefits, including: • A common code path for different client types for message body content conversion. • Data validation logic. For example, calendar versioning which is used by the Mailbox Assistant, the Calendar Repair Assistant. • Compliance features like Single Item Recovery or Legal Hold. • Better client experience during switchovers/failovers by obfuscating the Mailbox server hosting the active mailbox database copy. • A unified interface for Address Book-related data.”
UW issues encountered … Essentially all problem/issues encountered by UW were due to early adoption!
UW conversion issues Primary conversion issues encountered at UW related to: • Exchange 2010 ‘architectural changes’, • Changes in supported authentication protocols (NTLM), • Being an early adopter of Exchange 2010 • Client Access Service (CAS) Mac redirect to Exchange 2007 servers • NTLM authentication for IMAP client • Load balancer configuration Note: Load balancers are recommended for supporting multiple CAS servers (which are required for capacity and redundancy purposes)
Client Access Service (CAS) Mac redirect to Exchange 2007 servers • Like most upgrades, the challenge was to implement Exchange 2010 while keeping Exchange 2007 functional • First step was to point “uwmail.uwyo.edu” (used for OWA/IMAP/POP) to 2010 CAS servers and have new CAS servers redirect clients to Exchange 2007 servers during the conversion process • CAS server redirect for Macs (Mac Mail and Entourage) did not work • Ended up hand configuring all Mac clients
NTLM authentication for IMAP client • Numerous UW IMAP clients were using NTLM • ”NTLM isn't supported for POP3 or IMAP4 client connectivity in the RTM version of Exchange 2010. Connections from POP3 or IMAP4 client programs using NTLM will fail” • UW resolved this by hand configuring IMAP clients to use either Basic or Kerberos authentication • Microsoft (since UW conversion) added NTLM support for IMAP (SP1)
Load balancer configuration • UW uses F5 load balancers • A large amount of tuning & configuration was required to resolved Exchange performance issues when using the load balancers • Today, F5 has better tools and configuration wizards to address problems UW experienced
Other possible issues … • UW no longer supports Outlook 2003, so this was not an issue at UW. However, numerous sites have reported issues with supporting Outlook 2003 on Exchange 2010. Microsoft continues to address this problem and additional support was added in Exchange 2010 SP2. • Note: Kerberos for MAPI authentication is complex in a load balancer environment and requires changes to Active directory, the Exchange servers, and load balancers. UW decided the extra complexity was not worth the effort and continue to use NTLM for authentication of MAPI clients.
Substantial attention is also required for properly sizing and redundancy Some references for sizing and redundancy: • http://technet.microsoft.com/en-us/library/aa996719.aspx • http://technet.microsoft.com/en-us/library/dd346700.aspx • http://technet.microsoft.com/en-us/library/dd346699.aspx • http://technet.microsoft.com/en-us/library/ee712771.aspx • http://technet.microsoft.com/en-us/library/dd346701.aspx
Exchange 2010 Migration Scott Baily Colorado State University Westnet
Reason for Migration • Database Availability Groups (DAGs) are superior to Single Copy Cluster (SCC) • Improved OWA experience – Better feature set for Safari, Firefox, and Chrome • Exchange 2007 hardware was EoL Westnet
Prep Work and Testing • When transitioning from Exchange 2007 to 2010, all server roles must be maintained in both environments. • Bringing up a new 2010 server (running the Client Access role) can be disruptive! • Set up sandbox – practice, test, document, repeat • Maintain web page with known issues, workarounds, etc. Westnet
Our Migration Steps • Installed and configured 2010 CAS • Pointed OWA to Exchange 2010 CAS servers • Ensured 2007 CAS servers remain accessible • Installed 2010 Hub Transport Servers • Installed 2010 UM Servers • Installed 2010 Mailbox Servers, DAGs • Migrated ACNS staff accounts to 2010 • Migrated campus IT staff to 2010 Westnet
Migration Steps (Cont’d) • Scripted process to migrate users in batches of 200-500 overnight • Results in ~15 minute “outage” per mailbox • Smaller “batches” limits daily support calls • Notified users the day of the move, and sent confirmation email once completed • Completed migration over 3-week window • Migrated Exchange resources (rooms, equipment, and shared mailboxes) Westnet
Exchange 2010 Hardware Specs In two locations, behind F5 load balancers: • 4 HP Blade mailbox servers (physical, 48GB memory), 2 Client Access servers (VMs), 1 Hub Transport server (VM), and 1 Unified Messaging server (Physical) • HP JBOD disk arrays (SATA, 7200RPM, 500GB drives), direct SAS attach through HP BladeSystem SAS switches • Disk performance seems fine Westnet
Gotchas #1 Problem was client connectivity issues – specifically Mac clients and older versions of Outlook In most cases, the resolution involved documenting the known issues and working with users and departmental IT support staff. Westnet
Gotchas (Cont’d) • At the time of migration, F5 documentation was poor, resulting in configuration errors and ultimately connectivity issues. Westnet
Gotchas (Cont’d) CSU runs Forefront Protection on the Hub Transport role. Performance improved greatly by separating the Client Access and Hub Transport roles, running each on dedicated servers. Westnet
Questions • Are most welcome • But hard questions will be answered later by our Exchange gurus ;-) Westnet
Exchange 2010 upgrade Dave Packham
Some of the why’s • 1: Legal hold • 2: Multi mailbox search • 3: Exchange Control Panel • 4: Database availability groups • 5: Database-level failover • 6: Voice mail transcription • 7: Call answering rules • 8: Personal archive • 9: Retention policies • 10: Role-based access control
Other Things we are doing • NetApp appliances for 120tb of storage • SnapDrive backups. • Single Item Restore from snaps. • ALL VMware • ALL new hardware 10g+8gFC • Integration with Avaya and Lync for presence • Unified Messaging
Exchange Calculator • DOES NOT WORK. • Even MS could not get it to work well. • HP’s calc was better… but was tied to HP hardware
Gotchas • SG's to RBAC • NetApp snapshots killing disk and stopping hubs write cache • ECP diffs • RBAC • Larger or smaller DB's • DAG config • Multiple AD’s pain • Migrations does not move Dumpster • ActiveSync devices need to re-discover • Hidden rules corrupted “Auto-Accept” makes email go to deleted