Management and Monitoring
Remote PowerShell extends PowerShell from servers to client computers so commands can be executed remotely. Set-AddressList Exchange Server 2010 takes advantage Set-AddressList of new PowerShell v2.0 and Windows Remote Management All Exchange management tools are built on Remote PowerShell. Remote PowerShell enables administrators to run Exchange cmdlets on computers without the need to install Exchange management tools.
Exchange Server 2010 High-Level Architecture
Scope (Where) Defines the objects in AD that the Role can act on. For example, the Boston Users OU Boston Users Scope
Role Based Access Control (RBAC)
Role Assignment – The link that holds together the Who, What, and Where. (Where)
Anti-spam and anti-virus filters • Connection Filter • Sender Filtering • Recipient Filtering • Sender ID Filter • Content Filter • Sender Reputation • Attachment Filter • Virus Scanning • Outlook Junk E-mail Filter
Edge Transport Server Role
The Edge Transport server role cannot coexist on the same computer with any other server role. Recommendation: Install the Edge Transport server role on a computer that is not part of a domain. Edge Transport Server Deliver Hub Transport Server
Client Access Server Array (CAS Array)
Serves as a single contact point for all client connections within an Active Directory site. Can include one or many Client Access servers. Each Active Directory site can have a single Client Access server array. Does not provide load balancing. A separate load balancing solution is still needed. Recommendation: Create a Client Access server array even if you only have a single Client Access server.
Role Group (Who) A security group that defines Who gets a specific scope applied to them. For example, the Boston Exchange Admins
HTTP, POP3, IMAP4 Clients
Edge Subscriptions Run once to establish and automatically configure SMTP connectors to route email to and from the Exchange organization and the Internet. Hub Transport Server Active Directory Domain Controller
Exchange Control Panel
Management Tools now include the Exchange Control Panel (ECP). A web-based management console accessed from browsers that have no Exchange client-side software installed. ECP gives users the power to manage distribution lists, track messages, and edit personal information.
Role (What) – Defines what can be done by a set of cmdlets and parameters that can be run.
Boston Exchange Admins Role Group
Edge Transport Server Client Access Server
Quarantine Incoming e-mail Discard Edge Transport Server
Recipient management Manage role groups and role assignment policies
Perform multi-mailbox searches Manage common settings for other users
View account information and manage settings Manage group ownership and membership
Role Based Access Control (RBAC) enables you to control, at both broad and precise levels, what administrators and users can do. RBAC also enables you to more closely align roles you assign users and administrators with the actual roles they hold within your organization. Three ways of assigning permissions: Configuration done using Exchange Control Panel Management Role Groups Dozens of default roles pre-configured and easily customizable Management Role Assignment Policies RBAC is built into all management tools Direct User Role Assignment
Unified Messaging Server
SMTP Receive Connector SMTP Send Connector
Hub Transport Server
Mailbox Server Client Access Server
SMTP Receive Connector DNS MX Record Active Directory LDS Instance
Microsoft Exchange EdgeSync service pushes information from Active Directory to AD LDS instance on Edge Transport server using secure...