Journey To My First Twenty Push-Up Per Set – Not Microsoft Exchange :P

Push-Up (or Press-Up)  are now one of the favorite exercise during my workout & you know what it really helps in building the upper body especially the shoulder / triceps & chest.

As a beginner it was damn hard for me to be consistent or even do 1 perfect push-up, it started with day 1 at gym where I did around 12 push-up in set1 but then the number went on reducing back as well the sets.

Below is the account per day and the number of push ups done during my initial day of work out, wanted to experience and document how the journey takes make first 20 push- up per set.  Check out my first 20 push-up video uploaded on you tube.

Week1

Day 1 – Awesome 12 push-up (but then after workout while going back home couldn’t control while walking the body was tight)

Day 2 – Couldn’t do a single push up as the arms were jammed & in fact couldn’t raise up my hands, it was troubling me to even wear my upper clothes especially T-shirts.

Day 5 – Trying had every day for a single push-up, the moment I used to start after going down, used to feel so much pressure on arms & then couldn’t get up back.

Day 6 – Not even a single push-up till this day coz I could still feel the pressure on arms

Day 7 – It was recommended by the trainer to take rest & not required to do work out. I tried to do practice at home if I could achieve one but still failed.

Week 2

Day 8 – Still trying hard but can’t pull up once I go down

Day 10 – Still practicing but no nope

Day 13 – Not yet even a single perfect push-up :(

Day 14 – Sunday – No hope even after trying hard for this two weeks. I was feeling very ashamed and frustrated thinking what’s happening I can’t even do one?

I’ve seen people doing 20-25 push-up per set on floor and am struggling for one? Used to think what people around might be thinking as am failing to do.

Week 3

No going to gym coz had to travel outstation officially for work but at the same time had informed my trainer for guidance what to do & got some tips.

Tips was to take support of legs for the push-up & I liked this idea :P

Day 16 – Started with leg support and managed to do 10 half push-up

Day 18 – Day by day sincerely practicing progress in to 10x 2 sets

Day 20 – Practicing till weekend but still not a single perfect push-up but at the same time progressed in half push-up 15x 3 sets.

Day 21 – Sunday – traveling back home and couldn’t practice but was waiting for Monday back to gym.

Week 4

Day 22 – Did warm up and felt strong. Did one perfect complete push-upsmile on my face :) finally I did it, you see nothing is impossible as one thinks.

Day 24 – 4 complete push-up, couldn’t control my smile as had lost hope if I could even do more than 1. Gladly used to tell my colleagues and trainer on my progress :D

Day 26 – 7.5x set1 complete push-up & 4x set2

Day 27 – 8x set1 complete push-up & 3x set2/set3/set4

Week 5

Day 29 – Monday / 10x set1 complete push-up, 8x set 2 & 7x set 3

Day 30 – 11.5x set1, 8x set2 & 7x set3

Day 34 – 14x set1, 11x set2 & 10x set 3

Week 6 & It goes on…

Day 40 – 15x set1/2 & 14x set3

Then onwards it became consistent and I like got addicted, doing it double not only during workout timings but also getting up early before going to office.

No excuses of not doing the push-up rather I did it even when I was traveling wherever I got chance to do like late evening while am in the waiting room of train station(Howrah) or inside Airport(Bhubaneshwar) just before the boarding pass was issued :P didn’t care about the public audience & to my surprise few people were staring at me and some came up to me for tips to know the benefits and how to do :D

Later then and now the number of push-up have been increased drastically and at least feel proud whoever are doing workout at gym, am doing somewhat equivalent to them and I do total around 90-100 push-up per day.

It took me 6 to 7 weeks to do 20x set1 and total 90-100 push-up per day & thought why not make a video for remembrance and hope it inspire/motivate others

I cannot thank enough for the support and guidance I got from my trainer where I feel proud to mention their name here below.

Awesome Guys – Sanjay Kunchikorve / Asif Ansari & Sunny Gupta.

 

Posted in Personal | Leave a comment

A Walkthrough – Data Loss Prevention in Microsoft Exchange Server 2013

Introducing Data Loss Prevention – Microsoft Exchange Server 2013

Let me start with the objective of Data Loss Prevention in Microsoft Exchange Server 2013(also called The New Exchange – a cloud centric messaging version) is to prevent accidental data loss sent by an email. It educates both end-users (using policy tips alert so that the confidential data isn’t leaked by accident) and Exchange administrator (make understand what risk organization carrying and how to mitigate)

I’ve scanned/read through the TechNet, TechEd (Videos), and also some Expert’s blog, to my experience it’s a wonderful feature that is gradually meeting the business needs to protect accidental leak of data via email (alone).

Who should plan or think of implementing DLP? –  Ask yourselves and let me help you too.

IMHO organization banking sector, financial institutes, any other firms which are strict towards following, implement regulatory and compliance with regards to email security.

Do you suspect there might be a leak in your email transaction with regards to any financial data like SSN, Credit card details, IP Address, your permutation and combination what comes to your mind which contains in the email body as text?

Also there might be a chance of accidental confidential data loss when a user sending email to internal or external recipients when he/she didn’t intended to do so – LOL,  whatever the user justification is.

No worries – we’ll see how it can be prevented & protected.

What are the prerequisites?

  • Microsoft Exchange Server 2013 On-Premise / Office 365 / Hybrid supported, lower versions mailboxes the DLP policies aren’t applied.
  • It requires Enterprise CAL license
  • Its goanna work with Outlook 2013 alone as a whole functionality depends (policy tips in particular as compared to lower versions of outlook which is not available).
  • The DLP rules although will work via Outlook 2007 but will lack the policy tips as feature.

Any Advantages?

  • Of course users will not be able to send out confidential data accidently via email
  • Exchange Folks can now analyze/track the no. of emails transaction and can build a report what are the confidential email transacted as per the company compliant policies. This is in turn knowledge and to make themselves aware how users are meeting the compliance of the organization.
  • Users are educated with the help of policy tips if they were accidently trying to leak confidential data and based on the rules to allow user to override or completely block.
  • You can double secure by implementing ADRMS and integrate with DLP transport rule as used in the legacy (talking about simple transport rule) version.
  • Even if the Outlook 2013 is in cached mode or offline the policy tips are still applied as the templates gets downloaded from the server once in a day (24 hours) to outlook as they are reachable. We can control whether to push the policy to clients or not from the server side once in a day which is scheduled by default & hard-coded (can’t be alerted).

And Disadvantages if any?

  • The policy tips only works with Outlook 2013 and not even in OWA 2013
  • The policy templates are limited as per the region/local countries and need to make one customizing as per the business needs.
  • Need to check with Third party vendors for policy templates if any vendor meets their org’s business requirement – you can make your own if you know how to.
  • Implemented DLP on Exchange online the reports are not exported in CSV

Can I compare DLP with other vendors in the market – Oh please don’t do so – IMO.

I tried initially to check with other vendors just to research as they got the same feature so called “Data Loss Protection” but you know what they will WIN-WIN. They not only have the feature alone but as whole suite like ENDPOINT / GATEWAY / NETWORK / STORAGE protection what IMO sounds good and involves great investment & add s complexity (Meaning additional stuffs to manage) to your environment.

There are vendor who are specializing individual product and in no means you should be surprised or attracted towards feature like the content detection engine/functionality one of the areas where I got impressed. MS has just began using DLP in Microsoft Exchange 2013 and has a long way to go. Also FYI the other vendors too have drawbacks when it comes to comparison with Exchange DLP the one alone which has a direct integration of Outlook 2013 with Exchange 2013 and managing under the hood using common EAC console.

Why DLP and not Transport rule? – Here is a bit more of technical and might be of an interest to Exchange Folks.

If I start writing it won’t end & TechNet is the right source to deep dive more precisely and consulting MCS or people who are Exchange Experts. I will highlight some of the important points which makes sense to know at this moment.

Although it is built on Transport rule which is also very similar to Outlook rules as well, DLP is more intelligent which not only detects the keywords but also reads the attachments which might contain the confidential data. It works with Transport rule initially and then starts its intelligence by detecting contents and attachment to match the policy templates used of in-built/custom or imported by third party vendor as per the business compliance. It not only helps in protecting the data but also helps administrators understand the level of risk the organization is carrying.

By implementing DLP administrator not only can alert end-users with policy tips in Outlook 2013 and prevent(sure you can also configure override setting) data leak accidently but also capture no. of incidents happened, track who sent the emails and how many times it was based on the policy template settings. You then have auditing which is nothing but sending the incident report to the configured user/group to check exactly who it matched the policy templates for example detecting the credit card numbers mentioned in the message body/attachments, the matched policy name, the values it found like 5432 XXXX XXXX XXXX (now X equals to some number). Now here is the great deal what if the user entered 1111 XXXX XXXX XXXX, the DLP is so smart that it knows the credit card numbers will never start with 1 and hence it will not prevent the user to send email. You can develop your own template to make such intelligence to search and detect.

You can simply implement DLP rules to some users in test mode doing which users are not aware of the tracking and auditing done at the transport level and later can enforce the same. You could also export the statistics in to csv to create reports and dashboards.

May I know how it works now?

It works again as mentioned above on the transport rule with additional detection mechanism based on the policy template which are classified, the available rules and configured with.

The templates are nothing but the xml files which can be also encrypted, there will be some if you got from some vendor or make your own.

There are already lot of information available on the TechNet, EHLO, Exchange Online & by the Experts how to configure step by step and it’s working with description of which I cannot see much better than those for your reference.

I would recommend you all to go through & read the links as it contains valuable information on DLP with Microsoft Exchange 2013

Hope it was informative.

Posted in Exchange Servers | 1 Comment

Single Sign On using MS Directory Synchronization Tool – Enabling Password Sync

It all started with designing Hybrid project for one of my client where I was supposed to plan for single sign on and longtime back there was this feature extended to DirSync tool called as “Enable Password Synchronization” which came to my mind.

I was planning to use ADFS for single sign on but soon realized to use the feature of DirSync and minimize the complexity and cost of implementing ADFS on-premise.

Below are some important points need to look at and consider while you design for SSO as it helped me to focus.

Prerequisites:

  • Make sure at least you have Office 365 Midsize Business subscription plan to integrate on-premise AD with azure AD on cloud.
  • DirSync tool version must be at least minimum 6382.0000 and above to sync password from on-premise to azure AD on cloud.
  • Make sure you have enabled DirSync feature first via portal before enabling password sync feature on-premise @DirSync tool.
  • Network connectivity and credentials with appropriate permission is required to sync password using DirSync tool from on-premise to azure AD on cloud.

Important points to note:

  • Additional security is applied to the hash value of the password before it leaves on-premise and synchronizes to azure AD on cloud
  • Password sync is one way from on-premise to azure AD cloud and cannot be reversed vice versa except the write-back attribute with the help of two way synchronization feature.
  • Password synchronization frequency differs from actually AD object replication (which can be scheduled) from on-premise to azure AD on cloud further to which it gets overwritten.
  • All users’ passwords are synchronized to azure AD on cloud using DirSync tool and you cannot explicitly define which user’s passwords to synchronize.

How it works:

So what happens when you actually change the password of a user in on-premise having DirSync tool with password sync enabled.

  1. You change the password of the user
  2. The password sync feature detects any changes and synchronizes the changed password, within a minute.
  3. If the password sync was not successfully due to connectivity (or any other) issues the sync feature will again try automatically for the same user.
  4. If there is any error during synchronization for sure it will log an event ID and so that we can troubleshoot further to why it has failed
  5. Once the password is successfully synched to azure AD on cloud the online users will be able to login on to their mailboxes without any issues and the experience is seamless as both the on-premise and cloud azure AD has unique credentials.

 

Hope it was informative.

Posted in Exchange Servers | Leave a comment

Sometimes, In My Heart A Feeling Emerges….Microsoft Exchange

If you ever loved Music and Microsoft Exchange…

Kabhi Kabhi Mere Dil Mein Khayal Aata Hai

I feel like a plane on a runaway about to lift off
I feel like an ocean so deep, deep as my love

You should know that it’s you that I’ve chosen
and I’m ready to give you my all
Yes I’m right open Come and get, come and get it.

You know that I could be.
The one that makes you complete
‘Cause I’ve fallen head over heels, and you’re the only one.

Kabhi Kabhi Mere Dil Mein Khayal Aata Hai
K Jaise Tujhko Banaya Gyaa Hai Mere Liye (2)
Inspired by – http://tinyurl.com/KabhiKabhi

Posted in Exchange Servers | Leave a comment

Deep Diving with Mail Routing Scenarios – Microsoft Exchange Server 2013

0

Scenario 1 – Incoming mail on multi-role server

Internet email is received on port 25 of Frontend transport service running on CAS server and then it proxies to the Transport component of mailbox server on port 2525, the transport component processes and routes it to the transport delivery on server(mailbox server) where the mailbox is active. Mailbox transport service then listens/receives email on port 475 and delivers email local active mailbox database.

1

Scenario 2 – Incoming mail on two multi-roles

Internet email is received to Hardware Load balancer/NLB on port 25 and at the backend which ever CAS server is available it receives email, further it delivers to the one of the CAS server’s frontend transport service on port 25 in this case meaning as per the slide it choose server2. Here we notice the recipients are two sitting individual on both the server, since CAS is nothing but stateless and proxies the request. It then passes the email to Transport service component of the mailbox server(server2) before it sends to the transport service(of mailbox server) it checks the recipient type if it is mailbox or mail enabled, if mailbox then its versions, no. of recipients, distribution group, so on and accordingly it routes to the best available transport service of any mailbox server(in this case it delivered on the server1 CAS/MBX server, it could have equally delivered to its local server1 also but it doesn’t matter at all, what CAS server looks is for the Transport service of the mailbox server locally or remotely which ever it finds and best available).

Transport service on Server1 is going to categorize the message and checks there are two recipients, located on two different mailbox server active databases, bifurcate that into 2 copies and submits that to the mailbox transport service on each mailbox server that is local to the active database copy for message delivery.

Mailbox transport service then does the content conversion and delivers the copy to the local active mailbox database via RPC.

2

Scenario 3 – Originating mail on two multi-roles

Let us know consider the same scenario like second instead of mail coming on premise we will see email going out of premises originating from mailbox server roles.

Message originating from server1 send email to 3 recipients (one on the same server1, second on the server2 and third on the internet)

User when tries to send an email the mailbox submission service submits the message to the mailbox transport service via RPC, once the transport service on mailbox server1 receives the message it will then choose any of the  local or remote mailbox server transport service. In this scenario the message from Transport service of server1 connects to the transport service of server2, transport service on mailbox server2 categorizes and sees there are three recipients (2 internal and 1 external), bifurcates the recipients and delivers(one on server1 FE transport service, one on server1 mailbox transport service and local server mailbox transport service) the message accordingly. Then the mailbox transport service will  deliver the message to the local active mailbox database copy via RPC and to the FE service on Server1(assuming that we configured on send connector with proxy enabled server1 for outgoing) for external delivery.

3

Scenario 4 – Incoming to DG on separated roles

Here we have now four sites having 1 CAS and 1 MBX server as separate role on each sites.

So now internet users wants to target this four recipients sitting on each site mailbox server sending email.

Having MX pointed to one of the sites and behind the CAS if there is load balancer it will deliver to one of the available CAS servers to that particular site. In this scenario let us choose the third CAS right corner of the slide.

Frontend transport receives that message, it checks there are multiple recipients having mailbox enabled which needs to be delivered, so it choose the local site available transport service as its best for that particular CAS server and delivers it to the transport service on the mailbox server to that local site. The transport service is then going to bifurcate that message, will create 4 copies and delivers that to the mailbox transport component (one locally and 3 to the remotel site mailbox server transport service). Then finally the mailbox transport service on each mailbox server delivers to the local mailbox database copy via RPC.

4

Scenario 5 – Incoming mail to legacy mailbox

So the fifth scenario is very much similar to the fourth but what change happens here is there comes the fifth site having Exchange 2010 HUB / MBX server.

Similarly as mentioned above the message coming from internets delivers the message to the CAS2013 on site 3 and the process is almost same until it delivers to the mailbox transport component of mailbox server site 3 and see what’s next further.

So now the transport service instead of creating 4 copies it will now create 5 copies, now the first four copies whose mailbox is on Exchange 2013 server it will deliver same as mentioned above in scenario 4 but for fifth copy its final delivery seems to be different from other than 4 copies (DAG delivery group) that is mailbox server delivery group (Exchange 2010 HUB server).

Since the mailbox transport doesn’t connects directly to the 2010 mailbox server hence it will route the message to the 2010 HUB server on the fifth site. Then the transport service of the Exchange 2010 HUB server will deliver the email to the final delivery that is the 2010 mailbox server.

5

6 – Client submission to single namespace

In this scenario the user Diana has her mailbox to be located at site A mailbox server1. She is a roaming user and travels often now not it happens to be in another site B for some work and wants to send email to the internet. Let’s see how it goes.

When Diana accesses here mailbox she connects to the local site CAS server(Site B) and tries to send email, the CAS server checks the mailbox location where it belongs and since it finds the users in mailbox server1 in site A, the front end transport service of CAS on site B directly connects to the transport service on site A mailbox server1. Since it has already authenticated at site B CAS server the transport service on mailbox server1 simply sends out the email as front end proxy to its local site A CAS server(as configured in send connector) frontend transport service and from their it goes out to the internet from site A.

6

7 – Client submission for legacy mailbox

Ok, now again similar scenario as sixth but instead of the mailbox version 2013 it is now Exchange 2010.

When Diana accesses her mailbox she would be connecting to site B 2013 CAS server, frontend transport service will authenticates and lookup for the location of the mailbox and its version. Since the CAS FE doesn’t directly talks to the mailbox server of Exchange 2010 MBX it will then connects to the Exchange 2013 mailbox server to its local site’s transport service.

The transport service on Exchange 2013 mailbox server on site B then categorizes the message and connects to the 2010 HUB server on site B based on the AD cost and then it will deliver the email to the mailbox on site A HUB to MBX 2010.

7

8 – Transport high availability

Exchange 2013 replaces shadow redundancy with new feature called Safety Net.

In Exchange 2010 when the message was sent from one HUB server to relay out to the next (first) hop the shadow queue was used to generate on the source (previous hop) server but in 2013 the shadow queue is created on the first hop right from the server where the mail is generated for guaranteed redundancy.

In 2013 now DAG is the transport boundary for high availability as compared to transport dumpster which was single point of failure meaning if the shadow queue on which mail.que was generated and in the event of lossy failover and Transport dumpster on which it is configured(HUB) failed too then you could not recover email.

So now when DAG is a HA boundary any message coming into DAG group now the message is queued not only in local site shadow queue but also remote site meaning in the event of local site failure you can resubmit the email at the time of failover or manually mounting the databases. Resubmit is also possible by doing manually using PowerShell command.

So that HA queue is nothing but called safety net which was introduced in 2010 exchange online and revealed it later with Exchange 2013 as new feature.

Safety Net retains data for a set of period of time (Time bases, default is 2days), regardless of whether the message has been successfully replicated to all database copies or delivered to final destination.

FYI – Safety Net period should be at least equal or greater than your LAGGED database time to prevent data loss.

 1 – Mailbox01 receives message from a server outside the transport high availability boundary

2 – Before acknowledging receipt, Mailbox01 initiates and succeeds in making the message redundant on Mailbox03’s shadow queues

3a – Transport on Mailbox01 processes message and attempts delivery via mailbox transport

3b – Mailbox transport on Mailbox01 in turn delivers the message to Store

3c – Transport on Mailbox01 queues a discard status for Mailbox03 (Shadow) and moves the message to Primary Safety Net.

4 – Mailbox03 (Shadow) periodically polls for delivery status on the primary copy of the message

5 – When Mailbox03 determines Mailbox01 has successfully processed the primary copy of the message, it moves the message to its Shadow Safety Net.

8

Inspired by Ross Smith’s IV presentation on Transport Architecture and thought of an interest to blog the same. You can check his presentation @TechEd Session

 

Posted in Exchange Servers | 6 Comments

Understanding Client Access Protocol Connectivity Flow – Microsoft Exchange Server 2013

Autodiscover (External Clients) – Exchange 2010 coexistence with Exchange 2013  

Exchange 2010 Client queries internet DNS for autodiscover.contoso.com and connects to internet facing site Exchange 2013 CAS server and it then proxies the request to 2010 CAS server. CAS 2010 then handles the request, generates the autodiscover.xml query and response back to the clients

Exchange 2010 client (Non-internet facing site) queries internet DNS for autodiscover.contoso.com and connects to internet facing site Exchange 2013 CAS server and it proxies the request to 2010 CAS server (non-internet facing site). CAS 2010(Non-internet facing site) then handles the request, generates the autodiscover.xml query and response back to the clients

Autodiscover - 2010-2013

Autodiscover (External Clients) – Exchange 2007 coexistence with Exchange 2013 

Exchange 2007 Client queries internet DNS for autodiscover.contoso.com and connects to internet facing site Exchange 2013 CAS server and it redirect the request to 2013 mailbox server(internet facing site). Mailbox server 2013 then handles the request, generates the 2007 autodiscover.xml and response back to the clients

Exchange 2007 Client (Non-Internet facing site) queries internet DNS for autodiscover.contoso.com and connects to internet facing site Exchange 2013 CAS server and it proxies the request to 2013 Mailbox server. Mailbox server 2013 then handles the request, generates the 2007 autodiscover.xml and response back to the clients

Autodiscover - 2007-2013

Autodiscover (Internal Clients) – Exchange 2010 coexistence with Exchange 2013 

Exchange 2010 client(internet facing site) queries internal DNS for service connection point object that is autodiscover.contoso.com and connects to Exchange 2013 CAS server and it proxies the request to 2010 CAS server.

In this case irrespective of the mailbox hosted on Exchange 2010 mailbox server either on site A or site B the CAS 2013 proxies the request to CAS 2010. CAS 2010 then handles the request, generates the autodiscover.xml query and response back to the clients

Autodiscover Internal 2010-2013

Autodiscover (Internal Clients) – Exchange 2007 coexistence with Exchange 2013 

Exchange 2007 client(internet facing site)  queries internal DNS for service connection point object that is autodiscover.contoso.com and connects to Exchange 2013 CAS server and it proxies the request to 2013 mailbox server.

In this case irrespective of the mailbox hosted on Exchange 2007 mailbox server either on site A or site B the CAS 2013 proxies the request to mailbox server 2013. Mailbox 2013 then handles the request, generates the exchange 2007 autodiscover.xml query and response back to the clients

Autodiscover Internal 2007-2013

Outlook Anywhere – Exchange 2007 & 2010 coexistence with Exchange 2013 

Exchange 2007/2010/2013 – mail.contoso.com (internet facing site)

Exchange 2007/2010 client queries internet DNS for mail.contoso.com and connects to internet facing site Exchange 2013 CAS server and it redirect the request to either 2007/2010 CAS server(internet facing site) based on the mailbox version

Client queries internet DNS for mail.contoso.com and connects to internet facing site Exchange 2013 CAS server and it redirect the request to either 2007/2010 CAS server(Non-internet facing site).

What is important here to enable OA on all Exchange 2007/2010 CAS servers with NTLM authentication enabled so that it can proxy to the end point of the OA request to the other site as well. Also the FQDN must be same for the Exchange 2013/2010/2007 OA as it responds back to the client with the URL.

OA 2007-2010-2013

Outlook Web App – Exchange 2007 coexistence with Exchange 2013 – CAS Redirection / Different Namespace

  • Exchange 2013 – mail.contoso.com (Internet facing site A)
  • Exchange 2007 – legacy.mail.contoso.com (Internet facing site A)
  • Exchange 2007 – Europe.mail.contoso.com (Internet facing site B)

Exchange 2007 client (Site A legacy.mail.contoso.com) using FQDN mail.contoso.com which connects to Exchange 2013 CAS server OWA logon page, after entering the credential based on the mailbox version it then redirects the request to exchange 2007 CAS server (internet facing site) which prompts another logon OWA page for dual authentication – This was till Exchange 2013 CU1 where silent redirection was not implemented yet.

With Exchange 2013 CU2 now the silent redirection (single sign on) takes place where only once the OWA login page is displayed to the end users.

Exchange 2007 client (Site B legacy.mail.contoso.com users) using FQDN mail.contoso.com which connects to Exchange 2013 CAS server OWA logon page, after entering the credential based on the mailbox version it then redirects the request to exchange 2007 CAS server (internet facing site A) which prompts another logon OWA page for dual authentication– This was till Exchange 2013 RTM where silent redirection was not implemented yet. Further since the client is in site B the internet site A Exchange 2007 CAS server proxies the cross site request to the site B Exchange 2007 CAS server

With Exchange 2013 CU2 now the silent redirection (single sign on) takes place where only once the OWA login page is displayed to the end users.

Exchange 2007 client (Site B Europe.mail.contoso.com) using FQDN mail.contoso.com which connects to Exchange 2013 CAS server OWA logon page, after entering the credential based on the mailbox version it then redirects the request to exchange 2007 CAS server (Europe.mail.contoso.com internet facing site B) which prompts another logon OWA page for dual authentication– This was till Exchange 2013 RTM where silent redirection was not implemented yet.

With Exchange 2013 CU2 now the silent redirection (single sign on) takes place where only once the OWA login page is displayed to the end users.

OWA 2007-2013

Outlook Web App – Exchange 2010 coexistence with Exchange 2013 

Client queries to the FQDN mail.contoso.com which connects to Exchange 2013 CAS server OWA logon page, after entering the credential based on the mailbox version it then proxies the request to exchange 2010 CAS server(internet facing site).

Client(non-internet  site B) queries to the FQDN mail.contoso.com which connects to Exchange 2013 CAS server(Internet facing site) OWA logon page, after entering the credential based on the mailbox version it then does cross site proxies the request to exchange 2010 CAS server(non-internet facing site).

Outlook Web App – Exchange 2010 coexistence with Exchange 2013 – CAS Redirection / Different Namespace

  • Exchange 2010 – Europe.mail.contoso.com (Internet facing site B)
  • Exchange 2013 – mail.contoso.com (Internet facing site A)

Exchange 2010 client using FQDN mail.contoso.com which connects to Exchange 2013 CAS server OWA logon page, after entering the credential based on the mailbox version it then redirects the request to exchange 2010 CAS server (internet facing site B) which prompts another logon OWA page for dual authentication – This was till Exchange 2013 RTM where silent redirection was not implemented yet.

With Exchange 2013 CU2 now the silent redirection (single sign on) takes place where only once the OWA login page is displayed to the end users.

OWA 2010-2013

Outlook Web App – Exchange 2013 Only – CAS Redirection / Different Namespace

  • Exchange 2013 – mail.contoso.com (Internet facing Site A)
  • Exchange 2013 – Europe.mail.contoso.com (Internet facing Site B)

Client (site B Europe.mail.contoso.com users) using FQDN mail.contoso.com which connects to Exchange 2013 CAS server OWA logon page (Site A), after entering the credential based on the mailbox version it then redirects the request to exchange 2013 CAS server (internet facing site B) which prompts another logon OWA page for dual authentication – This was till Exchange 2013 RTM where silent redirection was not implemented yet.

With Exchange 2013 CU2 now the silent redirection (single sign on) takes place where only once the OWA login page is displayed to the end users.

OWA Different URL 2013

Outlook Web App – Exchange 2013 Only – CAS Proxies / Same Namespace

  • Exchange 2013 – mail.contoso.com (Internet facing Site A)
  • Exchange 2013 – mail.contoso.com (Internet facing Site B)

Client (site B Europe.mail.contoso.com users) using FQDN mail.contoso.com which connects to Exchange 2013 CAS server OWA logon page (Site A), after entering the credential based on the mailbox version it then redirects the request directly to exchange 2013 Mailbox server (in site B) which will over comes the loop scenario as compared to Exchange 2007 or 2010 because of the same external URL name space.

OWA Same URL 2013

Active Sync – Exchange 2007 coexistence with Exchange 2013

  • Exchange 2013 – mail.contoso.com (internet facing site A)
  • Exchange 2007 – europe.mail.contoso.com (Internet facing site B)

Client (Internet facing site A) queries DNS for FQDN mail.contoso.com and connects to Exchange 2013 CAS server and it proxies the request to 2013 Mailbox server. Mailbox 2013 server then proxies the request to Exchange 2007 CAS server – MBX server.

Client (Non-internet facing site B mail.contoso.com users) queries DNS for FQDN mail.contoso.com and connects to Exchange 2013 CAS server (internet facing site B) and it proxies the request to 2013 Mailbox server. Mailbox 2013 server then proxies the request to Exchange 2007 CAS server – MBX server.

Client (internet facing site B users – Europe.mail.contoso.com) queries DNS for FQDN mail.contoso.com and connects to Exchange 2013 CAS server (internet facing site A) and it proxies the request and it proxies the request to 2013 Mailbox server. Mailbox 2013 server then proxies the request cross site to Exchange 2007 CAS server – MBX server in site B

If your Exchange 2007 users are moved from site B Europe.mail.contoso.com to mail.contoso.com Exchange 2013 server the profile might have to be reconfigured as the http redirect 451 comes here into this scenario.

EAS 2007-2013

Active Sync – Exchange 2010 coexistence with Exchange 2013

  • Exchange 2013 – mail.contoso.com (internet facing site A)
  • Exchange 2010 – europe.mail.contoso.com (Internet facing site B)

Client (Internet facing site A) queries DNS for FQDN mail.contoso.com and connects to Exchange 2013 CAS server and it proxies the request to 2010 CAS server.

Client (Non-internet facing site B) queries DNS for FQDN mail.contoso.com and connects to Exchange 2013 CAS server (internet facing site B) and it proxies the request to cross site 2010 CAS server on site B.

Client (internet facing site B users – Europe.mail.contoso.com) queries DNS for FQDN mail.contoso.com and connects to Exchange 2013 CAS server (internet facing site B) and it proxies the request to cross site 2010 CAS server on site B. (remember http redirect code 451 now it doesn’t exist instead it proxies with mutli namespace)

EAS 2010-2013

Web Services – Exchange 2007 coexistence with Exchange 2013

  • Exchange 2007 – legacy.mail.contoso.com (Internet facing site A)
  • Exchange 2007 – Europe.mail.contoso.com (Internet facing site B)
  • Exchange 2013 – mail.contoso.com (Internet facing site A)

So now autodiscover is responsible for giving the client web services URL and when Exchange 2007 client(site A) connect to autodiscover.contoso.com, it queries autodiscover for the right CAS server URL based on the mailbox version and users then directly connects to Exchange 2007 CAS server (Site A legacy.mail.contoso.com users) .

Exchange 2007 client(site B legacy.mail.contoso.com users) connect to autodiscover.contoso.com, it queries autodiscover for the right CAS server URL based on the mailbox version and users then directly connects to Exchange 2007 CAS server (Site A legacy.mail.contoso.com users)  further the site A CAS server proxies the request to site B Exchange 2007 CAS server.

Exchange 2007 client(site B legacy.mail.contoso.com users) connect to autodiscover.contoso.com, it queries autodiscover for the right CAS server URL based on the mailbox version and users then directly connects to Exchange 2007 CAS server (Site B europe.mail.contoso.com users) .

Autodiscover is responsible here for the web services for you to give the right URL and the right direction.

Web 2007-2013

Web Services – Exchange 2010 coexistence with Exchange 2013

  • Exchange 2010 – Europe.mail.contoso.com (Internet facing site B)
  • Exchange 2013 – mail.contoso.com (Internet facing site A)

Exchange 2010 client(Site A mail.contoso.com users) using FQDN mail.contoso.com which connects to Exchange 2013 CAS server based on the mailbox version it then redirects the request to exchange 2010 CAS server (internet facing site).

Exchange 2010 client (Site B europe.mail.contoso.com users) using FQDN mail.contoso.com which connects to Exchange 2013 CAS server based on the mailbox version it then cross sites the request to exchange 2010 CAS server (internet facing site B).

Autodiscover is responsible here for the web services for you to give the right URL and the right direction.

Web 2010-2013

Inspired by Greg Taylor’s presentation on CAS 2013 and thought of an interest to blog the same. You can check his presentation @TechEd Session

Posted in Exchange Servers | 7 Comments

Microsoft Certified Master / Solution / Architect Exchange – Insider’s Views

Sad news out past week about retiring MCM/MCSM/MCA certifications and it has disappointed, discouraged & demotivated many of the Exchange experts who currently hold this certifications / about to give exams / who aim or prepare to be one of them.

Even in this case I wouldn’t want to give up the passion or have anything bad to say about because I already know (preparing for it & going through the pre-reading list) what it means.

I would rather to encourage thought of bringing those highly motivating words right from the Masters who have already sown & thrilled the hearts of Exchange guys by their invaluable comments & their passion.

Not knowing what’s next I still hope, learn, prepare myself for knowing & understanding Exchange via whatever the available resources (TechNet/Help.chm) / peer groups (friends/colleagues)/ Expert’s articles / Master’s blogs.

Hear it from Masters what it takes – John Rodriguez, Andrew Ehrensing, David Zazzo & Greg Taylor

The people who come for this program are the people who really looking either to take it to the next level or fill in all the gaps, they already know exchange, and they are looking to increase their knowledge of Exchange. You don’t come here to learn, you come here to kind of improve and go beyond.

Also you are in the room with lot of peers who are at the top level in their field so instead of just being one expert in the room, one or two or three…you realize that you are just one of 15 / one of the 20 people in the room, all are operating at your level and your caliber.

You can’t get this content anywhere else, you won’t get this content anywhere else and so just by going through that hopefully make you better expert on Exchange,

Let’s get the show on the road of three weeks having Exchange loving :)

People who go through the program come out the other side with a far greater awareness and understanding of the product

So for example – If you already knew some client access you will learn twice as much here, if you already understood disaster recovery you would learn even more here. The idea is to take basic level content you will find in the Microsoft Certified IT Professional track and go far beyond that.

Don’t under estimate the program don’t go and think that you can cruise through things thinking that I know exchange server, I passed all MCP exams am good to go because you will be very quickly realigned and recalibrate with that

It is very intense experience the days are long the content comes at you hard and fast, it’s not the blink and you miss it but it’s a lot of content coming very quickly

First few days are settling and experience then you get in to routine and before you know you are awaken up 6:00am every day and go to bed 11:00PM every day and only you find yourself in the middle of Exchange

You know the values going to be the long term results of your projects so it’s going to be what’s the technical qualities of your deliverables is, you know it should be higher

Somebody who has been through this program represents the much more complete and professional picture to a client to a customer they understand why we make the decision or why Microsoft makes recommendation that we do

Then it is about proving your customer and having a stand proof approval right you’ve been signed off by Microsoft you passed the technical qualities you passed the bar. So the customers can feel good and get the assurance that they are working with top tier experts trained signed off by Microsoft and the product group really is big part of this, that solution should work to meet the needs of the customer

Be prepared to dedicate yourself to exchange for three weeks it’s that simple you cannot juggle this with work you cannot juggle this with family visits going out you are here for Exchange and you are going to learn Exchange and you are going to be immersed in Exchange and kind of subsumed in it.

Having the peer groups both as support system and as a sounding board is also benefit in the class itself

As part of participating in the MCM rotation really it is the access to the product group access to the community that you wouldn’t may be even know that it exist in the first place and being know you know that exist and you know that everyone is of the same technical excellence its invaluable resource I have this weird desired edge case, hey what you guys think send right and you get the mind hive, you can get all the other MCMs and all the other Rangers from Exchange 2003 to 2010 and then the next version, you know thinking about it you get a lot of expert ideas and expert opinions about it may be how to solve this edge case that you haven’t come across before

But if you dedicate yourself to it and you really do – except that is your focus for those three weeks at the end the reward is that you will be unrecognizable you won’t recognize yourself as an Exchange Professional you will grow that much am not talking about maturation or something like that I mean the content you will learn will be just staggered.

 

MCM Logo

Posted in Exchange Servers | Leave a comment