Managing e-mail servers is among IT's most painful tasks. It's no wonder, then, that Microsoft chose Exchange as the server product that would capitalize on the benefits of Longhorn first.
We managed to get an early look at Microsoft Exchange Server 2007 Beta 2, eagerly anticipating some pain relief. We're pleased to report that this is a compelling upgrade. Not only has administration improved, but Exchange 2007 turns out to be a felicitous example of Microsoft's time-honored strategy: Add features that used to require separate applications in order to grab more market share.
Exchange 2007 integrates two new Microsoft antivirus and antispam options and adds a powerful new command shell. Most impressive of all, Microsoft has reworked the install process to enable administrators to set up Exchange in several common, preset configurations, potentially simplifying setup. In addition, new support for handheld devices could pose a serious challenge to the BlackBerry's dominance in mobile e-mail.
But that's not all. Microsoft has also reworked the Exchange management console GUI with a new look and feel designed to decrease keystrokes and mouse clicks and ease the day-to-day grind that today's e-mail administrators endure. And for the first time, all administration functions can be performed from either the GUI or the command line.
Revving up for Exchange
Beta 2 doesn't have quite the install process the production version will use, but it's close. Hardware requirements are an important difference. You can run the beta on 32-bit CPUs, but for the production version, Microsoft says Exchange 2007 will do 64-bit silicon only. This will support much larger mail stores and faster e-mail processing, but the downside -- especially for small businesses -- will be the need to purchase new servers.
Moreover, because Exchange is on track to be released later this year, it may arrive well ahead of Longhorn. If so, early adopters of Exchange 2007 will need Windows Server 2003 x64 until the Longhorn OS shows up.
But getting Exchange 2007 up and running has more new wrinkles. In the installation process, Exchange 2007 introduces the concept of "roles," a departure from the mail server's previous one-size-fits-all model. Some server roles can coexist on the same machine, whereas others must be elsewhere, such as the DMZ.
The default roles for a typical Exchange 2007 installation are Mailbox, Client Access, and Bridgehead. These provide, respectively, mailbox storage, client connectivity (including Outlook Web Access), and internal transport. Other roles include Unified Messaging, Edge Transport, and Clustered.
For our beta test, we ran a standard set of roles on a Dell PowerEdge 1800 with dual 3.0 Xeon processors and 2GB RAM running Windows Server 2003 SP1. Also on the network was our existing Windows 2003 domain controller handling Active Directory, DNS, and other sundries, as well as a smaller Dell PowerEdge SC1420 running Windows 2003 Server Standard. We placed this in the DMZ and installed Exchange 2007, again with the Edge Transport role.
As part of the installation, we were prompted to install some prerequisites, including IIS (Internet Information Server), Microsoft Management Console, a Windows .Net update, and Monad, now officially called Windows PowerShell. With those completed, installing Exchange initially failed but was successful on the second attempt -- a classic case of beta willies. A call to Microsoft determined that it was a bug in the beta software, which failed to alert us to a required restart of the installation routine after installing IIS.
Mail on the edge
After installation completes, you'll discover a richer array of options than Exchange 2003 offers. Take the Edge Transport server role. Allowing direct SMTP connections from the Internet to a domain member inside the firewall always turns security officers green. This is why the edge e-mail server was invented, so an SMTP relay server could be placed in the DMZ. The relay server had generally been a Unix or Linux system running Sendmail or Postfix with open source antivirus and antispam filtering, turning the edge server into an effective e-mail gateway without spending loads more on another e-mail server license.
Exchange 2007 seeks to bring all that functionality into the Microsoft family via Edge Transport. This role offers an SMTP relay function on a Windows platform that's not a member of the active directory domain. Edge Transport is, effectively, a stripped-down version of Exchange with no mailboxes. Microsoft has fleshed this out by adding two options for antivirus and antispam -- but only for folks with an enterprise license for Exchange. Those people, however, have a choice of two Microsoft solutions: the FrontBridge hosted AV/AS services or a Sybari-based local package called Forefront.
FrontBridge has a per-user/per-month service charge; Forefront has up-front licensing and requires an annual fee for security updates. Exchange users without enterprise CALs (client access licenses) can still install their own AV/AS software, but the Microsoft versions are off-limits according to the Exchange team. Whether the Edge Transport role ()will do better than an open source edge relay is a question with some complexity.
The power of Monad
Next to roles, one of the most useful new features we found for day-to-day Exchange Server administrators is the new Exchange Management Shell, built on the foundations of Windows PowerShell, previously code-named Monad. The new Management Shell is sexy because it goes a long way toward giving Exchange administrators the same powerful command-line environment about which their Unix counterparts have long been bragging. From our testing, literally anything that can be done through the GUI-based Exchange Management Console -- formerly known as System Manager -- can now be done at the command prompt.
We ran the Management Shell through its paces, too, including automating account creation, running mailbox moves, and statistics gathering. It worked well in publishing mailbox and server statistics automatically to a Web page, for instance. An especially nice feature is that tasks performed in the GUI console also display the text-based command syntax for reference -- a good thing because we didn't find the command syntax to be all that intuitive.
The ups and downs of Web access
Administrators aren't the only ones who can look forward to new goodies. Users will love OWA (Outlook Web Access), which has undergone a transformation; the Web UI is now a practical mirror of the Outlook 2003 desktop version. Plus, at long last, Microsoft has seen fit to deliver a much faster search engine.
But Exchange 2007's OWA may also cause a headache or two for some administrators because it adds the ability for OWA users to map to Windows shared folders -- or SharePoint sites -- anywhere on the network, not just on the Exchange server. So after logging in to OWA, users can potentially view documents in any shared folder on the domain that they would have permission to access -- from, say, Windows Explorer.
On the surface, this is a very nice function that used to be available to a remote user only via VPN. The security implications are, of course, a different question. Now, if an OWA account gets hacked, not only do the bad guys get access to e-mail and Exchange public folders, but they potentially get the ability to read data anywhere on the network. Microsoft says this feature will be disabled by default in the production version of Exchange 2007, but after it's enabled, there are no additional blocks between OWA access and shares, so the headache will remain.
While OWA was developed by the Exchange team, the Office 2007 team has added some new features of its own in Outlook 2007. We installed the beta of Outlook 2007 on a Windows XP workstation and connected to our Exchange 2007 machine. Two synergies come out of this union: the aforementioned faster searching and a new feature called auto-discover.
With auto-discover, users don't need to know a server and mailbox name to configure their Outlook profile -- or rather, their administrators don't need to know them. Now, you just fire up Outlook for the first time, enter a user name and password, and Outlook will find and communicate directly with Exchange to determine where the mailbox is located. In a large network, this can save quite a bit of legwork for the desktop support staff.
If you want to try this in your own beta evaluation, be aware that during our test, this function did not work until we configured certificate services and SSL. According to Microsoft, in the production release, SSL will be recommended but optional. Even after auto-discover started working, however, we found that it still allowed us to open a mailbox without a password, simply by knowing the e-mail address. Microsoft said this appears to be a bug. We agree.
Mail on the road
The joys of Windows Mobility have come a long way. To prove it, Microsoft kindly provided us with an i-Mate K-JAM smartphone running Windows Mobile 5.0. Microsoft is very clearly chasing the BlackBerry grail, turning the combination of Windows Mobile and Exchange into a solid e-mail push combination.
First, all the iMate had to do was connect to Cingular's wireless data service. Afterward, pushing e-mail to and from the Exchange server was a simple task that happened with more-than-acceptable speed. In Exchange, this new functionality is housed in its native gateway, handling not only mailbox synchronization but calendaring and contacts as well. Functionality overall was similar to RIM's BlackBerry.
The upgrade decision
Overall, Exchange 2007 is a very likable upgrade. The new management interface is somewhat reorganized; and while Microsoft did succeed in making it a mite cleaner overall, the UI most likely won't save you much real time in day-to-day work. On the other hand, the addition of the command line management console very well help you recoup some of your workday. Indeed, the Exchange Management Shell may be worth the upgrade all by itself for some folks.
Microsoft's addition of server roles in Exchange 2007 is a slightly bumpier road. For new installations, it's a very obvious step up. For folks with existing e-mail infrastructures that will need to migrate to Exchange 2007, it may add some complexity.
In the end, users may enjoy the benefits of Exchange 2007 as e-mail administrators will. OWA and Windows Mobility both seem like "nice-to-haves" at first blush, but both have powerful long-term potential. The 2007 OWA interface is so good that the concept of thin-client computing actually becomes feasible for enterprise e-mail. And although Windows Mobile 5.0 may take some time to overtake the BlackBerry, all the technology components to enable that to happen are here and working in Exchange 2007.
If there's anything we really don't like about Exchange 2007, it's got to be the sudden move toward x64-only. Sure, we were expecting it, and it's probably even a good idea in the long run, but Redmond's really throwing early adopters a curveball here by releasing a 64-bit-only e-mail server before it releases Longhorn. That means Windows Server 2003 x64 until Longhorn arrives, followed by more OS migration migraines. The timing could have been better.
That gripe aside, Exchange 2007 Beta 2 represents a solid evolutionary step up from the existing platform. And if Microsoft fixes the security bugs we found, Exchange 2007 can reduce administrators' malware worries and improve users' e-mail experience in one swoop.