The newest upgrade to Microsoft's Exchange 2003, based on our testing of the Release to Manufacturing version, is a welcome one, offering performance, security and anti-spam features that many users have longed for. The new Exchange Server 2003 includes an impressive list of features and enhancements and while this version might not boast enough new features to lure non-Exchange users to switch, the veteran Exchange shop will truly enjoy the enhancements. We also tested the latest Outlook 2003 client, which features a new look and better spam filtering.
Exchange requires Microsoft Windows Server 2000 Service Pack 3 or Windows Server 2003 software. Win Server 2003 provides some additional functionality to Exchange, such as support for an eight-node cluster. Also, the Volume Shadow Copy services, new in Win Server 2003, can provide database replication for the Exchange message stores. This copy of the database can be used for immediate failover, or can greatly widen your back-up window (if your back-up software also supports Shadow Copy).
Win Server 2003 is different than previous versions, with most of the services disabled by default. To ensure a successful Exchange 2003 installation, new deployment tools are included to help users configure Windows Server and Active Directory correctly, and then deploy Exchange 2003. The tools function like checklists to ensure that you've followed the necessary steps. For example, the deployment tools not only explain to first configure Active Directory, but also show how to check the configuration. It will not let you proceed until you've checked off each task in the list. Installing or upgrading, all at once or in pieces, the deployment manager can explain how to proceed.
A welcomed new feature in Exchange 2003 is the ability to combat unwanted email and spam (Microsoft calls it 'junk e-mail.'). Exchange now has some additional filtering available at the Simple Mail Transfer Protocol gateway, the entry point where the outside world delivers email to you. Messages can be blocked based on the user or domain where the mail claims to be from, or based on who the message is intended for. Delivery connection attempts can be denied based on the origination address. Several anti-spam features are also included on the new Outlook client.
Another tool that many will appreciate is the Mailbox Recovery Centre. In the past, if the Active Directory account became disassociated from the user's mailbox (through corruption, deletion and the like), the only solution was to create a new, empty mailbox for that user. The Mailbox Recovery Centre now gives administrators the ability to discover "orphaned" mailboxes and re-link them with Active Directory accounts. It also will warn of conflicts, for example if one mailbox is assigned to two users.
Distribution lists also received some attention in this release. First, the caching process was redesigned so membership and other queries against a distribution list are completed much faster. We didn't benchmark against an older Exchange system, but Microsoft says that on average, 60% fewer Active Directory queries are made in Exchange 2003. Instead of making a new query to Active Directory, the results are more frequently available in cache. Second, a new type of distribution list was created, the Query-Based Distribution Group. A query can be used to select users or other groups based on many of the fields in the Active Directory. For example, you now can find everyone in sales or everyone with the title of "manager." This query is executed each time it is invoked, so it is always current.
Another performance enhancement is better virtual memory usage. Exchange now makes variable memory requests, based on the size of the system, instead of using "hard coded" values. Older versions would allocate many small blocks of memory to perform a task. Exchange 2003 now optimises these requests into fewer, larger requests in order to not waste portions of memory. If Exchange discovers that it is not configured optimally, it sends a note to the Event Viewer to provide an idea of what changes to make.
To dig into the documentation, use a machine with a network connection. While the documentation is pretty complete, it is all online at the Microsoft Technical Library, or technet. This lets Microsoft update documentation as needed, but it requires users go online to read it.
It's all about the client
While technically part of the Microsoft Office 2003 Suite, which is scheduled to launch on October 21, Outlook 2003 is the full-featured client for Exchange 2003. The software has received a bit of a facelift with a different look and feel; however, it is still familiar enough for the veteran user to find their way around. Some of the changes are simple, yet useful. For example, message flags now can be done in six colors. When you order your items, they can be separated into groups, each of which can be collapsed individually.
Probably the most welcomed feature is the junk filters. In addition to what's offered at the SMTP gateway, each user can control how junk email is handled. The junk-mail filter operates in three modes: Low, which removes only the most obvious offenders; High, which catches most of the junk, but might flag a legitimate message occasionally; and Safe List only, which flags all messages from everyone that the user hasn't pre-approved. You also can delete these messages automatically instead of moving them to the junk folder. We wouldn't recommend deleting messages for the more aggressive filter settings.
The user can flag messages as junk as they read them. An address can be added to a safe sender list that tells the filter to accept all messages from that person. Users also can send names to a Blocked list, which blocks every email from that address.
Another interesting enhancement stems from the use of embedded content in messages. Sometimes users receive a message that has a picture or a banner embedded in it. This content might be hosted on an external website. With increasing frequency, spammers are using this technique to find which email addresses are real. When the client connects and requests the content, the web server can request the email address of the requestor. Bang! You've just been harvested. Outlook can be set to not automatically download this content. It can be set to not do it at all, to only do it for sites in the Trusted Zone, or to warn the user first. This setting is one of the security options, and can be changed.
Microsoft also has taken strides in compressing the Messaging API datastream when the Outlook 2003 client is connected to the Exchange server. While an older Outlook client can be used to connect to Exchange 2003, the datastream will not be compressed. Exchange 2003 has been optimised with buffer packing to make the most out of each transmission back to the Outlook 2003 client. After the data is compressed, it is assembled into larger packets that are arranged in a package that minimizes the needed number of transfers.
To access your Exchange mailbox from anywhere on the Internet, you would have to use Outlook Web Access (OWA) or fire up the trusty VPN. Outlook 2003 can be used to connect to Exchange 2003 using Secure- HTTP, thereby gaining an encrypted connection into the Exchange system without opening new ports on your corporate firewall. Exchange 2003 does this by tunneling the normal Remote Procedure Call (RPC) traffic inside of HTTP packets.
Additional setup is required to gain this functionality. First, the Exchange 2003 servers must be running Win 2003. Next, you will need to dedicate a server to be a front-end RPC proxy, and position it near the edges of your corporate network, perhaps in the firewall's demilitarized zone. The Exchange servers also need to be configured to accept RPC proxy connections. Finally, you need to create a separate profile within Outlook 2003 to use RPC over HTTP. (Again, cached mode must be used.) If users are frequently in and out of the office, they can use this profile in both situations, provided they can connect to the RPC proxy server when inside the corporate firewall.
Even though that is a lot of work, it's also generally less expensive than buying a complete VPN solution that is only used to protect your email connections. If you're using a VPN for other remote connectivity, you might not need this feature. But if you've been shutting NetBIOS and RPC off at the border to protect yourself from intrusions, this might be a way to once again give your remote users access to a full client.
On the move
The new look and feel of Outlook Web Access 2003 is very similar to the full client. Further, Microsoft extended some of Outlook's security features. Secure Multi-purpose Internet Mail Extensions message encryption is available in OWA, as well as the "external content blocking" features. There is also a timeout on the session cookie that keeps track of the OWA connection. The administrator can decide if the default 15 minutes is long enough.
If users connect to OWA with a browser earlier than Internet Explorer 5.01, they are given the choice of connecting in basic mode, which removes some of the functionality in favor of better performance. For additional performance, GZip compression can be enabled for clients using Internet Explorer 6.0.
Finally, Microsoft has wrapped Mobile Information Server, which had been sold separately, into OWA. The new service, dubbed Outlook Mobile Access, is designed for thinner clients, such as cell phones and Windows Powered Mobile Devices. While we did not test these features, Outlook Mobile Access extends the Exchange mailbox to these handheld devices through synchronization or micro-browser interfaces.
This is a rather feature-packed upgrade. While there might not be enough to motivate non-Exchange folks to switch, existing Exchange shops will certainly enjoy this upgrade. Putting anti-spam tools in the hands of your users might make the investment worthwhile, and performance enhancements are always welcome.
Berkley is the manager of LAN Support Services with the University of Kansas. He can be reached at email@example.com.