Exchange 2003 makes it harder for systems administrators to mess things up, Microsoft says.
Steve Conn, an Exchange product manager, told Computerworld that a key focus of Exchange 2003, which was released to corporate users on August 1, was to reduce the opportunity for configuration errors that can cause security problems.
“We found that with Exchange 2000 we gave people new technology and then said ‘Go and install it’,” he says. “We have put a lot more effort into documentation and a lot of effort into wizards.”
At the Tech-Ed conference last month Microsoft said 95% of security breaches could have been avoided with an alternative configuration. Conn says the new installation process walks administrators through a number of questions about the local environment. The installer also checks the configuration of other services such as DNS.
Exchange 2003 introduces a new messaging protocol, which Microsoft calls RPC-over-HTTP. It’s an implementation of Exchange’s MAPI protocol over HTTP, allowing mail clients to connect natively to Exchange servers from outside the local network without exposing the standard Exchange ports or requiring a virtual private network.
Exchange 2003 implements RPC-over-HTTP using an encrypted HTTPS connection. Conn says it will make life easier for “standard” end users and helpdesks, and will provide a more functional environment for companies currently using IMAP and SMTP outside their networks. “It’s a much richer experience going through the MAPI proprietary interface,” he says.
Although only Microsoft’s own Outlook 2003 client currently supports RPC-over-HTTP, Conn says the company will evangelise the new protocol. It will be documented and developers of other mail clients and servers will be encouraged to implement it.
Standard mail protocols such as IMAP will continue to be supported in Exchange, however. “Since we have got a good implementation, we’re going to keep supporting it,” Conn says.
In contract to earlier versions, when most services were enabled by default, Exchange 2003 ships with some services turned off. Microsoft hopes fewer services will mean fewer security headaches.
“What we tried to do is that things that an email administrator expects to be working out of the box, works out of the box,” Conn says. That means MAPI, SMTP and webmail are all enabled, but RPC-over-HTTP, IMAP, POP3 and mobile services will be switched off by default.
Under the hood, the biggest change in Exchange 2003 is its virtual memory implementation. “We rearchitected the way that we did VM allocations and deallocations,” Conn says, adding that Exchange 2003 should perform better than its predecessors under high load and in clustered environments.
The next big change for Exchange will be support for WinFS, the forthcoming indexed file service that will use technology from SQL Server.
|Exchange for ISPs
Next month Microsoft will announce some updates for Exchange 2003 aimed at ISPs and hosting providers, Steve Conn says.
Exchange has traditionally been used for workgroups and enterprise environments rather than internet mail providers. It is common for system administrators to choose to hide Exchange servers behind mail relays, proxy servers or firewalls so as not to expose Exchange to internet traffic.
But Conn says Microsoft has improved Exchange scalability and will be targeting hosting companies.