Ignite 2015: Exchange 2016

Session: FND2204

  • Superior performance and reliability – fault tolerance and self-healing baked in
  • Robust, Proven architecture
  • Flexible, future-ready foundation
  • Deeply integrated with other products

Office 365 introduces the new features, baked, refined, then packaged into Exchange 2016. Final release will be fall/winter 2015 Exchange 2016 focus areas: Better collaboration, smarter inbox, mobile productivity, modern datacenter, security and compliance.

Better Collaboration

  • On-premises, Exchange 2016, SharePoint 2016, Office web apps server 2016
  • Hybrid: Documents stored in Office 365, but the rest is on premises
  • Shows a demo of attaching a file to an Outlook message. New file picker and larger attachment icon/description. Files in sharepoint are automatically permissioned to edit the file (or view only).
  • Shows another demo of OWA, where you edit an attachment in OWA, it automatically downloads it, lets you edit, and reattaches all in one step.

Smart Inbox

  • 25% of Exchange online people have a 0 message inbox each day
  • Most people just search on a single word
  • Search enhancements: Faster search performance, more accurate results, more complete results
  • Search goes back to the Exchange server for results
  • You now get search suggestions and fuzzy matches
  • You can now search calendars in OWA

Exchange 2016 now supports a REST API for easy extensibility. OpenSource examples on GitHub.

Demos a number of OWA 2016 enhancements, ported from Outlook.com and Office 365. Shows a demo of the new Outlook.com application available for iOS and Android.

Exchange 2016 Architecture

  • Mailbox and CAS roles are combined
  • Automated repair: Find DB corruption, loose truncation (long term outages won’t dismount a DB), ReFS support
  • Faster Recovery – Faster database failovers (18 seconds), faster site resilience, DAG management service, replay lag manager on by default.
  • simpler deployment – Azure file share witness, DAGs without cluster admin access points, max preferred active
  • Reduced IOPS requirement by 22%

Exchange Hybrid

  • Hybrid configuration wizard now cloud-deployed
  • Works with Exchange 2013 and 2016

Security and Compliance

  • Adding more sensitive information types to Exchange (more than 30)
  • DLP enhancements
  • DLP protection for SharePoint and OneDrive content
  • New auditing architecture and schema
  • Same audit structure as Office 365
  • Redesigned search pipeline and improved speed and reliability

TechEd 2014: What’s new in Exchange

Microsoft TechEd 2014 is in full swing and this is the first general session that I’m attending. It will cover what’s new in Exchange, both in Office 365 and on-prem. As usual during conference this is live blogging, directly from content presented in the session. So editing is minimal, and please excuse any grammar issues.

Email Challenges

  • Too much stuff in my inbox
  • Important emails get buried
  • People keep sending documents as attachments
  • Hard to keep up with legal requirements
  • Need a better way of sharing data

Historically major Exchange releases are every three years. But the cloud is changing that. The same Exchange team handles both Office 365 and on-prem code bases. Microsoft is all about Cloud First delivery, with Office 365. Features continuous innovation and rapid feedback. Eventually everything in Exchange cloud will end up in Exchange on-prem. These come as cumulative updates and service packs, plus major new releases (which will be in 2015). Major new on-prem releases will still be every ~three years.

Future of Exchange

Email will have to be more social, more open, smarter.

Security and Compliance

  • Compliance Center
  • S/MIME in OWA
  • DLP document fingerprinting
  • Office 365 message encryption
  • DLP Policy tips in OWA for devices

Compliance center features across Exchange, SharePoint and Lync from one location. Targeted for end of calendar year 2014. eDiscovery, auditing, data loss prevention, retention policies, retention tags and journal rules. Demo showed document fingerprinting. You upload a sample file, such as a contract, then define rules. For example, set different rules for sending within the organization, or externally (with more restrictions). Demo continued to show a DLP policy tool tip when a contract was attached to an email, and this is now available in OWA.

Two new features: DLP for data at rest, and bring DLP to SharePoint (no dates mentioned).

Work Smarter

  • “Clutter” view
  • People View
  • Outlook web app search enhancements
  • Document collaboration
  • outlook web app rich content
  • App enhancements

Demo shows a ‘clutter’ button that filters in the inbox view to show only emails that need to be filtered. It will learn as you delete or otherwise mark emails. Demo also showed off a People view, where he clicked on a person and the mailbox view was filtered to show only emails from that person. The view learns which people are most important and only shows them. Demo shows easier to use search, where it shows search suggestions when you start typing in the search field. It also lists search refiners in the left pane when results are shown, to further narrow down the results.

Document Collaboration

Making attachments smarter. Deep integration with OneDrive for business. Send an attachment as a OneDrive for business link. Access it anytime, anywhere from any device. Edit attachments and reply in a single process. View the attachment in side-by-side view with the email. Multiple people can edit the same document. When attaching a file it will now allow you to send the whole file, or automatically upload to OneDrive and just send a link. It will then be automatically shared from OneDrive. Demo also shows the ability to drag and drop images into an OWA email (no more manual attaching), plus the ability to create tables and in-line preview of links in emails.

Social Email

  • Groups
  • Group email experience
  • Group calendar experience

One Groups System: One identity system (Azure Active Directory) is the master for group identity and membership across Office 365. Covers Exchange, SharePoint and Yammer (Lync in the future). Demo shows OWA, and a new Groups section on the left. Groups can be public or private. Shows a threaded conversation, with inline previews of web links. Also shows the side-by-side view of previewing docs such as a spreadsheet. The group conversation view looks very much like Yammer, and in fact you can view the conversation in yammer. A very seamless experience. Demo shows a group calendar and side-by-side view with a person’s own calendar. Demo also shows calendar search, which is new. Demo shows the GUI experience to create a new group and adding members. They also demoed the group experience from an Android phone, which looked like the OWA experience.

Additional information aka.ms/mec2014

Summary

This was a good high level session, which showcases the rapid feature development of the Exchange platform. All new features first debut in Office 365, then on a much more measured pace make it into the on-prem version of Exchange. Seeing the rapid feature enhancements and deep integration with Yammer, SharePoint, OneDrive, and Lync really provide a compelling story when compared to other hosted services such as those offered by Google. Gmail innovation and seamless integration with Office products just isn’t in the same ballpark.

 

 

 

VMworld 2013: Exchange on VMware Best Practices

Twitter: #VAPP5613, Alex Fontana (VMware)

This session was skillfully presented and was jam packed with Exchange on VMware best practices for architects and Exchange administrators. Can you use Exchange VMDKs on NFS storage? Can you use vSphere HA and DRS? How can you avoid DAG failover with vMotion? What’s the number one cause of Exchange performance problems? All of these questions and more were answered in this session. If you just think a “click next” install of Exchange is adequate for an enterprise deployment then you need to find a new job. Period.

Agenda

  • Exchange on VMware vSphere overview
  • VMware vSphere Best Practices
  • Availability and Recovery Options
  • Q&A

Continued Trend Towards Virtualization

  • Move to 64-bit architecture
  • 2013 has 50% I/O reduction from 2010
  • Rewritten store process
  • Full virtualization support at RTM for Exchange 2013

Support Considerations

  • You can virtualize all roles
  • You can use DAGs and vSphere HA and vMotion
  • Fibre Channel, FCoE and iSCSI (native and in-guest)
  • What is NOT supported? VMDKs on NFS, thin disks, VM snapshots

Best Practices for vCPUs

  • CPU over-commitment is possible and supported but approach conservatively
  • Enable hyper-threading at the host level and VM (HT sharing: Any)
  • Enable non-uniform memory access. Exchange is not NUMA-aware but ESXi is and will schedule SMP VM vCPUs onto a single NUMA node
  • Size the VM to fit within a NUMA node – E.g. if the NUMA node is 8 cores, keep the VM at or less than 8 vCPUs
  • Use vSockets to assign vCPUs and leave “cores per socket” at 1
  • What about vNUMA in vSphere 5.0? Does not apply to Exchange since it is not NUMA aware

CPU Over-Commitment

  • Allocating 2 vCPUs to every physical core is supported, but don’t do it. Keep 1:1 until a steady workload is achieved
  • 1 physical core = 2400 Megacycles = 375 users at 100% utilization
  • 2 vCPU VM to 1 core = 1200 megacycles per VM = 187 users per VM @ 100% utilization

Best Practices for Virtual Memory

  • No memory over-commitment. None. Zero.
  • Do not disable the balloon driver
  • If you can’t guarantee memory then use reservations

Storage Best Practices

  • Use multiple vSCSI adapters
  • Use Eager thick zeroed virtual disks
  • Use 64KB allocation unit size when formatting NTFS
  • Follow storage vendor recommendations for path policy
  • Set power policy to high performance
  • Don’t confuse DAG and MSCS when it comes to storage requirements
  • Microsoft does NOT support VMDKs on NFS storage for any Exchange data including OS and binaries. See their full virtualization support statement here.

Why multiple vSCSI adapters?

  • Avoid inducing queue depth saturation within the guest OS
  • Queue depth is 32 for LSI, 64 for PVSCSI
  • Add all four SCSI controllers to the VM
  • Spread disks across all four controllers

In the two charts below you can see the result of the testing when using 1 vSCSI adapter vice four. When using just one adapter the performance was unacceptable, and the database was stalling. By just changing the distribution of the VMDKs across multiple vSCSI adapters performance vastly increased and there were no stalls.

20130828_14351020130828_143605

When to use RDMs?

  • Don’t do RDMs – no performance gain
  • Capacity is not a problem with vSphere 5.5 – 62TB VMDKs
  • Backup solution may require RDMs if hardware array snapshots needed for VSS
  • Consider – Large Exchange deployments may use a lot of LUNs and ESXi hosts are limited to 255 LUNs (per cluster effectively)

What about NFS and In-Guest iSCSI?

  • NFS – Explicitly not supported for Exchange data by Microsoft
  • In-guest iSCSI – Supported for DAG storage

Networking Best Practices

  • Use vMotion to use multiple NICs
  • Use VMXNET3 NIC
  • Allocate multiple NICs to participate in the DAG
  • Can use standard or distributed virtual switch

Avoid Database Failover during vSphere Motion

  • Enable jumbo frames on all vmkernel ports to reduce frames generated – helped A LOT
  • Modify cluster heartbeat setting to 2000ms (samesubnetdelay)
  • Always dedicate vSphere vMotion interfaces

High Availability with vSphere HA

  • App HA in vSphere 5.5 can monitor/restart Exchange services
  • vSphere HA allows DAG to maintain protection failure
  • Supports vSphere vMotion and DRS

DAG Recommendations

  • One DAG member per host, If multiple DAGs, those can be co-located on same host
  • Create an anti-affinity rule for each DAG
  • Enable DRS fully automated mode
  • HA will evaluate DRS rules in vSphere 5.5

vCenter Site Recovery Manager + DAG

  • Fully supported
  • Showed a scripted workflow that fails over the DAG

And finally the key take aways from the session..

20130828_145813

San Diego VMUG: Overcome Challenges with Tier-1 Apps

This was the best session of the day at the San Diego VMUG! Dave Elliott and Dave Troutt from Symantec presented the detailed methodology Symantec used to define requirements essential to successfully virtualizing tier-1 apps like SQL Server, Exchange and SharePoint. Bottom line is you can virtualize nearly any app that doesn’t rely on unique hardware, but major tier-1 apps need special consideration. They actually built up a lab (based on HP hardware) and performed extensive testing. The 28-page Whitepaper is here. I also learned Symantec has an EMC PowerPath-like product, called Dynamic Multi-Pathing for VMware.

Virtualization Tailwinds

  • What’s driving the push to virtualize tier-1 applications?
  • Implementing a “virtual first” policy
  • Consolidate IT infrastructure
  • “90% of all enterprise applications will be virtualized within the next two years” – VMware
  • Virtualization Journey: Capex savings, Opex Saving, Self-service (IT as a service)

Virtualization Headwinds

  • Design challenges: High SLAs, security, Governance, Large Data, Performance
  • Five domains within the archtiecture: Data protection, storage management, high availability, security, archiving

Tier-1 App Platform Design Objectives

  • Ensuring SLAs for performance, scalability and availablity can be met. Parity with physical or better.
  • Support large databases
  • Provide non-disruptive, off host backups for all types of storage (VMDK, RDM)
  • Enable fast granular recovery of files
  • Reduce infrastructure and management costs
  • Security and compliance

Required Capabilities

  • Pools of fast, resilient, dynamic storage
  • Thin provisioning, thin reclamation, snapshots
  • SAN or iSCSI connectivity with multi-pathing
  • Support VMDK and RDM devices
  • Provide visibility, monitoring, reporting, management and chargeback
  • Provide visibility, reporting and management of availability across all application tiers
  • Security needs to harden, protect, and monitor the systems against unauthorized access and changes
  • Automatically archive historical data onto less expensive storage

TOGAF – The Open Group Architecture Framework. It is an excellent framework to properly document your IT architecture in a simple but meaningful manner.

Symantec Reference Architectures for SQL 2008, Exchange 2010, SharePoint 2010 is here:

  • Tested and validated by VMware on HP hardware (ProLiant servers and 3PAR storage)
  • Tested HA, disaster recovery, data protection, thin provisioning, security, reporting
  • Key products: NetBackup, VMware HA, Application HA, Veritas Cluster Server

Find out more at: Symantec.com/Virtualization

BCA1902: Virtualizing Exchange 2010

This session focused on virtualizing Exchange 2010 on vSphere 4.x or 5.x. Highlights of this session include:

  • Bottom line there’s no reason why you should be afraid of virtualizing Exchange 2010.
  • Exchange 2010 now uses 32Kb I/O blocks, vs. 8K for previous versions.
  • Exchange 2010 I/O is much more optimized than previous versions
  • VMware fully supports share-nothing clustering with nearly all ESXi features (HA, DRS, etc.). Share-nothing clustering is used by Exchange 2010 and SQL database mirroring.
  • You can virtualize all Exchange 2010 roles
  • You can combine DAGs with HA, vMotion, DRS, Fibre Channel, FCoE and iSCSI
  • VMDKs must be thick provisioned, not thin. Should use EZT VMDKs.
  • Not supported is NFS for Exchange data or VM snapshots (for roll-back purposes, backup is fine).
  • VMware internally uses standard load performance tools like jetstress and loadgen (more so loadgen)
  • On vSphere 5.0 you can average 1000 users per vCPU/pCore, and linearly increases to 12K users
  • Fibre Channel has the best performance, but iSCSI is fine too
  • 2-7% CPU overhead vice physical hardware
  • No I/O latency impact on virutalization
  • Best practices include
    • vCPUs <= pCores
    • Exchange is not NUMA aware so keep VM size less than NUMA node size
    • Use the Exchange processor query tool to determine users per core estimates
    • Use the Exchange mailbox role calculator for storage/network calculations
    • DO NOT over commit resources such as memory or vCPUs
    • Use LSI logic SCSI adaptor unless you’ve already standardized on the pvscsi driver
    • Use multiple vSCSI adaptors and distribute the mailbox/log load across them
    • Only use RDMs if your hardware storage array requires them to do VSS snapshots, otherwise VMDKs are perfectly fine.
    • For DRS keep the VMs smaller and ensure EVC mode is enabled
    • Enable HA for all VMs, use host admission control, and enable VM monitoring
    • Utilize host DRS groups and VM DRS groups
      • DAGs must be on separate nodes
      • “should run on” for all other roles
    • For vMotion set the clusterheartbeat setting to 2000ms, up from 1000ms default if you aren’t using jumbo frames
    • Use the Exchange profile analyzer tool
    • Design Questions: Dedicated or multi-role VMs? How much HA? DB size? Backups?
    • Deploy dedicated mailbox VMs, but can easily use other combos like HUB/CAS.
    • Processor selection has a major impact on users per core. (.e.g. Intel x5470 vs. x5660 shows a dramatic reduction in CPU utilization).
    • How big should your page file be? Check KB 889654 to reduce page size
    • Monitor % CPU RDY, KAVG, DAVG and GAVG ESXi counters

Whew…the speaker covered a lot of ground. In a nutshell Exchange 2010 runs extremely well on ESXi, but you do need to be aware of the tweaks/best practices when deploying it on vSphere. Professional services organizations that specialize in Exchange engagements really need to understand the various hypervisors and best practices, or you could run into some issues or cause customers problems.

Exchange 2010 and vSphere 4.x Best Practices

Virtualization has taken off like wild fire, and now organizations are in the process of virtualizing tier-1 applications like Exchange 2010. However, sizing and designing Exchange 2010 for a virtualized environment requires some additional care and thought versus a traditional physical server deployment. Critical sizing requirements like memory, vCPUs, and storage performance/type have unique guidelines when deployed on vSphere 4.x.

VMware has published a VERY lengthy guide for Exchange architects that covers all of the unique aspects for sizing and designing your Exchange 2010 environment for vSphere 4.x.  I highly encourage anyone doing such a deployment to thoroughly read the guide, found here. The whitepaper includes complex enterprise configurations supporting 16,000 users with 4-node DAG clustering.

Some example key recommendations include:

  • Only allocate multiple vCPUs to a virtual machine if the anticipated Exchange workload can truly take advantage of all the vCPUs.
  • If the exact workload is not known, size the virtual machine with a smaller number of vCPUs initially and increase the number later if necessary.
  • For performance-critical Exchange virtual machines (i.e., production systems), try to ensure the total number of vCPUs assigned to all the virtual machines is equal to or less than the total number of cores on the ESX host machine.
  • Don’t over commit memory
  • Spread the heavy I/O systems across several LUNs
  • Use eagerthickzero (EZT) VMDK files
  • Use VMXnet3 driver
  • Use PVSCSI adapter

Additional Exchange 2010 and vSphere resources:

Scale-Out Performance of Exchange 2010 Mailbox Servers
Scale-Up Performance of Exchange 2010
Exchange 2010 Disk I/O on vSphere
Dell Exchange 2010 on vSphere 4
Exchange 2010 on vSphere
DAG performance on vSphere 4.1
Mailbox VM I/O Sizes

Two-Factor Authentication for Exchange 2010 is now possible

Back in 2009 I wrote a blog about the possibility of Microsoft supporting two-factor or multi-factor authentication for some Exchange services. For organizations which require high security, such as the DoD, allowing external access to email requires additional protection. With Exchange 2007 and prior versions there was no easy way (or any way!) to natively support certificate based two-factor authentication for services like Exchange ActiveSync. 

To my surprise and great delight, Microsoft just released a lengthy whitepaper on how to enable certificate based two-factor authentication with Exchange 2010 and Microsoft ForeFront TMG or Microsoft Forefront UAG. The table below is directly from their whitepaper and shows you the different authentication scenarios and which product(s) support that scenario.

You will notice though that Outlook Anywhere is missing from this list. So that’s a major bummer! But all is not lost. Microsoft released another whitepaper, Using IPsec to Secure Access to Exchange. By using IPsec you can enforce that only trusted computers can establish a secure connection to your Exchange servers. The whitepaper further states you could consider this a two-factor authentication solution since the certificate is something you have, and you need your password (something you know) to logon to the computer. This also has the added benefit that it works with AutoDiscover, Exchange Web Services, Outlook Anywhere and Outlook Web App.

UNC302: Exchange 2010 RBAC

This session focused on the all-new permissions model of Exchange 2010/SP1. Back in the days of Exchange 2003/2007, Microsoft had a very, very limited permission model that just consisted of a handful of rights. This caused problems in organizations where you want to granularly delegate permissions to specific groups such as helpdesk, server admins, or various Exchange admins. To address these concerns, Microsoft has introduced a full RBAC (role based access control) model to Exchange 2010.

Features of this model include:

– Align organizational structure with their Exchange role and responsibilities.

– Replaces the AD-centric model of previous Exchange versions.

– Provides a consistent authorization model whether you are using the EMC, ECP, or EMS.

– SP1 provides over 65 roles to chose from

– The model consists of the three following components:

1. Role – What you can do, such as change attributes on a DL or manage a server.
2. Scope – Where and on what type of objects you can act (users, groups, OU, database, etc.)
3. User – The group or users which are added to the various roles

– The “Exchange Trusted Subsystems” performs all actions be it in AD or on servers. Exchange 2010 acts a a proxy and only allows authorized users to perform authorized tasks on objects within their scope. No more futzing around with individual ACLs on objects in AD or servers.

– SP1 will enhance RBAC by providing a best practices analyzer to find gaps in your RBAC permissions (such as only allowing administration of a specific object by a group, but that group is empty).

– SP1 will also add enhancements to the Exchange Control Panel to more fully manage RBAC roles, members, and permissions.

– SP1 will facilitate the split Exchange/AD-Windows model so that you can strictly limit what administrators can do (such as having AD only admins and Exchange only admins).

All in all, the new RBAC model is a major change from previous Exchange versions. This aligns with the all-new RBAC model in OCS “14” as well. Organizations can now more granularly assign permissions, not over-delegate rights, and better audit access into these critical services.

UNC04-INT: RMS with Exchange 2010 SP1

This session was an interactive session, meaning it was in a small room, and most of the discussion was directed by questions. I thought it was very enlightening, and I learned a lot of good information about the integration between RMS and Exchange 2010/SP1. Integration is very easy and seamless. Once you configure your RMS server, all of the Exchange integration is pretty much automatic and merely consists of selecting what template to use for a given situation. I don’t think it could get much easier.

– Exchange 2010 enables automatic protection of email messages and consumption of RMS protected messages in a variety of ways:

1. Transport rules – Configure granular rules to automatically apply RMS templates to messages that meet prescribed conditions. Conditions can include DLs, subject/body text, regular expressions, and dozens of other options. Extremely customizable. For example, you could setup a regular expression to search the body of a message for a string like “Company confidential” and not allow the message to be sent to external recipients. Or you could configure rules such that messages between two groups in your organization are always encrypted and you can’t forward them. The sky is the limit on how creative you can be with the conditions, actions, and templates.

2. E-Discovery – Journaled messages have the original RMS protected message and a decrypted version attached to the message. All RMS protected messages are indexed. This preserves the original message for compliance purposes, but also allows authorized e-discovery users to read the contents.

3. Extended to OWA and mobile devices – Seamless integration with OWA to set RMS policies and access protected messages. Mobile device support is up to the phone provider, but is enabled via Exchange Active Sync. Within OWA you can search RMS protected messages. iPhone support for RMS messages is TBD. Windows mobile 6.0 and 6.5 will support this feature.

4. Transport Decryption – Early in the transport pipeline messages are decrypted, transport rules applied, third party products can scan messages (such as anti-virus), then the message is re-encrypted before it leaves the transport server. This allows any transport functionality such as adding disclaimers, anti-virus scanning, or other products to access the contents of the message. RMS protected messages are now first class citizens in Exchange.

Outlook 2010 supports automatic protection rules. Unlike transport rules, Outlook protection rules apply content restrictions/encryption at the Outlook client before the message goes over the wire. The message is then protected in the user’s sent items folder as well. Transport decryption applies to these messages, so they are still scanned by AV and subject to content inspection rules. But the RMS template applied at the client is honored through the entire message delivery path and is not removed.

To get the full functionality of this ecosystem, you need Exchange 2010, Outlook 2010, and RMS running on Windows Server 2008 SP2 or Server 2008 R2. Most of the functionality is supported on down-level Outlook clients like 2003 and 2007, except for the Outlook automatic protection feature.

As a side note, advanced transport features such as message moderation are honored. Message moderation is where a transport rule invokes a work flow that requires a user or group of users to approve the sending of a message before the recipient(s) can read it. For example, if you are in a financial institution you could require message moderation for any messages between your stock traders and your investment brokers. Sometimes you hear these restrictions described as an ethical firewall. Transport rules could also completely block such communications, as well.

One caveat is that when using Outlook in cached mode you cannot search RMS protected messages. If Outlook is operating in online mode, or using OWA, you can search protected messages. This may change in future versions or service packs of Office.

UNC201: Exchange 2010 SP1 Overview

I must say, the content of this presentation did not match the title. The session was more about Exchange 2010 features, not SP1. While the feature the presenter covered were fine and dandy and some were new to me, what I really wanted was the low-down on SP1. Here are some of Exchange 2010 features that were covered:

– Mailbox moves can now be done online without user disruption. Unlike previous versions of Exchange, a user can access their mailbox (even with OWA) during a mailbox move. This means you can now do mailbox moves during business hours.

– Exchange 2010 has full role-based administration. Through OWA you can configure granular delegation to various Exchange rights. For example, if you have a compliance officer in your organization you can delegate to them e-discovery rights for mailboxes but they won’t have any additional rights in Exchange. Out of the box Exchange comes with over a dozen built-in rights/roles.

– OWA is now integrated with OCS can you can IM directly within OWA. Now you don’t have to juggle OWA and your OCS client or OCS web access. One stop shopping for email and IM.

– In SP1 a user’s archive mailbox can now be separated from their primary mailbox. Their archive mailbox can be in the same database as their primary mailbox, a different database, or hosted in the cloud with Exchange online services. Regardless of where their archive mailbox is hosted, it’s transparent to the user and they can access it via Outlook or OWA.

– You can configure hub transport rules to set retention policies on email, automatically. This is in addition to the automatic digital rights management policies you can configure for encryption, and other restrictions on email.

– In SP1 e-discovery searches now estimate the number of objects that the query will return. This can help you determine up front if the query you are doing is targeted enough or will return a huge amount of data you don’t want. In addition results are de-duplicated, and you can also annotate the results.


Unfortunately the speaker really missed the boat on covering SP1 changes. I’m sure this session will get very low ratings. But on the positive side I did learn about a few new features in Exchange 2010.