In-Depth

Exchange 2007: So Far, So Good

The new Exchange offers welcome changes on the admin side, but not as many on the client side.

• By Joanne Cummings
• 04/01/2007

Besides the fact that Exchange 2007 is a native 64-bit application that often requires new hardware, it also demands a complete overhaul of any current Exchange 2003 infrastructure. Plus, the true benefits of Exchange become clear only when using it with Microsoft's other new 2007 releases like Office 2007 and SharePoint 2007.

Brandon Haag, executive director of IT at Gainesville State College in Gainesville, Ga., says he plans to move the school over to Exchange 2007 sometime this summer as he moves to Microsoft's other new suites. "The main incentive for moving to Exchange 2007 is the additional capabilities we'll get from integrating with SharePoint Server and the Office 2007 suite," he says. "Obviously, when you get everything updated and at the same level, they all play a very sweet tune." Getting to that point will take time, though, as moving to Exchange 2007 is a major upgrade.

Role With the Punches
Exchange Server 2007 introduces an expanded concept of server roles. In Exchange 2003 server roles existed, but they were fairly primitive, allowing only for front-end and back-end roles.

In Exchange 2007, server roles are far more robust, which gives admins unprecedented flexibility and deployment options. For example, server roles can split the functions of an Exchange server and place each role, or a combination of roles, on different servers. This eases management and performance constraints.

Exchange 2007 introduces five new server roles: Edge Transport, Hub Transport, Client Access, Mailbox and Unified Messaging. This breakdown lets smaller organizations deploy several roles on one hardware server, while larger organizations can divvy up the roles among several servers, clustering and load balancing the application to ensure optimal performance.

For the most part, early users are intrigued with the new server roles. In fact, many are already using one or two Exchange 2007 server roles in tandem with their current Exchange 2003 infrastructure. This lets them take advantage of some new features while putting off the pain of a wholesale upgrade.

For example, Haag is using the Exchange 2007 Edge Transport server in front of his Exchange 2003 infrastructure to take advantage of 2007's more robust anti-spam capabilities. According to Microsoft, the Edge Transport uses connection filtering, content filtering, recipient filtering, SenderID and sender and IP reputation to reduce the amount of spam delivered to the end users' inboxes.

"All of my incoming e-mail is going through the Edge server and being filtered before it reaches my Exchange 2003 servers," Haag says. So far, it seems to be working.

The downside of server roles is that they can make it more costly to implement Exchange 2007. "It's great that they split it up like that, but now it increases the cost to run it," says Thommi Montoya, an independent consultant based in Tempe, Ariz. "You're buying another four Windows licenses and another four Windows servers, all of which are 64-bit servers. It's definitely more robust, but also a little more costly." That cost may be offset by savings in ROI, he says, but that won't become apparent until Exchange 2007 is deployed more widely.

OWA: The Good and the Bad
Early users are also excited about the revamped Outlook Web Access (OWA) within Exchange 2007. OWA has been overhauled and is now far more feature-rich and robust. The only major complaint users have is that the new features are available only on Microsoft's own Internet Explorer (IE) browser, and not competitive offerings like Firefox.

"That was pretty disappointing," says Scott Nixon, network manager at Windsor School, a private secondary school in Boston. Nixon says the school's Exchange 2003 system currently supports 600 mailboxes, 500 of which are OWA-only. "If you're using Firefox and you go to create a new message, it's just going to be plain text only. And there's no spell check, which is a big deal to our users."

Although Firefox has added a spell check feature to the browser itself, Nixon would've liked to see more capabilities from Microsoft.

Others are more than pleased with 2007's OWA. "I've had nary a complaint," Haag says, noting that his school's 16,000 student accounts all access Exchange via OWA, mostly with IE. "OWA 2007 has a long list of configurable options for the Web interface. It must be three or four times longer."

Aaron Foint, Windows systems administrator at Worcester Polytechnic Institute (WPI) in Worcester, Mass., offers a similar assessment. "If you use Firefox with Exchange, you have to use the Lite version," he says. "You can do your basics: read e-mail, process messages [and] view calendar items, but you don't get any of the advanced features." Foint says he just makes sure his OWA users know they need IE to access advanced features.

Power to the PowerShell
The revamped Exchange Management Console and the new Exchange Management Shell are probably the most noticeable changes for messaging admins. Based on Microsoft Windows PowerShell technology, the new management shell lets users do most administrative and management tasks from a command-line interface, rather than forcing everything through the GUI-based console.

Users love the idea of adding the shell, but question some of its capabilities. "It seems like in certain aspects, they went backwards," says WPI's Foint. "The Exchange Management Shell is great, and there's definitely a lot of stuff you couldn't do before in bulk mode very easily without some type of scripting or a command shell. At the same time, now there are certain things you can only do from the command shell, like configure POP or IMAP, and that's weird."

Montoya agrees: "I like that you can do most commands from either the command-line shell or the console," he says. "What I don't like is that they took a bunch of stuff you used to be able to do in the console and moved it to the shell."

Still, most like the new management console, noting that it's easier and more intuitive to find things now. Additionally, console operations are mirrored in the shell, making it obvious what commands are being used to do what. The GUI no longer keeps everything under the covers. "I thought it was easy to set up and I liked that as you created accounts and so on, you were actually seeing the PowerShell script that was doing the action," Windsor's Nixon says.

One major shortcoming is that users can no longer manage Active Directory accounts and Exchange accounts from the same management interface. Foint says that's a major problem for him, and attributes it to the fact that the Exchange Management Console is a level above the current Microsoft Management Console (MMC).

"Microsoft will probably come out with a new version of the MMC with Longhorn, so at that point, there will probably be one integrated console where you can manage both," Foint says.

Another complaint Foint has is that there's no longer an easy way to export mailboxes to a .PST file. "We used to be able to dump mailboxes to a .PST file using Xmerge in 2003," he says. Foint says he expects the support in Service Pack 1.

Safe and Secure
Exchange 2007 has much tighter security than 2003. "If you do the recommended deployment in Exchange 2007 -- with your perimeter servers -- it's a more secure and robust model than they've ever had," Montoya says. "They put a lot more thought into the deployment model." Still, he's reserving judgment until more organizations roll out 2007.

A downside to the increased security is that it's more complex and difficult to do certificate management for enabling SSL in Exchange 2007. "In Exchange 2003, whatever common name you wanted to use for people to access OWA or ActiveSync, you had to create a certificate for that name," explains WPI's Foint. "For Exchange 2007, you need to create a certificate with multiple common names -- it has to be for the common name you're going to use publicly, it has to be for the actual server and then also for every possible combination."

All of which makes it harder and more costly to manage. "It's doable but it's more involved, and if you're getting a certificate from an external certificate authority, it needs to be registered for all the names, which is more expensive," Foint says.

Client Constraints?
Beyond the changes to OWA, the new features aren't as compelling on the client side. Foint says his users are looking forward to the new scheduling capabilities and out-of-office message flexibility, but both features are available only to users running Outlook 2007, part of the new Office 2007 suite.

"The advanced meeting and scheduling assistant is good," Foint says. "If you pick a couple of users and a room you want to have a meeting in, it will auto-suggest times when everyone's available, but you have to be on Exchange 2007 and Outlook 2007. Not many people are in that situation yet."

The new out-of-office message feature is another plus, but it also requires Outlook 2007. "You can choose not only if you're in or out of the office, but during what timeframe, [which] message you want to go out for people inside your organization and [which] message you want to go out for people who are outside your organization," he says.

According to Foint, even with the less-than-stellar client-side features, Exchange 2007 is a great tool and worth the upgrade. "There's no must-have feature," he says. "It's a lot of little things and I definitely think it's an improvement. It's easier to manage, and it gives us new options."

Others say they're waiting to see what happens once a majority of organizations make the move to Exchange 2007. "I really want to see it in a big environment to see how it goes," Montoya says, noting that he's deployed it only in a test environment at home. "Right now, so far, so good."