The Shard Under Construction

The Shard is something I see almost every working day, as it's being built right next to a station on my commute.

The Shard Under Construction

This photo is atypical of most photos I've taken of it, or seen - it shows a cloud eclipsing the top of the building on an otherwise fine day.

I did consider making The Shard a longer term photo project, but in the end I realised I had too many other projects on the go. A pity, as it's been interesting to see this appear over time.

When lit up on a dark winter's evening, the final building will probably look very nice. Expect photos of that sometime next year!

Exchange 2010 from a Domino Administrator's viewpoint

A braindump of each day of the course is nice, but I'd like to tie it all up with a nice summary, so that I can move on and use this website for something more interesting than work...

From a Domino Administrator's point of view, Exchange 2010 is the best version of Exchange yet.

It has to be looked at from a viewpoint of "just mail", of course.

But from that viewpoint, it has solved many problems. Its high availability features are excellent. It takes great pains to make it very difficult to lose data. Its general architecture, whilst heavy on Windows licenses, is sound.

Nothing is perfect. But Exchange is, at its core, at least as good for email as Domino is - maybe better. It depends on your exact needs.

Some parts are bad. I was also distressed to see that features had been dropped from previous versions of Exchange, or were being changed within service packs - so I still have a bit of that "not a consistent platform in the long term" feeling I've always had about Exchange. But those were minor features at the edges, not core ones.

I could waste time saying what Domino would need to improve to compete against Exchange, but I doubt IBM will be listening and I want to keep this short.

I've been avoiding Exchange for years, for a variety of reasons. I've even been known to change jobs because Exchange was on the cards. But Exchange 2010 is the first version that I feel happy to work with.

It took fifteen years for Microsoft to deliver something that I could say that about. But I'm picky. So if it's good enough for me, I'd say that makes it pretty good.

Exchange 2010 Course Reactions - Day 5 of 5

A smorgasbord of topics on the final day...

(Apologies for the delayed write-up - I had a busy social weekend.)

We need an Enterprise CAL to journal individuals? Really?
Otherwise, it seems OK if basic - you simply get a copy sent to another mailbox as well. No hassle for the user at all...

Multi-mailbox Search
Easy to enable, easy to do searches - although dependent on the web-based Exchange Control Panel, so via the web only.
Remind me to hide this from the Compliance/Security/HR, as they'll no doubt bring servers to their knees with this feature!

Retention Tags and Policies
A rather nice way of tagging content to say both how long and why you're keeping something, as well as what should happen once the retention period is reached.
Tags are managed by the administrators, and you can set up a "managed folder" which you assign users to - the user then gets the folder automatically, and anything in that folder gets the retention policy applied.
The system can also autotag new mails - it looks at your old tags and figures out which ones to apply. We didn't see this in action, as you need 500 tagged messages for it to work!
That high threshold for enabling it and the fact that you can't assign tags via Hub Transport rules means that this feature will probably be doomed to obscurity.

Personal Archives
Requires an Entreprise CAL!
As shipped, archiving is to the same mailbox anyway - post SP1, it can be to another mailbox or to the cloud.

I knew that already - every upgrade path presented seems to require building a new shadow infrastructure and migrating. This still astonishes me.

RBAC (Role Based Access Control)
Exchange now has a comprehensive list of things that can be delegated to local or helpdesk staff, and allows reasonably granular control over this.
Some groups are provided by default, but not all the roles you may want are assigned to them - probably a good thing, as permissions should not be granted by default! Worth remembering if you're going to use it though...

A performance analyser, but not much else. Apparently we should all use SCOM - can you guess who sells that product?


I've had some time to think about what I've seen, and will probably be putting up a "first impressions" style entry shortly.

Exchange 2010 Course Reactions - Day 4 of 5

A good day, in which we covered high availability, backup/restore and security.

Topics which have been a major part of my career, so I have more to say today. (Sorry!)

High Availability - Databases
It isn't using Windows Clustering.
Do you have any idea how good that is? Windows Clustering is awful. I've lost count of the number of times I've seen it fail to work properly. Why anyone uses it is beyond me.
Instead, Exchange 2010 uses multiple Client Access Servers at the front end to keep things highly available to clients, and multiple database locations to keep the data available to those clients. It's pretty slick. In the lab, failover was instant and seamless.

You don't have to install with this high availability - it's there by default for the Client Access Server role, and when you make a Database Availability Group the relevant components are installed and activated seamlessly. So you can move up to it very easily.

Only one of the databases is active at any time - the others update via log shipping. But they ship parts of logs incrementally rather than waiting for a log to fill up, and the logs are just 1Mb large anyway - so the log shipping is very quick.

You can have up to 16 instances of a database on different servers, which is a lot of redundancy. (And will probably make your network card glow white hot with all the log shipping.) Specific instances of the database can also be told not to import logs immediately, but to wait for a (configurable) amount of time - which may help prevent shipping of corruptions or data loss. However, only one of the instances is active at any one time, and there is no automatic failback. I sense a manual morning check in my future...

Creating new instances is very easy, and you can set an order for failover on each database to prevent going across network links you want to be a last resort - so some thought has gone into all of this.

It's not Notes replication. But it's just about as close as you can get, and that's a good thing.

High Availability - Mail Routing
Shadow Redundancy during transport is a superb idea. Basically, an email is always in two places during transport - it won't be removed from the previous hop until it has been confirmed as passed on to the next one. This means if your server dies before it can be delivered, the system can just deliver to the next database instance.

This also means that mails which were just being delivered to databases that fail aren't lost or delayed. Which is why it's worth a heading all of its own!

Backup and Restore
The usual database/transaction logs kind of thing, at its core, using VSS to back up the files.

But what is a nice touch is that you can then restore as an offline "Recovery" database which will never be mounted, and merge mailboxes back into live ones on the fly. You can even, from those databases, search the recovery copy for mails with specific strings in the subject/body/sender/recipients and restore only those. Or just the contents of one folder.

The feedback is quite low - it dumps a text log and an XML log out to a folder - but otherwise it works nicely.

Also, one neat trick is that you can run the Exchange Server setup and rebuild a server from the AD information. So if you have a calamity, there's no reconfiguring clients to account for a new machine name etc., you can just easily and quickly get the server back up with the same name and then migrate the data back in from backups.

Transport Rules
They threw these in alongside security, and I can see why. Lots of selection criteria for mails, a reasonable selection of actions, and they seem to work quickly enough.
You can enforce moderation for some recipients, for example, or modify headers, reject email, send copies to their manager (assuming AD Is filled out correctly) and plenty more.
I did try to recreate a low-priority delay sort of rule with them, and it seems that can't be done. In fact, there's no low-priority delay as Domino has at all, which is a bit of a shame.

Email classification
You can create custom classifications ("Do not forward", "Confidential", "Customer Information Within" etc.) and then apply transport rules on them to prevent mail going where it shouldn't.
Combined with checking mails for text to see if they have certain keywords and then applying the correct classification, this is a very powerful way to erect chinese walls etc.

Rights Management Server
Exchange can integrate with Rights Management Server, which is basically DRM and ACLs for all your company's documents.
It's also cripplingly expensive. I saw a quote for a multi-national organisation, and frankly at that kind of price you could afford to just hire all the lawyers and pre-emptively sue everyone on the planet for Intellectual Property crimes. It would be cheaper, easier, and - given that "everyone on the planet" includes your own employees - a lot more popular with your staff than a steady stream of beeping noises telling them they can't do whatever it is they just tried to do.


Well, that's day four. Overall, I'm still fairly impressed.

Exchange 2010 Course Reactions - Day 3 of 5

Day three of learning about Exchange 2010, from a Notes & older Exchange viewpoint.

The mail routing is fairly simple, which is good. An improvement over some (very old) previous versions...

Message tracking logs
Wait... Useful logs from Microsoft?
I was stunned.
Useful logs that are in a usable text format, rather than some odd binary format?

(Seriously, this was a very welcome surprise. My town is going to be suspiciously empty of chickens as an act of thanks.)

Relay controls
Clear and simple. With simple being the operative word, unfortunately. You can't restrict by sender unless the sender authenticates - great for controlling users, not so good for controlling applications.

Message delivery tracking
Is on by default, and users can track their own status.
That'll save us some time - just write up some instructions, and tell the helpdesk to send them to anyone whose "important email hasn't arrived".

Edge Servers
Antivirus and antispam. A mixed bag, as it's both extremely capable and a little rough around the edges. (No pun intended.)
I'm still uncertain about Edge servers. I suppose I'm just not the target market - they're probably superb in SMEs, but seem a bit useless to me.

Mutual TLS is nice.
But overall, let's be honest - Notes has better security options here. S/MIME certificates aren't stored in the directory, but as files. Technically, Notes is the same - except you have no access if you don't have that file. Which focuses minds and ensures they don't get lost.
By comparison, I can't see how the Exchange/Outlook implementation of S/MIME can actually be a workable solution.

A general observation
The interface is slick. As well as always showing you the Powershell commands it used to accomplish something, it's just nicely laid out.
Well, maybe not nicely laid out - but it's pretty flat. I remember trying to amend the DNS settings on Exchange Server 2000. Properties of something, third tab out of nine, click on a button, go to the second tab out of seven, click on a button, go to the other tab of the two, click another button... It was an awful Byzantine nest of properties boxes and buttons, and I hated it.
With 2010, there's none of that. Everything is usually in one properties dialogue, with buttons being a rare exception in there.
This is a good thing.

Syndicate content Syndicate content