Exchange 2007 the latest version of Microsoft Exchange includes some new major capabilities that offer low cost availability for your massaging infrastructure. Until now Exchange didn’t offer any capability that will assist in a data corruption scenario, In case of database corruption the Exchange administrator had to restore the entire database from backup, which could lead for long frustrating downtime.
Even if you have installed Exchange 2003 cluster services it will not do in case of data corruption since the Exchange database has a single copy on the cluster disks.
What’s new with Exchange 2007?
Exchange 2007 includes a capability that allows database replication based on log shipping.
You can replicate the Exchange 2007 database with all its data to another location and keep this data currant with log shipping. The name of the database replication technology called continues replication.
Exchange 2007 supports three types of continues replication:
Local continuous replication (LCR)
LCR – Local Continues Replication enable the administrator to replicate the Exchange database to another location on the same server, LCR lowers the total cost of ownership for Exchange 2007 by reducing the number of regular backups that are required for data protection. Although LCR does not eliminate the need to take backups (data backup are important to have if a disaster strikes), it does significantly reduce the need to take regular, daily full backups. LCR provides fast recovery with current data, as well as a single-server solution for transaction log copying and replaying. The recovery from database corruption is done in seconds.
Cluster continuous replication (CCR)
CCR is based on windows clustering and allow a replication of Exchange cluster data between cluster nodes. CCR enable you to achive the maximum 24/7 uptime with Microsoft cluster and two instances of the same database. CCR combines automatic management of redundancy and application-level data replication. CCR is a solution that can be deployed without a single point of failure in a single data center or between two data centers. Transaction log replication is used to copy the databases and maintain the concurrency of the data among cluster nodes. The scheduled outage functionality in CCR is designed to make sure that all log data on the active node is successfully copied to the passive node. Therefore, scheduled outages do not result in loss of data, even though replication occurs asynchronously.
Standby continuous replication (SCR)
With SCR, data can be replicated on a per-storage group basis to standby servers or clusters. The SCR target, whether a single mailbox server or a cluster, can be placed inside the primary datacenter or in a remote location, ready to be manually activated if the primary server or datacenter fails. This feature is available on Exchange 2007 Service Pack 1.
SCR offer low cost replication to an offsite environment for DRP or recovery scenarios.
Ronen Gabbay.
The new Exchange 2007 managmet
Recipient management in Exchange 2007 can be quite challenging. In Exchange 2003 recipients were managed using the Active Directory Users and Computers (ADUC) MMC snap-ins. However with Exchange 2007, Exchange management tasks have been removed from ADUC and integrated into the Exchange Management Console (It remind me of Exchange 5.5).
So now recipient and user management is separated into two different management tools.
Furthermore in order to perform bulk operations we should drill into the wonderful world of Windows power shell.
The Exchange Management Shell is solution for performing bulk user changes usually using a simple short command line cmdlets.
Many of my costumers are complaining on the way they need to administer users using two different consoles, the ADUC snap-in and the EMC and most of them are too lazy to turn into power shell.
In this article I will explain how to manage Exchange 2007 recipients using the Active Directory MMC console (ADUC) with a little 3rd party called the Exchange 2007 Task Wizard by U-Bsmart
The U-Bsmart Exchange Tasks 2007
This tool extends the Microsoft AD to include bulk recipient management and adds the Exchange Tabs to the user object in the ADUC.
This tool uses Exchange shell command and can be installed on any computer that has the Exchange tools installed on. This behavior makes this tool very extensible and safe.
Some of the actions that can be done on a single user, an OU or a set of users using the U-Bsmart Exchange Tasks 2007 are:
· Create Mailbox
· Delete Mailbox
· Export Mailbox into PST
· Gathering Mailbox Statistics
· Set Message Quota
· And much more…
Download the U-Bsmat Exchange 2007 Task Wizard from
www.u-bsmart.com
Enjoy !!!
Introduction:
As you all already know messaging is not a secure platform, evermore anyone who has an administrative access to your mail server can gain unlimited access to your personal data. Email messages are sent as clear text are can be easily intercepted by untrusted entities that want to lay a hand on any valuable data.
It is common for people to wonder is it safer to put all of your email data in a hosted environment e.g. your ISP or even to use hosted services like Microsoft, Yahoo or Gmail or to install a local mail server inside your company ,the best example is those who use Microsoft Exchange or Lotus Notes.
There is no simple answer for this question since in both cases those who manage the mail infrastructure has unlimited access to your data.
So what is the answer for sensitive data stored on the mail server and that is sent as clear text to mail recipients – The only solution is to use message level encryption.
What is message level encryption and how to use it?
There are many ways to use message level encryption or MLS such as S/MIME standards or PGP. Since S/MIME is a free standard that is supported on all messaging platforms and clients we will focus on that.
S/MIME is a way to encrypt your messages and to sign your messages to prove your identity, S/MIME also provides a way to prove data integrity, which is that the data was not changed since it left the sender mailbox.
Since S/MIME uses Public Key Infrastructure or PKI we need a PKI encryption keys that are based on RSA algorithms and to embed those in a S/MIME PKI X-509 certificate. This certificate can be enrolled from most of the Certificate Authorities in the web after providing your identity with no charge.
After enrolling the S/MIME certificates you will be able to sign your emails, in order to encrypt email to another recipient you will need to send this remote recipient your Public Key – that is embedded on your certificate and to receive from that recipient his own certificate. After that certificate exchange you will need to install the remote recipient certificate on the remote contact object in your email clients.
This could look like a competed process to an inexperienced user.
Is there any simple free solution
Yes there is, a company called U-Btech is a leading provider of a PKI solutions, The Company provides a simple client called ESIEmail that provide the user with the entire S/MIME infrastructure solution.
The ESIEmail client has a very simple installation; it extends Outlook 2003 or 2007 capabilities by automatically enrolling PKI S/MIME certificates installing those and by adding menus for signing, encryption and for managing email permissions.
The ESIEmail infrastructure also provides the mail user with a way to publish his Public certificate to other users and by providing him Public Certificates for his recipients.
The ESIEmail slogan is “Singe Click Encryption”.
How to start working with ESIEMail Protector in 3 easy steps:
1) Download the product from the following location: http://www.u-btech.com/mailprotector/downloads/download.htm
2) Extract the files and double-click the Setup.exe file.
3) Follow the on screen instructions and close Microsoft Outlook if required.
4) Start Outlook, the “Activate my ESIEMail Account” should appear.
5) Type in your information including your desired password for your “ESIEMail Protector” account and click on “Activate”.
6) You should be getting an email address from the following address: Registration@U-BTech.com (Make sure you check you Junk-Email folder for the email).
7) Click on the activation link in the email to verify you are the rightful owner of the registered email address.
8) Your default web browser should open and you should see a message saying your activation was successful.
9) Close your web browser and close Microsoft Outlook.
10) When starting Microsoft Outlook again you should see U-BTech’s ESIEMail Protector Toolbar on the main Outlook window and in each new email message you create.
After installing ESIEmail the outlook 2007 will be extended with those following buttons on the new message menu:
Now you can start sending encrypted email and keep your sensitive data secured.
Enjoy!
Ronen Gabbay – Microsoft Regional Director and Senior Security & Messaging CTO Hi-Tech College Israel
roneng@hi-tech.co.il