In: Categories » Computers and technology » Servers » Securing and Maintaining an Exchange Server 2007 Implementation
|
One of the greatest advantages of Exchange Server 2007 is its emphasis on security. Along with Windows Server 2003, Exchange Server 2007 was developed during and after the Microsoft Trustworthy Computing initiative, which effectively put a greater emphasis on security over new features in the products. In Exchange Server 2007, this means that the OS and the application were designed with services “Secure by Default.” With Secure by Default, all nonessential functionality in Exchange must be turned on if needed. This is a complete change from the previous Microsoft model, which had all services, add-ons, and options turned on and running at all times, presenting much larger security vulnerabilities than was necessary. Designing security effectively becomes much easier in Exchange Server 2007 because it now becomes necessary only to identify components to turn on, as opposed to identifying everything that needs to be turned off. In addition to being secure by default, Exchange Server 2007 server roles are built in to templates used by the Security Configuration Wizard (SCW), which was introduced in Service Pack 1 for Windows Server 2003. Using the SCW against Exchange Server helps to reduce the surface attack area of a server. Patching the Operating System Using Windows Software Update Services Although Windows Server 2003 presents a much smaller target for hackers, viruses, and exploits by virtue of the Secure by Default concept, it is still important to keep the OS up to date against critical security patches and updates. Currently, two approaches can be used to automate the installation of server patches. The first method involves configuring the Windows Server 2003 Automatic Updates client to download patches from Microsoft and install them on a schedule. The second option is to set up an internal server to coordinate patch distribution and management. The solution that Microsoft supplies for this functionality is known as Windows Software Update Services (WSUS). WSUS enables a centralized server to hold copies of OS patches for distribution to clients on a preset schedule. WSUS can be used to automate the distribution of patches to Exchange Server 2007 servers, so that the OS components will remain secure between service packs. WSUS might not be necessary in smaller environments, but can be considered in medium-sized to large organizations that want greater control over their patch management strategy. Implementing Maintenance Schedules Exchange still uses the Microsoft JET Database structure, which is effectively the same database engine that has been used with Exchange from the beginning. This type of database is useful for storing the type of unstructured data that email normally carries, and has proven to be a good fit for Exchange Server. Along with this type of database, however, comes the responsibility to run regular, scheduled maintenance on the Exchange databases on a regular basis. Although online maintenance is performed every night, it is recommended that Exchange databases be brought offline on a quarterly or, at most, semiannual basis for offline maintenance. Exchange database maintenance utilities, eseutil and isinteg, should be used Exchange databases that do not have this type of maintenance performed run the risk of becoming corrupt in the long term, and will also never be able to be reduced in size. Consequently, it is important to include database maintenance into a design plan to ensure data integrity.
|
legal disclaimer
1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service
Useful tools and features
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.
related articles
Previous versions of Exchange essentially forced many organizations into deploying servers in sites with greater than a dozen or so users. With the concept of site consolidation in Exchange Server 2007, however, smaller numbers of Exchange servers can service clients in multiple locations, even if they are separated by slow WAN links. For small and medium-sized organizations, this essentially means that one or two servers should suffice for the needs of the organization, with few exceptions. Larger organizations require a larger numbe...
2. Configuring Exchange Server 2007 for Maximum Performance and Reliability
After decisions have been made about AD design, Exchange server placement, and client access, optimization of the Exchange server itself helps ensure efficiency, reliability, and security for the messaging platform. Designing an Optimal Operating System Configuration for Exchange As previously mentioned, Exchange Server 2007 only operates on the Windows Server 2003 operating system, and is scheduled to be able to run on the next version of the Windows Server operating system, currently referred to as Windows L...
3. Managing Identity Information Between LDAP Directories and Exchange Server 2007
LDAP directories are commonplace today and can be found in many business environments. UNIX applications in particular make wide use of the LDAP standard for directories. Along with this proliferation of LDAP directory structures comes a need to synchronize the information contained within them to an Exchange 2007 environment. The Enterprise version of MIIS 2003 contains MAs that support synchronization to LDAP directories. Consequently, a good understanding of LDAP concepts is required before syncing between the environments. ...
4. Understanding DNS Requirements for Exchange Server 2007
In Active Directory, all client logons and lookups are directed to local domain controllers and GC servers through references to the SRV records in DNS. Each configuration has its DNS and resource requirements. Exchange relies on other servers for client authentication and uses DNS to find those servers. In an Active Directory domain controller configuration, on the other hand, the Exchange server also participates in the authentication process for Active Directory. Using DNS in Exchange Server 2007 As has bee...
One of the improvement goals Microsoft has had with all of their products over the past few years has been to constantly improve the security in the products. More recently with all of the regulatory compliance laws and policies being implemented, Microsoft has focused a lot of security enhancements to address privacy, information archiving, and compliance support. The release of Exchange 2007 was no different—Microsoft added in several new enhancements in the areas of security and compliance support. One of the addition...
6. Designing Exchange Infrastructure
After Active Directory and the physical OS has been chosen and deployed, the Exchange infrastructure can be set up and optimized for the specific needs of the organization. With these needs in mind, you can do several things to optimize an Exchange 2007 setup, as detailed in the following sections. Determining the Exchange Version When installing Exchange, the choice of Exchange version needs to be made. As with Windows Server 2003, there are two versions of Exchange, Standard and Enterprise. The Standard Edit...
7. Synchronizing Exchange Server 2007 with Novell eDirectory
Novell eDirectory and Novell Directory Service (NDS) environments are relatively commonplace in business environments, and there is often a need to integrate them into deployed Exchange infrastructures. Several tools exist that can make this a reality, including the MIIS 2003 tools discussed. In addition, tools in the Microsoft-supplied Services for NetWare can be used to synchronize directory information between the two directory systems. NOTE Exchange 2000 Server and Exchange Server 2003 included a GroupWise ...