Tài liệu Module 8: Managing Virtual Servers and Protocols in Exchange 2000 doc

# 0RGXOH#;=#0DQDJLQJ#9LUWXDO#6HUYHUV#DQG#3URWRFROV#LQ#[FKDQJH#5333# # LLL#,QVWUXFWRU#1RWHV## This module provides students with an understanding of the protocols that Microsoft® Exchange

Exchange 2000

with all applicable copyright laws is the responsibility of the user No part of this document may

be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation If, however, your only means of access is electronic, permission to print one copy is hereby granted

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property

 2000 Microsoft Corporation All rights reserved

Microsoft, MS-DOS, MS, Windows, Windows NT, Active Directory directory service, ActiveX, BackOffice, FrontPage, Hotmail, MSN, Outlook, PowerPoint, SQL Server, Visual Studios, and Win32, are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A and/or other countries

The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted

Other product and company names mentioned herein may be the trademarks of their respective owners

Project Lead: David Phillips

Instructional Designers: Lance Morrison (Wasser), Janet Sheperdigian, Steve Thues

Lead Program Manager: Mark Adcock

Program Manager: Lyle Curry, Scott Hay, Janice Howd, Steve Schwartz (Implement.Com), Bill Wade (Wadeware LLC)

Graphic Artist: Kimberly Jackson, Andrea Heuston (Artitudes Layout and Design)

Editing Manager: Lynette Skinner

Editor: Elizabeth Reese (Write Stuff)

Copy Editor: Ed Casper (S&T Consulting), Carolyn Emory (S&T Consulting), Patricia Neff

(S&T Consulting), Noelle Robertson (S&T Consulting)

Online Program Manager: Debbi Conger

Online Publications Manager: Arlo Emerson (Aquent Partners)

Online Support: Eric Brandt

Multimedia Developer: Kelly Renner (Entex)

Compact Disc Testing: Data Dimensions, Inc

Production Support: Ed Casper (S&T Consulting)

Manufacturing Manager: Bo Galford

Manufacturing Support: Rick Terek

Lead Product Manager, Development Services:

Lead Product Manager: David Bramble

Group Product Manager: Robert Stewart

# 0RGXOH#;=#0DQDJLQJ#9LUWXDO#6HUYHUV#DQG#3URWRFROV#LQ#([FKDQJH#5333# # LLL#

,QVWUXFWRU#1RWHV##

This module provides students with an understanding of the protocols that Microsoft® Exchange 2000 uses to access the information store and introduces the concept of virtual servers Students will learn how to administer these protocols by using the Exchange System Manager In addition, students will learn how to create and configure virtual servers At the end of this module, students will be able to configure the Internet protocols that Exchange 2000 supports and create virtual servers

0DWHULDOV#DQG#3UHSDUDWLRQ#

This section provides you with the required materials and preparation tasks that are needed to teach this module

5HTXLUHG#0DWHULDOV#

To teach this module, you need the following materials:

• Microsoft PowerPoint® file 1569A_08.ppt

3UHSDUDWLRQ#7DVNV#

To prepare for this module, you should:

„#Read all the materials for this module

„#Complete the lab

Use the following strategy to present this module:

„#Supported Internet Protocols This section lists the Internet protocols that Exchange 2000 supports and also provides a brief discussion of how to administer them

Students should already possess base knowledge about each of these protocols

„#Creating Virtual Servers This section discusses the benefits of creating virtual servers, covers how to identify multiple virtual servers, and concludes by outlining typical

scenarios in which creating multiple virtual servers would be beneficial Consider asking students to share “real-life” examples from their work environments in which they think creating multiple virtual servers would be beneficial

„#Simple Mail Transfer Protocol This section focuses on how to configure an SMTP server, how to manage server status, and how to set global parameters

The SMTP server configuration topic is very long Thoroughly discuss each

of the configuration options provided by the General, Access, Messages, and Advanced tabs

„#Post Office Protocol 3/Internet Mail Access Protocol 4 This section briefly outlines the new POP3 and IMAP4 features that Exchange 2000 supports

„#Hypertext Transfer Protocol This section explains how to use HTTP to configure virtual servers and how

to connect to and disable a virtual server The section concludes by briefly discussing virtual directories

„#Network News Transport Protocol This section discusses how to use NNTP to provide enhanced storage and organizational capabilities, covers how to configure an NNTP server, explains NNTP virtual directories and newsgroups, and concludes by showing students how to create newsfeeds

If time permits, demonstrate the procedures under the Master/Subordinate Newsfeeds heading

„#Scaling the Protocol Servers This section explains how to scale the servers using Internet protocols to accommodate more users by configuring front-end/back-end servers and virtual servers

Make sure students understand the differences between a front-end server and a back-end server

If time permits, present a scenario that requires students to implement end/back-end servers and virtual servers within the same environment

At the end of this module, you will be able to:

„#List the Internet protocols that Microsoft® Exchange 2000 supports

„#Create virtual servers

„#Manage the Simple Mail Transfer Protocol (SMTP)

„#Manage Post Office Protocol 3 (POP3) and Internet Mail Access Protocol 4 (IMAP4)

„#Manage the Hypertext Transfer Protocol (HTTP)

„#Manage the Network News Transport Protocol (NNTP)

„#Scale Protocol Servers

EXCHANGE MANAGEMENT – [Northw…

&RQVROH :LQGRZV +HOS

$FWLRQ 9LHZ )DYRULWHV 7UHH )DYRULWHV 1RUWKZLQG#7UDGHUV#+([FKDQJH,

*OREDO#6HWWLQJV 5HFLSLHQWV

$GPLQLVWUDWLYH#*URXS )LUVW#$GPLQLVWUDWLYH#*URXS 6HUYHUV

593 0LFURVRIW#07$

,QIRUPDWLRQ#6WRUH 3(57+#± 489<$

9$1&289(5#± 489<$

3ROLFLHV 5RXWLQJ#*URXSV

&KDW#&RPPXQLFDWLRQV

+773 ,0$37 1173 3236 6073 ,5&;

593 0LFURVRIW#07

The protocols that Microsoft Exchange 2000 uses to access the information store are now integrated with Internet Information Services (IIS) in Microsoft Windows® 2000

Exchange 2000 supports multiple protocol servers to service clients that communicate to the server by using a particular protocol These include HTTP, IMAP4, NNTP, POP3, and SMTP

In addition to the protocols that access the information store, Exchange 2000 also supports instant messaging through rendezvous protocol (RVP) and Internet Relay Chat Protocol (IRCX) chat communication protocols

The instant messaging protocol is called RVP in Exchange 2000 Beta 3

$GPLQLVWUDWLRQ#

Administer these protocols by using Exchange System Manager, rather than the Internet Services Manager The Exchange System Attendant automatically saves configuration information to the Active Directory™ directory service and then applies it to IIS on the appropriate server running Exchange 2000

# 0RGXOH#;=#0DQDJLQJ#9LUWXDO#6HUYHUV#DQG#3URWRFROV#LQ#([FKDQJH#5333# # 6#

&UHDWLQJ#0XOWLSOH#9LUWXDO#6HUYHUV#

Exchange 2000 Server

Exchange 2000 Server Clients

Application

Virtual Server A

Virtual Server A

Virtual Server B

Virtual Server B

Virtual Server C

Virtual Server C

If you support users with different configuration needs, such as security requirements or message formats, you need to create multiple instances of the protocol server Each instance is referred to as a virtual server Previously, creating virtual servers required installing the protocol server on additional computers Exchange 2000 enables you to create multiple instances of the protocol servers on one computer

During installation, a default protocol server is created for most protocols Each

of these protocol servers is automatically configured specifically for the protocol being used You can configure items such as authentication methods, message formats, and data transfer limits

The protocols RVP and IRCX require some configuration Although virtual servers enable multiple protocol server configurations, you should not use them for scalability purposes because each virtual server is already multithreaded

,GHQWLI\LQJ#0XOWLSOH#9LUWXDO#6HUYHUV#

For each virtual server, you will need to uniquely identify it among the other virtual servers for that protocol To do this, you must specify a unique IP port and address combination for each

For HTTP virtual servers, you can also use the host header parameter to uniquely identify a virtual server

Consider creating multiple virtual servers for the following reasons:

„#You want to configure each virtual server to use different authentication mechanisms

For example, external users sending messages over the Internet may have all messages encrypted with Transport Layer Security for additional security, while users on an internal intranet do not use Transport Layer Security encryption and do not need to incur the additional cost

„#You want to optimize trusted applications

For example, applications that use Collaboration Data Objects (CDO) to send SMTP messages can use an SMTP virtual server that is not restricted

by reverse Domain Name System (DNS) lookup or recipient limits

„#You want to configure each server on different purposes

For example, you can connect one virtual server to the Internet, enabling all users to send and receive messages over the Internet, and configure another virtual server only to deliver messages within an Exchange 2000

organization

The SMTP service processes incoming traffic from SMTP clients, such as Microsoft Outlook® Express, and other SMTP hosts, such as another Exchange Server The service sends outbound SMTP traffic in response to requests from the SMTP Connector and routing group connector

Default SMTP Virtual Sever Properties

General Access Messages Delivery Default SMTP Virtual Server

IP address (All Unassigned) Limit number of connections to:

Connection time-out (minutes): 10

Enable logging Active log format:

W3C Extended Log File Format

Apply Properties

Advanced

Each SMTP server provides a number of parameters that you can configure by using the Exchange System Manager These parameters are listed below, under the name of the related tab in the interface, with examples of when you should change the defaults

combination

„#Logging You have several choices when deciding how to log messages passing through the SMTP server The available logging choices are the same as those provided by other IIS services Because many of the properties available in the IIS log formats do not apply to SMTP, you can customize the list of properties logged to optimize the logging process

„#Connections

By default, the server accepts an unlimited number of SMTP connections However, an unlimited number of SMTP connections can use an excessive amount of resources, which will negatively affect other services, such as the information store, and could result in a denial of service You can control SMTP traffic by configuring a maximum number of concurrent connections and the time-out for each connection

# 0RGXOH#;=#0DQDJLQJ#9LUWXDO#6HUYHUV#DQG#3URWRFROV#LQ#([FKDQJH#5333# # :#

$FFHVV#7DE#

If you require a stringent policy for SMTP message transfer, you can use the

Access tab to configure security to the SMTP port, which does the following:

„#Requires authentication before a message transfer session can be established

„#Associates a certificate with the SMTP server and creates a secure channel

„#Explicitly allows or disallows specific computers to connect with the SMTP port

5HOD\#5HVWULFWLRQV#

You can also secure the e-mail that relays or routes through the SMTP server The default Windows 2000 installation of the SMTP server allows only authenticated users to relay messages through the server You can enable additional users to relay messages by specifying a computer’s IP address, a subnet, or a domain name

However, when you install Exchange 2000 on a computer running Windows 2000, this default behavior is reversed, which means that all users can relay SMTP messages through the server

Exchange 2000 reverses the relay restrictions because computers running Exchange 2000 are typically deployed on a corporate intranet and not the Internet

0HVVDJHV#7DE#

Use the Messages tab to protect SMTP server resources and to protect against

server overload by configuring message restrictions with the following limits:

„#Limit message size to 2048 kilobytes (KB)

„#Limit SMTP session size to 10,240 KB

„#Limit number of messages per connection to 20

„#Limit number of recipients per message to 100

You may need to adjust these parameters to balance functionality, flexibility, and performance For example, if limiting the size of a message to two megabytes (MB) is too restrictive, you can raise the limit, thereby increasing functionality for the user, but potentially decreasing server performance

When the system exceeds the number of messages per connection, Exchange opens an additional connection and sends any remaining messages

simultaneously While this can improve outbound performance, it must be balanced with other resource limitations, such as limited network bandwidth When there are more recipients in the header of a message than the relative number configured on the server, Exchange generates multiple messages For example, if a message is addressed to 150 recipients, the routing engine will transfer two messages of the same content, one for the first 100 recipients and another for the final 50

If the number of recipients exceeds the limit specified in the global SMTP settings, the message is not processed

1RWH#

When the destination for an e-mail address cannot be determined, you can forward the message to another host for redelivery If a message is not delivered successfully, a non-delivery report (NDR) is automatically sent to the sender If the NDR is not delivered successfully, a copy of the message is stored in the Badmail directory

Exchange 2000 attempts to redeliver failed messages three times, at one minute intervals, before switching to fifteen minute intervals

'HOLYHU\#7DE#

The SMTP server will attempt to deliver messages after it determines both the destination and destination address When there is a problem with the next-hop server, or if a communications failure on the network has taken place, the SMTP server queues the message for subsequent retries or performs a re-route

If a message has been in the queue for longer than 12 hours, the sender is notified that the message has not been successfully delivered If, after two days, the message has still not cleared from the queue, an NDR is sent back to the sender along with the message

You can configure these delay and expiration intervals for local message deliveries The SMTP server uses these intervals when it cannot deliver a message to the local information store

The Outbound Connections dialog box also enables you to configure the TCP

port to which the remote SMTP hosts connect The default is port 25

# 0RGXOH#;=#0DQDJLQJ#9LUWXDO#6HUYHUV#DQG#3URWRFROV#LQ#([FKDQJH#5333# # <#

$GYDQFHG#7DE#

Use the Advanced tab to optimize the SMTP server advanced delivery settings

by:

„#Keeping a message from looping Configure the message hop count to send

an NDR to the sender when the message hop count is exceeded The default number of hops is 15

„#Modifying the sender address in outgoing messages to use a specific domain called a masquerade domain

„#Sending all outgoing SMTP messages to a smart host for delivery This offloads message delivery mechanics to the smart host computer; however, delivery issues are not resolved as quickly because your server is not aware

of delivery problems

„#Configuring the SMTP server to perform a reverse DNS lookup for the sender of the message If the submitting SMTP client does not belong to the Domain Name System (DNS) domain of the matching SMTP domain name

specified in the Mail from field, the virtual server rejects the message

Unfortunately, reverse lookups severely impact the performance of message transfer and should be tested in the lab before going into production to make sure the virtual server can handle the necessary messaging traffic with reverse DNS lookup enabled

Reverse DNS lookups only provide a partial solution to preventing junk mail If you need to verify a message sender’s identity, digital certificates should be used instead

1RWH#

Configure the following domains for each SMTP server:

„#Remote The SMTP service looks up remote domains in DNS You can also rename remote domains

„#Local (Default) This is the default domain and will be appended to addresses that come in with no domain specified:

RCPT TO: <USER> would be USER@LOCALDOMAIN

„#Local (Alias) Any mail addressed with an alias will be processed by the local computer: RCPT TO: <USER@ALIASDOM> would be USER@LOCALDOMAIN

„#Local (Normal/blank) This is the domain for which Exchange 2000 accepts inbound mail if it is set

up not to relay mail Normally it would reject the address

If you support users with different domains from the default domain or users with multiple domains you want to match, you can configure SMTP to accept them

# 0RGXOH#;=#0DQDJLQJ#9LUWXDO#6HUYHUV#DQG#3URWRFROV#LQ#([FKDQJH#5333# # 44#

0DQDJLQJ#4XHXHV#

The Exchange System Manager displays the messages that are queued for delivery by each SMTP server The list of queues is dynamic, and is based on where outgoing mail is being sent

The Advanced Queuing Engine processes all e-mail messages for the SMTP Service by placing the messages in the appropriate default queue You can use the Exchange Systems Manager to monitor and manage the processing of these messages

'HIDXOW#4XHXHV#

The following table describes the default queues provided in Exchange 2000

categorizer to process

PreRoutingQueue List of messages waiting for the advanced

queuing engine to determine the route

Destination Queue List of messages currently being sent, or

waiting to be sent to a destination server

4XHXH#6WDWHV#

The following table describes each queue state

State Definition

allocated to it

(TURN/ETRN)

message can be inserted if the Categorizer

is running

a specific destination, such as microsoft.com, or it can use a wildcard, such as

*.edu to reference a large group of destinations

0HVVDJH#'HOLYHU\#

Message delivery configuration options include:

„#Specifying an account to receive messages that are sent to

# 0RGXOH#;=#0DQDJLQJ#9LUWXDO#6HUYHUV#DQG#3URWRFROV#LQ#([FKDQJH#5333# # 46#

3RVW#2IILFH#3URWRFRO#62,QWHUQHW#0DLO#$FFHVV#3URWRFRO#7#

Exchange 2000 Server

Exchange 2000 Server

VirtualServerHTTP

VirtualServerHTTP

Virtual Server POP3

Virtual Server POP3

Virtual Server IMAP4

Virtual Server IMAP4

POP3 and IMAP4 enable clients, such as Outlook Express, to communicate with servers These protocols also enable clients to communicate with virtual servers as though they were physical servers

The POP3 and IMAP4 services supported by Exchange 2000 provide the following new features:

„#Support for virtual servers You can now configure servers with separate names, authentication, and message formatting

„#Support for front-end/back-end servers You can now use a single namespace with multiple servers Clients connect to the front-end server, which looks up the user’s mailbox in the directory, and then proxies the traffic to the corresponding back-end server The front-end server also provides IMAP4 clients access to all public folders, even those folders that

do not exist on your primary public folder server

„#IMAP4 support for Request for Comments (RFC 2359) RFC describes how

to reduce server communication for copied and appended messages

Exchange 2000 Server

Exchange 2000 Server

Virtual Server HTTP

Virtual Server HTTP

VirtualServerPOP3

VirtualServerPOP3

VirtualServerIMAP4

VirtualServerIMAP4

HTTP provides access to mailboxes and public folders within computers running Exchange 2000 In addition, you can use HTTP to configure virtual servers and directories

&RQILJXULQJ#D#9LUWXDO#6HUYHU#

Exchange 2000 automatically configures the HTTP virtual server to enable users to access mailboxes and the default public folder tree However, you can configure the server to provide customized access for HTTP clients by specifying:

„#Which users can access the server from a Web browser

„#Which authentication method(s) to allow

„#Which public folders are exposed to users

Use the Exchange System Manager console and the Active Directory Users and Computers console in Microsoft Management Console (MMC) to perform these configuration tasks The changes you make are automatically stored in the Active Directory and then applied by the appropriate Exchange server The Directory Server to IIS Metabase component of Exchange polls Active Directory every 60 seconds for changes

The virtual Web servers and directories that you create with the Exchange Administration tool will also appear in the Internet Services Manager console Configuration changes made in the Exchange Administration tool will overwrite changes to similar items made with Internet Services Manager Use only Internet Services Manager to make changes to items that are not available

in the Exchange Administration tool

You can use virtual servers to create separate Web server instances for internal and external users, for different departments within a company, and for users with different security requirements

# 0RGXOH#;=#0DQDJLQJ#9LUWXDO#6HUYHUV#DQG#3URWRFROV#LQ#([FKDQJH#5333# # 48#

&RQILJXUDWLRQ#7DEV#

Use the following tabs when configuring an HTTP virtual server:

„#General Use this tab to configure:

• Virtual server identification parameters, such as host header, IP address, and port

• The number of connections available

• Content, such as private mailboxes or a specific portion of the public folder tree

• Logging parameters

The combination of identification values for each virtual server must

be unique

„#Access Use this tab to configure the type of authentication methods to

allow for access to secured content

„#Security Use this tab to configure administrator permissions to the virtual

When the server receives the request, it will look at the server name in the URL

to determine which virtual server receives the request If the specified server name matches the host header of a virtual server, it will direct the request to that server Otherwise the default Web server handles the request

1RWH#

Exchange Server 5.5 Outlook Web Access allowed you to enable or disable all HTTP access for Exchange on the General tab page Exchange 2000 can perform similar functionality You can now stop, start, or pause each virtual server To do this, right-click the virtual server object in the administration tool and select the appropriate option

If you stop the default Exchange Virtual Server, you are stopping the IIS default Web server If you want this Web server to be available, but want to eliminate Exchange access, you can remove the Exchange, Exadmin, and public virtual directories or configure security to disable access

9LUWXDO#'LUHFWRULHV#

For each virtual server, you can configure multiple virtual directories to point to different public folders or the private mailbox store You can also create virtual directories within other virtual directories, which enables you to create your own Web-accessible hierarchy

Virtual directories are similar to the public folder shortcuts used in previous versions of Exchange

1RWH#

NNTP in Windows 2000 replaces the Internet News Service supported by Exchange Server 5.5 When you install Exchange 2000, the NNTP service is enhanced with the ability to communicate with other news servers through newsfeeds

C:\\Inetpub\nntpfile\root\control

1173 6WRUDJH

C:\\Inetpub\nntpfile\root\control

1173 6WRUDJH

2UJDQL]DWLRQ#

You can now organize multiple news servers in a master-subordinate layout This enables clients to connect to a collection of servers and still maintain accurate views of newsgroup content Creating a collection of servers provides additional scalability for a large number of clients and provides fault tolerance

if a subordinate server should go offline