Microsoft Gets Security Message

 
 
By Henry Baltazar  |  Posted 2003-01-13
 
 
 

Microsoft Gets Security Message


Microsoft Exchange Server 2003 Beta 2, the first public beta release of Microsoft Corp.s enterprise messaging platform, shows incremental, but useful, improvements over its predecessor, Exchange 2000.

Exchange 2000 introduced AD (Active Directory), which requires customers upgrading from 5.5 to 2000 to change their entire messaging architecture. Exchange Server 2003 also uses AD, so a migration from Exchange 5.5 to Exchange Server 2003 would be just as challenging, but there are no drastic implementation changes for sites moving from Exchange 2000 to the next version.

Although this releases security and usability improvements will probably make it a welcome upgrade for Exchange shops, there are no earth-shattering changes to compel IT managers on other enterprise platforms, such as IBMs Lotus Software divisions Domino and Novell Inc.s GroupWise, to scrap their current infrastructures. Nevertheless, the relatively small changes should be a relief to most Microsoft sites, many of which are grappling with difficult migrations to Windows 2000, Active Directories and Exchange.

In eWeek Labs tests of Microsoft Exchange Server 2003 Beta 2, due for release by midyear, we saw basic improvements that indicate Microsoft is heeding customers demands to improve the security and scalability of Exchange.

A major (and welcome) omission in this version of Exchange is the somewhat arcane M: drive, which enabled users to get file system access to the Exchange Message store. Although the M: drive was useful for allowing IT managers to use Exchange servers as file repositories, it made Exchange 2000 vulnerable to mail store corruptions and could become much more trouble than it was worth.

Real-time collaboration features, which were available using Exchange Conferencing Server, also are not included in Exchange Server 2003. These capabilities will be included in Microsofts upcoming collaboration and real-time communications server, code-named Greenwich. The Greenwich server will likely be a better place for these capabilities because it will enable IT managers to provide an e-mail-only solution when necessary and then custom-build collaboration systems at a later date.

Interface Improvements


Interface Improvements

In tests of Exchange Server 2003 Beta 2, we used both the Microsoft Outlook Web access client and the current beta release of Outlook 11 (which is part of the Office 11 suite). We liked the layout of both client interfaces, which were easier to navigate than Exchange 2000s interface.

As many current users would attest, Outlooks sluggish performance on lower-speed and congested network links was definitely one of the more frustrating aspects of using Exchange 2000. However, the combination of Exchange Server 2003 and the new Outlook 11 client should make this experience less painful, thanks to Exchanges improved local caching system and the inclusion of automatic file compression capabilities.

By reducing the number of remote procedure calls between the client and the server, Microsoft is trying to bring dial-up clients performance and usability up to more tolerable levels. We hope to confirm the better performance claims when gold code becomes available.

To further bolster security, Outlooks new Web access client includes an attachment-blocking option and a session inactivity timeout (see Labs-Eye View).

S/MIME (Secure Multipurpose Internet Mail Extension) support is now available for Outlooks Web access client (Exchange 2000s Web access client did not support it), which will allow users to encrypt or digitally sign mail messages. However, we would caution that its not a good idea for IT departments to implement S/MIME without having a firm grasp of Windows public-key infrastructure.

Exchange Server 2003, like Windows .Net Server, ships with default security measures in place that should make servers less susceptible to vulnerabilities out of the box. (Exchange Server 2000s default security setting made it relatively easy to hack.)

Exchange can run on Windows 2000 servers or Windows .Net Server 2003. For our tests, we installed the Exchange beta on Windows .Net Server 2003 Release Candidate 2. (See eWeek Labs Dec. 23/30 review of .Net Server 2003 RC2.)

With Windows .Net Server 2003, Exchange will be able to scale to eight-node clusters. With the kernel improvements being made to Windows .Net Server 2003, Exchange Server 2003 is expected to be more efficient than Exchange 2000, which relies on the Windows 2000 kernel.

Senior Analyst Henry Baltazar can be contacted at henry_baltazar@ziffdavis.com.

Executive Summary


: Microsoft Exchange Server 2003 Beta 2">

Executive Summary: Microsoft Exchange Server 2003 Beta 2

The latest version of Microsofts enterprise messaging offering, which is expected to ship by midyear, is not radically different from its predecessor, Exchange 2000. However, Beta 2 shows that the next edition will likely provide some of the improvements in scalability and security that IT managers have been demanding.

(+) Scalability will improve with the new clustering capabilities in Windows .Net Server; new Web access client is easy to navigate and use.

(-) Removal of collaboration tools could be a negative, although details about Greenwich, Microsofts upcoming collaboration and real-time communications server, are sketchy.

EVALUATION SHORT LIST

Rocket Fuel