With many features geared toward reducing management and network overhead, Microsoft Corp.s Exchange 2003 definitely delivers more value to administrators than previous versions of the messaging server. However, the hurdles of Active Directory and system migration still remain high for sites that have balked at upgrading from Exchange 5.5.
Microsofts Exchange 2003 is an administrators update, including a number of new features to improve management, performance and reliability. Many of the meaningful performance improvements require running Outlook 2003, while the reliability enhancements require Windows Server 2003. Many of the security and privacy enhancements are useful, but Microsoft has opted to enable or add features that can present security risks.
EVALUATION SHORT LIST
The changes in this release are myriad, largely focusing on improving the ability of administrators to deploy and manage Exchange securely, reliably and with simplified management. eWEEK Labs tests show that most of the improvements in Exchange 2003 will be welcome to companies running Exchange 2000. Furthermore, incremental value will be gained through better methods of accessing Exchange from a Web browser or wireless client.
Exchange 2003 Standard Edition is priced at $699; Exchange 2003 Enterprise Edition, the version we tested, is $3,999, with client and device access licenses costing $67 per user or device. Exchange 2003 will become generally available next month.
Microsoft continues keeping customers on the upgrade path to get the most out of Exchange 2003. Some reliability and scalability features, such as eight-node clustering, require running Exchange on Windows Server 2003-based servers. And some client performance and access features, such as junk e-mail protection, require Microsoft Outlook 2003, which will ship to Select Customers later this quarter.
From an administrative standpoint, Exchange 2003s major new features and enhancements will aid day-to-day server management in enterprise deployments. Exchange System Manager, the snap-in for MMC (Microsoft Management Console), has a number of improvements that allowed us to quickly navigate to controls and resolve problems. We liked the way the queues are organized on a per-server basis, as well as the ability to more readily sort information by columns.
More important, a few new tools in the snap-in eased management of servers and user mailboxes. For example, the Mailbox Move tool made it easy to move a users mailbox from one server to another. However, Microsofts reliance on MMC, rather than Web-based administration, is not without the significant downside of server management being restricted to just those systems on which the snap-in has been installed.
On the performance side, Microsoft has targeted some practical message management issues, including “out of office” messages and replication performance, to help administrators reduce storage and traffic overhead.
Replication performance has been improved in a number of areas. The gains werent readily visible from an end-user perspective during our testing, but the improved method of limiting exchanges to native message formats will help server performance with large numbers of users. Unfortunately, companies will need to invest bandwidth in deploying Office 2003 to realize any gains from this feature.
On the reliability side, Microsoft has improved the Mailbox Recovery tool to support disaster recovery scenarios in which Active Directory user account information and Exchange mailboxes no longer synchronize.
Exchange 2003 security is a mixed bag. We found a considerable number of improvements that will provide meaningful benefits to Exchange sites, specifically in the areas of virus and spam control.
For example, the anti-virus API has been updated to allow anti-virus products to run on servers without mailboxes so that an Exchange system can now serve as an anti-virus gateway. The new API also allows an anti-virus application to delete messages and send responses to the sender. This latter feature will require much consideration in practical deployment, given the way that viruses now have the propensity to create overwhelming e-mail traffic in just a single direction.
Exchange 2003 offers a number of anti-spam features, including the ability to block HTML e-mail content in Outlook 2003 and Outlook Web Access. This prevents spammers from validating e-mail addresses using links in messages to external content. From a practical standpoint, the fact that Microsoft enables this feature by default may cause headaches for administrators fielding requests from users receiving legitimate content.
We found the more compelling feature to be inbound recipient filtering. This filters inbound e-mail based on recipient addresses and sender permissions. This will likely discourage unsolicited e-mail while still giving legitimate senders a chance to connect with users because the sender receives a nondelivery report.
We also appreciated the ability to create and manage real-time safe and block lists to help manage the flow from co-opted Internet addresses and re-establish connections using a postmaster account.
Microsoft has also enhanced the security of Outlook Web Access by adding forms-based authentication and time-based log-off.
Some security lessons are never learned, however, and Microsoft has made a number of decisions that will put companies at risk in the name of simplicity.
Although Outlook Web Access is a compelling feature that delivers a great deal of value, enabling it (and access from mobile devices) by default for every user exposes companies to a good deal of risk. Creating a well-designed Exchange security architecture and enforcing good password policies take considerable effort and resources that many companies just dont have. Installing a feature that some administrators may not have the resources to manage introduces them to unreasonable risk.
Another convenience feature that could create more problems than it solves is the one that connects an Outlook 2003 system outside the firewall to an Exchange 2003 server via an HTTP/ HTTP Secure connection. It also requires Windows Server 2003 running the RPC (Remote Procedure Call) proxy service. This feature would allow a company to provide access to e-mail without requiring deployment of a VPN client. Windows includes a VPN client, so we cant figure out what the value-add is here, given the associated risks.
On the deployment side, Exchange includes a number of tools to help companies migrate from early versions of Exchange to this update. The tools will make it easier to avoid some of the pitfalls associated with installing necessary updates and tools required for a successful installation, but they just dont make the product easier to deploy.
From a user management perspective, the lack of integration between Exchange System Manager and Active Directory can be maddening. We found it particularly frustrating that there was no easy way to create a mailbox for a user who already existed in Active Directory. Likewise, the fact that a users mailbox is not visible in Exchange System Manager until the user logs in left us wondering frequently if we had successfully created a new mail account in the Active Directory user manager.
Most of Exchange 2003s improvements for end users focus on the Outlook Web Access experience, but Outlook 2003 includes one feature that should, at the very least, cut down on help desk calls: When used with Exchange 2003, Outlook 2003 can cache mailbox data locally. Not only does this reduce network bandwidth, but when the network goes down briefly, users are less likely to notice the interruption.
Outlook Web Access has a new user interface that more closely resembles the interface in Outlook 2003. Although this doesnt obviate the need for training, Outlook 2003 users should be able to use the new Web client without much difficulty.
User interface improvements include easier management of meeting requests against the calendar, as well as the addition of a reader pane. A number of convenience features, such as right-click menu options and personal tasks, are also now available through the Web client.
For companies that want to use Outlook Web Access in a kiosk environment, device access license, rather than client access license, pricing makes this an affordable proposition.
Technical Analyst Michael Caton can be contacted at [email protected]
- Requirements include running Windows 2000 Server or Windows Server 2003 and Active Directory.
- Messaging services Network News Transport Protocol and SMTP as well as Web services must be deployed on the server.
- Administrators must ensure that Domain Name System resolution and network connectivity are running properly.
- Active Directory schema and domain structure must be extended to Exchange Server prior to installation.
- In Exchange 5.5 upgrade scenarios, mailboxes as well as system and public folders must be migrated to Exchange 2003 post-installation.
- Some features, such as Outlook Web Access, require security review and additional software configuration, such as configuring Secure Sockets Layer on Internet Information Services.
Discuss this in the eWEEK forum.