I participated in an interesting panel sessions at TEC 2011 EMEA in Frankfurt on Tuesday. Panel sessions can be an embarrassment for both panelists and audience if no one asks any questions or the questions don’t contain sufficient meat to warrant a good discussion – or even some controversy. In this case, the panel consisted of Greg Taylor and Ross Smith IV from the Microsoft Exchange development group, Jaap Wesselius, a Dutch MVP and author of Exchange 2010 SP1 – A Practical Approach, and Ilse Van Criekinge, author of Exchange Management Shell: TFM (PowerShell for Exchange 2007). Ilse was an MVP when she wrote her book but now works for Microsoft Belgium. The moderator was David Sengupta, another MVP who works for Quest, the organizers of TEC.

I attempted to take notes of the questions and answers during the session and list them below. I’m sure that I have omitted something, but hopefully nothing important!

Q: Has Microsoft done anything to fix the problem that occurs when an Exchange 2010 mailbox server goes down and it has a public folder database that is used by other servers?

A: Exchange 2010 SP1 RU2 contains a fix that allows mailbox servers to look for other public folder databases to take over if their preferred server goes offline. The code isn’t optimized because it works on the basis of searching within an administrative group – Exchange 2010 only has a single administrative group to hold all servers so the code might select a public folder database that is on a remote server. However, the code works and provides a solution to keep people working until the preferred server comes back online.

Q: What can you say about Exchange 15 (E15), the next version of Exchange?

A (Microsoft): We can’t say anything at this time because Microsoft has not announced any public information about what we are working on for the next release of Exchange.

Q: What recommendations would you give about online maintenance for Exchange 2010 databases?

A: Exchange 2010 has moved to a model where database maintenance is constantly running in the background on a throttled basis so that it doesn’t overwhelm a server. You don’t really have to do much because ESE defragmentation now runs on a 24×7 basis. However, it’s worth noting that maintenance now pays more attention to making sure that database pages for items are contiguous with the B-tree structure as this allows ESE to retrieve large chunks of sequential information rather than many random I/Os as you might see in previous versions of Exchange.

Q: Do Exchange 2010 mailbox servers have a problem when very large amounts of RAM are installed – for example, 192GB?

A: Yes, there’s a known issue with servers that are equipped with very large amounts of RAM. A hotfix is available.

Q: Sometimes my users report that Outlook requests credentials when a CAS server is unavailable.

A: We’d need more details to understand exactly what’s going on here. However, Microsoft recently recommended that customers move to Kerberos-based authentication between CAS servers and MAPI clients as per the article on the EHLO blog.

Q: We’d like to give delegate access to the archive mailbox on a folder by folder basis but this isn’t possible in Exchange 2010.

A: Other customers have indicated that they’d like this functionality. Please complete a request for feature enhancement and submit it to Microsoft through your local office. Feature requests from customers are taken very seriously and will be assessed as the engineers design functionality to be incorporated into future versions of Exchange.

Q: Any comments about VMware versus Hyper-V as a virtualization platform for Exchange 2010?

A: Exchange 2010 works well on both hypervisors. Choosing between the two is really a decision that the company has to make and may be influenced by the use of one or the other for virtualization of other applications.

Q: Is it possible to use RBAC to delegate the ability to install a new server from scratch?

A: No. Delegated Setup is supported but an organization administrator has to do some up-front work to create the conditions by which an unprivileged user can complete the installation. Some operations will always require a high level of permissions, such as deploying the first mailbox server in an organization when the system arbitration mailboxes are created and secured against user access.

Q: How should I distribute mailboxes across databases? I have a couple of 600GB mailboxes that serve as journals for all email in the last three months – should they be on separate databases?

A: Generally it’s best to randomize distribution of mailboxes across available databases as this usually results in a pretty good distribution of workload. There will always be exceptions to the rule. Journal mailboxes are one; discovery search mailboxes are another. You need to understand the workload that these mailboxes undertake before you decide in which database they should be placed.

Q: Some people don’t trust the cloud. Specifically, they don’t trust Microsoft to protect their data when it’s in Office 365. What can you say about that?

A: Microsoft makes a huge amount of effort to secure and protect customer data that’s held in Office 365. The number of people who could potentially gain access is severely restricted so that the number is held to the bare minimum and any support tools that are in use have filters applied to them so that any personal data is cloaked and invisible to support personnel. If you still don’t trust Microsoft, you can use Active Directory Rights Management Services to encrypt all email.

Worth also saying that Microsoft has made an investment of billions of dollars in datacenters and engineering work to deliver Office 365. If they were to lose the trust and confidence of customers through breeches of security or customer privacy within Office 365, it would compromise the chance that Microsoft would ever realize any benefit from that investment. If only for this reason alone, Microsoft is taking all possible steps to satisfy audit requirements and protect customer data in whatever way that they can.

It’s also acknowledged that national security legislation might force hosting providers like Microsoft to deliver data to national authorities. It is a common problem across the industry.

Q: I’m experiencing a slow mailbox move from Exchange 2003 to Exchange 2010 (with MRS) in that data is being moved at around 1GB/hour. What’s going on?

A: Many different factors can contribute to slow movement such as server load (source and target), the health of the source database, and the network connection between the two servers. In this case it seemed that the mailboxes are quite large and contain thousands of items in the “critical folders” (like the Inbox). Exchange 2003 wasn’t as effective or efficient at handling large mailboxes as is the case with Exchange 2010  but even so, this rate seems slow. Some further investigation is required.

Q: Can you comment on the “PST capture” tool that was announced by Microsoft in July?

A (Microsoft): We can’t comment. The tool will be released when it is ready.

A (others): There are third party tools available for PST ingestion. If you can’t wait for Microsoft to release its tool, you should look at others available on the market. A web search for “pst ingestion” will throw up many different tools that you can investigate.

Q: Will social networking kill email?

A: Social networking a la Facebook is just another method of communication. The thing about electronic communications is that they’ve been evolving over thirty years or more and as long as email, which is the predominant method of electronic communication, continues to evolve, then it won’t go away anytime soon.

Social networking is in flux too. Four years ago we were all talking about sites such as Bebo and MySpace. Now it’s Facebook and LinkedIn. Who knows what we’ll be talking about in ten years.

Q: Will Exchange 2010 run on Windows 8 Server?

A: There are no plans for this to happen at this time.

Q: What would you like to see happen in terms of Exchange development

A: The Microsoft folks couldn’t comment as this would enter the realm of E15 and they don’t want to talk about that. 

A (others): If we look back at a meeting held in 2004 to consider the future development of Exchange, I was asked to describe some areas of weakness into which the product group could invest. I said:

• Automation – avoid administrative mistakes.
• Documentation – increase the level of coverage and the quality of the documentation.
• Improve reliability
• Get rid of all the registry hacks that are spread throughout the product.

If we look at Exchange today, we see that Microsoft has succeeded in delivering greater automation (such as the EMC wizards) plus the ability for companies to automate their own procedures with PowerShell. The depth and quality of Exchange documentation is impressive and the development group does a good job of communicating with the community through its blog. Reliability is much enhanced in Exchange 2010 especially with the advent of the Database Availability Group and associated features such as single page patching. And most of the registry hacks have been removed. So there’s progress. The trick for Exchange now is to maintain progress and continue to make the product easier to manage, more robust, and easier to understand and to remember that there’s a very large group of customers who want to stay on-premises and not go near Office 365, so let’s keep on delivering for them too.

Q: When will Microsoft ship Exchange 2010 SP2?

A: By the end of the year.

Q: Why can’t I secure mobile devices with Exchange 2010?

A: ActiveSync is licensed to many different device manufacturers and it’s up to the licensee to decide what parts of ActiveSync they should implement. Some of them decide to implement the bare minimum required to synchronize email, others implement the complete protocol and support features such as remote wipe. The problem is that control is in the hands of the device vendors and they are intensely influenced by the consumer market where security is not a big selling feature. In addition, large companies have allowed users to bring in their device of choice and use them to connect to Exchange, so there’s a huge variety in implementations.

Microsoft is looking at how to secure mobile devices better in the future, but for now we have whatever the device vendors opt to implement. Hopefully the ActiveSync certification program will help.

Q: What about hosting mode?

A: Microsoft recently announced that they will discontinue hosting mode for Exchange 2010. It is included in Exchange 2010 SP2 but will be dropped in E15. Instead, hosting partners are advised to build their offerings around the enterprise version of Exchange 2010 and leverage some of the new features included in SP2 such as Address Book Views.

Worth pointing out that third party hosting providers can build added-value offerings around Exchange 2010 to compete with Office 365. For example, they can support Outlook 2003 clients and public folders, both of which are not supported by Office 365, or support deployments of Unified Messaging or BlackBerry devices too.

Q: What about SQL? Will Exchange ever move away from ESE?

A: The future is ESE. ESE is easy, SQL squeals like a pig.  [Comment trademarked by an Exchange engineer; he knows who he is. We won’t embarrass him here]