Microsoft recently released Exchange Server 2013, an improved messaging platform that provides quite a few interesting features at various levels. There are major changes, and organizations will have to rethink the way they plan to maintain or integrate messaging in their infrastructure. The level of changes is not as dramatic as those seen between 2003 and 2007, but as you will see, certain things are dealt with differently. As of now, very few organizations have Exchange 2013 running, so it is certainly going to be interesting to see how this iteration of the product will interconnect with existing messaging solutions soon.
Here we examine what is new in this release, as well as what has been simplified from 2010. This will help us gather key information we need to evaluate the possibilities and implement this fresh release into production. As of now, configuring Exchange 2013 on top of an existing Exchange infrastructure is not possible, but with the release of new service packs and cumulative updates, it will be feasible, and we will cover the most obvious features here.
One of the first changes we notice during setup is that the hub transport role is no longer available for installation. In fact, it has been divided into two services that run on all client access server and mailbox roles.
A new service, the Front-End Transport Service, runs on the Client Access Server (CAS). This component provides basic spam scanning for incoming messages, quickly forwarding them to the appropriate mailbox servers. It also relays outgoing e-mail to the Internet or, preferably, to smart hosts. This service does not host a message queue.
The Front-End Transport Service is not a replacement for the Edge transport service (but can certainly use the 2010 version of the relay), and despite the fact it seems to be for the outside world, it is not supposed to reside in the perimeter of the network. When a message is exchanged between internal Mailbox servers, the CAS Front-End Transport Service is not used.
A mailbox server now fully integrates SMTP mail flow components.[g1] In fact, that is where the core of e-mail flow happens. It contains different queues, and categorizers, pick-up directories, as well as other components that deliver e-mail to appropriate mailboxes. It is composed of two services:
- Mailbox transport delivery: This component allows the internal e-mail routing engine to appropriately forward an incoming e-mail to the user’s mailbox.
- Mail transport submission: This component routes the outgoing e-mail from a mailbox to the SMTP components to successfully deliver the e-mail to the next messaging server.
Malware and spam protection
Identifying viruses and threats is possible with Exchange Server 2013, as the malware protection component can be enabled for the organization. A message can be scanned for typical threats. This is a service that is now fully integrated into the architecture at no cost. However, it can also be paired with third-party products or Exchange Online Services.
Basic anti-spam filtering is also available in Exchange 2013 and is essentially the same engine as before. However, its configuration is no longer possible through the interface; it can only be done in PowerShell.
Data Loss Prevention
Data Loss Prevention (DLP) is part of the messaging compliance. It is now possible to look for specific patterns and keywords in messages to find confidential and sensitive information that could be outgoing. Combined with transport rules, DLP and appropriate policies it can help filter information and apply several policies that dictate how and what type of information can leave the organization.
There is a change in the way connectors are pre-configured, following a typical installation. It affects the way back-end and front-end servers communicate; hence, the default connectors we see in the console are different from the ones seen in previous versions (primarily applicable to receive connectors).
The name changes can be somewhat confusing, so here is a summary of what is now available:
- Default frontend: This connector allows inbound e-mail to be processed by the CAS role. It works on port 25. By default, now anonymous users can use this connector. This is one of the default legacy connectors as well.
- Outbound proxy frontend: This connector running on the CAS is responsible for receiving e-mail from trusted mailbox servers in the organization. It uses port 717.
- Client frontend: This connector allows clients to send e-mail directly to the CAS server through port 587. It exists in previous versions of Exchange Server.
- Default: This connector installed on the mailbox role is used to exchange messages between mailbox servers. It uses port 25 if the mailbox and CAS are not on the same server. If the mailbox and CAS are on the same server, it uses port 2525.
- Client proxy: This connector allows the mailbox server to receive e-mail from the CAS. It uses port 465.
Reproduced from Global Knowledge White Paper: Exchange 2013: New Features and Changes.