This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
This project is entitled Implementation of Web Server and Exchange Server for a small IT company and secure by Microsoft Forefront TMG and Microsoft Protection 2010. The purpose of doing this project is to setup a mail server and a web server for a small IT company and secure it with the deployment of Forefront Firewall and filter malwares by using Microsoft Protection 2010 which will install on the mail server.
Mail server is close to be a must in most organization, it is common used by company employees. Microsoft Exchange Server offer this mail services for employees communication through e-mail. Microsoft Exchange Server offered e-mail accounts for employees which can used to send to any others public e-mail server like Yahoo Mail, Gmail or Hotmail. A specified additional program will be used to secure the mail server and the web server.
The author is securing Microsoft Exchange Server 2010 with a firewall which is also a Microsoft product, Microsoft Forefront Threat Management Gateway (TMG) and Microsoft Protection 2010. This project will be cover 8 objectives which will be stated in 8 chapters and documented in Final Project Report.
Chapter 1.0: Literature Review on selected Software
In this chapter, the author had do some study on Microsoft Exchange Server 2010, Microsoft Forefront Threat Management Gateway and Microsoft Protection 2010 for exchange server that will use in small IT business company. The author will discuss the overview and advantages of each Operating System and the complete review of the selected software.
Overview of Microsoft Exchange Server 2010
Microsoft Exchange Server is one of the server based software from Microsoft Server line product. It is developed by Microsoft for the purpose of messaging and collaborative software. The major feature of an exchange server consist of electronic mail, contacts, calendaring, supports mobile or web based access to information and supports of data storage. Microsoft Exchange Server 2010 Service Pack 1 was released on Nov, 9, 2009. The new features in Exchange Server 2010 have introduced some new technologies that will not able in the previous version of Exchange Server. Those new features in Exchange Server 2010 provide enterprise-class messaging software solutions, voice mail, online calendaring and contacts. Thus, with the new features of Exchange Server 2010, it definitely increase the productivity, reliability, manageability and security for businesses, it do reduce administrative overhead and simplify administration. With the new deployment in Exchange Server 2010 and storage options, enhanced inbox management capabilities, and the built-in email archiving, it helps user to have lower costs and enhance business outcomes, cost effective is meet for organization. Microsoft Exchange Server 2010 can only run on Microsoft Server 2008 SP2 Operating System. Microsoft Server 2008 SP2 provides several benefits and advantages for Exchange Server 2010 with it supports multi-subnet failover cluster, near-zero downtime when fixing NTFS corruption, faster log file shipping, reduce downtime for hardware maintenance, greater scalability for Client Access servers that provide Outlook Anywhere services. Besides that, using Windows Server 2008 can make an easier deployment for Exchange Server. Exchange Server do not needed to download those prerequisites software instead of quickly install from the new Server Manager MMC console which provide by Windows Server 2008 SP2. Moreover, a new feature providing by the Windows Server 2008 that is IPv6 can be use for exchange server for later generation deployment, which gives great compatibility. (Exchange Server and Windows Server 2008, Part II, 2008)
1.2.1 New in Microsoft Exchange Server 2010 SP1 and 2007 SP2
Microsoft Exchange Server had released Service Pack 1 for this product. The author had decided to do some comparison between Exchange Server 2007 SP1 and the previous version before Microsoft Exchange Server 2010 SP1, which is Microsoft Exchange Server 2007 SP2. There are new things and features provided by the latest Microsoft Exchange Server 2010 compared to Microsoft Exchange Server 2007 SP2.
New in Microsoft Exchange Server 2010 SP1
The Exchange Server 2010 SP 1 is released after THREE years of Exchange Server 2007 SP 2. In this latest version, Microsoft had gone to the cornerstone of cost effective and flexible communication tools. Nevertheless, the features and functionality have been added and been improved. There are several new in Microsoft Exchange Server 2010 SP1. First of all, New Deployment Functionality which enable user to select new option to install the Windows roles and features for Exchange 2010 SP1 server role during an installation of Exchange Server 2010 SP1. Besides that, Exchange 2010 SP1 also provides Client Access Server Role Improvements which included Federation Certificates, Exchange ActiveSync, SMS Sync, Integrated Rights Management, Microsoft Office Outlook Web App, and virtual directories. The best part will falls to the Outlook Web App Improvements. As a email server, Exchange 2010 SP1 has done great improvements in this area by managing the relationship between Office Communications Server and Outlook Web App. Those information will stored in Active Directories and can managed via cmdlet. Apart of that, there are lots improvement in transport Functionality which are enhanced monitoring and troubleshooting features for MailTips, enhanced monitoring and troubleshooting features for message tracking, message throttling enhancements, shadow redundancy promotion, SMTP failover and load balancing improvements and it support for extended protection on SMTP connections. In exchange Store and Mailbox Database Functionality, Microsoft had added New-MailboxRepairRequest cmdlet which enable user to detect and repair mailbox and database corruption issues. Another feature provided by Exchange Server 2010 SP1 is Audit Logging Improvements. Exchange 2010 SP1 had provided new mailbox audit logging events and audit log repository. With the new mailbox audit logging, this allow author to track mailbox access by administrators, delegates or mailbox owners.
New in Microsoft Exchange Server 2007 SP2
The Exchange Server 2007 SP 2 is release right after TWO years of Exchange Server 2007 SP 1. Microsoft had done quite a lot of new features and improvements for this version compare to previous version. The first important feature for this version is it can deploy Exchange Server 2010. Exchange Client Access Server 2007 can be deploying in the Exchange Server 2010 box which only requires to upgrade the entire server role become Exchange Server 2007 SP2 to do the transitioning.
Besides that, Exchange Server 2007 SP2 provided a VSS plug-in for Windows Server Backup for backup Exchange purpose. This feature make enhancement on the Exchange backup functionality. Another feature provided by Exchange Server 2007 SP2 is enhanced auditing. SP2 had provided new Exchange auditing events and audit log repository. With the new auditing features in the SP2, administrator can easily to audit the activities that occur on the Exchange Server.
Another new feature can found in Exchange Server 2007 SP2 that is dynamic active directory schema validation. This feature will enable easier management of future schema updates because it will allow the schema updates to be dynamic deployed. It also prevents support issues when adding properties that don't exist in the AD schema. Public folder quota management is a new improvement provided by Exchange Server 2007 SP2. With the new public folder management, Administrator enables to manage the public folder quota for the user easier by using the current cmdlets.
Another two minor improvements and features provided by Exchange Server 2007 SP2 are centralized organizational settings and improved setup program. Several new cmdlet parameters had been added, so it can allow administrator to centralize the exchange organization settings. Few installers must be installing in Exchange Server 2007 SP2 for update rollup. (What's New in Exchange Server 2007 SP2, 2009)
Overview of Exchange Server 2007 Server Roles
In Exchange Server 2007, the functionality that Exchange servers provide has been separate into five server roles. These server roles are Hub Transport Server role, Mailbox Server Role, Edge Transport Server Role, Client Access Server role, and Unified Messaging Server role. These server roles either can install separately or all of them except for edge transport role on a server. The author will do some overview about all of the server roles provided by Exchange Server 2007.
Client Access Server role
The Client Access server role enables connections from a variety of client protocols to the Exchange Server mailboxes. The Client Access server must be assigning at least one in each Active Directory site that contains a Mailbox server. Client protocols that connect through a Client Access server such as OWA client, POP and IMAP clients, Outlook Anywhere, and Exchange ActiveSync clients. The client access server support services such as Autodiscover service and Web services. (Client Access Server Role, 2007)
Mailbox Server role
The mailbox server role is a serve role that can be installed and configure on a server which running on a Window Server 2008. Mailbox server role is the most common core server role in an Exchange organization. Mailbox server perform several functions which are Host mailbox databases, provides e-mail storage, host public folder databases, calculate e-mail address policies, generate address lists and offline address books, conduct multi-mailbox searches, provide high availability and site resiliency, provide content indexing, provide messaging records management and retention policies. Mailbox server must interact with the FIVE others server roles which are Active Directory (AD), Client Access server, Hub Transport server, Unified Messaging server and Microsoft Outlook clients. The interaction between the FIVE server roles can be explained in this figure 1.1. (Mailbox Server Role, 2010)
Figure 1.1 (source from technet.microsoft.com)
Edge Transport server role
The edge transport server role is designed to be the Simple Mail Transport Protocol (SMTP) gateway server between the organization and the internet. To having a better
security for the organization mail system, the computer that runs the Edge Transport server role should be implement in a perimeter network and should not be a member of your internal Active Directory forest. An Edge Transport server provides few services such as filters on connection, recipient, sender, and content, the Sender-identity and sender-reputation analysis, and attachment filters. Edge transports server also can add some third-party software such as Microsoft Forefront Security for Exchange Server for Antivirus control purpose. Because the Edge Transport server is not part of an Active Directory domain, it uses AD LDS on Windows Server 2008 computers to access recipient information.
Implement multiple of Edge Transport servers can provide load balancing and high availability. Besides that, Edge Transport server and Hub transport server cannot be installed on the same computer. The Hub Transport and Edge Transport servers both provide message routing and delivery capabilities to and from the internet. However, some advanced transport features are only available on Edge Transport servers. (Edge Transport Server Role, 2007]
Hub Transport server role
The Hub Transport server role is to deploy inside Active Directory forest. It responsible to handles all mail flow inside the organization. By applies transport rules, journaling policies and delivers messages to a recipient's mailbox. The messages that send to Internet will pass through the Hub Transport server to the Edge Transport server role which is deploy in the perimeter network. Message received from Internet are processed by the Edge Transport server before the mail is relayed to the Hub Transport server. Hub Transport server role can also install on the same hardware with any other internal server role or on a server that's dedicated to the Hub Transport server role. Hub Transport server role can only deploy on each Active Directories site that contains a Mailbox Server role. Redundancy meets if there is more than one Hub Transport server per site. (Hub Transport Server Role, 2010)
Unified Messaging server role
The Unified Messaging server role provides the services that integrate voice and fax messages into an organization's infrastructure. This role is new to the Exchange product line. The new telephony concepts do not familiar to an Exchange administrator. This role requires the presence of three server roles that are Hub Transport, Client Access, and Mailbox. The Unified Messaging server provides access to voice message and faxes. It can be access from the client's telephone or computer. (Unified Messaging Server Role, 2006]