Tuesday, May 13, 2014

New in Exchange Server 2013 SP1

Microsoft released Service Pack 1 -- also known as Cumulative Update 4 -- for Exchange Server 2013 in February of this year. The final build number for Exchange Server 2013 SP1 is 15.00.0847.032.
It's time to take a closer look at what's new in Exchange 2013 SP1 and what you can expect from its features.

MAPI/HTTP will replace RPC/HTTP

Microsoft introduced a new connection model for Outlook clients as an alternative to RPC-over-HTTP, which Exchange 2013 used until now. This new model, named MAPI/HTTP, changes how data is transmitted to and from Exchange. In essence, Outlook Anywhere and MAPI/HTTP both use Messaging Application Program Interface (MAPI).
The only exception is that Outlook Anywhere MAPI is encapsulated in remote procedure call (RPC) packets prior to shipping them over TCP to Exchange. This encapsulation creates a certain overhead, but it's important to remember that RPC is an old technology.
It's important to understand that Outlook 2013 SP1 is the only client that can connect to Exchange via MAPI over HTTP so this transition will take a long time to become effective for many organizations. In addition to deploying supported clients, you have to make a one-time configuration change to enable MAPI over HTTP. In the meantime, RPCs will continue to flow as before and clients will remain connected. Microsoft plans to enable MAPI over HTTP for Office 365 soon (if they have not done so ny now) and new clients will begin to use MAPI over HTTP as they are deployed. No immediate plans exist for Microsoft to turn off RPC over HTTP within Office 365, but it wouldn't be a surprise if this happened in a couple of years.
Simpler DAGs
If you deploy Database Availability Groups (DAGs) on Windows 2012 R2, you now have the chance to create an "IP-less-DAG".  This is the continued evolution of the DAG model where Exchange takes on increased responsibility for all aspects of DAG management. With the new mode of DAG, all management is done through Exchange and the Failover Cluster Manager, CNO, network name resource, and DNS entry for the cluster are no longer required. This simplification is welcomed and remember that the requirement that all of the member servers in a DAG must run the same operating system continues, which means that if you want to deploy Windows 2012 R2, you might have to rebuild DAGs.
OWA and OWA for Devices can now display DLP policy prompts
This is important because until SP1, Outlook 2013 was the only DLP-aware client and this represented a deployment block for companies who considered the use of DLP to protect against the disclosure of sensitive data through email.

Support for Windows Server 2012 R2 is included

You can now deploy Exchange 2013 SP1 on Windows 2012 R2 servers - and use Windows 2012 R2 domain controllers and global catalogs (and Windows 2012 R2 DFL/FFL). Windows 2012 R2 DC/GC support is also gained by Exchange 2010 SP3 RU5 and Exchange 2007 SP3 RU13. However, Exchange 2007 SP3 RU13 does not support Windows 2012 R2 DFL/FFL and you can't install Exchange 2010 or Exchange 2007 servers on a Windows 2012 R2 server.

Exchange Administration Center command logging returns

Cmdlet logging is restored for Exchange Administration Center (EAC). The EMC console used by Exchange 2007 and Exchange 2010 has three ways for administrators to see what EMS commands are executed to get work done. These are invaluable in terms of exposing people to cmdlet syntax and values. Exchange 2013 SP1 allows you to enable cmdlet logging and have a separate window where cmdlets are displayed as they are executed by EAC.

Edge Transport also returns

Bringing back features is a main theme for Exchange 2013 SP1. The Edge Transport role, although not frequently used, also found its way back into the product. Many admins might not care because of the product's limited use, but Edge Transport has significant value in hybrid deployments. Additionally, the directory integration allows you to easily do directory-based Edge blocking, a feature sometimes also referred to as LDAP-filtering in similar third-party options.
But this isn't all good news. PowerShell adepts among us won't have much trouble managing the renewed Edge Transport roles, but anyone looking for a graphical user interface (GUI) might be disappointed since it currently doesn't exist. Even though there's only limited configuration involved, I liked the GUI because it was easier to work with -- especially since you didn't have to do much with the Edge Transport in the past.

DLP gets a boost

Organizations can add custom documents to the set of DLP sensitive data types used by policies on clients (as messages are composed) or via transport rules (as messages pass through the transport pipeline). This is done by creating a document fingerprint of a sensitive data type such as a tax return form that makes it a known type for DLP checking. The set of DLP templates provided in Exchange 2013 SP1 is extended to accommodate the needs of more countries and regions.

Support for SSL offloading

I'm not a big fan of Secure Sockets Layer (SSL) offloading -- mainly because it requires additional configuration on the Exchange side and introduces additional complexity. SSL offloading is the process in which you configure a load balancer to decrypt SSL traffic, but not to encrypt it when sending traffic to Exchange. There are definitely times when SSL offloading has it merits, for instance, to decrypt and then re-encrypt traffic when your load balancer can't handle the load.
S/MIME support returns to OWA (for IE9 and above, but not for Chrome, Firefox, or Safari). This is functionality that was removed as part of the transition in OWA architecture to deal with multiple device display formats. With Exchange 2013 SP1, S/MIME is supported across Outlook, OWA, and Exchange ActiveSync clients. The Set-OWAVirtualDirectory cmdlet has been updated to allow S/MIME to be enabled or disabled on a server.  Firefox browsers that support the HTML5 appcache mechanism can take advantage of OWA’s offline mode.

Naturally, because Exchange 2013 SP1 is also a cumulative update, it includes a large number of bug fixes in response to problems found in testing or reported by customers. For this reason and because a large amount of new functionality is present, you need to test Exchange 2013 SP1 thoroughly before introducing it into production.