Saturday, December 13, 2008

Microsoft HMC 4.5 Deployment Walkthrough - Does it Work


Microsoft's HMC 4.5 Deployment Walkthrough is an excellent document and I could say that it does work.

I found some minor little errors in the doc but none that were significant enough for a person with a good level of experience with the various Microsoft products to be able to recognize and get past.
There are doubters of course as to whether or not the deployment walkthrough actually will guide someone through installing their hosted Exchange 2007 environment. I did not build hosted communications or hosted sharepoint, only hosted Exchange.

My deployment did not match the deployment walkthrough exactly. And this fact is a testament to how well Microsoft has put together this iteration and release of the hosted messaging and collaboration. I build the infrastructure with the following servers, and believe me more will be added, but at this moment after just completing the install and applying my real SAN cert (not the SSL certs I generated on my own internal root certificate CA server).

Particularly in the domain controller department, I sped through the deployment by using only one domain controller. I'll be adding another this week and preparing for our first customers. I have 9 servers in total with a build out expected in the near future to include more servers to expand and increase performance and redundancy. Very soon and firstly, within a day or so I will have reached 10 servers for this HMC 4.5 deployment by simply adding another domain controller which is an absolute must and critical that it's deployed as soon as possible. Running with one DC is a recipe for a disaster (as we all know). When that server is added to the environment, the number of servers will be a consolidated 10 (ten) servers for this hosted Exchange HMC 4.5 solution deployment.

This is a consolidated hosted messaging and collaboration HMC 4.5. It was an accident that I created it as such and did start my work building the HMC 4.5 deployment from the consolidated HMC 4.0 deployment guide (an unofficial guide). I have for servers the following (names and roles to be added later):

There have been some grunting and groaning about Microsoft's deployment walkthrough document but I have to say it worked. The deployment walkthrough and in a consolodated design worked. This is my first install of the messaging and collaboration solution of any version. My HMC 4.5 deployment works with a minimum of servers (that will be scaled out to accommodate real production use). Overall, except for some minor issues the document does what's expected; provide a guide and example of a hosted solution installation and deployment. They cannot in a single document explain SQL, Exchange inner workings, or even the provisioning system in detail. This also make handy use of weeding out those who should not yet be deploying. A very experienced person with Microsoft products will find many of the steps easy to accomplish but a not so seasoned person will find the document and steps to accomplish the tasks not so helpful because every step of let's say, making changes or additions in active directory, are not explained or spelled out.

I saw that as I was working through the doc. I could see points that would make people give up because they can take a left turn during the walkthrough deployment and it will cost them dearly. I had one of those nearly deathly turns with the deployment of SQL report server. This is an area that I am familiar with but don't work with this particular product everyday and it showed as I worked through the deployment steps I had to verify to myself several times before taking action that it was the right thing to execute or do. My report server component of SQL installed without the databases it needed. Who knows why? Before this deployment I had another going that I scrapped for other reasons but the report server databases installed. In this round, they did not. I kept the abandoned deployment and used the datebase from that installation by exporting it and importing it. Although I believed I did the same thing as the first install and I was reading and working from the same Microsoft walkthrough deployment guide document, the install was different. I managed to get myself through the problem but several days were certainly lost.

Perhaps in another post I can mention my experience with the SAN (Subject Alternate Name) Unified Communications cert.

This deployment is not for everyone and everyone should not be deploying it. The document for the walkthrough deployment from Microsoft is excellent. Sure, there could have been more detail but the document is not meant to provide every step along the way. Microsoft has to assume and expect there will be some level of expertise and knowledge induced into the installation by the installer, Microsoft can't and should not put it into one single document. I wish I had noted the minor errors I found in the doc so I could send them to Microsoft for document correction. Again, without enough or the right amount of knowledge, those little errors could be devastating. For the smokey room conspirator theory folks who may be reading this post, who think Microsoft is evil, here's something to think about; perhaps Microsoft put those little errors in the document by design, ...hmmm... , purposefully weed out companies from the hosted game ... a selective or survival of the fittest process.

Microsoft did a great job with the HMC 4.5 document. Using it I was able to deploy a hosted Exchange 2007 server environment. I absolutely do not claim to be an expert in the multi-tenant Exchange environment but I surely have more than a foot in the door of learning and experiencing much more about it.

I just recently finished testing Outlook Anywhere functionality with the 4.5 HMC Exchange environment using a fictitious organization but a real domain using real DNS servers. The functionality works pretty darn good. Once again, Microsoft did an excellent job with the document and deployment guide walkthrough. The clients find the autodiscover redirect site then get sent to the autodiscover site within the hosted solution. Once there, they get their configuration data, logon, and up come the mailbox. It's fantastic the way Microsoft has put this together.

If during the testing phase of the deployment you have issued certificates to the autodiscover web site and internally to your Exchange servers using a root CA authority you built and is not a public root CA. A tip I could give to people who might be at this part of their deployment walkthrough and testing their Outlook Anywhere capabilities is to be sure to import the root CA certificate into the trusted root store for the user at the remote computer looking to connect with Outlook Anywhere. The symptoms are that Outlook finds the autodiscover web site, the user logs on, all seems well but the mailbox for the user does not load. A message similar to the following. "the profile is not configured" or " be sure you can connect to your exchange mailbox" .

The deployment guide actually states that Outlook Anywhere will not work without certs installed and applied to the web sites involved, and this I proved but a temp work around that will only be good for testing is to import the root certificate of the certificate authority server into the users root certificate store. It does not have to be the computer certificate store. This will allow the mail box to load into Outlook for the remote test user but until the real certificate is used (a public SAN UC SSL certificate), the user will be constantly prompted for a password. So Microsoft is right, without certificates the solution will not work for a real deployment of Hosted Exchange HMC 4.5.


Link to this site and/or post please if you've found it at all useful. Use the following URLs, thank you.