The Zen of Hosting: Part 5 - HMC and Exchange

Submitted by Robert MacLean on Sun, 06/15/2008 - 22:00

A little note from the editor (he he, like I have an editor). The previous post was late due to circumstances I can't even explain, sorry about that (to make it up, I have post this a few hours earlier). Also if you have been reading on the site the formatting has been slightly out due to security permissions, which I will remember to fix up in future. Anyway hope you enjoy the posts, and now back to the regular scheduled (he he) broadcast.

So part 4 was a really massive post because there is so much that HMC does for AD, but this post is a lot short because HMC provides similar functionality for Exchange as AD. The primary similarity is that it uses properties in AD to completely separate companies so that even on a GAL level you cannot see other companies email addresses (see the end of part 4 about the security issues).

Exchange management is also an area where I learnt not to trust the management web interface is showing me everything HMC could do, cause in reality it is just a subset. For instance if you want to create a distribution group, there is no option in the interface or even in the samples. However if you dig through the SDK you will find the details of how it can be done and the SDK has a sample in the documentation which you can copy, paste and edit and use that.

The biggest headache with the Exchange deployment for me was not HMC, which was really easy in comparison, but the setting up of the auto discover system and the certificates for that. At the end of the day there was three critical things I used to get it solved:

  1. Making sure the DNS was correctly setup. I'll cover DNS issues in part 11 (yeah I’ve written that far in advance).
  2. Using http://www.testexchangeconnectivity.com which is a prototype web site from the Microsoft Exchange team which allows you to run tests of common Exchange systems over the Internet.
  3. Lastly setting up the auto discover redirect, which is not normally needed but in a hosted environment is essential. The reason it is so essential is that unless you are going to automate your DNS provisioning (which you should anyway and HMC doesn't do out the box) and automate your purchasing of SAN (server alternative name) certificates which are extremely expensive and I wouldn't know where to start with that (BizTalk maybe) you are going to have to setup a single certificate and direct all customers through one interface. The easiest way to do it is from an article I found on the Exchange team blog: More on Exchange 2007 and certificates - with real world scenario (search for The Other Method).