T 2.91 Poor planning of the migration of Exchange

In practice, Microsoft Exchange systems are more frequently migrated than newly installed. In order to migrate to a new version of the Microsoft Exchange Server, it is in some cases a prerequisite to also upgrade the operating system to a later version.

New operating systems also include requirements for the existing domain concept and the existing directory services. For this, planning and organisational services must be provided from a security point of view, whereby these require careful planning from scratch.

The following security problems may occur when the migration is planned poorly:

• The configurations could be imaged incorrectly or inconsistently, because this includes a new concept for the old infrastructure. Furthermore, an incorrect connection to the directory service may result in the policies and the Access Control Lists (ACL) becoming ineffective.

• A loss of functionality may be triggered by poor protocol settings or other misconfigurations.

• The administration of the system may be planned improperly and the administration limits may be defined ambiguously. Reviewing and adapting corresponding old concepts may be necessary. If the assignment of rights to administrators is planned improperly, this may cause gaps in the security and impairments of the system administration.

• The required organisation-wide security policies could be implemented insufficiently due to poor planning of the migration of the security settings. This refers to both the access options to the server and the data stored on the server.

• Data and information may be lost during migration, particularly if the system fails during the migration phase.

• Necessary subsequent improvements of the productive systems' configuration may cause a loss of productivity.