S 2.247 Planning the use of Exchange and Outlook

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: IT Security Officer, Administrator

When planning the use of Exchange and Outlook, the following aspects must be taken into consideration:

• Microsoft Exchange systems integrate into the Active Directory (AD) of a Microsoft Windows network infrastructure. Therefore, the Microsoft Exchange scheme should be aligned with the Active Directory scheme (see S 2.229 Planning the Active Directory). When installing Microsoft Exchange, a scheme extension of the Active Directory is performed. This way, an Exchange installation substantially influences the Active Directory so that the scheme administration of the scheme master server must be involved. Furthermore, the persons involved in planning must have sufficient knowledge of the general structure of the Windows network, particularly the distribution of the domain controllers and the availability of the so-called Global Catalog server.
• The mailbox databases can be distributed to different Exchange servers. This way, information with different protection requirements can be distributed to servers with the corresponding physical protection. In the event of adequate planning, this can simultaneously increase the performance and the reliability. This is also applicable to the use of further high-availability functions.
• Along with planning the required application scenario and the distribution of the Exchange servers, a security policy must be drawn up dealing with the aspects specific to Exchange. The aspects to be taken into consideration in so doing can be found in S 2.455 Defining a security policy for Groupware.
• So-called connectors establishing the connection between different systems are available for connecting an Exchange system to third party communication systems. The use of these connectors requires careful planning in order to guarantee smooth communication.
• The use of the Microsoft Outlook clients, their access options to the Microsoft Exchange server, and the protection of these accesses require planning. Furthermore, it must be defined whether or not a connection as MAPI client is required. In the past, the MAPI interface was frequently misused for distributing programs with harmful functions (e.g. viruses, worms, etc.).
• Administration of the Microsoft Exchange system requires planning. In this, the tasks range from defining the roles and responsibilities in the organisation, including substitution arrangement, to defining suitable administration functions. Furthermore, user groups with suitable rights must be created in the corresponding domains.
• The user accounts and the used groups of the organisation require planning.
• The use of an integrated virus protection program on the Microsoft Exchange system requires planning. In this, it must be decided which virus protection programs are used on the server and on the client under which basic conditions.

The planning of the Exchange system must only be considered complete if the so-called roll out has also been planned in detail. In this, the installation sequence of the individual Exchange servers and all Outlook clients is defined, amongst other things.

In order to specifically implement the requirements from this safeguard, Microsoft Technet contains explanations, for version 2010

• planning and installing Microsoft Exchange 2010 is explained in "Planning and Deployment: Exchange 2010 Help" and
• planning and installation Microsoft Outlook 2010 is explained in "Planning the deployment of Office 2010", for example.

Review questions:

• Was the use of Exchange and Outlook planned adequately?
• Was the scheme administrator involved in planning the Exchange system?
• Is there a plan for distributing the Exchange and Outlook software?