S 2.249 Planning the migration of Exchange systems

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator, IT Security Officer

In practice, migrating an existing Exchange system is more common than installing one from scratch. Therefore, migration from a previous version is an important scenario for Exchange.

A release change is a dramatic jump in virtually all sub-aspects regarding Microsoft Exchange systems. Thus, this is not a software update, but an extensive design switch. This switch not only affects the Microsoft Exchange software, but also the underlying Windows server operating system.

When installing Microsoft Exchange systems, a so-called scheme extension of the Active Directory is performed. A scheme change is a fundamental intervention into the Active Directory that cannot be undone. Therefore, it is indispensable to involve the Windows system administrators and particularly the Active Directory scheme administrators in migration planning.

Every step of the migration must be planned in detail, the migration process aimed at must be documented, and this documentation must be made available to all parties involved. An overview of the steps to take in the context of the migration process is provided below:

• data backup of all components of the existing Groupware system,
• test run of the new software in a test scenario,
• installation of the new computers (for Microsoft-Exchange server) with the assumed Windows server operating system,
• making the new computers (for Microsoft Exchange server) a member of the required domains,
• installation of the Microsoft Exchange software to the designated Windows servers,
• distribution and adaptation of the corresponding Microsoft Outlook clients,
• configuration of the user accounts, including the email function, and
• installation of the old email data to the migrated system.

From a security point of view, the following aspects must be taken into consideration when planning the migration:

• Which mailboxes and/or objects must be migrated?
• Is the existing security policy adopted, changed, or amended?
• Was the existing Active Directory concept taken into consideration and amended where necessary?
• Which email systems must be connected?
• Are there functions that must be discontinued or no longer supported by the new version?
• The new software should be tested in a separate test network before installation.

In general, it must be taken into consideration that the terminology of the objects changes when changing the version of Microsoft Exchange.

The following Microsoft Technet documents explain how the requirements from this safeguard can be implemented specifically, for example for version 2010:

• An overview of an upgrade to Microsoft Exchange Server 2010 can be found in: "Upgrading to Exchange 2010: Exchange 2010 Help".
• An overview of the discontinued and/or changed functions of older Microsoft Exchange servers regarding Microsoft Exchange 2010 can be found in: "Discontinued Features and De-Emphasized Functionality: Exchange 2010 Help".
• The coexistence of older versions of Microsoft Exchange server with Microsoft Exchange 2010 requires planning. Regarding this, the changed access model for Exchange objects must be taken into consideration, as described in "Understanding Permissions: Exchange 2010 Help".
• Migration from Lotus Notes is described in "Migrating from Lotus Notes to the Microsoft Collaboration Platform".

Review questions:

• Were the individual migration steps thoroughly planned and documented?
• Were the Windows system administrators involved in the planning phase for the migration of Exchange?
• Were the scheme changes to be performed for Exchange regarding the Active Directory documented?