Module 3

Planning and deploying message

transport
Module Overview

Designing message routing

Designing transport services
Designing the message-routing perimeter
• Designing and implementing transport
compliance
Lesson 1: Designing message routing

Message transport components in

Exchange Server 2016
Default message-routing configuration in Exchange
Server 2016
Transport high availability in
Exchange Server 2016
Modifying the default message-routing topology
• Designing message routing to mitigate the effects
of message-routing failure
Message transport components in Exchange
Server 2016
Message transport components in Exchange
Server 2016
Message transport components in Exchange
Server 2016
Default message-routing configuration in
Exchange Server 2016

• Routing destinations:
• Mailbox database
• Connector
• Distribution group expansion server

• Delivery groups:
• Routable DAG
• Mailbox delivery group
• Connector source servers
• Active Directory site
• Server list
Transport high availability in Exchange Server 2016
SMTP
server

Mailbox
Mailbox 02
01
(Shadow server)

Active
queue

Shadow
Primary queue
queue

Transport service
Shadow
Safety Net

Mailbox Transport service

Transport Service
Mailbox
database
Modifying the default message-routing topology

You can modify default message flow by

performing the following:
• Configuring Hub sites:
Set-ADSite –Identity AdSitename
-HubSiteEnabled $true
• Configuring Exchange-specific routing costs:
Set-AdSiteLink –Identity AdSiteLinkName
–ExchangeCost value
• Configuring expansion servers for distribution
groups
Designing message routing to mitigate the effects of
message-routing failure
• The Preferred Architecture:
• Provides both high availability within the datacenter, and
site resilience between datacenters
• Supports multiple copies of each database thereby
allowing for quick activation
• Decreases the cost of the messaging infrastructure
• Increases availability by optimizing around failure
domains and reducing complexity
• The Preferred Architecture’s design focuses on four areas,
including:
• Namespaces
• Datacenters
• Servers
• DAGs
Lesson 2: Designing transport services

Planning your transport services

Demonstration: Reviewing mail flow settings
Designing accepted domains and remote domains
Planning for SMTP relay
Designing message throttling, back pressure, and
size limits
Planning transport rules
Troubleshooting SMTP message delivery
• Using message-tracking and protocol logs
Planning your transport services

When planning your transport services, you should

consider:
• Which email domains will accept SMTP traffic?
• Which component initially accepts SMTP connections?
• At which point do you implement SMTP traffic
inspection for viruses and malware?
• Are there any hosts in your network that require SMTP
relaying?
• Do you have reliable connections for SMTP traffic inside
your organization?
• Are you going to implement secure SMTP traffic with
another organization?
Demonstration: Reviewing mail flow settings

In this demonstration, you will view the available

options for managing mail flow
Designing accepted domains and remote domains

• When designing transport services, you should

configure the:
• Domains for which the Exchange Server will accept email
• Policies to apply for domains outside of your Exchange
Server organization

• Domains include:
• Accepted domains:
• Authoritative domain
• Internal relay domain
• External relay domain
• Remote domains
Planning for SMTP relay

SMTP relay scenarios that you use Exchange Server 2016

for are:
• Internal SMTP relay. No additional configuration is
necessary.
• External SMTP relay:
• Use authentication for SMTP connections. Minimal
configuration is necessary.
• Configure an anonymous SMTP relay connector.
Requires creating a new Receive connector.
Designing message throttling, back pressure,
and size limits
You can control message flow within your organization by
configuring:
• Message throttling. Message throttling is a group of
limits that you can impose on the number of messages
and connections that a Mailbox server or Edge Transport
server can process

• Back pressure. A system resource-monitoring feature

that detects when vital resources are under pressure

• Message size limits. They enable you to restrict the total

size of a message, or the size of the individual
components of a message and the number of recipients
Planning transport rules

• Transport rule components include:

• Conditions
• Exceptions
• Actions
• Modes

• The workflow for transport rules is as follows:

1. You create transport rules that fit your needs
2. While a message is processed through the transport
pipeline, the transport rule agent is invoked
3. If the message fits the conditions specified in the
transport rule, the specified action is taken on that
message
Troubleshooting SMTP message delivery

• You can use the following queues to help troubleshoot SMTP

message delivery:
• Persistent queues:
• Submission queue
• Unreachable queue
• Poison message queue
• Delivery queues
• Shadow queues
• In addition to the Exchange Queue Viewer, you also can use the
following Windows PowerShell cmdlets:
• Get-Queue
• Suspend-Queue, Resume-Queue, Retry-Queue
• Get-Message
• Suspend-Message, Resume-Message, Remove-Message
Using message-tracking and protocol logs

Additional Exchange Server troubleshooting tools

include:
• Message-tracking logs
• Delivery Reports
• Protocol logging
• The Telnet client
• The Remote Connectivity Analyzer website
Lesson 3: Designing the message-routing perimeter

Default configurations for Edge Transport servers

Planning hardware and placements for your Edge
Transport servers
Designing Edge subscriptions
Designing outbound mail flow
Designing inbound message flow
Designing message routing to the perimeter
• Planning address rewriting
Default configurations for Edge Transport servers

The default Edge Transport server configuration includes the:

• Transport agents, such as the:
• Connection filtering agent
• Malware agent
• Address rewriting inbound agent
• Address rewriting outbound agent
• Edge rule agent
• Content Filter agent
• Sender ID agent
• Sender filter agent and recipient filter agent
• Protocol analysis agent
• Attachment filtering agent
• Send and receive connectors
• Accepted domains
Planning hardware and placements for your Edge
Transport servers

Edge
Transport Edge
server 1 Transport
Edge server
Transport
server 2

Mailbox
Mailbox server
server

Site A Site B
Designing Edge subscriptions

When you are designing an Edge subscription, you

should consider that:
• You can subscribe an Edge Transport server only to a
single AD DS site
• An Edge subscription is specific to each Edge Transport
server
• When you configure the Edge subscription, it configures
secure message transfer between the Edge Transport
server and all Mailbox servers in the subscribed AD DS
site
• You can deploy multiple Edge Transport servers to
enable high availability and load balancing
Designing outbound mail flow

• Use a single location for routing all messages to

the Internet, or enable message routing through
multiple locations
• Configure one or more Send connectors to route
email to the Internet
• Configure DNS lookups to use external DNS
servers rather than internal DNS servers
Designing outbound mail flow
On-premises
Outbound mail flow Exchange Server 2016
(no Edge Transport servers) environment
Mailbox server
Front End
Transport
4 service
Outbound
mail
Transport
4 service

Internet 3
2
Mailbox
Transport
Submission
service
1

Internal network
Designing outbound mail flow
On-premises Exchange Server 2016
Outbound mail flow
environment
(with Edge Transport servers)

Edge Mailbox
Transport server
server
Outbound
mail
6 Transport 5 4 Transport
service service

3
Internet 2
Mailbox
Transport
Submission
service
1

Perimeter network Internal network

Designing inbound message flow

• Use a single location for inbound routing from the Internet,

or enable message routing through multiple locations
• Configure MX records for each inbound SMTP server with
equal priorities if you plan to implement multiple inbound
routing points
• Plan for the authentication requirements of your Receive
connectors
• Remember that if you configure an Edge subscription, this
process automatically creates a Send connector on the Edge
Transport server to send messages to the Mailbox servers
• Create additional Receive connectors to address specific
business requirements
 Designing inbound message flow
On-premises
Inbound mail flow Exchange Server 2016
(no Edge Transport servers) environment
Mailbox server
Front End
1 Transport
service
Inbound
2
mail
Internet Transport
service

Mailbox
Transport
Delivery
service
4

Internal network
Designing inbound message flow
Inbound mail flow On-premises Exchange Server 2016 environment
(with Edge Transport servers)

Edge Mailbox server

Transport
server
Front End
3
Transport Transport
1 service 2 service
Inbound
mail 4
Internet Transport
service

5
Mailbox
Transport
Delivery
service
6

Perimeter network Internal network

Designing message routing to the perimeter

• Consider whether to use an Edge Transport server to route

messages to and from the Internet
• Consider whether to configure Edge subscriptions between
the Edge Transport server and the AD DS site
• Consider whether you want to implement a single path for
routing messages to the Internet, or whether you want to
implement multiple paths
• Plan the internal message routing for messages being sent
to the Internet
• Use the connector scope to control whether messages sent
to recipients outside the organization are sent between
AD DS sites
Planning address rewriting

• Reasons you might consider address rewriting:

• Group consolidation
• Mergers and acquisitions
• Partners

• Considerations for address rewriting:

• Outbound-only address rewriting
• Bidirectional address rewriting
• Priority of address rewriting entries
• Digitally signed, encrypted, or right-protected email
Lesson 4: Designing and implementing transport
compliance

Options for implementing transport compliance

Planning transport rules for compliance
Understanding message classification
Planning message classification
Planning for message moderation
Planning for message journaling
• Demonstration: Configuring message moderation
and journaling
Options for implementing transport compliance

• The methods to implement transport compliance

include:
• Transport rules
• Message classifications
• Moderated recipients
• AD RMS integration

• Additional message and compliance features

include:
• Messaging records management
• In-Place Archiving
• In-Place Hold
• In-Place eDiscovery
Planning transport rules for compliance

When planning transport rules, you should:

• Plan conditions and exceptions carefully
• Use regular expressions to check message contents
• Test the application of transport rules
• Plan for transport rule limitations on encrypted and
digitally signed messages
• Use transport rules on Microsoft Exchange Edge
Transport servers to apply outbound message policies
for delivery to external recipients
• Consider transport rule recovery; deleted transport rules
are not easily recoverable
Understanding message classification

• The default message classifications in Exchange

Server 2016 include:
• Attachment Removed
• Originator Requested Alternate Recipient Mail
• Partner Mail

• Message classifications occur in two ways,

including that:
• A message sender adds a message classification
manually before sending the message
• You can configure a transport rule to add a message
classification
Planning message classification

• Develop custom message classifications to

address other classification requirements
• Plan for localized versions of message
classifications in multilingual organizations
• Plan for the distribution of the client files for
Outlook 2007 and newer versions
• Configure transport rules to apply message
classifications and to apply restrictions
Planning for message moderation

• Moderators can moderate every recipient

• One or more moderators are necessary
• Moderators can approve or reject messages, and a
message expires if a moderator does not approve
or reject it within a specific time

• The components of moderated transport

include the:
• Categorizer
• Mailbox Transport service
• Information Assistant
• Arbitration Mailbox
Planning for message journaling

• Standard journaling journals messages from all

users on a mailbox database
• Premium journaling journals messages from
individual recipients:
• Needs an Enterprise client access license
• You can journal external, internal, or all messages

• Journaled messages are sent as an attachment in

the journal report to the journaling mailbox
Demonstration: Configuring message moderation
and journaling

In this demonstration, you will see how to:

• Configure moderation settings for the Managers
distribution group
• Configure a journal rule to journal all messages
that your organization’s users send and receive
Lab: Planning and deploying message transport

Exercise 1: Planning for a redundant and secure

message transport
Exercise 2: Planning for transport compliance
• Exercise 3: Implementing transport compliance
Logon Information
Virtual machines: 20345-2A-LON-DC1
20345-2A-LON-EX1
20345-2A-LON-EX2
20345-2A-LON-CL1
User name: Adatum\Administrator
Password: Pa$$w0rd
Estimated Time: 60 minutes
Lab Scenario

You are the messaging engineer for A. Datum

Corporation, an enterprise-level organization with
multiple locations. You must design a new routing
infrastructure for your organization. You first must
examine the documentation that details the
existing infrastructure, and then make proposals
regarding any changes that you need to make to
address your organization’s needs. You also must
document your proposals, and lastly, you will use
various Exchange Server management tools to
investigate the current routing topology and make
necessary changes to meet your security
requirements.
Lab Review

If your Exchange Server 2016 deployment did not

include the Edge Transport server, how could your
message plan meet the requirements for the
Contoso partner?
• The network security policy at your company
requires that users not forward voicemail in
Exchange Server 2016 to recipients outside the
company. Based on your understanding of
transport rules, how would you configure this?
Hint: All voicemails in Exchange Server 2016 include the
words “Voice Mail” in the subject and include an
attachment with a file type of wma or mp3.
Module Review and Takeaways

Review Questions
• Best Practices