70-663 PRO: Exchange 2010 for IT Professionals
Exchange 2010 is hot; this Pro-level exam is hotter.
Exam 70-663 PRO: Designing and Deploying Messaging Solutions with Exchange Server 2010 is the companion exam to 70-662 TS: Exchange Server 2010, Configuring. You need both to earn the Microsoft Certified IT Professional: Enterprise Messaging Administrator 2010 title.
It's interesting to note that Microsoft has actually reduced the number of exams required for the MCITP: Exchange 2010. The Exchange 2007 version required three exams: 70-236 TS, 70-237 TS and 70-238 PRO. Perhaps Exchange 2010 will turn out to be easier to design and administer? It doesn't look like Microsoft is going to offer an upgrade exam for those already certified on Exchange 2007.
The target audience for 70-663 is senior administrators in enterprise settings, responsible for the design of Exchange implementations as well as third-level support. Additional expected knowledge ranges from earlier versions of Exchange, Windows Server, AD, DNS, PKI and PowerShell.
I took the 71-663 beta, which had 78 questions and a long exam time (about 3 hours). The final version has 50 to 60 questions, with a time limit of around 90 to 120 minutes.
The exam beta and the final exam test candidates on the following topic areas, which we'll covered in this review:
- Planning the Exchange Server 2010 Infrastructure
- Deploying the Exchange Server 2010 Infrastructure
- Designing and Deploying Security for the Exchange Organization
- Designing and Deploying Exchange Server 2010 Availability and Recovery
- Designing and Deploying Messaging Compliance, System Monitoring and Reporting
At the time of writing, there were no books or E-Learning training for this exam. The course catalog lists two classroom training products. Even so, most of the information you need to assimilate before attempting the exam is available at TechNet; it just takes a little digging (see the Resources section for some links).
The obvious recommendation for taking this exam is to have hands-on experience with installing and managing Exchange 2010 on several, separate servers. Installing on a member server gives you the experience of preparing the domain beforehand; having a separate Edge server lets you practice edge synchronization. If possible, try to have a mixed environment, with Exchange 2007 or even 2003 servers, and do the actual steps involved in a migration.
Planning the Exchange Server 2010 Infrastructure
Understanding AD site topology is important in this section, as is knowledge of how Exchange 2007/2010 uses site links and how to change the AD costs to Exchange specific costs.
A resource forest topology is required when AD and Exchange administration has to be totally separated. The accounts forest contains all the user accounts, and a separate forest has Exchange installed. The forests are linked with either a forest trust (easier) or an external trust and linked mailboxes (a mailbox associated with an external account) are used for each user.
New features are always covered, so make sure you read up on the new calendar and contacts Federated Sharing functionality.
Designing mailbox servers can be tricky, as it depends on many factors; one thing you can be sure of is that there will be questions on how to design a Database Availability Group (DAG). You will need Windows Server 2008 Enterprise, as Standard doesn't include the required clustering components. Also, unlike Exchange 2007, the mailbox role in a high availability scenario can co-exist with other roles on the same server.
The exception to this co-existence is if you have multiple CAS servers installed together with the mailbox role and need to load balance CAS; Network Load Balancing (NLB) can't live together with the failover clustering technology underlying a DAG.
Exam tip: The PowerShell command to create a CAS array (New-ClientAccessArray -Name "Internal CAS Array" -FQDN internalCASArray.client.local) is only half the story; this, by itself, doesn't load balance CAS servers. You also need to use NLB in Windows unless you have more than eight nodes, in which case a hardware load balancer is recommended.
Remember that you need a CAS and Hub Transport server in every site where you're going to install an Exchange server.
Transitioning to Exchange 2010 is only possible from Exchange 2003 and 2007; earlier versions have to be decommissioned first. Read up on the order in a migration, which servers to do first and how to verify success. Also, be aware of the certificate requirements in a migration scenario: Exchange 2010 uses a new namespace (legacy.company.com) to seamlessly direct users to the right server before they're moved to Exchange 2010. A Subject Alternate Name (SAN) certificate is recommended to cover the different needed namespaces for ActiveSync, OWA and Outlook Anywhere.
Deploying the Exchange Server 2010 Infrastructure
Remember that Exchange 2010 doesn't support Read Only Domain Controllers (RODC) and Read Only Global Catalog servers (ROGC). Edge synchronization starts on the Edge server where the Edge Sync file is created. This is then imported on the Hub transport server.
Multiple Edge servers can help with load balancing and fault tolerance. Cloning their configuration is a manual process. Start by running ExportEdgeConfig.ps1 on the source server and then ImportEdgeConfig.ps1 on the target Edge server.
Exam tip: If you have earlier versions of Exchange, start by running setup /PrepareLegacyExchangePermissions or setup /pl. This can also be targeted to individual domains. Next, prepare the schema by running setup /PrepareSchema or setup /ps, followed by setup /PrepareAD or setup /p to prepare AD. Then run setup /PrepareAllDomains or setup /pad. Again, this can be targeted to individual domains using setup /PrepareDomain:FQDN.
Research the different permission levels (Domain Admin, Enterprise Admin, etc.) required to implement each step above.
Understand the different ways DNS and Exchange interact with MX records and PTR records. The Sender ID framework also relies on DNS records of the SPF type.
Exchange uses several specific ports for communication. Besides the obvious port 25 for SMTP and 587 for SMTP with TLS, be aware of port 50636 for Edge Sync. Database seeding and log shipping in a DAG, by default, uses 64327 (but this can be changed). CAS servers use 80 and 443 for Web access, along with 110 and 995 for POP3 and secure POP3, whereas IMAP4 uses 143 for normal traffic and 993 for secure traffic.
Jetstress and Loadgen are two tools available to a designer of Exchange mailbox servers. Research the difference between the two tools and their usage.
Designing and Deploying Security for the Exchange Organization
Exchange 2010 has a new security model: Role Based Access Control (RBAC). It's a whole new ballgame. Make sure you read up on Management Role Groups, Management Role Assignment Policies and Direct User Role Assignment, as well as Scoping Role Assignments. Get some hands-on experience configuring different role groups and test allowed and denied tasks.
Exam tip: OWA can be customized using Segmentation. Read up on the different options available to you and how to do it in both the shell and the console.
Try out the Exchange Control Panel (ECP). Because it's a totally new feature there will be questions pertaining to it. It allows end users limited management capabilities to adjust Exchange settings as well as (provided RBAC allows it) manage distribution groups.
Transport rules that automatically apply Rights Management Services (RMS) templates to messages are also new in Exchange 2010. Know how these work and how the end user's experience is controlled by the assigned rights. Try out the new functionality in OWA; users can now create RMS protected e-mails rather than just consuming them.
The anti-malware functionality available on the Edge role hasn't changed a great deal from Exchange 2007, but look into the phishing confidence level (PCL), a value from one to eight that defines how likely the mail is to be a phishing attempt.
Exam tip: Be aware that Exchange mailbox databases and log files can be stored on Bitlocker encrypted drives, but not be protected using Encrypted File System (EFS).
Designing and Deploying Exchange Server 2010 Availability and Recovery
The big Kahuna here is, of course, Database Availability Group (DAG) for mailboxes. Know how to set one up and how to configure lag copies. You can delay (0 to 14 days) the replaying of log files into copies of the database to protect against logical corruption of the database.
High availability for the other roles is equally important. CAS Arrays were covered above, and for the hub transport role, one new feature is Shadow Redundancy. This checks with the next hop that the message was successfully delivered before deleting it. In the case of a problem, the message is resubmitted, possibly through an alternate route.
Backing up Exchange 2010 takes a VSS aware backup program. Having a cursory understanding of how DPM 2007 works should be helpful in designing a good backup strategy.
|Must-Know Tips Before Taking an Exam
If this is your very first IT exam, or at least your first Microsoft exam, there are some things you should know:
The price for each Microsoft exam in the U.S. is $125.
You are allowed to take any exam as many times as needed to pass.
Take advantage of Second Shot offers, which can give you a second chance at an exam you failed the first time. You need to register into the program before attempting an exam. Details on the latest offer is here.
Free exam vouchers may be available through your company based on their membership in the Microsoft Partner Network or Software Assurance or Enterprise licenses.
You will receive an onscreen pass or fail indicator at the completion of the exam.
You will also receive a printed score report upon exiting the exam booth.
You will receive a certificate, wallet card, congratulations letter and Microsoft Certification number after you have requested the certification package from Microsoft's Web site. (Don't forget to give a valid e-mail address when registering for your exam.)
You can take any IT exam at any Thomson Prometric testing center.
One more tip while you're taking the exam: You will be able to move forward and backward through the exam question set. Very often, a later question can help you answer an earlier one for which you may not have been absolutely certain of your answer. You should, however, always choose an answer for each and every question before moving forward, since you may run out of time, and any unanswered questions are scored as incorrect.
You can mark questions you are unsure of and return using the back button, or by using the review screen at the end prior to scoring.
(This information is current as of Jan. 24, 2010.)
Designing and Deploying Messaging Compliance, System Monitoring and Reporting
Auditing is important in large environments. Admin audit logging can keep track of every cmdlet that's been run (if desired). Understand journaling, how to configure it for particular users and how it differs from transport rules.
Legal holds stop anything disappearing from a particular mailbox; even deleted items show up in subsequent searches. Retention policies are part of the overall messaging records management. In this release, this is controlled by default tags, retention policy tags and personal tags. Also understand the actions that can be taken based on a policy: Move to Archive, Move to DeletedItems, DeleteAndAllowRecovery, PermanentlyDelete and MarkAsPastRetentionLimit.
MailTips is another new feature. Make sure you understand what it does and how to customize it for your organization.
Be aware of how to configure ActiveSync policies for mobile devices and what can and can't be limited.
Exam tip: Use the Test-Mailflow cmdlet to test mail flow and optionally test for a particular latency threshold.
Finally, understand the importance of monitoring the whole environment. Not surprisingly, System Center Operations Manager is the suggested application for this.
Getting the Message
Exam 70-663 was a challenging, but fair exam because of the breadth of the material. There was also a bit of overlap with the content in exam 70-662.
Good luck on your exam!