Exchange 2010 Service Pack 2 and Hosting


With the changes in strategy we announced in Future of /Hosting Mode a few months back we wanted to take the opportunity to make clear what is supported in what are typically referred to as hosting scenarios.

We announced that hosters would be able to use Exchange 2010 SP2 to provide hosted Exchange services once we released it. Well, we just released SP2 and now we have also released Multi-Tenancy and Hosting Guidance for Exchange Server 2010 SP2 to help our customers configure their solutions in a supported manner. We have created a multi-tenancy solutions and guidance web site to recognize control panel vendors who have provided adequate details about their solutions for us to list them as having a compliant solution. The guidance is intended for both hosters and control panel ISVs, but will also be useful for anyone trying to build a multi-tenant type system (sometimes referred to as a private cloud), using Exchange 2010 SP2.

Update Dec 20th: We’ve just published the Exchange 2010 SP2 Multi-Tenant Scale Guidance, which contains guidance for properly scaling and deploying a multi-tenant Exchange 2010 SP2 solution.

The most important thing to understand is that a hoster, a control panel vendor, or anyone who uses and follows the guidance we publish publically to build their solution is fundamentally no different than any other customer who deploys Exchange, but chooses not to change any of the default settings. We intend to offer support to you no differently than we would any other customer.

For example, you are an a typical Enterprise customer, and deploy Exchange, configure some Address Book Policies (ABP), change some calendar permissions and add few thousand accepted domains, you will get support just as you always have, as your configuration uses only supported tools and processes. As a hoster or private cloud builder it will be no different. You too create objects, set up some ABPs, and may end up with an unusual configuration in the eyes of an average Exchange customer, but that is all it is – unusual, customized to meet your requirements, but not unsupported.

Here are a few examples to try and clarify what this means:

  • You call us with an Exchange transport agent problem and it is clear that whatever you built doesn’t follow any of our published development guidance. We will recommend you change it to follow our guidance, and that advice won’t change whether you are a hoster, building a private cloud or are an Enterprise organization.
  • You are a hoster and call us to say that you can’t stop internal OOFs being delivered between tenants on your self-built hosting platform. We point you to our hosting guidance where we clearly state this is a known issue with this type of configuration and also tell you that the document also suggests the right approach to take to try and solve this kind of issue. If you want to then open a separate developer case to get help as you create the solution, you can do that too.

So as you can see, if you are a hoster or an Enterprise customer, or someone who builds themselves a solution to host multiple tenants in some way, and you have used supported tools and methods to configure your system we’ll be able to effectively support it. That’s really no different than it is today, if you choose to make some rather unusual changes to your system, we don’t ask to validate the end-to-end system before we help you recover that database. If, on the other hand, the database failed because of that rather unusual change you made, that’s when we get to discuss why you made those changes and potentially point out that they’re unsupported.

If a control panel vendor wishes to sell their solution AND have their solution listed on our web site, they need to provide written confirmation to us that their solution complies with the ENTIRE guidance document. If they only 90% comply, they won’t be listed. It won’t stop a vendor selling their solution, as they can do that without us reviewing any of their solution, but a customer who wants to buy a solution will not see theirs listed on our web site.

So in summary, for customers using Exchange 2010 SP2, we will treat our hosters and enterprise customers the same – if the root cause of your problem is an unsupported setting or change, we will point that out and recommend you change it. As a hoster you can really create a multi-tenancy system without making any unsupported changes. The guidance we have published will help you to do so, and we recommend you follow it.

I like to think about it like this: our end goal in providing guidance and allowing hosters to use Exchange Server 2010 SP2 is to make sure they end up with a solution based upon a supported configuration, which makes their system just the same as anyone else’s. We really do want you to get support for your system when you need it, you just need to make sure what you are doing will help us to help you.

Greg Taylor

Comments (40)
  1. Milind Naphade says:

    Greg, that clarifies a lot of confusion but a question that is still unanswered is, will a hoster be able to use ABP in a normal exchange setup or they still have to stick to /hosting switch if they are commissioning a new server / organization?

  2. Greg Taylor [msft] says:

    Look at the earlier posts I linked to as well. They explain more of the strategy.

    Yes, a hoster can build and new system using the on-prem version, or default mode, installation of Exchange 2010 SP2. In fact, that's what we are now recommending, not to use /hosting at all.

    But before deploying, review the guidance and plan out the solution, as simply installing Exchange and creating some ABP's does not create a multi-tenant platform.

  3. Dave Lewis says:

    Greg, So does this release installed without the Hosting switch allows creation of organizations? Or just deals with Address Book policies as far as multi-tenant goes?

  4. Greg Taylor [msft] says:

    Dave, there's no concerpt of the -organization switch if you don't use /hosting, and so the creation of logical organizations is something the admins has to do by combining things like ABP's, together with OU separation, changing ACL's on the OAB folders, maybe creating transport rules and changing default calendar permissions etc. The guidance document outlines the things you need to consider when configuring a product that is single tenant by design, to behave in a multi-tenant way. Read the guidance doc linked to in the post, I think it will make things clearer.

  5. Milind Naphade says:

    Thanks Greg. I read through all the guidelines but was not really very sure about my understanding of the things mentioned in there. Thanks for the crisp answer.

  6. Marius says:

    Hi Greg

    How about Sharepoint hosting using the same Active Directory as Exchange? Would that render the platform in an unsuported mode? Is even posible to have Sharepoint multy-tenancy with Exchange 2010 SP2 and the corresponding AD ? The guide mentions in some places about Lync hosting, but nothing about Sharepoint

    Thank you

  7. Dave Lewis says:

    Greg, This is a huge disappointment for the small-medium sized hosters. IS MS trying to push towards development of 3rd party control panels or just another way to dominate the hosted world with 365?

  8. Greg Taylor [msft] says:

    @ Marius – yes, you can have SharePoint in the same AD.

    @ Dave – most hosters I have spoken to feel the opposite, as this enables them to do things like, to quote a recent example from the post above yours, put Sharepoint and Lync in the same forest as Exchange. It really appeals to most of them. We're enabling hosters to use a much broader set of Exchange features by allowing them to use the on-prem version of the product, at the expense of having to be more creative in configuring multi-tenancy, for which we have provided guidance to ensure it is done correctly.

  9. Dave Lewis says:

    Could there be a example scenario with 2-3 tenants configuration wise in the on-premise setup?

  10. Greg Taylor [msft] says:

    At the simplest level, create 2 or 3 ABP's and you have the beginnings of it. Take a look at the document to see what else you might need to do, changing default calendar permissions, create some transport rules, secure OAB's, remove some ECP options, there's a lot of scope. We are not going to produce a step by step on how to do it, as there's really no one-size-fits-all approach to this.

    I would warn anyone that thinks ABP's ARE multi-tenancy to think again. They solve one of the problems (directory access) you need to solve when building a multi-tenant platform, but they alone are not the entire solution.

    It's not super simple, which is why we wrote the guidance, and we worked with control panel vendors, who have the skills and experience already, and who offer ready made solutions. If you don't have the skills in-house today, don't have a desire to develop the skills inside your own company or need to get to market fast, you might wnat to choose one of the vendor solutions we have validated.

  11. Johnny fra Stovner says:

    First you "messed" up GAL segregation in SP1. That was a disaster we're still working to clean up (new servers in /hosting mode, migrating customers over etc).

    Now you release SP2 and reverse everything. You have cost us a lot of money, many, many hours of work and angry customers.

    In my opinion, this SP2 is a step to push people over to Office 365, which still smells very beta. We have migrated a few customers over to Office 365, and for example a bandwidth cap in the migration of 50KB/s doesn't exactly help. Also with a price that is way under the SPLA prices we have, you easily remove any competition on hosted Exchange.

    You make your partners (SMB hosters) look bad. I am very disappointed.

  12. Dave Lewis says:

    Johnny fra Stovner, I completely agree with you, "this SP2 is a step to push people over to Office 365, which still smells very beta"

  13. Greg Taylor [msft] says:

    Johnny, I do hear the feedback, and it's not just you that has already deployed /hosting. But I will add this one thought – you don't have to build a new forest and migrate away right away. /Hosting will be supported for the life of 2010, and what I know some hosters are doing is building an additional forest using on-prem Exchange, and then putting new subscribers on it, and only moving existing customers to it if they want the additional features it offers. Otherwise, they will leave them on the /hosting system. Of course they are now managing two systems, but that's the choice they made to give them some choice and some flexibility.

  14. Johnny fra Stovner says:

    Greg, I hear you, and we are aware of the possibilities within the 2010 lifespan. But i still think this is a step in the wrong direction generally speaking. Will there even be a new version of Exchange? Or will that be reserved for Office 365 only? I hope you can see it from our point of view. We push SPLA licenses, and that sends money your way and generate an income with existing and new customers for us.

  15. Bernd Oliver says:

    I totally agree with Johnny and Dave!!!

  16. Barry-Aust says:

    Going from 2007 HMC4.5 to 2010 SP1/Hosted was painful.  However we got it done thinking it will be the last time we have to do a cross-forest migration.  

    Now comes 2010 SP2, and here we go again.

    Having separate environments would never work, because ultimately you will have to move everyone over to the new system (why else are clients paying for hosting and SPLA, if not to be on the newest system).

    I am shocked and disappointed with how Microsoft has been treating Partners with the hosted platform.  Firstly the SPLA pricing is not line with Office365, secondly we have our hand tied behind our back as we cannot offer OfficePlus for local use (but Office365 can), thirdly MS has provided partners nothing but false promises about the platform going forward and getting a straight answer from MS about the future plans is simply no possible.

    Maybe GoogleApps is the way to go.

  17. Jacob says:

    Are there going to be any better guide lines from moving from /hosting to SP2? I've never done a cross forest migration so I was hoping there would be some detailed instructions on performing this. I assume it would be almost exactly like a 2003/2007 -> 2010 cross forest excluding the ABP?

  18. Greg Taylor [msft] says:

    Jacob, yes we will be providing guidance. Early in the new year for /hosting to SP2, that's my current timeline.

  19. Greg Taylor [msft] says:

    For anyone still watching this thread, we just published our scale guidance for multi-tenant configurations using SP2. http://www.microsoft.com/…/details.aspx  

  20. When will discovery and search be supported in a multi-tenant deployment of Exchange 2010? For example, the ECP Search feature is scoped to only the tenant and not the entire Exchange org.

  21. Greg Taylor [msft] says:

    It won't Thomas. As stated in the guidance, that's either something you have to build into your control panel solution, or look for in one you buy.

  22. wongcw1020@hotmail.com says:

    Greg,

    Sorry I maybe asking a stupid question, but still cannot find the appropriate answer til now.

    In SP2 on-premises mode, how can we create a new user with the same username existed in the AD with different UPN without the -organization switch.

  23. Greg Taylor [msft] says:

    Hi Alex. You can't. The username for each user needs to be unique. That's one of the tradeoffs you have to deal with when you aren't using a truly multi-tenant system I'm afraid.

  24. wongcw1020@hotmail.com says:

    Greg, after checking the configuration of /hosting in sp1,I finally due with this problem by using the PowerShell to append a number to the -samaccountname such that both accounts have different UPN and different Samaccountname and created in different OUs, this is the exact behavior of what was done in /hosting mode.Actually in /hosting mode this task only takes me 1-2 mins but now it is really complicated.

  25. pderover@network-earth.com says:

    Greg,

    During any phase of the migration, will anything reference the Planmanager or RMDB?

    After all the mailboxes etc. have migrated, can I simply shutdown MPS and toss it out the window?

    Patrick

  26. Greg Taylor [msft] says:

    Patrick, those systems will be potentially a source of some information that needs to be extracted and re-used, but once done, there should be no need for them to stay – though of course that all depends on what the new provisioning engine you use will be.

  27. pderover@network-earth.com says:

    Thanks Greg for the information.

    What about OAB? What is MS recommendation for tier 1 hoster: dedicated OAB or distribute them across the mailbox servers, per the migration scripts?

    Patrick

  28. Greg Taylor [msft] says:

    Hi Patrick. Our recommendation would be to ensure that the provisioning system be responsible for ensuring that an OAB update occurs daily only for OABs that require an update (i.e. tenants that have had provisioning activity in the previous day), and the OAB update calls should be spread out as much as possible rather than all batched during a short time window.

    If you notice OAB's do not complete generation in the allotted window, or place a load on active mailbox servers that put your service as risk, then consider dedicating servers for the task. But don't do it just becuase you always did, only if you need to.

  29. Matt says:

    I totally agree with Johnny, Dave and Bernd. Common guys, life is not easy with the low margins hosters are making trying to compete with Google. Then MS launches Office 365 and competes with their very own partners, but its no competition because even though the prices are lower the service is bad. And now the curve-ball of SP2 with the get all the functionality but bend over backwards and maybe if you are smart enough (or throw enough money at it) you can solve the problem of migrating existing customers. Its really a pretty messed up strategy – who is driving this ship? Chewbakka?

  30. christianmogensen@gmail.com says:

    I'm one of those which have already implemented the /hosting installation in our company. But now SP2 comes along, and apparently, this is the way to go, …

    Greg -> what is the status of the guidelines to go from /hosting to SP2?

    It could be very useful, instead of doing it all manually ..

    Thanks.

  31. Greg Taylor [msft] says:

    The /hosting to SP2 guidance will be in a few days. I'm just finalizing the document and scripts today. Then it's just a few days to get published.

  32. christianmogensen@gmail.com says:

    Thank you. Will be looking forward to it.

  33. christianmogensen@gmail.com says:

    Hello Greg. Any new status? My colleagues is after me ;-)

    /Thanks

  34. Greg Taylor [msft] says:

    So, just between us here watching this thread… it's here: go.microsoft.com/fwlink

    Blog post tomorrow, but you can download the doc now if you want to.

    Happy reading.

  35. christianmogensen@gmail.com says:

    Thanks! Time to work … :-)

  36. pderover@network-earth.com says:

    Do you have information about having multiple custom contacts with the same external smtp address in the SP2 release? This was something that didn't work in HMC and was supposed to have been resolved with /hosting.

  37. Greg Taylor [msft] says:

    Good question Patrick.

    So there's a way to create the two contacts, but without writing an agent you still have an issue when using on-prem Exchange.

    The way to create the contact is to make sure you specify the target and proxy addresses explicity at creation time (only proxy must be unique). The challenge though is that the proxy is used as the reply address to all other recipients, same as HMC. So you really need to write some kind of agent to get that to work right, re-writing the reply address as it leaves the org.

  38. Chas says:

    Can we have a simple interface in Exchange 2010 for multi tenancy?

    Something like a wizard that asks you some questions regarding the client, and based on the answers input, all the necessary tasks to achieve tenant isolation will be executed, without having to manually action all the tedious tasks?

    Securing OABs, free busy, mail routing, distribution groups and the list goes on. It seems as though MS fixes one thing and creates 20 more things…

  39. Dave Lewis says:

    I really think what Chas said will be helpful.

  40. Greg Taylor [msft] says:

    Chas – as was explained in the post and in subsequent responses, our strategy has changed in this area. We have decided to work with partners and help enable them to fulfill the need for people who want more help in building a multi-tenant solution.

Comments are closed.