Email continues to be the primary business communications tool, even with the rise of communication hub solutions like Microsoft Teams and Slack. Microsoft Exchange Server remains a significant part of the provision of email mailboxes to users in organizations of all sizes and across all sectors. The move to cloud email via Office 365 and other services hasn’t diminished the importance of Exchange Server. Indeed, many organizations now use a hybrid deployment approach with some of the mailboxes in the cloud on Office 365, with others on-premise located on Exchange Servers.
The latest release of Exchange Server is Exchange Server 2019, and it follows on from the editions badged as 2016 and 2013. The 2019 release brings improvements in several areas and is an evolution from the 2016 version. We discussed the Exchange Server 2019 public preview release in late 2018. The feature comparison table on that page is still relevant for the current Exchange Server 2019 release.
Load Balancing Exchange Server 2019 Kemp LoadMaster fully supports the load balancing of Exchange Server 2019, and previous editions, across on-premises and Office 365 mailbox deployments. Microsoft’s Active Directory Federation Services (ADFS) can be used to unify authentication across a hybrid deployment with LoadMaster providing resilience. Additionally, Outlook on the Web servers (formally called Outlook Web Access) can be load balanced to provide the best application experience for webmail and calendaring. Coupled with TLS (née SSL) offloading and load balancing of VPN services, LoadMaster enhances any Exchange 2019 and Exchange hybrid infrastructure deployment by making it more performant and robust. Please see our web page on Load Balancing Microsoft Exchange for detailed guides on how to configure recent editions of Exchange Server to use LoadMaster load balancing.
Any organization that is currently running a previous release of Exchange Server and who are looking to move from the 2016 version to the 2019 edition should note the items below in their planning.
• TLS 1.2 is the only TLS security protocol that is enabled by default. Previous versions of TLS (and all SSL versions) are off in a standard configuration. This is a good thing. Make sure that any services on your network that need to communicate with Exchange Server are using TLS 1.2 or later. It’s probably worth saying that the Microsoft implementation of TLS 1.2 does not have some of the security vulnerabilities that are often listed as a driver to move to TLS 1.3. So, there is no need to worry about using TLS 1.2 for now on the Microsoft stack. LoadMaster fully supports TLS 1.2.
• Exchange Server 2019 can be deployed on Windows Server Core. This is a smaller footprint install of Windows Server that has a smaller attack surface than the versions with all the UI and tools deployed. Hence it is easier to manage and keep secure and up to date. • Exchange Admin Centre that is used to manage Exchange can be set to block any access from outside the internal network. This removes the need many organizations had to setup complex firewall rules to protect Exchange Admin Centre from attack.
• The PowerShell cmdlet library for configuring Exchange has been updated and improved. This allows much more to be done in PowerShell and via Sysadmin and DevOps workflows.
Load Balancing Exchange Server 2019 Any organization moving to Exchange Server 2019 from Exchange server 2013, or even Exchange 2010, will have more to consider and plan for. We have written about these migrations in the past the Kemp blog, and Microsoft has extensive documentation on their support site.
Wherever your organization is with Microsoft Exchange Server or hybrid Office 365 mailbox deployments, Kemp LoadMaster can help deliver a better application experience for all your users no matter where their mailbox is located. See the our web page on Load Balancing Microsoft Exchange for more details, or contact us today.
To learn more, we recommend reading this Exchange related blog post: How to migrate your F5 BIG-IP Exchange Service to Kemp using Edge Security Pack