Sunday, May 29, 2011

Migrating to Microsoft SMTP Gateway guidelines and recommendations

Because of the huge success of the Forefront Protection 2010 for Exchange; a lot of companies are considering migrating from other products to FPE; so I decided to write a guidelines and recommendations to insure a smooth migration with a zero downtime,
Please make sure to read the recommendation carefully before jumping to the migration steps.

Recommendations:

  • Plan the migration steps with the Network and External DNS teams.
  • If you network team are using Cisco PIX Firewall make sure they read the following article ahead and that the header of your SMTP gateway isn’t masked http://technet.microsoft.com/en-us/library/dd277550(EXCHG.80).aspx
  • Export the list of blocked IP’s, senders and domains from your old anti-spam to the Forefront Protection 2010 for Exchange.
  • Enroll your environment at the Junk Mail Reporting Partner Program https://support.msn.com/eform.aspx?productKey=edfsjmrpp&ct=eformts&st=1&wfxredirect=1
  • Make sure the new IP’s that will be assigned to your Edge Server aren’t blacklisted http://www.mxtoolbox.com/blacklists.aspx
  • Monitor the blacklist status of your domain sending IP’s and get email alerting when added or removed from any blacklist database by registering at http://www.mxtoolbox.com
  • Install the Forefront Protection Server Management Console to get a centralized console for configuration deployment, reporting, quarantine management, engine and definition update deployment http://www.microsoft.com/forefront/protection-for-exchange/en/us/management-console.aspx
  • Make sure to manage your customer’s expectation at the early deployment phase and try to educate them about your plan in order to win their cooperation with you.
  • Be sure to use the right disk types to provide you with enough IO’s for your SMTP gateways.
  • Don’t enable recipient filtering until you are sure the synchronization process has been completed on all SMTP Gateways.

Guidelines:

Tasks
Useful Links
Preparing the windows servers.  
Installing the file level anti-virus"FEP 2010" http://www.microsoft.com/forefront/endpoint-protection/en/us/system-requirements.aspx

http://technet.microsoft.com/en-us/library/ff823762.aspx
Defining the anti-virus exclusions http://technet.microsoft.com/en-us/library/bb332342.aspx
Installing Microsoft Exchange Server 2010 SP1 Edge Server role http://technet.microsoft.com/en-us/library/bb124701.aspx
Creating the Accepted Domains http://technet.microsoft.com/en-us/library/bb124423.aspx

http://technet.microsoft.com/en-us/library/bb124911.aspx
Configuring the External DNS Lookups http://technet.microsoft.com/en-us/library/bb123492.aspx
Configure DNS Records for Your Edge Servers http://technet.microsoft.com/en-us/library/bb124896(EXCHG.140).aspx
Installing the Forefront Protection 2010 for Exchange. http://technet.microsoft.com/en-us/library/cc482965.aspx
Configuring the forefront protection 2010 for exchange. http://technet.microsoft.com/en-us/library/cc483003.aspx
Create new MX records to point to the new edge servers with a higher priority than the old ones. http://en.wikipedia.org/wiki/MX_record
Create an Edge Subscription File on an Edge Transport Server. http://technet.microsoft.com/en-us/library/aa997590.aspx
Import an Edge Subscription File to an Active Directory Site. http://technet.microsoft.com/en-us/library/aa995991.aspx
Force EdgeSync Synchronization. http://technet.microsoft.com/en-us/library/aa996383.aspx
Disable the send connector that is sending to the old SMTP gateways.  
Make sure you can send mail outside your organization using the new SMTP gateways.  
Shift the priority of your MX records so the low priority will be your new Microsoft SMTP gateway.  
Make sure you are receiving emails on your new SMTP gateways.  
Shutdown your old SMTP gateways.  
After a period of time make sure to delete your old MX records after making sure that everything is working smoothly  
Congratulations; you have done a good job.  

See you soon, Hany Donia

2 comments:

Anonymous said...

Thanks for sharing this... really helpful :)

~Subrat.
http://in.linkedin.com/in/subratd

Hany Donia said...

Good to know that you like it; Thanks for your visit and comment

Warm Regards ...
Hany Samir Donia