You've got no mail

 

Connecting state and local government leaders

For the Social Security Administration, upgrading its e-mail servers from Microsoft Corp.'s Exchange Server 5.5 to Exchange Server 2003 proved to be a job so monumental that the agency had to break it into segments.

For the Social Security Administration, upgrading its e-mail servers from Microsoft Corp.'s Exchange Server 5.5 to Exchange Server 2003 proved to be a job so monumental that the agency had to break it into segments.'Our strategy was to migrate the users on a site-by-site basis. That made the most sense for us,' said Bill Gray, deputy commissioner for systems at SSA. 'If we tried to do entire regions at a time, it would really affect the performance.'Most agencies will undertake a similar upgrade this year, if they haven't already. At the end of this year, Microsoft will cease supporting its Exchange Server 5.5. No longer will the Redmond, Wash., giant supply routine bug fixes or vulnerability patches. Routine telephone support'either free or of the charge-per-incident variety'will no longer be offered, and shiny new Microsoft products may not work with Exchange 5.5.Given the pervasiveness of Exchange 5.5'software that manages employee contact lists, calendars and e-mail'such upgrades will prove to be one of the major IT projects for many agencies this year. But the upgrades are necessary.'For any of our customers who are still on 5.5, virtually all of them are either in the process of migrating or have placed it very high on the priority list of things that need to be done,' said Scott Spencer, director for the enterprise software solutions technology practice of government reseller GTSI Corp. of Chantilly, Va.The good news is that employees can experience little or no downtime of their messaging clients'if a solid migration strategy is in place.'It's not easy. It requires a lot of planning. There are a lot of factors involved, so you want to make sure you plan and execute well,' Spencer said.Complicating the process somewhat is the fact that if the agency wants to take full advantage of Exchange 2003's enterprise features, they may have to re-architect their messaging systems'a move that will consolidate servers.'What is happening is that everyone had their own Exchange server on the corner, and now everyone is pulling them together,' said Don Tarkenton, account manager for Quest Software Inc. of Irvine, Calif., which offers programs to ease migration.SSA started upgrading its Exchange servers in January 2004, Gray said. It's no small project. The agency's six regional centers oversee 91,000 e-mail accounts. The IT office spent the first six months planning, and throughout the summer of 2004 it piloted several Exchange 2003 implementations. Now, SSA is rolling out the live units. About 13,000 mailboxes have been converted.'We needed to do testing, testing, testing, to make sure we didn't run into any problems,' Gray said.Social Security is not the only agency on the move. The Army has also set an ambitious plan in motion to replace the service's Exchange servers by 2006. The plan involves placing all Army personnel on a single e-mail system.The service upgraded all its Exchange servers in South Korea during a blazingly quick four-month period last year, a job that involved 18,000 accounts, according to Army Maj. Earl Robinson, assistant product manager for the migration in Korea.The Army awarded systems integrator Internosis of Greenbelt, Md., an $850,000 contract to help complete the job in Korea.'Migrations don't have to be difficult,' said Fred Wink, senior public sector vice president of Internosis, which specializes in helping agencies set up and execute large upgrades of this nature.Preparation is the key to a successful upgrade, he said. The IT office should schedule when each server will switch over and stagger the rollout, either by sets of users or by geographical region. Communications should be sent to alert all involved parties. And the agency should establish a test lab where deployment teams can get implementation training.'We usually upgrade in stages,' Spencer said. 'A large organization distributed across multiple sites might [upgrade] site by site and maintain coexistence between the two environments until it moves everyone over to the new environment.'A good implementation 'should be totally transparent to the users, done offline or with scheduled outages,' Wink said. He noted that in Korea, upgrades were done overnight, sometimes as many as 500 users per night.'There was no downtime apparent to the soldiers,' Robinson said, noting that even soldiers dispatched to Iraq during the upgrades did not experience service disruptions.At least in one respect, moving away from Exchange 5.5 requires twice as much work as any other software upgrade, because organizations must install not only the new version of Exchange but also an entirely separate application'Microsoft's Active Directory'with its own software and hardware requirements.'One of the things that makes the migration more difficult is that it is actually two migrations,' said Quazi Zaman, platform technology specialist manager of Microsoft's federal division.Released in 1997, Exchange 5.5 included a mechanism for authenticating users. As organizations set up their e-mail accounts, they assigned each user a name and password within Exchange, which users needed to access their data. Subsequently, Microsoft moved the Exchange directory service engine into the operating system itself, so it could be used by other applications, Zaman said. Today, Active Directory is Microsoft's enterprise authentication system and is used by Exchange 2003.As a result, the first step of any migration from Exchange 5.5 is to set up an Active Directory for the organization. SSA, for instance, didn't start upgrading Exchange until it had an agencywide authentication directory, Gray said.For its Continental United States operations, the Army first deployed an Active Directory, allowing installations to upgrade their Exchange servers themselves, said Maggi Patton, Active Directory implementation lead for the Army.Microsoft's Active Directory Migration Tool can help administrators move Exchange account passwords to the new Windows Active Directory environment. And fortunately, after Active Directory is installed, an office can still use Exchange 5.5, experts note. Microsoft provides a module, Active Directory Connector, that redirects Exchange's authentication requests to Active Directory, allowing both to work together in a seamless operation.Before getting started, the upgrade team may have to rethink an organization's messaging architecture.The original version of Exchange 5.5 was limited to around 2,000 users per server, since it relied on a single database that could only scale to 16G. Larger organizations created multiple smaller domains to serve employees and designed their backup requirements around these distributed setups. As a result, agencies ended up with a patchwork of different Exchange environments, each maintained at a local level.Exchange 2003 breaks through the technical limitations of 5.5. Each server can support up to 20 mailbox databases, which can in turn support 5,000 or more users with up 16T worth of space. Coupling these hefty servers with an Active Directory deployment means agencies can consider messaging an enterprisewide activity rather than one each office grapples with independently.'I think there is a big benefit to having organizational consolidation rather than having islands of information,' Zaman said.The Army didn't change its architecture to meet Exchange 2003, Wink said, though Exchange 2003 fit nicely in the Army's overall goal of server consolidation. One of the advantages the Army will see with one central directory is that a reassigned soldier can access e-mail without reconfiguration.Originally, the Army had individual Exchange 5.5 implementations at each of the hundred or so installations dotted throughout Korea, Robinson said. The migration team established a central architecture supported by four regional hubs. In the United States, two enterprise hubs will be set up to coordinate traffic among the installations.Moving to an enterprisewide messaging system can be fraught with political baggage, Wink warned. Office administrators may not want to give up control of their mailboxes. Therefore you must get buy-in, both at the local level'where the work to transition the mailboxes is done'and with top brass who must champion the project.In addition, naming conventions, usage policies and other aspects must be normalized across the organization'all of which requires policy. On a technical level, for instance, permission settings must be reviewed for each user. Policy settings that worked fine for one department may be dangerous when applied to the whole organization. Storage is another issue to consider when ramping up to an enterprise deployment. In most cases with Exchange 5.5, the server itself held the databases. Given sufficient consolidation, however, an organization may want to offload the databases to a storage area network. In Korea, the Army deployed SANs from EMC Corp. of Hopkinton, Mass.Software can also help manage storage issues. Enterprise Vault from Veritas Software Corp. of Mountain View, Calif., allows systems to automatically offload older data to storage networks, saving more-costly disk space, according to Jeff Hausman, director of product marketing for Veritas. Administrators can also use the software to offload as much material as possible before a migration, minimizing the time needed to copy files to the new server, he said.The upgrade team should keep in mind that user space requirements have grown since original Exchange implementations, when e-mail probably wasn't as mission-critical. Questions to ask include: How much space does each user take now, and how much will they use in the future?'Doing a little bit of prep work to figure out what the storage requirements will be three or five years from now helps you in designing an infrastructure that is designed for the future, rather than just today,' Zaman said.When it comes to hardware, the upgrade team faces two possible paths. One is to install Exchange 2003 on a new server, one running either Windows 2000 or Windows 2003 Server software. Once Exchange is running, the upgrade team simply copies the mailboxes to the new server.The other option is to upgrade an existing server, a financially appealing choice, given Microsoft's surprisingly modest hardware recommendations for running Exchange 2003 (512 MB of random access memory on the equivalent of a 733-MHz processor). This approach may require more nuanced planning, given the peculiar combinations of Exchange and Microsoft Windows that may or may not work together.The trick to upgrading the software on existing hardware is to have an extra server on hand, said Don Baker, technical architect for Internosis. Prepare an Exchange 2003 installation on the extra server, and move the accounts from the first working server onto this machine. Then reformat the old server and transfer onto it the data from the working second legacy server. And so on.Microsoft provides its own migration tools for moving mailboxes to Exchange 2003, but customized software may streamline the transition. For instance, Quest makes a tool called Exchange Migration Wizard that automates moving mailboxes. The company markets the software for high-volume migrations, according to Scott Geddicks, the company's Microsoft engagement manager. Internosis used Quest's software to aid in its work in Korea.Quest's software installs at the source and target servers agents that copy mailbox material from the old location to the new one. Using agents cuts the copying time considerably, since data doesn't have to travel through an intermediate server, Geddicks said.As each item is copied to the new location, the software leaves a pointer at the old location, allowing the user to access data even as the migration takes place. When the user requests an item from the old server, the request is automatically redirected to the new server. The pointers remain in place until the client software itself has been redirected to access material on the new server, which can be done later with a script.Sooner or later, agencies must face the inevitable. And as the Army and the Social Security Administration have learned, the sooner the Exchange migration begins, the sooner the agency can enjoy the benefits of the new software.

'Our strategy was to migrate the users on a site-by-site basis. That made the most sense for us.'

'SSA's Bill gray

With Microsoft Exchange 5.5 on its way out, agencies must carefully migrate e-mail systems without disrupting service.



















Migration mountain
































Size matters



























Extra server trick









NEXT STORY: First, skill all the lawyers

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.