- Azure Sentinel: Microsoft's SIEM for the cloud and on-premises - Fri, Oct 30 2020
- Microsoft Cloud App Security - Tue, Sep 29 2020
- Microsoft 365 Defender: An overview of Microsoft's security services - Thu, Sep 17 2020
In this two-part article, we're going to look at what's new and improved in this version as well as the upgrade path from existing deployments of Exchange Server. Finally we'll tackle the all-important question of why you would run Exchange on premises instead of leaving it to Microsoft to do in Office 365. This first part will give an overview of what's new and what you'll need to consider for deployment, whereas the second part will look at two major technical enhancements.
New features ^
Exchange Server 2019 only runs on Windows Server 2019. Yep—you read that right, it requires the latest OS, unlike previous releases of Exchange. Not only that—Microsoft recommends that you run Exchange 2019 on Server Core, not Server with a Desktop (although they support both). The main reason for the limitation of Windows Server 2019 is that a lot of security engineering work has taken place in the OS that Exchange 2019 takes advantage of; hence it will only run on that OS.
Security is predictably at the forefront, and just like Office 365 is doing, there's no support for older versions of TLS (the successor to SSL), only TLS 1.2. They've also removed legacy ciphers and hashing algorithms.
Scaling up is another area that has received some love. Exchange can now use up to 48 CPU cores and up to 256 GB of RAM. Exchange comprises close to 99% of managed code, and the scaling limitations in earlier version are due to the limits in earlier version of the .NET Framework. Microsoft has lifted these in the latest version.
In another example of how changes made in Office 365 eventually migrate to on premises, the most heavily used data can reside on SSDs, speeding up many parts of the user experience (see more in part 2). Moving more database information into memory for caching is called Dynamic Database Cache (DDC, also in part 2) and will again improve the user experience.
But with all the new stuff, there's also some old stuff that's got to go, specifically the Unified Messaging (UM) role. If you're connecting Skype for Business Server or a third-party PBX to Exchange Server today, that won't be possible with Exchange Server 2019.
Alternatives include using Skype for Business Server 2019 with Cloud Voicemail or migrating to Office 365 for Cloud Voicemail. Both of these options require directory synchronization to Azure AD (using AAD Connect). This may not be palatable to a business that has decided to keep its messaging infrastructure on premises.
Apart from a third-party solution, your only other option to keep using Exchange for voicemail is to stay on Exchange 2016, which will have support through 2026. Once you have introduced Exchange 2019 into your environment, be aware that if you move a mailbox to a 2019 server, it will remove its UM attributes.
Microsoft released Exchange 2016 as a particular build of Exchange Online, and the Cumulative Updates (CU) released quarterly are essentially just repackaged updates made to Exchange Online.
Exchange Server 2019 is different and is a fork of the codebase they'll develop separately going forward. The idea is to slow the cadence and churn that these frequent updates generate; nevertheless, they've scheduled the first CU for March 2019.
When you're looking to upgrade, Microsoft offers the excellent Exchange Deployment Assistant, but it currently (January 2019) doesn't have explicit information for Exchange 2019. However, the Exchange 2016 information (apart from supported OS) should be pretty accurate for 2019 as well, so you can borrow that. For either an upgrade or a new installation scenario, it'll ask you a series of questions and then give you a customized deployment checklist to work through.
Microsoft aims Exchange Server squarely at small-to-midsized businesses (SMBs), arguing (correctly in my opinion) that these customers shouldn't incur the overhead of running their own infrastructures and should instead use Office 365. This is also evident in the change that the only way you can purchase Exchange 2019 is through volume licensing contracts, limiting access to medium and large businesses.
Upgrading to Exchange 2019 is not a weekend job in these businesses, so coexistence will be a fact of life. If you're on Exchange 2013 or 2016 today, adding Exchange 2019 to the mix will work, as long as your Exchange 2013 servers are on CU 21 or later and your Exchange 2016 servers are on CU 11 or later. There's also support for a mixed environment of both 2013 and 2016.
Your domain controllers (DCs) need to be 2012 R2, 2016, or 2019 with a forest functional level of 2012 R2 or higher. The AD site where you're installing Exchange needs at least one writable DC that's also a global catalog (GC) server. If you're running IPv4 alongside IPv6, Exchange will communicate with servers and clients over IPv6.
The mailbox role of Exchange has a recommended minimum memory amount of 128 GB (!), whereas the Edge role recommends 64 GB. There's only support for .NET Framework 4.7.2 on the server, with support for Outlook 2019, 2016, and 2013, along with Outlook 2016 for Mac, and Outlook for Mac for Office 365. You need to install some prerequisites on Windows Server 2019 before Exchange; more details are here.
What's missing ^
We expected some things in Exchange 2019 that didn't make it but will follow in later updates. The most glaring omission is modern authentication, which is actually supported in Exchange 2019, but it's not turned on because the client libraries aren't quite there yet.
Being able to set your own key for mailbox encryption is also coming, as is the ability to block legacy authentication such as NTLM. A blog post during the preview phase promised that the simplified calendar sharing in Office 365 was coming to Exchange 2019, but it's also not ready.
This concludes the first article. In the second part, we'll look at the new option to use SSD drives to speed up Exchange, MetaCache Database (MCDB), BigFunnel for search improvements, and other minor enhancements.