Category Archives: Musings

A reader wrote to quiz me about my recent columns on 64-bit Exchange and the performance benefits it should offer. He asked:

In your last e-letter you mentioned the added performance boost putting Exchange on a 64-bit box. For those of us that connect our Exchange servers to an iSCSI SAN, would we not run into bottlenecks at the NIC (1Gb backbone, assuming we were not using a TOE card or maybe even if we do), before a 32-bit setup cut into performance?

I’ll trot out my all-purpose answer: “it depends.”

First, let’s assume that you have a Gigabit Ethernet connection to the iSCSI SAN, with an HBA that has a native x64 driver– no thunking required. That’s just a clarification, but in the end it doesn’t really matter. Why? Assuming that you have “enough” RAM (where the precise value of “enough” varies according to the user workload on your server), JET 12 is going to be able to cache a significantly larger portion of the EDB data than it can now, meaning that the amount of bandwidth between your server and the iSCSI cabinet becomes much less relevant from a perf standpoint. We already see a similar effect now; when SAN vendors are hunting for business, they often put lipstick on the bulldog by adding a very large cache to the controller. Of course, this only works until the disks hit 70% or so of capacity, then the cache detunes and performance drops like a rock. That’s a problem only because the SAN controller has no idea what the application is doing; it’s not a problem for Exchange in this case because ESE is in charge of the cache. Given “enough” RAM, the amount of bandwidth you use for a given set of user behaviors should decrease because you’ll be making fewer requests to the actual disk.

What about page size? My gut feel is that the page size change will be a wash; caching will reduce the total number of IOPS that have to go over the wire, but those pages that do go will be 8KB vice 4KB. I’m looking forward to seeing hard data to confirm or disprove this, though.

Why did I say “it depends”, then, if the performance news is so rosy? Because one of the key reasons people will be deploying Exchange 12 is to consolidate servers. Obviously if you take four or five Exchange 2003 servers and stuff their mailboxes onto an Exchange 12 server, the new server is going to require a significant amount of SAN bandwidth, and I suspect it’ll easily be possible to build configurations that would saturate a GigE HBA. So, don’t do that and you should be good to go!

If it’s MacWorld week, it must be time for more Mac news here. Today’s dose: Research In Motion has licensed IAA’s PocketMac product. It’ll be made avaialble as a free download on RIM’s web site starting in February. This is obviously a good move for IAA, makers of PocketMac, and clearly it’s an effort by RIM to remain competitive with Palm for hearts-and-mindshare among Mac users.

It’s Patch Tuesday, so you know what that means. This month, there’s actually an Exchange patch, although it only applies to Exchange 2000, Exchange 5.5, and Exchange 5.0 on the server side (Outlook 2000, Outlook XP, and Outlook 2003 are all affected too, though). The vuln reported in MS06-003 is a problem in the TNEF decoding engine that can allow remote code execution. Interestingly, MS released security patches for Exchange 5.5 even though it just went end-of-life 10 days ago… and what’s up with that crazy Exchange 5.0 patch? That’s been out of support for quite a while, and I’d bet the percentage of sites using it is very, very small.

Lenovo and Apple are fighting over my wallet. I’m thinking about buying a new laptop, and the two contenders now are the Thinkpad T60 and the brand-new MacBook Pro. The big variable is whether the MacBook can run Windows, either using VirtualPC (Microsoft isn’t saying) or natively. If yes, that’s my choice; if no, I’d probably lean towards the Thinkpad. Fortunately, neither one is actually shipping, so I don’t have to make a decision quite yet.

Jim McBee says something that I’ve been evangelizing for a while: turn off outbound SMTP on your network. The only machines that should be able to send it are your messaging servers. Maybe, if you’re feeling generous, you might allow VPN users to send SMTP so they can send mail while on the road. That’s it, though. There’s no good reason why Joe Cubedweller should be able to send SMTP direct from his machine. Worms like Sober use it, as do a number of rootkits/botnet droppers.

I just sent off three session proposals for TechEd 2006. I didn’t bother to submit anything last year, and– big surprise– didn’t speak. It was nice to take a break and attend without having to speak, but I missed it, so this year I’m back to my normal MO. I’ll also be speaking at Exchange Connections 2006 and the newly added Exchange Connections Europe– more info on those coming soon!

I’m delighted to announce that Microsoft has released updated versions of two of its key security guides: the Threats and Countermeasures Guide 2.0 and the Windows Server 2003 Security Guide 2.0. Devin and I put in a lot of hours updating these two guides to reflect updated settings in XP SP2 and Windows Server 2003 SP1, and there’s some very useful new information therein.

Normally I wouldn’t mention this here, but it has security relevance. Don recently started blogging. Why do you care? Because he’s an attorney who works for a really large software company in western Washington. In that capacity, he’s written some amazing stuff that I hope shows up in his blog over time.

I had the opportunity to work with Microsoft’s Cliff Reeves earlier this year, and thoroughly enjoyed it– Cliff is scary smart, quite personable, and really “gets” the collaboration space. I urged him to start a blog, and whaddya know? he did! Check it out at http://cliffreeves.typepad.com/dyermaker/.

I just attended a Live Meeting hosted by Microsoft’s Nicole Allen and Mike Lee. Nicole is well known in the Exchange community as being an expert on Exchange performance analysis, and her presentation covered some of the guts of the Exchange Performance Troubleshooting Analyzer (ExPTA). If you haven’t used ExPTA, you’re missing out; it’s a terrific tool for analyzing the performance of your Exchange server and identifying problems, including problems experienced (or caused) by individual users. Mike Lee also did a similar presentation on the Exchange Disaster Recovery Analyzer (ExDRA). (For a good tutorial on what ExDRA does, see Marc Grote’s article here.)

The interesting thing to me is the degree of investment that Microsoft is putting into these free add-on tools for Exchange. They fill a void that no third party vendor has effectively exploited, and customers love them because they greatly simplify the process of finding current or latent problems with an Exchange configuration. Between ExBPA, ExDRA, and ExPTA, Microsoft is assembling quite a formidable set of analysis and troubleshooting tools.

I meant to blog this, but with all the other things that’ve been going on, I forgot. Exchange Server 2003 has passed the evaluation process for receiving the Common Criteria security evaluation at Evaluation Assurance Level (EAL) 4. There’s a good article at the Exchange team blog that covers the certification process and what CC certification means. Interestingly, I haven’t found any evidence that any version of Domino is CC-certified, but I probably just wasn’t using the right search terms (I note that IBM’s talked a lot about the EAL-3 version of SUSE Linux Enterprise Server 9).

It’s a closed private beta, but there’s some good information at their beta 1 preview site: http://www.microsoft.com/exchange/preview. Expect more information after the first of the year…

The OCS 10g documentation says you create SMTP domains by logging in to the web mail client and using the Administration tab. It also says that you won’t see that tab unless the account you use has either domain or system admin privileges. However, it doesn’t say that “domain administrator” accounts can’t actually create or remove domain objects; you have to have “system administrator” for that.