When Is Exchange Inappropriate For The Enterprise?

malice95 asks "At my company (approx 1000 users) we currently run Dual Sun Ultra 2's (Solaris) in an HA configuration for our mail system. It runs Sendmail with pop, imap, web-based e-mail, web-based e-mail archives, and approximatly 150 Majordomo mailing lists. The system has been working great for months. Our users use a mix of Netscape, Outlook, and Pine to read their e-mail. Lately there seems to be a small but politically forceful faction in the company that wants us to move to MS Exchange for our entire e-mail system and standardize on MS Outlook for the desktop. I have seen many exchange setups crash and burn at other companies, and become management nightmares. Can you help me come up with opinions/facts/experiences why exchange sucks as an enterprise e-mail solution versus a nice solid Unix solution to present to management?" There are times when standardizing on Outlook and Exchange may be desirable for a company and times when it is not. Is this one of those times, considering that it looks like this company has a perfectly working mail system already in place? Why or why not?

Management's IT Rule #0

If it aint broke, fix it till it is (broken)

Why Screw up a good thing?

Why change something that works well?

Exchange has the potential to introduce a number of new headaches into a system that works very well. Why change?

If they want to standardize on Outlook for the desktop, go ahead and do that. But that doesn't mean they need to get you to change your entire backend to run Exchange.

On Outlook: Remember. Even MICROSOFT got screwed

Remember, with Outlook as the desktop client, you have the patented Microsoft Insecurity Inside(tm) design school.

Even Microsoft has been directly and successfully attacked, in a rather significant and spectacular manner (enough that the intruder could go browsing around and make new accounts) through the use of email trojans.

I think there is enough fodder, between the attacks on Microsoft and the various email worms, to ban outlook altogether.


Nicholas C Weaver
nweaver@cs.berkeley.edu

Re:Exchange would probably be a bad move

switching to Exchange means putting a Windows box on *every* desktop.

exchange will run on a mac without troubles. There may even be a version of Lookout for the mac as well...
You are pretty much out of luck for unix stations though :( I believe there is a program called Mailone or something that lets you read exchange email on unix...I think evolution is supposed to support exchange as well..but not in the near future.

Yeah!

I was going to post this if no one else had but you beat me to the punch. And keep in mind you can't run exchange on any old machine. You'll probably have to quadruple the number of mail servers you currently have and set up big quad xeon systems with gigabytes of RAM to handle the same load you're handling now on whatever UNIX machines happen to be hanging around.

In addition, you'll definitely want to set up some filtering software. Ideally you'll just eat executables and Word documents on the server. You should already be doing this anyway, but when you upgrade you have a good excuse to implement a draconian security policy, because everyone knows how insecure Microsoft products are.

You're probably need more IT staff to maintain all those new servers. Now Microsoft HAS got it down to the point where a trained monkey can handle day to day situations, but you'll want a couple of really experienced admins as well to fix things when the inevitable mail worm hits. Those guys don't come cheap.

And don't forget licensing on 4x your current machines for exchange, NT (or 2K) and your scanning software. And the manpower it'll take to set all this up and make sure everyone's desktop is running the right software. Since you'll be visiting everyone's desktop anyway, it'd be a great time to do a licensing audit to make sure you won't have any trouble if the BSA ever comes a knocking.

Exchange's Strengths And Weaknesses For The Masses

I've rolled out several Exchange servers for different clients. Here is a from-memory good/bad list for Exchange that I tell all my users before they settle on a mail system.

The Good

• Unified message storage makes backing up everyone's mail a breeze
• Outlook MAPI clients get instant new message notification without having to check every 10 minutes - A HUGE PLUS. I have yet to see a POP/IMAP solution that does this reliably.
• Connects with pretty much every mail system out there
• Supports Outlook as a MAPI client, and all POP3 and IMAP mail clients running on any OS
• Fairly easy administration and all message system recipients are shown in the "Global Address List"
• Exchange performs quite well on a single processor system with 256MB RAM
• Installation is pretty easy
• Mail server clustering (failover) is supported, although at a cost
• If your users gripe enough, you can enable the web-based messaging at a performance cost
• Messages to multiple receipients are stored only once (with multiple pointers) to reduce information store usage

The Bad

• To back up individual mailboxes, you need a third party backup tool (Backup Exec or ARCServe)
• Exchange eats memory up quickly to keep performance in check. You need a stand-alone machine with 256MB to 512MB RAM for a solid implementation.
• Having all messages on the server could cause network bottlenecks if a 10MB video goes to "All Users"
• Instant message notification only works with Outlook (MAPI Clients). POP/IMAP users are out of luck.
• Because of the size of the installation, you shouldn't use the mail machine for anything else
• Cost - OUCH! Exchange is one of the most costly enterprise mail systems available. Add to that the fact of a Win2K/NT Server license, Exchange user licenses, and backup software license and you've doubled or tripled the price of the hardware
• Some of the message and delivery restrictions are not robust enough to prevent certain virus outbreaks...
• Speaking of virus outbreaks, the instant message delivery may aid that. A good virus protection software is recommended - more $$$

In short - I like Exchange for it's features. It definitely has an advantage over sendmail/pop/imap. BUT - The need for a dedicated server (difficult for smaller installations) and astronomical costs make the decision more difficult.

Hope this helps.

Re:Using Outlook in a scaling UNIX enviroment

HP is an american company. As you know the product is produced in the Pinewood England office. Openmail enjoys far more popularity in the EU/UK area than the US.

You probally did Openmail Internals just like I did.

This boils down to the following. Before outlook came out MS had there crappy exchange and MS mail clients/servers. At that point HP was years ahead of MS. HP released a NT version of Openmail. The word directly from HP was MS hit the fucking ceiling. They told HP that if Openmail wasn't pulled from the NT platform that they'd drop them from the NT VAR/OEM program. They would no longer get advanced releases. This would screw HP because they need to write drivers for NT for the custom hardware they make.

Openmail NT was pulled from the product lineup and is a footnote in history.

HP was really hoping that OS/2 would take a better hold of the market. At one point IBM sold a branded version of Openmail. When OS/2 crapped out that left HP out of the intel platform. And thus could never hold the costs down.

As far as cost reductions I can chip in the following. It was never the software it self that created the high cost for us as a HP Openmail customer. It was the cost of hardware and Unix support. Implimenting UNIX upgrades cost far more than NT service packs. Buying K series servers sucks big time.

This is where Linux comes in. If Linux becomes workable to the high end business customer this opens the door for large scale Intel boxes that would run openmail. Hardware costs would be reduced greatly, and the OS would be free.

That's my $.02

Anti-virus software != Outlook security

Anti-virus software is great after the first wave of destruction hits from a new virus. If your company is part of that first wave, anti-virus software does nothing at all to protect you.

Managers may love whatever scheduling capabilities that Exchange/Outlook by them, but they are deluding themselves if they think anti-virus software solves all of the security woes that Outlook will bring them. The gain from the features must be weighed against the VERY real security flaws of Exchange/Outlook that will not be solved by any amount of anti-virus software.

Any realistic cost assessment should account for the possibility of all desktop machines getting wiped clean by the next generation of Outlook viri (that delete everything in sight, and don't even have to be opened or read to be triggered). The Lovebug was just the tip of the iceberg. Scheduling meetings at the click of the button may not be worth this.

Re:PHB's like calendars--alternatives

If Novell's still selling it, look into Groupwise. It's got all the email, all the calendaring, and all the sharing of outlook. I don't think its got the security problems, and it works pretty nicely. It may be a pain to administer tho. It's also got a decent API that lets you interface other programs with it. In my case I tied in the medical campus event calendar on the web into groupwise to let people post events to their own calendars. The work was straight forward. I'd also look into open source solutions for this same feature. There's something out there called "V Card" if I have the name right--probably don't.

Re:Why Screw up a good thing?

As one who has run sendmail/postfix/pine/etc in large university settings and ISP settings I think I have a fairly well balanced view point. As a long time *NIX sys admin, it pains me to say it, but in a business organization, Exchange beats the pants off other *NIX solutions I have used. I also run several dozen distributed mail servers across north america for an enterprise business concern and I would absolutely shoot my self in the head if I had to try and come up with a *NIX solution as feature rich, easy to implement and maintain as Exchange.

Exchange servers and outlook are excellent choices for business organizations for their internal mail needs. It is easy to setup, easy to maintain, allows easy setup and maintenance of distribution groups, allows easy setup of multiple smtp addressess for the same mailbox, only maintains one copy of a message in the message database for multiple distributions to save space, is generally quite bullet proof and runs forever without a reboot if you don't try and put several apps on the same box, havae the coreect patches on it,etc, allows for distributed e-mail servers with very little work or maintenance, allows user mailboxes to be moved between distributed servers easily. My mail system admins are pretty much entry level and require very little training. There is a lot of control over distribution lists and addresses in terms of who is allowed to send mail to those addresses (good for pager email addresses for the IT and executive staff and "everyone" distributions). Exchange server allows for the easy integration of things link the RIM Blackberry wireless PDA's (what the execs prefer here) on a server level instead of a workstation level. How 'bout when upgrading/adding a new mail server with exchange. Bring it online, move the users mailboxes to it by selecting the user and picking a different home server for them. Next time the user logs in, Outlook will automatically detect the mailbox was moved and reconfig transparently. Really simple, really painless.

Of course there are the shared schedules that make it easy for execs to have their admins keep their appointment books for them, and allows all changes to be merged. There is granting "send as" privs to exec admins. The really big thing for everyone is the GAL (global address list). Since the Microsoft solutions are very expensive compared to other solutions, Execs are willing to hear proposals for just about any kind of replacement mail system that has a decent web mail interface and all the other scheduling features, etc, but if it doesn't have a GAL, it won't get heard.

--JB--

Re:Exchange on Sun

Actually from some of the things I've heard this could be your best argument. Exchange 5.5 enterprise is becoming scarce quickly, Exchange 2000 has features that only work with Active directory. So to upgrade to a new Exchange server and use all the features you will have to update all your systems to Windows 2000 (or maybe just add Office 2000, hardly a cheaper option though.) Wave that bill under the bosses nose and give him the no extra cost solution of keeping the system that works now and they may see reason. I know why some people in your company may like Exchange, they got used to it somewhere else, if you can identify what they feel they are missing with the current system maybe you can get those functions for them.

Exchange versus UNIX based solutions

This sort of discussion went down at the University I work at a couple of years ago. That time period is now called by everyone (even the upper level of University management) the Email Wars.

For nearly two solid years, there was a large push by some in upper management to migrate our entire user base (some 80K students, faculty, and staff) to Exchange, regardless of the number of technical staff and managers informing said upper management of the large downsides, not the least of which forcing a client (MS 9X/NT) platform on the faculty.

That being said, we settled down to have a modest Exchange environment with about 5000 users across two campuses, and about 80000 users across two campuses using the freely available and open-source Cyrus IMAP server from CMU.

In the past year, there have been more serious security incidents involving executable content with the Exchange servers, forcing the University to purchase a Sybari license to prevent being overrun with virii. The Sybari stuff is not inexpensive.

My current position with the University is as a senior software/systems engineer. For the most part, I design mail systems. In my professional opinion, unless the features that Exchange gives you (basically calendaring and integration with MSOffice -- everything else, including folder sharing and collaberation are available in more secure products) are worth the amount of time and money that will need to be spent to secure the environment, it would be a bad idea for folks to migrate from an IMAP environment to Exchange.

Exchange in all our tests proved to be less scalable than a UNIX based IMAP solution. More people are required to support fewer users on Exchange. On top of that, individual servers crash often enough that it is not really an event when it happens. Admittedly, an individual Exchange server crashing only affects a couple thousand individual mailboxes, but they crash enough that spreading out load in necessary to maintain the illusion of continuous service. This is not a knock against the people running th Exchange servers. The Exchange admins I work with are bright, talented people. The server software crashes all on their own. Microsoft's own consulting people have not found a flaw in the Exchange system design here. The software just crashes often.

That is the security and performance part of my analysis. Beyond that, Exchange generally does not like working with the outside world. Mail routing can be an issue unless you have a very simple network design. Features in Exchange can be fairly confusing to even experienced users. My personal favorite in that vein forwarding. If a user wants to forward their mail another system (say a personal workstation) Exchange will munge the headers so that the original recipients of the message are not entirely clear. This has led to some embarrassing incidents where people have replied to messages that they thought were to them personally, but were actually to a distribution list. The reply went to the reply-to, which ended up distributing to everyone on the original list.

Even beyond that was the arrogant attitude displayed by Microsoft when bugs were reported. At one point, we discovered a bug that would crash the storage server when accessed via IMAP. Once a check was signed, their interest in working on problems with our existing implementation was gone. I know this should not be unexpected (Reboot, Re-install, Upgrade being the MS Tech Support Mantra), but when Microsoft representatives are in a room with the University officials and actually say words to the effect of, "Who are you to tell us what is wrong with our software", it at least validates the anecdotal opinion of Microsoft.

Much of this may not apply to your situation, but this might. When we did our studies of cost per user of a UNIX based IMAP solution as opposed Exchange, it ended up being an order of magnitude cheaper to use UNIX for the bulk of our email serving.

Add, don't subtract

I work in the IT department at a large state university (Montana State). We have a number of email servers on many different platforms, from POP on UNIX to pine on VMS to Outlook with Exchange server on NT. We offer options for everyone--some people just want the simplicity and efficiency of pine, some people want POP email with the added features of attachments, etc. that are easy to do on a POP client/server arrangement. Other people need calendars and scheduling that Exchange provides. We charge 10 bucks for email accounts and 90 bucks for exchange? Why? It's more trouble than all the others combined. Not only do the virus issues kill, but when people get their desktops upgraded, oftentimes it is difficult to transfer the multitude of Personal Folders, PABs, Offline Folders, plus maintain all the online stuff. But it's the viruses that are the worst. Everytime there is an outbreak, the idiots just open the attachments and spread it. Luckily for us, everyone has everyone else's email thru the exchange directory, so if one person opens it everyone gets it. We have protection installed the database, luckly, but that doesn't make it any less of a pain. When I LOVE YOU came thru, the virus protection deleted almost 900,000! attachments in a day and exchange was about 4 days behind mail traffic for the next week. The only advice I am going to give you is add, don't subtract. If you think Exchange is a SUBSTITUTE for a nice, reliable *NIX based POP mail, you have another thing coming. Just wait til the next genius virus writer comes along to fuck your shit up. Blah!

PHB's like calendars

As a former Exchange admin (well, and all the other BackOffice stuff too), I can say that PHB's like being able to see each other's calendars. Exchange/Outlook makes this really easy to implement and for a small shop (single server, and say under 100 users), it's really easy to set up right out of the box.

Has anybody had any experience with that *NIX MAPI product? What was it called? MailOne? I'd be interested in playing with that sometime I think.

Not just an email client

Sure, it may introduce a few headaches but thats what tech support is for. What it may do is make all of your other employees more productive.

Exchange w/ Outlook is much more than just an email client. In my office I don't plan a single meeting without it. Its nice to be able to plan a meeting while know everyones availablity. Its always a pain scheduling a meeting only to find out everyone is in another.

Forms are another Good Thing. I do all of my OT, Sick time, expense reports and purchasing through Outlook's forms. Forget the stupid paper trail.

Allof tasks are scheduled through outlook. If my boss wants me to do something, instead of telling me at the water cooler he sends me a task. I then have them all located in one central area so when I have idle moments I can quickly check off a few quick tasks.

Put this into a conduit with my PalmVx and I'm a travelling warrior ready to dish it out with the big boys.

Why not to use Outlook

I don't know much about Exchange Server, but I can give you two good reasons why not to use Outlook:

1. Forcing users from around the company to switch from products that they know and are comfortable with to a product that they don't know and might not be comfortable with is only going to frustrate them and alienate them from management and especially the IT deparment, whose "fault" they'll percieve this as.

2. Outlook is chock full of security holes. Thanks to those holes, it makes worms like Kak [claws-and-paws.com] possible, whereas it wouldn't be a problem with any other e-mail client.

Shared folders / Calendaring Works OK w/Sendmail

We use Outlook 97/98/2000 on the desktop but plain old Sendmail and qpopper as the backend on Sun boxes. Shared folders and calendaring work just fine - they are implemented with the "Internet Only" Outlook client via WINMAIL.DAT attachments, which get interpreted automatically by the clients.

Oh crap, Outlook 2000 just cratered on me again. Excuse me while I reboot before I blue-screen....

#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak

Re:Why Screw up a good thing?

If shared calendars are wanted, that's also available in StarOffice Schedule. You have to install a Schedule Server, of course.

Personal Experiance

Our company changed to Outlook. We got hit with the Love Bug Virus. We now have outages every week (scheduled lasting 6 hours) which is a pain for a 24/7 manufacturing shop.

On a related subject, we dropped Russell Calander Manager. Calander Manager imediately showed conflicts in schedules (vs waiting someone reading mail and replying) With Outlook, those checking the calander at the beginning of shift go to cancelled meetings or miss changed or recently scheduled meetings because there wasn't time to sift thru all the stuff in the inbox. With Outlook you have to open any mail that may contain a schedule event to update your calander. Same thing applies for cancelled meetings. I have found out about meetings after the fact. I have attended cancelled meetings. In Russell Calander Manager, some of the users were confrence rooms, vacations and the like. I could schedule a meeting and include the confrence room as an attendee. I could schedule Easter off and include the apropiate vacation slot as an attendee. It works first come first served. No arguements over who was first. Anyone else later would be get a conflict as the confrence room or vacation slot was unavaliable to attend. This made confrence room use a breeze. If you really needed a room, you could e-mail the person who scheduled the room to negotiate and they could re-schedule freeing up the room so it could attend your meeting. (the room auto accepted the first requester). With Outlook sometimes two groups arrive to use the same room. A person has to read all the mail for the room and reply to it later (not real time by someone not working 24/7). Therefore several people can get unconfirmed dates and times for a room. What a mess.

A few words.

I've had to deal with this as well, though not quite on the scale you are. SO many VPs and such seem to have come from using exchange somewhere else that they want it.

What do they want, though.. find out. THey obviously don't want exchange.. that's just a server. They probably want to use Outlook + appointment sharing. That's a big one. What else do they want?

On the bright side.. Exchange WILL support imap, and pop3, and has a web interface, and if you use any active directory stuff, it makes it even easier to use.. but wait.

If you are primarily a unix shop... there is a unix program (MailOne?) that supports exchange & exchange scheduling. Maybe check that out.

I think the issue is that, we say 'it's an internet email system; it's fine how it is now' but what they want is much more than that.

Show them the price of doing it properly (including such things as: all mail must be stored on server, redundant servers, single point of failure, etc). Draw it all up, and present it as a cost, because that's the bottom line.

Also look at notes.

Business Reasons

What you need to do is find the business reasons that they want to switch. Is there something specific they want to be able to do that exchange allows? If not, then it is stupid to switch. If so, you need to find out

a) what the costs are to implement said functionality with exchange

b) what the costs are to implement said
functionality without exchange

Include all costs - hardware, software, licensing, support, man-hours of work, user training, sysadmin time on installation of outlook on all machines, server maintenance, scalability costs, etc.

The problem with most decisions is that the full costs are hidden. It's your job to bring them to light, and to show what the actual costs are. If they are willing to take those costs for the functionality they want, fine. Its your job to give it to them. However, if they don't know all of the options and their true costs, then that's your fault. If the have the knowledge an make bad decisions, there's nothing you can do.

Some advice

If you find yourself backed into a corner and installing an Exchange server, buy a backup program that talks to Exchange and can back up the Exchange database live. Do not take no for an answer.

Exchange keeps everyone's mail messages in one huge database in a single file, which it then locks everyone else out of. And I mean *all* mail messages, unread and saved alike. So if you don't have a backup program which works with Exchange, to back up this file you have to take the server down (manually, no scripting here), back the file up, and bring the server back up. During the weekend or after hours, naturally- people don't like it when they don't have access to email during normal buisness hours.

Not backing the mail up is not an option. A single bad block can corrupt the whole mail DB, and trash everyone's mail. And we all keep mail around for one reason or another- often critical information is kept in the form of saved mail messages- all of which can vanish because of a single bad block.

This isn't Microsoft bashing. I've had this happen to a company I was working at (fortunately, I wasn't responsible for the mail server at that point). Save yourself the pain.

The one big file also accounts for the scalability problems of Exchange. Remember, this is running (by definition) on a 32-bit x86 machine, which gives you a maximum process size of about 3 gig. Mapping files larger than this so you can treat them as a data structure is impossible. This is why, as of a year or so ago, Exchange couldn't handle more than about 400 people per machine. They may have fixed this since then (I doubt it, but anything is possible). Don't take assurances- ask to talk to someone who is running 1000 people on a machine before simply beleiving that it can be done.

The old adage ....

Nobody ever got fired for using Microsoft, AIN"T quite true.
The company I work for is a Microsoft shop currently because of a certain person who is no longer employed here.

Now for the reasons NOT to go with Exchange:

• Security - Besides the cliche' 'number and type of security issues', Exchange is no fun when XYZ patch stops Exchange from running at all.

• Cost - Client licensing for Exchange ate over half of our IT budget two years ago. Adding to the those licenses costs us more per year than implementing another solution (or two, or three, ...)

• Dependant on WINS - If you've never worked with it, thank your lucky stars. We all know how M$ designs protocals, and this one (designed to suppliment DNS, noless), fails miserably and repeatedly.

This is to say nothing of the pains of going back to a *nix based system when your management realizes their mistake.

It has always been my opinion that management should not make IT decisions, based on the facts that; they (typically) have no IT experience, will not ultimately carry the burden of failure on an IT project, and are impressed by buzzwords. Anyone who is impressed by a word, should be taken out back and beaten/shot/hanged.

Given the choice between migrating to Exchange or damnation, I really can't see much difference. However, I would probably pick damnation cause I assume the reboots would be shorter.

Feature Set

Well, the best answer I could give you is it depends. What is your primary server base? Are your accounts primarily NT or Unix based accounts? The real strongpoint for many mail systems is seamless authentication, so it depends on your server base. Exchange 5.5 properly implimented is quite reliable, and so is the RTM (Release to Manufacturing) version of Exchange 2000. When I say 'properly implimented', I mean that you have to have someone who knows the product at least a little. If you have seen setups crash and burn, it's not due to the Exchange software bits, but usually to a dork who tries to B.S. his or her way through the migration/implimentation.
You also need to consider how big your IT staff is and what kind of skills they have. If your IT staff consists of a few very few knowledgeable people, then a Unix-based system can be installed and maintained through sometimes complex, but less often maintenance procedures. If you have an IT staff of scattered skillsets, then you might consider having a consulting firm install Exchange 5.5 or 2000 and have them document it all, then your staff maintain it. This latter option would provide easier maintenance with a lower knowledge-level requirement for staff members.
The point is, that if you're looking for a reason to hate Exchange, then I am sure you will find people posting here to commiserate with you; but you will also find just as easily people willing to commiserate over unix-based mail systems.
While not a popular stance with the younder slashdot readers, software isn't a religion, it's a tool. Good software meets a need with a minimized amount of cost- sometimes that cost is in software price, sometimes in staff salaries, downtime, etc. If you would like to talk about this more offline, send me an e-mail.

Here Comes the MS Bashing...

Exchange works well, when designed well. I've done Exchange deployments in companies many times this size, I've admin'd companies larger than this too. If you set it up and do your sites and organization layout correctly, you'll have few problems. 1000 users is NOTHING to Exchange. You can easily do that on one server in a single site, and it'll run itself.

OutLook has security problems. But step 1 is to put in a GOOD anti-virus app at your entry point to Exchange, and all other mailbox servers if you really want to cover yourself. Make sure and get a backup software with a good Exchange interface. I've used both ArcServe and Backup Exec, and prefer Backup Exec. An option is to do a brick by brick backup where you can restore an individual mailbox, but be careful as this is much slower than a database backup. Microsoft has a number of whitepapers on their site about the care and feeding of the Exchange database. With v5.5 most of that is no longer needed. You don't need to repack the database every few months like you used to.

They also offer some excellent whitepapers on optimizing the server. This mainly has to do with memory and how to set up the drives for performance and fault tolerance.

The appeal of Exchange over things such as pine and sendmail is integration of the calender and task scheduling. That is a HUGE feature for the management types.

The real question is to look at the reason to change. It will be effort to move mailbox info over to Exchange so make sure it's worth it. I do mostly Unix work now, but still use Exchange/Outlook for email. I just think it's one thing that Microsoft really got right. There are a number of companies with over 100K users on Exchange.

Exchange: okay to start with, dumb to switch to

Exchange has two "advantages" over it's competitors: it's easy to set up (compared to Solaris, sendmail, imap), and it presents a uniform interface for users.

The first isn't an issue for you since you already have Solaris et al. set up.

As for the second, there's no particular functionality that Exchange/Outlook provides that isn't handled by other, separate programs. That's just a matter of user education. You can run Netscape/CS&T's calendar server on the Solaris machine, if it's calendaring you want. There are some weird hooks into Outlook from some other MS products (DevStudio, for example) that can be replicated pretty easily with CVS and a shell script.

You're probably aware of the disadvantages. HA isn't an option: it WILL crash. You'll need a dedicated NT sysadmin if you don't already have one. Preferrably one who's had to rebuild an Exchange server after it's crashed (which can be a brutal, time consuming job) and not a fresh "I just got my MCSE so I must be smart" type. Expect to have planned outages weekly to reboot "just in case", because otherwise the monthly crashes will be unscheduled and will take significantly loger to recover from. The exchange box should be a really really beefy single CPU machine with as much memory and disk as can be managed (as in, it'll cost as much as a Sun), and nothing except Exchange should run on it, to reduce the frequency of crashes.

--

Exchange stuff:

First a bit of background about exchange.

1: There are 2 choices with exchange right now, 5.5 and exchange 2000.

I'll give some 5.5 background.

1: If you are using this in an enterprise, you will need Exchange Enterprise server. This will let you have a message store greater than 16GB's. (Unlimited)
2: If you want things like clustering etc. beware with exchange 5.5. it does not do it very well at all. Its an active, standby config. (1 is active, the other is standby). When the first one fails, the second pops up and has to start the services. So you may have between 30seconds - 5 minutes of downtime for "clustered failover". Also, for your clustered servers to work, you need shared disk. (They need to share the same array). This would mean you would need to buy a pretty massive compaq or something.

3: 5.5 offers ldap/pop3 and webmail.
The downsides of webmail. It is recommended (by microsoft) that you move webmail to different servers and have your users connect to that. They recommend you do 2 (IIS 4.0)web servers for every exchange 5.5 server.
If you run IMAP/POP3, your users must connect to the server they are homed on. They cannot connect to 1 server and in the backend be connected to the server their files are on. So if you migrate servers with pop/imap users, you need to change each clients PC.

4: If you want resources like conference rooms, that do automatic accepts etc. in my experience you need to devote a dedicated conference server to do accepts for this. This requires that the machine is always logged in running outlook. Ok well there are technotes saying you dont need this. Too bad I couldnt get it to work.

5: Exchange will NOT install without a true domain controller. That means you need a PDC installed on your net and your exchange server as a member server. (Samba will not cut it) (at least not 2.0.7)
6: Now lets analyze the cost, assuming this is an enterprise.
You have:
2 Big main servers
1 Shared disk array
1 Tape backup server
1 Tape backup software
1 Exchange plugin for the backup software
2-4 Pc's for webmail
1-2 Conference room servers.
2 NT Enterprise server softwares.
1 NT Server software (backup server)
4 NT Server software (webmail)
2 NT Server software (conf rooms)
Now there is also the licensing for every user you need to pay for. EVEN for your pop users etc. The rule is "if they have a password, they need a license".

Now it is not all doom and gloom. You do get some cool calendaring and stuff that people like. Is it worth it? Depends on how important things like calendaring and reliability are to upper management.

There are also some weird bugs with 5.5 SP3. (Sp4 was released this week, but I havent tested it yet)
a: When you migrate users from 1 server to another, mail to the user during this migration gets bounced (User does not exist). Moving large mailboxes can take up to an hour (or longer).

b: You cannot migrate users from 1 site to another. (You have to copy to PST, and then import to the other site). (If you didnt appreciate rsync, this will make you wish you had it.)

Now lets go to Exchange 2000.
Note: This is infromation gained from speeches, and grilling MS reps, not from practical experience!

1: You need an active directory server. That means you need to be running a MS Active Directory server for your network. This could potentially become a win if you had your unix servers authenticate against it via ldap. But then again, it could also be a nightmare. Just a hypothetical.

2: It now supports active/active clustering. (So if 1 fails you still keep chugging along.) The bad thing is to get 2 way clusters you need 2000 Advanced server. To get 4 way clusters you need 2000 Datacenter server. (not cheap) Again these machines need to be connected to the same array. So that would mean some big hardware (compaq etc.)

3: As part of AD, you can move users across sites now.
4: You need less frontend IIS servers (according to MS its now 1 for 2 (as opposed to 2 for 1)). However now every frontend IIS server needs to have a license for Exchange 2000 server. (did not in 5.5)

5: Improved ways for backup. (You can now have multiple backup types for your server, so that different types of users, can be backed up with different frequency.)

6: If you have pop3/imap users on different servers, they can get to them by going through 1 server.

The plus for 2k would be the active/active clustering and the fixes. But then again, you have a lot of changes to make to fit it in.

Conclusion

Depending on what your internal architecture consists of, you may have a lot more to change than just adding an exchange server. You might have to add in a PDC, or AD server. You will have to put all your users in there for authentication.

Be careful with trusts, sometimes they are not your friend.

Make sure you set up a new account to be the exchange server manager.

If you run 5.5, run the Mailbox Manager. It allows you to clean up mailboxes over time.

If you have legal or compliance issues, you can have exchange be like big brother and copy all mail (to anyone) to an account for review. This is called message journaling.

The costs will mount up quick. Depending how much you have in your existing infrastructure, a figure with costs for a reliable solution, with certain uptime requirements may be prohibitive.

That may be something to ask of management. "what are the uptime requirements for the e-mail system".

Oh and last and final: Whatever you do, frontend your exchange servers with dedicated unix servers for outgoing and incoming smtp mail. That way you have things like support for things like the RBL/DUL/RSS, as well as aliases, redirection to things like mailman lists, and many more.

Hope this helps

-- C

Re:Why Screw up a good thing?

Novell GroupWise. WAY more scalable, cheaper to install and maintain, excellent Web interface, *real* groupware functionality. No, you don't have to run it on a NetWare server. Yeah, it's from Novell. Is that really a valid reason to discard it out of hand?

Re:PHB's like calendars

In fact, the ease of shared calendars/public folders is the only real reason to think about Exchange. Contrary to what others may say, Exchange can play nicely with other mail programs, as it supports POP and IMAP with no trouble. If the powers that be have no interest in shared calendars and such, they can chug along with Outlook on their desktop just fine and you can keep your working servers up and handling the mail.

Another thing to look at is HP's OpenMail. To an Outlook client, it's just like talking to an Exchange server.

Exchange v. other MTA/Delivery systems

Once upon a time I was a consultant and had to discuss this issue all the time. Before we give you a counter argument, let's deal with what they are usually _really_ asking for:

-A single address list (OpenLDAP anyone?)

-Consistent look and feel to messages (Make everyone use the same format.)

-Ability to directly use rich content in messages (See above. Pine users will probably take a beating on this one though. Sorry.)

-Group scheduling (There's freeware that can do this. If the company is anti-open source, use the iPlanet calendar. If you use an HTML based scheduler, you can tell them how you're aligning the company for e-biz through the Extranet/Internet/insert buzzword of day here.)

I'm going to venture out on a limb and say that they are probably pro M$ techies or on the business side. If they are on the biz side, they only know what they've experienced and/or heard. M$ eXchange is commonly credited with providing all of that functionality. Now on to the points that you can use to counter this force:

- Cost. I wouldn't make the typical free software
argument at all. Avoid it with PHBs, it's a black hole. Rather I'd talk about the increased administrative costs, the poor ROI on software that gobbles up resources and the cost of outages.

- Reliability. I've been forced to live in several environments where exchange was implemented. Even in the best of them, the mail servers went down on average twice a week. Sendmail in a HA config is great since you can migrate the storage and keep on trucking. Let's not forget the ease of adding upstream MX spoolers in the event of a link problem. Ever use exchange
as a spooler? Ick.

-Complexity. Depending on how much mail your typical user gets/sends/processes, the amount of storage and processing requirements vary wildly for exchange. Odd are you'll have more than two servers (I'm guessing five.) Shared storage and data volumes? Good luck implementing this under NT 4/Exchange 5.5; remember that exchange sticks every message in a database which makes it a major PITA to even consider shared volumes.

-Productivity. It costs time to use outlook. Outlook is slow and difficult to use in comparison to netscape mail or even outlook express. They'll go for the directory argument so be prepared to bring up LDAP.

I hope this helps you out.

Exchange would probably be a bad move

Firstly, switching to Exchange means putting a Windows box on *every* desktop. I've worked at 3 companies now that have gone for Exchange for political reasons, only to find out, halfway through the rollout, that a small (but definitely non-zero) percentage of their staff only had a Mac or Unix workstation on their desks (furthermore, they were violently opposed to switching to a Windows machine).

Secondly, Exchange has *huge* hardware requirements. My girlfriend's company had to replace a single Unix server with 14 quad PPro Windows servers when they switched their European mail system to exchange about 3 years ago, just to support the same number of users.

Thirdly, Exchange is a complete pig without a very experienced administrator. I don't just mean a competant Exchange admin -- be prepared to spend significant money to get a decent one, if you want to have any hope of it being halfway reliable. Also, plan on downtime. Unlike Unix mail systems, Exchange seems to need to be taken down for maintenance every so often. I'm not an Exchange admin, so don't ask me why, but every Exchange site I've worked at has had to do this.

Finally, don't expect to find an exchange solution that comes close to a Sun HA solution in terms of reliability. The closest is probably a Data General Exchange cluster in a box, but if it were my money, I'd go for the Sun HA system. Since you've already paid for the Sun system, this should be a no-brainer, but I fully understand that management really are too dense to see that...

Run'em side by side. Compare for a week then...

This is a no brainer. Let 'em set up their system, run 'em parallel for a week duplicating all mail messages as the proxy and you'll soon see which hardware/software you want to toss.br

More strengths/weaknesses

More Bad

• To scan every message for viruses, you'll need a third party product, which will likely reduce performance and stability to the point that you have to turn it off
• Your unix users will realize that Exchange munges messages badly, for instance if it doesn't know what character set an 8-bit MIME encoded message is in (say it comes in as X-UNKNOWN) It will turn it into a message that says 'i have no idea what the character set is' and an attachment. This will nicely wreck any filtering they were doing, as the headers are gone, hidden in an attachment, and it makes it a pain to reply to the message, as hitting reply doesn't include the message.
• Your non-windows users will be happy to see that there's a web client, and then they'll use it. It will crash their copy of netscape. It will work, sort of. It will only allow them to add one person to a meeting request at a time, and will require them to psychically know what the person's exact Exchange name is. This will be harder for them than that ldap query script that the smart unix admin set up for the mutt users.
• It will be slower and less responsive than the old, cheaper unix mail server. One of the smart users will solve this problem by setting up a machine which does nothing but relay mail to the exchange server, thus making it so that the 'no more connections' message can be dealt with silently.
• It will offer great features that break annually. Even if you say, and this is being kind, that there will only be one day of unplanned downtime per year, which day will it be? Will it be the day that the contract with Rich VentureCapitalist was sent over?
• Somebody is likely to suggesting hiring an MCSE to run it. This person will get paid too much, not know RFC 821 or 822, or anything remotely technical, yet they'll drain the company of $80k/year, which could be better spent on more beer for the developers.

The Good

• It has a pretty GUI.

--
"Don't trolls get tired?"