RE: Exchange 2K3 and Server 2K3 versus SUN One Pros/Cons and Se curity Pros/Cons

From: Dean Davis (Dean.Davis_at_mbg-inc.com)
Date: 12/08/03

  • Next message: Meritt James: "Re: Epithet"
    To: 'Jimi Thompson' <jimit@myrealbox.com>, security-basics@securityfocus.com
    Date: Mon, 8 Dec 2003 12:54:55 -0500 
    
    

    I agree with the general consensus that Exchange, all versions, is not ready
    for heavy-duty, prime time.

    Does anyone remember Microsoft stating that future releases of Exchange
    would be based on SQL Server technology? That was certainly one indication
    of ESE's deficiencies. In my experience, Exchange works well on a
    standalone, non-RAID server.

     

    Thanks,
    Dean Davis, MCSE,MCDBA,CCNA,CNA,N+,Linux+
    Sr. Network Engineer
    MBG, Inc.
    370 Lexington Avenue
    New York, NY 10017
    P. 212.822.4429
    F. 212.822.4499
    http://www.mbg-inc.com

    -----Original Message-----
    From: Jimi Thompson [mailto:jimit@myrealbox.com]
    Sent: Friday, December 05, 2003 7:51 PM
    To: security-basics@securityfocus.com
    Subject: Re: Exchange 2K3 and Server 2K3 versus SUN One Pros/Cons and
    Security Pros/Cons

    Sarbjit,

    You are correct about the "upgrade" to ESE from a true JET. However, it
    STILL doesn't do all the things that a TRUE RDBMS like MS-SQL or Oracle
    are capable of.
    It doesn't cluster. It doesn't replicate. It also doesn't like being
    virus scanned. You are also correct that it doesn't like being on a
    RAID set up. That being said, I fail to see where it performs like
    "Microsoft SQL or Oracle". Given that ESE doesn't do any of those
    things, and is for almost all practical purposes is simply JET2003 and I
    fail to see where it is such an improvement.

    It can't handle any other process running against it's datastore because
    it doesn't have the ability to cache and then commit like a REAL RDBMS.
    Even according to your own statements, it can't handle running in a
    normal operating environment with a RAID controller and some anti-virus
    software. Given that it can't operate as one would expect in these days
    of RAID controllers and virus scanning software being required on mail
    servers, I stand by my "self-corrupting" statement. A mail server
    should be able to operate in a "high availablity" environment. Given
    that Microsoft has the code to MS-SQL, why is it that they haven't
    backended Exchange with that? It's touted as the premier of their
    database technology. Furthermore, if ESE is so good, why isn't it
    marketed seperately as a database? Microsoft markets the heck out of
    everything else.

    I also seriously doubt that your mail servers have been banged on by
    large numbers of undergrad students that send our professors emails
    infected with every virus and bit of spyware known to man. Our
    sendmail server, which acts as our spam prefilter has an uptime of 383
    days. We simply cannot remove the virus software. In addtion, we've
    had MICROSOFT come out an install the server on the second go-around.
    Our TAM has spent quite a bit of time on site, pretty much scratching
    his head. I doubt that this is something that we've done.

    I'm also not saying that other people won't run it and like it.
    Personally, I would not advise anyone to buy it unless I really hated
    them.

    2 cents,

    Jimi

    Sarbjit Singh Gill wrote:

    > I seriously think it is something to do with your hardware or at least
    >setup of your OS / Exchange which made it corrupt the databases. Also
    >worse case , somebody is opening the Exchange DBs using access thinking
    >it is a JetDatabase technology based database. Also make sure no virus
    >scanners, defragmentation software are accessing the mdb database.
    >
    >Anyway, Joint Engine Technology (JET) in earlier versions of Exchange
    >Server, evolved into the Extensible Storage Engine (ESE) in later
    >versions. ESE is a solid relational database technology similar to that
    >of Microsoft SQL Server or Oracle, although ESE's implementation is
    >quite different. Exchange 2000's ESE, a transacted storage engine that
    >works primarily with messaging and collaborative data, guarantees that
    >all database operations meet the Atomicity, Consistency, Isolation, and
    >Durability (ACID) properties. ACID properties for database engines
    >ensure that you can roll back transactions in the event of unsuccessful
    >completion or replay them in recovery. Microsoft uses ESE throughout
    >Exchange 2000, in places such as the Key Management Server (KMS) and
    >the Site Replication Service (SRS), as well as in Windows 2000's Active
    >Directory (AD).
    >
    >I have clients which have implemented Exchange 2003 (and before that
    >Exchange 2000) and never had problems like you have. Also one of my
    >clients, I just met up last week is a polytechnic and they have a 8-way
    >server running exchange 2003 and all is ok since they installed
    >Exchange 2003 this year.
    >
    >I don't think Exchange 2003 is "self-corrupting the JetDatabase Data
    >Store." There is no such thing. Like I mentioned above, the technology
    >isn't JetDatabase anymore. So somebody in your organization some setup
    >not done correctly. Verify all logs, event logs etc to see if there is
    >something not proper. Could even be a hardware based disk cache
    >mechanism which interferes with the transaction log management of the
    >databases.
    >
    >Kind Regards
    >Gill
    >
    >
    >-----Original Message-----
    >From: Jimi Thompson [mailto:jimit@myrealbox.com]
    >Sent: Friday, November 28, 2003 1:01 PM
    >To: tawilson@speakeasy.net
    >Cc: security-basics@securityfocus.com
    >Subject: Re: Exchange 2K3 and Server 2K3 versus SUN One Pros/Cons and
    >Security Pros/Cons
    >
    >I'm not going to tell you what you should buy, but I do suggest that
    >you benefit from my experience and my advice is that you should avoid
    >Microsoft, if if the alternative costs more upfront. We are a
    >relatively small (for email) Microsoft Shop running Exhcange 2003 and
    >we have had endless problems with it self-corrupting the JetDatabase
    >Data Store. It's been horrible. We've only got about 300-350 users
    >and we've had to reload (format the drives, reinstall the OS, and
    >restore from a back
    >up) the server 3 times since May, when it got deployed. If we hadn't put a
    >Sendmail sever in front of it to do spam filtering, we'd have lost days of
    >email. Fortunately, we have been able to configure the Sendmail server to
    >spool until we could bring the Exchange box back on line. As things stand,
    >we've lost a total of about 24 hours worth of email.
    >
    >It so bad that even though we are a university and Microsoft basically
    >gives us their products, we're looking at purchasing an alternative.
    >Right now the front runner is Samsung Contact (nee HP's OpenMail), but that
    >may change now that SuSE has released a new mail server.
    >
    >I can tell you from experience that the "new secure 'out-of-the-box'
    >2003" products aren't much better than their current counterparts. The
    >service isn't any better, it's just not "on". They also left a lot of
    >things turned on that I'd turn off in a "secure out of the box" OS. I'd be
    >happy to supply you with both NMAP and NESSUS scan results from various
    >machines that we've loaded. We've deliberately done some very vanilla
    >installs specifically so that we could scan them. Our experience indicates
    >that unless you plan on deploying Office 2003 as well, you won't be getting
    >any change in how Outlook (XP and earlier) connects to Exchange in any
    >event.
    >
    >iPlanet's big downside has always been documentation and installation.
    >Regardless of the product, their install process has tended to bite rather
    >severely. Part of what has traditionally made the installs so painful is
    >that their products are SOOOOOO poorly documented. If you guys have worked
    >with iPlanet/SunONE, you know what I'm talking about.
    >However, once installed and working they tend to be rock solid.
    >
    >There's other stuff out there though. I've got a pretty good list,
    >since we've been doing evals looking to replace our Exchange server
    >with something that actually works reliably and has all the groupware
    >features that our users want (namely calendaring). I'd be happy to
    >share my notes with you.
    >
    >HTH,
    >
    >Jimi
    >
    >
    >tawilson@speakeasy.net wrote:
    >
    >
    >
    >>Hello everyone,
    >>
    >>Our IS group is a current SUN Iplanet shop. We have Win2K3 AD running
    >>and
    >>
    >>
    >the majority of the server infrastructure is running on Win2K.
    >
    >
    >>We are looking to upgrade our Email infrastructure. Our current SUN
    >>Iplanet
    >>
    >>
    >implementation is about 3 years old. At the time of deployment it was
    >perfect for our environment. We needed to deploy web mail and at that
    >time there was/is no question that MS Exchange was not mature enough in
    >the web client.
    >
    >
    >>Our environment still has a HIGH demand for a web based client due to
    >>our
    >>
    >>
    >customer base.
    >
    >
    >>We are now talking with SUN about upgrading the infrastructure and
    >>moving
    >>
    >>
    >to their new Email infrastructure. We are also looking to determ if
    >Microsoft has come of age and does it now fit in to our environment
    >better then the SUN solution.
    >
    >
    >>SUN and Microsoft are preparing presentations as well as presenting
    >>SOWs
    >>
    >>
    >for our review and interactive discussion. I am interested in security
    >issues or design issues with either platform. We have users that need
    >to access our email infrastructure from around the world. Our clients
    >use UNIX (all flavors), MACs, Win2K/XP and some older MS OSs as well.
    >
    >
    >>So let me have it hit me with the good the bad and the ugly about E2K3
    >>and
    >>
    >>
    >Win2K3 as well as any SUN items you can come up with. Security is my
    >primary focus but I will addressing questions from all aspects to
    >presentation teams.
    >
    >
    >>I have not had a chance to see the new outlook client and the new
    >>"secure"
    >>
    >>
    >way it connects to E2K3 so if anyone has input to this I would really
    >love to hear that.
    >
    >
    >>Thanks in advance for any inputs I look forward to reading them.
    >>
    >>
    >>-Todd
    >>
    >>
    >>
    >>
    >>----------------------------------------------------------------------
    >>-
    >>----
    >>-----------------------------------------------------------------------
    >>-----
    >>
    >>
    >>
    >>
    >>
    >>
    >>
    >
    >
    >
    >-----------------------------------------------------------------------
    >----
    >---------------------------------------------------------------------------
    -
    >
    >
    >-----------------------------------------------------------------------
    >----
    >---------------------------------------------------------------------------
    -
    >
    >
    >
    >
    >

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Meritt James: "Re: Epithet"

    Relevant Pages

    • RE: Exchange 2K3 and Server 2K3 versus SUN One Pros/Cons and Security Pros/Cons
      ... "solid relational database technology similar to that of Microsoft SQL ... Server or Oracle, although ESE's implementation is quite different. ... guarantees that all database operations meet the Atomicity, Consistency, ... There are people who run Exchange happily and there are those who don't. ...
      (Security-Basics)
    • RE: DST update for Exchange 2003 and Outlook 2003
      ... The Ldp GUI tool is included when you install Windows Server 2003 Support ... Microsoft CSS Online Newsgroup Support ... DST update for Exchange 2003 and Outlook 2003 ...
      (microsoft.public.exchange.admin)
    • RE: Exchange restore on SBS2003 from SBS2000 backup
      ... I agree with you that using ExMerge is a good ... How to recover or restore a single mailbox in Exchange 2000 Server ... >> the Exchange database from the SBS 2000 backup to the SBS 2003 Server. ...
      (microsoft.public.windows.server.sbs)
    • RE: Exchange 4-6GB Mailboxes
      ... As one of your clients is trying to setup a new SBS 2003 R2 server and the ... Exchange database on current SBS 2003 server is near to 18GB limit, ... Microsoft Exchange Mailbox Merge Program Support ...
      (microsoft.public.windows.server.sbs)
    • RE: Windows server 2003 SP1
      ... I agree with Marina that you must keep the same server name to restore Exchange database. ... please also refer to the following KB articles for restore Exchange database. ... >Do the same for the public folder store ...
      (microsoft.public.windows.server.sbs)