Sembee Blog of Exchange MVP Simon Butler

Ten years ago I sat in my small flat in Hampshire, logged on to a web site and after handing over my credit card details a new company was born - Amset IT Solutions Ltd.

The name Amset I had been using on and off since 1997. At my first real IT job all of our computers were named after Egyptian gods and mine was called Amset. I continued to use that name for computers later in my career and when I was searching for a name it was the natural choice. I had amset.co.uk since 2000 but being naive, I had failed to pick up amset.com, which was registered a few months later. That wasn't a mistake I made again.

The idea at the time was to be an IT support company. I had been made redundant again and the job hunting wasn't going very well, so I decided to go it alone. That had always been my life goal, but it was earlier than I expected.

I took a mortgage holiday and had savings from an aborted house purchase earlier that year and took the plunge.

Alas my first foray wasn't very successful. I engaged a marketing company to assist me, but it quickly became apparent that I was going to struggle on two main points.

I didn't have a unique selling point, so it was impossible to make myself look different to all of the other IT companies out there.
The other problem was that it was just me and when companies asked about what would happen if I was unavailable, I was unable to answer (what I have called the run over by a bus question).

I did acquire one client in those first few months, and they are still with me today.

Therefore by September 2003 I was running out of money. The mortgage holiday was about to end and I had almost no business to show for it. I took a contract to keep my head above water and then found myself a full time job. I retained the company, but in that first year I turned over less than £5,000 - the company made no profit, owing me more than that.

The next financial year was even worse, with the company turning over less than £1000.

In 2004 though, I was introduced to Exchange 2003. My employer wanted to do a migration and I had to learn fast. I spent time on forums and realised I was able to answer more questions than I asked. That set me on the path to Exchange MVP status.

In late 2005 I got my first major Exchange job of my own. I took ten days off work and went and worked for them. I earned more on that first job for eight days than I did in four months at my full time job. It will not surprise you that I came back and immediately handed in my notice. I was on a three month notice period, so in February 2006 Amset IT Solutions Ltd became my employer again.

In early 2008 I had an inspired idea in the shower one morning, and created certificatesforexchange.com, which has been a huge success.

In 2009 I decided to change the company name to Sembee Ltd, as that was the name I was known as on the Internet, and it seemed a good idea to trade on that name rather than the previous name. I had already been using it for my personal Exchange blog, but it was becoming apparent that it was all merging together.

So here I am in 2013, with a successful limited company that has been based on all of my own work. The Exchange work is done exclusively by myself, I don't contract the work out. It was a very difficult road, but the work has paid off.

If you are thinking of starting your own business in IT, then some words of advice.

If you are on your own - specialise. Being too generic and you will just get drowned out by all the other generic companies. However do not be too focused. While I am an Exchange specialist, because of my background in general network administration I can do some Active Directory work, I often setup domains and resolve other issues unrelated to Exchange. My oldest client in Basingstoke I maintain their entire network, one of the handful that I do that for.

The next piece of advice is you need cash. I don't mean to get the company off the ground, but to live on. I took a mortgage holiday, but I was still burning through a lot of money every month. Work out what you need to live on and have at least six months buried away. I now retain six months of funds at all times - I keep mine in Premium Bonds. I can get it if I need it, but I don't have immediate access to it.

The final piece of advice is to take a break as often as you can. For some months while starting the business and the second coming in 2006 I didn't talk to anyone other than clients. Didn't step outside of my flat, was completely isolated. Not good for me.

While taking a holiday isn't always a good idea at the start (being away from a new business for a week or more might be fatal) there is nothing to stop you from getting away for a few hours.
I started to visit the New Forest, which is about an hour away, going right down to the coast. There I would visit Hurst Castle, which is on the end of a long spit in to the Solent. I would just walk out to the castle, walk round and then walk back. My Blackberry works all of the way because the Isle of Wight isn't far away, but it got me out and because of the wind blew the cobwebs away. Very invigorating and just cost me the petrol money.

I hope you have found this article interesting. I will be returning to blogging on Exchange over the next couple of weeks. Here is to the next 10 years. 

If you were affected by the Blackberry Internet Service outage today (10th October 2001) and your Blackberry connects to an in-house email server running Exchange server (2003 or higher), then you really should be running a BES (Blackberry Enterprise Server) or BES Express (BESX).

A Blackberry connected to a BES/BESX gives you the full functionality of the Blackberry with true two way synchronisation of Email, Contacts, Calendar and Tasks. It is an extension of your Inbox. No need to maintain two sets of data that kind of synchronises. 

If you use BESX, then the software is free and you do not have to change your device subscription/tariff. For smaller installations the software can be installed on your server in  a few hours and give you complete control over the devices that connect. 

If you are in an industry where the email traffic is sensitive, the data exchange between your Blackberry and the BES/BESX cannot be intercepted as the encryption is managed by your server, not the one at RIM. This provides a more secure mobile email solution. 

Through my company Sembee Ltd, I can install and configure a BES Express for you for just £250 plus VAT if installed on to an existing server (other terms and conditions apply). That includes post installation configuration and guidance on maintenance, handset setup etc. 

For more information, contact me through the company web site at http://www.sembee.co.uk/ 

Just spoken to the Technology Editor at BBC Online to provide them with some background information on the Blackberry infrastructure following today's outage. 

http://www.bbc.co.uk/news/technology-15243892 

I briefly explained why Enterprise users were largely not affected. 

This is part three of a three part posting of a recent case study.

Part 1 - Part 2

Networking

With all the changes we had to look at the networking. 

Internet Access

With the server in the data centre, the issue of bandwidth over the WAN connection became critical. 

Therefore the client upgraded their line to a 2mb SDSL line, although due to the distance from the exchange, we only get about 1.5mb. 

A second internet connection was also brought in. This is a basic connection which will be used for backup purposes only. In the meantime we have put a wireless connection on to it for use as a guest wireless. No connection to the production network. In the event of a failure of the SDSL line, a cable will be moved to use the backup connection. Not completely automated, but for this client, good enough. 

The servers in the data centre are connected to the production network via a site to site IPSEC VPN. This VPN is managed by pfSense, which sits in a virtual machine. Using the VMWARE virtual switches, the internal servers are isolated from the internet. 

As I wrote in part 2 about the servers, all traffic between the two servers and traffic from the internet goes across the VPN. What this means is that if the primary SDSL link is dropped, then all I have to do is reconfigure the VPN to use the backup connection. No need to make any DNS changes, and data remains under our control. 

All three internet connections - the SDSL, ADSL backup and data centre are covered by OpenDNS to provide a first line of protection against nasty's, but also stopping staff from browsing to sites they shouldn't be. For the guest wireless, the settings are more strict, so that the link cannot be abused. 

Internal Network

A production wireless network was also introduced, using two access points that have covered most of the building. This gives freedom to locate printers and other networking hardware. 

We also used the Windows 7 excuse to remove the last desktop printers, so the only printers left are networked. Although a HP Deskjet 4 which has been recently serviced was reprieved and a Jet Direct card picked up off eBay for £20 meant it was back in action as a network printer. 

When I did the original network I implemented a dual speed network. This is where all workstations are connected to a 10/100 switch, with a gb uplink to a 1000 switch. This was retained. A further switch was put in between the router from the ISP and the software firewall. This allows a machine to be connected to be outside the firewall. 

An APC UPS with a built in network card was also retained, which has more than enough capacity for the two servers and with the APC network tool installed on all the virtual servers, it will shut them down gracefully. 

Network Documentation

The network is documented live through OneNote. An Office 2010 licence has been used on one of the domain controllers which allows access to OneNote. Of course this is replicated live. As changes are made, they can be quickly updated in OneNote. So while the network documentation isn't any kind of formal, well written format, it is in such a way that could allow the network to be rebuilt. 

Did everything go to plan?

Given the size of the job, and the massive change that went through, things went quite smoothly. 

One of the servers was dead on arrival, BT took a while to install the SDSL line, and then more time to get the backup ADSL line to run at a decent speed. 

Printer publishing didn't work correctly, I had to completely redo group policy, the VPN didn't work initially for the clients and I completely forgot about expiring passwords with the roaming users (its been a while since I ran a large laptop fleet). Drive mappings initially worked when they felt like it. 

However overall the client is very pleased with what they have. 

Finally

At the end of 2010, the client's location had issues with access due to the weather. However the replacement network configuration allows all staff with computers at home to work from home, connecting via remote desktop gateway. 

The future

Now this work has been done, we can look ahead. 

With complete control over the entire platform server and workstation side, internal applications can be developed easily. An internal web application is already under development, and I have told the web developer to develop for Internet Explorer 9. It is my intention to implement the new IE 9 jump lists. A Blackberry interface is also under development, as this can be accessed via the BES Express that has been installed. The new Blackberry Playbook is being looked at with some interest. 

This new deployment provides a firm platform for some time to come, while significantly increasing the productivity of the end users. 

Project Conclusion

By making use of VPN technology and the server that has been located in the cloud, we have removed the dependency on any one ISP. This plays a key part in any business continuity, and in the day to day use of remote access for the mobile workers. It also means that as new internet technologies, such as Fibre to the Cabinet become available, those can be easily implemented with very little disruption to the business. 

Crucially though, by using native to Windows and Exchange technologies, the complexity of the network has not increased very much. There is very little proprietary technology in the network, so there is no vendor dependency other than Microsoft and VMWARE.

By using virtual machines, we have removed most of the hardware dependency, so replacement servers could be deployed from pretty much anyone in the event of a significant problem. 

Finally, it just works. Since it went live in late September 2010, it has not provided any major problems.  The business just gets on with what it does. 

This is part two of a three part case study of a recent network rebuild I carried out. For part one - click here: http://blog.sembee.co.uk/post/Case-Study-2-Part-1-Network-Rebuild-Intro-and-Workstations.aspx 

Servers

Now to the interesting bit. 

The server design was in my head for months, and then got completely redesigned following the client wanting to go with my suggestion of replicating the data off site. 

What we had was two HP ML350s, an old IBM and a HP desktop as the BES server. 

What we ended up with is three DL380s, two on site, one in the datacentre. 

All three DL380s are running VMWARE vSphere 4.1. 

VM1 - Two Windows VMs - a DC and a SQL Database server and a Linux based firewall. 

VM2 - Three VMs - a DC, Exchange 2010 and an application server. 

VM3 (in the data centre) - a DC, Exchange 2010 and a SQL database, plus a Linux based firewall.

As we are going to replicate Exchange data using a Database Availability Group, we needed to use Windows 2008 Enterprise edition. As Enterprise edition allows multiple installations of Windows on one physical machine, I decided to split up the functions in to dedicated servers. 

Furthermore, with more and more software products using SQL, and the client using SQL for an internal task, a dedicated SQL server was used. 

All three servers lived on the same network for a week, before the third server went off to the data centre. 

Data Replication

For real time data replication of the file structure, the network uses the latest version of DFS, built in to Windows 2008 R2. This works very well. 

For replication of Exchange data, a DAG is used for mailbox data, and native Public Folder replication. 

For SQL, this is mainly in the form of a backup, which is replicated to the data centre server shortly afterwards. Nothing the client does requires live replication of the SQL data. 

Exchange

Being an Exchange MVP, the design of the Exchange part of the platform was quite important, and everything has worked as I expected. 

The server that lives in the data centre is the only one that is exposed to the internet. All email comes in and leaves through that server. This provides a number of key benefits. 

• In the event of a loss of the main office, all email is coming in to a server that is under our control. We don't have to worry about email bouncing or being lost. 
• The dependency on the ISP at the main office is also removed, which I discuss further in part 3 networking. 
• Spam filtering is being done on the faster bandwidth available in the data centre.
• I have also pointed OWA and Outlook Anywhere traffic at the data centre server, not only for speed reason but if we have to use a backup internet connection, the clients don't have to be touched. This means that all inter-server traffic goes over the WAN connection. 

An RPC Client Access array is configured for outlook.example.local which points at the local CAS server, but allowing for easy changes in the event of a full failure. 

We also updated the Blackberry Enterprise Server from a very old version 4.0 to a 5.02 Express server. This is installed on the application server, with its database on the SQL server. 

Other Bits

WSUS - there are two WSUS servers in place, with the workstations pointing at a server in their office, and the laptops pointing to a child WSUS on the Exchange server in the data centre. This means that the laptops can pull their updates straight from Microsoft, whereas the desktops pull theirs from the local WSUS server. This saves bandwidth. 

As we had to use Windows Server Enterprise edition, which allows the use of four virtual machines, the server in the data centre had a spare. Therefore I have built a web server. Installed SmarterStats on to the server, which can only be accessed from the internal network. This means the client was able to change their public web site hosting arrangement and save money there. 

SmarterStats also allows use of OWA to be tracked. 

For backups, we dumped tapes, and Backup Exec. Switched to two Iomega Network Attached drives, with the backup job controlled by Backup Assist. The drives are exchanged each day, but are being used for archive purposes only. For full scale recovery, the copy in the data centre would be used. Shadow Copies is also enabled to provide additional levels of security.

The VMWare platform is managed by a vCenter server installed on the application server, with monitoring provided by Veeam's monitoring application. 

Remote access to the site is available via Log Me In, Remote Desktop Gateway and VPN. There is also the option of accessing the network resources with their Blackberries. This came in very handy when I couldn't remember a password in the data centre and needed to look it up on the password database (SecretServer from Thycotic) which has a mobile interface. 

Server Conclusion

In effect, the client now has their own mixed cloud and on site implementation, just they aren't sharing anything with anyone else. Data is stored off site, in real time. Traffic from the internet comes in through a static location which is secure, and fast. The client almost has a complete business continuity plan for a lot less than they would ever dream of. 

Part Three - Network is here: http://blog.sembee.co.uk/post/Case-Study-2-Part-3-Network-Rebuild-Networking.aspx

Very occasionally, you get to do a job which you really enjoy. Being able to put lots of things that you have learnt over time in a single client deployment and make a very satisfying job. 

At the end of 2010 I completed just such a deployment.  

I could go on for hours about this deployment, as there are so many little things that were done, which I haven't had the chance to do before, or just make it a much better network. As I have complete control over the network, and have done for some time, I can ensure it runs exactly as it should. 

Only 40 users, so enough to use networking kit with. 

First, some background. This particular client is my oldest client. I have had them since about week six of my company. 

Just over 5 years ago I rebuilt their network, replacing their servers with a new domain, and all workstations were rebuilt. This was the first time I could try the locked down workstation method, as they had no proprietary or awkward third party application that "required" admin rights to run correctly. All desktops, and the one laptop didn't leave the building. 

Windows 2003, Exchange 2003 at the back end, on three servers, two HP and a very old clunky IBM which died last year. 

Clients were Windows XP, Office 2003. 

However it was starting to show its age. Three hours to setup a new workstation was becoming a joke, and the cost of server maintenance was getting higher all the time. 

Therefore it was decided that it was time to change the lot, all in one hit. 

Yes, you read that correctly. On the Monday they had the above, by the end of the week it was all changed. 

The first question then is how we could get away with doing a big bang change like this. 

It wasn't the original plan. I was looking at maybe changing the servers this year, then the workstations next. Office 2010 had just been released when planning started. However there was a keenness to do more, introduce laptops for some mobile workers so it was decided to make the change all at once. 

Furthermore, because the workstations were locked down, and were a basic build (Windows XP, Office 2003, AV, and a terminal application), with all relevant data redirected to a server, the amount of work that the move required would be minimal. The key company application is a database system that runs on Unix (which fortunately I have nothing to do with). The workstations are basically an office document and web browsing station. 

Then in a planning meeting I just happened to mention that we could replicate all of their data off site in real time for a lot less than they thought. So replacing the two servers became three, with replication thrown in as well. 

So this and the next two blog postings are a quick overview of what was done. If you would like to see it in action, and want me to do the same for your company, please let me know (UK Only). 

I am going to divide the rest of this blog in to three - workstations (below) and servers and networking which will have separate posts.

Workstations

This is quite easy. 

During the last 12 months of the previous XP/2003 based network, all replacement workstations were bought with the upgrade in mind. Minimum of 2gb of RAM and Windows 7 licences where possible. 

However a number had to be replaced, plus for the first time an active laptop fleet was introduced. 

This initial preparation work though made the initial deployment much easier. 

Desktops were Windows 7 Pro, Office 2010, Adobe Acrobat Reader, AV. The flash player was installed fresh, plus the terminal application. Installing off a memory stick, I was turning each machine around in about 45 minutes. 

Laptops were Dell Latitude, software as above. However we also added built in 3g cards so the users could work anywhere. Part of the plan (which I am not involved in) is to provide a web based access to their core database and inventory system. 

I also suggested, and was taken up, that every user, from the CEO down, was given a mandatory training session. So each staff member did a half day on Windows 7 and Office 2010. We found a local trainer, who created a bespoke course for the client. I explained what I wanted them to know. 

It should be pointed at this point that a large number of staff in this client are rather mature - I think I am still one of the youngest in the building when I go to visit. A change from Windows XP to Windows 7 would be quite different. The training was not only to show them how to do things, but also to simply give them confidence that they wouldn't break it. 

Therefore they were trained how to change the wallpaper, jump lists, gadgets. A brief overview on internet security and the like. They were trained on their actual workstations, so after the training was complete, there was a frantic period of machine change rounds. This meant that when they returned to their desks, things that they had done during training were still there. I felt this was important for adoption of the new platform. 

The new laptop users were given a slightly different course, which gave them a grounding in looking after the laptop. For most of them, this was the first time with a laptop. 

The client operates a conveyor belt system with desktops. New desktops go to the power users, with the slower ones going down the food chain, before eventually being removed. Therefore we started training with the power users on new desktops, while their older machines were rebuilt for the next session, and so on. This meant that during the training sessions I was rebuilding machines the users had just left. It got rather frantic. 

I rebuilt 9 machines in one day at one point, and put in 11 hour days four days on the trot. 

The end result though is that the client now has a complete desktop and laptop fleet that is on the latest OS and Office version, locked down, with the benefits that brings from a management and security point of view. 

In Part Two, I shall go over the server configuration. http://blog.sembee.co.uk/post/Case-Study-2-Part-2-Network-Rebuild-Servers.aspx 

I am pleased to announce that the domain exbpa.com has been saved for the Exchange community.
This was a domain that Microsoft first used a few years ago to point to their (at the time) recently released Exchange Best Practises Analyser. There are thousands of links to this domain across the internet as well as in books and magazines.

However Microsoft recently decided to allow the domain to lapse and early this morning it was finally deleted.

Fortunately I was able to register it myself through my consultancy company Sembee Ltd and therefore kept it out of the hands of a domain squatter. 

I have uploaded a slightly modified version of the list of Exchange resources that I maintain at Daniel Petri's forum, which as well as the links to the Exchange Best Practises Analyzer, also contains links to other Microsoft tools, blogs etc.

http://exbpa.com/

While it is not the best designed web site in the world, it does the job. Hopefully the Exchange community will find it of some use.

As you may be aware, my consultancy company is Amset IT Solutions Ltd. If you hire me, then this who you pay your bills to. As from 1st April 2009, that company name is no more. I changed it to Sembee Ltd.

There are a number of reasons why I changed it, the main one being to more closely link the company to me in an attempt to increase business. I also wanted a shorter more general name for business purposes.

It will take some time for the change to be reflected in everything I do, for example the branding on amset.info is still amset, but sembee.info points to the same place.

That was also the reason why the blog URL changed to blog.sembee.co.uk, as I wanted to use www.sembee.co.uk for the company address.

Otherwise everything else remains the same.

Something I have been doing frequently for the last 18 months of so is cleanups of SBS 2003 servers and their associated networks. I have a number of clients in the IT Support industry who ask me to clean up their client's servers. Two of them get a new client and the first thing they do is ask me to look at it and make recommendations.

In many cases it is minor cleanups or ensuring that everything is up to date. However one that I have done just recently deserves a blog posting on its own.

Background

New client for one of my IT Support clients.
They said that their client didn't think that there had been much maintenance done by the previous support company and the AV had expired. They were also looking to use Windows Mobile devices but were having problems getting it to work.
It had already been agreed to deploy AVG, so I was asked to look at the site and report what was required.

Seven users, one server, low level of email use apparently. Old school was the phrase that was used to me when describing the company.

I was shocked, to say the least.

Server

SBS 2003 RTM.
Thankfully I was sitting down when I saw that. No service packs, no automatic updates nothing.
DHCP was being run by the router, not the server.
DNS wasn't configured correctly.
The AV had indeed expired - 18 months ago. It was Symantec as well.
POP3 connector for email collection
Most of the wizards hadn't been run correctly.
Various other bits of junk on the server
The backup wasn't configured correctly, therefore the Exchange transaction logs were building up. There were four years of transaction logs.

Clients

I was able to get on to one of the clients.
Windows XP SP1
Office 2003 RTM
Same expired Symantec AV.
Adobe Acrobat Reader 6 (remember that?).

It was like the site was stuck in 2004. The site was deployed and never touched afterwards.

Anyway, I like a challenge.
Did I mention that the site was 350 miles away, and I was working on it remotely?

The positives?
I tried.
8mb ADSL getting 5mb on the bandwidth tests, which was ok. Plus it had a static IP address. The server had lots of space on it, it was a good configuration, multiple arrays, 2gb of RAM. It was a Dell system and the original suppliers had obviously installed it fresh as it didn't have the Dell issue of a 12gb root partition. However the rest of the server hadn't been done correctly.

So what did I do?

To begin with, over a course of two nights in the week, I downloaded the updates I needed

Windows 2003 SP2
Exchange 2003 SP2
Windows XP SP2 and SP3
SBS SP1
SharePoint Service Packs
WSUS 3.0 SP1
Office 2003 SP3
AVG Admin and the main Application
Adobe Acrobat 9.0

I asked my client to purchase an SSL certificate credit from https://DomainsForExchange.net/
I also asked for access to their domain name configuration, and web site.

Finally I asked that all the workstations be left on over the weekend and a tape left in the backup drive.

Before I started, I corrected the backup job.
This not only provided me with a backup of their data, it also flushed out almost 15gb of transaction logs, which made the server a little more snappier. Once the job was finished, I ejected the tape as a precaution.

With a successful backup, I could then begin the real work.

I started off by flashing the router firmware to the latest version, then reviewing its configuration.
Then started on the server, downloading the latest BIOS and drivers.
Windows Service Pack was first, then the driver updates.
Rest of the service packs as required, concluding with the WSUS installation. I then set that to sync and started on the workstations.
Symantec AV was removed and the AVG installation was setup and configured, ready for installs on the clients.

I moved the data around on the server as per the best practices.
Using the SBS Best Practises tool, cleaned up any issues that flagged and reset the backup job to backup correctly. 

Each workstation had the Symantec AV removed, the Adobe Acrobat removed and then was brought up to SP3. Rebooted as required.
Office 2003 service pack installed along with the new version of Acrobat Reader.
The workstations also got updated BIOS and drivers.

AVG was installed on the systems, updated and a full scan carried out.
They were very lucky. While a few things were found, they were not serious and

I setup the client with an OpenDNS account and changed the configuration of the server to use that. DHCP was removed from the router and moved to the server. However before I did that I carried out an IP Address scan and found a network printer. A nice HP LaserJet. Fortunately it was configured by defaults, so I was able to connect to it, update its configuration and firmware. Then downloaded the latest drivers from HP and installed them on to the server and shared the printer from there. On each client the printer was changed from direct to the shared printer.

The SSL certificate was deployed with a real name following some DNS changes, and the relevant port opened on the firewall (443). Yes I know SBS can do that for me, but I needed to retain control.
Configured a split DNS system so that the external name on the SSL certificate also worked internally.

I also downloaded and installed PRTG Traffic Grapher and configured that on the server to look at the router. Created a mini admin web site on the server, with PRTG on a web page, along with the AVG status page and a web page to manage the IMF quarantine emails.

By this time WSUS had synchronised, so a few group policy changes had the client talking to that. I ran a few scripts on the client to get them to call in correctly, then left them to download their updates for a few hours.

Once the updates were in and installed, and the systems rebooted, close to finishing.
Secured the server for SMTP email and then changed the MX records to point to their static IP address.

Tested Exchange ActiveSync from outside, along with RPC over HTTPS, OWA and confirmed it was working.

Finally set all systems to defrag. 

There were also a lot of very small changes that I do on every site which are simply too numerous to list (plus I can't remember them all).
I was also available on Monday morning for any issues that came up - there were none.

Rough tests on start up times of the server and workstations showed that I halved the time they took to start up.

The job took most of a weekend and basically involved three or more years of maintenance being done on the network in that time. Once it was complete I dropped an email to my client with a list of what I had done (pretty much what I written above), recommendations for future work and a bill for £2,000.

Probably the best bit was the feedback from the end users. It felt like they had a new network, everything worked, faster, things we where they should be etc. Overall everyone was very pleased.

Ultimately, they were lucky. As they had a router and their email traffic was so low, they didn't get hit by anything major that would have caused a problem. They were badly exposed though and if something had got in then it would have run amok.

The Sales Pitch

If you are in the UK and either a direct user of SBS or are supporting SBS Servers, then I can do something similar for you. Server cleanups start from £250 (+ VAT) depending on the work that is required. I will look at the server and tell you what is needed and quote on that basis. Additional bits (like SSL certificates, AV licenses etc) need to be purchased separately.

If you are a support company, then this type of work can give you a quick win and provide you with an immediate impact with the client. The simple change from POP3 connector delivery to SMTP delivery is normally enough, without the other background work.

In the vast majority of cases, this work can be carried out remotely, out of hours. It does not require a site visit, simply remote access is required (Log Me In is my preferred method).

Similar work can be carried out on the full product over multiple servers.

However, here is the interesting bit… the financials.
The client who I did this job for was prepared to buy additional hardware and software from their previous support company to resolve the problems - which the previous support company had caused by not doing the maintenance correctly. Someone suggested getting a second opinion, and that has saved them money. Their original outlay will now be fully utilised and they will see benefits. Since that work was carried out in mid September they have started to use Windows Mobile, and are now looking at laptop use. Productivity has increased - simply by investing some time in their existing infrastructure, rather than purchasing new and going through the headache of a migration. Despite everything I did for them, Monday morning they were able to come in and start work immediately, with no significant impact on their business, other than the "wow" factor.

Would your company like to use Exchange 2007, but are finding the costs too high, you don't have the internal skill set or just want to outsource it?
However have you found that hosted Exchange is too limiting for your company needs or you want a more personal approach to the management of your server?

If so, then we may have the answer.

I have recently been talking to a few clients who would like Exchange 2007, but for various reasons cannot justify their own server. They have also expressed a desire for it to be managed by someone they can get to know, rather than a request going in to a helpdesk queue and being completed by an unknown person. 

Therefore what we have talked about is a number of companies getting together to share an Exchange server and the management costs. This server would have a limited number of users, and would be managed by myself. My company would acquire the hardware, arrange hosting at a data centre, setup the server and then manage it.

However to make it worthwhile on costs, time and other investment, we need a few more mailboxes. Ideally we are looking for around 200 mailboxes, we currently have expressions of interest for around 75 mailboxes.

The monthly cost that is currently being looked at is £15 per mailbox per month, with a £100 per client per month management fee and maybe a setup fee. Numbers are not exact as it depends on how many mailboxes we get. If we get 400 or more, then multiple servers could be used, which will bring down the expense as the cost of the domain controllers and additional network hardware will be shared between more users.
We would also need to have a 12 month commitment to the service so that financing etc of the software and hardware can be arranged with some idea of the income flow.

At this time it is planned that each mailbox would have 2gb of space, plus there would be public folder space as well.

If you are interested, then please let me know through the company email address of contact @ amset.co.uk with the number of mailboxes you may be looking to host and whether you would be interested in Blackberry support, and the number of devices. We must ask that you do not contact us if you are outside of the UK, unless you have a UK billing address and the majority of the users will be located in the UK.

Please note this isn't going to happen overnight, once the legal stuff has been dealt with, the hardware needs to be acquired and setup, so it could be early April or later (at the time of writing) before we are ready to go.

Support for the migration from your existing solution should be included - although it depends on what you are currently using.

I appreciate that much of the detail is not exact, at the moment we need to find out how many others could be interested before proceeding any further.
I have written a brief FAQ below which should answer some common questions, although if you do have any queries, please contact me on the above address and I will attempt to answer them and also update this page.

AT THE TIME OF WRITING THIS IS NOT A SOLUTION YOU CAN BUY FROM US TODAY.

PLEASE NOTE THAT FOR LEGAL AND INSURANCE REASONS THIS SERVICE WOULD ONLY BE AVAILABLE TO UK BASED COMPANIES.

FAQ

Q: Isn't this Hosted Exchange?
A: It is a form of hosted Exchange, and we will be using the Microsoft Hosting licensing system to license the software. However the idea is to offer a service that is more flexible than those offered by Hosted Exchange providers because there is no control panel. Furthermore you know who is managing the server, that they built it and are aware of how it is working. I see it as taking the best bits of Hosted Exchange and having your own server, and putting them together.

Q: What don't we get that we would get with Hosted Exchange/Our Own Server.
A: You don't actually loose a great deal.
From a hosted Exchange point of view, you will not get a control panel or access to any kind of administration interface. Anything you want done from an admin point of view will need to be asked for and I will make the change for you - just as it would if you had your own server - you would ask your network admin or support company.

Things missing from having your own server will include your choice of antivirus and antispam, as we will need to use a solution for all users as it protects the server. You also don't have access to the admin console yourself.

Q: Will we see the other clients in the GAL etc?
A: No. Address list segregation will be used to make it appear to be your own server. While this isn't a traditional hosted Exchange environment, I will be using the techniques from Microsoft on setting up a hosted Environment to provide a secure deployment for all users.

Q: Will it be secure?
A: Yes, this will be a deployment done to best practises. Commercial trusted SSL certificates will be used, behind firewalls with the relevant ports open. It will be just as good as a deployment in your own office.

Q: Will we have access to all features? OWA, Windows Mobile support?
A: Yes. Everything Exchange offers will be there, except for Unified Messaging - see below.

Q: Blackberry?
A: Maybe. There are other issues with Blackberry, such as support for Exchange 2007 SP1 and paying for the licenses of both the server and the CALs. If you are likely to be a user of Blackberry, then please indicate that along with how many devices.

Q: What about Unified Messaging?
A: To begin with there will be no Unified Messaging support.
However I am already looking at how UM could be used with remote server for another client. This could be possible if you already have VOIP technology in use or by hosting the media gateway at your own site. That may mean having a different type of Internet connection in to your own office, and maybe increased bandwidth costs for everyone involved.
There are also security concerns to be addressed, so use of UM may be possible long term, but not at the start.

Q: Contract, SLA etc.
A: Can't answer questions on those bits yet, as that needs to be worked out if we went ahead with this project. There will be some kind of contract and SLA, however those details would need to be resolved once the project starts. That would also include support details, how to make requests, track requests etc. The operational details are a long way away.

Q: What about if you are not available?
A: Finding someone who back up me, in case I am not available to look after the server for whatever reason. Whoever I choose to use will be of high quality - I have very high standards and you will know who it is.

Q: Backups?
A: There will be some kind of backup solution, exactly what I do not know at this time. Certainly Exchange options will be used where possible, and then some additional backup will be used to protect the data in the event of server failure.

Q: It is more expensive than x service provider.
A: That maybe so. However this is highly customised solution with support from a named individual. This is not a "pile it high sell it cheap" solution based on price. This is a quality solution. I would compare it to buying a car, such as a 1978 used Mini to a brand new Mini. Same name, both cars, but very different in what you would expect.

Q: So what do we get that we wouldn't if we had our own server?
A: The first thing is less worry. Someone else worries about the server, the data, whether it is working correctly, bandwidth and use.
Next, you have peace of mind that it is managed by an experienced Exchange consultant, which is not something you may well expect to have if you had your own server. No need to worry about someone who doesn't know what they are doing playing around the with the server.
The server will be located in a data centre, so it will be protected and available to you where ever you are. If you have a high number of users out of the office, it may well be a better performing solution than hosting your own server.
There could also be opportunities to enhance the solution buy purchasing additional software products on a per server basis. While the cost may not be economical for 20 users, for 200 it becomes something viable.