We now have all of our new servers running Exchange 2010. The number of CASs is now up to fourteen – to allay our fears about IMAP users with 100,000 items in their inboxes – and we’ve also now installed six hub transport servers and the ten mailbox servers.
The CAS installation gave us a minor headache but that’s largely because of the way that we operate. We are far more like an ISP’s email service than a conventional business implementation of Exchange. This means that our mobile users aren’t limited in the standard corporate way – in theory we can expect anything that offers email as a legitimate client device. Because we can’t be seen to restrict personal devices we don’t apply an Activesync policy. But Microsoft didn’t apparently envisage an organisation with no policy at all; the new CASs had the ‘helpful’ behaviour of creating a new (blank) policy on our behalf.
We were at least expecting this behaviour and were standing by to delete this new policy the second that it appeared. But alas with 50,000 users there’ll always be someone who has a device that connects during the nanosecond that the new policy is out there. And so it came to pass: a handful of people were asked to agree to new security settings. It seems that to avoid this behaviour during future CAS work we may have to take the more drastic step of briefly disabling all ActiveSync connections, so that we can avoid policy messages confusing a subset of our users.
Next steps? All of the newly-deployed servers are currently running at the base of Service Pack 1. We’ll have to apply a current roll-up, we’ve got a huge number of databases to create and the backup client will need to be installed too. On the roll-up side of things we’ve concluded that roll-up 5 is the best bet – roll-up 6 has only been released for just under a fortnight and the full Service Pack 2 is still apparently on schedule for a release this year.