Exchange 2007 to 2013

I planning to Migrate exchange 2007 to 2013 with coexistence. I am thinking about buying new certificate for new exchange 2013 and also create zone for public DNS domain, as required by new certificate.
The old certificate applied on exchange works for domain.local and valid for couple of months. I would like to leave it running and migrate non-critical mailboxes first and test their access and gradually move high profile users with big mailboxes.
Would there be any issues with existing certificate activesyc, autodiscover or owa, if I create zone for public DNS? Or it will continue to work without any issue.
Also, i have spam filtering solution from securence and MX on DNS point to securence mail server and securence has IP address of mailserver. How to I approach about creating legacy DNS entry for co-existence? Do I create that in DNS or in securence?
LVL 4
pchettriIT DirectorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
The legacy namespace has nothing to do with email delivery.
Therefore if you have a host name setup with an external spam filtering service, then you can continue to use that, just point it at the Exchange 2013 server.

The usual method here is to purchase a new SSL certificate for both tasks.
This certificate would contain the following names:
host.example.com  - this is your current public name, as used by ActiveSync, OWA, Outlook Anywhere etc.
Autodiscover.example.com
legacy.example.com - this is a new name, applied to Exchange 2007.

All traffic would then be directed to the Exchange 2013 server using your existing name, with the Exchange 2007 server reconfigured to use the legacy host name.

However, if you have internal users used to using the internal name of the server and the certificate you have does not expire after November 2015, then you could get it rekeyed to include the legacy host name.
Reconfigure your environment to use a split DNS so that the external names resolve internally as well. Reconfigure Exchange with the external host name for both internal and external URLs. That would catch all of the traffic and direct it to the correct place.

Simon.
0
it_saigeDeveloperCommented:
@Simon - one thing that always bothers me about the Exchange 2007/2013 co-existence model is the requirement for a legacy record (I understand the reasons for it).  Just to complete my understanding, does this imply that you would need at least two external IPs for routing the external traffic as the 2013 server would redirect the traffic to the legacy record or would split dns handle this internally?

-saige-
0
Simon Butler (Sembee)ConsultantCommented:
You need two addresses because Exchange 2013 cannot proxy OWA traffic to Exchange 2007.
Split DNS wouldn't do anything for it, other than allowing you to use the same two addresses internally.

Simon.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

it_saigeDeveloperCommented:
Thanks Simon.  That was my understanding.  I just find that the understanding is more implied than explicitly defined.

-saige-
0
pchettriIT DirectorAuthor Commented:
Do you mean I only need to apply certificate to legacy.example.com and I do not need to create any DNS record for legacy?
Also,I will have to create internal zone with public namespace to to apply new certificate I would be buying for exchange 2013 but in 2007 I would continue to use certificate for domain.local. Would it work, if leave both local and public dns zone in internal DNS
0
Simon Butler (Sembee)ConsultantCommented:
You need a DNS entry for the legacy host name.
Ideally I would switch everyone to use the public host name.
Internally it depends what they are using. If it is the server's real name, then you would need to test it with regards to an internal user on the later version of Exchange authenticating with an older version. It isn't something I have looked at for a long time, but usually Exchange doesn't upgrade very well. All of the documentation for coexistence says to get users to authenticate against the highest version of Exchange, and let Exchange downgrade if required.

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pchettriIT DirectorAuthor Commented:
Hi Simon,

The article shows the co-existence scenario in Part 14 by enabling proxy. In this scenario they have used TMG, while I used securence as inbound filter.

Do you thing this would be appropriate solution for co-existence? Or should I go ahead and do a migration without co-existence when I only have 30 users? I could not find good article for migration without co-existence? Even deployment tool does not give an option for one without co-existence like they way it used to offer for 2010
0
Simon Butler (Sembee)ConsultantCommented:
30 users is hardly worth going through the headache of a coexistence period. Simply kick them out of email on a Friday night, setup the move mailbox and leave it to get on with it. Unless they all have very large (10gb or more) mailboxes, you should be easily done by late Saturday, when you can make the NAT changes on the firewall etc and be prepared for Monday.

Leave the old server running for at least a week, then remove it using add/remove programs.

Simon.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.