RE: Exchange 2K3 and Server 2K3 versus SUN One Pros/Cons and Security Pros/Cons

["Sarbjit Singh Gill" <ssgill () gilltechnologies com>]

Greetings Jim,

I think if you read my original mail, I said 

"solid relational database technology similar to that of Microsoft SQL
Server or Oracle, although ESE's implementation is quite different. Exchange
2000's ESE, a transacted storage engine that works primarily with,
guarantees that all database operations meet the Atomicity, Consistency,
Isolation, and Durability (ACID) properties. "


I did not mention it being a true RDBMS. I also mentioned it mainly used for
messaging and collaborative data and the best way it comes close to a RDBMS
is it implements the ACID properties.

Of course there is not replication, clustering etc. That SQL Server could do
that.

There are people who run Exchange happily and there are those who don't.
> From my experience, people are satisfied with Exchange server's (200 and
above) performance and it sure runs everyday. I worked for some major
American and Japanese MNCs which have user base of above 20,000 world wide
(AIG had 50,000 user in their world wide exchange messaging infrastructure)
and they are happy. Hey, you know what, HP runs Exchange too :D at least in
Asia Pacific.

Well as long we all learn what are the options we have out there and who has
what kind of experiences, this list is awesome.

Cheers
Sarbjit

-----Original Message-----
From: Jimi Thompson [mailto:jimit () myrealbox com] 
Sent: Saturday, December 06, 2003 8:51 AM
To: security-basics () securityfocus com
Subject: Re: Exchange 2K3 and Server 2K3 versus SUN One Pros/Cons and
Security Pros/Cons

Sarbjit,

You are correct about the "upgrade" to ESE from a true JET.  However, it
STILL doesn't do all the things that a TRUE RDBMS like MS-SQL or Oracle are
capable of. 
It doesn't cluster.  It doesn't replicate.  It also doesn't like being virus
scanned.  You are also correct that it doesn't like being on a RAID set up.
That being said, I fail to see where it performs like "Microsoft SQL or
Oracle".  Given that ESE doesn't do any of those things, and is for almost
all practical purposes is simply JET2003 and I fail to see where it is such
an improvement.

It can't handle any other process running against it's datastore because it
doesn't have the ability to cache and then commit like a REAL RDBMS.  
Even according to your own statements, it can't handle running in a normal
operating environment with a RAID controller and some anti-virus software.
Given that it can't operate as one would expect in these days of RAID
controllers and virus scanning software being required on mail 
servers, I stand by my "self-corrupting" statement.   A mail server 
should be able to operate in a "high availablity" environment.  Given that
Microsoft has the code to MS-SQL, why is it that they haven't backended
Exchange with that? It's touted as the premier of their database technology.
Furthermore, if ESE is so good, why isn't it marketed seperately as a
database?  Microsoft markets the heck out of everything else.

I also seriously doubt that your mail servers have been banged on by large
numbers of undergrad students that send our professors emails 
infected with every virus and bit of spyware known to man.   Our 
sendmail server, which acts as our spam prefilter has an uptime of 383 
days.   We simply cannot remove the virus software.  In  addtion, we've 
had MICROSOFT come out an install the server on the second go-around.  
Our TAM has spent quite a bit of time on site, pretty much scratching his
head.  I doubt that this is something that we've done. 

I'm also not saying that other people won't run it and like it.  
Personally, I would not advise anyone to buy it unless I really hated them. 

2 cents,

Jimi






Sarbjit Singh Gill wrote:

> I seriously think it is something to do with your hardware or at least 
> setup of your OS / Exchange which made it corrupt the databases. Also 
> worse case , somebody is opening the Exchange DBs using access thinking 
> it is a JetDatabase technology based database. Also make sure no virus 
> scanners, defragmentation software are accessing the mdb database.
>
> Anyway, Joint Engine Technology (JET) in earlier versions of Exchange 
> Server, evolved into the Extensible Storage Engine (ESE) in later versions.
> ESE is a solid relational database technology similar to that of 
> Microsoft SQL Server or Oracle, although ESE's implementation is quite
different.
> Exchange 2000's ESE, a transacted storage engine that works primarily 
> with messaging and collaborative data, guarantees that all database 
> operations meet the Atomicity, Consistency, Isolation, and Durability 
> (ACID) properties. ACID properties for database engines ensure that you 
> can roll back transactions in the event of unsuccessful completion or 
> replay them in recovery. Microsoft uses ESE throughout Exchange 2000, 
> in places such as the Key Management Server (KMS) and the Site 
> Replication Service (SRS), as well as in Windows 2000's Active Directory
(AD).
> I have clients which have implemented Exchange 2003 (and before that 
> Exchange 2000) and never had problems like you have. Also one of my 
> clients, I just met up last week is a polytechnic and they have a 8-way 
> server running exchange 2003 and all is ok since they installed 
> Exchange 2003 this year.
>
> I don't think Exchange 2003 is "self-corrupting the JetDatabase Data
Store."
> There is no such thing. Like I mentioned above, the technology isn't 
> JetDatabase anymore. So somebody in your organization some setup not 
> done correctly. Verify all logs, event logs etc to see if there is 
> something not proper. Could even be a hardware based disk cache 
> mechanism which interferes with the transaction log management of the
databases.
> Kind Regards
> Gill
>
>
> -----Original Message-----
> From: Jimi Thompson [mailto:jimit () myrealbox com]
> Sent: Friday, November 28, 2003 1:01 PM
> To: tawilson () speakeasy net
> Cc: security-basics () securityfocus com
> Subject: Re: Exchange 2K3 and Server 2K3 versus SUN One Pros/Cons and 
> Security Pros/Cons
>
> I'm not going to tell you what you should buy, but I do suggest that 
> you benefit from my experience and my advice is that you should avoid
> Microsoft, if if the alternative costs more upfront.    We are a 
> relatively small (for email)  Microsoft Shop running Exhcange 2003 and 
> we have had endless problems with it self-corrupting the JetDatabase 
> Data Store.  It's been horrible.  We've only got about 300-350 users 
> and we've had to reload (format the drives, reinstall the OS, and 
> restore from a back
> up) the server 3 times since May, when it got deployed.  If we hadn't 
> put a Sendmail sever in front of it to do spam filtering, we'd have 
> lost days of email.  Fortunately, we have been able to configure the 
> Sendmail server to spool until we could bring the Exchange box back on 
> line.  As things stand, we've lost a total of about  24 hours worth of
email.
> It so bad that even though we are a university and Microsoft basically 
> gives us their products, we're looking at purchasing an alternative.
> Right now the front runner is Samsung Contact (nee HP's OpenMail), but 
> that may change now that SuSE has released a new mail server.
>
> I can tell you from experience that the "new secure 'out-of-the-box' 
> 2003" products aren't much better than their current counterparts.  The 
> service isn't any better, it's just not "on".  They also left a lot of 
> things turned on that I'd turn off in a "secure out of the box" OS.  
> I'd be happy to supply you with both NMAP and NESSUS scan results from 
> various machines that we've loaded.  We've deliberately done some very 
> vanilla installs specifically so that we could scan them.  Our 
> experience indicates that unless you plan on deploying Office 2003 as 
> well, you won't be getting any change in how Outlook (XP and earlier) 
> connects to Exchange in any event.
>
> iPlanet's big downside has always been documentation and installation.  
> Regardless of the product, their install process has tended to bite 
> rather severely.  Part of what has traditionally made the installs so 
> painful is that their products are SOOOOOO poorly documented.  If you 
> guys have worked with iPlanet/SunONE, you know what I'm talking about.
> However, once installed and working they tend to be rock solid. 
>
> There's other stuff out there though.  I've got a pretty good list, 
> since we've been doing evals looking to replace our Exchange server 
> with something that actually works reliably and has all the groupware 
> features that our users want (namely calendaring). I'd be happy to share my
notes with you.
> HTH,
>
> Jimi
>
>
> tawilson () speakeasy net wrote:
>
>  
>
> > Hello everyone,
> >
> > Our IS group is a current SUN Iplanet shop. We have Win2K3 AD running 
> > and
> >    
> the majority of the server infrastructure is running on Win2K.
>  
>
> > We are looking to upgrade our Email infrastructure. Our current SUN 
> > Iplanet
> >    
> implementation is about 3 years old. At the time of deployment it was 
> perfect for our environment. We needed to deploy web mail and at that 
> time there was/is no question that MS Exchange was not mature enough in 
> the web client.
>  
>
> > Our environment still has a HIGH demand for a web based client due to 
> > our
> >    
> customer base.
>  
>
> > We are now talking with SUN about upgrading the infrastructure and 
> > moving
> >    
> to their new Email infrastructure. We are also looking to determ if 
> Microsoft has come of age and does it now fit in to our environment 
> better then the SUN solution.
>  
>
> > SUN and Microsoft are preparing presentations as well as presenting 
> > SOWs
> >    
> for our review and interactive discussion. I am interested in security 
> issues or design issues with either platform. We have users that need 
> to access our email infrastructure from around the world. Our clients 
> use UNIX (all flavors), MACs, Win2K/XP and some older MS OSs as well.
>  
>
> > So let me have it hit me with the good the bad and the ugly about E2K3 
> > and
> >    
> Win2K3 as well as any SUN items you can come up with. Security is my 
> primary focus but I will addressing questions from all aspects to 
> presentation teams.
>  
>
> > I have not had a chance to see the new outlook client and the new "secure"
> >    
> way it connects to E2K3 so if anyone has input to this I would really 
> love to hear that.
>  
>
> > Thanks in advance for any inputs I look forward to reading them.
> >
> >
> > -Todd
> >
> >
> >
> >
> > ----------------------------------------------------------------------
> > -
> > ----
> > ----------------------------------------------------------------------
> > -
> > -----
> >
> >
> >
> >
> >
> >    
>
>
>
> -----------------------------------------------------------------------
> ----
> -----------------------------------------------------------------------
> -----
>
>
> -----------------------------------------------------------------------
> ----
> -----------------------------------------------------------------------
> -----
>
>
>
>  



---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------