Microsoft Exchange Hosted Services Overview
Introduction
Electronic messaging is mission critical, but it remains vulnerable to a growing array of threats. Viruses, worms, denial-of-service attacks, spam, and the need to satisfy a growing set of government regulations and legal actions all make effective messaging security and management increasingly difficult.
Microsoft Exchange Hosted Services for messaging security and management is composed of four distinct services that help organizations protect themselves from e-mail-borne malware, satisfy retention requirements for compliance, encrypt data to preserve confidentiality, and preserve access to e-mail during and after emergency situations. The services are deployed over the Internet using a “Software as a Service” model which helps minimize additional capital investment, free up IT resources to focus on other value-producing initiatives, and mitigate messaging risks before they reach the corporate firewall.
How It Works
With just a simple mail exchange (MX) record configuration change, Exchange Hosted Services can be up and running quickly. There is no additional hardware to provision; no additional software to buy, install, or configure; and no expensive training required for your IT staff.
Furthermore, there is no need for you to change or modify your existing e-mail infrastructure, nor to install and maintain any new hardware or software. The heart of Exchange Hosted Services is a distributed network of data centers located at key sites along the Internet backbone. Each data center contains fault-tolerant servers that are load-balanced from site to site and from server to server. In the unlikely event that one data center is unavailable, traffic can be easily routed to another data center, minimizing the chances of interruption to the service.
Solutions Overview
Microsoft Exchange Hosted Filtering
| • | Active content, connection, and policy-based filtering |
| • | Multi-engine spam and virus scanning |
| • | E-mail queuing when server is unavailable |
| • | Low false positive ratios |
Microsoft Exchange Hosted Archive
| • | Support to help satisfy industry and regulatory retention requirements |
| • | Spam filtering before archival |
| • | Rapid search and retrieval |
| • | Fully functional backup e-mail system |
Microsoft Exchange Hosted Continuity
| • | Accessible e-mail during and after network outages |
| • | 30-day rolling historical message store |
| • | Searchable message store for easy recovery |
Microsoft Exchange Hosted Encryption
| • | Policy-based encryption from sender to recipient |
| • | Intuitive interface for minimal end-user training |
Features and Benefits
| • | Provide multiple real-time antispam and antivirus defenses |
| • | Help eliminate threats before they reach the corporate firewall |
| • | Provide backup e-mail systems for rapid disaster recovery |
| • | Help satisfy external requirements for e-mail retention and monitoring |
| • | Assist with internal policy enforcement |
| • | Respond quickly to e-discovery requests |
| • | Help eliminate up-front capital investment |
| • | Help free up administrator time to focus on other projects |
The Network Advantage
Microsoft Exchange Hosted Services are powered by a global network of data centers based on a fault-tolerant and redundant architecture and are load balanced both site to site and internally within each data center. If any one data center is unavailable, traffic is automatically routed to another data center, minimizing the chances of interruption to the service. Multiple e-mail servers in each data center accept e-mail on the customers’ behalf, providing a layer of separation between their servers and the Internet.
With this highly available network, Microsoft provides service level guarantees of 99.999% uptime. This approach, built upon a distributed server and software model, has proven successful in helping customers protect fragile corporate networks and e-mail servers from common threats, such as dangerous worms, denial-of-service assaults, directory harvest and dictionary attacks, and other forms of e-mail abuse.
All messages processed by Exchange Hosted Services are encrypted using Transport Layer Security (TLS). The service will attempt to send any message using TLS but will automatically roll over to Simple Mail Transfer Protocol (SMTP) if the destination e-mail server is not configured to use TLS. This helps ensure privacy of all e-mail while in the Microsoft Exchange Hosted Filtering environment and to other organizations with TLS-enabled e-mail servers.
Rapid Deployment and Simplified Messaging Management
Microsoft Exchange Hosted Services offer extraordinary ease of implementation. There is no need for enterprises to change or modify their existing e-mail infrastructure or to install and maintain any new hardware or software. With a simple configuration change to their Domain Name System (DNS), customers can begin using Microsoft Exchange services right away. There is no hardware to provision; no software to buy, install, or configure; and no expensive training required for IT staff or the end users.
Microsoft Exchange Hosted Services require only one MX record, which resolves to the Exchange Hosted Services network, allowing the IP address of the corporate e-mail server to remain hidden from DNS lookups. This helps customers become invisible to malicious mailers because the DNS lookup points at the Microsoft network instead of their own network. Customers only accept inbound SMTP traffic from Microsoft, therefore closing a vulnerability in their network firewall. An additional connection restriction locks down firewalls and allows e-mail servers to respond only to inbound SMTP requests on port 25 from the Microsoft network. This restriction helps prevent unwanted e-mail from being sent through a back door directly to the server’s IP address.
Next Steps
| • | |
| • | |
| • | |
| • | Read how Exchange Hosted Services fit with other Microsoft security products |
Additional Resources
| • |