• Illustration: EHS Architecture

Using technology, people, and facilities obtained from its acquisition of FrontBridge Technologies, Microsoft has begun offering Exchange Hosted Services (EHS)—a set of four fee-based services that allow organizations to outsource various e-mail-related functions, such as antivirus, antispam, message archival, disaster recovery, and message encryption, while still hosting their e-mail servers internally. (Despite the name, the services do not require or use Exchange Server or any Exchange components.) The company also outlined the roadmap for some future EHS offerings.

Four Different Services

The name Exchange Hosted Services is misleading, and it appears that Microsoft is merely attempting to capitalize on the Exchange brand. Not to be confused with "Hosted Exchange" services offered by Microsoft partners, EHS does not host Exchange mailboxes; in fact, it does not use any Exchange software components. Nor does EHS require customers to host its users' mailboxes on Exchange servers—any Simple Mail Transfer Protocol (SMTP) e-mail server can be used in conjunction with EHS.

EHS customers can choose any combination of four services, all charged on a per-user, per-month basis:

Exchange Hosted Filtering, currently used by more than 4,000 organizations that pay US$1.75 per mailbox per month, incorporates multiple continuously updated filters to protect the organization's inbound and outbound SMTP e-mail from spam, viruses, and phishing scams. It also monitors for e-mail policy violations by examining outbound messages for specific keywords, phrases, attachment types, and recipient names or domains that violate customer policies, and returns any blocked messages to the senders.

Hosted Filtering has a good record for not blocking wanted e-mail: only one in 250,000 bulk e-mails (such as newsletters) is blocked incorrectly, according to Microsoft, and only one in 1,000,000 e-mails from an individual is blocked incorrectly. Even so, Hosted Filtering gives customers several options to notify recipients or administrators of all messages blocked because they were classified as spam, and a Web interface that allows them to review quarantined messages.

Exchange Hosted Continuity (US$2.50 per mailbox per month) allows ongoing access to e-mail during and after unplanned outages of a customer's e-mail server. The Hosted Continuity service spools inbound SMTP e-mail so that messages are never returned to their senders if the customer's internal e-mail servers are down. Furthermore, it stores 30 days' worth of copies of all mail (inbound, outbound, and internal) and gives users secure Web access to EHS mail services even if their internal servers are down or destroyed. However, the current release of Hosted Continuity does not import the customer's Active Directory address list, so users of the Web interface must hand-enter recipient addresses from memory, refer to printed address lists, or look them up from previous messages. The current Web client is not Exchange's Outlook Web Access but is instead based on FrontBridge's e-mail client.

Exchange Hosted Archive (US$17.25 per mailbox per month) helps enterprises meet regulatory and legal requirements for e-mail and instant message retention. Instead of the fixed 30-day message retention window of the Hosted Continuity service, Hosted Archive offers longer retention periods, as well as the ability to archive instant messages and Bloomberg mail. It can retain up to 3.6GB of message data per user. (Additional storage is available for an additional fee.) When the retention period is met, messages are automatically destroyed. Hosted Archive customers automatically get Hosted Continuity services, and both services include full-text indexing that allows users of the Web interface to search for archived messages.

Exchange Hosted Encryption (US$1.90 per mailbox per month) allows users to exchange encrypted e-mail, including with recipients in other organizations, directly from their desktops. Host Encryption uses a technology called Identity-Based Encryption (IBE) developed by Voltage Security. Microsoft claims that IBE eliminates the need for public key infrastructure (PKI) and digital certificates, and instead uses a common identity—the recipient's e-mail address—as the public key. With installation of special IBE extensions, senders and recipients can use Outlook, Outlook Express, Outlook Web Access, Hotmail, and Yahoo! Mail as e-mail clients, but EHS also provides a Web client that allows recipients without IBE-enabled clients to read encrypted messages.

Implementation

EHS requires only a few infrastructure changes at the subscriber site. Subscribers change their Internet domain name service (DNS) records to cause all inbound e-mail messages to first go to a Microsoft EHS data center for preprocessing. The data center then forwards legitimate messages to the customer's SMTP e-mail servers. The customer's e-mail servers are also configured to relay their outbound mail through the EHS system, which processes the messages before sending the ones that meet policy to their final destinations. (See the sidebar "EHS Architecture".) Microsoft maintains a network of nine data centers in the United States and Europe, and the services are all redundant, load-balanced, and fault-tolerant. Microsoft provides service level guarantees of 99.999% uptime, and claims a historical uptime of 100% since the original FrontBridge service was launched in 1999.

Who Is EHS For?

As e-mail has grown more mission-critical, many vendors, such as Microsoft partners McAfee, Symantec, and Trend Micro, have stepped in to provide many of the services provided by EHS. In addition, Microsoft has continued to improve e-mail security through the purchase of Exchange antivirus vendor Sybari, and through ongoing improvements to Exchange itself. However, many customers, including large ones, either don't have the resources to keep their e-mail systems secure and compliant with internal and government-mandated policies or feel it is more cost-effective to use an outsourced service like EHS.

So, despite the fact that EHS supports non-Microsoft technologies and might seem to compete with Exchange servers configured in an "edge server" role (i.e., an Exchange server that examines messages passing between the Internet and Exchange mailbox servers), Microsoft feels that it has more to gain than to lose by offering EHS.

Customers will have to examine the benefits and potential cost savings from reduced IT personnel requirements against the recurring costs of the EHS options, which are not trivial. After two years of Hosted Filtering alone, customers will have spent roughly the cost of their Exchange Client Access Licenses, yet they will still need to purchase other products to protect desktops and servers against viruses and spyware transmitted over other vectors.

Roadmap

Because EHS is a set of services rather than a software product, Microsoft can make frequent incremental changes. In Apr. 2006, it released version 5.3 of the services, which improved performance, supported more languages for viewing quarantined messages, and had enhanced tools for managing users' accounts and security policies.

After several more incremental releases (5.4 and 5.5) planned for later in 2006, Microsoft plans to offer EHS 6.0 when it releases Exchange 12 in early 2007. This will introduce Exchange-specific services, including support for Active Directory address book synchronization and Hosted Continuity/Host Archive support for Outlook/Exchange contacts and calendaring. Both the Web and administrative interfaces will be available in more languages.

Resources

EHS is available in North America, Latin America, Europe, the Middle East, and Africa and will become available in the Asia-Pacific region later in 2006.

Extensive EHS information and links to a free 30-day trial of Exchange Hosted Filtering can be found at www.microsoft.com/exchange/services.

The Exchange roadmap is described in "Unified Messaging on Exchange Roadmap" on page 8 of the Mar. 2005 Update.

The Sybari acquisition is described in "Microsoft Acquires Sybari Software" on page 19 of the Mar. 2005 Update and "Sybari Acquisition Final" on page 14 of the Aug. 2005 Update.