Exchange Server 2013 was announced in July 2012 as part of a wave of product updates (formerly code-named Office 15) that also includes the Office 2013 applications, SharePoint Server 2013, and Lync Server 2013. A public preview of Exchange 2013 is now available, showcasing the messaging server's simplified architecture, consolidated administration console, enhanced messaging policy tools, built-in antimalware, and support for new client capabilities in Outlook Web App (OWA) and Outlook 2013. Exchange customers planning an upgrade should consider that Exchange 2013 cannot coexist with Exchange 2003 or earlier or work with clients using Outlook 2003 or earlier.

Architecture Simplified, Administration Consolidated

Exchange 2013 delivers architectural changes that could simplify infrastructure and configuration and a new Web-based management console that consolidates administration into one tool while allowing role-based access control.

Fewer Server Roles

The Exchange 2013 architecture relies on fewer server roles than earlier versions. Server roles group related services that can be installed on each physical computer or virtual machine included in an Exchange deployment. Exchange 2010 offers five roles: Mailbox, Client Access Server, Hub Transport, Edge Transport, and Unified Messaging. A large Exchange deployment may have each role installed on a separate server and have multiple instances of roles deployed for scalability, while a small deployment can consolidate roles on the same server.

The role-based architecture has allowed Exchange to take advantage of the necessary compute power to scale out for larger deployments. However, as hardware processing capability has grown through wider availability and lower cost of multiprocessor servers and multicore processors, the need to divide an Exchange deployment across multiple servers has decreased. Therefore, in Exchange 2013, there are fewer server roles. The Exchange 2013 preview includes only two roles: Client Access Server and Mailbox.

The Client Access Server role is simplified to be a stateless server that accepts and authenticates client connections and acts as a proxy between the clients and the Mailbox server, ensuring that clients can locate the Mailbox server with the required data. No data or session state is stored on the Client Access server, and clients can connect to any Client Access server and even switch Client Access servers during a session (previously, clients using some protocols had to stay connected to the same server for an entire session), thereby reducing load-balancing complexity. Client Access servers can be located in different sites from Mailbox servers, which provides flexibility for deployments.

The Mailbox role now includes the functionality of the previous Hub Transport and Unified Messaging roles and can communicate with Client Access protocols such as HTTP, POP, IMAP, and SMTP. All processing related to retrieving and storing mailbox content from the mailbox database is now performed by the Mailbox role, so Client Access servers are indifferent to the database schema. This results in version independence between Client Access servers and Mailbox servers: if the database schema changes in a future version of Exchange, current-version Client Access servers can still operate, and future versions of Client Access servers will work with current-version Mailbox servers.

In Exchange 2010, the Edge Transport role is used to inspect, filter, and relay mail passing between the Internet and the organization on a server that is typically situated outside the innermost firewall and is not a member of the organization's Active Directory forest. The Exchange 2013 preview does not include an Edge Transport role, but it is compatible with Exchange 2010 Edge Transport servers. An Edge Transport role will probably not be provided with the final release of Exchange 2013, because the Client Access role can assume Edge Transport functions, and if necessary, a supplementary filtering service located outside of the organization, such as Exchange Online Protection, could be used.

Architectural changes to Exchange 2013 are likely to have been influenced by Microsoft's requirements for and experience with Exchange Online, the company's cloud-hosted version of Exchange for organizations. For example, provisioning Client Access servers in a data center is simplified, and less complex load-balancing hardware can be used. Deployment, scalability, availability, and multitenancy aspects of Exchange are critical in a hosted data center environment, and third-party hosters and on-premises customers should benefit from enhancements for Exchange Online that Microsoft incorporates into the server product.

MAPI Clients Must Use RPC Over HTTP

The primary protocol for connecting Outlook to Exchange remains MAPI. However, in Exchange 2013, MAPI clients always connect using the remote procedure call (RPC) over HTTP transport protocol, which has been supported in Exchange for several versions under the name Outlook Anywhere.

RPC over HTTP (or HTTPS for increased security) tunnels MAPI communication calls through the standard HTTP and HTTPS ports. MAPI RPC, the older alternative, used a range of TCP ports. By using standard ports, RPC over HTTP simplifies firewall configuration and eliminates the need for clients connecting from outside an organization to use a virtual private network (VPN) to connect to Exchange. Removing support for MAPI RPC reduces the number of services running on Client Access servers, but some additional configuration may be required on IIS, because all MAPI traffic will now be coming in through HTTP.

New Web-Based Administration Tool

The Exchange Management Console (EMC) and Exchange Control Panel (ECP) management tools are replaced in Exchange 2013 by a single, Web-based administration tool called the Exchange Administration Center (EAC). The Exchange Management Shell (EMS) continues to be offered for command-line based management using PowerShell.

The EAC centralizes all Exchange management capabilities and allows permissions to be granted to the appropriate users for specific tasks (such as giving access to legal department personnel to use the EAC to do cross-mailbox searches). Exchange Online deployments can be managed from the EAC, so it provides a single tool for hybrid deployments where some users have Exchange Online accounts and other accounts are on-premises.

The EAC provides a new user interface that looks similar to the Windows 8-style, also seen on Microsoft's ad-supported e-mail service and in Outlook 2013. Controls are spaced to work better on touch-based devices (as compared to the previous Microsoft Management Console-based EMC), but context menus are no longer supported. (For an illustration, see "Exchange Administration Center".) The PowerShell cmdlets that the console uses to execute tasks cannot be viewed as in earlier versions; this feature was useful for administrators learning the PowerShell interface.

Policy Tools Enhanced, Antimalware Included

Messaging policy tools have been enhanced in recent versions of Exchange to help organizations prevent leaks of sensitive information, comply with legal requests and regulations, and automate archiving of outdated content. For example, Exchange 2010 introduced a Legal Hold feature to prevent deletion of specific content and a Retention Tags feature to help users classify content that might be subject to retention policies. Exchange 2013 continues this trend with a new feature called Data Loss Prevention (DLP).

DLP analyzes message contents for sensitive information, such as personally identifiable information (PII), and allows administrators to configure policies to filter messages or monitor the results. Policies are configured using provided templates or custom templates created for specific business needs. Policy Tips (similar to the MailTips feature that debuted in Exchange 2010) can be set to prompt users that sensitive data has been detected in a message before it is sent.

Search tools used by compliance personnel (called eDiscovery tools) are enhanced in Exchange 2013 with In-Place Hold, which prevents messages in a query result from being deleted (in contrast to Legal Hold, which preserves the contents of entire user mailboxes); keyword statistics, which show details such as the number of word occurrences to help focus query building; and the ability to search content across Exchange, SharePoint 2013, and Lync Server 2013.

Exchange 2013 includes antimalware protection to prevent the transport of viruses and spyware across an organization. Administrators can configure policies to control the antimalware, which is driven by malware definitions that can be regularly downloaded from Microsoft. As with previous Exchange versions, antimalware protection in Exchange 2013 can be enhanced using the Microsoft-hosted Exchange Online Protection service (formerly Forefront Online Protection for Exchange), which filters messages before they reach the destination organization.

New Client Features Enabled

Major new versions of Exchange typically enable new features in messaging clients. Exchange includes OWA, so users of the Web-based client (including Exchange Online users) automatically get an updated user interface when the server is upgraded. However, Outlook users will only get the complete set of features enabled by Exchange 2013 after upgrading to Outlook 2013.

OWA updates from Exchange 2013 include an updated user interface, which provides a Windows 8-style look that is designed to work better with touch-based devices. OWA users running more recent browsers, such as Internet Explorer 10, can access their account contents while offline through local storage support enabled by HTML5.

Office 2013 introduces a new API that enables developers to create JavaScript plug-ins for Office applications (such as an Outlook 2013 customer relationship management plug-in for capturing information from e-mail). This new API is supported by OWA in Exchange 2013 and enables users running that version to use custom plug-ins that extend OWA.

Outlook 2013 features that require an Exchange 2013 account include Policy Tips, custom applications that use the Office 2013 development model, and Site Mailboxes, which combine SharePoint 2013 site documents and related Exchange 2013 e-mail in a single client view.

Exchange 2013 is compatible with Outlook 2007 and later. It is not compatible with Outlook 2003.

Public Folders Rejuvenated

Public folders have been offered as a group collaboration feature since the first release of Exchange. However, in recent Exchange versions, public folders have not received enhancements and have used an aging design while the database design, management tools, and availability architecture of private mailboxes have advanced.

The waning attention to public folders and an emphasis on SharePoint for collaboration suggested that Microsoft would eventually discontinue public folders in Exchange. However, Exchange 2013 brings updates to public folders that could keep organizations using them and even drive customers who haven't used public folders to adopt the feature.

Public folder hierarchy and content in Exchange 2013 are stored in the same type of database as mailboxes, allowing administrators to use the Database Availability Group (DAG) replication feature introduced in Exchange 2010 to maintain availability for public folders (previously, a complex multimaster model was required for public folders). Management of public folders is available through the new EAC instead of a separate dedicated tool. However, public folders are not accessible in OWA in the Exchange 2013 preview, and it is unclear whether OWA users will gain access to them in the final release.

Availability and Resources

The Exchange Server 2013 preview is available now. The final release of the product will probably arrive in late 2012 or early 2013. More information is expected to be revealed at the Microsoft Exchange Conference in Sept. 2012.

The Exchange Server 2013 preview is available at

The Office 2013 and SharePoint Server 2013 previews are discussed in "Office, SharePoint 2013 Previewed" on page 10 of the Aug. 2012 Update.

The Lync Server 2013 preview is discussed in "Lync 2013 Previewed" on page 6 of the Sept. 2012 Update.

Exchange Server 2010 is discussed in the Jan. 2010 Research Report, "Evaluating Exchange Server 2010."

Exchange Online is discussed in "Exchange Online Moving to Office 365" on page 9 of the July 2011 Update.