Install Exchange Server 2019 on Server Core 2019 to boost security
Exchange security remains a priority for IT administrators, and now they can build up the mail platform’s defense The Server Core deployment in Windows Server 2019 supports on-premises Exchange Server 2019. The 2019 lightweight deployment is the first version capable of supporting Exchange. Could greater security from shrinking the attack surface be enough to win over administrators to Server Core? Jaap Wesselius, an independent consultant based in the Netherlands, has helped his clients install Exchange Server 2019 on Server Core 2019 in production. He discussed his experience with the installation process.
What was your experience installing Exchange Server 2019 on Server Core 2019?
Jaap Wesselius: I’ve installed and configured it a couple of times now because I’m also in the Microsoft Insider program. It’s a bit difficult because you don’t have a GUI — the typical Windows admin is GUI-minded — so you have to do everything from the command line. There’s a small text-based utility called Sconfig, which you can use to set the server name, join it to a domain and configure an IP address, but that’s basically it. All the configuration for an Exchange Server needs to be done manually, so you have to know your disk configuration and the disk utilities. For example, in PowerShell get-disk, format-disk, assign-disk, assign disk numbers, assign drive letters, mount points and all that makes it quite difficult. All the blog posts you see about installing Exchange Server on Server Core are like: “See, we have a server, we assign an IP address and we run setup and ta-da, it’s working.” That’s true, but then you have a pretty simple lab environment. Every customer has a more complex server and therefore more complex configuration. You can also use a GUI-based management server and manage your server remotely. That makes life a bit easier.
What are the pros of having Exchange on Server Core?
Wesselius: Server Core has a smaller attack surface; it’s less likely to be compromised. Also, there are a lot less hot fixes for Server Core because there’s a lot less software and utilities to be installed. It’s just security. Security is one of the targets for Microsoft for Exchange.
What difficulties should administrators be aware of when they install Exchange Server 2019 on Server Core 2019?
Wesselius: You have to get used to it. The past 20 years, we have been working with the GUI and we solved all configuration issues with the GUI. That’s no longer possible, so you have to get used to working with PowerShell for everything — and I mean everything. That makes it complex. The network card for example: If you have a server with one network card, life is pretty easy. But if you have one with four network cards and you have to configure them using PowerShell, that’s painful. You have to get used to it. In the beginning, I configured the server and reconfigured it and started from scratch again and reconfigured it a couple of times.
How often do you see Server Core used in your work?
Wesselius: I see it as additional domain controllers in an environment where the first domain controller is just a GUI-based windows full server version. Other than Exchange and one or two domain controllers, I don’t see it a lot yet. It’s supported for other applications though. I have to admit that the U.S.-based customers tend to adopt new technology sooner than in the Netherlands. Here in the Netherlands, or maybe in Europe, customers wait for one or two years before they start adopting new software. This is not only true for Windows. For Exchange 2010, we have many customers in the Netherlands and maybe in Europe still running on Exchange 2010 that haven’t even started to move to 2016. The pressure is increasing because end of support is approaching in eight months, so now they’re starting to get nervous because they know they have to move.
We have customers running on Exchange Server 2019. There are also customers that want to move, but when you are on Exchange 2010 you cannot move to 2019 because of the N-2 program. They have to move to 2016 first. For some customers it’s impossible.
What should administrators know before they install Exchange Server 2019 on Server Core 2019?
Wesselius: If you want to use Server Core for Exchange, you can only use it in Exchange 2019. Exchange 2016 on Server Core is not supported, and it does not work. It’s just not possible. Exchange 2019 does offer some new technology for bare-metal deployments, but for virtual environments it’s just a new version of exchange 2016. The differences are pretty small.
Pretty much the only way to manage Exchange Server 2019 on Server Core is PowerShell. There’s not really another way that works super well. Exchange control panel can be used for the basic configuration of an Exchange Server. For nitty-gritty details, you need PowerShell. But that’s also the case for Exchange 2016. For the Windows part, you have to use PowerShell or manage it remotely or using server manager for example.