Apple, Android Devices Swamp NYC Schools' ActiveSync Server

longacre writes "Just a few months after the New York City Dept. of Education shelled out over $1 million on iPads for teachers, the agency has stopped accepting new users on its Microsoft Exchange ActiveSync server as it is 'operating near its resource limits' due to an influx of iOS and Android devices. A memo from the deputy CTO warned, 'Our Exchange system is currently operating near its resource limits and in order to prevent Exchange from exceeding these limits, we need to take action to prevent any more of these devices from being configured to receive email. As of Thursday, November 10th no additional users will be allowed to receive email via NYCDOE's Exchange ActiveSync.' Existing setups will continue to operate, and students will not be affected."

Best use of money?

Imagine what they could have done with the $700k they would have saved by choosing a tablet other than an iPad.

Re:Best use of money?

[ozmanjusri]

Bought a decent mail server?

Re:Best use of money?

[TWX]

I don't see what's specifically insulting Microsoft with, "Bought a decent mail server?" as a comment... It could be insulting the juggernaut from Redmond, or it could be insulting the hardware. It's a supposition on your part that the OS/daemon is being insulted.

Mind you, I would not be surprised if the software was the target, but that's mainly because I don't think that the service was originally designed for the kind of usage that it's now seeing. We also don't know from the summary what versions of things they're running, they could still be back on Server 2003 or the like...

Re:Best use of money?

[OS24Ever]

Then the headline would have read 'NYC Schools waste Millions on tablets no one uses'

Re:Best use of money?

[multimediavt]

Imagine what they could have done with the $700k they would have saved by choosing a tablet other than an iPad.

Bought a decent mail server?

My thoughts exactly! The devices aren't the problem, their proprietary commercial mail system that sucks is the problem. Nice to watch people eat crow when they tout the charms of commercial software and its scalability advantages and it epically fails and costs more money than a FOSS solution. Best quote I ever heard was from a guy talking about AD, "It's got to be complicated, it has to scale." Face-palm!!!

Re:Best use of money?

[smash]

Like which decent tablet is significantly cheaper than an iPad?

Re:Best use of money?

[laird]

"Imagine what they could have done with the $700k they would have saved by choosing a tablet other than an iPad."

The iPad is under $500, so it costs the same or less than any other decent tablet. Are you saying that there's a tablet that costs $150 that's comparable to the iPad? That is pretty hard to imagine. Don't forget to include the management costs - iPads are extremely easy for an enterprise to manage, because they integrate nicely into Exchange (e.g. you can define mail policies on your Exchange server, and iPads do what they're told - encrypt, require password lock, etc.). Android doesn't do this properly yet. That leaves the RIM Playbook, which aside from sucking has the same list price as the iPad. I guess you could save some money buying discontinued products that are being dumped, but that's not a great enterprise hardware strategy. :-)

If you want to complain about the project, complain that they didn't plan for adding one more ActiveSynch server so they had capacity to support their users. Given educational pricing, the software is nearly free, and even an overpriced server would have been a trivial percentage of the project budget.

Re:Best use of money?

[chewedtoothpick]

Currently trying to find any kind of Open Source collaboration Server - I can assure you that the software costs alone are within 5% on any of the decently known and supported alternatives such as Zimbra, Zafura, eGroupware, open-Xchange etc. Zafura is the closest in terms of quality, but based on my testing, I have noticed that with my 15-user test groups (all users using at least three devices to sync continuously) Zimbra is the closest to Exchange in terms of efficiency, and if you remove OS resource usage I have noticed that the Exchange daemon is the most efficient. I hadn't gone through any kind of upgrade testing to see how easy that is (which could alone still sway me away from my current direction of updating Exchange) but when compared to how much easier it is to tie Exchange into Active Directory and properly apply any domain-controlled policies to clients, Exchange wins hands-down in any system that isn't wholly unix from the ground-up.

In conclusion, you are misinformed if you think any kind of FOSS system can compete with Exchange. If you want any kind of collaboration utilities (Calendar or Contact sync and grouping, etc) then you discard the F part and usually the OS part too - and the supposed knights of FOSS are even more greedy than Moneyholesoft from Redmond. At least Redmond allowed us a 3-month trial with 60 users to test out compared to the others. VMWare let us try Zimbra with 30 users for 30 days before they wanted to charge us - nobody else would even let us trial their packages at all.

Re:Best use of money?

[NatasRevol]

The playbook would also require a blackberry phone for everyone to check their email via.

Re:Best use of money?

[Albanach]

their proprietary commercial mail system that sucks is the problem.

You really think so? Microsoft sell Exchange to some of the largest organizations on the planet. It might not be my choice of mail server, but I don't think blaming the software is the right think to do here. There's plenty of evidence that Exchange can scale - it might need powerful hardware, or specialized configuration but it's clearly possible and widely implemented.

The real trouble here was not not the choice of software. Rather it was a failure to anticipate the growth and react to it before it became an issue. That's a very basic SysAdmin issue for any software, proprietary or otherwise.

Re:Best use of money?

[Stalks]

Woosh!

Re:Best use of money?

[mosb1000]

He was saying that if they chose tablets significantly cheaper than the iPad, as the parent suggested, no one would use them. It's probably true.

Re:Best use of money?

[HateBreeder]

What's more ridiculous is that you insist on using terns that contain the word "fuck" and then use the substitution "fsck". If "fuck" is so impolite for you to use, then why not express yourself differently?

Re:Best use of money?

[jbplou]

Use it to buy iPads after everyone complains they bought junk nobody uses.

Re:Best use of money?

[jbplou]

The problem could just be a lack of capacity planning. When management says we are going to add $1 million worth of iPads on to our mail system plus let users use iPhones and droids the mail admins should be evaluating their infrastructure.

Re:Best use of money?

[tqk]

What's more ridiculous is that you insist on using terns that contain the word "fuck" and then use the substitution "fsck". If "fuck" is so impolite for you to use, then why not express yourself differently?

I'm screwing with the Pakistani forbidden word IM filter. :-)

Re:Best use of money?

[billcopc]

I agree whole-heartedly with you that AD is overcomplicated and, for perhaps 99% of users, a solution to a non-existent problem, but don't go bashing Exchange just because it's MS. It's a lot more than just a mail server, it is a collaboration suite, and the people who buy it, buy it for all those non-mail extras that are very tightly integrated.

To recreate the same with open-source, most of us are forced to use webmail, as there is no standardized mail client that can handle all the extra stuff. You could probably stuff Thunderbird full of plugins and end up somewhere close, but the maintenance nightmare means it's still probably cheaper to just buy Exchange and Outlook for everyone.

Postfix and Courier/Dovecot may be good enough for us minimalist geeks, but it's like comparing a tricked-out Honda Goldwing to a home-built fixed-gear bicycle. Both will get you there, but the expensive one is a lot more comfortable.

Re:Best use of money?

[Desler]

None. To buy an Android tablet comparable would be as much if not more.

Re:Best use of money?

[egamma]

The proprietary hardware and software devices aren't the problem, their proprietary commercial mail system that they didn't build out sufficiently is the problem.

FTFY

Re:Best use of money?

[fostware]

Not exactly correct...

Exchange (esp 2010) can be configured fine.

The ActiveSync clients occasionally ramp up zombie connections or uncleanly close connections after their timeout. Apple have a couple of KBs (KB3398 comes to mind) on the very subject.

An example is one of our Hosted Exchange clients. iPhone 3GS running iOS 4.3.3 currently holds 125 connections to w3wp.exe (web service) our average is 2, or next highest is 6. That's not a bad email system, it's poorly written client code - to which Exchange CAS roles do an OK job for when there's only a couple of miscreants.

Re:Best use of money?

[kyrio]

He never said anything about the software, you dumb motherfucker. He was likely talking about the hardware of the mail server that they purchased.

Re:Best use of money?

[Fnord666]

The problem could just be a lack of capacity planning. When management says we are going to add $1 million worth of iPads on to our mail system plus let users use iPhones and droids the mail admins should be evaluating their infrastructure.

Of course this assumes that management bothered to tell them the scale of what they were planning to begin with. If their project management workflow has holes, these sorts of things can come as a really uncool surprise. Then again, unless it was a mass migration they should have seen the usage ramping up on their servers and wondered WTF?

Re:Best use of money?

[DigiShaman]

Agreed. If they only used one Exchange server holding all the roles, that was the problem right there. You can do that with a Microsoft SBS box, but it doesn't scale and there is a user limitation defined for a reason. Exchange is designed to have its roles delegated to other servers for load balancing and scalability. Technically this problem is easily solvable. It's getting additional funding that will be the hard part. Namely, additional MX records created and additional Exchange servers rolled out. Oh, and they may need more ISP bandwidth.

Here a some examples in how to implement Exchange per MS.

http://technet.microsoft.com/en-us/library/dd979781(EXCHG.140).aspx

Re:Best use of money?

[tqk]

CAS == Client Access System

"Too many secrets."

Re:Best use of money?

[guruevi]

Apple themselves make a really nice integrated packet of Postfix, Dovecot, CalDAV, CardDAV, Apache, OpenLDAP and a Policy Manager for iOS.

Zimbra and some of the others are indeed greedy but they just are because they take all the work out of your hands and make a single package but again, they rely on the same technologies as Apple.

Exchange integration in those packages is only done for backwards compatibility with Windows clients, it was never intended to be used progressively as iOS and Android has a nice device management system (using XML) that can push certain policies onto the device even fully automatic.

Re:Best use of money?

[ninetyninebottles]

their proprietary commercial mail system that sucks is the problem.

You really think so? Microsoft sell Exchange to some of the largest organizations on the planet. It might not be my choice of mail server, but I don't think blaming the software is the right think to do here. There's plenty of evidence that Exchange can scale - it might need powerful hardware, or specialized configuration but it's clearly possible and widely implemented.

I'm fairly sure Exchange could scale up to more users. The problem is most likely twofold, they don't have the hardware resources and they don't have enough client licenses. Both can be solved with money, but the latter is only a problem on a proprietary commercial platform that makes you pay per user.

Re:Best use of money?

[im_thatoneguy]

My Galaxy Tab seems to respect our exchange policies.

But it's pretty much the exact same price as a comparable iPad.

Re:Best use of money?

[bell.colin]

No, it was more stupidity of deploy $NEW_SHINY_DEVICE now and don't properly estimate/evaluate the impact of deploying 1,000s of $NEW_SHINY_DEVICE systems and just spend the damn money without thinking ahead.

Re:Best use of money?

[gad_zuki!]

Don't bother with this crowd. These guys clearly have no practical experience with Exchange and are the same people who have been yelling "ZOMG POSTFIX AND EVOLUTION/CHANDLER/THUNDERBIRD WILL KILL OUTLOOK" 10+ years ago.

As much as I dislike defending my vendors, I have to say the Exchange is surprisingly nimble and the number of devices I can support with a very modest server is pretty surprising. The idea that you're getting 10x the number of users on similiar hardware with a similiar featureset is the same bullshit these FOSS guys have been peddling for years. I just with the FOSS crew could write a usable, supported, efficient Exchange/Activesync replacement. That product doesn't exist and the current crop are all nightmares. Heh, there's a reason why they won't let you test this junk.

Re:Best use of money?

[tramp]

First question is do they all need the full functionality of Exchange? Most people do not need more then mail and calenders. My ISP went over to OpenXchange including calendering and such and it scales well. Other people i know use Zimbra combined with Z-Push which works well too for webmail and syncing your tablet or phone. But that aside I agree that Exchange is quite able to handle this kind of load if configured properly at the right hardware which is not the case here apparently.

Re:Best use of money?

[Albanach]

Bear in mind that with Zimbra, if you can live without support, the OSS version is free, and has a very capable web and desktop client. I and many users I have supported much prefer it over outlook. The OSS version also allows mail, calendar and contact syncing with iOS devices using open standards.

For a large organization, support will almost certainly be important. For many, activesync functionality will be required. If you can get by without either, and especially if you're using iOS for mobile devices, the free version of Zimbra is exceptionally functional.

Re:Best use of money?

[frisket]

What they could have done is just outsourced the entire Teacher Dept email service to Google, using a closed server in the same way as Google offers Gmail to universities (my university moved all the student email that way a year ago). That would get you the integrated calendar and other collab options that FOSS email can't provide.

The problems I have seen with Exchange are not scalability (so long as you buy big enough hardware), but training the users not to do silly things, like never deleting anything and never emptying the trash, or constantly sorting and re-sorting folders with a gazillion messages in them, or trying to steal a licensed copy of some proprietary software to use at home by zipping up the install DVD and attaching the resulting (humungous) zip file to an email to an off-site address. The default interface (Outlook, and especially OWA, even the new one) may suck, but Exchange itself is fairly robust. AD, on the other hand...

Re:Best use of money?

[KingMotley]

So you are saying that's not a problem for open source software packages that make you pay per user?

Re:Best use of money?

[LordLimecat]

Oh? How well does OTA contact and calendar sync work between iOS, Android, Palm, and Blackberry, and your FOSS server?

Whats that, they all only support ActiveSync or IMAP/POP, and yall dont have ActiveSync on your FOSS server? Yea, that might by why this problem wouldnt crop up-- Its easy to scale when your solution can simply not do one of the requirements.

Coming off as a little harsh here, but its seriously old, cliche, and wrong to hear people bashing Exchange when their closest competitors still arent at feature parity, and the ones that come close arent free. I would love to have something that can completely replace Exchange (given its price and Windows dependence), but even Google Apps-- which comes awfully close-- doesnt quite nail it.

Re:Best use of money?

[shentino]

I dunno about you but I'd much rather not get into the reproductive habits of birds thank you.

Re:Best use of money?

[Rick+Bentley]

Or used Google's Domain Mail. Wanna bet that it would cost them less per e-mail account to outsource the whole thing than scaling, and then care and feeding for, their Exchange Server.

Re:Best use of money?

[shutdown+-p+now]

Asus Transformer, at about $100 cheaper ($399 for 16Gb Wi-Fi version).

Re:Best use of money?

[manu0601]

Zimbra is greedy because it is written in Java. I still have to find a Java thing that is not an horrible bloatware that sucks server RAM and CPU.

Re:Best use of money?

[NeilO]

Imagine what they could have done with a million dollars in books, art supplies, lab equipment, musical instruments, ...

Re:Best use of money?

[jrumney]

Imagine what they could have done with the other $700k they would have saved by choosing a mail server other than MS Exchange.

Re:Best use of money?

[SkimTony]

CALs are probably not an issue - an organization of that size suing Microsoft software at all probably has a Campus Agreement, which means they pay a fee per-user/employee, that covers some pre-definied collection of products (CALs are a minimum, it may also include a license for Office, etc.).

Re:Best use of money?

[Super_Z]

I have managed mail-systems for several ISPs. Each with 7 digit numbers of users. Exchange isn't even on their radar, while Postfix/Exim with Horde/Dovecot most definetly is. Please don't delude yourself in thinking that an Exchange server will scale even remotely as well.
As for Zimbra, we currently serve several thousand concurrent users using a virtualized server. A similar Exchange installation in our experience consumes far more resources. Other independent actors also seems to think that Zimbra is a better choice.

Re:Best use of money?

[Kalriath]

No, CAS is Client Access Server

Re:Best use of money?

[Super_Z]

> Oh? How well does OTA contact and calendar sync work between iOS, Android, Palm, and Blackberry, and your FOSS server?

iOS supports LDAP/CardDAV for contact sync and CalDAV for calendar sync out of the box. Android apps will give you the same functionality. IMO iOS CalDAV support is actually better than it's ActiveSync support.

As for ActiveSync, you can get that through e.g. z-push. It even integrates with Zimbra open source edition.

Re:Best use of money?

[Kalriath]

Contrary to popular belief, there's a saying among large organisations - "Noone pays list price". It's true though - the actual server license is in the sub-$20K range, and the CALs are included in your CAL Suites (which are less than $70 per user per year). Those CAL suites cover pretty much every MS product (ever wondered why large organisations use Sharepoint/Office/Outlook/Exchange/Windows almost guaranteed? It's because half that crap is thrown in with the Windows license, so may as well use it). That's ignoring that Education and Healthcare get even steeper discounts from MS. Hell, it'd probably cost them significantly more to set up Exim/Postfix/Sendmail/Zimbra or whatever.

Re:Best use of money?

[mjwx]

Like which decent tablet is significantly cheaper than an iPad?

Asus Transformer,
Toshiba Thrive,
Acer Iconia.

That list is growing too.

Re:Best use of money?

[Coren22]

http://www.barnesandnoble.com/p/nook-tablet-barnes-noble/1104687969
http://www.amazon.com/Kindle-Fire-Amazon-Tablet/dp/B0051VVOB2/ref=amb_link_359054002_4?pf_rd_m=ATVPDKIKX0DER&pf_rd_s=center-1&pf_rd_r=0AFK4GHC3RQ6S7FCBEQR&pf_rd_t=101&pf_rd_p=1337057902&pf_rd_i=507846
http://www.amazon.com/Transformer-TF101-A1-10-1-Inch-Tablet-Separately/dp/B004U78J1G/ref=sr_1_1?ie=UTF8&qid=1323112954&sr=8-1

The results disagree with that assessment.

http://www.apple.com/ipad/

Re:Best use of money?

[G00F]

There is worlds of differences between doing corporate exchange uses and email as an ISP. Exchange for ISP is stupid. Mail is the simplest of functions, and is only a portion of what exchange is. Exchange shouldn't be called a mail server, but rather a corporate communication and collaboration server. Back in 97-2000 exchanged suck, now it can scale, and has a feature set that any of the other solutions do not provide.

I want there to be one, I check every few years, and nothing has passed enough to take it as far as testing performance, or even looking at the cost. Granted I haven't looked this year or the year before. There always something that's almost there, but is missing enough large pieces we can not use it. I'm glad small companies and ISP's can use those packages, and wish I could too.

I would think RedHat, SUSE, or Ubuntu would make an Exchange replacement that only the person who installed it would know its not exchange. And that includes fooling the people who manage it.

Triple the load =/= triple the servers?

[SlashdotWanker]

Issues like this are the reason you need to fully flesh out costs before flipping the switch on a large organization like this. almost every teacher I know has a smartphone of some kind and a lot of them are starting to get tablets. Why offer the service when you cannot fully offer it?

Re:Triple the load =/= triple the servers?

[gl4ss]

maybe they could ask everyone to just configure them work as fetch instead of push?
I mean, it's the same amount of people as they used to have. they just now have a mail client in the pocket.

or perhaps they got a connection limit somewhere they could just up, if the problem is that the transfers take more time and connections drop far more often than from their wired desktops.

Re:Triple the load =/= triple the servers?

[Penguinisto]

Depends. Usually, even for a school, allowing every employee to latch on their personal gear to the school network isn't exactly a good idea - if not for security reasons, then for liability reasons.

I should clarify the liability part: I know that schools are a bit more open (and less prone to having trade secrets), but there are still privacy issues (discussions of student behavior tends to stand out) that would demand a school limit just how far and wide (and on whose devices) their internal emails should go.

Re:Triple the load =/= triple the servers?

[laird]

If I had to guess, the issue isn't the specific protocol, it's that the number of mail clients doubled. That is, if they have 1,000 employees, each reading mail from a desktop computer, and each employee gets an iPad that they use in addition, they went from 1,000 mail clients to 2,000 mail clients, which would require them to scale the mail server to support it. If I had to guess, the iPads turned out to be much more popular than expected, greating demand that they were unprepared for.

Re:Triple the load =/= triple the servers?

[multimediavt]

Issues like this are the reason you need to fully flesh out costs before flipping the switch on a large organization like this. almost every teacher I know has a smartphone of some kind and a lot of them are starting to get tablets. Why offer the service when you cannot fully offer it?

Well, for one you have managers in municipalities that are the stereotypical promoted because they can't do shit. Two, you have a mantra of "doing more with less". Three, the devices were probably bought with one-time monies, so there was no continuing source of funds to draw from to deal with problems like this. Four, ... Oh you get the idea!

No better CAS topology experts?

[swb]

Given the resources, is there any reason they couldn't scale this right? I only pretend to know anything about Exchange, but this seems kind of strange.

I'm sure that resource limitations -- server CPU, disk, etc -- are the source of this, but you'd think a high profile customer like this would be able to get MS involved before the story becomes "iPads crash Exchange" or "consumer tablet bests high dollar PC server."

Re:No better CAS topology experts?

[gbjbaanb]

part of the problem is that Exchange is not an email server (many people think that because they only use it for email). It's a "groupware" server that does email, calendars, notes, journals, todo lists, integrated MSN status, etc.

Now admittedly, all those things shouldn't be particularly resource intensive, but the Exchange systems that have been around for years always struggled to to simple things. I think that they made it better at resource usage, but then probably made it much worse by bundling in crap like MSN status updates and probably facebook integration by now too.

If they replaced Exchange with a straightforward mail server like Dovecot, they'd handle a hundred times those users with ease. Sure, they wouldn't have an integrated calendar... but which of those users uses the exchange calendar anyway, using some preferred iOS or Google calendar.

In short, Exchange should only ever be used if you're inside a corporate network and you're an all-Microsoft shop. And you're rich enough to buy the super servers and licences you'll need. For everyone else, stick with stuff that just does a couple of things very well.

Re:No better CAS topology experts?

[DarkOx]

Yes, provided we are talking about an Exchange 2007 or later environment you can scale as big as need, Provided:

1. You have adequate hardware resources
2. You have selected an appropriate deployment strategy for your organizations size, and anticipated growth. If you expect to grow big but currently are not you do need to make some architectural decisions which will raise upfront costs.

*Modern* Exchange is among Microsoft's products that really can be considered carrier grade. Like all MS products through there is plenty of rope for the improperly trained to hang themselves with. Its not hard for an rank amateur to get Exchange running well enough even for a fairly large organization for years, and suddenly find they have steered themselves down the wrong architectural path are about to hit a wall and have only very expensive, in both time and money terms ways out.

Re:No better CAS topology experts?

[Locutus]

Don't be so sure about that hardware being the "resource limit" although it could very well be the case. Microsoft requires you pay a per device/client access fee and it could be they are exceeding what they paid for. The number of Microsoft Client Access Licenses( CAL ) to connect to the Microsoft Exchange Server wasn't listed and they are being pretty vague as to what "resource" limits are being reached.

LoB

Re:No better CAS topology experts?

[S73rM4n]

Reading the linked article and letter attached I would guess it's not an issue of CALs or software issues, sounds like it's strictly hardware. The number of additional devices (android and apple tablets, phones, etc.) sounds like it's putting strain on the physical resources of their server(s), specifically those that use ActiveSync. I don't know much about that particular service but I would expect it's fairly resource heavy.

The fact that they're not cutting off RIM devices makes it highly likely that they need additional server resources. This, of course, is as much a management issue as it is a technological one. Obviously there was no research, or not enough, done prior to rolling out the new program to determine if their existing hardware could support a rapid influx of thousands of additional devices. I would speculate that this is due to the decision to add the tablets being made, then the IT staff was simply informed "make these work" rather than finding out if there would be issues post rollout.

Re:No better CAS topology experts?

[rabbit994]

Now admittedly, all those things shouldn't be particularly resource intensive, but the Exchange systems that have been around for years always struggled to to simple things. I think that they made it better at resource usage, but then probably made it much worse by bundling in crap like MSN status updates and probably facebook integration by now too.

It's actually been really simplified. Instant Messaging is handled by seperate product called Lync (If you are staying Microsoft). Exchange is simply Email/Calendar/Contacts/Notes/Tasks. Facebook intergration is Outlook driven and Exchange server doesn't do any of that for client.

If they replaced Exchange with a straightforward mail server like Dovecot, they'd handle a hundred times those users with ease. Sure, they wouldn't have an integrated calendar... but which of those users uses the exchange calendar anyway, using some preferred iOS or Google calendar.

Spoken like true Linux Zealot who has no clue what Exchange does or how big companies rely on Email/Calendar/Contact side of it. Not to mention ActiveSync has basic security features like... remote wiping of devices and forcing passwords. While this is feature of iCloud as well, it allows IT to wipe any iOS device instead of hunting down iCloud password, logging in and then ordering it to remote wipe.

This problem is easily fixable with more hardware/licenses, deploy additional CAS servers to handle the load.

Re:No better CAS topology experts?

[DarkOx]

I am not a Microsoft fanboi by any stretch and those were all valid criticisms of Exchange 2003 and prior, however Exchange 2007 and later have a pretty clean architecture and good support for open standards. The only real argument against is that, it is very expensive and you might really only need mail in which case you can get carrier class mail handling with FOSS.

Re:No better CAS topology experts?

[cynyr]

I'd bet every conference room in the building has an account. You invite to you meeting and it auto accepts if it doesn't have a conflict. Anyone that should be able to schedule meetings can also view the details of the rooms "events".

Want to go to lunch? send out a meeting invite. To be honest the thing that has always seemed to get the most real use is the calender system.

Know of a host-able calendar that integrates with LDAP, allows "bot" type accounts, has an easy to use(at close to OWA as it can be) web interface, allows users to have multiple calendars, and manage sharing on each both on a per calendar basis, and on an event basis? Can you delegate to other users with it, so the secretary can add the VP to events or send out invites on his/her behalf?

Re:No better CAS topology experts?

[adamstew]

Exchange CALs are licensed per user and not per device. Each user can have any number of devices hooked up. If they are already properly licensed for each of their users, then all devices that any of those users brings are already licensed.

Also, even if they had met their limit on CALs, they are so cheap for the education market, Microsoft practically gives them away.

Re:No better CAS topology experts?

[Sprouticus]

If the people at the New york School system were stupid enough to go with per device CAL's, they deserve what they get. User CAL's are almost always going to be more economical. The only exception is in a shared PC (call center) structure.

If they have per use CAL's, the activesync devices are free (assuming they have CAL's for the users to begin with).

As for this article, it is probably being blown way out of proportion. This is just a memo by the IT dept to let the management know they need to buy extra servers and failed to include the server cost in their iPAD setup. They may also have to increase Internet bandwidth at their primary datacenter if the devices are not using WiFi to connect, but again if they dont let the devices connect to their LAN/WAN infrastructure (preferably in a secure VLAN), they deserve the issues they have.

In reality, a few CAS servers with 4-8 cores and 64 Gb of memory will do the job on this. Yu are probalby talking 30-40k in outlays. Which is nothing for an organization their size.

Blaming this on Exchange would be like blaming Cisco & your ISP for underestimating the lod on your internet pipes.

Re:No better CAS topology experts?

[Sprouticus]

In all fairness, it is often very hard to estimate load on a system of this sort. You can estimate the number of devices you will need (if you are even told), and ammount of traffic across them, but without actual piloting and load testing in your produciton environment the estimates can miss factors (like users deciding to ONLY use their tablet or phone for connections.

Re:No better CAS topology experts?

[NatasRevol]

Kerio can do all those things you're asking.

Re:No better CAS topology experts?

[Lehk228]

i don't know but give me a week with IDLE and i'll have a .py that does all of that AND a box of chocolates

Re:No better CAS topology experts?

[Lehk228]

but the reason you exceeded your bandwidth estimates was Yet Another Cisco Exploit turned your core router into a warez proxy for all of eastern europe

Re:No better CAS topology experts?

[danomac]

Yes, but only basic management can be done with mobile devices on a standard license. An enterprise license allows more control over mobile devices.

Something else to keep in mind...

Re:No better CAS topology experts?

[MightyMartian]

I'm dealing with an Exchange 2007 server with a busted OWA, and what I've found out is that the links between Exchange and IIS are so deep that a full recreation of OWA from scratch means reinstalling Exchange 2007.

I've come to loathe Exchange.

Re:No better CAS topology experts?

[David_Hart]

Wait, you're silly enough to run OWA on the same server as your email data? Way back when I was doing exchange 5.5 administration I knew enough not to put OWA on the same box as the user's email. If something goes wrong with OWA you can then either restore from backup or reinstall it without affecting anything else. I believe that in exchange 2007 this called a front-end server.

In my opinion, 99% of the issues that occur with microsoft server products are due to administrator inexperience and poor planning. This article, and most of the posts so far here on slashdot, continues to bear this out.

Re:No better CAS topology experts?

[MightyMartian]

First of all, I didn't put the server or network together, I've been asked to do a bit of contracting.

Second of all, this is a small outfit that doesn't have the money to throw at a second Exchange server to run OWA.

Thirdly, no matter what way you toss it, the architecture is idiotic.

Fourth, I still hate Exchange. I tolerate it in my own shop simply because nothing else comes close, but it's still a gawdawful monstrous beast.

Re:No better CAS topology experts?

[gbjbaanb]

Linux zealot, lol.

I've used Outlook for many years in corporate life, and I don't know *anyone* who uses it for more than calendar and email. I tried to use tasks and notes, but somehow no-one could be bothered with those. Even my last MS-only company used sharepoint for contacts, not exchange! (and a spreadsheet for non-company contacts).

There are alternatives for remote wiping of devices. I use a security software that allows me to wipe my Android device (lookout) so it's not like you need your email server to do this. I mean, really, it should not even be part of the whole email system anyway. If you want security, put security on there, not email!

I know a lot of companies rely on Exchange, but then they aso rely on lots of other MS software, and I think just buy MS regardless. Even in cases where alternatives exist and could provide a better solution (and cheaper, which is important in cases like this one) they just don't know or care.

Perhaps MS has slowed it down deliberately - because if you only needed 1 server to handle al those users, they wouldn't be able to sell you the enterprise server farm edition for a dozen licences.

See, it isn't zealotry to simply recommend something better.

Re:No better CAS topology experts?

[gbjbaanb]

someone recommended Zimbra. With the proprietary extensions (activesysnc, outlook connector etc) you get a lot of functionality you have with Exchange. (I think those extensions need to be paid for as they use licenced software themselves).

The basic edition is open source though, you might like to give it a go and see where the weak points are.

Exchange is one of those 'enterprise' systems that is just broken. It epitomises some of the MS tech we have nowadays where everything is intertwined in a truly awful complicated mess. It makes it all fragile and difficult to administer, and perform badly too.

Re:No better CAS topology experts?

[thegarbz]

I believe that in exchange 2007 this called a front-end server.

In my opinion, 99% of the issues that occur with microsoft server products are due to administrator inexperience and poor planning.

Really? Based on what you just said here I think the issue is down to Exchange needing double the amount of servers to do the same thing many other packages can do.

The real issue here is not Exchange itself, but rather that Microsoft pushes Exchange as a solution to every problem. The number of times I've seen Exchange or windows Small Business Server rolled out to a client of 5-10 users is incredible. The problem with these outfits is that ultimately if they are successful then their userbase grows, and as they lack any inhouse IT expertise often the userbase grows beyond a single box server without anyone realising till one day things stop working.

Exchange is drastically resource intensive yet deployed to manage global communications of the worlds largest companies. The problem is the smaller companies without the resources to throw at this beast.

Re:No better CAS topology experts?

[Kalriath]

You're on crack. Zimbra costs almost as much as, if not more than, Exchange. While sucking about twice as much. May as well just switch to Google Apps, which happens to also emulate Exchange pretty damn well.

Re:No better CAS topology experts?

[mjwx]

I've used Outlook for many years in corporate life, and I don't know *anyone* who uses it for more than calendar and email. I tried to use tasks and notes, but somehow no-one could be bothered with those. Even my last MS-only company used sharepoint for contacts, not exchange! (and a spreadsheet for non-company contacts).

I've known a lot of managers who use Tasks and Notes. These people literally live out of Outlook. I dread upgrading them because 5 minutes after I'm done, they will be on the phone complaining that $OBSCURE_FEATURE I've never heard of doesn't work in the latest version.

As for contacts, I've seen people using Exchange, MS Dynamics (CRM) and Scarepoint, they all suck in their own special way. I haven't seen an MS solution for contacts that didn't suck like a hoover.

But the benefit of Exchange is that everyone can collaborate easily (I hate using the word collaborate), The features of the calendar alone are worth it. GMail is the closest thing I've seen to Exchange but even Google doesn't have a product I can effectively run in-house and I'd love to replace Exchange. MS have been very, very smart about getting people into Exchange by making it dirt cheap (Small Business Server, even the full Standard server licenses are cheap).

This is what you get with golf course deals

[Joe_Dragon]

This is what you get with golf course deals people out side of IT makes deals like this and tell IT to make it work with out giving them the funds to make it work.

This why IT needs unions so they can stand up and say NO! we can't do it with the funds that we have. I hope that they don't place the blame on IT for something that is not there fault.

Re:This is what you get with golf course deals

Unions work best for the health and safety of their workers. Anything beyond that is mob rule.

Re:This is what you get with golf course deals

[S73rM4n]

^This, times 100! There's a saying one of my co-workers has (I work in IT, specifically in network engineering) - "it's technology, not magic." I don't know how many times I get a job that has been sold to the customer to do x, y, and z but actually only has the specs to do x!

Between that and the now pending bill to mark IT workers above a certain pay level (which will only be lowered over time) as exempt to the laws governing OT for hourly workers I am, for the first time, actually thinking that I would join a union if given the opportunity!

Re:This is what you get with golf course deals

[Penguinisto]

This is what you get with golf course deals people out side of IT makes deals like this and tell IT to make it work with out giving them the funds to make it work.

This why IT needs unions so they can stand up and say NO! we can't do it with the funds that we have. I hope that they don't place the blame on IT for something that is not there fault.

I hate to tell you this, but cronyism, kickbacks, and side deals exist just as much (if not more) in union shops as they do outside them.

The fault could lie with the architect being dumb enough to fall of the marketing "specs", or in not doing what every sysadmin does when speccing out an Exchange system: pad the resource demand to at least 150% of whatever Microsoft's Capacity Planner whitepaper says you should.

You see, here's the thing - while yes, there are instances of dumbassed CTO/CIOs running out and buying some stuff, then telling you to make it work? Most shops I worked in as a Sr. Sysadmin have always dragged me into the process, and at the very least I had to come up with some sort of capacity figures, and come up with a base amount of hardware, projected license usage, and the like. The only times where capacity had ever fallen short on my part has been systems I inherited, systems where an unexpected new use was found for the resource, spiking demand on it, or in rare cases where it wasn't critical, but some CxO wanted it done in spite of their being no real budget for it.

IMHO, no union on Earth can change such dynamics without seriously screwing up IT (and those working in it) in the process.

Re:This is what you get with golf course deals

[tomhudson]

Unions work best for the health and safety of their workers. Anything beyond that is mob rule.

Healthy workers are going to do a better job. Do you want your life to depend on parts made by a non-union machinist running a 104F fever who can't afford to take time off? Or cops who are even more on the take than they are now? Or non-union truckers using fake log books to run 100 hours a week and falling asleep at the wheel, taking your car out in the ensuing accident? Or a non-union food worker who can't file a union grievance when they're cheesed off, so they take a dump in that 3-story-high tank of hot chocolate syrup used to make your "health bar" (yes, that last is a true story - 2 incidents caught by testing - it would have been cheaper to pay union rates and give the employees more "skin in the game").

Re:This is what you get with golf course deals

[laird]

"Unions work best for the health and safety of their workers. Anything beyond that is mob rule."

Add in "and are properly equipped and trained and resourced to do their job successfully". For example, air traffic control unions negotiated limits on how many hours controllers could be forced to work, and when they unions were broken and controllers were forced to work so many hours, with no breaks for even going to the bathroom or eating meals, endangering passenger's lives. And when teachers' unions negotiate limits on the numbers of students in classes, so teachers can actually teach students effectively.

Or do you think that the MBA who runs a company knows how best to do people's jobs, not the people who actually do the jobs?

Re:This is what you get with golf course deals

[laird]

The point of unions isn't that they render everyone angels, it's that it creates an organization that can negotiate in favor of worker's interests to balance the organization that already exists to support management's interests. So an IT workers' union could impose checkpoints in a process such that the workers could make sure that adaquate resources, training, tools, etc., were provided to allow the workers to be successful without working insane hours compensating for poor planning or resourcing. Yes, a good management team ought to be thinking of such things, but the software industry's track record is poor enough (only 10% of IT projects deliver what's required on time and budget) that giving the IT workers more leverage doesn't seem like a bad idea.

Re:This is what you get with golf course deals

[cynyr]

wait, what i read of that was OT for IT workers salaried with a base rate over X.

What kind of salaried workers get OT... That is part of the deal with being salary. The flip side of that is that you don't usually have a punch card, or "we see you were 5 minutes 3 times last month, here is your box"

Now if it is hourly employees I'm right there with you, but with a salary all you get to do when you work OT is increase the base hours and lower your $/Hour you get paid.

Re:This is what you get with golf course deals

For your first point, I'm not in disagreement. They work best for protecting health and safety of their workers. I'm not sure how you read something else into that.

Re:This is what you get with golf course deals

[gavron]

Unions are obsolete. They have destroyed our automotive sector, they are destroying our healthcare sector, and they have no business in IT.

Unions are the mafia of business. If you don't like the RIAA/MPAA/BSA/MAFIAA then you should stand up to the unions that are the mafia as well.

I'm sure it was great to claim that Unions saved kids from working in coal mines... but that's just mythology. Unions cause higher expense to
companies, greater waste, all of which is passed on to us, the customers.

Unions: go screw yourselves. Send your goombas elsewhere. We don't want to pay for them, you, your shop steward, your "smoke breaks" or anything else that raises our costs and provides NOTHING useful.

IT needs unions like a burger needs kimche.

E

Re:This is what you get with golf course deals

[swb]

Go ahead and form a union, lots of people will keep making it work and getting your management's money.

FWIW, I have Exchange 2010 running in VMware. The host is only a Q6600 quad 2.4Ghz with 8 gigs of RAM. The Exchange VM is 3 cores + 3 GB RAM. Tiny. But it seems to serve 4 iOS devices and 2-4 Outlook clients simultaneously without any issues. The host itself runs 4-5 other VMs.

It's admittedly dog-slow to startup and even console logins are slow to process and launching the Exchange GUI is agonizing, but it does work, and this is all in a memory footprint way smaller than recommended.

Re:This is what you get with golf course deals

Wow, that's a lot of clients. I can see why it's stressing out your system.

I'm sure it's just like the NYC system.

Re:This is what you get with golf course deals

[hey!]

So, what we're talking about here is the question of who can be trusted with power, workers or management?

The answer is simple: neither. All the horror stories you've heard about unions? True for some union somewhere. All the horror stories you've heard about management? Also true for some managers somewhere. It'd be a different world if we could just assume people would cooperate when it was in their obvious common interest, but we can't. Good faith is such a fragile thing.

If there were one quality which could fix everything that is wrong with this world, it would be integrity. But we can't be truthful with each other because we're not honest with themselves. We often act like our personal insecurities entitle us to be a**sholes. So the best we can manage in a world where integrity is so uncommon is to organize all the a**holes into competing teams then let them duke it out.

Re:This is what you get with golf course deals

[Joe_Dragon]

So fine go tell the boss that you can't do it and then they say we can fine some that will and then who they get messes things up even more and you take all the blame and maybe even have to go to court after being sued / maybe even jailed for messing the system up.

Re:This is what you get with golf course deals

[tqk]

So fine go tell the boss that you can't do it and then they say we can [find] [someone] that will and then who they get messes things up even more and you take all the blame and maybe even have to go to court after being sued / maybe even jailed for messing the system up.

See my .sig

You tell the boss you can't do it, means you've informed them that their assumptions are flawed and unreasonable.

They pull someone in to do it anyway, and they can't make it work, just like you said it wouldn't work.

How is it that you then get blamed for it not working? That "someone"'s failure proves you were correct and the boss was wrong.

Eh?!?

Re:This is what you get with golf course deals

[teg]

Unions are obsolete. They have destroyed our automotive sector, they are destroying our healthcare sector, and they have no business in IT.

Like everything else, there is a balance. Too much power to unions is a very bad thing, too little power gives an extremely one sided relationship. As for destructive power, unions are strong in Northern Europe and Scandinavia.... both of which are doing pretty well.

Re:This is what you get with golf course deals

[gavron]

> Northern Europe and Scandinavia.... both of which are doing pretty well

Scandinavia isn't a county, it's the northern European section which includes Denmark, Norway, and Sweden. http://en.wikipedia.org/wiki/Scandinavia

So to translate what you said into English:
"Northern Europe and Northern Europe.... both of which are doing pretty well."

There are two automobile manufacturers in "Northern Europe" aka Scandinavia, both Swedish.
Saab is shut down.
Volvo is Chinese.
http://content.usatoday.com/communities/driveon/post/2011/07/european-makers-volvo-sales-up-42-in-june/1
Neither is unionized.

Best regards

E
P.S. Southern North America, the Southwest United States, and the State of Arizona are all three great places to live!

Re:This is what you get with golf course deals

[lister+king+of+smeg]

I think that i some areas unions of labor unions are needed but i think that it others they cause more harm than good i think for example of the local independent grocery store here in my town, there was a move to unionize it came to a vote and the workers voted by a very large majority to stay nonunion, unfortunately the union had decided to picket the store until it unionized, they picketed for over two years, the workers would every so often vote and each time would down unionizing by a larger percent. why i ask, if the union is supposedly there for the protection and help of the workers, did they continue to push for unionization when the workers didn't want it? that was surly not to have the voice of the workers heard.

Re:This is what you get with golf course deals

[SkimTony]

How is it? I have no idea. But it is, of that I am certain. Working with management is a lot like the popular stereotype of marriage. It doesn't matter how "correct" you were; if you disagreed with the boss, you're still wrong, no matter the outcome.

Re:This is what you get with golf course deals

[SkimTony]

Burgers don't need kimche, but they're pretty tasty if you add it. I would agree that IT is a sector that wouldn't benefit terribly from unions, but only because IT came about well after unions had dramatically improved working conditions for everyone in the United States.

You appear to think unions are ruining the American economy, starting with Detroit and health care? Have you examined the role of Obscene Executive Compensation and lousy management in those sectors?

The bottom line is that power must be balanced. The owners of industry wield tremendous power over working conditions, pay, etc. That's probably the way it should be, but employees (without whom no business could run) need someone on their side. Since the government is lobbied by the owners (who have the money to buy the lobbying), we need unions to balance that power. I'm not saying the existing unions are doing a good job, but until we have a viable replacement for them, it would be devastating to remove them.

Re:This is what you get with golf course deals

[tqk]

Working with management is a lot like the popular stereotype of marriage. It doesn't matter how "correct" you were; ...

I'm the first one to agree we need a revolution in management. They make no sense today.

On the other hand, neither are you.

Re:This is what you get with golf course deals

[Kalriath]

lol it sounds like you actually believe that you're proposing a better solution there! Where I work, we have 3 Exchange CAS servers hosting 15,000 clients. Without a hiccup. And the best part is that we don't need to hire $150K/yr Unix sysadmins just to create mailboxes, and clients can actually connect to it without the end-users needing to have a Doctorate in Information Systems in order to set up their devices.

Re:This is what you get with golf course deals

[catmistake]

It's admittedly dog-slow to startup and even console logins are slow to process and launching the Exchange GUI is agonizing

Not sure if anyone told you, but the one space virtualization doesn't help is in email. So keep mail servers on the iron.

Re:This is what you get with golf course deals

[gbjbaanb]

lol, and now which of us is the zealot?

Linux admins are not that expensive, Linux systems are seriously not that difficult to work with - you don't need to go on MSCP training courses just to find out how to add a mailbox!

Nowadays, nearly all Linux admin is web GUI based (with cmd line if you prefer, or want to script it) and I find the stuff I use to be generally easier than the Windows admin stuff, usually tucked away deep in a configuration property page on some mmc snapin tree control, 5 branches deep.

My advice: go have a look at some linux stuff before you spout such ill-informed rubbish, you'll save yourself some embarrassment in the future.

Incidentally, if your 3 servers can handle 15k users... it appears that the NYC admins need your help! Though I can't see how, if Exchange/Windows administration is as easy as you purport it to be.

Re:This is what you get with golf course deals

[Kalriath]

Nowhere did I say it was easy and you know it. The real point (once you get past my hyperbole) is that decent sysadmins and equipment can make any solution work. And crappy sysadmins and equipment can make any solution suck. I'll agree with you on your bit about config pages being buried 5 levels deep in some MMC console though - you can play six degrees of separation with Microsoft server settings...

However your assertion that you "can't do it with Microsoft tech" is flat out bullshit. And you still failed to address how overly convoluted it is to set up client devices with your hodge-podge of disconnected systems.

(Also, I'll say it again: noone pays list price. There's not a hope in hell NYC paid $1m for the Exchange solution).

Re:This is what you get with golf course deals

[Hognoxious]

They fire you and then pull someone in to do it anyway, and they can't make it work, just like you said it wouldn't work.

FTFY

How is it that you then get blamed for it not working? That "someone"'s failure proves you were correct and the boss was wrong.

Doesn't do you any good, because your ass has already been kicked out the door. The boss blames the new guy and boots him out too. Rinse and repeat.

After several cycles the boss clues up, quietly drops the matter and it's never spoken of again. That or he gets distracted by the next new shiny thing.

Re:This is what you get with golf course deals

[tqk]

They fire you and then pull someone in to do it anyway, and they can't make it work, just like you said it wouldn't work.

FTFY

Sigh. Yeah.

How is it that you then get blamed for it not working? That "someone"'s failure proves you were correct and the boss was wrong.

Doesn't do you any good, because you quit soon after and bugged out, vowing never to work for such idiots again.

Ibid (or ditto; whatever).

And they still didn't get it working, just like I said they wouldn't, ... I'll have absolutely no trouble explaining that away in future interviews. Ah, the sweet smell of vindication! :-)

Moron managers think they can sweep anything under the rug. Realists know nothing is forgotten, and what goes around, comes around.

Re:This is what you get with golf course deals

[Hognoxious]

And they still didn't get it working, just like I said they wouldn't, ... I'll have absolutely no trouble explaining that away in future interviews. Ah, the sweet smell of vindication! :-)

Bad-mouthing previous employers isn't generally a good idea; if you did it before you'll do it again.

Moron managers think they can sweep anything under the rug. Realists know nothing is forgotten, and what goes around, comes around.

Trouble is your old boss plays golf with your (potential) new boss. tqk? Yeah, we got rid of him. He's insubordinate, not a team player.

Re:This is what you get with golf course deals

[tqk]

Bad-mouthing previous employers isn't generally a good idea; if you did it before you'll do it again.

I don't bad mouth people. I do call out bad practice.

tqk? Yeah, we got rid of him. He's insubordinate, not a team player.

It's a small minded employer/manager who sees insubordination when he should be seeing a potential leader. If all you need is for your drones to "fit in", go to China or Japan and stop bothering those who want to get stuff done.

Insubordination?!? Hell, that's a compliment! It means non-suck-up, tells-it-like-it-is, honest, ... "You don't need to hunt for hidden meanings with tqk. If he says it, he means it. If he didn't mean it, he wouldn't say it."

Get ready for the headlines

[betterunixthanunix]

Get ready for followup headlines a few months or years from now:

• NYC drops $600 million on new email system
• Consulting firm under investigation for defrauding NYC public school system in email debacle
• Should public schools have email systems?

This is a pretty standard situation in New York City: lots and lots of money is spent, with poor planning, sweetheart deals with incompetent firms, and then a bunch of fallout.

Re:Get ready for the headlines

[im_thatoneguy]

This is a pretty standard situation in __any_large_organization__: lots and lots of money is spent, with poor planning, sweetheart deals with incompetent firms, and then a bunch of fallout.

*There fixed that for you.

So wait a minute...

[Penguinisto]

$1m spent on iPads only comes to ~2,000 iPads at most (assuming the cheapest model at around $500 each). According to Microsoft's handy little Capacity Planner (Exch 2010), it shouldn't take but perhaps (very rough calc here) 5 or 10 servers at most to handle that, unless they're also allowing every school employee to latch on their personal gear as well.

I'm guessing that something's missing from the story here...

Re:So wait a minute...

[betterunixthanunix]

I'm guessing that something's missing from the story here...

They were probably near capacity before the tablets were deployed. NYC has a lot of schools and a lot of teachers and administrators checking their email. The fact that tablets are involved is secondary; if 2000 additional desktops had been deployed, the systems would probably have been overwhelmed as well. My guess is that the email system was deployed years ago, possibly by a consulting firm that is now out of business, and that some poor IT guy has been trying to keep everything together on a shoestring budget all this time. The tablet deployment probably occurred without anyone actually consulting the IT staff to see if the system could handle the extra load, and probably by the same group of decision makers who ignored IT's requests for additional servers prior to the deployment.

Re:So wait a minute...

[laird]

They don't need 5-10 servers.

Keep in mind that they're not talking about adding 2,000 mailboxes, just adding 2,000 devices to access existing mailboxes. So they don't need more storage, just more server compute capacity. If I had to guess, it might be as simple as them running ActiveSynch on a single, under-resourced server (or VM) as a POC, and they didn't expect (or prepare for) the increased demand of 2,000 more tablets. Should be easy to fix. Though inevitably they're trying to do a dozen other things, and it'll take three months to do the paperwork to get the approval to buy a new server and get it deployed. Remember,

Re:So wait a minute...

[Colin+Smith]

Clearly the IT guy should be fired.

Re:So wait a minute...

[hawguy]

They don't need 5-10 servers.

Keep in mind that they're not talking about adding 2,000 mailboxes, just adding 2,000 devices to access existing mailboxes. So they don't need more storage, just more server compute capacity. If I had to guess, it might be as simple as them running ActiveSynch on a single, under-resourced server (or VM) as a POC, and they didn't expect (or prepare for) the increased demand of 2,000 more tablets. Should be easy to fix. Though inevitably they're trying to do a dozen other things, and it'll take three months to do the paperwork to get the approval to buy a new server and get it deployed. Remember,

Except they specifically said that their servers can't handle the load.... so it sounds like the *do* need more servers.

Which is not a big deal, all it takes is money for licenses and hardware. I don't know why this even made the news, it should read "School bought iPads without appropriate backend infrastructure to support them". It's not like Exchange can't scale to handle a few thousand Activesync devices.

Re:So wait a minute...

[thegarbz]

if 2000 additional desktops had been deployed, the systems would probably have been overwhelmed as well.

That's true but you're missing the key point. 2000 new desktops wouldn't have been deployed. New desktop implies new staff. That's not something that changes over night. For nearly all companies that's not something that even happens over a year. There's very few cases where someone is in a position of needing to deploy 2000 new and active desktops to single users (not computer labs).

The smartphone and tablet revolution has put IT in the position now where the existing workforce now suddenly has double (triple?) the number of clients. Additionally these new clients often are always connected or poll the server far more frequently than ye ol' desktop.

Capacity planning aside the fact that tablets were involved in this case is definitely not secondary. If they didn't exist the capacity wouldn't have suddenly been required in a short timeframe.

Re:So wait a minute...

[grcumb]

$1m spent on iPads only comes to ~2,000 iPads at most (assuming the cheapest model at around $500 each). According to Microsoft's handy little Capacity Planner (Exch 2010), it shouldn't take but perhaps (very rough calc here) 5 or 10 servers at most to handle that, unless they're also allowing every school employee to latch on their personal gear as well.

I'm guessing that something's missing from the story here...

Sorry, 5-10 servers to handle a mere 2000 clients?

Look, I'm not going to be so foolish as to claim that there's a really viable FOSS alternative to Exchange. (There is, but it requires a fundamental change in how IT operates, which makes it unrealistic for 'enterprise' IT.) But still, can we not admit that requiring that kind of hardware for a simple thing like data synchronisation, email and event handling is a little absurd?

I could be wrong in my assumptions, of course, but it seems to me that 2000 clients, each sync'ing, say, every half hour and transferring a nominal amount of data, shouldn't be a heavy load at all. Assuming an even distribution from minute to minute (which, admittedly, is not what happens in real life), you'd be looking at one or two transactions a second, each with a duration of... what? Say, 3-4 seconds? With 5 servers (again, for simplicity's sake, assuming an even distribution), that's about 1 session at a time.

The systems programmer in me wants to scream that that's absurdly wasteful.

But... I'm open to counter-arguments. Can anyone point to any empirical data that can make a reasonable case for these resource requirements?

Re:So wait a minute...

[joshio]

A big part of the problem is they way Apple chose to implement certain parts of ActiveSync. When comparing connections from iDevices versus Android or WinMo phones, you will see a disproportionate number of connections (and bandwidth) coming from iDevices compared to the Android/WinMo device. Poor mailbox management (especially if Exchange restrictions are loose) on the user side makes this problem even more noticeable.

We once watched event logs pouring with errors caused by an iPhone of a user who had let his password expire and hadn't yet updated it on his phone. We were seeing between 4 and 8 failed logon attempts every second. Granted, this was a few versions of iOS ago, so I'm sure that particular problem has been fixed by now. Apple's implementation is still highly taxing on Exchange servers compared to other devices.

The real problem is that someone failed to plan adequately for this rollout. Either IT didn't appropriately calculate the load required to add the new devices (along with their inherent inefficiencies), or they did calculate it, and someone overlooked or ignored it.

Re:So wait a minute...

[jonbryce]

If they have email available on their phones and fondleslabs, there is a good chance that they will send more emails, so more storage will be required.

Re:So wait a minute...

[jonbryce]

Exchange activesync doesn't sync every half an hour. The client opens up a connection to the server, waits either half an hour or until the next email arrives for a response, then opens up a new connection. So that means that at any one time the server has 2000 open http connections that it may need to respond to.

Go figure

[nurb432]

Lack of resource forecasting/planning will get you every time. Its not like they didn't know how many would be deployed and on what schedule.. geesh

Something's missing from the story

[nurb432]

Just that their IT staff is incompetent..

Re:Something's missing from the story

[smash]

Alternatively, PHB simply said "iPads for all!" without consulting the IT department or asking about the back end infrastructure required to support such a decision.

Re:Something's missing from the story

[tqk]

I'm guessing that something's missing from the story here...

Just that their IT staff is incompetent..

It's a school system. That's a given.

Add to that, any IT staff they have are *way* less (in numbers) than they need. Also a given.

Have I mentioned my sister's a teacher? Or that we here appear to have three times as many school trustees (28 for a population of ca .7 million) as are necessary, and they are more busy spending funds on lavish head office buildings than on funding schooling?

Run for school trustee. What a cushy gig.

Probably Apple's fault

[bryan1945]

Right?

Personal devices in schools

[betterunixthanunix]

I do not think that privacy is the chief concern when it comes to personal devices on school networks. More likely there is a support contract getting in the way; my high school (in NYC) had a bunch of desktops that could not be connected to the school's network because of a support contract stipulation. Internal emails are probably easy to forward or otherwise export from the schools' computers, and the security is probably very poor (when I was in school, the only think separating the teachers' network from the students' was the IP address assigned to the computer -- and anyone could manually set the IP address, which is how we defeated the censorship firewall).

Re:Personal devices in schools

[Ayanami_R]

The problem with personal devices in education is 1) The average user expects us to support them. We take no responsibility for anything a school didn't buy through the correct channels. 2) Legally protected data travels round on machines we cannot track 3) See #2 4) See #2

Predicting the future

[jamesl]

It's great when a prediction is both public and quantifiable.

Typical...

This is the same IT group that closes its employee payroll information site on nights and weekends. Yup, you read that right -- the NYC DoE "Payroll Portal" where 80,000+ employees check their pay stubs is only open during business hours. It's never been clear why that is -- they couldn't possibly have people pulling the data manually for each request, could they? So you teach all day, go home, apply for an apartment, and can't get your pay stubs at 8 p.m. from a system that is touted as convenient and accessible over the public internet.

Point being, this is a function that is probably short on resources, but also fails to make the most of the funding and systems they do have.

Re:Typical...

[smash]

Maybe they're....y'know.... doing a pay run. or maintenance....

Re:Typical...

[thegarbz]

Maybe they're....y'know.... doing a pay run. or maintenance....

Then I'd accept 15min - 1h daily in the middle of the night as reasonable downtime for that kind of system. God our system at work handles 30k clients and is down for 20min a week to perform this task. Extensive maintenance sometimes brings it down for an hour on the weekend. Usually after 7pm on a Saturday.

Re:Typical...

[shilly]

What, all night, every night? That's a lot of pay runs and a lot of maintenance!

Re:Typical...

[jonbryce]

Where I work, the pay run takes place once a month, on the Monday before the last Thursday of the month, and during working hours.

Re:Typical...

[GrumpySteen]

The payroll servers need time to dream of electric sheep.

Re:Google Apps?

[smash]

Not everybody likes having their data owned by Google.

Virtualization, Anyone?

[arhhook]

Deploy another host, deploy another template VM to distribute load? Surely it's a plug-in, click/drag fix once they add a new host, right? +1 Scalability.

Re:Virtualization, Anyone?

[laffer1]

And deploy it on what? The assumption here is the hardware can't handle the load. Deploying a new VM on the same hardware isn't going to make it faster.. quite the opposite. Virtualization doesn't solve all problems, especially when it's probably running on underpowered hardware.

Re:Virtualization, Anyone?

[QuantumRiff]

Don't forget the licensing.. In some government areas, it can take weeks to get a purchase through the purchasing dept..

Re:Virtualization, Anyone?

[arhhook]

And deploy it on what? The assumption here is the hardware can't handle the load. Deploying a new VM on the same hardware isn't going to make it faster.. quite the opposite. Virtualization doesn't solve all problems, especially when it's probably running on underpowered hardware.

Remember above when I said "Deploy another host?" That hardware.

Heh, just wait

I'm not saying IT workers aren't social, or don't tolerate bureaucracy, but....

Just wait until the union you join enforces workrules which limit your productivity or options.

Some years back we serviced a rack-mount system we had delivered at Lockheed, which was a union shop. Only the 'equipment tech', could remove the device from the rack. Only a soldering tech could solder. Our engineer wasn't even allowed to type on the keyboard, some other specialist was required.

When the job was done and it was time to put the equipment back in the rack, the equipment tech was nowhere in sight. When our engineer 'just did it', it created a cross-company fiasco requiring senior level apologies and a personal apology from our engineer.

So, IT workers, good luck with the union. You're gonna LOVE it.

Re:Teachers should just switch to gmail

[Sprouticus]

Spoken like someone who knows nothing about email systems.

I am guessing that there are strict restrictions on using external email to relay school information.

After all do you want your information on your childs health, disciplinary issues, grades, concerns over abuse, etc etc. to be stored on googles mail server? I sure as hell dont.

Re:Not the MTA

[Sprouticus]

yea for sladot. A few corrections

1) Exchange 2010 has a perfectly good MTA. I would argue that MTA's are the least of what a modern email system does.
2) Activesync utilizes 80/443 for connections, not port 25.
3) They are not adding 2000 new accounts, they are adding 2000 new devices to connect to the accounts.
4) In all likelyhood this is a simple issue of the CAS (Client Access Server) not being size right, or not being sized to include the increase in traffic which would occur (mind you the IT dept might not even have known about this deal when it was made. Hard to size something out when you dont know about it.
5) In all likelyhood this is just a matter of throwing hardware at the issue. If the CAS is running on an old server, or is very undersized, you just add a couple of servers into the array to handle the load.

It is not unlike a website getting overloaded and needing more nodes to handle the traffic. Im assuming they are already load balancing of course, but even if they were not it is not a huge deal. I put in an Exchange 2010 2 server CAS Array in 3 hours. configuration took a couple of days.

Re:Teachers should just switch to gmail

[bytethese]

Depending on the rules of a particular organization however, you could get fired for that. At my currently employer, you cannot use a personal email address for business purposes. Doing so leaves business records in the cloud and that's a no no. Since this is a public school, I'm guessing that it would also be a no no there too.

Re:Not the MTA

[sgt+scrub]

3) They are not adding 2000 new accounts, they are adding 2000 new devices to connect to the accounts.

If the 2000 accounts existed and different devices are now connecting to them then there is something fundamentally wrong with the software.

Re:Teachers should just switch to gmail

[cryfreedomlove]

Spoken like someone who knows nothing about email systems.

I am guessing that there are strict restrictions on using external email to relay school information.

After all do you want your information on your childs health, disciplinary issues, grades, concerns over abuse, etc etc. to be stored on googles mail server? I sure as hell dont.

I trust my anonymity with Google more than with a B-grade IT worker at a school district. Imagine 2 possible scenarios:

1. Google does something with my email data i don't like.

2. A disgruntled IT worker at the school district sells my email data for drug money.

#2 is far more likely.

IMAP vs Active Sync?

[Midnight+Thunder]

Rather than simply saying use a different mail-server, does anyone know whether limiting access to the Exchange server via IMAP would provide less impact?

Re:Teachers should just switch to gmail

[ceoyoyo]

Are Americans really that uptight, or are you just assuming that school divisions are as paranoid as corporations?

Overblown

[GoRK]

$1MM of iPads represents about 2500-3000 users depending on the discount they received. First, I'm presuming that these users already had mailboxes and it's just the additional load of ActiveSync that is causing the trouble. If that's the case, with the types of discounts that government and education receive from microsoft and hardware vendors this is like a $15,000 problem at best. In the scope of a million-dollar project a 1.5% budget problem represents poor planning, but I've seen much much worse.

It is painful for small orgs

[DragonHawk]

One of my complaints about Exchange (and indeed, Microsoft's products in general) is that they're full of bad interactions like that.

(My personal favorite is that installing Outlook (the Exchange client) on the same box as Exchange server causes the server to stop working. (For 2000 and 2003. Not sure on 2007+.) Not that I plan on reading email on the server, but for trouble-shooting it would be useful.)

You're pretty much forced to keep everything on separate servers if you want everything to work as designed.

Sure, in a good sized organization you'd be doing that anyway for performance, but in smaller orgs it's a real pain.

Re:It is painful for small orgs

That is the dumbest way of troubleshooting I have ever heard. You're troubleshooting a client issue on a server os, use a VM of windows 7, vista, xp whatever the client is running...

I'm glad I will probably never get the opportunity to hire you.

iDevice enterprise mgmt != easy

[DragonHawk]

iPads are extremely easy for an enterprise to manage, because they integrate nicely into Exchange (e.g. you can define mail policies on your Exchange server, and iPads do what they're told - encrypt, require password lock, etc.).

We're not finding iPad/iPhone easy to manage at our business. The available management policies are very meager compared to BlackBerry handhelds. Too many things require iTunes, and iTunes is a bear to deploy, update, and manage. When the iDevice malfunctions, diagnostics and repair attempts are very limited. And if we need to do a service/warranty exchange, pain results. They won't ship an FRU; you have to go to a store. And apparently Apple's corporate policy forbids stores from telling customers if they have stock of FRUs, so the only way to find out is to drive to each store and try.

This is not saying that Android or Playbook tablets are any better (we haven't even tried those yet), but iDevices aren't all lollypops and rainbows either.

Re:iDevice enterprise mgmt != easy

[swillden]

I think the Android Enterprise management is pretty solid. Google uses it to manage a fairly large fleet of Android phones and tablets itself. I don't have any direct experience with it though, so take this comment with plenty of salt.

Server Space

[Ceiynt]

I worked first tier tech support for the NYC DOE for 2 years. The amount of space the regular employees get for email is 25MB. Asst. Principals get 30, and Principals get 50.

Sounds like a job for The Cloud.

[DrEldarion]

I bet cloud services are starting to look REALLY tempting to them right now. No worrying about overwhelmed servers, it Just Works.

Google is probably salivating while hearing about this.

Removing tools makes no sense

[DragonHawk]

That is the dumbest way of troubleshooting I have ever heard. You're troubleshooting a client issue on a server os, use a VM of windows 7, vista, xp whatever the client is running...

Not everything divides cleanly into "client" and "server", even in the best designs. Sometimes it's a network or transport issue. Being able to run the client on the server would make it easier to determine where things are going wrong. This is especially the case with MAPI, since before 2007 it's basically just a set of RPC calls into the Information Store structure.

I never understood the desire to remove tools from one's arsenal.

Cloud

[darkmeridian]

Switch to the Google Apps GovCloud or Microsoft Live 365. Oh, it isn't secure!!! Do you think the current admins have Exchange set up securely? You also get spam blocking and Postini with Google.

Switching to Zimbra?

[Doc+Ruby]

What if they just escaped MS Exchange and switched to Zimbra? Isn't Zimbra a lot more scalable, and requires only installing a Zimbra MAPI connector at the client to switch to the configured Zimbra server?

They'd have to rewrite in all their legacy emails SMTP addresses instead of the Exchange X.500 addresses, or replying to them will cause the new recipient addresses to be blank. Isn't there a way to do that inside Zimbra after loading it with the old messages, rather than running something inside the overwhelmed old Exchange server?

Re:Teachers should just switch to gmail

[Doc+Ruby]

Are they public universities and schools? Are they the NYC Department of Education, the largest in the nation, with many hundreds of thousands of teachers, students and staff, and an IT budget of about $2 BILLION?

I didn't think so.

The NYC DOE doesn't have to use Microsoft. But it does have a lot more serious confidentiality and accessibility policies than most schools - or most organizations, even most governments - of any kind.

Re:Not the MTA

[djlowe]

3) They are not adding 2000 new accounts, they are adding 2000 new devices to connect to the accounts.

If the 2000 accounts existed and different devices are now connecting to them then there is something fundamentally wrong with the software

That doesn't make any sense at all. I read it, re-read it and I still don't understand what you wrote. How could there be something wrong with the software just because 2000 new devices are connecting to 2000 existing accounts?

Take a typical situation in a corporation: An employee gets a new laptop. Congratulations! That's one new device connecting to one existing account. Now, scale that up through a computer refresh cycle at a large corporation... say 200 new computers each quarter. Hey that's 800 new devices per year connecting to existing accounts!

Then add in smartphones, and, as in this case, iPads.

I'm not sure what point you were trying to make?

Regards,

dj

You have just broken my head...

[tlambert]

So you are saying that's not a problem for open source software packages that make you pay per user?

I did not believe, until today, that someone could come up with a klein-bottle-shaped thought. I bow down to you, sir.

-- Terry

Exchange

[nilbog]

Exchange sucks. It's incredibly expensive, incredibly inefficient, and incredibly prone to problems. Every company where I've used it I've had issues. It seems the only reason IT people recommend it is to keep the helpdesk employed.

NY could have saved a million dollars by using google apps for education, which has the benefit of actually being able to perform a service to the people who are supposed to be able to use it and had the benefit of being free.

When the options are hassle and cost free vs. pile of exchange, I don't understand why anyone chooses exchange.

They should migrate to Live@edu

[wynand1004]

They should follow the state of Kentucky's lead and migrate everyone over to Live@edu, Microsoft's free cloud-based email, file storage, messenger and web app, system for schools. Kentucky was able to migrate 700,000 accounts over to Live@edu in the course of a weekend. (Ref: http://msftedublogger.wordpress.com/2010/06/03/state-of-kentucky-rolls-out-liveedu-to-700000-users/)

My school has been using Live@edu since the beginning of the year and it has been an unqualified success. Everthing is web-based (although you can use Outlook or another mail client if you prefer), which means it it also cross-platform. Mail is synced between all of a user's devices. It's pretty slick. The SkyDrive storage offers 25 GB of storage and is HTML5 based (but uses Silverlight on Windows).

Did I mention it's free?

Re:Teachers should just switch to gmail

[Kalriath]

No, they use Google Apps for Education, which is different. Google Apps for Education comes with an SLA, Privacy Agreement (i.e. Google does not, or claims not to, data-mine the information), and is set up by replacing (or supplementing) your existing infrastructure. It is, unlike Gmail, actually certified for the purpose and unlike Gmail it is legal to be used for official purposes. Just switching to your personal Gmail account for official school business violates everything from confidentiality laws to transparency (official records) laws, and everything in between.

Also, Exchange servers cannot be cracked by "a 13 year old with halfway decent hacking skills". You're just showing your FUD-spewing Linux Zealot tendencies there.

Re:Not the MTA

[sgt+scrub]

Oh I see, your saying they connect in addition to the original devices. I didn't know the kids synced their phones at the same time they synced their laptops, and desktops, and iPads. That sure seems to be a lot of devices. I've heard of schools going to a 1 to 1 program but a 3 to 1 program is pretty original.

Re:Not the MTA

[jonbryce]

It is probably staff rather than students, but if I see an email on my phone that requires a lengthy reply, I go to my desktop/laptop, fire up Oulook, and type the reply there.

Re:Not the MTA

[laird]

"If the 2000 accounts existed and different devices are now connecting to them then there is something fundamentally wrong with the software."

Keep in mind that the 2,000 new mobile devices are being used IN ADDITION TO however those people read email. If they stopped using their desktops and just used iPads, the load on the system would be unchanged. Adding 2,000 new clients to any mail system will consume the system's capacity, and if the system doesn't have that capacity it'll be in trouble. There's no magic capacity fairy.

As I said...

[DragonHawk]

I'll repeat for your benefit:

This is not saying that Android or Playbook tablets are any better (we haven't even tried those yet), but iDevices aren't all lollypops and rainbows either.

Exchange & iPads

[Whatchamacallit]

They were likely at or near capacity on their existing Exchange / ActiveSync Server when someone else outside of the Exchange group made the decision to get a bunch of iPads. I work with almost a thousand iPads and yes, you need to plan for capacity on the Exchange server. That being said, you had better also plan on WiFi capacity because iPads are bandwidth hogs (not really). They are so very useful that the users actually use them and in doing so pound your network quite a bit more than even laptop users.

I worked a large remote hotel gig where we deployed 200 iPads and it literally killed the hotels network about 6 times over 2 days! We had to shutoff the WiFi service in the convention rooms during a video conference for fear the iPads would crash the network again. We offered to bring our own WiFi network and work with Verizon to do it (big bucks on our part) but the hotels outsourced IT company refused to let us bring our own network. So we used what they provided and pretty much frequently killed network service for all other hotel guests during our stay. The iPads overwhelmed their wimpy routers. The hotel network was designed for guests to check email and web surf a little. It didn't like 200 iPads running Cisco WebEx. I doubt they used advanced networking with bandwidth shaping, etc.