The Official Stance on Address List Segregation
Since the early days of Exchange Server our customers have used various methods to provide different views of the Global Address List (GAL) to subsets of users within the same Exchange Organization. This segmentation allowed administrators to optimize address lists in large companies, creating smaller 'virtual' organizations, with users only able to see the users they need to see. This segmentation still allowed users to share common features in Exchange such as Public Folders, Transport Rules and High Availability constructs.
Historically the method used to provide this segmentation varied between versions of Exchange as the product evolved in design and implementation and until now had not been supported with Exchange 2010.
The Exchange Customer Experience Team has heard the feedback our customers have provided to us and are now working to incorporate a set of features that will provide a Global Address Segmentation capability directly into Service Pack 2, which will be available to customers in the second half of 2011. We plan on posting more about Service Pack 2 in the next couple of weeks.
This decision was taken in order to simplify the deployment and configuration of the feature for all customers by providing a consistent and controlled experience through the standard Exchange management interface.
As a result of the decision to build the functionality into the product, we have also decided that we will not release an updated version of the Configuring Virtual Organizations and Address List Segregation Whitepaper that was published for Exchange Server 2007.
This decision is not one that was taken lightly, but was considered necessary given the scope of the changes that will be introduced into the product with the introduction of the GAL Segmentation feature and the need to provide customers with a clear upgrade path which did not require them to revert a series of previously implemented manual changes.
If you are currently blocked from deploying Exchange 2010 because of a need for this feature in your environment we encourage you to watch for the updated guidance from Microsoft as the feature is developed, then plan your migration accordingly.
In order to provide transparency in these early stages of development, our intentions for this feature are:
- This feature is not intended to enable the On-Premises configuration of Exchange 2010 to be used in place of the multi-tenant enabled version of the Exchange 2010.
- Our intended audiences for this feature are organizations that:
- Require some form of sub-divided address book or who wish to create several 'virtual' organizations within a single Exchange Organization.
- Enable users to share some resources between these segmented user populations
- Seek to control which objects are visible to a user when they open their address book picker.
The way we intend to deliver this feature is by using an "Address Book Policy" assignment model, rather than continuing with the ACL based GAL Segmentation concept we previously provided. This approach is not intended to provide complete tenant isolation as is provided in the Hosting mode available in Exchange 2010 SP1, rather it is intended to allow an administrator to grant access to certain views of the GAL rather than restricting views.
If you intend to resell Exchange 2010 mailboxes by using the feature we are introducing, in what is generally recognized as a hosting configuration, we strongly recommend that you instead evaluate the Hosting mode of Exchange available since the release of Service Pack 1. Should you choose to further customize the On-premises configuration to meet requirements for multi-tenancy your configuration may not be supported by the Exchange team. The hosting mode of the product has been designed with true multi-tenancy capability in mind and is our strategic platform that we recommend customers who wish to host Exchange mailboxes adopt going forward. Likewise, if you are interested in privately hosting Exchange for the rest of your company, it is strongly advised to consider the limitations and extra requirements associated with the multi-tenant version of Exchange and decide if you truly will need the full functionality or if you only require Address Book Policies.