"Namespace planning is a serious topic that must take place relatively early in the Exchange 2010 planning and deployment process. Many companies choose to purchase certificates from a 3rd party certificate authority rather than deploy a certificate generated from an internal CA, as this ensures the majority of devices have a trusted root certificate. Deploying a certificate with incorrect namespace values can be costly as you'll have to generate a new CSR and thus repurchase a new certificate with correct namespace values because you didn't plan correctly. Some CAs will allow you to resubmit a CSR and issue you a new certificate at no charge.)"
In this Robert's Rules of Exchange" series we take a fictitious company, describe their existing Exchange implementation, and then walk through the design, installation, and configuration of their Exchange 2010 environment.
For our purposes, we'll purchase a single SAN cert, and include following subject alternative names:
We'll designate mail.robertsrules.ms as Subject Name. We'll talk more about how to order a certificate, the impacts of using a single certificate when using Outlook Anywhere, and many other things related to our namespace decisions as we move through the upcoming posts in this series.
There're some great documentation written around namespace planning for your CAS deployment:
- Understanding Client Access Server Namespaces, which take you through the thought processes around multiple datacenter models and the kind of namespaces you'll need for each of those datacenter models.
- Transitioning Client Access to Exchange Server 2010 post, which calls out the simple model where we need mail, autodiscover and legacy namespaces for our Internet domain.