MS TechDays 2011 - Microsoft Exchange Server and Office 365 Hybrid Deployment
•
2 likes•1,499 views
Recommended
Recommended
More Related Content
Similar to MS TechDays 2011 - Microsoft Exchange Server and Office 365 Hybrid Deployment
Similar to MS TechDays 2011 - Microsoft Exchange Server and Office 365 Hybrid Deployment (12)
More from Spiffy
More from Spiffy (20)
Recently uploaded
Recently uploaded (20)
MS TechDays 2011 - Microsoft Exchange Server and Office 365 Hybrid Deployment
- 1. SINGAPORE Sanjeev Thakur Sr. Premier Field Engineer, Microsoft Singapore Ram Muthukaruppan Sr. Consultant, Microsoft Singapore Microsoft Exchange Server and Office 365 : Hybrid Deployment
- 2. Agenda Overview of Hybrid Deployment Planning Hybrid Deployment Mail Flow Architecture Calendar Sharing Secure Transport Deployment Migration What’s new in SP2 Q&A
- 3. Exchange Large On-Premises IMAP Medium Single Sign-On Lotus Small On-Cloud Notes Google Hybrid DirSync Exchange Bulk sharing Provisioning features
- 4. Overview of Hybrid Deployment Seamless interactions between on-premises and cloud mailboxes Calendars and free/busy information sharing between on-Premises and Cloud Mailboxes. Mailbox Management can be done using on-premises Exchange Management Console Users can log on to their email accounts with their existing credentials regardless of their mailboxes Location Migrations into and out of Exchange Online are transparent to the user.
- 5. Limitations - Hybrid Deployment Coexistence of mailbox permissions –Permissions are migrated, but do not work when Delegator and Delegate are split between on-premise & cloud Migration of Send As for non mailbox recipients Multi-forest – Only single forest source environments Public Folders
- 6. 6
- 7. Hybrid Server Roles 2 Required Server Roles: • Office 365 Active Directory Synchronization • Exchange Server 2010 SP1 CAS/Hub* 1 Optional Server Role:
- 9. Planning Hybrid Deployment To use hybrid deployment, you must maintain at least one Federation technology Identity Federation Provides SSO Requires AD FS 2.0 Applies to all Office 365 services Exchange Federation Exchange Federation Trust Organization relationships Applies only to all Exchange Online services
- 10. Identity Vs. Exchange Federation
- 11. Domain Name Requirement Primary SMTP Domain : contoso.com MX record points to on-premises Service Domain :- service.contoso.com MX record points to Office 365 Used for Mail routing between On-premises and Office 365 Delegation Domain :exchangedelegation.contoso.com Only used for setting up the Federation Trust DNS TXT records configured for proof of ownership purposes
- 12. Certificate Requirement A public certificate is required to successfully setup both Identity Federation and Exchange Federation A public certificate is required for the following services: AD FS endpoints (AD FS Proxy) Exchange Web Services Autodiscover The Exchange Federation Trust can use a self-signed, public, or internal CA generated certificate The Exchange Management Console wizard creates a self-signed certificate if one does not exist. This certificate is only used to sign and encrypt delegation tokens Exchange automatically distributes this certificate to other CAS servers.
- 14. Single Namespace – Core Concepts MX for contoso.com = On Premises External Recipient (joe@foo.com) Internet On Premises AD Forest Email from Exchange 2003 joe@foo.com to DC FE/BE Server ben@contoso.com
- 15. Shared Namespace-Core Concepts MX for contoso.com = On Premises External Recipient (joe@foo.com) Internet On Premises MX for service.contoso.com = Exchange AD Forest Online Exchange 2003 DC FE/BE Server Exchange Online Email from joe@foo.com to ben@contoso.com
- 16. Calendar Sharing
- 17. Standard On-Premises Free/busy Brad Mailbox Ben Server Client Access Server On Premises User “Ben” On Premises
- 18. Federated Free/busy Microsoft Federation Mailbox Gateway Server Ben Client Access Server Free Busy Requ est From Ben To Joe Exchange Online On Premises User “Ben” On Premises Joe
- 19. Exchange Online Archive Microsoft Federation Mailbox Gateway Ben Server Client Access Server Archi ve Requ est From Ben To Archi ve Exchange Online On Premises User “Ben” On Premises
- 20. Secure Transport
- 21. ForeFront Online Secure Mail – TLS Protection for Exchange Domain Secure Exchange Online Mailbox On Premises Server Mailbox “Ben” Cloud Hub Mailbox “Joe” Transport Server On Premises
- 22. Secure Mail - Sending Internal Headers to the Cloud ForeFront Online Protection for Exchange XOORG Data Certific ate Subject Exchange Online Mailbox On Premises Server Mailbox “Ben” Cross-premises emails are Cloud Hub Mailbox “Joe” authenticated Transport XOORG Data as “Internal” Server On Premises
- 23. Secure Mail – Sending Internal Headers to On-premises ForeFront Online Protection for Exchange Exchange Online XOORG Data Mailbox On Premises Server Mailbox “Ben” Emails from the Cloud Hub Mailbox “Joe” cloud are Transport seen as Server XOORG Internal by Data Transport Premises On
- 24. Centralized Mail flow Control Internet ForeFront Online Protection for Exchange Hub Mailbox Centralized Transport Server Server Mail flow Control Exchange Online On Premises
- 25. Deployment
- 27. Step 1 – Office 365 Configuration
- 28. Step 2 – Exchange Configuration
- 29. Creating the Exchange Federation Trust Create Exchange Federation Trust with the MFG using a “unique namespace” e.g. “exchangedelegation.contoso.com” MSO ID Microsoft Federation Automatic implied Gateway (MFG) trust between the Exchange Online tenant and MFG On Premises AD Forest Exchange Online Exchange Online On-premises OrgExchange 2010 CAS/ Org Relationship Relationship with Server HUB with “service.contoso.com” “contoso.com”
- 30. Creating the Secure Mail Connectors FOPE On Premises AD Forest Exchange 2010 CAS/ HUB Server Exchange Online
- 31. Migration
- 32. Hybrid Coexistence Migration It’s a true “online” move – user stays connected to their mailbox through the move – Client switchover happens automatically at the end – Traditional “offline” move when moving from Exchange 2003 source Outlook uses Autodiscover to detect the change and fixes up the user’s Outlook profile automatically on the client machine Since it’s a move (not a new mailbox + data copy), Outlook doesn’t see it as a new/different mailbox. End result = No OST resync Moves are queued and paced by the datacenter Object conversion for mail routing happens automatically after data move – Mailbox on-premises gets converted to Mail-enabled user automatically – Admin can override this automation and stage the move-then-convert steps
- 33. Autodiscover Mailbox Primary SMTP Address = ben@contoso.com Secondary SMTP Address = guid@service.contoso.com Remote Mailbox Primary SMTP Address = ben@contoso.com Remote Routing Address = guid@service.contoso.com (3) Outlook attempts to discover (1) Where is my mailbox? through DNS record endpoint “autodiscover.service.contoso.com” (2) Local Exchange passes a redirect to “service.contoso.com”Authentication (4) Request Outlook client (5) Authentication Success (6) Profile Builds
- 34. What’s New in Exchange 2010 SP2? New Hybrid Configuration Wizard – Exchange federation trust – Organization relationships Pre-SP2: Approximately 50 manual – Remote domains/accepted domains steps – Email address policies – Send/Receive connector With SP2: Now only 6 manual steps – Forefront inbound/outbound connectors – MRSProxy – Pre-req checks (i.e. Office365 Active Directory Sync, Exchange certificates, registered custom domains, etc…) New PowerShell cmdlets – New/Get/Set/Update-HybridConfiguration Namespaces improvements – Removing requirement for unique namespace – Providing every customer a coexistence domain, for every hybrid deployment • Service.contoso.com is now Contoso.mail.onmicrosoft.com
- 35. Questions? 37