SINGAPORE               Sanjeev Thakur               Sr. Premier Field Engineer, Microsoft Singapore               Ram Mut...
Agenda Overview of Hybrid Deployment Planning Hybrid Deployment Mail Flow Architecture Calendar Sharing Secure Transport D...
Exchange   Large    On-Premises     IMAP       Medium   Single Sign-On     Lotus      Small    On-Cloud     Notes     Goog...
Overview of Hybrid DeploymentSeamless interactions between on-premises and cloudmailboxesCalendars and free/busy informati...
Limitations - Hybrid DeploymentCoexistence of mailbox permissions –Permissions aremigrated, but do not work when Delegator...
6
Hybrid Server Roles2 Required Server Roles:• Office 365 Active Directory Synchronization• Exchange Server 2010 SP1 CAS/Hub...
Planning Hybrid Deployment
Planning Hybrid DeploymentTo use hybrid deployment, you must maintain at least oneFederation technology Identity Federatio...
Identity Vs. Exchange Federation
Domain Name RequirementPrimary SMTP Domain : contoso.com   MX record points to on-premisesService Domain :- service.conto...
Certificate RequirementA public certificate is required to successfully setup bothIdentity Federation and Exchange Federat...
Mail Routing Architecture
Single Namespace – Core                       ConceptsMX for contoso.com = On Premises                External Recipient  ...
Shared Namespace-Core ConceptsMX for contoso.com = On Premises                                                            ...
Calendar Sharing
Standard On-Premises Free/busy                Brad Mailbox         Ben          Server    Client Access        Server     ...
Federated Free/busy                                  Microsoft                                 Federation                 ...
Exchange Online Archive                             Microsoft                            Federation                  Mailb...
Secure Transport
ForeFront Online                Secure Mail – TLS                                Protection for                           ...
Secure Mail - Sending Internal Headers              to the Cloud                     ForeFront Online                     ...
Secure Mail – Sending Internal Headers to                On-premises      ForeFront Online                                ...
Centralized Mail flow Control                           Internet                                      ForeFront Online    ...
Deployment
Exchange Deployment Assistant
Step 1 – Office 365 Configuration
Step 2 – Exchange Configuration
Creating the Exchange Federation                     TrustCreate Exchange Federation Trust with the    MFG using a “unique...
Creating the Secure Mail              Connectors                        FOPEOn Premises AD Forest   Exchange  2010 CAS/  H...
Migration
Hybrid Coexistence Migration It’s a true “online” move – user stays connected to their mailbox through the move    – Clie...
Autodiscover                                                                  Mailbox                                     ...
What’s New in Exchange 2010                              SP2? New Hybrid Configuration Wizard   –   Exchange federation t...
Questions?             37
Upcoming SlideShare
Loading in...5
×

MS TechDays 2011 - Microsoft Exchange Server and Office 365 Hybrid Deployment

1,848

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,848
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
65
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

MS TechDays 2011 - Microsoft Exchange Server and Office 365 Hybrid Deployment

  1. 1. SINGAPORE Sanjeev Thakur Sr. Premier Field Engineer, Microsoft Singapore Ram Muthukaruppan Sr. Consultant, Microsoft SingaporeMicrosoftExchangeServer andOffice 365 :HybridDeployment
  2. 2. Agenda Overview of Hybrid Deployment Planning Hybrid Deployment Mail Flow Architecture Calendar Sharing Secure Transport Deployment Migration What’s new in SP2 Q&A
  3. 3. Exchange Large On-Premises IMAP Medium Single Sign-On Lotus Small On-Cloud Notes GoogleHybrid DirSyncExchange Bulksharing Provisioningfeatures
  4. 4. Overview of Hybrid DeploymentSeamless interactions between on-premises and cloudmailboxesCalendars and free/busy information sharing betweenon-Premises and Cloud Mailboxes.Mailbox Management can be done using on-premisesExchange Management ConsoleUsers can log on to their email accounts with theirexisting credentials regardless of their mailboxesLocationMigrations into and out of Exchange Online aretransparent to the user.
  5. 5. Limitations - Hybrid DeploymentCoexistence of mailbox permissions –Permissions aremigrated, but do not work when Delegator andDelegate are split between on-premise & cloudMigration of Send As for non mailbox recipientsMulti-forest – Only single forest source environmentsPublic Folders
  6. 6. 6
  7. 7. Hybrid Server Roles2 Required Server Roles:• Office 365 Active Directory Synchronization• Exchange Server 2010 SP1 CAS/Hub* 1 Optional Server Role:
  8. 8. Planning Hybrid Deployment
  9. 9. Planning Hybrid DeploymentTo use hybrid deployment, you must maintain at least oneFederation technology Identity Federation  Provides SSO  Requires AD FS 2.0  Applies to all Office 365 services Exchange Federation  Exchange Federation Trust  Organization relationships  Applies only to all Exchange Online services
  10. 10. Identity Vs. Exchange Federation
  11. 11. Domain Name RequirementPrimary SMTP Domain : contoso.com MX record points to on-premisesService Domain :- service.contoso.com MX record points to Office 365 Used for Mail routing between On-premises and Office 365 Delegation Domain :exchangedelegation.contoso.com Only used for setting up the Federation Trust DNS TXT records configured for proof of ownership purposes
  12. 12. Certificate RequirementA public certificate is required to successfully setup bothIdentity Federation and Exchange FederationA public certificate is required for the following services:AD FS endpoints (AD FS Proxy)Exchange Web ServicesAutodiscoverThe Exchange Federation Trust can use a self-signed, public,or internal CA generated certificateThe Exchange Management Console wizard creates a self-signedcertificate if one does not exist.This certificate is only used to sign and encrypt delegation tokensExchange automatically distributes this certificate to other CASservers.
  13. 13. Mail Routing Architecture
  14. 14. Single Namespace – Core ConceptsMX for contoso.com = On Premises External Recipient (joe@foo.com) Internet On Premises AD Forest Email from Exchange 2003 joe@foo.com to DC FE/BE Server ben@contoso.com
  15. 15. Shared Namespace-Core ConceptsMX for contoso.com = On Premises External Recipient (joe@foo.com) Internet On Premises MX for service.contoso.com = Exchange AD Forest Online Exchange 2003 DC FE/BE Server Exchange Online Email from joe@foo.com to ben@contoso.com
  16. 16. Calendar Sharing
  17. 17. Standard On-Premises Free/busy Brad Mailbox Ben Server Client Access Server On Premises User “Ben” On Premises
  18. 18. Federated Free/busy Microsoft Federation Mailbox Gateway Server BenClient Access Server Free Busy Requ est From Ben To Joe Exchange OnlineOn PremisesUser “Ben” On Premises Joe
  19. 19. Exchange Online Archive Microsoft Federation Mailbox Gateway Ben Server Client Access Server Archi ve Requ est From Ben To Archi ve Exchange Online On Premises User “Ben” On Premises
  20. 20. Secure Transport
  21. 21. ForeFront Online Secure Mail – TLS Protection for ExchangeDomainSecure Exchange Online MailboxOn Premises ServerMailbox “Ben” Cloud Hub Mailbox “Joe” Transport Server On Premises
  22. 22. Secure Mail - Sending Internal Headers to the Cloud ForeFront Online Protection for Exchange XOORG Data Certific ate Subject Exchange Online MailboxOn Premises ServerMailbox “Ben” Cross-premises emails are Cloud Hub Mailbox “Joe” authenticated Transport XOORG Data as “Internal” Server On Premises
  23. 23. Secure Mail – Sending Internal Headers to On-premises ForeFront Online Protection for Exchange Exchange Online XOORG Data MailboxOn Premises ServerMailbox “Ben” Emails from the Cloud Hub Mailbox “Joe” cloud are Transport seen as Server XOORGInternal by Data Transport Premises On
  24. 24. Centralized Mail flow Control Internet ForeFront Online Protection for Exchange HubMailbox Centralized TransportServer Server Mail flow Control Exchange Online On Premises
  25. 25. Deployment
  26. 26. Exchange Deployment Assistant
  27. 27. Step 1 – Office 365 Configuration
  28. 28. Step 2 – Exchange Configuration
  29. 29. Creating the Exchange Federation TrustCreate Exchange Federation Trust with the MFG using a “unique namespace” e.g. “exchangedelegation.contoso.com” MSO ID Microsoft Federation Automatic implied Gateway (MFG) trust between the Exchange Online tenant and MFG On Premises AD Forest Exchange Online Exchange Online On-premises OrgExchange 2010 CAS/ Org Relationship Relationship with Server HUB with “service.contoso.com” “contoso.com”
  30. 30. Creating the Secure Mail Connectors FOPEOn Premises AD Forest Exchange 2010 CAS/ HUB Server Exchange Online
  31. 31. Migration
  32. 32. Hybrid Coexistence Migration It’s a true “online” move – user stays connected to their mailbox through the move – Client switchover happens automatically at the end – Traditional “offline” move when moving from Exchange 2003 source Outlook uses Autodiscover to detect the change and fixes up the user’s Outlook profile automatically on the client machine Since it’s a move (not a new mailbox + data copy), Outlook doesn’t see it as a new/different mailbox. End result = No OST resync Moves are queued and paced by the datacenter Object conversion for mail routing happens automatically after data move – Mailbox on-premises gets converted to Mail-enabled user automatically – Admin can override this automation and stage the move-then-convert steps
  33. 33. Autodiscover Mailbox Primary SMTP Address = ben@contoso.com Secondary SMTP Address = guid@service.contoso.com Remote Mailbox Primary SMTP Address = ben@contoso.com Remote Routing Address = guid@service.contoso.com (3) Outlook attempts to discover (1) Where is my mailbox? through DNS record endpoint “autodiscover.service.contoso.com” (2) Local Exchange passes a redirect to “service.contoso.com”Authentication (4) Request Outlook client (5) Authentication Success (6) Profile Builds
  34. 34. What’s New in Exchange 2010 SP2? New Hybrid Configuration Wizard – Exchange federation trust – Organization relationships Pre-SP2: Approximately 50 manual – Remote domains/accepted domains steps – Email address policies – Send/Receive connector With SP2: Now only 6 manual steps – Forefront inbound/outbound connectors – MRSProxy – Pre-req checks (i.e. Office365 Active Directory Sync, Exchange certificates, registered custom domains, etc…) New PowerShell cmdlets – New/Get/Set/Update-HybridConfiguration Namespaces improvements – Removing requirement for unique namespace – Providing every customer a coexistence domain, for every hybrid deployment • Service.contoso.com is now Contoso.mail.onmicrosoft.com
  35. 35. Questions? 37
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×