MS TechDays 2011 - Microsoft Exchange Server and Office 365 Hybrid Deployment


Published on

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

MS TechDays 2011 - Microsoft Exchange Server and Office 365 Hybrid Deployment

  1. 1. SINGAPORE Sanjeev Thakur Sr. Premier Field Engineer, Microsoft Singapore Ram Muthukaruppan Sr. Consultant, Microsoft SingaporeMicrosoftExchangeServer andOffice 365 :HybridDeployment
  2. 2. Agenda Overview of Hybrid Deployment Planning Hybrid Deployment Mail Flow Architecture Calendar Sharing Secure Transport Deployment Migration What’s new in SP2 Q&A
  3. 3. Exchange Large On-Premises IMAP Medium Single Sign-On Lotus Small On-Cloud Notes GoogleHybrid DirSyncExchange Bulksharing Provisioningfeatures
  4. 4. Overview of Hybrid DeploymentSeamless interactions between on-premises and cloudmailboxesCalendars and free/busy information sharing betweenon-Premises and Cloud Mailboxes.Mailbox Management can be done using on-premisesExchange Management ConsoleUsers can log on to their email accounts with theirexisting credentials regardless of their mailboxesLocationMigrations into and out of Exchange Online aretransparent to the user.
  5. 5. Limitations - Hybrid DeploymentCoexistence of mailbox permissions –Permissions aremigrated, but do not work when Delegator andDelegate are split between on-premise & cloudMigration of Send As for non mailbox recipientsMulti-forest – Only single forest source environmentsPublic Folders
  6. 6. 6
  7. 7. Hybrid Server Roles2 Required Server Roles:• Office 365 Active Directory Synchronization• Exchange Server 2010 SP1 CAS/Hub* 1 Optional Server Role:
  8. 8. Planning Hybrid Deployment
  9. 9. Planning Hybrid DeploymentTo use hybrid deployment, you must maintain at least oneFederation technology Identity Federation  Provides SSO  Requires AD FS 2.0  Applies to all Office 365 services Exchange Federation  Exchange Federation Trust  Organization relationships  Applies only to all Exchange Online services
  10. 10. Identity Vs. Exchange Federation
  11. 11. Domain Name RequirementPrimary SMTP Domain : MX record points to on-premisesService Domain :- MX record points to Office 365 Used for Mail routing between On-premises and Office 365 Delegation Domain Only used for setting up the Federation Trust DNS TXT records configured for proof of ownership purposes
  12. 12. Certificate RequirementA public certificate is required to successfully setup bothIdentity Federation and Exchange FederationA public certificate is required for the following services:AD FS endpoints (AD FS Proxy)Exchange Web ServicesAutodiscoverThe Exchange Federation Trust can use a self-signed, public,or internal CA generated certificateThe Exchange Management Console wizard creates a self-signedcertificate if one does not exist.This certificate is only used to sign and encrypt delegation tokensExchange automatically distributes this certificate to other CASservers.
  13. 13. Mail Routing Architecture
  14. 14. Single Namespace – Core ConceptsMX for = On Premises External Recipient ( Internet On Premises AD Forest Email from Exchange 2003 to DC FE/BE Server
  15. 15. Shared Namespace-Core ConceptsMX for = On Premises External Recipient ( Internet On Premises MX for = Exchange AD Forest Online Exchange 2003 DC FE/BE Server Exchange Online Email from to
  16. 16. Calendar Sharing
  17. 17. Standard On-Premises Free/busy Brad Mailbox Ben Server Client Access Server On Premises User “Ben” On Premises
  18. 18. Federated Free/busy Microsoft Federation Mailbox Gateway Server BenClient Access Server Free Busy Requ est From Ben To Joe Exchange OnlineOn PremisesUser “Ben” On Premises Joe
  19. 19. Exchange Online Archive Microsoft Federation Mailbox Gateway Ben Server Client Access Server Archi ve Requ est From Ben To Archi ve Exchange Online On Premises User “Ben” On Premises
  20. 20. Secure Transport
  21. 21. ForeFront Online Secure Mail – TLS Protection for ExchangeDomainSecure Exchange Online MailboxOn Premises ServerMailbox “Ben” Cloud Hub Mailbox “Joe” Transport Server On Premises
  22. 22. Secure Mail - Sending Internal Headers to the Cloud ForeFront Online Protection for Exchange XOORG Data Certific ate Subject Exchange Online MailboxOn Premises ServerMailbox “Ben” Cross-premises emails are Cloud Hub Mailbox “Joe” authenticated Transport XOORG Data as “Internal” Server On Premises
  23. 23. Secure Mail – Sending Internal Headers to On-premises ForeFront Online Protection for Exchange Exchange Online XOORG Data MailboxOn Premises ServerMailbox “Ben” Emails from the Cloud Hub Mailbox “Joe” cloud are Transport seen as Server XOORGInternal by Data Transport Premises On
  24. 24. Centralized Mail flow Control Internet ForeFront Online Protection for Exchange HubMailbox Centralized TransportServer Server Mail flow Control Exchange Online On Premises
  25. 25. Deployment
  26. 26. Exchange Deployment Assistant
  27. 27. Step 1 – Office 365 Configuration
  28. 28. Step 2 – Exchange Configuration
  29. 29. Creating the Exchange Federation TrustCreate Exchange Federation Trust with the MFG using a “unique namespace” e.g. “” MSO ID Microsoft Federation Automatic implied Gateway (MFG) trust between the Exchange Online tenant and MFG On Premises AD Forest Exchange Online Exchange Online On-premises OrgExchange 2010 CAS/ Org Relationship Relationship with Server HUB with “” “”
  30. 30. Creating the Secure Mail Connectors FOPEOn Premises AD Forest Exchange 2010 CAS/ HUB Server Exchange Online
  31. 31. Migration
  32. 32. Hybrid Coexistence Migration It’s a true “online” move – user stays connected to their mailbox through the move – Client switchover happens automatically at the end – Traditional “offline” move when moving from Exchange 2003 source Outlook uses Autodiscover to detect the change and fixes up the user’s Outlook profile automatically on the client machine Since it’s a move (not a new mailbox + data copy), Outlook doesn’t see it as a new/different mailbox. End result = No OST resync Moves are queued and paced by the datacenter Object conversion for mail routing happens automatically after data move – Mailbox on-premises gets converted to Mail-enabled user automatically – Admin can override this automation and stage the move-then-convert steps
  33. 33. Autodiscover Mailbox Primary SMTP Address = Secondary SMTP Address = Remote Mailbox Primary SMTP Address = Remote Routing Address = (3) Outlook attempts to discover (1) Where is my mailbox? through DNS record endpoint “” (2) Local Exchange passes a redirect to “”Authentication (4) Request Outlook client (5) Authentication Success (6) Profile Builds
  34. 34. What’s New in Exchange 2010 SP2? New Hybrid Configuration Wizard – Exchange federation trust – Organization relationships Pre-SP2: Approximately 50 manual – Remote domains/accepted domains steps – Email address policies – Send/Receive connector With SP2: Now only 6 manual steps – Forefront inbound/outbound connectors – MRSProxy – Pre-req checks (i.e. Office365 Active Directory Sync, Exchange certificates, registered custom domains, etc…) New PowerShell cmdlets – New/Get/Set/Update-HybridConfiguration Namespaces improvements – Removing requirement for unique namespace – Providing every customer a coexistence domain, for every hybrid deployment • is now
  35. 35. Questions? 37