Preparing for an Exchange 2013 Hybrid

  • 1,845 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,845
On Slideshare
0
From Embeds
0
Number of Embeds
7

Actions

Shares
Downloads
79
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • On PremisesOffice 365Connection Between those componentsSecured All combined in one Virtual Organization
  • Table
  • IDFIX: Looks for invalid characters, checks length constraints, format and duplicate values across:c, co, displayName, givenName, Mail, mailNickName, proxyAddress, sAMAccountName, sn, targetAddress, userPrincipalName
  • Still need to finalize the image

Transcript

  • 1. Exchange 2013 – Office 365 Preparing for Hybrid
  • 2. Jethro Seghers
  • 3. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID WHAT IS HYBRID EXCHANGE? 1 VIRTUAL ORGANIZATION
  • 4. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID WHY HYBRID DEPLOYMENTS?  Organizations are not ready to go completely to the cloud  Security Concerns  Compliancy Concerns  Management Concerns  Long-term coexistence  Large migrations where cutover isn’t possible.  Transparent mailbox moves (to or from Exchange Online) 4
  • 5. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID WHY HYBRID DEPLOYMENTS?  Take advantages of features like e.g. Exchange Online Archiving with On Premises Mailboxes  Interaction with 3rd party applications 5
  • 6. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID ADVANTAGES OF HYBRID DEPLOYMENT  Secure mail routing between on-premises and Exchange Online organizations  Mail routing with a shared domain namespace  A unified global address list (GAL), also called a “shared address book.”  Free/busy and calendar sharing between on-premises and Exchange Online organizations 6
  • 7. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID ADVANTAGES OF HYBRID DEPLOYMENT  Centralized control of inbound and outbound mail flow. You can configure all inbound and outbound Exchange Online messages to be routed through the on-premises Exchange organization  A single Microsoft Office Outlook Web App URL for both the on-premises and Exchange Online organizations  The ability to move existing on-premises mailboxes to the Exchange Online organization. Exchange Online mailboxes can also be moved back to the on-premises organization if needed 7
  • 8. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID ADVANTAGES OF HYBRID DEPLOYMENT  Centralized mailbox management using the on- premises Exchange admin center (EAC)  Message tracking, MailTips, and multi-mailbox search between on-premises and Exchange Online organizations.  Cloud-based message archiving for on-premises Exchange mailboxes 8
  • 9. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID DEMO EXCHANGE HYBRID IN ACTION 9
  • 10. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID SUPPORTED VERSIONS 10 Office 365 (v 2010) Office 365 - W15 w/ On-Prem 2010 Office 365 – W15 w/ On-Prem 2013 Exchange 2013 N/A X Exchange 2010 SP3 X X X Exchange 2010 SP2 X Exchange 2010 SP1 X Exchange 2007 SP3 (X) (X) (X) Exchange 2007 SP2/SP3 (X) (X) Exchange 2003 SP2 (X) (X)
  • 11. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID ARCHITECTURE 11
  • 12. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID MAILFLOW
  • 13. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID BUILDING BLOCKS  Supported Exchange On Premises Version  Exchange Online  Directory Synchronization  Active Directory Federation Services  Exchange Online Protection 13
  • 14. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID WHAT IS DIRSYNC? “…is a Directory Synchronization engine based on Forefront Identity Manager (FIM) that will synchronize a subset of your on-premise Active Directory with Windows Azure Active Directory (Office 365).”
  • 15. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID WHY DIRSYNC Main Purpose: Sync Attributes from Active Directory to Windows Azure Active Directory and Back (in case of Hybrid) 15
  • 16. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID LESSONS LEARNED  Long term coexistence between Active Directory On Premise and Windows Azure Active Directory.  It’s NOT for easy, quick provisioning of objects, such as groups, contacts, …  It provides a single point of managing  Users  Groups & Memberships  Contacts  Sync attributes runs once every 3 hours. Sync AD password once every 2 minutes. 16
  • 17. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID DirSync Active Directory METAVERSE DIRSYNC: HOW DOES IT WORK
  • 18. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID DEPLOYMENT CONSIDERATIONS  Is your Active Directory Ready for DirSync  Topology: single forest? Multiple Domains? Broken inheritance user rights?  Check your AD by using the Readiness Tool or OnRamp  Firewall? Can DirSync connect to Azure Active Directory  Service Accounts  64 Bit only  Activation, Deactivation Time  Filtering?  SQL Version? 18
  • 19. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID WHAT OBJECTS ARE SYNCED?  From AD to Office 365: http://support.microsoft.com/kb/2256198  From Office 365 to AD (aka write-back): Write-Back attribute Exchange "full fidelity" feature SafeSendersHash BlockedSendersHash SafeRecipientHash Filtering: Writes back on-premises filtering and online safe and blocked sender data from clients. msExchArchiveStatus Online Archive: Enables customers to archive mail. ProxyAddresses (LegacyExchangeDN <online LegacyDn> as X500) Enable Mailbox: Off-boards an online mailbox back to on-premises Exchange. msExchUCVoiceMailSettings Enable Unified Messaging (UM) - Online voice mail: This new attribute is used only for UM-Microsoft Lync Server 2010 integration to indicate to Lync Server 2010 on-premises that the user has voice mail in online services.
  • 20. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID TROUBLESHOOTING  Broken Inheritance Active Directory  Email Send out by DirSync  IDFix : DirSync Remediation Tool  MetaVerse Search  Expired Password DirSync 20
  • 21. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID DEMO DIRSYNC IN ACTION 21
  • 22. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID WHAT IS ADFS? “…is a software component installed on Windows Server operating systems to provide users with Single Sign-On access to systems and applications located across organizational boundaries. It uses a claims-based access control authorization model to maintain application security and implement federated identity…”
  • 23. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID WHY ADFS Main Purpose: Provide Active Directory Users a full Single Sign On experience 23
  • 24. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID ADFS: ON PREMISE TOPOLOGY Enterprise DMZ AD FS 2.0 Server Proxy Internal user Active Directory AD FS 2.0 Server AD FS 2.0 Server AD FS 2.0 Server Proxy
  • 25. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID ADFS: ON PREMISE TOPOLOGY Enterprise DMZ AD FS 2.0 Server Proxy Internal user Active Directory AD FS 2.0 Server AD FS 2.0 Server AD FS 2.0 Server Proxy
  • 26. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID WEB (PASSIVE) AUTHENTICATION FLOW WEB
  • 27. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID ACTIVE AUTHENTICATION FLOW Active
  • 28. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID LESSONS LEARNED  Deploy ADFS in High Availability  Service account: log on as batch job  ADFS requires a public certificate only for client communications; token signing and encryption can be done with self-signed certificates  Workflow/endpoint is different depending the application you use: Passive (Web)/Active (Outlook)  Troubleshooting is not always easy. e.g. requires understanding how to use tools like fiddler2. E.g. to Analyze Sign-In Flow 28
  • 29. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID DEMO ADFS IN ACTION 29
  • 30. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID WHAT’S “NEW” IN THE HYBRID CONFIGURATION WIZARD  Single-step, adaptive configuration wizard  Enhanced mail-flow capabilities  Improved centralized mail flow  Easier setup of secure mail flow (no more whitelisting IP’s!)  Integrated support for Exchange 2010 Edge Transport server  Leverages Exchange Online Protection  Enhanced & more detailed logging
  • 31. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
  • 32. www.devconnections.com EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID DEMO HCW IN ACTION 32