Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

(ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes


Published on

Managing corporate email infrastructure is highly capital intensive and laborious. Amazon WorkMail does all the heavy lifting on behalf of customers, to offer the highest grade of security to organizations, along with much needed flexibility. In this session, get an inside look into how Amazon WorkMail leverages other AWS services, such as AWS KMS and AWS Directory Service, and learn more about how our customers have successfully set up their highly secure email infrastructure in just a few easy steps.

Published in: Technology
  • Be the first to comment

(ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes

  1. 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thomas Doehler – General Manager Milo Oostergo – Sr. Product Manager October 2015 ISM317 Amazon WorkMail Secure, Corporate Email in Less Than 10 Minutes
  2. 2. What to Expect from the Session • Why we built Amazon WorkMail • What is Amazon WorkMail? • Features and functionality • Pricing and availability • Getting started with Amazon WorkMail • Integrating with your on-premises environment • Migrating to Amazon WorkMail • Q&A
  3. 3. Why we built Amazon WorkMail • Email has evolved from a simple communication tool to an enabler of almost any business process • Secure access is key • Managing the infrastructure required to operate this mission critical service adds cost and complexity
  4. 4. Managed service • Eliminate up-front investments to license and provision on-premises email servers • WorkMail automatically handles all of the patches, back-ups, and upgrades • As needs grow, add more users with a few clicks in the AWS Management console
  5. 5. Enterprise grade security Encryption using customer managed keys Regional data control Secure mobile access Protection from malware, spam, and viruses
  6. 6. Anywhere access From Outlook on your PC/Mac From any browser From your phone
  7. 7. Outlook features • Native compatible with Microsoft Outlook on Windows and Mac • Shared calendars and shared mailboxes • Global Address Book • Support for resource booking • Advanced permissions and delegation • Server side rules
  8. 8. WebMail features • Access to your email, contacts and calendar • Shared calendars • Free/busy Scheduling • Amazon WorkDocs integration
  9. 9. Pricing and availability • Pay-as-you-go • No user or long-term commitments • Cost-effective - $4/user/month for 50 GB mailbox • Bundled with WorkDocs - $6/user/month • 30-day free trial for up to 25 users • Initially available in US East (N. Virginia), US West (Oregon), and EU West (Ireland) region
  10. 10. Set up Amazon WorkMail
  11. 11. Getting started • Available through the AWS Management Console • Quick setup let you get started in 10 minutes and automatically creates all required AWS resources for you • Custom setup let you integrate WorkMail with your corporate directory and use custom keys
  12. 12. Quick setup Step 1: Create your organization Step 2: Add your domains Step 3: Create your users, groups, and resources Step 4: Migrate your mailboxes Step 5: Configure your desktop and mobile clients
  13. 13. Step 1 – Create your organization • WorkMail creates all required AWS resources for you: • VPC • Simple AD directory • Test mail domain • Service default key in AWS KMS • Recommended setup for evaluation purposes and small business deployments
  14. 14. Step 2 - Setting up your domains • Add your domains (like to WorkMail to use in your email addresses • You can have multiple domains to your organization • Users/groups can have multiple email addresses across different domains
  15. 15. Setting up your domains (2) • Add your domain • Verify your domain by adding a verification token in the TXT DNS record • Set up DomainKeys Identified Mail (DKIM) signing • Switch the MX and AutoDiscover DNS record when mailbox migration is complete
  16. 16. Step 3 - Provisioning of users and groups • After domains are added, you can provision users and distribution groups using the domains • With quick setup, users can be created in the WorkMail console
  17. 17. Next steps Step 4 and step 5 are similar to custom setup and will be discussed later in this presentation
  18. 18. Custom setup Use custom setup to: • Use your existing VPC • Integrate WorkMail with your existing directory environment • Use a customer master key for mailbox encryption Recommended setup for medium size businesses and enterprises
  19. 19. Custom setup - steps Step 1: Extend your VPC to your on-premises network and set up an AD Connector Step 2: Create your organization in WorkMail Step 3: Add your domain names Step 4: Enable your existing users and groups Step 5: Migrate your mailboxes Step 6: Configure your desktop and mobile clients
  20. 20. Prerequisites • Extend your on-premises network to your VPC through a virtual private network (VPN) connection or AWS Direct Connect • Have two subnets in different Availability Zones in VPC available • Set up AWS Directory Service AD Connector in the VPC • No need for any additional on-premises software components!
  21. 21. AD Connector architecture Availability Zone Availability Zone VPN connection corporate data center AD LDAP & Kerberos requests proxied to on-premises over VPN AD Connector proxy instance AD Connector proxy instance
  22. 22. Using on-premises directory integration • Easily provision existing users for WorkMail • Reuse existing AD/Exchange security and distribution groups in WorkMail • Automatic propagation of users/groups changes every 4 hours • Authentication requests are forwarded to your on-premises directory
  23. 23. Protect your mailbox data • Mailbox data at rest is protected by AWS Key Management Service • Use service default key or customer master key • Key actions logged in AWS CloudTrail • WorkMail configures grant to master key during initial setup
  24. 24. How is WorkMail encrypting your data • Master key for your organization • Asymmetric key per mailbox • Each item in mailbox encrypted by symmetric key Item encrypted with data key Data key encrypted with public mailbox key Mailbox private key encrypted with KMS key
  25. 25. Interoperability support
  26. 26. Integrate WorkMail with your existing email environment • Provide users with an unified global address book containing all users, groups, and resources • Email routing between on-premises email system and WorkMail • Calendar free/busy lookups between on-premises email systems and WorkMail
  27. 27. Set up interoperability support • Add all domains to WorkMail • Set up free/busy service accounts in Microsoft Exchange and WorkMail • Set up Availability Address Space in Microsoft Exchange Add-AvailabilityAddressSpace -ForestName -AccessMethod OrgWideFB -Credentials <Credential> • Enable interoperability support in WorkMail
  28. 28. Unified Global Address Book • Interoperability support will automatically sync all Microsoft Exchange users, groups, and resources to WorkMail • Object changes must be done using Exchange Management console • Enabling users for WorkMail still done through AWS Management console
  29. 29. Email routing in an integrated environment On-premises environment Amazon WorkMail Forward to: Primary: Alias: targetAddress: To:
  30. 30. Calendar free/busy interoperability On-premises environment Amazon WorkMail 4. Free/busy lookup for Mary with WM service account john 1. Free/busy lookup for Mary targetAddress: Primary: Alias: 2 3 5
  31. 31. Migrating to WorkMail • WorkMail migration tool is utility for migration of Microsoft Exchange and Office365 mailboxes • Integration with 3rd party migration vendors will be available for migrations from Microsoft, Google Apps, Lotus Notes, Novell Groupwise, Zimbra, and other email servers
  32. 32. Using the WorkMail migration tool • Prepare your Microsoft Exchange environment • Enable and configure WorkMail migration setup • Install and configure the migration tool • Prepare the migration user list • Migrate mailboxes to WorkMail
  33. 33. Using the WorkMail migration tool (2) • Run migration tool close on an on-premises Windows client, Amazon EC2, or Amazon WorkSpaces • Run migration tool close to WorkMail endpoints for lowest latency • When migrating large batches, run migration tool on multiple servers or instances
  34. 34. Finalizing migration After all mailboxes are successfully migrated: • Create AutoDiscover DNS record CNAME • Turn off local Autodiscover Get-ClientAccessServer | Set-ClientAccessServer -AutodiscoverServiceInternalURI $Null • Change MX DNS record to WorkMail SMTP servers • Turn off interoperability support • Decommission on-premises email environment
  35. 35. Sign up for WorkMail preview today •
  36. 36. Q&A Meet us at the AWS Enterprise Applications booth
  37. 37. Remember to complete your evaluations!
  38. 38. Thank you!