NameYour Role in the CompanyYour Role on these projectsExchange Interest – Back Ground
Ask Questions to Audience – By a show of hands gauge the audienceHow many people are using Office 365 ?How many people have implemented Office 365 or gone through the deployment process?What the presentation is about?Projects and Involvement
What does ADFS Do for Office 365Appropriate forLarger enterprise organizations with on-premises Active DirectoryProsSSO with corporate credentialsIDs mastered on premisesPassword policy controlled on premisesTwo-factor authentication solutions possibleCo-existence scenarios enabledConHigh availability server deployments required
Mail TipsFree/Busy Calendar SharingMessage TrackingOn boarding and OffloadingNo Outlook ReconfigurationTLS supported by TLSGAL Directory Synchronisation ServerNew Mailbox Moves direct to Office 365 cross premise
200 -300 UserExchange 2007 InfrastructureExisting Exchange Infrastructure: 2 x Exchange 2007 in UK – Site in USMajor issue – US lost connection to the UK Exchange halted work and disrupted there productivity.
Identity ManagementResilient Topology High AvailabilityIssues we had with this:UPNs not matching verified domain in office365ADFS Design had to be implemented in New Data CentreDMZ Time not SynchronisedSharePoint Users – Changing UPN disruptionExchange Coexistence / Simple CoexitenceExchange Not Business Critical – 1 Exchange Coexistence ServerHUB RoleCAS RoleOWA URLS Redirection / Keep Existing Change MigratedIssues:Servers not built to latest SPTMG Configuration – Not setup CorrectlyHybrid Configuration and Proxy IssuesPurchased a Certificate with no nameMigration Showed and gave instruction manuals to client to migrate themselvesIssues:Public Folders – Still not migrate
Prerequisites were not meet ( Proxy Settings / Reverse Proxy / DMZ not Setup Correctly and Servers not Provisioned )Infrastructure Deployment was a success design we kept to and meet clients requirementsTraining could have been more in-depth, but client is happily migrating users and managing that part of the project.Client was very happy with the project as a whole Project was and Overall Success
1800 – 2000 Users – Exchange 2003 EnvironmentThe Main Focus of this client was replace there current Mail Filtering and Anti Spam Software and replace it with FOPE.On 2003 were upgrading to 2010 or Office 365 as the next step in infrastructure upgradeReduce heavy maintenance of current exchange system.
Phase 1Explain Existing Mail Flow – Trend Micro and Symantec Email Filtering SystemReplace Symantec Filtering System with Office 365 FOPE2010 Server were installed Mail Flow could not come from on-premise to FOPE to the InternetPhase 2Complete the CAS Setup and Re-Run the Hybrid ConfigurationFree/Busy was more challenging to setup - Explain how it 2003 find free/busy of Office 365 1. Changed the Public Folder Referral List (Add the 2010 Public Folder on Exchange 2003) 2. Go to ADSI Edit and Change the MSExchFolderAffinityList – to the GUID of the Exchange 2010 Server not Public Folder.Microsof Federation Gateway Issue – Remove DomainMigrated some test IT users / Locked out of Outlook when we setup ADFS.Installed ForeFront Protection for Exchange
Prerequisites for Office 365Secure and Change Request for Exact Proxy URLs – Two Blue Coat ProxiesDesign and Implementation of New Infrastructure Highly Available Exchange Infrastructure as client was planning slow migration. Email Filtering Outbound with FOPE from On-premiseTraining and Handover to Client Client had dedicated member of staff through out project, really helped with Handover Training is On-going – Two Types of Training USER and ADMIN
1100 – 1300 User – Exchange 2003Primary goal is to replace there existing 2003 environmentStorage was high and getting difficult to manageAlso want to configure Lync Online for better communicationThis client has multiple offices all over the world with many VPLS tunnels back to UK
ADFSStandard ADFS Build Increased Token Life TimeIssues – Servers not provisionedLooked at option of Publishing through TMGNo Split DNSECSMail Flow Design to stop any type of interruption to usersAutodiscover and Outlook Directed at the TMG internally and ExternallyIssuesSchema Updates were not complete (Change Process)Email Address Policies being - Managed Email Address Policies5.5 Email Infrastructure – Upgraded large amount of clean up requiredProxy Federation Request during Coexistence setupLatest Rollup 3 – Client had disable Microsoft update he assured me there update provider would do the updates over nightTMG - Not correctly setup as it was an internal firewall. – Had dedicated proxy team to help configuration (Unlike Cmed)
We have create documents clearly stating perimeter settingsForward ProxyReverse ProxyFirewall All servicesComputer and Servers
These are new project that we are at the start ofI like to introduce these as they are using different technologies and migration process
Mention DriversUnstable Email PlatformComplicated Security for ExchangeRunning out of spaceLooking at both Simple Coexistence and Rich CoexistenceWe do the first project they will follow our guides to do the restThis is a client that trailed and tested Google, it was not liked.
Staged migrationQuick As PossibleOutlook Anywhere Setup multiple certificates
Seren and Foviance are mergingFoviance are already on Office 365Seren want Foviance users in AD and Seren users into Office 365.They are looking at the possibility of using a password synchronisation tool.
Office 365 UK User Group London 4th September 2012
Welcome to the Office 365 UK User GroupSpeakers: Liam Mann & Alan Richards 4th September 2012 Host: Matthew Hughes Venue provided by Content & Code
Agenda 18:30 – Welcome 18:45 – Office 365 in the Real World Liam Mann – Content & Code 19:45 – Break 20:00 – Migrating from On Premise to Office 365 Alan Richards – 21:00 – Close & Pub
Welcome What is the point in the User Group? Independent Share Knowledge Share Experience Share the Pain & Pleasure Network Have a Pint and a chat with someone that understands and doesn’t nod & agree or fall sleep
Office 365 in the Real WorldLiam Mann - Office 365 Deployment Engineer Content & Code
ADFS and ExchangeCoexistence with Office 365 Technical Briefing
ADFS 2.0 Single Sign On – Office365• Like Kerberos with Cookies• Authentication kept On-premise• Allows user to use the same set of credentials• High Availability Deployment Recommended• Published Externally with ADFS Proxies• Secured by SSL Certificates
ADFS 2.0 Single Sign On – Office365 Active Directory AD FS 2.0 AD FS 2.0 AD FS 2.0 Server Server Server Proxy AD FS 2.0 Server External Proxy User Internal User Enterprise DMZ
Exchange Rich Coexistence• Rich Outlook Features• Secure Mail Flow• Unified GAL• Single Outlook Web App• Centralised Management of Exchange• Online Archiving
Issues• UPNs not matching verified domain in Office 365• ADFS 2.0 Design had to be implemented in new data centre• DMZ time not Synchronised• Domain Servers not restarted after updates• TMG Configuration – Not setup correctly• Hybrid Configuration and Proxy Issues• Purchased a Certificate with No Name
Summary of ProjectPrerequisites of Existing InfrastructureDesign and Implementation of new InfrastructureTraining and Handover to ClientsClient Evaluation of ProjectOverall Project Success
Wates Construction • Reduce Operation Costs • Replace Email Filtering System • Upgrade Ageing Infrastructure • Provide Better Communication across Multiple Offices “I Love Office 365”
Wates Design Phase 1 Replace Email Filtering System Redirect Mail Flow to Office 365 Phase 2 Complete Exchange Coexistence Setup Install ForeFront Protection for Exchange Phase 3 Install and Configure SSO Training & Handover
Issues• FOPE does not accept internet bound traffic from on-premise• Two hop migration was required from Exchange 2003• Currently no automation of pulling archive from Enterprise Vault• Free/Busy sharing more complex with Exchange 2003• WNLB with Certain Routers require Configure Static ARP
Summary of ProjectPrerequisites for Office 365 TMG not fully configured Forward Proxy Caused DelaysDesign and Implementation of New Infrastructure Highly Available Infrastructure Email Filtering Outbound with FOPE from On-premiseTraining and Handover to ClientClient Evaluation of ProjectOverall Project Success
Summary of ProjectPrerequisites for Office 365 Legacy Exchange Infrastructure Specify Perimeter Settings ClearerDesign and Implementation of New InfrastructureProject so far
Lesson Learned• Try to avoid authenticating internet access through proxy for coexistence servers• More complicated setup for Free/Busy with Exchange 2003• FOPE cannot process outgoing email from On-premise• Two stage migration required for Exchange 2003• Prepare Existing Exchange 2003 environment (Recipient Policies)• Gauge clients technical ability• Ensure all updates and patches are applied on existing and new infrastructure• TMG Flood Mitigation – Mailbox Migration• UPNs configured Correctly• Split DNS Configured Correctly
Seren + FovianceFoviance are on Office 365Seren Users to be Migrated to Office 365Foviance Users to be added into ADPassword Synchronisation Tool
Migrating from OnPremise to Office 365 Alan Richards MVP
Who Am I IT Consultant Worked in education for over 18 years Led teams in the early adoption of Microsoft systems Regular presenter at events SharePoint MVP
Topics Office 365 co-existence options Types of migration Single Signon A client migration – Real World
Co-Existence You already have onPremise Exchange Shared Address Space Use the same domain name for all users OnPremise or cloud receives email Forwards onto the other one Multiple Addresses Use different domain names for onPremise & Cloud Each entity receives its own email Manage mail contacts in either onPremise or cloud
Types Of Migration IMAP cutover: E-mail is extracted from the source mail system by IMAP, DNS MX records are changed, and workstations configured to connect to Office 365. E-mail is moved, but no contacts and calendars.
Types Of Migration Exchange cutover: Same as IMAP but it uses RPC over HTTPS (Outlook Anywhere) to extract your entire mailbox from a legacy Exchange e- mail system (2003 or later only).
Types Of Migration Staged coexistence: Similar to an Exchange cutover, but allows for batches of users to move at a time and for the two systems (Exchange and Office 365) to interoperate over a period of time.
Types Of Migration Hybrid coexistence: This solution is intended for customers who require onsite and cloud e- mail systems to coexist for longer periods. Active Directory and Office 365 synchronize and single-sign-on is set up. This is the most technically complex migration method but makes for the easiest mailbox migrations, simply using the existing Exchange Management Console’s commands.
Single Signon Use Active directory account to access Office 365 Uses Active Directory federation services Minimum 4 servers for load balancing Federation server & Federation proxy server PowerShell to form ‘link’ Separate server for DirSync software DO NOT ENABLE BEFORE MIGRATION
Real World Migration Planning Prepare your AD Delete users Clean up Exchange Empty deleted items Empty sent items Migration type Choose the right one for your environment How many users Keeping onPremise
Real World Migration Migration takes time 400 users took 5 days Incremental updates after full migration Complete migration Convert mailboxes to mail enabled users PowerShell scripts downloadable from Microsoft All migrations run from Exchange Control Panel