Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Exchange online real world migration challenges

5,221 views

Published on

Session from IT/Dev Connections 2013

Published in: Technology
  • There is a mistake on Slide 5 - Exchange 2010 and 2013 DO support cutover migrations, just not staged - as long as the user count is less than 2000 - as per http://technet.microsoft.com/en-us/library/jj863291(v=exchg.150).aspx#comparetypes
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Exchange online real world migration challenges

  1. 1. Exchange Online Real-World Migration Challenges Steve Goodman Exchange MVP Phoenix IT Group
  2. 2. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  The Case for Hybrid  Hybrid Challenges  Coexistence Challenges  Planning your migration  The migration itself www.devconnections.com
  3. 3. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES THE CASE FOR HYBRID When and when not to use Hybrid www.devconnections.com
  4. 4. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES Organization Secure Mail Flow Sharing (free/busy, MailTips,, etc.) Exchange Servers AD Mailbox Moves AD FS Users, Contacts & Groups DirSync & FIM www.devconnections.com
  5. 5. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  Exchange 2010 (SP2+) and Exchange 2013 only support Hybrid methods for migration – cutover and staged are not an option.  Makes moving from a pilot to a full migration simple, and re-uses Exchange skills  Think of it as a transition rather than a migration www.devconnections.com
  6. 6. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  Smaller 2007 and 2003 migrations  Non-Microsoft migrations  Multiple on-premises Exchange organizations  Various options available  Staged  Cutover  Third Party Solutions including MigrationWiz, Binary Tree E2E Complete and Quest Toolset www.devconnections.com
  7. 7. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES HYBRID CHALLENGES What you’ll need to overcome before you can start planning to migrate mailboxes www.devconnections.com 7
  8. 8. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  Migration of Client Facing Services including   Moving AutoDiscover and other services   Implementing a legacy namespace Similar to an Exchange 200x to 201x front-end services migration Options available  Exchange 2013 RTM CU2 “Hybrid Servers”  Exchange 2010 SP3 “Hybrid Severs”  Free licenses available for both from Microsoft Support. www.devconnections.com
  9. 9. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  Should you implement Exchange 2013 RTM CU2 as a Hybrid Server?  Where do you need to deploy Exchange 2010 SP3? www.devconnections.com
  10. 10. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  External HTTPS Namespaces    Use the Remote Connectivity Analyser to test Exchange Web Services (EWS) and AutoDiscover Access to the above virtual directories is required for Hybrid Configuration and Mailbox Migrations Verify you add the correct firewall exceptions to all services, both inbound and outbound  For outbound MS recommend by URL rather than IP due to Content Distribution Networks (CDNs) www.devconnections.com
  11. 11. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  Authenticated proxy servers cause issues    Exchange Servers cannot authenticate to proxy servers, and outbound communications, including Federated Sharing and the Hybrid Configuration Wizard will fail. Outlook clients cannot authenticate to proxy servers and will fail to connect to Office 365. Solutions  Configure the proxy server to exclude the Exchange Online datacentre URLs from Authentication  On Exchange Servers, set the proxy server in netsh& Exchange  Netsh winhttp import proxy source=ie  Set-ExchangeServer <servername> -InternetWebProxy:"http://proxy:8080" www.devconnections.com
  12. 12. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  You need valid third-party certificates for HTTPS namespaces and SMTP  Exception: Federation Certificate is selfsigned  Did you ever set up Federated Sharing before Exchange 2010 SP1? www.devconnections.com
  13. 13. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  HCW attempts AutoDiscover for each hybrid domain  If you have some domains without AutoDiscover DNS names and appropriate certificates configured, the HCW will fail to complete.  Exchange 2013 and Exchange 2010 SP3 RU1+ has a solution   Set-HybridConfiguration -Domain "domain.com, autod:primary.com" SSL Offload will cause issues with mailbox moves  Remote Mailbox Moves will fail as SSL Offload is not supported by the MRS Proxy  You may need to retain SSL offload, but there are workarounds  For example, use an additional FQDN for Remotes Mailbox Moves that bypasses SSL offload using a different Load Balancer VIP www.devconnections.com
  14. 14. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  What is pre-authentication?  What uses pre-authentication?  Why is this a problem?   Federated Sharing e.g. /EWS/Exchange.asmx/WSSecurity What are the solutions?  Rules before pre-authentication to exclude these paths: http://community.office365.com/en-us/wikis/exchange/1042.aspx  Disable pre-authentication for /AutoDiscover/* and /EWS/* completely! www.devconnections.com
  15. 15. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  Make sure you understand the organization’s mail routing  Make sure you put the right certificates on the Hub servers you will use for the Hybrid configuration  Bear in mind firewalls and load balancers that mask the real sender’s address  Changes to Receive Connectors may be needed www.devconnections.com
  16. 16. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  Provides Free/Busy and Calendar Sharing  Relies on AutoDiscover and Exchange Web Services  These components can’t use preauthentication  Troubleshooting tools include IIS logs and event logs www.devconnections.com
  17. 17. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  SSL offload can cause issues here too  URL used can be specified manually, but try not to  Remember the limitations of Federated Sharing www.devconnections.com
  18. 18. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  Forests with Sub-Domains are no problem  Account + Resource Forests.    Exchange is in a dedicated resource forest and user accounts are in one or more forests. Windows Azure Active Directory Connector can replace DirSync Multiple Forests and Exchange organizations  No supported partner/self deployable solution. Must involve Microsoft. www.devconnections.com
  19. 19. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  Used for encrypted mail  While not unsupported can cause challenges  Certificates are not automatically available to allow users to sign and encrypt mail to organization contacts  DirSync will not push user certificates to Office 365, so the cert is not in the GAL  Solution  Use an LDAP Provider in Outlook with the Fully Qualified Domain name of a Global Catalog Server. www.devconnections.com
  20. 20. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  Commonly used to manage iPads, Android tablets and similar  Not just for managing Exchange features, but also deployment of Applications and device monitoring.  Non-ActiveSync solutions like Good will need updates  Inline ActiveSync solutions may cause issues www.devconnections.com
  21. 21. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES COEXISTENCE CHALLENGES While you’re migrating, what do you need to consider? www.devconnections.com 22
  22. 22. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  Larger the organization often means more sharing  Sharing may cross many intra-org boundaries  Not all sharing is easy to discover  Cross-premises sharers need to re-share Calendars  No cross-premises access to Shared Mailboxes www.devconnections.com
  23. 23. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  While you use DirSync, on-premises DGs cannot be managed in Office 365  This means DGs cannot be managed in Outlook or OWA  What solutions are available?    FIM Portal ADUC Delegation Post-migration you could move to cloudonly DGs www.devconnections.com
  24. 24. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  Public Folder access is not configured automatically  Access is configured using RPC over HTTPS (Outlook Anywhere)  During coexistence all users access onpremises public folders  Only migrate public folders after migrating all users to the cloud  Limited to 2.5TB of Public Folders  This limit cannot be increased on a per-customer basis www.devconnections.com
  25. 25. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES PLANNING YOUR MIGRATION Measure twice, cut once www.devconnections.com 26
  26. 26. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  The most important part  Base tools are very useful  OnRamp replaces the Deployment Readiness Tools https://onramp.office365.com/OnRamp  ExDeploy – Exchange Deployment Assistant  Other great MS tools including MAP for MS Online Services www.devconnections.com
  27. 27. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  Active Directory & Exchange information   Clients like Outlook, ActiveSync, IMAP, SMTP clients, EWS, BES  Shared Mailboxes and who shares with who  UM and archive mailboxes in use  Policies that aren’t migrated, such as ActiveSync, OWA Mailbox and Retention Policies   Mailbox and message sizes Previous cross-forest migrations Local Knowledge  Stats aren’t everything – IT staff supporting the users generally are a wealth of information about the user base www.devconnections.com
  28. 28. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES Active Directory Data General User Information Department Exchange Server Mailbox Size Collaboration and Shared Mailboxes Consolidated Data Local IT Support Knowledge www.devconnections.com Migration Groups (Batches) Outlook Clients BES ActiveSync Clients IMAP/POP3 Clients BES Devices C2C Archive One Users
  29. 29. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  Migration concurrency depends on multiple factors  Test throughput during the times you will migrate  Leavers mailboxes provide good candidates for throughput testing  Remember you can move mailboxes back to re-test (and should test that you can do this, anyway) www.devconnections.com
  30. 30. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  Double check your pre-requisites for successful moves  Is it an on-premises mailbox with a corresponding mail user in the cloud?  Does the Mailbox have a licence assigned?  Does the UPN match on-premises and in the cloud (and of course, does AD FS work correctly)  Have all required details, like email addresses synchronized successfully?  Were there any mailbox items larger than 25MB?  Do you have any clean up for cross premise migrations to do?  Check-EXOMigPreRequisites.ps1 script available to download from www.stevieg.org www.devconnections.com
  31. 31. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  Good documentation should be tested alongside your pilot migration  User and IT documentation  ActiveSync users may need most support because these devices to not automatically update server settings.  Listen to recommendations from IT staff who know the user base well  Consider an end-user portal www.devconnections.com
  32. 32. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES THE MIGRATION The easy bit www.devconnections.com 33
  33. 33. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  Distribution Groups are great to use for migration batches!  It’s a communications channel  The helpdesk can use them  You can feed them to test scripts  And of course to create Remote Move Requests www.devconnections.com
  34. 34. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES Migration Batch Import Batch into Active Directory Group Communicate with end users within batch Communicate with end-user IT support Staff Mailbox SignOff if required Determine successful users Schedule batch User requests re-schedule? Yes Successful batch complete www.devconnections.com Add unsuccessful users to retry batch Leave other users in migration batch Inform IT support of change Add to retry batch
  35. 35. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  Before the main pilot iron out all issues you can  Treat the pilot like the real deal  Don’t just use IT!  Use real users who’ll give you real feedback! www.devconnections.com
  36. 36. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  By this point it should be straightforward  Communicate with users so they know what’s coming  Make sure you have the appropriate resources  Don’t be afraid to scale up as you come along  Again, keep reviewing feedback www.devconnections.com
  37. 37. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  If you’ve moved all users to the cloud is it time to get rid of on-premises entirely?  SMTP senders may require an on-premises SMTP server or EOP connector  Consider provisioning and management  Remember you need to patch and maintain www.devconnections.com
  38. 38. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES SUMMARY www.devconnections.com 39
  39. 39. EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES  It’s all in the planning  The more you test the more chance of success  If you plan on a on-going hybrid environment or longer migration, discovery is very important  Exchange 2010 SP3 is still a great option for a “hybrid” Exchange server if Exchange 2013 isn’t planned for on premises. www.devconnections.com

×