Audience: IT decision makers and IT pros who are familiar with the features of Exchange Server 2010 and want an overview of how Exchange 2010 relates to Exchange Online. If your audience wants a general roadmap of Exchange Online futures, then use the “Exchange Online NDA roadmap for BPOS customers” deck (http://arsenalcontent/ContentDetail.aspx?ContentID=166203) instead. That version includes a full description of Exchange 2010 features coming to Exchange Online, as well as NDA details not included in this presentation.
The goal of this presentation is to help you understand how Exchange 2010 enhances the capabilities of Exchange Online.I’ll begin with a short overview of today’s Exchange Online service and its capabilities.Then we’ll talk about what Exchange 2010 brings to Exchange Online. These improvements are evident in three main areas: Core capabilities: Exchange 2010 reducesexisting gaps between the capabilities of Exchange Server and Exchange Online Hybrid deployments: Exchange 2010 has native support for mixed deployments of on-premises and hosted users Management: Exchange 2010 management tools can be used to manage a hosted Exchange environmentBy the time we’re through, I hope you’ll have a clear picture of where we’re headed with Exchange Online. I also hope you’ll seehow deploying Exchange 2010 makes it easier than ever to leverage the benefits of the cloud-based e-mail.List of countries where BPOS suite is offered (as of April 2009): Australia, Austria, Belgium, Canada, Denmark, Finland, France, Germany, Ireland, Italy, Japan, Netherlands, New Zealand, Norway, Portugal, Spain, Sweden, Switzerland, UK
What is Exchange Online? Exchange Online is part of Microsoft Online Services, a set of enterprise class software products delivered as subscription services that are hosted by Microsoft and sold with partners. Eventually, Microsoft’s goal is to create a service option for every one of our business software products. Theinitial set of services we are offering focus on business productivity tools: Exchange Online, SharePoint Online, Live Meeting, Office Communications Online (collectively referred to as the “BPOS suite”), as well as Exchange Hosted Services and Microsoft Dynamics CRM Online. Across these services there is a Microsoft Online Customer Portal that lets you order these services and manage billing. There’s also a Administration Center that gives you control over provisioning and user management, help and support All of the services have a 99.9% Service Level Agreement, financially backed. If we fail to meet three nines of availability, you can get your money back. The details of the SLA are published publicly. Support is available around the clock, via phone, web page, or e-mail. This is support for you, the IT pro. End users still contact the help desk as their front line of support.There are two flavors of the service, Standard multi-tenant service, and Dedicated that is designed for customers with 20,000 mailboxes and more. Both of these services will be upgraded to Exchange 2010, but we’ll focus on the Standard offering for today’s discussion, because that will be the best match for most businesses.The Exchange Online environment is currently running on Exchange Server 2007 Service Pack 1. Exchange Online provides free tools for migrating email, calendar, contacts and tasks from a local Exchange server to the cloud. There’s also a directory replication tool so you can use on-premises Active Directory to keep users and distribution groups in sync. I could go on but the best way to is to sign up for a free 30-day trial and kick the tires. You can visiting microsoft.com/online.
In the other presentations in this series, you’ve been learning about the changes and improvements coming in the next version of Exchange: Flexibility and Reliability for IT Pros (with ability to delegate administration tasks beyond the IT group, improvements to high availability architecture, support for JBOD storage)Anywhere Access for end users (Conversation View, MailTips, Voicemail text preview and call answering rules)Protection and Compliance for the organization (Multi-mailbox search for E-discovery, RMS encryption in transport rules, built-in archiving)You’ve seen substantial changes, but the biggest change of all in Exchange 2010 is something you haven’t seen, because it’s not a new feature. It’s the way Exchange 2010 was built – for services. This is evident in both Exchange 2010’sarchitecture, and alsothe process by which was built.Back a few years ago, when Exchange 2007 development was wrapping up, the senior leadership of the Exchange team saw that industry trends pointed toward SaaS, and recognized that these trends would have a big impact on e-mail. With that in mind, they built Exchange to be services-read from the start. Architecture: The team baked multi-tenancy into the product from the beginning, so that the same capabilities that are offered in Exchange Server could be offered in Exchange Online Exchange 2010 was built so that an on-premises Exchange deployment could easily move mailboxes to and from the cloud, in a way that is seamless to end usersProcess: Early in the Exchange 2010 development process, we realized that best way to make sure that was built for services, was to run it as a production service, during the development cycle. And so, a project called “Exchange Labs” was born. The purpose of Exchange Labs was to have Exchange team host Exchange for customers during the development cycle. Exchange engineers were accountable for service-quality code at each release milestone, getting rapid and iterative feedback from IT pros and end users. With the Exchange team acting as the “IT department” behind the service, learning real-world lessons that lead to improvements in the product. Eventually, this service became the back end for the Live@edu service, which is being used at schools and universities worldwide. In the Exchange 2010 timeframe, the production Exchange Online service will be hosted by the Exchange team, just as the Live@edu customers today. Having experts on Exchange team hosting it means you get world-class.
You’ll see the effects of this service readinessin three main areas when Exchange Online migrates to an Exchange 2010 code base next year:First, the upgrade of Exchange Online to Exchange 2010 will address current limitations in capabilities of the service. Right now, there are some features of an Exchange 2007 on-premises deployment that you just can’t get in the cloud. With Exchange 2010, the full features of the server are available in the cloud as well. Second, there will be improved coexistence between hosted and on-premises Exchange deployments. Many enterprises are considering a hybrid model for e-mail, where they move some e-mail services to the cloud and keep some on-premises. Recognizing this, we’ve designed Exchange 2010 on-premises deployments so that they are easy to extend to the cloud. Third, a new level of management and control will become available for the administrator with hosted Exchange environments. New web-based management capabilities will be added, and familiar Exchange administration tools,like the Exchange Management Console and PowerShell, will be able to connect to Exchange Online for the first time. The bottom line here is that because the capabilities of Exchange 2010 are provided as a service as well as a server, you have the freedom to choose the right deployment option for your organization without sacrificing functionality. Whether you deploy Exchange Server 2010 on-premises, host your mailboxes with Exchange Online, or combine these two options in a hybrid deployment, your users get business-classmessaging and collaboration tools that they need to be productive.
I mentioned that Exchange 2010 brings new features to Online for the first time. There are some Exchange Server features that are not available with today’s Exchange Online Standard offering. They range from relativelyminor features, such as customizing the OWA login page, to marquee Exchange 2007 features like Transport Rules,Managed Folders, and Unified Messaging. These featureslight up in Exchange Online when the service is upgraded to Exchange 2010. Other features, like IMAP access, POP access, SMTP relay, mail forwarding (server-side), “send as” capabilities for shared mailboxes, journaling to on-premises archive, footers, and disclaimers, are scheduled to be implemented in the Exchange Online service even before the Exchange Server 2010 update. Naturally, these will be carried forward when the service is upgraded to Exchange 2010.In addition to eliminating old feature gaps, Exchange Online adds new features from Exchange Server 2010. Because Exchange 2010 was built with services in mind, these new features available in the service right from the start. I don’t have time all the new features for users and service administrators that come in Exchange 2010, but I’ve highlighted a few of them here: E-Discovery capabilities across mailboxesMailTips to help users prevent email mistakes Archiving capabilities to eliminate the need for PSTsTransport rules that can apply RMS policies to prevent valuable or sensitive data from leaking out of the organizationOne of the great things about having an online deployment, is that you get new features like this much faster and with less effort. The datacenter staff does the heavy liftingof migration and upgrade tasks, leaving you with the ability to roll out up new features that will move your business forward and delight end users. And, it allows you to focus your time and attention on business priorities.Not shown: Conversation view, ignore/move conversation, POP account aggregation, server-side RSS feeds, IM and presence in OWA, SMS in OWA, Firefox and Safari support for OWA premium, OWA side-by-side calendars, shared nickname cache across OWA/Outlook, federated calendar sharing, federated contact sharing, mobile free/busy status, mobile read/reply state, mobile SMS sync, over the air update for Outlook Mobile, mobile device block/allow list, UM message waiting indicator, voicemail preview, call answering rules, protected voice mail, journal decryption, Messaging Records Management 2.0, litigation hold, moderated DLs, self-service distribution groups, self-service message tracking.
Let’s take a closer look at one of the key features coming to Exchange Online – hosted unified messaging and voice mail services. Organizations can connect their on-premises PBX phone system to cloud-based voice mail services provided by Exchange Online, with simple, Internet-based network connectivity. That’s a win for the IT department, because it allows them to take advantage of the efficiency and cost-savings that come from a centralized voicemail infrastructure, retiring legacy voicemail systems that are expensive to maintain and back up. That’s also a win for users, because it gives users a single inbox for both e-mail and voice mail messages, which could be accessed from Outlook, Outlook web access, mobile devices, and even a standard telephone through Outlook Voice Access. And, Exchange 2010 adds new features to the core capabilities of Exchange UM, like text transcription of voicemail messages and personal auto attendant capabilities. The architecture of hosted unified messaging is similar to the consolidated UM approach that many large enterprises companies are doing today with Exchange 2007. In this scenario, PBXs and phone systems in offices scattered across many locations connect to UM servers in one or more centralized datacenters. IP gateways at the network edge of each branch office provide connectivity to the main datacenter. With sufficient bandwidth and latency, the PBXs can be a long distance from the UM servers. However, there is a difference in how companies are doing centralized UM today, and the way that hosted Unified Messaging is done with Exchange Online. Today, companies are using private networks for the connectivity between the PBX and the UM server. To make hosted UM economical, , the VOIP connection is over a public network (the Internet) that is not managed by you or Microsoft Online. There are public facing interfaces on the Exchange Online side for UM connectivity. The customer must also have a public IP address on their interface. This brings up network and security considerations: how to traverse across firewalls, and provide secure VoIP communications between on-premise PBX and hosted UM.Fortunately, some vendors already provide Session Border Controllers to security problems like these. These SBCs are hardened to resist denial of service attacks. They do network address translation and SIP-aware proxying, so you have a public IP address on one side and a private IP address on the other, and don’t expose internal corporate IP addresses to the Internet. Note: Exchange UM is not providing PBX services in the cloud – yourPBX, whether VOIP or traditional TDM, remains on-premises and handles phone calls. It is only when a phone call goes to voice mail, that the call is handed off from the on-premises PBX to the UM infrastructure in the cloud. Note: Currently, hosted UM is not available to organizations who are using an on-premises OCS environment for voice services, due to known compatibility issues. We aim to fix this in the next release of OCS (OCS “14”). Organizations who are using OCS for instant messaging and presence, can still connect their PBX to hosted unified messaging.
Now we are going to shift our attention to a specific type of Exchange Online deployment – coexistence in a cross-premises environment. What do I mean by cross-premises? This is sometimes called a “hybrid” deployment or a “mixed” deployment –an organization has some mailboxes in the cloud, and the rest of them onlocal servers. What do I mean by coexistence? Both groups of users able to interact with one another in a way that is completely seamless – they all see the same global address list, they all share the same e-mail domain name, and so on. Many companies are considering the question, “should we run e-mail on-premises or in the cloud?” Coexistence adds a new option, changing the conversation to be “should we run e-mail on-premises, in the cloud, or some mix of the two.” We see lots of situations where companies pursue a mixed approach: Acquired groups: The company acquires another business and needs to quickly on board those users. Rather than re-architecting the on-premises e-mail environment mid-cycle and buying new hardware to accommodate this unexpected growth, the company may choose to place the acquired business unit on the Exchange Online infrastructure. Cost and speed pressures make this an increasingly attractive solution [Share story on bank who did this]. Deskless workers:Email is not ubiquitous within companies. Look beyond employess who sit at a desk and work on a computer regularly. Another example is a company who wants to give lightweight email services to employees who do not have e-mail today. These are often “deskless” workers – people on the factory floor, or in retail stores, who don’t use a computer. Companies are finding that by providing basic communication and collaboration tools for these workers on shared PC or kiosk, they have an efficient way to distribute internal announcements and policies, improve communications across shifts, and so on.The low cost “deskless” USL ($2/month) provides an attractive option for onboarding these users. We see customers asking for this mixed scenario all the time: universities want students in the cloud but faculty on-premises. Airlines want pilots and flight attendants in the cloud but corporate staff on-premises. Tax preparation companies want seasonal workers in the cloud but the rest of their employees on premises. Banks want their unregulated retail workers in the cloud but the regulated ones on premises (other examples include manufacturing companies and retail stores)Those are examples of permanent coexistence, where a company expects to have a mix of local and cloud-based users on an ongoing basis. Coexistence can also be a temporary state, part of the on-ramp to a 100% hosted environment. Organizations that migrate to the cloud generally don’t want to cut over all at once, unless they are very small. They want to proceed carefully, moving a small set of users (typically IT staff) over first to evaluate capabilities, then migrating users group by group at a steady pace that won’t overwhelm help desk or end users. In this case, migration may last from weeks to months, and coexistence during this time needs to be seamless.With that in mind, we’ve invested heavily in coexistence scenarios with Exchange 2010. Our goal has been to make it transparent to the user whether their mailbox is being hosted on-premises or in the cloud.
An on-premises Exchange 2010 deployment makes it easy to establish coexistence and leverage the benefits of cloud computing. Let’s take a look at the ingredients of a cross-premises deployment of Exchange 2010 and Exchange Online. There are 3 software pieces to install on-premises:<click> The main is an Exchange 2010 Server with the Client Access and Hub Transport server roles which provides: cross-premises calendar sharing secure email transport seamless mailbox migrationsThe Exchange 2010 server has the ability to act a proxy or bridge, enabling coexistence between older Exchange 2003/2007 environments and Exchange Online. With the Exchange 2010 server on-premises, you can have one OWA URL that can be shared by both on-premises and hosted users (eliminating confusion about what URL they should use during the coexistence period). <click>The second piece of software Microsoft Services Connector (which provides single sign on capabilities by federating your on-premises AD with the Microsoft Federation gateway).The thirdkey piece of software on-premises is the Directory Sync tool (which provides a unified directory and with provisioning of users).If you are planning to have a mixed environment of hosted and online mailboxes for a long time, all three of these pieces of software would remain in place. <click> Otherwise, once you reached a 100% of mailboxes in the cloud, you would typically remove the Exchange 2010 server, unless you are doing custom mail routing. The MSC and DirectorySync tool would remain in placeso to connect on-premises AD infrastructure to the cloud to power SSO, easy provisioning, and a unified directory.In addition to the 3 pieces of software running on-premises, the Microsoft Federation Gateway service in the cloud plays a key role in enabling seamless coexistence. Let’s talk more about federation.
Federation powers several new features in Exchange, both for organizations that remain on-premises and those that establish co-existence with the cloud. <click> The most visible Exchange 2010 feature powered by federation is the sharing of free-busy data between organizations. In the scenario shown here, Contoso corporation can federate their Exchange CAS servers, and establish a sharing policy that lets at Fabrikam that enables cross-org sharing of free busy data. The sharing is done at the server, so users do not need to set up LiveIds or type in passwords. A similar kind of federated sharing can also be used to allow administrators and end users to share personal contacts with others<click> These same org-to-org sharing capabilities can be applied in a cross-premises scenario, where Contoso has some of its workforce hosted with Exchange Online. The Exchange Online forest in the cloud is simply another org in the federation relationship. So, sharing of detailed calendar data between users in the cloud and on-premises, is possible. Additionally, the federation relationship can be used to encrypt messages that flow between the on-premises Exchange environment and Exchange Online.<click> Separate from the federated sharing scenarios, but related, is the concept of federation for the purposes of single sign-on. When an organization deploys the Microsoft Services connector on-premises, they are able to federate their on-premises Active Directory with cloud services from Microsoft. The Microsoft Services Connector is a specialized on-premises security token service that allows you to connect to cloud services without changing your existing identity infrastructure. In addition to providing single sign on to Exchange Online, thethis same platform allows easy authentication to other Microsoft Online services, as well as applications hosted on the Windows Azure platform – those created by Independent Software Vendors or your own in-house development staff. The Microsoft Federation Gateway is the cloud service that powers these capabilities in each of these scenarios. The Federation Gateway replaces point-to-point federation relationships with a simplified, hub and spoke model handles endpoint changes, key rollovers, protocol changes. It enables secure org-to-org sharing and org-to-service sharing, because passwords and email addresses are not storedby the gateway. Instead, SAML tokens are passed from on-premises servers to the cloud services.
Let’s look a bit closer at some of the capabilities enabled by federation. Exchange 2010 uses federation to make it easy for organizations to share free/busy information over the Internet with trusted partners. Federated calendaring is the engine that powers cross premises calendaring as well. It is an example of anExchange 2010 feature that has been designed with both the on-premises and hosted organization in mind.The way this works is straightforward:The Exchange administrator registers his on-premises Exchange Server organization and his Exchange Online organization with the Microsoft Federation Gateway. This establishes a lightweight, standards-based trust between the Exchange organization and the Federation Gateway service. As part of this process, he proves ownership of each domain in DNS.The Exchange administrator configures a “Sharing Relationship” between the two Exchange orgs. This is similar to how he would invite a partner organization to share free/busy information. Beyond this initial registration there is no additional user management or credential management for IT to keep up to date. With the Sharing Relationship in place, the result is what you see here on the slide: on-premises and online users can see each other’s free busy calendar data.Requests for shared data are always made between two Exchange servers on behalf of specific users. Outlook or OWA talks to local Exchange 2010 CAS server, which gets a token on behalf of the user when making the free busy request. The clients (like Outlook and OWA) never need to talk directly to the external server, therefore the user doesn’t get prompted for credentials. Note: Sharing policy can be tweaked to allow sharing of meeting subjects and locations, which is part of free busy
Having secure message flow between hosted and onpremises users is essential for most customers. Today, the way organizations secure e-mail delivery between their on-premises e-mail environment and Exchange Online is by configuring Transport Layer Security (TLS). TLS creates a secure tunnel between the two environments, so that e-mail can flow back and forth without being exposed on the Internet. In Exchange 2010, a new method of securing this cross-premieses mail flow is introduced, called Federated Delivery. Federated Delivery uses message-level encryption to protect e-mail as it flows between on-premises servers and Exchange Online. Like TLS, it is a server-side encryption method, so it is invisible to users. Federated Delivery is easy for administrators to set up, because it uses the same Sharing Relationship as federated calendar sharing. The key advantage that Federated Delivery provides over TLS is that Federated Delivery works thru the perimeter network while TLS connections must terminate at the perimeter network. This means that Federated Delivery allows customers to route outbound mail through their existing, on-premises infrastructure (similar to a smarthost scenario). Many customers have a private network of IPSec, Leased Lines, and TLS connections to business partners. Federated Delivery can be configured so that Exchange makes use of that network for delivery of outbound mail. In addition, post-processing of mail can be performed in the customer’s on-premises infrastructure. Features like address rewrite and the use of custom transport agents, which are not available in the core Exchange Online service, can be performed on the outbound mail.
A key to a seamless user experience with cloud services is single sign on(SSO). Single sign-on is a term used many ways in the industry, so it is worth taking a moment to define. When I talk about SSO, I’m talking about “no sign on needed after signing into Windows” – once you’ve logged on to your corporate network, you don’t have to enter your credentials in. A related concept: single identity. In situations where you are connecting to the email server using a mobile device, or a web browser, or you are off the corporate network,what password do you put in to connect? If it the same as your domain password, they you have single identity. If it is different, then you don’t – you have two identities. Today, Exchange Online (and the rest of the Microsoft Online Services) have single sign-on for Outlook, but not single identity. You have an online services identity that is separate from your domain login and password. The way SSO for Outlook is done today with Exchange Online is that there is a sign in application that runs on the system tray of each users machine, which stores their Online password, so they don’t have to type it in every time. It’s a workable solution, but what customers really want is single sign-on and single identity. Enter the Microsoft Services Connector. Microsoft Services Connector is a free tool for federating your Active Directory with Microsoft Services. Your employees will be able to access services with their domain credentials, the same way they access the on-premises applications they use today. With Outlook 14 and Windows 7, they will not be prompted for their password once they’ve logged into Windows.Microsoft Services Connector will work for Microsoft Online Services starting in Wave 14, as well as for third party applications hosted on Windows Azure platform. This is good for both users and administrators: User benefits: Overall benefit for end users is improved productivity No usability issues with remembering two identities and passwords – lower confusion and frustration Common experience across Online Services (Sharepoint Online, OC Online, etc) in Wave 14Administrator benefits: Overall benefit for IT is better manageability and lower TCO Since it is a server-side solution, they don’t have to spend time deploying and maintaining a client-side application Passwords are not synchronized to the cloud. Microsoft never sees credentials or password Enterprises retain security control over user accounts and password expiry Low touch, easy to set up and manage -- no change to AD code or alteration of enterprise deployment of AD is requiredDecreased helpdesk calls from end users forgetting their passwords
When a user is moved to the cloud, it is important that all their mailbox items, from e-mails to calendar appointments to personal contacts and tasks, migrate with them in a seamless way. Today’s Exchange Online offers robust tools for migrating mailboxes, and in Exchange 2010 these capabilities get even better, with support for cloud migration built into Exchange. The first improvement that administrators will notice is that the migration tool is no longer a separate piece of software to download and install. Instead, mailboxes can be moved to the cloud right from within the Exchange Management Console or Remote PowerShell. The user interface for moving mailboxes to the cloud within EMC is straightforward. The administrator highlights the mailboxes he wants to move from his on-premises Exchange forest, clicks “migrate mailbox,” and then walks though a wizard to identify specify options and parameters. It’s basically the same as moving a mailbox between two servers on-premises.The administrator can also see statistics on the migration while it is in process, including % complete, elapsed time, and number of items that could not be moved.
The advantage of native migration support go beyond an integrated GUI. A closer look at the architecture behind mailbox migration reveals several advantages: Cloud migrations now use the same Exchange 2010 Mailbox Replication Service (MRS) that powers mailbox moves between two on-premises servers and also migrations from prior versions of Exchange. A single architecture for mailbox migration means that Exchange Online users benefit from the investments made in on-premises mailbox moves. In this new architecture, the mailbox migration process is asynchronous and fault-tolerant. In the old days of cloud mailbox moves, if a server machine or database went down, or if the administrator accidentally closed the Exchange Online mailbox migration tool, he had to start the move over again. The new replication service, in contrast, runs like a background process. The administrator enters the mailbox move request, and then this request is logged with Exchange Online and picked up by one or more E14 CAS servers on the network. If a server goes down, the request remains in effect, and another server from the pool of available machines and picks up where the previous one left off. You can close EMC or close Powershell window and it keeps working. Plus, the administrator manually suspend or resume the replication at will.When the administrator schedules the mailbox move, he can set the mailbox move to “autocomplete” or choose to have it wait for his confirmation on the last step of the process. And, there is intelligence built in to the migration process, so that the user won’t be switched over to the cloud until content indexing is complete and redundant database copies are seeded there. This ensures that the user will have responsive mailbox search capabilities, and protection of their data, as soon as they switch. As with today’s tool, the user’s source mailbox is accessible throughout the move, if the source mailbox is Exchange 2007 SP2 or Exchange 2010. When the source mailbox is on Exchange 2003, the move is an offline operation. In Exchange 2010, there is no need for an OST resync after the move, which improves the user’s experience and eases network congestion. Exchange 2010 provides support for offboarding, which is a key requirement for organizations that have extended coexistence in mind. The replication engine was built to be symmetrical, so if you need to move a user back on-premises, the administrator can do so without asking users to download pst files or do other manual workarounds. Offboarding support is via Remote PowerShell (no GUI) and requires an E14 CAS server on-premises. The move back to on-premises is an offline operation. But the support is there.
The way that administrators manage their Exchange Online evironments today is using the Microsoft Online Administration Center (MOAC). The web-based-interface is easy to use but currently it is fairly limited in terms of administrative power. Exchange 2010 gives administrators a much richer set of tools to manage and customize their Exchange Online environment.[these tools were covered in depth in “Management Tools” presentation]Exchange Control Panel: Exchange 2010 includes a number of new native web-based management features, which are collectively referred to as the “Exchange Control Panel.” These are native to Exchange, so they are available either in an on-premises or hosted deployment. Exchange Management Console:For managing an on-premises Exchange Server installation, the tool of choice for administrators has long been the Exchange Management Console. In Exchange 2010, administrators can use the robust capabilities of this familiar tool to manage their cross-premises Exchange environment.Remote PowerShell: The ability to manage Exchange using a command-line shell was introduced in Exchange 2007, and PowerShell has become a common way to manage the latest generation of Microsoft Server products, including Windows Server 2008. With Exchange 2010, the robust scripting capabilities of PowerShell now extend to the datacenter, allowing administrators to manage their hosted environment across the Internet.The introduction of these management capabilities means that you move your environment to cloud without giving up control. You can offload task while retaining control over essential management features.. This enables you to “move up the stack” – instead of managing servers and iron, to manage settings, configuration, and rolling out features that are visible to your org.Let’s take a closer look at each of these management tools.
Today’s Exchange Online service includes basic Exchange management capabilities available through the Microsoft Online Admin Center. These allow administrators to: manage users and distribution groups, update mailbox quotas, reset passwords, add and update external contacts, and manage blocked sender lists for anti-spam.The new web-based management capabilities introduced in Exchange 2010 will add to the capabilities of the Microsoft Online Admin Center, giving administrators the ability to: Perform cross-mailbox search for legal discovery, and export the results to PST Search delivery reports to help troubleshoot message delivery issues Configure transport rules and disclaimers Configure the new Messaging Records Management capabilities in Exchange 2010 (MRM 2.0) In addition, the interfaces for managing users and distribution groups get much more powerful than the current versions in MOAC.These new administration capabilities are web-based and RBAC aware; so they can be delegated to non-IT users. These non-IT business specialists can access these screens directly from OWA or Outlook, based on their Exchange credentials, so there’s no need to educate them about MOAC or set them up with a separate login. The Exchange Control Panel is an example of how smart engineering benefits Exchange customers whether they are running Exchange as a server or service. These same capabilities are available in an on-premises environment, where the benefits of delegated administration are just as valuable. And, it’s a platform built on Exchange cmdlets, so it is the same PowerShell engine underneath that also powers the Exchange Management Console. You’ll see continued investment in bringing new web-based administration capabilities to the server and service.
The Exchange Management Console is designed to be the tool of choice for administration in the enterprise when working with a mixed environment of on-premises and hosted users. In Exchange 2010, EMC supports multiple forests. Exchange Online is simply handled as another forest. There is full recipient management support for the datacenter forest , as well as support for organization configuration management for the datacenter forest [for example, configuring mobile device policies for the organization] As we discussed earlier, the EMC also has built-in support for moving mailboxes to the cloud. Management of the datacenter forest is done over HTTP/HTTPS so there is no fancy firewall configuration needed.
With Exchange 2010, PowerShell becomes another item in the administrator’s toolbox that give them control over the Online environment. You use Windows PowerShell on a local computer to connect to your Exchange Online organization and perform management tasks that aren't available or practical in the Web management interface. You just install Windows PowerShell on your Windows Vista or Windows Server 2008 client machine, and you are off and running. Like EMC, Remote PowerShell connects to the datacenter using standard protocols to allow easier management through firewalls. RBAC integration means you candelegated PowerShell management capabilities in a scoped way within your IT org. If you think about it, The datacenter is effectively delegating permission to you to manage aspects of your hosted Exchange forest, without giving you permission to manage things like back-end databases. You can further delegate specific abilities within your org. Remote PowerShell is useful for creating scripts to automate routine tasks, and for batch processing. For example, you can create or update many user accounts at one time. You use the same commands and syntax as PowerShell administration for other Windows Server products on-premises, so the time invested in building PowerShell skills pays dividends in both the Online and on-premises worlds.
So, to summarize, Exchange 2010 was built for services. This manifests itself in three ways:Closes gaps between server and service: Lighting up features missing from today’s service (features that used to only be available in the Dedicated Offering). Also, new features of the Exchange 14 server are available in server and service. Improved migration and coexistence: Exchange Server 2010 helps make the transition to the Exchange Online a seamless experience for your users. Single identity and single sign on capabilities mean that users can access cloud services using their domain credentials, without the need for client sign-in tools. Federated calendaring allows online and on-premises users to see each others’ calendars for easy scheduling of meetings. Unified Messaging is now available, giving your hosted users the benefits of a single inbox for voice mail and e-mail messages. These improvements help make the move to the cloud transparent to your users, giving you the flexibility migrate your entire organization to hosted e-mail at your own pace, or to remain in a condition of extended coexistence where a part of your mailboxes are in the cloud and a part stay on-premises.Better administration and control: Exchange Server 2010 adds new administration capabilities that give you more control over your Exchange Online deployment. The Exchange Management Console is now integrated with Exchange Online, so you can manage your hosted Exchange forest alongside your on-premises Exchange forest, easily moving users to and from the cloud. The new Exchange Control Panel give you advanced web-based management capabilities. And, the power of PowerShell extends to the datacenter.The net effect of all these enhancements is to give you true deployment choice and flexibility. You can choose to deploy Exchange Server on premises, migrate Exchange Online, or mix the two together. Whichever approach meets your businesses needs, you get business-class messaging capabilities that you’ve come to expect from Exchange
Advanced Security</li></ul>Optimized for Software + Services<br />Native multi-tenancy<br />Built for hybrid deployments <br />Tested with Live@edu<br />Hosted by Exchange team <br />Exchange Server 2010<br />
Exchange Server 2010<br /> Reduces feature gaps between online and on-premises Exchange<br /> Improves coexistence between on-premises and online users<br /> Gives administrators more control over the online environment <br />Co-Existence<br />On-Premises<br />Hosted Service<br />Deploy Exchange in a Fashion That Best Fits Business Needs with Choice of Delivery<br />
New Online Capabilities<br /> Features from Exchange Server 2007<br />Managed Folders<br />Transport Rules<br />Voice Mail and Unified Messaging<br /> Features from Exchange Server 2010<br />Help users prevent e-mail mistakes with MailTips<br />Meet legal and compliance needs with cross-mailbox search<br />Apply RMS protection with transport rules<br />Eliminate PSTs with Personal Archive<br />
Hosted Unified Messaging<br />Voice mail services in the cloud, powered by Exchange UM<br />Similar to UM branch office deployment<br />On-premises telephony equipment remains in place<br />Session Border Controller (SBC) connects on-premises telephony environment to Exchange Online<br />PBX stays on-premises<br />Internet<br />HT<br />PSTN<br />Exchange Online hosts mailboxes and UM servers<br />UM<br />CAS<br />PBX and Office Phones<br />MBX<br />
Cross-Premises Coexistence<br />A key investment area in Exchange 2010<br />Coexistenceis a scenario where some mailboxes are hosted and some remain on-premises<br />Acquired Groups<br />Coexistenceis useful way to onboard acquisitions or provide e-mail to task workers<br />Coexistenceis key to a smooth migration to the cloud<br />Deskless Workers<br />Current e-mail users<br />
Advanced Coexistence<br />Exchange 2010 deployment serves as a gateway to the cloud<br />Microsoft Services Connector<br />Single identity, single sign-on<br />Directory Sync Tool<br />User provisioning and unified GAL<br />Microsoft Federation Gateway<br />Active Directory<br /> Exchange Server 2010<br /><ul><li>Cross-premises free/busy
Applications hosted on Azure™</li></li></ul><li>Federation enables cross-premises sharing of free/busy<br />Exchange Online user<br />Exchange Online user<br /><ul><li>On-premises and online users can see each other’s free/busy calendar data
Maintains consistent user experience during migration and coexistence
Process is the same as setting up free/busy sharing with business partners
No client configuration needed</li></ul>Advanced Coexistence<br />
Advanced Coexistence<br />Federation enables flexible and secure message transport <br /><ul><li>Invisible to end users</li></ul>Sending side encrypts and routes to a Federated Delivery address<br />Receiving side validates, decrypts, and reroutes to final recipients<br /><ul><li>Uses same Sharing Relationship configuration as free/busy calendar sharing
Provides functionality similar to Transport Layer Security (TLS)</li></ul>Microsoft Federation Gateway<br />Exchange<br />Online<br />Contoso<br />E14<br />E14<br />email@example.com<br />To:firstname.lastname@example.org<br />From:email@example.com<br />To:firstname.lastname@example.org<br />From:email@example.com<br />Key advantage: Outbound mail can be routed throughon-premises e-mail infrastructure for custom processing<br />
Advanced Coexistence<br />Federation enables single sign-on with single identity<br />Today<br />Online “2010”<br />Single sign-on via stored password<br />Single sign-on via federation<br />Microsoft ServicesConnector or ADFS<br />User benefits<br /><ul><li> Same identity on-premises and in the cloud
No need to manage separate passwords</li></ul>Administrator benefits<br /><ul><li> No sign-on application to manage across desktops
No changes to enterprise deployment of AD</li></ul>Active Directory<br />
Mailbox Migration<br />Exchange 2010 includes native support for cloud migrations<br /> Move mailboxes to cloud with Exchange Management Console<br />Migrate mailboxes with built-in wizard<br />View migration status and statistics<br />
Mailbox Migration<br />Robust capabilities powered by Exchange 2010<br />Uses same replication engine as on-premises mailbox moves<br />Asynchronous design improves fault-tolerance<br />Outlook OST resync is not required after mailbox move<br />Includes support for moving mailboxes back on-premises<br />On-premises<br />Exchange 2003<br />Mailbox Migration<br />Exchange 2007<br />Exchange 2010 CAS<br />Exchange 2010<br />Supports migration from Exchange 2003, Exchange 2007, and Exchange 2010 on-premises <br />
Greater Administrative Control<br /> Exchange Control Panel:Perform or delegate common admin tasks via a Web-based GUI<br /> Exchange Management Console:Manage online and on-premises mailboxes in one place <br /> Remote PowerShell:Manage the hosted Exchange environment via command line<br />
Brings new capabilities to the Microsoft Online Admin Center<br />Exchange Control Panel<br /><ul><li>Adds new Web-based management features
Capabilities can be delegated beyond the IT department</li></li></ul><li>Exchange Management Console<br />Single tool for managing cross-premises deployments<br /><ul><li>Manage on-premises and online Exchange forests in the same console
Allows scripting and automation of routine tasks</li></ul>> Set-Mailbox firstname.lastname@example.org -MaxSendSize 0KB<br />
Summary of new capabilities powered by Exchange 2010<br />Better administration and control<br />Improved migration and coexistence<br />New server features available online<br /><ul><li>Enhanced Web administration portal