disclaimer - microsoft · disclaimer please note: ... office 365 hybrid deployment and migration...

Disclaimer

Please Note: This is made for informational purposes only.MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.

Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

Microsoft, Exchange Server, Windows, O365, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

This is made by taking into account of my experience and by referring Wikipedia, Microsoft TechNet

Road2MasterOffice 365

Hybrid Deployment and MigrationPart 1 - Introduction

Ashwin Venugopalwww.Road2Master.ms

Welcome and Introduction

Know the Voice

An Infrastructure consultant with around 8 years of IT industry experience. I’m work on Microsoft Infrastructure related products and technologies like Active Directory, Messaging, SCCM, SCOM, Virtualization, Office 365 etc.

Agenda

Exchange Hybrid Deployment and Migration with Office 365◦ E-mail Deployment Options◦ Preparing to Deploy◦ The Microsoft Online Services Directory

Synchronization tool◦ Mail Routing◦ Migration Methods and Tools

Move requests with the Mailbox Replication Service (MRS)

Cutover Exchange migration Staged Exchange migration IMAP e-mail migration PST Capture Third-party solutions

E-mail Deployment Options

E-mail Deployment Options◦ Hybrid deployment

Mailboxes for your organization can reside on-premises in an Exchange organization and in the cloud. In the hybrid deployment scenario, messaging functionality is seamless across the on-premises deployment and the cloud deployment. For the full list of supported features.

This hybrid deployment scenario can also include single sign-on, which lets users use their existing Active Directory on-premises credentials to access all on-premises and cloud resources.

◦ All mailboxes in the cloud If your long-term goal doesn’t require messaging functionality that

spans cross-premises, you should plan to move all your mailboxes to the cloud. It may take a week or maybe months to complete the migration, but it’s the best option if your long-term goal is to migrate all your mailboxes to the cloud.

Preparing to Deploy Exchange Online


◦ Things to consider

Identity management

Microsoft Online Services Directory Synchronization tool

Mail routing

Migration methods and tools


Identity management◦ Non-Federated identity

◦ Single sign-on or Federated Identity

Non-Federated identity Here all users with mailboxes in the cloud use Office 365-generated credentials

to access their Office 365 resources.

You can use directory synchronization to automatically provision users from the on-premises Active Directory. Either way, ultimately, credentials are generated and managed by Office 365.

If you have an on-premises identity management system such as Active Directory, users will have a set of credentials for their Office 365 resources and a set of credentials for their on-premises resources.

The advantage of a non-federated identity management solution is that there is less overhead in deploying and setting up your identity solution.

The disadvantage to a non-federated identity solution for organizations that still maintain user resources on-premises is that the user experience is fractured and requires more user education about credential management.


Identity management◦ Non-Federated identity

◦ Single sign-on or Federated Identity

Single sign-on or Federated Identity When you deploy single sign-on, all users with mailboxes in the cloud use their

existing on-premises Active Directory credentials to access both cloud and on-premises resources.

You enable this by installing an AD FS server(s) in your on-premises organization.

Advantage

Users don’t need to use different set of credentials.

Policy control

The administrator can control account policies through Active Directory, which gives the administrator the ability to manage password policies, workstation restrictions, lock-out controls, and more, without having to perform additional tasks in the cloud.

Access control

The administrator can restrict access to Office 365 so that the services can be accessed through the corporate environment, through online servers, or both.

(More)


Identity management◦ Non-Federated identity◦ Single sign-on or Federated Identity

Single sign-on or Federated Identity Advantage

Reduced support calls

Forgotten passwords are a common source of support calls in all companies. If users have fewer passwords to remember, they are less likely to forget them.

Security

User identities and information are protected because all of the servers and services used in single sign-on are mastered and controlled on-premises.

Support for strong authentication

You can use strong authentication, also called two-factor authentication, with Office 365.

The disadvantage of single sign-on is that you have to install new servers also involves more cost.


Identity management◦ Non-Federated identity◦ Single sign-on or Federated Identity

Why Single sign-on or Federated Identity?◦ Single sign-on is recommended, though not required, in the hybrid

deployment scenario.◦ Single sign-on may also be a good solution for some large

organizations that plan to migrate all mailboxes to Office 365 over many months.

NOTE◦ Single sign-on with AD FS requires Active Directory on-premises.◦ Single sign-on requires that you install and run the Microsoft

Online Services Directory Synchronization tool.◦ If you deploy AD FS and directory synchronization then you got to

perform staged Exchange migration, cut over migration is not possible. Difference between Staged and Cut Over Exchange Migration will be

discussed later.

Directory Synchronization Tool

The Microsoft Online Services Directory Synchronization tool Primarily used to synchronize

Global Address List Support complex routing scenarios Provision users in a cross-premises deployment

By default, the Directory Synchronization tool synchronizes one-way from the on-premises directory to the cloud directory.

To enable following features of hybrid deployment, you must grant write access to the Directory Synchronization tool to synchronize some messaging-related user data back into the on-premises Active Directory. Archiving on-premises mailboxes to the cloud Moving mailboxes from the cloud to the on-premises Exchange

organization Synchronizing user-managed safe sender and blocked sender lists from

the cloud Synchronizing voice mail notifications from the cloud

Directory synchronization is required for the following: hybrid deployment; single sign-on; and staged Exchange migration.

Mail Routing

Mail Routing Generally in a hybrid deployments your MX Record will be

pointed to your on-premises Exchange system as the authoritative domain. E-mail to cloud-based recipients is then relayed from the on-premises Exchange organization to the cloud.

You can also configure routing for hybrid deployments in such a way that the MX record points to the cloud as the authoritative domain.

NOTE: Both cutover Exchange migration and staged Exchange

migration manage short-term e-mail synchronization during the migration phase. Cutover Exchange migration synchronizes e-mail using

subscriptions until migration is complete. Staged Exchange migration routes e-mail by stamping the

cloud target address on the on-premises mailboxes.

Migration Methods and Tools

Migration Methods and Tools Move requests with the Mailbox Replication Service (MRS)

Cutover Exchange migration

Staged Exchange migration

IMAP e-mail migration

PST Capture

Third-party solutions


Move requests with the Mailbox Replication Service (MRS)◦ The Microsoft Exchange Mailbox Replication Service

(MRS) resides on all Exchange 2010 Client Access servers and is responsible for

mailbox moves

Importing and exporting .pst files

Restoring disabled and soft-deleted mailboxes.

◦ Move requests require a hybrid deployment.

◦ Move requests let you move mailboxes back and forth between your on-premises Exchange organization and the cloud. You do this in the Exchange Management Console.


Cutover Exchange migration◦ Cutover Exchange migration is for organizations that have

fewer than 1,000 mailboxes and want to move all mailboxes to the cloud in a single operation.

◦ Use E-Mail Migration in the Exchange Control Panel to access the tool.

◦ NOTE:◦ Cutover Exchange migration only supports Exchange 2003

or later.◦ If you are running older versions of Exchange, you have to

use IMAP e-mail migration or a third-party solution.◦ If you are running Exchange and have more than 1,000

mailboxes, consider using staged Exchange migration.◦ If you plan to deploy single sign-on, run cutover Exchange

migration first, and then set up single sign-on (and directory synchronization after the migration is complete). Running directory synchronization before you run cutover Exchange migration will cause the migration to fail.


Staged Exchange migration

◦ Staged Exchange migration is for larger organizations or organizations that want to migrate mailboxes to the cloud over time.

◦ In this scenario, you can migrate some mailboxes to the cloud while maintaining the rest of the mailboxes in your on-premises organization.

◦ Use E-Mail Migration in the Exchange Control Panel to access the tool.

◦ NOTE:◦ Staged Exchange migration has been designed for organizations that plan to

move all on-premises Exchange mailboxes to the cloud eventually.◦ Staged Exchange migration only supports Exchange 2003 or Exchange 2007. ◦ If you are running older versions of Exchange, you have to use IMAP e-mail

migration or a third-party solution. ◦ If you are running Exchange 2010, you must implement a hybrid deployment and

use move requests to migrate.◦ Staged Exchange migration requires directory synchronization.◦ If you plan to deploy single sign-on as part of your long-term deployment plan,

set up single sign-on and directory synchronization before you run the staged Exchange migration.


IMAP e-mail migration◦ IMAP e-mail migration is designed as a fallback e-mail content

migration tool for a wide variety of e-mail servers.◦ If you are running Exchange 2000 Server or Exchange Server

5.5 Service Pack 4, or any other compliant IMAP server, such as Gmail, IMAP e-mail migration is an option.

◦ Use E-mail Migration in the Exchange Control Panel and a CSV file.

PST Capture◦ Another method for migrating mailbox items to cloud

mailboxes is Microsoft Exchange PST Capture.◦ PST Capture lets you search for and collect PST files on

computers in your on-premises organization and then import the PST files to cloud mailboxes.

◦ Note that you can also use PST Capture to import PST files to on-premises primary or archive mailboxes.


Third-party solutions◦ Binary Tree

◦ BitTitan

◦ Cemaphore

◦ Quest

◦ Metalogix

◦ MigrationWiz

◦ etc

END OF PART 1Thank you for your time

Questions?Ashwin Venugopalwww.Road2Master.ms

Disclaimer

Please Note: This was made for informational purposes only.

MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.

Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

Microsoft, Exchange Server, Windows, O365, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

This was made by taking into account of my experience and by referring Microsoft TechNet

disclaimer - microsoft · disclaimer please note: ... office 365 hybrid deployment and migration...

Documents