exchange online - hybrid tips and tricks from the field

45
Exchange Online Hybrid Tips and Tricks from the Field Steve Goodman

Upload: steve-goodman

Post on 12-Nov-2014

1.649 views

Category:

Technology


0 download

DESCRIPTION

This is a deep dive presentation based on real-world experience implementing Hybrid Exchange environments, presented at the Office 365 UK User Group on the 9th April, 2013. SkyDrive version here: http://sdrv.ms/10Mlf8A

TRANSCRIPT

Page 1: Exchange Online - Hybrid tips and tricks from the field

Exchange OnlineHybrid Tips and Tricks from the FieldSteve Goodman

Page 2: Exchange Online - Hybrid tips and tricks from the field

2

Exchange Online – Hybrid Tips and Tricks from the Field Wave 15 - Key improvements and known issues

When to use Hybrid Challenges for Exchange 2003, 2007 and 2010 orgs

Challenges for Wave 14 Hybrid orgs upgrading

General Hybrid Challenges Co-existence and migration

Page 3: Exchange Online - Hybrid tips and tricks from the field

3

Steve Goodman Technical Architect at Phoenix IT Group V-TSP at Microsoft Writer at MSExchange.org, SearchExchange.com and more

Founder and host of The UC Architects Podcast

Exchange Server MVP

Page 4: Exchange Online - Hybrid tips and tricks from the field

Wave 15 Key Improvements

Page 5: Exchange Online - Hybrid tips and tricks from the field

5

The Exchange Admin Center The EMC and ECP rolled into one in the browser

For Exchange 2013 organizations a “single pane of glass” for Exchange Management

For Exchange 2010 organizations, the EMC can still connect to Exchange Online

Page 6: Exchange Online - Hybrid tips and tricks from the field

6

The Exchange Admin Center

Page 7: Exchange Online - Hybrid tips and tricks from the field

7

Improved Client Experience Great OWA experience across tablets and mobiles Except Android

Offline mode for OWA Apps for OWA and Outlook 2013 IE7 is downgraded to “Light” and IE8 has performance issues

Check out browser support

Page 8: Exchange Online - Hybrid tips and tricks from the field

8

Improved Client Experience

Page 9: Exchange Online - Hybrid tips and tricks from the field

9

Hybrid Features No major improvements in Wave 15 Federated Sharing and Mailbox Moves Remain

Still have the ability for on-premise mailboxes with cloud archives

No cross-premises mailbox sharing

Page 10: Exchange Online - Hybrid tips and tricks from the field

10

Address Book Policies Re-introduction of Exchange GAL Segregation

Introduced On-Premise in Exchange 2010 SP2

New in Wave 15 Exchange Online Not available to Global Administrators by default

Page 11: Exchange Online - Hybrid tips and tricks from the field

11

Address Book Policies

Page 12: Exchange Online - Hybrid tips and tricks from the field

12

Site Mailboxes Mailboxes attached to SharePoint Sites allowing team-based collaboration

Do documents belong in Exchange? Exposed via the SharePoint Site and within Outlook 2013

No cross-premises story – either on premise or in the cloud

Page 13: Exchange Online - Hybrid tips and tricks from the field

13

Site Mailboxes

Page 14: Exchange Online - Hybrid tips and tricks from the field

14

Modern Public Folders Public Folders are here to stay! Old issues associated with Public Folders are gone

Public Folders live within special Public Folder Mailboxes

Requires Exchange 2013 to migrate to the cloud

50 PF Mailboxes with a combined size of 1.25TB

Page 15: Exchange Online - Hybrid tips and tricks from the field

15

Modern Public Folders

Page 16: Exchange Online - Hybrid tips and tricks from the field

16

Compliance and E-Discovery Exchange data is better in Exchange In-place hold replaces Legal Hold Query based search and hold Time-based hold E.g. Place all Finance Mailboxes under hold for 6 years

Inactive Mailboxes allow preservation of leavers data

Page 17: Exchange Online - Hybrid tips and tricks from the field

17

Compliance and E-Discovery

Page 18: Exchange Online - Hybrid tips and tricks from the field

18

Exchange Online Protection Replaces Forefront Online Protection for Exchange

Integrated with the Exchange Admin Center Can be licenced solely as mail filtering solution

Evaluate carefully – Exchange features and terms like Transport Rules replace typical terms using in cloud-based mail filtering

Page 19: Exchange Online - Hybrid tips and tricks from the field

19

Why Hybrid Exchange 2010 and higher only support Hybrid

Ease of testing, pilot and re-use existing skills for migration

Think of it as a transition rather than a migration

Page 20: Exchange Online - Hybrid tips and tricks from the field

20

Why not Hybrid Smaller 2007 and 2003 migrations Non-Microsoft migrations Various options available

Staged Cutover Third Party Solutions like MigrationWiz

Page 21: Exchange Online - Hybrid tips and tricks from the field

Hybrid Challenges with different versions of Exchange

Page 22: Exchange Online - Hybrid tips and tricks from the field

22

Challenges for Exchange 2007 and 2003 Migration of Client Access Services including Implementing a legacy namespace Moving AutoDiscover and other services Similar to an Exchange 201x migration

Options available Exchange 2013 “Hybrid Servers” Exchange 2010 SP3 “Hybrid Severs”

Page 23: Exchange Online - Hybrid tips and tricks from the field

23

Challenges for Exchange 2007 and 2003

Exchange 2007 CCR Clusters

ForefrontTMG Array

sts.contoso.com

Active Directory Federation Services 2.0 Farm

legacy.contoso.com

Exchange 2007 Client Access

mail.contoso.com

Exchange 2010 Hybrid Servers - Client Access Roles

EX02EX01

ADFS01

EX04EX03

ADFS02

TMG01

TMG02

TMG03

ad.contoso.com

Active Directory

User

(1)

(5)

(3)

(4)

(2)

Page 24: Exchange Online - Hybrid tips and tricks from the field

24

Challenges for Exchange 2010 orgs Should you implement Exchange 2013 CU1 as a Hybrid Server?

Where do you need to deploy Exchange 2010 SP3?

Is Exchange 2010 SP3 stable?

Page 25: Exchange Online - Hybrid tips and tricks from the field

25

Challenges for Wave 14 upgrades You will need to upgrade to Exchange 2010 SP3

You will need to re-run the Hybrid Configuration Wizard

Page 26: Exchange Online - Hybrid tips and tricks from the field

General Hybrid Challenges

Page 27: Exchange Online - Hybrid tips and tricks from the field

27

External Connectivity External HTTPS Namespaces Use the Microsoft Remote Connectivity Analyser to test EWS and AutoDiscover

Verify you add the correct firewall exceptions to all services, both inbound and outbound For outbound MS recommend by URL rather than IP due to CDNs

Authenticated proxy servers will cause issues Exclude Exchange from authentication Set the proxy server via netsh and Set-ExchangeServer

Page 28: Exchange Online - Hybrid tips and tricks from the field

28

Certificates You need valid third-party certificates for HTTPS namespaces and SMTP

Federation Certificate is self-signed, though Did you ever set up Federated Sharing before Exchange 2010 SP1? Federation causes most failures, usually temporary with the HCW

HCW attempts AutoDiscover for each hybrid domain Exchange 2013 has a solution to this Set-HybridConfiguration -Domain "domain.com, autod:primary.com"

SSL Offload will cause issues with mailbox moves You probably need to keep SSL offload but there are workarounds

Page 29: Exchange Online - Hybrid tips and tricks from the field

29

Pre-Authentication What is pre-authentication? What uses pre-authentication? Why is this a problem?

Federated Sharing e.g. /EWS/Exchange.asmx/WSSecurity

What are the solutions? Rules before pre-auth to exclude these paths:

http://community.office365.com/en-us/wikis/exchange/1042.aspx Disable pre-auth for /AutoDiscover/* and /EWS/* completely!

Page 30: Exchange Online - Hybrid tips and tricks from the field

30

SMTP Mail Flow Make sure you understand the organization’s mail routing

Make sure you put the right certificates on the Hub servers you will use for the Hybrid configuration

Bear in mind firewalls and load balancers that mask the real sender’s address Changes to Receive Connectors may be needed

Page 31: Exchange Online - Hybrid tips and tricks from the field

31

Federated Sharing Provides Free/Busy and Calendar Sharing Relies on AutoDiscover and Exchange Web Services

This is the components that can’t use pre-auth

Troubleshooting tools include IIS logs and event logs

SSL offload can cause issues here too URL used can be specified manually, but try not to

Remember the limitations of Federated Sharing

Page 32: Exchange Online - Hybrid tips and tricks from the field

Coexistence and migration

Page 33: Exchange Online - Hybrid tips and tricks from the field

33

Planning – Microsoft Tools The most important part Base tools are very useful

OnRamp replaces the Deployment Readiness Toolshttps://onramp.office365.com/OnRamp

ExDeploy – Exchange Deployment Assistant Other great MS tools including MAP for MS Online Services

Page 34: Exchange Online - Hybrid tips and tricks from the field

34

Planning – Deeper Discovery Active Directory information Exchange user information

Mailbox and message sizes Clients like Outlook, ActiveSync, IMAP, SMTP clients, EWS, BES Shared Mailboxes and who shares with who UM and archive mailboxes in use Policies that aren’t migrated, like ActiveSync policies Previous cross-forest migrations

Local Knowledge Stats aren’t everything – IT staff supporting the users generally are a

wealth of information about the user base

Page 35: Exchange Online - Hybrid tips and tricks from the field

35

Understanding Collaboration Issues Larger the organization equals more sharing

Sharing may cross many intra-org boundaries

Not all sharing is easy to discover Cross-premises sharers need to re-share Calendars

No cross-premises access to Shared Mailboxes

Use your discovery information

Page 36: Exchange Online - Hybrid tips and tricks from the field

36

Test your migration process Migration concurrency depends on multiple factors

Test throughput during the times you will migrate

Leavers mailboxes provide good candidates for throughput testing

Remember you can move mailboxes back to re-test (and should test you can do this, anyway)

Page 37: Exchange Online - Hybrid tips and tricks from the field

37

Test your migration process Double check your pre-requisites for successful moves Is it an on premise mailbox with a corresponding mail user in the

cloud? Does it have a licence assigned? Does the UPN match on premise and in the cloud (and of course,

does AD FS work correctly) Have all required details, like email addresses synchronized

successfully? Were there any mailbox items larger than 25MB? Do you have any clean up for cross premise migrations to do?

Page 38: Exchange Online - Hybrid tips and tricks from the field

38

Test your migration process Good documentation should be tested alongside your pilot migration

User and IT documentation Listen to recommendations from IT staff who know the user base well

Consider an end-user portal

Page 39: Exchange Online - Hybrid tips and tricks from the field

39

Building Migration Batches Distribution Groups are great to use for migration batches!

It’s a comms channel The helpdesk can use them You can feed them to test scripts And of course to Remote Move Requests

Page 40: Exchange Online - Hybrid tips and tricks from the field

40

Pre-Pilot and Pilot Phases Before the main pilot iron out all issues you can

Treat the pilot like the real deal Don’t just use IT! Use real users who’ll give you real feedback!

Page 41: Exchange Online - Hybrid tips and tricks from the field

41

The Migration By this point it should be straightforward Communicate with users so they know what’s coming

Make sure you have the appropriate resources

Don’t be afraid to scale up as you come along

Again, keep reviewing feedback

Page 42: Exchange Online - Hybrid tips and tricks from the field

42

What next? If you’ve moved all users to the cloud is it time to get rid of on-premises entirely?

SMTP senders may require and on-premise SMTP server

Consider provisioning and management Remember you need to patch and maintain

Page 43: Exchange Online - Hybrid tips and tricks from the field

Key takeaways

Page 44: Exchange Online - Hybrid tips and tricks from the field

44

Key Takeaways It’s all in the planning The more you test the more chance of success

If you plan on a on-going hybrid environment or longer migration, discovery is very important

For many organizations, Exchange 2010 SP3 is still the best option for a “hybrid” Exchange server.

Page 45: Exchange Online - Hybrid tips and tricks from the field

45

Thanks for listening! Any questions, just ask Get in touch any time

www.stevieg.org www.theucarchitects.com [email protected]