microsoft confidential © 2012 microsoft corporation. all rights reserved
TRANSCRIPT
Microsoft Confidential
© 2012 Microsoft Corporation. All rights reserved.
Microsoft Confidential
Exchange 2010 SP2 Hybrid Mode & Office 365 Co-ExistenceKamal AbburiPremier Field Engineer - Microsoft Services
Reactive Support
Premier Field Engineering - What do we do
Microsoft Confidential3
Proactive ServicesWorkshopsHealth ChecksRisk AssessmentsSupportability ReviewsChalk & TalksKnowledge Transfers
Troubleshooting & RCA
Partner with PG
Technical Leadership
Global Community
Onsite and Remote
Conditions and Terms of Use
This training package is proprietary and confidential, and is intended only for uses described in the training materials. Content and software is provided to you under a Non-Disclosure Agreement and cannot be distributed. Copying or disclosing all or any portion of the content and/or software included in such packages is strictly prohibited.
The contents of this package are for informational and training purposes only and are provided "as is" without warranty of any kind, whether express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
Training package content, including URLs and other Internet Web site references, is subject to change without notice. Because Microsoft must respond to changing market conditions, the content should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
For more information, see Use of Microsoft Copyrighted Content athttp://www.microsoft.com/about/legal/permissions/
Microsoft®, Internet Explorer®, and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other Microsoft products mentioned herein may be either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.
Copyright and Trademarks © 2012 Microsoft Corporation. All rights reserved.
Microsoft Confidential
OverviewHybrid Deployment Terminology and ComponentsRequirements and Configuration
Microsoft Confidential5
ObjectiveUnderstand Hybrid deployments and scenariosUnderstand the planning involved Understand the steps involved for successful implementation
Microsoft Confidential6
Hybrid Deployment
Microsoft Confidential7
Hybrid Deployment FeaturesSecure mail routing between on-premises and Exchange Online organizations.Mail routing with a shared domain namespace. A unified global address list, also called a “shared address book”.Free/busy and calendar sharing between on-premises and Exchange Online organizations.Centralized control of outbound mail flowA single Outlook Web App URL for both the on-premises and Exchange Online organizations.Move existing on-premises mailboxes to the Exchange Online organization.Centralized mailbox management using the on-premises Exchange Management ConsoleMessage tracking, MailTips, and multi-mailbox search between on-premises and Exchange Online organizations.Cloud-based message archiving for on-premises Exchange mailboxes
Microsoft Confidential8
Hybrid Scenarios - Migration to Office 365Pilot Office 365Large MigrationsMigrate users to the cloud at your own paceMinimal or no disruption in Service
Microsoft Confidential9
Hybrid Scenarios – Coexist with Office 365
Maintain a hybrid Exchange environment indefinitelyOrganizational Requirements Public Folders Legacy, email-enabled line-of-business applications ComplianceEasy Off BoardingMergers and acquisitions
Microsoft Confidential10
Mailbox Archive Mailbox Mailbox
Things to ConsiderHighly Configurable - Not CustomizableNetworks – Datacenter LocationsRegulatory and Compliance requirementsManageability
Deployment and MaintenanceLifecycles
Workloads not available in Exchange OnlineOutlook 2003 Public Folders Limits Address Lists PermissionsMultiple Forests
Microsoft Confidential11
How do I DecideExchange Deployment Options WhitepaperOffice 365 for Enterprise Service DescriptionsOffice 365 Advisor Microsoft Office 365 Deployment Readiness ToolMicrosoft Office 365 Deployment Guide for Enterprises
Microsoft Confidential12
Decision Made.. Where do I StartExchange Server Deployment Assistant
On-Premises Only Upgrade from Exchange Server 2003 Upgrade from Exchange 2007 Upgrade from mixed Exchange 2003 and Exchange Server 2007 New installation of Exchange 2010
Hybrid Deployment (On-Premises + Cloud)Exchange 2003 Exchange 2007Exchange 2010
Cloud Only
Microsoft Confidential13
ExDeploy
Microsoft Confidential14
Sample Deployment
Microsoft Confidential15
ComponentsOffice 365Hybrid server(s) - On PremisesActive Directory synchronizationADFSMicrosoft Federation GatewayTransportCertificatesHybrid Configuration Wizard
Microsoft Confidential16
Office 365 and Hybrid server(s) - On PremisesOffice 365 for enterprises Microsoft Exchange 2010 SP1 or later
SP2 for the Hybrid Configuration Wizard
Mailbox, Client Access, and Hub Transport server roles Windows Server 2003 forest functional mode or higher
Microsoft Confidential17
Sample Deployment
Microsoft Confidential18
ADFSEnables access with a single user name and password On Premises Policy and Control Single Active Directory forestActive Directory Federation Services 2.0Requires unique third-party SSL certificateestablish a relying party trust relationship
Microsoft Confidential19
Sample Deployment
Microsoft Confidential20
Active Directory synchronizationProvides Unified GAL Directory Synchronization tool (32-bit and 64-bit)
Cannot be a domain controllerUses SQL Server 2008 Express
All Users, mail-enabled contacts and groups Two-way synchronization (write-back)
Microsoft Confidential21
KB 2256198
SafeSendersHash, BlockedSendersHash, SafeReceipientsHash, msExchArchiveStatus, ProxyAddresses, msExchUCVoiceMailSettings, PublicDelelgates
Sample Deployment
Microsoft Confidential22
Microsoft Federation GatewayIdentity service that runs over the Internet Uses SSL certificates and proof of domain ownershipEstablish trust relationships with multiple partners O365 Tenant automatically creates Federation Trust
Microsoft Confidential23
Creat
e Auto
Org Relationship
Sample Deployment
Microsoft Confidential24
Mail FlowShared SMTP NamespacesSecured and Authenticated Mail Flow
Channel PrivacyReceiver Authentication with Domain Validation Sender Authentication
Each organization treats the other one as an internal
Microsoft Confidential25
Things to ConsiderSingle AD Forest and Domain20,000 Objects limit
Contact support to increase
UPNFederated domain should be public (.local ?)
Set up single sign-on before AD synchronization. High Availability Network Security
Inbound; 25 TCP and 443 TCPOutbound; 25 TCP, 80 TCP and 443 TCP
Bandwidth
Microsoft Confidential26
Things to ConsiderOutlook 2010 for best experience
Outlook 2007
Unified MessagingMobile Devices
Partnership should be disabled and re-enabled
LicensesPublic FoldersAll Management from On PremisesNo transfer of permissionsDNS Records
Autodiscover, spf
Microsoft Confidential27
Things to Consider - CertificatesActive Directory Federation Services
Security token services(sts.contoso.com)
Exchange federationSelf Signed can be used
Exchange servicesAutodiscover(autodiscover.contoso.com)OWA ActiveSyncEWSOutlook Anywhere
TransportFQDN of your Exchange 2010 hybrid server
Microsoft Confidential28
Hybrid Configuration WizardGuides End-to-End process for Hybrid Deployment Replaces approximately 50 manual steps Validate PermissionsVerify Prerequisites and TopologyCreates the HybridConfiguration object in Active Directory Makes the configuration changes to create and enable the hybrid deployment
Microsoft Confidential29
Hybrid Configuration Engine
Microsoft Confidential30
Hybrid Configuration Coexistence domain
Adds as accepted domain <domain>.mail.onmicrosoft.comAdds as secondary proxy domain to any e-mail address policies
Exchange federationCheck for an existing federation trustUse Existing or Create a federation trustCreate and Configure organizational relationshipsEnable free/busy sharing, Outlook Web App redirection, message tracking, and MailTips
Mailbox MovesEnable the Mailbox Replication Service (MRS) proxy
Mail flowConfigure On Premises Servers and FOPE for Mail Routing
Microsoft Confidential31
New Hybrid Configuration
Microsoft Confidential32
Demo
Microsoft Confidential33
Manage
Microsoft Confidential34
Troubleshooting
Microsoft Confidential35
Take AwayRun ExDeploySign Up for 0365Register your Domains with 0365Run Microsoft Office 365 Deployment Readiness ToolDeploy Single Sign On Deploy Directory Synchronization Install Exchange 2010 SP2 Configure External Access , DNS records, CertificatesDependencies are KeyRun Hybrid Wizard
Microsoft Confidential36