ITCamp 2012 - Paul Roman - Hybrid solutions in Office 365
1. Hybrid solutions in Office 365
Paul Roman, MVP Exchange
Email: paul.roman@pras.ro
Blog: http://paulroman.pras.ro
@ itcampro # itcamp12 Premium conference on Microsoft technologies
2. ITCamp 2012 sponsors Private &
Public Cloud
@ itcampro # itcamp12 Premium conference on Microsoft technologies
3. Agenda Private &
Public Cloud
• What is Office 365?
• Why hybrid?
• Office 365 hybrid features
• Exchange hybrid
– Planning
– Features
– Planning and Concepts
– Review deployment stages
– What’s new in Exchange 2010 SP2?
@ itcampro # itcamp12 Premium conference on Microsoft technologies
4. What is Office 365? Private &
Public Cloud
@ itcampro # itcamp12 Premium conference on Microsoft technologies
5. EXCHANGE HYBRID
PLANNING
@ itcampro # itcamp12 Premium conference on Microsoft technologies
6. Planning For Deployment Private &
Public Cloud
Identity
Source Server Size
Management
Exchange Large On-
IMAP Medium Premises
Lotus Small Single Sign-
Notes On
Google On-Cloud
Hybrid Provisioning
Hybrid DirSync
Exchange Bulk
Provisioning
sharing
features
@ itcampro # itcamp12 Premium conference on Microsoft technologies
7. Migration Options Private &
Public Cloud
• IMAP migration
Cutover migration
Staged migration
IMAP migration
• Supports wide range of email platforms
Hybrid
• Email only (no calendar, contacts, or tasks)
• Cutover Exchange migration (CEM)
• Good for fast, cutover migrations
• No server required on-premises Exchange 5.5 X
Exchange 2000 X
• Staged Exchange migration (SEM) Exchange 2003 X X X X
• No server required on-premise Exchange 2007 X X X X
• Identity federation with on-premises directory Exchange 2010 X X X
Notes/Domino X
GroupWise X
Other X
• Hybrid deployment
• Manage users on-premises and online
• Enables cross-premises calendaring, smooth
migration, and easy off-boarding
@ itcampro # itcamp12 Premium conference on Microsoft technologies
8. Staged Migration vs. Hybrid Private &
Public Cloud
@ itcampro # itcamp12 Premium conference on Microsoft technologies
9. EXCHANGE HYBRID
FEATURES
@ itcampro # itcamp12 Premium conference on Microsoft technologies
10. Cross-Premises mailbox move Private &
Public Cloud
• Cross-Premises moves
just like on-premise
– Cross-Premises mailbox
moves driven out of EMC
GUI “Remote Move”
wizard
– With federated sharing
configuration in place, it
eliminates the explicit
credentials requirement,
allowing mailbox moves to
be executed seamlessly to
and from the cloud
@ itcampro # itcamp12 Premium conference on Microsoft technologies
11. Free/Busy and Calendar Sharing Private &
Public Cloud
• Cross-Premises Free/Busy
and Calendar Sharing
– Creates the look and feel
of a single, seamless
organization for meeting
scheduling and
management of calendar
– Works with any supported
Outlook client; the heavy
lifting is done by the
Exchange Server 2010
CAS servers and the MS
Federation Gateway and is
transparent to the client
@ itcampro # itcamp12 Premium conference on Microsoft technologies
12. Cross-Premises MailTips Private &
Public Cloud
• Cross-Premises MailTips
– Creates the look and feel
of a single, seamless
organization. Correct
evaluation of “Internal
to” vs. “External to”
organization context
– Allows awareness and
correct Outlook 2010
representation of mail-
tips for size and quantity
limits on DGs, etc.
@ itcampro # itcamp12 Premium conference on Microsoft technologies
13. Cross-Premises Message Tracking Private &
Public Cloud
• Cross-Premises Message Tracking
– Creates the look and feel of a
single, seamless organization
– Message tracking started from
on-premises or from the cloud
will track through to the edge of
the combined organization
• Tracking fidelity across
Exchange Server 2010 SP1 servers
will be identical to fully on-premises
organizations (i.e. – high fidelity)
• Tracking fidelity across pre-2010
servers will be identical to fully on-
premises organizations (i.e. – lower
fidelity)
@ itcampro # itcamp12 Premium conference on Microsoft technologies
14. Cross-Premises mailbox search Private &
Public Cloud
• Cross-Premises mailbox search
– Allows compliance officers to
select/manage mailboxes for
mailbox searches from on-
premises or cloud-hosted
mailboxes
– Graphical representation allows to
differentiate between on-
premises and cloud-hosted
mailboxes in the picker
– Search results returned across all
selected mailboxes, regardless of
mailbox location!
@ itcampro # itcamp12 Premium conference on Microsoft technologies
15. Cross-Premises OWA redirection Private &
Public Cloud
• Single URL
– Allows mailbox access to OWA via a
single URL (pointed to on-premises CAS)
– Ensures a good end-user experience as
mailboxes are moved in-and-out of the
cloud, since OWA URL remains
unchanged
• Better Cloud log in experience
– Log in experience can be greatly
improved by adding your domain name
into your cloud URL so that you can
access your cloud mailbox without the
interruption of Go There page
@ itcampro # itcamp12 Premium conference on Microsoft technologies
16. Cross-Premises Mailflow Private &
Public Cloud
• Cross-Premises Mailflow
– Hybrid adds the ability to
preserve internal organizational
headers
– Most important header: Auth
header
• Allows us to treat a message from
the cloud as authenticated. This
means we trust the message and
resolve the sender to a recipient in
the GAL.
• Restrictions specified for that
recipient get honored.
• When sender expanded in
Outlook, GAL card is opened (not
SMTP address)
@ itcampro # itcamp12 Premium conference on Microsoft technologies
17. Features summary Private &
Public Cloud
• Makes your on-premises organization and cloud
organization work together like a single, seamless
organization
– Offers near-parity of features/experience on-premises and in the
cloud
– Seamless interactions between on-premises and cloud mailboxes
– Migrations in and out of the cloud transparent to end-user
• Features not supported:
– Coexistence of Delegate permissions – Delegate permissions are
migrated, but do not work when Delegator and Delegate are split
between on-premises and cloud
– Migration of Send As/Full Access permissions
– Multi-forest – Only single forest source environments
– Public Folders
@ itcampro # itcamp12 Premium conference on Microsoft technologies
18. EXCHANGE HYBRID
PLANNING AND CONCEPTS
@ itcampro # itcamp12 Premium conference on Microsoft technologies
19. Hybrid Server Roles Private &
Public Cloud
2 Required Server Roles:
• Office 365 Active Directory Sync.
• Exchange Server 2010 SP1 CAS/Hub*
1 Optional Server Role:
@ itcampro # itcamp12 Premium conference on Microsoft technologies
20. Single / Shared Namespace Private &
Public Cloud
Single Namespace
MX for contoso.com = On Premises External Recipient
(joe@foo.com)
Internet
On Premises
AD Forest
Email from
Exchange 2003
joe@foo.com to
DC
FE/BE Server
ben@contoso.com
@ itcampro # itcamp12 Premium conference on Microsoft technologies
21. Single / Shared Namespace Private &
Public Cloud
Shared Namespace
MX for contoso.com = On Premises
External Recipient
(joe@foo.com)
Internet
On Premises MX for service.contoso.com = Exchange
AD Forest
Online
Exchange 2003
DC
FE/BE Server Exchange Online
from joe@foo.com to
Email is forwarded to
ben@contoso.com
ben@service.contoso.com
@ itcampro # itcamp12 Premium conference on Microsoft technologies
22. “Federation” and “Federation” Private &
Public Cloud
@ itcampro # itcamp12 Premium conference on Microsoft technologies
23. Standard On-Premises Free/Busy Private &
Public Cloud
Brad
Mailbox
Ben Server CAS Server
Ben requests locates Brad’s
free/busy mailbox and
info for Brad resolves the
request
Client Access
Server
Brad’s
free/busy is
returned to
the Outlook
On Premises
client
User “Ben”
On Premises
@ itcampro # itcamp12 Premium conference on Microsoft technologies
24. Federated Free/Busy Private &
Public Cloud
CAS Server finds
that Joe’s
mailbox is Microsoft
external and Federation
Ben Mailbox Gateway
there is a
Ben requests Server
matching
free/busy Organization
info for Joe RelationshipFree/busy MFG CAS
returns
CAS Server
info is a Delegation
connects to
Client Access Free
Busy returned to Token the
passes
the CAS the MFG toand
Requ
MFG token
est
Server From
Ben
To
Server request a
Joe
requests Joe’s
Delegationon
free/busy
behalf of Ben
Token
Joe’s
free/busy is Exchange
returned to Online
the Outlook On Premises
client User “Ben”
On Premises Joe
@ itcampro # itcamp12 Premium conference on Microsoft technologies
25. Exchange Online Archive Private &
Public Cloud
CAS Server finds Microsoft
that Ben’s Federation
Ben
Ben Mailbox archive is held Gateway
Attempts to Server within Exchange
access his Online
Online MFG returns
Archive a CAS Server
Delegation
ArchiveCAS connects
Client Access hierarchyto requeststo
is the MFG
Token
Archi
ve
Requ
est
Server From
Ben
To
returned request to
access a
Archi
ve
Ben’s online
Delegation
Token
archive
Ben’s Archive
hierarchy Exchange
builds within Online
the Outlook On Premises
client User “Ben”
On Premises
@ itcampro # itcamp12 Premium conference on Microsoft technologies
26. Secure Mail - TLS Private &
Public Cloud
ForeFront Online
The FOPE transport certificate Protection for
subject is Exchange
“mail.messaging.microsoft.com”
Domain
Secure
Exchange
Online
Mailbox
On Premises Server
Mailbox “Ben”
Cloud
The Hub/Edge Mailbox “Joe”
Hub transport
Transport
certificate subject
Server
is
“mail.contoso.com”
On Premises
@ itcampro # itcamp12 Premium conference on Microsoft technologies
27. Send internal headers to the Private &
cloud
Public Cloud
ForeFront Online
FOPE records the sender’s Protection for
certificate subject. In this Exchange
XOORG
example it is: Data
Certific
ate
“mail.contoso.com” Subject
Exchange
Online
Mailbox
On Premises Server
Mailbox “Ben”
Exchange Online Cloud
Hub verifies cert subject Mailbox “Joe” Cross-premises
XOORG
Data If the outbound email
Transport matches the
is destined for
emails are
authenticated as
Server configured value. If
Exchange Online, “Internal”
cert subject is valid,
internal headers are
On Premises Exchange promotes
added to the email
internal header
@ itcampro # itcamp12 Premium conference on Microsoft technologies
28. Send internal headers to on-premise Private &
Public Cloud
ForeFront Online
Protection for
Exchange
Exchange
Online
XOORG
Data
Mailbox
On Premises Server
Mailbox “Ben”
If the outbound email is
Exchange on-premises
destined for Exchange
verifies cert subject
on-premise, internal Cloud
Emails from matches the configured Mailbox “Joe”
Hub headers are added to the
value. If cert subject is
the cloud are Transport email
XOORG valid, Exchange promotes
seen as Data
internal headers
Server
Internal by
Transport
On Premises
@ itcampro # itcamp12 Premium conference on Microsoft technologies
29. Centralized Mail Flow Control Private &
Public Cloud
Internet Only
Exchange on-
All outbound cloud
premises is
email is sent via on
allowed to
premises
send mail
into the
Exchange Online to
On cloud
Premises
Connector Address
Space = *@*
ForeFront Online
Protection for
Exchange
Hub
Mailbox Transport
Server Server
Centralized
Mail flow Exchange
Control Online
On Premises
@ itcampro # itcamp12 Premium conference on Microsoft technologies
30. EXCHANGE HYBRID
DEPLOYMENT STAGES
@ itcampro # itcamp12 Premium conference on Microsoft technologies
31. Exchange Deployment Assistant Private &
Public Cloud
Exchange Deployment Assistant
http://technet.microsoft.com/exdeploy2010
@ itcampro # itcamp12 Premium conference on Microsoft technologies
32. Office 365 configuration steps Private &
Public Cloud
@ itcampro # itcamp12 Premium conference on Microsoft technologies
33. Exchange configuration steps Private &
Public Cloud
@ itcampro # itcamp12 Premium conference on Microsoft technologies
34. Create Exchange Federation Trust Private &
Public Cloud
Create Exchange Federation Trust with the
MFG using a “unique namespace”
e.g. “exchangedelegation.contoso.com” MSO ID
Microsoft Federation
Gateway (MFG) Automatic implied
trust between the
Exchange Online
tenant and MFG
On Premises
AD Forest
Exchange Online
Exchange Exchange Online Org
2010 CAS/
HUB Server
Relationship with
“contoso.com”
On-premises Org
Relationship with
“service.contoso.com”
@ itcampro # itcamp12 Premium conference on Microsoft technologies
35. Create Secure Mail Connectors Private &
Public Cloud
Create the
Exchange Create the
Send FOPE Inbound
Connector Connector
FOPE
On Premises
AD Forest
Exchange Create the
2010 CAS/
HUB Server FOPE Exchange Online
Outbound
Connector
Create the
Exchange
Receive
Connector
@ itcampro # itcamp12 Premium conference on Microsoft technologies
36. Exchange Server 2010 SP2 Private &
Public Cloud
• New Hybrid Configuration Wizard
Pre-SP2: Approximately 50 manual
– Exchange federation trust
steps
– Organization relationships
– Remote domains/accepted domains With SP2: Now only 6 manual
– Email address policies steps
– Send/Receive connector
– Forefront inbound/outbound connectors
– MRSProxy
– Pre-req checks (i.e. Office365 Active DirSync, Exchange certificates,
registered custom domains, etc…)
• New Windows PowerShell™ cmdlets
– New/Get/Set/Update-HybridConfiguration
• Namespaces improvements
– Removing requirement for unique namespace
– Providing every customer a coexistence domain, for every hybrid
deployment
• Service.contoso.com is now Contoso.mail.onmicrosoft.com
@ itcampro # itcamp12 Premium conference on Microsoft technologies
37. Q&A
@ itcampro # itcamp12 Premium conference on Microsoft technologies