Office 365 UK User Group London 4th September 2012
1. Welcome to the
Office 365 UK
User Group
Speakers: Liam Mann & Alan Richards
4th September 2012
Host: Matthew Hughes
Venue provided by Content & Code
2. Agenda
18:30 – Welcome
18:45 – Office 365 in the Real World
Liam Mann – Content & Code
19:45 – Break
20:00 – Migrating from On Premise to Office 365
Alan Richards –
21:00 – Close & Pub
3. Welcome
What is the point in the User Group?
Independent
Share Knowledge
Share Experience
Share the Pain & Pleasure
Network
Have a Pint and a chat with someone that
understands and doesn’t nod & agree or fall sleep
4. Office 365 in the
Real World
Liam Mann - Office 365 Deployment Engineer
Content & Code
9. ADFS 2.0 Single Sign On – Office
365
• Like Kerberos with Cookies
• Authentication kept On-premise
• Allows user to use the same set of credentials
• High Availability Deployment Recommended
• Published Externally with ADFS Proxies
• Secured by SSL Certificates
10. ADFS 2.0 Single Sign On – Office
365
Active
Directory
AD FS 2.0 AD FS 2.0 AD FS 2.0
Server Server Server
Proxy
AD FS 2.0
Server External
Proxy User
Internal
User
Enterprise DMZ
11. Exchange Rich Coexistence
• Rich Outlook Features
• Secure Mail Flow
• Unified GAL
• Single Outlook Web App
• Centralised Management of Exchange
• Online Archiving
18. Issues
• UPNs not matching verified domain in Office 365
• ADFS 2.0 Design had to be implemented in new data centre
• DMZ time not Synchronised
• Domain Servers not restarted after updates
• TMG Configuration – Not setup correctly
• Hybrid Configuration and Proxy Issues
• Purchased a Certificate with No Name
19. Summary of Project
Prerequisites of Existing Infrastructure
Design and Implementation of new Infrastructure
Training and Handover to Clients
Client Evaluation of Project
Overall Project Success
20. Wates Construction
• Reduce Operation Costs
• Replace Email Filtering
System
• Upgrade Ageing Infrastructure
• Provide Better Communication
across Multiple Offices
“I Love Office 365”
21. Wates Design
Phase 1
Replace Email Filtering System
Redirect Mail Flow to Office 365
Phase 2
Complete Exchange Coexistence
Setup
Install ForeFront Protection for
Exchange
Phase 3
Install and Configure SSO
Training & Handover
22. Issues
• FOPE does not accept internet bound traffic from
on-premise
• Two hop migration was required from Exchange
2003
• Currently no automation of pulling archive from
Enterprise Vault
• Free/Busy sharing more complex with Exchange
2003
• WNLB with Certain Routers require Configure Static
ARP
23. Summary of Project
Prerequisites for Office 365
TMG not fully configured
Forward Proxy Caused Delays
Design and Implementation of New Infrastructure
Highly Available Infrastructure
Email Filtering Outbound with FOPE from On-premise
Training and Handover to Client
Client Evaluation of Project
Overall Project Success
27. Summary of Project
Prerequisites for Office 365
Legacy Exchange Infrastructure
Specify Perimeter Settings Clearer
Design and Implementation of New Infrastructure
Project so far
28. Lesson Learned
• Try to avoid authenticating internet access through proxy for coexistence
servers
• More complicated setup for Free/Busy with Exchange 2003
• FOPE cannot process outgoing email from On-premise
• Two stage migration required for Exchange 2003
• Prepare Existing Exchange 2003 environment (Recipient Policies)
• Gauge clients technical ability
• Ensure all updates and patches are applied on existing and new infrastructure
• TMG Flood Mitigation – Mailbox Migration
• UPNs configured Correctly
• Split DNS Configured Correctly
32. Seren + Foviance
Foviance are on Office 365
Seren Users to be Migrated to Office 365
Foviance Users to be added into AD
Password Synchronisation Tool
34. Who Am I
IT Consultant
Worked in education for over 18 years
Led teams in the early adoption of Microsoft
systems
Regular presenter at events
SharePoint MVP
35. Topics
Office 365 co-existence options
Types of migration
Single Signon
A client migration – Real World
36. Co-Existence
You already have onPremise Exchange
Shared Address Space
Use the same domain name for all users
OnPremise or cloud receives email
Forwards onto the other one
Multiple Addresses
Use different domain names for onPremise &
Cloud
Each entity receives its own email
Manage mail contacts in either onPremise or cloud
37. Types Of Migration
IMAP cutover: E-mail is extracted from the
source mail system by IMAP, DNS MX records
are changed, and workstations configured to
connect to Office 365. E-mail is moved, but no
contacts and calendars.
38. Types Of Migration
Exchange cutover: Same as IMAP but it uses
RPC over HTTPS (Outlook Anywhere) to extract
your entire mailbox from a legacy Exchange e-
mail system (2003 or later only).
39. Types Of Migration
Staged coexistence: Similar to an Exchange
cutover, but allows for batches of users to
move at a time and for the two systems
(Exchange and Office 365) to interoperate over
a period of time.
40. Types Of Migration
Hybrid coexistence: This solution is intended
for customers who require onsite and cloud e-
mail systems to coexist for longer periods.
Active Directory and Office 365 synchronize
and single-sign-on is set up. This is the most
technically complex migration method but
makes for the easiest mailbox
migrations, simply using the existing Exchange
Management Console’s commands.
41. Single Signon
Use Active directory account to access Office
365
Uses Active Directory federation services
Minimum 4 servers for load balancing
Federation server & Federation proxy server
PowerShell to form ‘link’
Separate server for DirSync software
DO NOT ENABLE BEFORE MIGRATION
42. Real World Migration
Planning
Prepare your AD
Delete users
Clean up Exchange
Empty deleted items
Empty sent items
Migration type
Choose the right one for your environment
How many users
Keeping onPremise
43. Real World Migration
Migration takes time
400 users took 5 days
Incremental updates after full migration
Complete migration
Convert mailboxes to mail enabled users
PowerShell scripts downloadable from Microsoft
All migrations run from Exchange Control
Panel
52. Thanks very much for
coming and please
spread the word
Interested in speaking?
Interested in coordinating a user group?
Contact Matthew Hughes matt@sp365.co.uk
Notas del editor
NameYour Role in the CompanyYour Role on these projectsExchange Interest – Back Ground
Ask Questions to Audience – By a show of hands gauge the audienceHow many people are using Office 365 ?How many people have implemented Office 365 or gone through the deployment process?What the presentation is about?Projects and Involvement
What does ADFS Do for Office 365Appropriate forLarger enterprise organizations with on-premises Active DirectoryProsSSO with corporate credentialsIDs mastered on premisesPassword policy controlled on premisesTwo-factor authentication solutions possibleCo-existence scenarios enabledConHigh availability server deployments required
Mail TipsFree/Busy Calendar SharingMessage TrackingOn boarding and OffloadingNo Outlook ReconfigurationTLS supported by TLSGAL Directory Synchronisation ServerNew Mailbox Moves direct to Office 365 cross premise
200 -300 UserExchange 2007 InfrastructureExisting Exchange Infrastructure: 2 x Exchange 2007 in UK – Site in USMajor issue – US lost connection to the UK Exchange halted work and disrupted there productivity.
Identity ManagementResilient Topology High AvailabilityIssues we had with this:UPNs not matching verified domain in office365ADFS Design had to be implemented in New Data CentreDMZ Time not SynchronisedSharePoint Users – Changing UPN disruptionExchange Coexistence / Simple CoexitenceExchange Not Business Critical – 1 Exchange Coexistence ServerHUB RoleCAS RoleOWA URLS Redirection / Keep Existing Change MigratedIssues:Servers not built to latest SPTMG Configuration – Not setup CorrectlyHybrid Configuration and Proxy IssuesPurchased a Certificate with no nameMigration Showed and gave instruction manuals to client to migrate themselvesIssues:Public Folders – Still not migrate
Prerequisites were not meet ( Proxy Settings / Reverse Proxy / DMZ not Setup Correctly and Servers not Provisioned )Infrastructure Deployment was a success design we kept to and meet clients requirementsTraining could have been more in-depth, but client is happily migrating users and managing that part of the project.Client was very happy with the project as a whole Project was and Overall Success
1800 – 2000 Users – Exchange 2003 EnvironmentThe Main Focus of this client was replace there current Mail Filtering and Anti Spam Software and replace it with FOPE.On 2003 were upgrading to 2010 or Office 365 as the next step in infrastructure upgradeReduce heavy maintenance of current exchange system.
Phase 1Explain Existing Mail Flow – Trend Micro and Symantec Email Filtering SystemReplace Symantec Filtering System with Office 365 FOPE2010 Server were installed Mail Flow could not come from on-premise to FOPE to the InternetPhase 2Complete the CAS Setup and Re-Run the Hybrid ConfigurationFree/Busy was more challenging to setup - Explain how it 2003 find free/busy of Office 365 1. Changed the Public Folder Referral List (Add the 2010 Public Folder on Exchange 2003) 2. Go to ADSI Edit and Change the MSExchFolderAffinityList – to the GUID of the Exchange 2010 Server not Public Folder.Microsof Federation Gateway Issue – Remove DomainMigrated some test IT users / Locked out of Outlook when we setup ADFS.Installed ForeFront Protection for Exchange
Prerequisites for Office 365Secure and Change Request for Exact Proxy URLs – Two Blue Coat ProxiesDesign and Implementation of New Infrastructure Highly Available Exchange Infrastructure as client was planning slow migration. Email Filtering Outbound with FOPE from On-premiseTraining and Handover to Client Client had dedicated member of staff through out project, really helped with Handover Training is On-going – Two Types of Training USER and ADMIN
1100 – 1300 User – Exchange 2003Primary goal is to replace there existing 2003 environmentStorage was high and getting difficult to manageAlso want to configure Lync Online for better communicationThis client has multiple offices all over the world with many VPLS tunnels back to UK
ADFSStandard ADFS Build Increased Token Life TimeIssues – Servers not provisionedLooked at option of Publishing through TMGNo Split DNSECSMail Flow Design to stop any type of interruption to usersAutodiscover and Outlook Directed at the TMG internally and ExternallyIssuesSchema Updates were not complete (Change Process)Email Address Policies being - Managed Email Address Policies5.5 Email Infrastructure – Upgraded large amount of clean up requiredProxy Federation Request during Coexistence setupLatest Rollup 3 – Client had disable Microsoft update he assured me there update provider would do the updates over nightTMG - Not correctly setup as it was an internal firewall. – Had dedicated proxy team to help configuration (Unlike Cmed)
5.5
We have create documents clearly stating perimeter settingsForward ProxyReverse ProxyFirewall All servicesComputer and Servers
These are new project that we are at the start ofI like to introduce these as they are using different technologies and migration process
Mention DriversUnstable Email PlatformComplicated Security for ExchangeRunning out of spaceLooking at both Simple Coexistence and Rich CoexistenceWe do the first project they will follow our guides to do the restThis is a client that trailed and tested Google, it was not liked.
Staged migrationQuick As PossibleOutlook Anywhere Setup multiple certificates
Seren and Foviance are mergingFoviance are already on Office 365Seren want Foviance users in AD and Seren users into Office 365.They are looking at the possibility of using a password synchronisation tool.