SESSION CODE: EXL-OFC311 Chris Goosen Systems Architect Ensyst Toby Knight Technical Solution Professional Microsoft MICROSOFT OFFICE 365: FROM SIMPLE MIGRATION TO A HYBRID ENVIRONMENT (c) 2011 Microsoft.
Download ReportTranscript SESSION CODE: EXL-OFC311 Chris Goosen Systems Architect Ensyst Toby Knight Technical Solution Professional Microsoft MICROSOFT OFFICE 365: FROM SIMPLE MIGRATION TO A HYBRID ENVIRONMENT (c) 2011 Microsoft.
SESSION CODE: EXL-OFC311 Chris Goosen Systems Architect Ensyst Toby Knight Technical Solution Professional Microsoft MICROSOFT OFFICE 365: FROM SIMPLE MIGRATION TO A HYBRID ENVIRONMENT (c) 2011 Microsoft. All rights reserved. Session Objectives ► Understand the planning requirements ► Overview of migration options ► Learn about cutover and staged migrations ► Learn about the core hybrid components and concepts ► Review hybrid deployment stages ► What’s new in Exchange 2010 SP2? PLANNING (c) 2011 Microsoft. All rights reserved. Planning Stages 1. Plan Read case studies and documentation 2. Prepare Add and verify SMTP domains Configure On-Premise 3. Migrate 4. Decommission Planning Factors Size ► Large ► Medium ► Small Source Server ► Exchange ► IMAP ► Lotus Notes ► Google ► On-Premise ► Single Sign- On ► Cloud ► Hybrid ► No Hybrid Provisioning ► DirSync ► Bulk Provisioning ► NSPI Provisioning Planning How to pick a migration solution? Hybrid Migration Solutions SEM CEM 1 150 5,000 25,000 Organisational Size in Users <1 Week 2 Weeks 3 Weeks Several Months Time For Migration including Planning None Mailflow/GalSync Free/Busy, Archive in Cloud Co-existence MIGRATION OPTIONS (c) 2011 Microsoft. All rights reserved. Migration Options Choices to fit your organisation Staged migration Hybrid X Exchange 2000 X Exchange 2003 X X X X Exchange 2007 X X X X Exchange 2010 X X Notes/Domino X GroupWise X Other X ► Cutover Exchange migration (CEM) – – Good for fast, cutover migrations No server required on-premises ► Staged Exchange migration (SEM) – – Hybrid Exchange 5.5 Supports wide range of e-mail platforms E-mail only (no calendar, contacts, or tasks) IMAP migration Migration – – Cutover migration ► IMAP migration No server required on-premises Identity federation with on-premises directory ► Hybrid deployment – – Manage users on-premises and online Enables cross-premises calendaring, smooth migration, and easy off-boarding * Additional options available with tools from migration partners X Cutover Exchange Migration Objective Capability ► A simple Exchange ► No on-premise migration solution for small and medium businesses to move to Office 365 ► ► Requirement ► Organisation should be less than 1000 in size ► Outlook Anywhere service ► Identity management in the cloud ► ► deployment required Migration from Exchange Server 2003 and greater On-premise or hosted systems Integrated Provisioning High fidelity migrations Mail, calendar, tasks and many more Staged Exchange Migration Objective Capability ► A simple Exchange ► Migration from Exchange migration solution for medium and large size organizations Require ► Directory sync Server 2003 and Exchange 2007 only. ► Migrate in batches ► High fidelity migrations Mail, calendar, tasks and many more Not Migrated Not Migrated Not Migrated Not Migrated Migrated DEMO: CUTOVER MIGRATION (c) 2011 Microsoft. All rights reserved. HYBRID DEPLOYMENT FEATURES (c) 2011 Microsoft. All rights reserved. Compare… Feature Staged Hybrid Mail routing between on-premises and cloud (recipients on either side) Mail routing with shared namespace (if desired) - @company.com on both sides Unified GAL Free/Busy and calendar sharing cross-premises Exchange Sharing Mailtips, messaging tracking, and mailbox search work cross-premises OWA Redirection cross-premise (single OWA URL for both on-premises and cloud) Exchange Online Archive Exchange Management Console used to manage cross-prem relationship & mailbox migrations Native mailbox move supports both onboarding and offboarding No outlook reconfiguration or OST resync required after mailbox migration Online Mailbox Move allows users to start logged into their mailbox while it is being moved to the cloud Secure Mail ensure emails cross-premises are encrypted, and the internal auth headers are preserved Centralized mailflow control, ensures that all email routes inbound/outbound via On Premises Hybrid Features ► Cross-Premises Free/Busy and Calendar Sharing – Creates the look and feel of a single, seamless organization for meeting scheduling and management of calendar – Works with any supported Outlook client; the heavy lifting is done by the Exchange Server 2010 CAS servers and the MS Federation Gateway and is transparent to the client Hybrid Features Cross-Premises MailTips ► Cross-Premises MailTips – Creates the look and feel of a single, seamless organization. Correct evaluation of “Internal to” vs. “External to” organization context – Allows awareness and correct Outlook 2010 representation of mail-tips for size and quantity limits on DGs, etc. Hybrid Features Cross-Premises Message Tracking ► Cross-Premises Message Tracking – Creates the look and feel of a single, seamless organization – Message tracking started from on-premises or from the cloud will track through to the edge of the combined organization Hybrid Features ► Cross-Premises mailbox search – Allows compliance officers to select/manage mailboxes for mailbox searches from onpremises or cloud-hosted mailboxes – Graphical representation allows to differentiate between onpremises and cloud-hosted mailboxes in the picker – Search results returned across all selected mailboxes, regardless of mailbox location! Hybrid Features Cross-Premises OWA redirection ► Single URL – Allows mailbox access to OWA via a single URL Ensures a consistent enduser experience ► Better Cloud log in experience – Log in experience can be greatly improved by adding your domain name into your cloud URL Hybrid Features Cross-Premises Mailflow ► Cross-Premises Mailflow – Hybrid adds the ability to preserve internal organizational headers. – Most important header: Auth header Hybrid ► Makes your on-premises organization and cloud organization work together like a single, seamless organization – Offers near-parity of features/experience on-premises and in the cloud – Seamless interactions between on-premises and cloud mailboxes – Migrations in and out of the cloud transparent to end-user ► Features not supported: – Coexistence of Delegate permissions – Delegate permissions are migrated, but do not work when Delegator and Delegate are split between on-prem & cloud – Migration of Send As/Full Access permissions – Multi-forest – Only single forest source environments – Public Folders HYBRID DEPLOYMENT COMPONENTS (c) 2011 Microsoft. All rights reserved. Hybrid Server Roles 2 Required Server Roles: ► Office 365 Active Directory Synchronization ► Exchange Server 2010 SP1 CAS/Hub* 1 Optional Server Roles: ► Active Directory Federation Services Office 365 Directory Sync Unified Global Address List AD FS Exchange Server 2010 SP1 CAS/Hub * Mbx role is required for legacy environments HYBRID DEPLOYMENT CONCEPTS (c) 2011 Microsoft. All rights reserved. Core Concepts Single Namespace External Recipient ([email protected]) MX for contoso.com = On Premises Internet On Premises AD Forest DC Exchange 2003 FE/BE Server Email from [email protected] to [email protected] Core Concepts Shared Namespace MX for contoso.com = On Premises External Recipient ([email protected]) Internet On Premises AD Forest DC Exchange 2003 FE/BE Server MX for service.contoso.com = Exchange Online Exchange Online is forwarded to Email from [email protected] [email protected] to [email protected] Core Concepts Sign-On Scenarios ADFSv2 - “Identity Federation” – User uses corporate credentials to access Online resources in the cloud Delegation Scenarios – “Exchange Federation” – Services act on behalf of a user to access Exchange resources ► Single Sign-on cloud mailbox login ► Direct Logon for LOB apps ► Cross-premises Free/Busy, Shared ► ► ► ► ► ► Calendaring Cross-premises Mailtips Cross-premises Message Tracking Cross-premises Mailbox Search Cross-premises Mailbox Move authentication Cross-premises OWA redirection Cross-premises Archiving Core Concepts Standard On-Premises Free/busy Toby Chris Mailbox Server Client Access Server On Premises User “Chris” On Premises Core Concepts Federated Free/busy Chris Mailbox Server Microsoft Federation Gateway Client Access Server Free Busy Requ est From Ben To Joe On Premises User “Chris” On Premises Exchange Online Toby Core Concepts Exchange Online Archive Chris Mailbox Server Microsoft Federation Gateway Client Access Server Archi ve Requ est From Ben To Archi ve On Premises User “Chris” On Premises Exchange Online Core Concepts Secure Mail – TLS Domain Secure ForeFront Online Protection for Exchange Exchange Online On Premises Mailbox “Chris” Mailbox Server Cloud Mailbox “Toby” Hub Transport Server On Premises Core Concepts Secure Mail - Sending Internal Headers ForeFront to Cloud Online XOORG Data Certific ate Subject Protection for Exchange Exchange Online On Premises Mailbox “Chris” Mailbox Server Cross- XOORG Data Hub Transport Server On Premises Cloud premises Mailbox “Toby” emails are auth’d as “Internal” Core Concepts Secure Mail – Sending Internal Headers ForeFront to On-premises Online Protection for Exchange Exchange Online XOORG Data On Premises Emails Mailbox “Chris” from the cloud are seen as Internal by Transport Mailbox Server Cloud Mailbox “Toby” XOORG Data Hub Transport Server On Premises Core Concepts Centralised Mail flow Control Internet ForeFront Online Protection for Exchange Mailbox Centralised Server Mail flow Control Hub Transport Server On Premises Exchange Online HYBRID DEPLOYMENT STAGES (c) 2011 Microsoft. All rights reserved. Deployment Exchange Deployment Assistant Exchange Deployment Assistant http://technet.microsoft.com/exdeploy2010 ► Currently supports hybrid configuration with Exchange Server 2003, 2007 and 2010 SP1 Deployment Step Details Required/ Recommended Register your custom domains in the Office 365 portal Register any primary SMTP domains Required Configure Federated Identity On-premises ADFS server allows onpremises (single) identity to be used for cloud authentication Recommended Configure DirSync On-premises appliance synchronizes onpremises directory/GAL with the cloud Required Enable DirSync Writeback Allows rich off-boarding with messagerepliability, archiving in the cloud, and UM in the cloud Recommended Deployment Step Details Required/ Recommended Install Exchange Server 2010 SP1 server Onpremises On-premises Exchange Server 2010 SP1 CAS/Hub server (also MBX role for some scenarios) required for hybrid features Required Configure cloud Autodiscover DNS record Allows on-premises targeted autodiscover Outlook client to redirect to cloud without prompts Required Publish MRS Proxy Allows Exchange Online Mailbox Replication Service to connect On Premises and perform a move to the cloud Required Implement Cloud Configuration Policies Create configuration policies in the cloud to match (or complement) on-premises configuration policies (e.g. – ActiveSync policies, OWA policies, etc.) Recommended Configure RBAC in the cloud Create/manage Role Based Access Control (RBAC) settings in the cloud to match (or complement) on-premises RBAC configuration Recommended Configure Federation Trust / Org Relationship “Federated Sharing” Enable infrastructure for delegated Live namespace federation. Allows the following features: Recommended Configure Crosspremises mail routing Cross-premises Free/Busy, Shared Calendaring Cross-premises OWA redirection (single URL) Cross-premises Mailtips Cross-premises Mailbox Search Cross-premises Message Tracking Cross-premises Archiving Configure Cross-premises mail routing. This configuration ensures proper antispam/header handling for mail sent between on-premises and the cloud. Recommended Deployment Creating the Federation Trust Create Exchange Federation Trust with the MFG using a “unique namespace” e.g. “exchangedelegation.contoso.com” MSO ID Automatic implied trust between the Exchange Online tenant and MFG Microsoft Federation Gateway (MFG) On Premises AD Forest Exchange Online Exchange 2010 CAS/ HUB Server On-premises Org Relationship with “service.contoso.com” Exchange Online Org Relationship with “contoso.com” Deployment Creating the Secure Mail Connectors FOPE On Premises AD Forest Remote Domains define the use of internal headers Exchange 2010 CAS/ HUB Server Exchange Online DEMO: HYBRID DEPLOYMENT (c) 2011 Microsoft. All rights reserved. What’s New in Exchange 2010 SP2? ► New Hybrid Configuration Wizard – Exchange federation trust Pre-SP2: Approximately – Organization relationships 50 manual steps – Remote domains/accepted domains With SP2: Now only 6 – Email address policies manual steps – Send/Receive connector – Forefront inbound/outbound connectors – MRSProxy – Pre-req checks (i.e. Office365 Active Directory Sync, Exchange certificates, registered custom domains, etc…) ► New PowerShell cmdlets – New/Get/Set/Update-HybridConfiguration ► Namespaces improvements – Removing requirement for unique namespace – Providing every customer a coexistence domain, for every hybrid deployment • Service.contoso.com is now Contoso.mail.onmicrosoft.com In Review Session Takeaways ► There are migration options to suit any organisation ► Hybrid setup has many steps, but it’s primarily about getting the planning right: – Namespaces & Certificates are the two key areas to think about ► Moving to Exchange Server 2010 on-premises sets you up for a smooth path to the cloud ► What’s new in SP2? Related Content Check out these sessions! ► EXL310 Upgrading to Exchange 2010: Notes from Field ► EXL303 Exchange Server 2010: High Availability Concepts ► OFS-OFC309 From Zero to Productivity with Office 365 ► OFS-OFC214 Customer experiences moving to the Cloud ► OFS-OFC215 Microsoft Office 365: The Future of Productivity QUESTION & ANSWER SESSION (c) 2011 Microsoft. All rights reserved. Contact Details Get in touch! ► Chris Goosen – Email: [email protected] – Blog: http://www.cgoosen.com – Twitter: @chrisgoosen ► Toby Knight – Email: [email protected] Enrol in Microsoft Virtual Academy Today Why Enroll, other than it being free? The MVA helps improve your IT skill set and advance your career with a free, easy to access training portal that allows you to learn at your own pace, focusing on Microsoft technologies. What Do I get for enrolment? ► Free training to make you become the Cloud-Hero in my Organization ► Help mastering your Training Path and get the recognition ► Connect with other IT Pros and discuss The Cloud Where do I Enrol? www.microsoftvirtualacademy.com Then tell us what you think. [email protected] © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. (c) 2011 Microsoft. All rights reserved. Resources www.msteched.com/Australia www.microsoft.com/australia/learning Sessions On-Demand & Community Microsoft Certification & Training Resources http:// technet.microsoft.com/en-au http://msdn.microsoft.com/en-au Resources for IT Professionals Resources for Developers (c) 2011 Microsoft. All rights reserved.