Presentation on theme: "Sofia Event Center 21-22 ноември 2013 г. Преходът към Office365 – различни сценарии, но винаги полезни Христо Христов Service Centrix Ltd."— Presentation transcript:
Sofia Event Center ноември 2013 г. Преходът към Office365 – различни сценарии, но винаги полезни Христо Христов Service Centrix Ltd.
Agenda Introducing the FastTrack Deployment Methodology Components and Scenarios of Office 365 solutions Microsoft Consulting Services Customer scenarios: Prista Oil, Contoso Ltd. Additional tools and information Q&A
Introducing the FastTrack Deployment Methodology Traditional Deployment Methodology Disadvantages of the Traditional Approach The FastTrack Deployment Process Advantages of the FastTrack Approach The FastTrack Phases
Traditional Deployment Methodology Pre- Deployment PlanPrepareMigrate Post- Deployment …. PrePlanPrepareMigratePost Note: Timeline in Weeks
Disadvantages of the Traditional Approach …. PrePlanPrepareMigratePost Do not treat a cloud deployment like an on-premises deployment First Mailbox Pre- Deployment PlanPrepareMigrate Post- Deployment Note: Timeline in Weeks
The FastTrack Deployment Process PilotDeployEnhance Experience value early; discover cloud advantage Implement full features; meet organizational needs Gain real world benefits Achieve production use
Advantages of the FastTrack Approach No throw-away effort on a production pilot Full Office 365 user experience with minimal on- premises requirements Reduced time to value against effort invested Multiple data migration methods: New mailbox, self-service, and IT managed Range of identity options: Cloud IDs, synchronized IDs, password sync, and federated IDs Deployment portal with prescriptive guidance
Components and Scenarios of Office 365 solutions Core Components of Office 365 Core Identity Scenarios with Office 365 Core Messaging Scenarios with Office 365 Core Lync Scenarios with Office 365 Core SharePoint Scenarios with Office 365 Core Client Scenarios with Office 365 Office 365 Capability Matrix per Deployment Step
Core Components of Office 365 Windows Azure Active Directory Exchange Online SharePoint Online Lync Online Office 365 ProPlus
Core Identity Scenarios with Office 365 Directory Synchronization Single identity suitable for medium and large organizations without federation Federated Identity Single federated identity and credentials suitable for medium and large organizations Cloud Identity Single identity in the cloud Suitable for small organizations with no integration to on- premises directories
Office 365 Capability Matrix per Deployment Step Key CapabilitiesStep 1 – PilotStep 2 – DeployStep 3 - Extend Identity Sign OnCloud IDsCorporate AD user account with same password via Password Sync Corporate AD user account and password via ADFS Option for Integration with Works with O365 Identity Providers Option for Shibboleth Integration Active Directory Remediation Not applicableIdFix Dirsync Error Remediation Tool Custom Engagement
Office 365 Capability Matrix per Deployment Step Key CapabilitiesStep 1 – PilotStep 2 – DeployStep 3 - Extend Global Address ListCloud UsersDirsync Users Dirsync users FIM 2010 via O365 connector Calendar Free/Busy sharingCloud UsersDirsync Users (req. Ex 2010 SP3) Dirsync Users Exchange Federation to other O365 or Exchange Corporate Yes via connected accountsYes via Corporate Domain add Data Migration Options User driven migrations via connected accounts (mail only) User driven PST import (mail/calendar/contacts) User Driven IT Driven via Staged Migration or Hybrid Exchange (req. Ex 2013) Hybrid Exchange for 2013 and 2010 or 2007 on- premises IBM Notes Migration Option OWA / Full Outlook Mobile via Active SyncCloud Address (Send From) Corporate Address Option for BlackBerry BCS Corporate Address Option for BlackBerry BCS
Core Lync Scenarios with Office 365 Advanced FeaturesBasic Features Enterprise Features
Office 365 Capability Matrix per Deployment Step Key CapabilitiesStep 1 – PilotStep 2 – DeployStep 3 - Extend IM & P Online Meetings Video Conferencing PC and Application Sharing Mobile Lync Clients Skype Federation (Summer 13) Lync External Federation Lync Hybrid Option Lync Hybrid Voice Option
Core SharePoint Scenarios with Office 365 User Sites Basic Web Page Site Collections/Team Sites
Office 365 Capability Matrix per Deployment Step Key CapabilitiesStep 1 – PilotStep 2 – DeployStep 3 - Extend Team Sites Sky Drive Pro External Sharing Office Web Apps Public Site with Corporate DNS SharePoint Solutions (BCS, Duet) Click-to-Run Office 2013 Pro Plus Self-Serve for Pilot Users Self-Serve for Dirsync Users IT Managed Deployment Self-Serve for Dirsync Users IT Managed Deployment
Core Client Scenarios with Office 365 Web Based Clients All Clients
MCS Customer scenario: Prista Oil
Customer Information PRISTA OIL GROUP is a holding structure, with two main activities: Production and trading of motor and industrial oils, greases and special fluids Battery Business – part of the MONBAT structure (one of the blue chips on Sofia Stock Exchange) PRISTA OIL has its own production facilities in Bulgaria, Turkey and Hungary PRISTA OIL HOLDING EAD is operating in more than 20 countries in Central and Eastern Europe, Near and Middle East, as well as in Ukraine, Georgia, Kazakhstan and others
Existing Environment Two locations in Bulgaria with several hundreds of users Several locations with less than 100 users AD was partially deployed in Prista Oil Different mail services (Qmail) and mail address spaces were implemented in Bulgarian locations Variety of clients are currently used – Outlook, Outlook Express and Thunderbird An existing trial of Office 365 service was used Business location outside Bulgaria have heterogeneous systems - Exchange, MDaemon, cloud based and etc.
Project Objectives and Team Design and optimization of IT infrastructure services Design and implementation of Active Directory services Provide Exchange Online Services Develop unified workstations images with management Provide a new solution services for pilot users Project team includes experts from: Microsoft Consulting Services Service Centrix Prista Oil IT department
Project Scope – Exchange Online Services Subscription to Office 365 service and verification of the SMTP domains for Prista Oil in Office 365. Implementation of Office 365 Directory synchronization and PasswordSync Configuration of coexistence with Office 365. Establish mail flow between Qmail Servers on-premises and Exchange Online. Configure coexistence and changes in domain name system (DNS) and firewalls. Migration of pilot mailboxes to Exchange Online.
On-premises Directory Synchronization – Objects Flow ExchangeActive Directory Office 365 Windows Azure Active Directory Directory Synchronization Provisioning Web Service Logon Enabled User Mail-Enabled (not mailbox-enabled) ProxyAddresses: SMTP: smtp: smtp: TargetAddress: SMTP: Logon Enabled User Mail-Enabled (not mailbox-enabled) ProxyAddresses: SMTP: smtp: smtp: TargetAddress: SMTP: Exchange Online Authentication Platform SharePoint Online Lync Online User Object Mailbox-Enabled ProxyAddresses: SMTP: User Object Mailbox-Enabled ProxyAddresses: SMTP: Sync Cycle Stage 3: Export Users, Groups, and Contacts to Office 365 Sync Cycle Stage 4: Export Write Back attributes Sync Cycle Stage 2: Import Users, Groups, and Contacts from Office 365
Password Synchronization Introduced with DirSync in June 2013 Benefits of using Password Sync as an alternative to Federated Authentication Single set of credentials to access both on-premises and online resources Managed in the customers Active Directory and is synchronized with Office 365 (username + password) Fully integrated in the DirSync appliance No requirement for Active Directory Federation Services. Keeps the deployment simple and eliminates IT costs associated with AD/FS
Migration Factor Triage Third-party Exchange Server Exchange 2000 or earlier POP3 or proprietary What is the current system? Which Exchange Server Version? How do clients connect? Can it be configured for IMAP? IMAP Yes No Exchange 2003 or later Is there any need for long- term mail co- existence? No Yes PST migration or 3rd party migration tool IMAP migration Is there any need for long- term mail co- existence? Hybrid Exchange Staged Exchange or IMAP migration Cutover Exchange migration How many users are there? Yes No 2,000 or over Under 2,000 Want more than just folders Coexistence Cross-Premises Coexistence Rich Simple Temporary Migration How many users are there? 2,000 or over Under 2,000
IMAP Migration Prepare for IMAP Migration Prepare for IMAP Migration Create IMAP Migration Endpoint Create a CSVs for IMAP Migration Configure MX Record Pointing to Office 365 Configure MX Record Pointing to Office 365 Start IMAP Migration Batch Create IMAP Migration Batch
IMAP Migration Process Configure IMAP server to accept connections from Office 365 (port TCP/143 or TCP/993) Add and verify domain in Office 365 Create users and mailboxes in Office 365 -> Manual/Bulk/DirSync Best practices Reconfigure MX record TTL to 15 mins Create a dedicated migration admin user Add permissions to the migration admin If not possible: collect user passwords Prepare for IMAP Migration Prepare for IMAP Migration
IMAP Migration Process User list is defined in CSV files Multiple migration batches CSV file limits: 50,000 rows, max 10 MB Best practices Keep CSV files at secure location Newly arriving s land where MX record points to - no redirection Client software reconfiguration (pointing to ExO) Start IMAP Migration Batch Create IMAP Migration Batch
MCS Customer scenario: Contoso Ltd.
Customer Information Contoso Ltd. is part of international group and offers broad range of telecommunications services Operates in Bulgaria Provides hosting services for group companies and partners
Existing Environment Two locations in Bulgaria with several hundreds of users Several locations with less than 100 users Existing Active Directory forest with multiple domains Messaging infrastructure based on Exchange Server 2007 Unified Communications based on Lync Server 2010
Project Objectives and Team Enable Office 365 services for Contoso users Demonstrate the benefits of using Microsoft Online services Drive business agility Improve operational effectiveness of users and IT staff Project team includes experts from: Microsoft Consulting Services Service Centrix Contoso Ltd. IT department
Project Scope – Exchange and Lync Online Services Subscription to Office 365 service and verification of the SMTP domains for Contoso in Office 365. Establishment of federation trust with Office 365 Implementation of Office 365 Directory synchronization. Configuration of hybrid coexistence with Exchange Online Configuration of hybrid coexistence with Lync Online Migration of pilot users to Exchange and Lync Online.
Federated Identity OAuth2 SAML-P WS-Federation Metadata Graph API
Exchange Hybrid Overview Delegated authentication for on-premises/cloud web services Enables free/busy, calendar sharing, message tracking & online archive Online mailbox moves Preserve the Outlook profile and offline folders Leverages the Mailbox Replication Service (MRS) Manage all of your Exchange functions, whether cloud or on- premises from the same place: Exchange Admin Center Authenticated and encrypted mail flow between on-premises and the cloud Preserves the internal Exchange messages headers, allowing a seamless end user experience Support for compliance mail flow scenarios (centralized transport)
Exchange Hybrid Server Roles On-premises Exchange organization Existing Exchange environment (Exchange 2007 or later) Office 365 Active Directory synchronization Exchange 2013 client access & mailbox server Office 365 User, contacts, & groups via DirSync Secure mail flow Mailbox data via Mailbox Replication Service (MRS) Sharing (free/busy, Mail Tips, archive, etc.) Office 365 Federated Trust Active Directory Federation Services
From an existing Exchange 2007 or 2010 environmentno Edge Transport server Exchange 2013 hybrid deployment autodiscover.contoso.com mail.contoso.com E2010 or 2007 Hub E2010 or 2007 CAS E2010 or 2007 MBX E2013 CAS E2013 MBX Exchange 2010 or 2007 Servers Intranet site SP3/RU10 Internet-facing site 1.Prepare Install Exchange SP and/or updates across the ORG Prepare AD with E2013 schema 2.Deploy Exchange 2013 servers Install both E2013 MBX and CAS servers Set an ExternalUrl and enable the MRSProxy on the Exchange Web Services vdir 3.Obtain and deploy Certificates Obtain and deploy certificates on E2013 CAS servers 4.Publish protocols externally Create public DNS A records for the EWS and SMTP endpoints Validate using Remote Connectivity Analyzer 5.Switch autodiscover namespace to E2013 CAS Change the public autodiscover DNS record to resolve to E2013 CAS 6.Run the Hybrid Configuration Wizard 7.Move mailboxes EWSSMTP
Lync 2013 Hybrid Coexistence Active Directory Lync 2010 Pool Microsoft Federation Gateway Lync Federation Edge AD FS v2 InteroperabilityIM/P, Federation, OWA, UM Sign-on and authentication Directory sync DirSyncProvisioning, GAL Federation for SSO Lync Hybrid Interoperability Integration between local IT systems and the cloud Lync Online Office 365 Exchange Online Legacy OCS 2007 R2 Lync Pool SharePoint Online Directory Sync Edge Same as Exchange
Lync HybridChecklist TaskDetails Deploy DirSync on-premises Lync 2013 tenants created in Office 365Need to provision new Lync 2013 tenants Add vanity domains for hybrid Create TXT/CNAME record that Office 365 completes verification Activate for vanity domain for DirSyncActivate step in the tenant admin experience Certificates for on-premises AD FS Get necessary certificates for AD FS to work against Office 365: SN: sts. SAN: additional sts, one for each vanity domain Domain Name Server (DNS) records for AD FS Publish A record for pointing to on-premises AD FS
Office 365 Tools https://portal.microsoftonline.com/Tools OnRamp - https://onramp.office365.com/onramp/https://onramp.office365.com/onramp/ Office 365 Best Practices Analyzer for Exchange Server 2013 (beta) Microsoft Connectivity Analyzer Exchange Online PowerShell IdFix DirSync Error Remediation Tool Lync Online Transport Reliability IP Probe (TRIPP) Tool Microsoft Online Services Diagnostics and Logging (MOSDAL) Support Toolkit Microsoft Outlook Configuration Analyzer Tool (OCAT) Windows Azure Active Directory Module for Windows PowerShell
Office 365 Resources Office 365 FastTrack Deployment Center Office Ignite Readiness TechNet Center for Office 365 TechNet Center for the new Office Office IT Pro Blog Office 365 Trust Center Office 365 Service Descriptions Service Updates for Office 365 for Enterprises Microsoft Planning Services
If you would like to implement the technologies that you just saw in your organization, then join us for a Customer Immersion Experience (CIE), a hands-on introduction to Windows 8 and the new Office, new servers for business productivity as well as a variety of other Microsoft technologies, including Windows Phone, and Dynamics CRM. A CIE is not a generic demo about all the features Microsoft products offer. It's a true-to-life user experience that takes you through common work-related scenarios such as staying productive while mobile, using social networking to get work done, and connecting in real time with coworkers. It also gives you a first-hand look at the fast and fluid experience of Windows 8 and the exciting features of the new Office across a variety of devices, including tablets, PCs, and smartphones. If you are interested please fill in the feedback form by choosing CIE workshop. Thank you! Customer Immersion Experience (CIE)
Споделете вашата обратна връзка за тази сесия и за цялостната организация на конференцията и участвайте в томболата за HTC 8S и други награди!
Enhanced Secure Mail feature Certificate based attribution for mail flow connectors - no more static IP address lists Explicit TLS certificate selection avoids certificate conflicts Remote domains no longer required for secure mailzSimpler configuration and troubleshooting Centralized Transport feature supports more mail flow paths Edge Server support – Edge Transport Server 2010 Hybrid mail flow enhancements
Secure Mail External recipient DAVID On-premises mailbox Exchange CHRIS Cloud mailbox Third Party Security System Secure Mail Encrypted & authenticated mail flow
All between Exchange on-premises and Exchange Online is encrypted and authenticated Internal mail flow going from Exchange to Exchange must go direct and not through 3rd party gateways External (Internet) mail can be routed to wherever you choose – on premises, 3rd party service, EOP The MX record for the domain controls where inbound external is received The hybrid wizards OnPremisesSmartHost property controls the flow of internal mail from Exchange Online to Exchange on-premises The FQDN defined within OnPremisesSmartHost can be: A single Exchange 2013 CAS or 2010 Edge server Multiple round robin Exchange 2013 CAS or 2010 Edge servers Multiple load balanced Exchange 2013 CAS or 2010 Edge servers (recommended) If you want outbound from on-premises to the Internet to go through EOP you need to create an extra *.* send connector that forwards all mail to EOP Things to remember about Secure Mail
Secure Mail External recipient DAVID On-premises mailbox Exchange CHRIS Cloud mailbox Third-party security system Secure Mail Encrypted & authenticated mail flow
It is built on top of Secure Mail You cannot enable Centralized Transport without it All in and out of Exchange Online is routed via on-premises Unless you have a business requirement to route mail via on-premises you do not need to enable it You can now route inbound Internet to Exchange Online Protection even when Centralized Transport is turned on No more need for FOPE duplicate domains, multiple FOPE companies. It simply works out of the box Things to remember about Centralized Transport