Presentation on theme: "Преходът към Office365 – различни сценарии, но винаги полезни"— Presentation transcript:
1Преходът към Office365 – различни сценарии, но винаги полезни Sofia Event Center21-22 ноември 2013 г.Преходът към Office365 – различни сценарии, но винаги полезниХристо ХристовService Centrix Ltd.
2Agenda Introducing the FastTrack Deployment Methodology 10968BAgenda1: The Office 365 Deployment ChallengeIntroducing the FastTrack Deployment MethodologyMicrosoft Consulting Services Customer scenarios: Prista Oil, Contoso Ltd.Additional tools and informationQ&AThis first module provides the students a brief refresher on Office 365, identifying the updates in the latest refresh of this cloud service. However, you are not expected to explain the service in depth or go into detail about the individual components. You then move on to compare and contrast the old and new deployment methodologies and emphasize the difference in time in getting to the position where the first customer mailbox is deployed. Finally, you get the students to review the initial design factors that they need to evaluate before starting the pilot process, including identifying any possible problems that could potentially cause issues later in the deployment process.The key to this module is that you emphasize how radically different the FastTrack approach is to the original plan/prepare/migrate process. Highlight the huge reduction in time to getting a working pilot, the fact that the pilot can seamlessly migrate into production, and that the point at which a customer has the first working mailbox goes from weeks to days. However, you should prepare for a degree of incredulity from the students, particularly those with a strong consultancy background, who might consider the FastTrack approach reckless.A key factor in gaining acceptance of the FastTrack approach is to emphasize that you are not removing the planning aspect, but rather, you are doing it at a different point in the deployment process. So you do not plan for hybrid Exchange before beginning the pilot; you plan for it at the point at which it becomes a deployment option in the Enhance phase.
3Introducing the FastTrack Deployment Methodology 10968BIntroducing the FastTrack Deployment Methodology1: The Office 365 Deployment ChallengeThe FastTrack PhasesIn this lesson, it is vital that you really carry the class with your enthusiasm for the new FastTrack deployment method. There will be students from traditional consulting backgrounds who may be completely overwhelmed with this approach and the difference between a cautious, box-ticking, don’t-do- anything-without-checking-every-eventuality process and this more modern and dynamic approach that starts migrating users into the pilot program on the first day.To sell this new approach, you must constantly emphasize that they are migrating organizations into a built and reliable environment, so the risks are already known and understood. You should acknowledge the concerns of the students but reassure them that the methodology itself mitigates risk and ensures that the planning becomes part of the deployment process, rather than having to be front-loaded onto the project.
4Traditional Deployment Methodology 10968BTraditional Deployment Methodology1: The Office 365 Deployment ChallengePre-DeploymentPlanPrepareMigratePost-DeploymentPoint out that the numbers represent the number of weeks for the project duration.123456789101112….PrePlanPrepareMigratePostNote: Timeline in Weeks
5Disadvantages of the Traditional Approach 10968BDisadvantages of the Traditional Approach1: The Office 365 Deployment ChallengePre-DeploymentPlanPrepareMigratePost-DeploymentPoint out that the first mailbox appearing after typically 8–12 weeks is just too long. Customers need to see the benefits of Office 365 much earlier.123456789101112….PrePlanPrepareMigratePostFirst MailboxNote: Timeline in WeeksDo not treat a cloud deployment like an on-premises deployment
6The FastTrack Deployment Process 10968BThe FastTrack Deployment Process1: The Office 365 Deployment ChallengePilotDeployEnhanceGain real world benefitsAchieve production useThis is just an introduction—you go into the detail later in the lesson.Experience value early;discover cloud advantageImplement full features;meet organizational needs
7Advantages of the FastTrack Approach 10968BAdvantages of the FastTrack Approach1: The Office 365 Deployment ChallengeNo throw-away effort on a production pilotFull Office 365 user experience with minimal on- premises requirementsReduced time to value against effort investedMultiple data migration methods:New mailbox, self-service, and IT managedRange of identity options:Cloud IDs, synchronized IDs, password sync, and federated IDsDeployment portal with prescriptive guidanceTake the students through each point in the slide and emphasize the value of what the FastTrack delivers compared to the traditional approach. You may still get some resistance at this point—if you do, acknowledge their concerns and tell them that you expect to answer their objections as they become more familiar with the process.Please read the deployment portal with prescriptive guidance at the following link:
8Components and Scenarios of Office 365 solutions 10968BComponents and Scenarios of Office 365 solutions1: The Office 365 Deployment ChallengeCore Components of Office 365Core Identity Scenarios with Office 365Core Messaging Scenarios with Office 365Core Lync Scenarios with Office 365Core SharePoint Scenarios with Office 365Core Client Scenarios with Office 365Office 365 Capability Matrix per Deployment StepThis first module provides the students a brief refresher on Office 365, identifying the updates in the latest refresh of this cloud service. However, you are not expected to explain the service in depth or go into detail about the individual components. You then move on to compare and contrast the old and new deployment methodologies and emphasize the difference in time in getting to the position where the first customer mailbox is deployed. Finally, you get the students to review the initial design factors that they need to evaluate before starting the pilot process, including identifying any possible problems that could potentially cause issues later in the deployment process.The key to this module is that you emphasize how radically different the FastTrack approach is to the original plan/prepare/migrate process. Highlight the huge reduction in time to getting a working pilot, the fact that the pilot can seamlessly migrate into production, and that the point at which a customer has the first working mailbox goes from weeks to days. However, you should prepare for a degree of incredulity from the students, particularly those with a strong consultancy background, who might consider the FastTrack approach reckless.A key factor in gaining acceptance of the FastTrack approach is to emphasize that you are not removing the planning aspect, but rather, you are doing it at a different point in the deployment process. So you do not plan for hybrid Exchange before beginning the pilot; you plan for it at the point at which it becomes a deployment option in the Enhance phase.
9Core Components of Office 365 10968BCore Components of Office 3651: The Office 365 Deployment ChallengeAgain, the students should already know most of this information. Do not labor the point; just make sure that they all have a common understanding of the services in Office 365.Highlight the link to the service descriptions for the latest version of Office 365.Exchange OnlineSharePoint OnlineLync OnlineOffice 365 ProPlusWindows Azure Active Directory
10Core Identity Scenarios with Office 365 Cloud IdentitySingle identity in the cloud Suitable for small organizations with no integration to on-premises directoriesWindows Azure Active DirectoryWebform or UploadOn-Premises IdentityDirSync/ PasswordSyncDirectory Synchronization Single identity suitable for medium and large organizations without federationWindows Azure Active DirectoryFederated IdentityOn-Premises IdentityFederationSingle federated identity and credentials suitable for medium and large organizationsWindows Azure Active DirectoryDirectory Sync
11Office 365 Capability Matrix per Deployment Step Key CapabilitiesStep 1 – PilotStep 2 – DeployStep 3 - ExtendIdentity Sign OnCloud IDsCorporate AD user account with same password via Password SyncCorporate AD user account and password via ADFSOption for Integration with “Works with O365” Identity ProvidersOption for Shibboleth IntegrationActive Directory RemediationNot applicableIdFix Dirsync Error Remediation ToolCustom Engagement
12Core Messaging Scenarios with Office 365 No CoexistenceExchange OnlineService Generated NamespaceNew NameSpaceMail routing between on-premises and Office 365Shared NamespaceSimple CoexistenceExchange OnlineFederated CoexistenceOnboarding/OffboardingExch FederationExchange OnlineCalendar Sharing
16Core SharePoint Scenarios with Office 365 User SitesSharePoint OnlineNews FeedsSkyDrive ProBasic Web PageSharePoint OnlineExternal Web PageSite Collections/Team SitesSharePoint OnlineSite CollectionTeam SitesSub Sites
17Office 365 Capability Matrix per Deployment Step SharePointKey CapabilitiesStep 1 – PilotStep 2 – DeployStep 3 - ExtendTeam SitesaSky Drive ProExternal SharingOffice Web AppsPublic Site with Corporate DNSSharePoint Solutions (BCS, Duet)Click-to-Run Office 2013 Pro PlusSelf-Serve for Pilot UsersSelf-Serve for Dirsync UsersIT Managed Deployment
18Core Client Scenarios with Office 365 Web Based ClientsBrowser BasedOutlook Web AccessLync Web AccessOffice Web AppsOffice Pro Plus – self service optionalOffice Pro PlusAll ClientsBrowser Based +Office 2007/2010/2013Lync
20Customer InformationPRISTA OIL GROUP is a holding structure, with two main activities:Production and trading of motor and industrial oils, greases and special fluids Battery Business – part of the MONBAT structure (one of the blue chips on Sofia Stock Exchange)PRISTA OIL has its own production facilities in Bulgaria, Turkey and HungaryPRISTA OIL HOLDING EAD is operating in more than 20 countries in Central and Eastern Europe, Near and Middle East, as well as in Ukraine, Georgia, Kazakhstan and others
21Existing EnvironmentTwo locations in Bulgaria with several hundreds of usersSeveral locations with less than 100 usersAD was partially deployed in Prista OilDifferent mail services (Qmail) and mail address spaces were implemented in Bulgarian locationsVariety of clients are currently used – Outlook, Outlook Express and ThunderbirdAn existing trial of Office 365 service was usedBusiness location outside Bulgaria have heterogeneous systems - Exchange, MDaemon, cloud based and etc.
22Project Objectives and Team Design and optimization of IT infrastructure servicesDesign and implementation of Active Directory servicesProvide Exchange Online ServicesDevelop unified workstations images with managementProvide a new solution services for pilot usersProject team includes experts from:Microsoft Consulting ServicesService CentrixPrista Oil IT department
23Project Scope – Exchange Online Services Subscription to Office 365 service and verification of the SMTP domains for Prista Oil in Office 365.Implementation of Office 365 Directory synchronization and PasswordSyncConfiguration of coexistence with Office 365.Establish mail flow between Qmail Servers on-premises and Exchange Online.Configure coexistence and changes in domain name system (DNS) and firewalls.Migration of pilot mailboxes to Exchange Online.
25Password Synchronization Introduced with DirSync in June 2013Benefits of using Password Sync as an alternative to Federated Authentication“Single set of credentials” to access both on-premises and online resourcesManaged in the customer’s Active Directory and is synchronized with Office 365 (username + password)Fully integrated in the DirSync applianceNo requirement for Active Directory Federation Services.Keeps the deployment simple and eliminates IT costs associated with AD/FSDirSync version and above.DirSync change log:
26Email Migration Factor Triage 10968BMigration Factor Triage4: Planning the Deploy Phase – Part 2Third-partyExchangeServerExchange 2000 or earlierPOP3 orproprietaryWhat is the current system?Which Exchange Server Version?How do clients connect?Can it be configured for IMAP?IMAPYesNoExchange 2003 or laterIs there anyneed for long-term mail co-existence?PST migration or 3rd party migration toolIMAP migrationHybrid ExchangeStaged Exchange or IMAP migrationCutover Exchange migrationHow manyusers are there?2,000 or overUnder 2,000Want more than just foldersCoexistenceCross-Premises CoexistenceRichSimpleTemporaryMigrationHow many users are there?Take the students through some of the options and show, for example, how an organization with under 2,000 users, Exchange 2007, and no requirement for long-term coexistence would perform a cutover Exchange migration.Point the students to the diagram in the content if the project image is too small.
27IMAP Migration Prepare for IMAP Migration Create a CSVs for IMAP MigrationCreate IMAP Migration EndpointCreate IMAP Migration BatchStart IMAP Migration BatchConfigure MXRecord Pointingto Office 365Delete IMAP Migration Batches
28IMAP Migration Process Preparefor IMAPMigrationConfigure IMAP server to accept connections from Office 365 (port TCP/143 or TCP/993)Add and verify domain in Office 365Create users and mailboxes in Office > Manual/Bulk/DirSyncBest practicesReconfigure MX record TTL to 15 minsCreate a dedicated migration admin userAdd permissions to the migration adminIf not possible: collect user passwords
29IMAP Migration Process Create IMAP Migration BatchStart IMAP Migration BatchUser list is defined in CSV filesMultiple migration batchesCSV file limits: 50,000 rows, max 10 MBBest practicesKeep CSV files at secure locationNewly arriving s land where MX record points to - no redirectionClient software reconfiguration (pointing to ExO)
31Customer InformationContoso Ltd. is part of international group and offers broad range of telecommunications servicesOperates in BulgariaProvides hosting services for group companies and partners
32Existing EnvironmentTwo locations in Bulgaria with several hundreds of usersSeveral locations with less than 100 usersExisting Active Directory forest with multiple domainsMessaging infrastructure based on Exchange Server 2007Unified Communications based on Lync Server 2010
33Project Objectives and Team Enable Office 365 services for Contoso usersDemonstrate the benefits of using Microsoft Online servicesDrive business agilityImprove operational effectiveness of users and IT staffProject team includes experts from:Microsoft Consulting ServicesService CentrixContoso Ltd. IT department
34Project Scope – Exchange and Lync Online Services Subscription to Office 365 service and verification of the SMTP domains for Contoso in Office 365.Establishment of federation trust with Office 365Implementation of Office 365 Directory synchronization.Configuration of hybrid coexistence with Exchange OnlineConfiguration of hybrid coexistence with Lync OnlineMigration of pilot users to Exchange and Lync Online.
35Federated Identity Windows Azure Active Directory On Premises OAuth2SAML-PWS-FederationMetadataGraph APIAuthenticationOffice 365 Admin PortalOffice Activation ServiceAuthorizationExchange Mailbox Access…Active Directory Federation ServicesOne way trustActive DirectoryDirSyncOn Premises
37Exchange Hybrid Server Roles On-premises Exchange organizationExisting Exchange environment (Exchange 2007or later)Office 365 Active Directory synchronizationExchange 2013client access &mailbox serverOffice 365User, contacts, & groups via DirSyncSecure mail flowMailbox data via Mailbox Replication Service (MRS)Sharing (free/busy, Mail Tips, archive, etc.)Active Directory Federation ServicesOffice 365 Federated Trust
38Exchange 2013 hybrid deployment From an existing Exchange 2007 or 2010 environment—no Edge Transport serverPrepareInstall Exchange SP and/or updates across the ORGPrepare AD with E2013 schemaDeploy Exchange 2013 serversInstall both E2013 MBX and CAS serversSet an ExternalUrl and enable the MRSProxy on the Exchange Web Services vdirObtain and deploy CertificatesObtain and deploy certificates on E2013 CAS serversPublish protocols externallyCreate public DNS A records for the EWS and SMTP endpointsValidate using Remote Connectivity AnalyzerSwitch autodiscover namespace to E2013 CASChange the public autodiscover DNS record to resolve to E2013 CASRun the Hybrid Configuration WizardMove mailboxesClientsOffice 365autodiscover.contoso.commail.contoso.com55EWSSMTP112244E2013 CASE2013 MBXE2010 or 2007 HubE2010 or 2007 CASExchange 2010 or 2007 Servers33SP3/RU10SP3/RU10667E2010 or 2007 MBXInternet-facing siteIntranet site
39Lync 2013 Hybrid Coexistence Office 365Lync OnlineExchange OnlineLyncFederation EdgeInteroperability—IM/P, Federation, OWA, UMSharePoint OnlineMicrosoft Federation GatewayDirectory syncSign-on and authenticationEdgeIntegration between local IT systems and the cloudLync PoolDirectory SyncSlide Objective: Explain Hybrid Coexistence.NotesAs said earlier, there are two prerequisites for Hybrid deployment to work:Deploy DirSync to have user provisioning and GAL managed in the cloud based on the admin operations performed on-premises (user creation, modification, removal)Deploy AD FS to enable users to use their corporate credentials for accessing cloud servicesOn this diagram, where we say Lync pool, this could be 2010 (with appropriate cumulative updates) or 2013.Federation must use a Lync Federation Edge, which must route traffic to a Lync pool. If the company is only using OCS 2007 R2, it will have to deploy Lync 2010 or Lync 2013 to be able to federate with Office 365 (in case the company wants to deploy a Hybrid scenario or migrate existing on-premises users to the cloud).When looking at this type of architecture, redundancy is important. Edge, as well as the next-hop pool, must be redundant to ensure that flow between on-premises and online deployments will not stop in case of a single-server failure.AD FS v2DirSync—Provisioning, GALSame as ExchangeFederation for SSOActiveDirectoryLegacy OCS 2007 R2Lync 2010 PoolLync Hybrid Interoperability
40Lync Hybrid—Checklist TaskDetailsDeploy DirSync on-premisesLync 2013 tenants created in Office 365Need to provision new Lync 2013 tenantsAdd vanity domains for hybridCreate TXT/CNAME record that Office 365 completes verificationActivate for vanity domain for DirSyncActivate step in the tenant admin experienceCertificates for on-premises AD FSGet necessary certificates for AD FS to work against Office 365:SN: sts.<vanitydomain>SAN: additional sts, one for each vanity domainDomain Name Server (DNS) records for AD FSPublish A record for <sts.vanitydomain> pointing to on-premises AD FSSlide Objective: Checklist for Split Domain.NotesThis slide describes the required steps for deploying a Split-Domain infrastructure:Deploy DirSync on the company premises: At this time, the server is prepared but the DirSync Configuration wizard is set to not runGet a Lync 2013 tenant in Office 365Add the SIP domains to the list of approved domains in Office 365Enable Directory Synchronization for the tenant: This will allow DirSync to synchronize data from corporate Active Directory to Office 365Deploy and configure AD FS: AD FS and AD FS Proxy Servers must be deployed. Also, certificates with correct entries must be deployed on these servers as well as DNS entries
41Office 365 Tools https://portal.microsoftonline.com/Tools OnRamp - https://onramp.office365.com/onramp/Office 365 Best Practices Analyzer for Exchange Server 2013 (beta)Microsoft Connectivity AnalyzerExchange Online PowerShellIdFix DirSync Error Remediation ToolLync Online Transport Reliability IP Probe (TRIPP) ToolMicrosoft Online Services Diagnostics and Logging (MOSDAL) Support ToolkitMicrosoft Outlook Configuration Analyzer Tool (OCAT)Windows Azure Active Directory Module for Windows PowerShell
42Office 365 Resources Office 365 FastTrack Deployment Center 10968BOffice 365 Resources1: The Office 365 Deployment ChallengeOffice 365 FastTrack Deployment CenterOffice Ignite ReadinessTechNet Center for Office 365TechNet Center for the new OfficeOffice IT Pro BlogOffice 365 Trust CenterOffice 365 Service DescriptionsService Updates for Office 365 for EnterprisesMicrosoft Planning ServicesYou might want to show the links for some of these resources.
43Customer Immersion Experience (CIE) If you would like to implement the technologies that you just saw in your organization, then join us for a Customer Immersion Experience (CIE), a hands-on introduction to Windows 8 and the new Office, new servers for business productivity as well as a variety of other Microsoft technologies, including Windows Phone, and Dynamics CRM. A CIE is not a generic demo about all the features Microsoft products offer. It's a true-to-life user experience that takes you through common work-related scenarios such as staying productive while mobile, using social networking to get work done, and connecting in real time with coworkers. It also gives you a first-hand look at the fast and fluid experience of Windows 8 and the exciting features of the new Office across a variety of devices, including tablets, PCs, and smartphones.If you are interested please fill in the feedback form by choosing CIE workshop.Thank you!
44и участвайте в томболата за HTC 8S и други награди! Споделете вашата обратна връзка за тази сесия и за цялостната организация на конференциятаи участвайте в томболата за HTC 8S и други награди!
45Hybrid mail flow enhancements Enhanced Secure Mail featureCertificate based attribution for mail flow connectors - no more static IP address listsExplicit TLS certificate selection avoids certificate conflictsRemote domains no longer required for secure mailzSimpler configuration and troubleshootingCentralized Transport feature supports more mail flow pathsEdge Server support – Edge Transport Server 2010
46Secure Mail Exchange Online Protection Internet On-premises organizationYou can choose to route outbound on-premises mail via EOPMX is switched to Exchange Online ProtectionOutbound Exchange Online traffic is delivered directMX resolves to on-premises gatewayExternal recipientThird Party Security SystemSecure MailExchange Online ProtectionDAVID On-premises mailboxEncrypted & authenticated mail flowExchange OnlineExchangeCHRIS Cloud mailbox
47Things to remember about Secure Mail All between Exchange on-premises and Exchange Online is encrypted and authenticatedInternal mail flow going from Exchange to Exchange must go direct and not through 3rd party gatewaysExternal (Internet) mail can be routed to wherever you choose – on premises, 3rd party service, EOPThe MX record for the domain controls where inbound external is receivedThe hybrid wizard’s “OnPremisesSmartHost” property controls the flow of internal mail from Exchange Online to Exchange on-premisesThe FQDN defined within OnPremisesSmartHost can be:A single Exchange 2013 CAS or 2010 Edge serverMultiple round robin Exchange 2013 CAS or 2010 Edge serversMultiple load balanced Exchange 2013 CAS or 2010 Edge servers (recommended)If you want outbound from on-premises to the Internet to go through EOP you need to create an extra “*.*” send connector that forwards all mail to EOP
48Secure Mail Exchange Online Protection Internet On-premises organizationMX resolves to on-premises gatewayAll in and out of the Exchange Online tenant must go via on-premisesMX is switched to Exchange Online ProtectionExternal recipientThird-party security systemSecure MailExchange Online ProtectionDAVID On-premises mailboxEncrypted & authenticated mail flowExchange OnlineExchangeCHRIS Cloud mailbox
49Things to remember about Centralized Transport It is built on top of Secure MailYou cannot enable Centralized Transport without itAll in and out of Exchange Online is routed via on-premisesUnless you have a business requirement to route mail via on-premises you do not need to enable itYou can now route inbound Internet to Exchange Online Protection even when Centralized Transport is turned onNo more need for FOPE “duplicate domains”, multiple FOPE companies. It simply works out of the box