BE-com.eu Brussel, 26 april 2016 EXCHANGE 2010 HYBRID (IN THE EXCHANGE 2016 WORLD)

Slides:



Advertisements
Similar presentations
Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Advertisements

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Configuring SharePoint 2013 and Office 365 Hybrid – Part 1
Module 12 Upgrading from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.
Microsoft ® Exchange Online Migration and Coexistence Name Title Microsoft Corporation.
Hybrid Search with SharePoint 2013 and Office 365 Brendan Griffin.
Identity management integration options for Office 365
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Active Directory Integration with Microsoft Office 365
Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.
2 Part 1 What should I know before I jump into the deep water? Office Subscription plans Office 365 – Trail account Office 365 – what should I know.
Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.
IMAP migration Cutover migration Staged migration 2010 Hybrid2013 Hybrid Exchange 5.5 Exchange 2000 Exchange 2003 Exchange 2007 Exchange 2010 Exchange.
Configuring Hybrid Exchange the Easy Way
Archiving in the cloud with Exchange Online Archiving Bharat Suneja Sr Technical Writer | Exchange Microsoft Corporation EXL301.
Archiving in the Cloud with Exchange Online Archiving BHARAT SUNEJA SR TECHNICAL WRITER | EXCHANGE MICROSOFT CORPORATION EXL301.
TechEd /20/2017 2:02 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Introduction 4 FeatureSimpleHybrid Mail routing between on-premises and cloud (recipients on either side) Mail routing with shared namespace (if desired)
Introduction Please answer the survey questions posted at the end of this meeting. Let us know what sessions you want! Josh Topal at
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
Office 365 Exchange Online Migration Overview. Catapult Overview  An independent wholly owned subsidiary of CSI since 2013  Privately founded in 1993,
Chris Goosen Infrastructure Consultant Kloud Solutions.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
5 | Microsoft Confidential 6 | Microsoft Confidential.
Single Sign-On with Microsoft Azure
Module 2 Designing Microsoft® Exchange Server 2010 Integration with the Current Infrastructure.
Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium
…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Office 365 deployment choices Cutover, Staged, Hybrid What is AD FS (Active Directory Federation Services) Attribute Stores, ADFS Configuration Database.
Module 12 Integrating Exchange Server 2010 with Other Messaging Systems.
Office 365 hur kommer du dit – på riktigt Magnus Björk Altitude 365.
Module 12 Upgrading from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.
Module 11 Upgrading to Microsoft ® Exchange Server 2010.
XTRABANNER Deployment Scenarios 12-MAR Scenario 1: On Premise Exchange - Before On Premise Network Internet Active Directory Exchange
DMI202 Experience Value Early New Cloud Experience Real World Benefits Broad Production Use Full Feature Value Meet your needs Deploy Enhance Pilot.
Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Office 365 Office 365 Overview & InfrastructureAdministering Lync Online.
Bronze Sky customer premises AD MS Online Directory Sync Provisioning platform Provisioning platform Lync Online Lync Online SharePoint Online SharePoint.
Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.
Implementing Microsoft Exchange Online with Microsoft Office 365
Configuration Manager and InTune Gemeinsam oder einsam?
Exchange Hybrid Deployments: Stairway to Heaven or Highway to Hell?
DNS DNS changes required to validate domains in Office 365 UPN – User Principal Name Every user must have a UPN UPN suffixes must match a validated.
Exchange Hybrid: Deployment, best practices, and what’s new
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.
 Step 2 Deployment Overview  What is DirSync?  Purpose – What does it do?  Understanding Synchronization  Understanding Coexistence  Understanding.
 What is DirSync?  Purpose – What does it do?  Understanding Synchronization  Understanding Coexistence  Demo.
Preparing Identities for the Cloud Randy Robb 2016 Redmond Summit | Identity Without Boundaries May 24 th 2016 Senior Consultant
Deployment on your terms Hybrid Exchange deployment on your terms On-premises.
ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.
Private KEEP OFF! Private KEEP OFF! Open! What is a cloud? Cloud computing is a model for enabling convenient, on-demand network access to a shared.
Office 365 Migration Challenges Drew St. John 2016 Redmond Summit | Identity Without Boundaries May 24, 2016 Consultant
Jhong Catane Exchange Hybrid Deployment PRD34 2.
Office 365 Migration – Understanding Migrations Part 1
När verkligheten hälsar på
hur kommer du dit – på riktigt
Hybrid Search Planning Implementation.
05 | AD to Windows Azure AD IT Professionals
Migrating to Office 365 from Google mail and exchange
06 | Planning Exchange Online and Configuring DNS Records
SharePoint Online Hybrid – Configure Outbound Search
M7: New Features for Office 365 Identity Management
TechEd /9/2018 5:39 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
M6: Advanced Identity Management topics for Office 365
10 | Implementing Directory Synchronization
SBS 2008 – One year on David Overton
Presentation transcript:

BE-com.eu Brussel, 26 april 2016 EXCHANGE 2010 HYBRID (IN THE EXCHANGE 2016 WORLD)

Jaap Wesselius Independent consultants Office Server and Services MVP (was Exchange MVP) http :// bit.ly/ProEx2013SP1 Blog: jaapwesselius.com

Identities Exchange Hybrid What is it What version do we use How do we implement Decommission Exchange on-premises Should you? Is that supported? Summary AGENDA

IDENTITIES

Live in the Cloud Provisioned through MS Online Portal or PowerShell Source of authority: Office 365 Managed in the Cloud Authenticate in the Cloud Separate credential from on-premises Has nothing to do with on-premises Active Directory No Directory Synchronization, no hybrid, no ADFS…. Just Office 365 CLOUD IDENTITIES

Live in the Cloud Source of authority: Active Directory on-premises managed on-premises Separate credential, but same username/password Authenticate in the Cloud Password policy on-premises Need DirSync solution Exchange hybrid can use Synced Identities SYNCED IDENTITIES

Live on-premises Source of authority: on-premises Authenticate on-premises One set of credentials Single Sign-On Password policy on-premises Need DirSync solution Need Federation infrastructure FEDERATED IDENTITIES

This is the most important part, the Source of Authority Where is the account managed? In the cloud  Cloud Identity On-premises  Synced or Federated Identity Not only provisioning of the account, but also Password management Attribute management Exchange related attributes Important to realize when decommissioning Exchange servers! SOURCE OF AUTHORITY

EXCHANGE HYBRID

Exchange Hybrid is not (really) a migration tool Exchange Hybrid is a long term coexistence scenario Consists of Exchange on-premises and Exchange online Provides transparent connectivity between Exchange on-premises and Exchange online Secure messaging Transparent autodiscover Free/busy information, mailtips, OOF information WHAT IS EXCHANGE HYBRID?

HYBRID – ARCHITECTURE On-premises Exchange Org Users, Groups, Contacts via DirSync Office 365 Existing Exchange 2010 Azure AD Connect Exchange 2016 Secure Mail Flow Sharing (free/busy, MailTips, archive, etc.) Mailbox Data via MRS

TYPICAL EXCHANGE 2010 ENVIRONMENT Two Exchange 2010 (multi-role) servers Two Exchange 2010 Edge Transport servers A (hardware) load balancer Three namespaces: Webmail.contoso.com Autodiscover.contoso.com Smtp.contoso.com Outlook 2010, OWA, ActiveSync Has been working fine the last 5 years….

Exchange 2010 is running fine, but…. TMG is installed in front of Exchange 2010 A 3 rd party appliance is used for anti-spam Exchange is not accessible from the Internet Exchange is accessible for OWA, but Outlook Anywhere is not enabled Really old Outlook clients (sometimes still running on Windows XP) Oh, and did I mention… Security Officers, Privacy Officers, Network Officers… CHALLENGES A CONSULTANT RUNS INTO…

Directory Synchronization Azure AD Connect, tool from Microsoft, preferably on dedicated server Windows 2008 or higher, Forest Functional Level Windows 2003 or higher Password synchronization requires Windows 2008 R2 or higher, and Windows Management Framework 4 (.NET Framework and PowerShell 3.0) Your best option is to use Windows 2012 R2 Uses internet routable domain for User Principal Name (UPN) Run IDFix tool to fix potential issues with on-premises Active Directory (recommendation) REQUIREMENTS FOR EXCHANGE HYBRID

Activate Directory Synchronization in Admin Portal Install Azure AD Connect (on separate server) Service Account on-premise and in Azure Active Directory Port 443 access to Azure AD Finish wizard and wait for replication to happen (< 1 minute) EXCHANGE 2010 WITH AZURE AD CONNECT

OFFICE 365 ADMIN PORTAL

EXCHANGE (ONLINE) ADMIN CONSOLE

What is an Exchange Hybrid Server? It’s an Exchange server where the Hybrid Configuration Wizard is run Where the actual creation and configuration of the Hybrid configuration is performed Does it have to be an Exchange 2016 server? Or an Exchange 2013 server? Or an Exchange 2010 server? Do you need an additional Exchange 2010 hybrid server at all? EXCHANGE HYBRID SERVER

When adding an additional Exchange 2016 server as ‘hybrid server’…. You are half way an Exchange 2010  Exchange 2016 migration Not ‘just add an Exchange 2016 server’ Add new Exchange 2016 servers to the Exchange organization Switch client access to new Exchange 2016 servers Webmail.contoso.com Autodiscover.contoso.com You’re running an Exchange 2010 / Exchange 2016 coexistence scenario ADDITIONAL EXCHANGE HYBRID SERVER

HYBRID CONFIGURATION WIZARD For Exchange 2013 and Exchange 2016 this is a stand-alone application For Exchange 2010 it was integrated in Exchange Management Console As of February 2016 the HCW is stand-alone application as well Can be run on any Exchange 2010 server in your organization No need to install Exchange 2016 in your existing infrastructure (at this point at least) Do you need an additional Exchange 2010 server? For performance reasons it can be useful

Can be found in the Exchange (online) Admin Center Select Hybrid, click Configure and click Get Started to start wizard Select proper Exchange (2010) server Enable Federation Trust Create TXT proof record in public DNS (verification purposes) Configure Client Access and Mailbox server (for transport) Select proper certificate And wait for configuration to finish HYBRID CONFIGURATION WIZARD

New Hybrid Configuration object in Active Directory New Accepted Domain (contoso.mail.onmicrosoft.com) New Address Policy New Remote Domains New Send Connector to Office 365 New Receive Connector from Office 365 WHAT IS CONFIGURED ON-PREMISES

How to Configure TMG for Office 365 (Exchange) Hybrid deployments IP Restrictions for Office XML file with all IP addresses CUSTOMER SECURITY REQUIREMENTS

DECOMMISSION EXCHANGE

Question heard often…. Can I decommission my on-premises Exchange? After you moved all Mailboxes (and Public Folders) to Office 365, why do you need an on-premises Exchange server? For management purposes! Remember, source of authority is still on-premises Active Directory All related properties are managed on-premises ADSI Edit can be used (support statement not clear) but certainly not recommended or supported! More information on Technet: DECOMMISSIONING EXCHANGE ON-PREMISES

Recommendation: Keep one Exchange server on-premises unless you want to get rid of all your servers, including Identity Management! Upgrade from Exchange 2010 to Exchange 2016 is easy at this point Use the ‘hybrid license’ for this server No need for high availability It does not even have to be configured as a hybrid server But if you do…. You have an offboarding solution DECOMMISSIONING EXCHANGE ON-PREMISES

SUMMARY

Exchange 2010 can be fully configured in a hybrid scenario Exchange 2016 server as ‘hybrid server’ adds complexity Exchange hybrid scenario uses ‘linked identities’ or ‘federated identities’ Source of authority is on-premises You always need one Exchange server on-premises for management purposes SUMMARY

Q&A