© 2012 Microsoft Corporation. All rights reserved. Microsoft Confidential © 2012 Microsoft Corporation Microsoft Confidential
Exchange 2010 SP2 Hybrid Mode & Office 365 Co-Existence Kamal Abburi Premier Field Engineer - Microsoft Services Microsoft Confidential © 2012 Microsoft Corporation Microsoft Confidential
Premier Field Engineering - What do we do Proactive Services Workshops Health Checks Risk Assessments Supportability Reviews Chalk & Talks Knowledge Transfers Reactive Support Troubleshooting & RCA Partner with PG Technical Leadership Global Community Onsite and Remote Microsoft Confidential © 2012 Microsoft Corporation Microsoft Confidential
Conditions and Terms of Use Microsoft Confidential This training package is proprietary and confidential, and is intended only for uses described in the training materials. Content and software is provided to you under a Non-Disclosure Agreement and cannot be distributed. Copying or disclosing all or any portion of the content and/or software included in such packages is strictly prohibited. The contents of this package are for informational and training purposes only and are provided "as is" without warranty of any kind, whether express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non- infringement. Training package content, including URLs and other Internet Web site references, is subject to change without notice. Because Microsoft must respond to changing market conditions, the content should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Copyright and Trademarks © 2012 Microsoft Corporation. All rights reserved. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. For more information, see Use of Microsoft Copyrighted Content at http://www.microsoft.com/about/legal/permissions/ Microsoft®, Internet Explorer®, and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other Microsoft products mentioned herein may be either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners. © 2012 Microsoft Corporation Microsoft Confidential
Microsoft Confidential Overview Hybrid Deployment Terminology and Components Requirements and Configuration Microsoft Confidential © 2012 Microsoft Corporation Microsoft Confidential
Microsoft Confidential Objective Understand Hybrid deployments and scenarios Understand the planning involved Understand the steps involved for successful implementation Microsoft Confidential © 2012 Microsoft Corporation Microsoft Confidential
Microsoft Confidential Hybrid Deployment Microsoft Confidential © 2012 Microsoft Corporation Microsoft Confidential
Hybrid Deployment Features Secure mail routing between on-premises and Exchange Online organizations. Mail routing with a shared domain namespace. A unified global address list, also called a “shared address book”. Free/busy and calendar sharing between on-premises and Exchange Online organizations. Centralized control of outbound mail flow A single Outlook Web App URL for both the on-premises and Exchange Online organizations. Move existing on-premises mailboxes to the Exchange Online organization. Centralized mailbox management using the on-premises Exchange Management Console Message tracking, MailTips, and multi-mailbox search between on-premises and Exchange Online organizations. Cloud-based message archiving for on-premises Exchange mailboxes Microsoft Confidential
Hybrid Scenarios - Migration to Office 365 Pilot Office 365 Large Migrations Migrate users to the cloud at your own pace Minimal or no disruption in Service Microsoft Confidential
Hybrid Scenarios – Coexist with Office 365 Maintain a hybrid Exchange environment indefinitely Organizational Requirements Public Folders Legacy, email-enabled line-of-business applications Compliance Easy Off Boarding Mergers and acquisitions Mailbox Archive Mailbox Mailbox Microsoft Confidential © 2012 Microsoft Corporation Microsoft Confidential
Microsoft Confidential Things to Consider Highly Configurable - Not Customizable Networks – Datacenter Locations Regulatory and Compliance requirements Manageability Deployment and Maintenance Lifecycles Workloads not available in Exchange Online Outlook 2003 Public Folders Limits Address Lists Permissions Multiple Forests Microsoft Confidential
Microsoft Confidential How do I Decide Exchange Deployment Options Whitepaper Office 365 for Enterprise Service Descriptions Office 365 Advisor Microsoft Office 365 Deployment Readiness Tool Microsoft Office 365 Deployment Guide for Enterprises Microsoft Confidential
Decision Made.. Where do I Start Exchange Server Deployment Assistant On-Premises Only Upgrade from Exchange Server 2003 Upgrade from Exchange 2007 Upgrade from mixed Exchange 2003 and Exchange Server 2007 New installation of Exchange 2010 Hybrid Deployment (On-Premises + Cloud) Exchange 2003 Exchange 2007 Exchange 2010 Cloud Only Microsoft Confidential
Microsoft Confidential ExDeploy Microsoft Confidential
Microsoft Confidential Sample Deployment Microsoft Confidential
Microsoft Confidential Components Office 365 Hybrid server(s) - On Premises Active Directory synchronization ADFS Microsoft Federation Gateway Transport Certificates Hybrid Configuration Wizard Microsoft Confidential © 2012 Microsoft Corporation Microsoft Confidential
Office 365 and Hybrid server(s) - On Premises Office 365 for enterprises Microsoft Exchange 2010 SP1 or later SP2 for the Hybrid Configuration Wizard Mailbox, Client Access, and Hub Transport server roles Windows Server 2003 forest functional mode or higher Microsoft Confidential
Microsoft Confidential Sample Deployment Microsoft Confidential
Microsoft Confidential ADFS Enables access with a single user name and password On Premises Policy and Control Single Active Directory forest Active Directory Federation Services 2.0 Requires unique third-party SSL certificate establish a relying party trust relationship Microsoft Confidential
Microsoft Confidential Sample Deployment Microsoft Confidential
Active Directory synchronization Provides Unified GAL Directory Synchronization tool (32-bit and 64-bit) Cannot be a domain controller Uses SQL Server 2008 Express All Users, mail-enabled contacts and groups Two-way synchronization (write-back) KB 2256198 SafeSendersHash, BlockedSendersHash, SafeReceipientsHash, msExchArchiveStatus, ProxyAddresses, msExchUCVoiceMailSettings, PublicDelelgates Microsoft Confidential © 2012 Microsoft Corporation Microsoft Confidential
Microsoft Confidential Sample Deployment Microsoft Confidential
Microsoft Federation Gateway Identity service that runs over the Internet Uses SSL certificates and proof of domain ownership Establish trust relationships with multiple partners O365 Tenant automatically creates Federation Trust Auto Create Org Relationship Microsoft Confidential © 2012 Microsoft Corporation Microsoft Confidential
Microsoft Confidential Sample Deployment Microsoft Confidential
Microsoft Confidential Mail Flow Shared SMTP Namespaces Secured and Authenticated Mail Flow Channel Privacy Receiver Authentication with Domain Validation Sender Authentication Each organization treats the other one as an internal Microsoft Confidential
Microsoft Confidential Things to Consider Single AD Forest and Domain 20,000 Objects limit Contact support to increase UPN Federated domain should be public (.local ?) Set up single sign-on before AD synchronization. High Availability Network Security Inbound; 25 TCP and 443 TCP Outbound; 25 TCP, 80 TCP and 443 TCP Bandwidth Microsoft Confidential
Microsoft Confidential Things to Consider Outlook 2010 for best experience Outlook 2007 Unified Messaging Mobile Devices Partnership should be disabled and re-enabled Licenses Public Folders All Management from On Premises No transfer of permissions DNS Records Autodiscover, spf Microsoft Confidential
Things to Consider - Certificates Active Directory Federation Services Security token services(sts.contoso.com) Exchange federation Self Signed can be used Exchange services Autodiscover(autodiscover.contoso.com) OWA ActiveSync EWS Outlook Anywhere Transport FQDN of your Exchange 2010 hybrid server Microsoft Confidential
Hybrid Configuration Wizard Guides End-to-End process for Hybrid Deployment Replaces approximately 50 manual steps Validate Permissions Verify Prerequisites and Topology Creates the HybridConfiguration object in Active Directory Makes the configuration changes to create and enable the hybrid deployment Microsoft Confidential
Hybrid Configuration Engine Microsoft Confidential © 2012 Microsoft Corporation Microsoft Confidential
Microsoft Confidential Hybrid Configuration Coexistence domain Adds as accepted domain <domain>.mail.onmicrosoft.com Adds as secondary proxy domain to any e-mail address policies Exchange federation Check for an existing federation trust Use Existing or Create a federation trust Create and Configure organizational relationships Enable free/busy sharing, Outlook Web App redirection, message tracking, and MailTips Mailbox Moves Enable the Mailbox Replication Service (MRS) proxy Mail flow Configure On Premises Servers and FOPE for Mail Routing Microsoft Confidential
New Hybrid Configuration Microsoft Confidential © 2012 Microsoft Corporation Microsoft Confidential
Microsoft Confidential Demo Microsoft Confidential
Microsoft Confidential Manage Microsoft Confidential
Microsoft Confidential Troubleshooting Microsoft Confidential
Microsoft Confidential Take Away Run ExDeploy Sign Up for 0365 Register your Domains with 0365 Run Microsoft Office 365 Deployment Readiness Tool Deploy Single Sign On Deploy Directory Synchronization Install Exchange 2010 SP2 Configure External Access , DNS records, Certificates Dependencies are Key Run Hybrid Wizard Microsoft Confidential