Presentation is loading. Please wait.

Presentation is loading. Please wait.

Office 365 – How NOT to do it UKNOF43.

Published byLennert Vos Modified over 5 years ago

Similar presentations

Presentation on theme: "Office 365 – How NOT to do it UKNOF43."— Presentation transcript:

1 Office 365 – How NOT to do it UKNOF43

2 Andrew Ingram Owner of High Tide Consulting
Corporate mergers, acquisitions and divestments expertise Infrastructure Applications User migrations etc Design and Build Data Centres, Citrix, AD Always looking for the next challenge!

3 Before the cloud Proxy servers where king
Routing all internet traffic over WAN or VPN back to the DC All external DNS requests send back to the DC Firewall at the DC handling NAT for the whole company out of a single IPv4 address

4 Then came the cloud More traffic to the Internet, links not big enough
WAN links are expensive Global DNS load Balancing broke with Central DNS DC Firewall started to struggle Proxy servers struggle QOS implemented as a temporary solution

5

6 Then came O365 O365 is not Proxy server friendly
O365 merges applications and web browser apps together Global DNS Load balancing heavily used CDN networks heavily used with a large list of URL’s O365 use TCP Windows Scales TCP Idle times default of 100 to 300 seconds (Previously recommended best practice) Updates of CRL (Certificate Revocation List)

7

8 What to Plan for Local internet breakout Local DNS Breakout
Enterprise grade internet links (Not a domestic ADSL line) Internet Routing, need for a default gateway High number of NAT connections Network devices work on IP ACL, O365 is primarily URL based

9 Challenges Security, sending all traffic via a proxy made people feel safe. NAT Connections, NAT pools may be needed Need to start thinking of security at the Endpoint and not just the Perimeter

10 NAT – How bad can it get Maximum supported devices behind a single public IP address = (64,000 - restricted ports)/(Peak port consumption + peak factor) Restricted ports: 4,000 for the operating system Peak port consumption: 6 per device Peak factor: 4 Total of 6,000 devices accessing O365 on a single address

11 How should you NOT do Office 365
Many companies don’t do the correct assessment and expect it to just work! Some parts of Office 365 need to talk at Windows System Layer (Causes issues with Proxy and Firewall Authentication) Windows Network Awareness can cause issues If deploying Microsoft Team with Voice and Video ensure WAAS or SD-WAN ensure associated services are configured correctly

12 Creative Work Arounds Bypass Proxy for Office 365 Traffic (PAC Files)
Cisco Umbrella Branch to direct DNS requests out of local link without a global update to DNS (Inspection rule on local WAN router) Inject a Default route into the local site out of the DIA link Permit 443 and 80 out of the Local link (Security not happy ) Creating Stub zone in local DNS to refer Microsoft URL to google DNS servers. This forces the local client to query google DNS servers direct. (Not nice)

Download ppt "Office 365 – How NOT to do it UKNOF43."

Similar presentations

SIP, Firewalls and NATs Oh My!. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewall Configuration Strategies

Firewall Configuration Strategies
Petros Lam VP, Sales & Marketing The Hong Kong School Net Ltd.

Petros Lam VP, Sales & Marketing The Hong Kong School Net Ltd.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
Barracuda Load Balancer Server Availability and Scalability.

Barracuda Load Balancer Server Availability and Scalability.
Chapter 7: Using Windows Servers to Share Information.

Chapter 7: Using Windows Servers to Share Information.
Module 11: Remote Access Fundamentals

Module 11: Remote Access Fundamentals
AWS Cloud Firewall Review Architecture Decision Group October 6, 2015 – HUIT-Holyoke-CR 561.

AWS Cloud Firewall Review Architecture Decision Group October 6, 2015 – HUIT-Holyoke-CR 561.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.
1 Installing and Maintaining ISA Server 2006. 2 Planning an ISA Server Deployment Understand the current network infrastructure. Review company security.

1 Installing and Maintaining ISA Server Planning an ISA Server Deployment Understand the current network infrastructure. Review company security.
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.

1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
Security fundamentals Topic 10 Securing the network perimeter.

Security fundamentals Topic 10 Securing the network perimeter.

Similar presentations

Ads by Google