Preparing for an Exchange 2013 Hybrid
-
Upload
jethro-seghers -
Category
Technology
-
view
4 -
download
2
description
Transcript of Preparing for an Exchange 2013 Hybrid
Exchange 2013 – Office 365Preparing for Hybrid
Jethro Seghers
Blogger
Twitter: @jseghersE-mail: [email protected]: [email protected]: http://blog.j-solutions.be
Consultant
Trainer
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
WHAT IS HYBRID EXCHANGE?
1 VIRTUAL ORGANIZATION
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
4
WHY HYBRID DEPLOYMENTS?
Organizations are not ready to go completely to the cloud
Security Concerns
Compliancy Concerns
Management Concerns
Long-term coexistence Large migrations where cutover isn’t possible. Transparent mailbox moves (to or from Exchange
Online)
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
5
WHY HYBRID DEPLOYMENTS?
Take advantages of features like e.g. Exchange Online Archiving with On Premises Mailboxes
Interaction with 3rd party applications
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
6
ADVANTAGES OF HYBRID DEPLOYMENT
Secure mail routing between on-premises and Exchange Online organizations
Mail routing with a shared domain namespace A unified global address list (GAL), also called a
“shared address book.” Free/busy and calendar sharing between on-premises
and Exchange Online organizations
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
7
ADVANTAGES OF HYBRID DEPLOYMENT
Centralized control of inbound and outbound mail flow. You can configure all inbound and outbound Exchange Online messages to be routed through the on-premises Exchange organization
A single Microsoft Office Outlook Web App URL for both the on-premises and Exchange Online organizations
The ability to move existing on-premises mailboxes to the Exchange Online organization. Exchange Online mailboxes can also be moved back to the on-premises organization if needed
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
8
ADVANTAGES OF HYBRID DEPLOYMENT
Centralized mailbox management using the on-premises Exchange admin center (EAC)
Message tracking, MailTips, and multi-mailbox search between on-premises and Exchange Online organizations.
Cloud-based message archiving for on-premises Exchange mailboxes
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
9
DEMOEXCHANGE HYBRID IN ACTION
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
10
SUPPORTED VERSIONS
Office 365 (v 2010)
Office 365 - W15w/ On-Prem 2010
Office 365 – W15w/ On-Prem 2013
Exchange 2013 N/A X
Exchange 2010 SP3 X X X
Exchange 2010 SP2 X
Exchange 2010 SP1 X
Exchange 2007 SP3 (X) (X) (X)
Exchange 2007 SP2/SP3
(X) (X)
Exchange 2003 SP2 (X) (X)
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
11
ARCHITECTURE
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
MAILFLOW
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
13
BUILDING BLOCKS
Supported Exchange On Premises Version Exchange Online Directory Synchronization Active Directory Federation Services Exchange Online Protection
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
WHAT IS DIRSYNC?
“…is a Directory Synchronization engine based on Forefront Identity Manager (FIM) that will synchronize a subset of your on-
premise Active Directory with Windows Azure Active Directory (Office 365).”
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
15
WHY DIRSYNCMain Purpose: Sync Attributes from Active Directory to Windows Azure Active Directory and Back (in case of Hybrid)
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
16
LESSONS LEARNED
Long term coexistence between Active Directory On Premise and Windows Azure Active Directory.
It’s NOT for easy, quick provisioning of objects, such as groups, contacts, …
It provides a single point of managing Users
Groups & Memberships
Contacts
Sync attributes runs once every 3 hours. Sync AD password once every 2 minutes.
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
DirSync
SourceADMA
TargetWebService
MA
Active Directory
METAVERSE
DIRSYNC: HOW DOES IT WORK
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
18
DEPLOYMENT CONSIDERATIONS
Is your Active Directory Ready for DirSync Topology: single forest? Multiple Domains? Broken inheritance user rights?
Check your AD by using the Readiness Tool or OnRamp
Firewall? Can DirSync connect to Azure Active Directory Service Accounts 64 Bit only Activation, Deactivation Time Filtering? SQL Version?
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
WHAT OBJECTS ARE SYNCED? From AD to Office 365: http://support.microsoft.com/kb/2256198 From Office 365 to AD (aka write-back):
Write-Back attribute Exchange "full fidelity" feature
SafeSendersHashBlockedSendersHashSafeRecipientHash
Filtering: Writes back on-premises filtering and online safe and blocked sender data from clients.
msExchArchiveStatus Online Archive: Enables customers to archive mail.
ProxyAddresses (LegacyExchangeDN <online LegacyDn> as X500)
Enable Mailbox: Off-boards an online mailbox back to on-premises Exchange.
msExchUCVoiceMailSettings
Enable Unified Messaging (UM) - Online voice mail: This new attribute is used only for UM-Microsoft Lync Server 2010 integration to indicate to Lync Server 2010 on-premises that the user has voice mail in online services.
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
20
TROUBLESHOOTING
Broken Inheritance Active Directory Email Send out by DirSync IDFix : DirSync Remediation Tool MetaVerse Search Expired Password DirSync
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
21
DEMODIRSYNC IN ACTION
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
WHAT IS ADFS?
“…is a software component installed on Windows Server operating systems to provide users with
Single Sign-On access to systems and applications located across organizational boundaries. It uses a claims-based access control authorization model to maintain application security and implement
federated identity…”
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
23
WHY ADFSMain Purpose: Provide Active Directory Users a full Single Sign On experience
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
ADFS: ON PREMISE TOPOLOGY
Enterprise DMZ
AD FS 2.0 ServerProxy
Internaluser
ActiveDirectory
AD FS 2.0 Server
AD FS 2.0 Server
AD FS 2.0 ServerProxy
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
ADFS: ON PREMISE TOPOLOGY
Enterprise DMZ
AD FS 2.0 ServerProxy
Internaluser
ActiveDirectory
AD FS 2.0 Server
AD FS 2.0 Server
AD FS 2.0 ServerProxy
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
WEB (PASSIVE) AUTHENTICATION FLOW
Online
ADFS
DC
Client Exchange/SP Online
Auth. Platform (WAAD)
WEB
Auth
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
ACTIVE AUTHENTICATION FLOW
Online
ADFS
DC
Client Exchange/SP Online
Auth. Platform (WAAD)
Active
Auth
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
28
LESSONS LEARNED
Deploy ADFS in High Availability Service account: log on as batch job ADFS requires a public certificate only for client
communications; token signing and encryption can be done with self-signed certificates
Workflow/endpoint is different depending the application you use: Passive (Web)/Active (Outlook)
Troubleshooting is not always easy. e.g. requires understanding how to use tools like fiddler2. E.g. to Analyze Sign-In Flow
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
29
DEMOADFS IN ACTION
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
WHAT’S “NEW” IN THE HYBRID CONFIGURATION WIZARD
Single-step, adaptive configuration wizard
Enhanced mail-flow capabilities
Improved centralized mail flow
Easier setup of secure mail flow (no more whitelisting IP’s!)
Integrated support for Exchange 2010 Edge Transport server
Leverages Exchange Online Protection
Enhanced & more detailed logging
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
www.devconnections.com
EXCHANGE 2013 – OFFICE 365: PREPARING FOR HYBRID
32
DEMOHCW IN ACTION
Q&A