Sofia Event Center 21-22 ноември 2013 г. Преходът към Office365 –...
-
Upload
roderick-maddocks -
Category
Documents
-
view
240 -
download
3
Transcript of Sofia Event Center 21-22 ноември 2013 г. Преходът към Office365 –...
Sofia Event Center
21-22 ноември 2013 г.
Преходът към Office365 – различни сценарии, но винаги полезни Христо ХристовService Centrix Ltd.
Agenda
• Introducing the FastTrack Deployment Methodology• Components and Scenarios of Office 365 solutions• Microsoft Consulting Services Customer scenarios: Prista
Oil, Contoso Ltd.• Additional tools and information• Q&A
Introducing the FastTrack Deployment Methodology
Traditional Deployment Methodology
Disadvantages of the Traditional Approach
The FastTrack Deployment Process
Advantages of the FastTrack Approach• The FastTrack Phases
Traditional Deployment Methodology
Pre-Deployment Plan Prepare Migrate Post-
Deployment
1 2 3 4 5 6 7 8 9 10 11 12 ….
Pre Plan Prepare Migrate Post
Note: Timeline in Weeks
Disadvantages of the Traditional Approach
1 2 3 4 5 6 7 8 9 10 11 12 ….
Pre Plan Prepare Migrate Post
Do not treat a cloud deployment like an on-premises deployment
First Mailbox
Pre-Deployment Plan Prepare Migrate Post-
Deployment
Note: Timeline in Weeks
The FastTrack Deployment Process
Pilot Deploy Enhance
Experience value early;discover cloud advantage
Implement full features;meet organizational needs
Gain real world benefitsAchieve production use
Advantages of the FastTrack Approach
•No throw-away effort on a production pilot• Full Office 365 user experience with minimal on-premises requirements•Reduced time to value against effort invested•Multiple data migration methods: • New mailbox, self-service, and IT managed
•Range of identity options: • Cloud IDs, synchronized IDs, password sync, and federated IDs
•Deployment portal with prescriptive guidance• http://fasttrack.office.com/
Components and Scenarios of Office 365 solutions
• Core Components of Office 365• Core Identity Scenarios with Office 365• Core Messaging Scenarios with Office 365• Core Lync Scenarios with Office 365• Core SharePoint Scenarios with Office 365• Core Client Scenarios with Office 365• Office 365 Capability Matrix per Deployment Step
Core Components of Office 365
Windows Azure Active Directory
Exchange Online
SharePoint Online
Lync Online
Office 365 ProPlus
Core Identity Scenarios with Office 365
Directory Synchronization
Single identitysuitable for medium and large organizations without federation
Federated Identity
Single federated identity and credentials suitable for medium and large organizations
Cloud Identity
Single identity in the cloud Suitable for small organizations with no integration to on-premises directories
Office 365 Capability Matrix per Deployment Step
Key Capabilities Step 1 – Pilot Step 2 – Deploy Step 3 - Extend
Identity Sign On Cloud IDs Corporate AD user account with same password via Password Sync
Corporate AD user account and password via ADFS Option for Integration
with “Works with O365” Identity Providers
Option for Shibboleth Integration
Active Directory Remediation
Not applicable IdFix Dirsync Error Remediation Tool
IdFix Dirsync Error Remediation Tool
Custom Engagement
Simple Coexistence Federated Coexistence
No Coexistence
Core Messaging Scenarios with Office 365
Office 365 Capability Matrix per Deployment Step
Key Capabilities Step 1 – Pilot Step 2 – Deploy Step 3 - Extend
Global Address List Cloud Users Dirsync Users Dirsync users FIM 2010 via O365
connector
Calendar Free/Busy sharing
Cloud Users Dirsync Users (req. Ex 2010 SP3)
Dirsync Users Exchange Federation to
other O365 or Exchange
Corporate Email Yes via “connected accounts”
Yes via Corporate Domain add
a
Data Migration Options User driven migrations via connected accounts (mail only)
User driven PST import (mail/calendar/contacts)
User Driven IT Driven via Staged
Migration or Hybrid Exchange (req. Ex 2013)
Hybrid Exchange for 2013 and 2010 or 2007 on-premises
IBM Notes Migration Option
OWA / Full Outlook a a a
Mobile via Active Sync Cloud Email Address (Send From)
Corporate Email Address Option for BlackBerry
BCS
Corporate Email Address Option for BlackBerry
BCS
Exchange
Core Lync Scenarios with Office 365
Advanced FeaturesBasic Features Enterprise Features
Office 365 Capability Matrix per Deployment Step
Key Capabilities Step 1 – Pilot Step 2 – Deploy Step 3 - Extend
IM & P a a a
Online Meetings a a a
Video Conferencing a a a
PC and Application Sharing
a a a
Mobile Lync Clients a a a
Skype Federation (Summer ‘13)
a a a
Lync External Federation a a
Lync Hybrid Option a
Lync Hybrid Voice Option a
Lync
Core SharePoint Scenarios with Office 365
User Sites Basic Web Page Site Collections/Team Sites
Office 365 Capability Matrix per Deployment Step
Key Capabilities Step 1 – Pilot Step 2 – Deploy Step 3 - Extend
Team Sites a a a
Sky Drive Pro a a a
External Sharing a a a
Office Web Apps a a a
Public Site with Corporate DNS
a a
SharePoint Solutions (BCS, Duet)
a
Click-to-Run Office 2013 Pro Plus
Self-Serve for Pilot Users Self-Serve for Dirsync Users
IT Managed Deployment
Self-Serve for Dirsync Users
IT Managed Deployment
SharePoint
Core Client Scenarios with Office 365
Web Based Clients All Clients
MCS Customer scenario: Prista Oil
Customer Information
• PRISTA OIL GROUP is a holding structure, with two main activities:• Production and trading of motor and industrial oils, greases and
special fluids • Battery Business – part of the MONBAT structure (one of the blue
chips on Sofia Stock Exchange)
• PRISTA OIL has its own production facilities in Bulgaria, Turkey and Hungary• PRISTA OIL HOLDING EAD is operating in more than 20
countries in Central and Eastern Europe, Near and Middle East, as well as in Ukraine, Georgia, Kazakhstan and others
Existing Environment
• Two locations in Bulgaria with several hundreds of users• Several locations with less than 100 users• AD was partially deployed in Prista Oil• Different mail services (Qmail) and mail address spaces were
implemented in Bulgarian locations• Variety of e-mail clients are currently used – Outlook,
Outlook Express and Thunderbird• An existing trial of Office 365 service was used • Business location outside Bulgaria have heterogeneous e-
mail systems - Exchange, MDaemon, cloud based and etc.
Project Objectives and Team
• Design and optimization of IT infrastructure services • Design and implementation of Active Directory services• Provide Exchange Online Services• Develop unified workstations images with management• Provide a new solution services for pilot users
Project team includes experts from:• Microsoft Consulting Services• Service Centrix• Prista Oil IT department
Project Scope – Exchange Online Services
• Subscription to Office 365 service and verification of the SMTP domains for Prista Oil in Office 365.• Implementation of Office 365 Directory synchronization
and PasswordSync• Configuration of coexistence with Office 365.• Establish mail flow between Qmail Servers on-premises and
Exchange Online.• Configure coexistence and changes in domain name system
(DNS) and firewalls.
• Migration of pilot mailboxes to Exchange Online.
On-premises
Directory Synchronization – Objects Flow
ExchangeActive Directory
Office 365
Windows Azure Active Directory
Directory Synchronization Provisioning Web
Service
Logon Enabled UserMail-Enabled (not mailbox-enabled)ProxyAddresses: SMTP: [email protected] smtp: [email protected] smtp: [email protected]: SMTP: [email protected]
Exchange Online
Authentication Platform
SharePoint Online
Lync Online
User ObjectMailbox-EnabledProxyAddresses: SMTP: [email protected]
Sync Cycle Stage 1:Import Users, Groups,and Contacts from on-premises
Sync Cycle Stage 3:Export Users, Groups, and Contacts to Office 365
Sync Cycle Stage 4:Export “Write Back” attributes Sync Cycle
Stage 2:Import Users, Groups, and Contacts from Office 365
Password Synchronization
• Introduced with DirSync in June 2013• Benefits of using Password Sync as an alternative to
Federated Authentication• “Single set of credentials” to access both on-premises and
online resources• Managed in the customer’s Active Directory and is
synchronized with Office 365 (username + password)
• Fully integrated in the DirSync appliance• No requirement for Active Directory Federation
Services.• Keeps the deployment simple and eliminates IT costs
associated with AD/FS
Email Migration Factor Triage
Third-party
Exchange Server
Exchange 2000 or earlier
POP3 or proprietary
What is the current email
system?
Which Exchange
Server Version?
How do clients
connect?
Can it be configured for IMAP?
IMAP
Yes
No
Exchange 2003 or later
Is there any need for long-term mail co-
existence?
No
Yes
PST migration or 3rd party migration tool IMAP migration
Is there any need for long-term mail co-
existence?
Hyb
rid
Exch
ang
e
Sta
ged
Exch
ang
e o
r IM
AP m
igra
tionCutover Exchange
migration
How many users are
there?
Yes
No
2,000 or over
Under 2,000
Want more than just email folders
Coexiste
nceC
ross-P
rem
ises
Coexiste
nce
Rich
Sim
pl
eTe
mp
ora
ry
Migration
How many users are
there?
2,000 or over
Under 2,000
IMAP Migration
Prepare for
IMAPMigration
Create IMAP
Migration Endpoint
Create a CSVs for
IMAP Migration
Delete IMAP
Migration Batches
Configure MX
Record Pointing to Office
365
Start IMAP
Migration Batch
Create IMAP
Migration Batch
IMAP Migration Process
• Configure IMAP server to accept connections from Office 365 (port TCP/143 or TCP/993)
• Add and verify email domain in Office 365• Create users and mailboxes in Office 365
-> Manual/Bulk/DirSync
Best practices• Reconfigure MX record TTL to 15 mins• Create a dedicated migration admin user• Add permissions to the migration admin• If not possible: collect user passwords
Prepare for
IMAPMigration
IMAP Migration Process
• User list is defined in CSV files• Multiple migration batches• CSV file limits: 50,000 rows, max 10 MB
Best practices• Keep CSV files at secure location• Newly arriving emails land where MX record
points to - no redirection• Client software reconfiguration (pointing to
ExO)
Start IMAP
Migration Batch
Create IMAP
Migration Batch
MCS Customer scenario: Contoso Ltd.
Customer Information
• Contoso Ltd. is part of international group and offers broad range of telecommunications services• Operates in Bulgaria• Provides hosting services for group companies and
partners
Existing Environment
• Two locations in Bulgaria with several hundreds of users• Several locations with less than 100 users• Existing Active Directory forest with multiple domains• Messaging infrastructure based on Exchange Server
2007• Unified Communications based on Lync Server 2010
Project Objectives and Team
• Enable Office 365 services for Contoso users• Demonstrate the benefits of using Microsoft Online
services• Drive business agility• Improve operational effectiveness of users and IT staff
Project team includes experts from:• Microsoft Consulting Services• Service Centrix• Contoso Ltd. IT department
Project Scope – Exchange and Lync Online Services• Subscription to Office 365 service and verification of the
SMTP domains for Contoso in Office 365.• Establishment of federation trust with Office 365• Implementation of Office 365 Directory synchronization.• Configuration of hybrid coexistence with Exchange
Online• Configuration of hybrid coexistence with Lync Online• Migration of pilot users to Exchange and Lync Online.
On Premises
Federated Identity
Active Directory
DirSync
Windows Azure Active Directory
OAuth2
SAML-P
WS-Federation
Metadata
Graph API
Active Directory Federation Services
One way trust
Office Activation Service
Office 365 Admin Portal
Exchange Mailbox Access
…
Authentication
Auth
ori
zati
on
Exchange Hybrid Overview
Federation trust
Integrated admin experience
Native mailbox move
Secure mail flow
Delegated authentication for on-premises/cloud web services
Enables free/busy, calendar sharing, message tracking & online archive
Online mailbox moves
Preserve the Outlook profile and offline folders
Leverages the Mailbox Replication Service (MRS)
Manage all of your Exchange functions, whether cloud or on-premises from the same place: Exchange Admin Center
Authenticated and encrypted mail flow between on-premises and the cloudPreserves the internal Exchange messages headers, allowing a seamless end user experienceSupport for compliance mail flow scenarios (centralized transport)
Exchange Hybrid Server Roles
On-premises Exchange organization
Existing Exchange
environment (Exchange 2007
or later)
Office 365 Active Directory
synchronization
Exchange 2013 client access & mailbox server
Office 365
User, contacts, & groups via DirSync
Secure mail flow
Mailbox data via Mailbox Replication Service (MRS)
Sharing (free/busy, Mail Tips, archive, etc.)
Office 365 Federated Trust
Active Directory Federation Services
From an existing Exchange 2007 or 2010 environment—no Edge Transport server
Exchange 2013 hybrid deployment
Clients Office 365
autodiscover.contoso.com
mail.contoso.com
E2010 or 2007 Hub
E2010 or 2007 CAS
E2010 or 2007 MBX
E2013 CAS
E2013 MBX
Exchange 2010 or 2007 Servers
Intranet site
SP3/RU10
SP3/RU10
Internet-facing site
1.Prepare• Install Exchange SP and/or updates across
the ORG • Prepare AD with E2013 schema
2.Deploy Exchange 2013 servers• Install both E2013 MBX and CAS servers• Set an ExternalUrl and enable the MRSProxy
on the Exchange Web Services vdir
3.Obtain and deploy Certificates• Obtain and deploy certificates on E2013
CAS servers
4.Publish protocols externally• Create public DNS A records for the EWS
and SMTP endpoints• Validate using Remote Connectivity
Analyzer
5.Switch autodiscover namespace to E2013 CAS• Change the public autodiscover DNS record
to resolve to E2013 CAS
6.Run the Hybrid Configuration Wizard
7.Move mailboxes
1 2
3
EWS SMTP
45
6
7
1 2
3
45
6
Lync 2013 Hybrid Coexistence
ActiveDirectoryLync 2010 Pool
Microsoft Federation Gateway
Lync Federation Edge
AD FS v2
Interoperability—IM/
P, Federation, OWA,
UM
Sign-on and auth
enticatio
n
Directo
ry sync
DirSync—Provisioning, GAL
Federation for SSO
Lync Hybrid Interoperability
Integration between local IT systems and the cloud
Lync OnlineOffice 365
Exchange Online
Legacy OCS 2007 R2
Lync 2010+ Pool
SharePoint Online
Directory Sync
Edge
Same as Exchange
Lync Hybrid—Checklist
Task Details
Deploy DirSync on-premises
Lync 2013 tenants created in Office 365 Need to provision new Lync 2013 tenants
Add vanity domains for hybrid Create TXT/CNAME record that Office 365 completes verification
Activate for vanity domain for DirSync Activate step in the tenant admin experience
Certificates for on-premises AD FS
Get necessary certificates for AD FS to work against Office 365:
SN: sts.<vanitydomain>SAN: additional sts, one for each vanity domain
Domain Name Server (DNS) records for AD FS
Publish A record for <sts.vanitydomain> pointing to on-premises AD FS
Office 365 Tools
• https://portal.microsoftonline.com/Tools• OnRamp - https://onramp.office365.com/onramp/ • Office 365 Best Practices Analyzer for Exchange Server 2013 (beta)• Microsoft Connectivity Analyzer
• http://community.office365.com/en-us/wikis/diagnostic_tools/default.aspx• Exchange Online PowerShell• IdFix DirSync Error Remediation Tool• Lync Online Transport Reliability IP Probe (TRIPP) Tool• Microsoft Online Services Diagnostics and Logging (MOSDAL) Support Toolkit• Microsoft Outlook Configuration Analyzer Tool (OCAT)• Windows Azure Active Directory Module for Windows PowerShell
Office 365 Resources
•Office 365 FastTrack Deployment Center•Office Ignite Readiness•TechNet Center for Office 365•TechNet Center for the new Office•Office IT Pro Blog•Office 365 Trust Center•Office 365 Service Descriptions•Service Updates for Office 365 for Enterprises•Microsoft Planning Services
If you would like to implement the technologies that you just saw in your organization, then join us for a Customer Immersion Experience (CIE), a hands-on introduction to Windows 8 and the new Office, new servers for business productivity as well as a variety of other Microsoft technologies, including Windows Phone, and Dynamics CRM.
A CIE is not a generic demo about all the features Microsoft products offer. It's a true-to-life user experience that takes you through common work-related scenarios such as staying productive while mobile, using social networking to get work done, and connecting in real time with coworkers. It also gives you a first-hand look at the fast and fluid experience of Windows 8 and the exciting features of the new Office across a variety of devices, including tablets, PCs, and smartphones.
If you are interested please fill in the feedback form by choosing CIE workshop.
Thank you!
Customer Immersion Experience (CIE)
Споделете вашата обратна връзка за тази сесия и за цялостната организация на конференцията
http://aka.ms/inchargeи участвайте в томболата за HTC 8S и други
награди!
• Enhanced Secure Mail feature• Certificate based attribution for mail flow connectors - no more
static IP address lists
• Explicit TLS certificate selection avoids certificate conflicts
• Remote domains no longer required for secure mailzSimpler configuration and troubleshooting
• Centralized Transport feature supports more mail flow paths
• Edge Server support – Edge Transport Server 2010
Hybrid mail flow enhancements
Secure Mail
On-premises organization Internet
Exchange Online Protection
MX resolves to on-premises gateway
Exchange Online
MX is switched to Exchange Online Protection
Outbound Exchange Online traffic is delivered direct
You can choose to route outbound on-premises mail via EOP
External recipient
DAVIDOn-premises mailbox
Exchange
CHRISCloud mailbox
Third Party Email Security System
Secure Mail
Encrypted & authenticated mail flow
• All email between Exchange on-premises and Exchange Online is encrypted and authenticated
• Internal mail flow going from Exchange to Exchange must go direct and not through 3rd party gateways
• External (Internet) mail can be routed to wherever you choose – on premises, 3rd party service, EOP
• The MX record for the domain controls where inbound external email is received
• The hybrid wizard’s “OnPremisesSmartHost” property controls the flow of internal mail from Exchange Online to Exchange on-premises
• The FQDN defined within OnPremisesSmartHost can be:
• A single Exchange 2013 CAS or 2010 Edge server
• Multiple round robin Exchange 2013 CAS or 2010 Edge servers
• Multiple load balanced Exchange 2013 CAS or 2010 Edge servers (recommended)
If you want outbound email from on-premises to the Internet to go through EOP you need to create an extra “*.*” send connector that forwards all mail to EOP
Things to remember about Secure Mail
Secure Mail
On-premises organization Internet
Exchange Online Protection
MX resolves to on-premises gateway
Exchange Online
MX is switched to Exchange Online Protection
External recipient
DAVIDOn-premises mailbox
Exchange
CHRISCloud mailbox
Third-party email security system
Secure Mail
Encrypted & authenticated mail flow
All email in and out of the Exchange Online tenant must go via on-premises
• It is built on top of Secure Mail• You cannot enable Centralized Transport without it
• All email in and out of Exchange Online is routed via on-premises
• Unless you have a business requirement to route mail via on-premises you do not need to enable it
• You can now route inbound Internet email to Exchange Online Protection even when Centralized Transport is turned on
• No more need for FOPE “duplicate domains”, multiple FOPE companies. It simply works out of the box
Things to remember about Centralized Transport