Add to collection(s) Add to saved
  1. Business

Building a Hybrid Exchange Server 2013 Deployment in Less than

advertisement 
“Virtual Exchange Organization”
“The Internet”
Exchange
On-Premises
Exchange
Online
(Office 365)
• Delegates
• Free/Busy
• Calendar Sharing
• Message Tracking
• Mail Tips
• Encrypted Mail Flow
• Header Preservation
• Centralized Mail Flow
• Cert-based security
• Unified GAL
• Exchange Archiving
• Mailbox Moves (X500)
• Mailbox Replication Service
• Online Mailbox Moves
• Fast / Reliable
may make life easier (more about that later)
MICROSOFT DATA CENTER
INTERNET
PERIMETER
NETWORK
INTERNAL NETWORK
INTERNAL USER
(O365)
EXCHANGE ON-PREM ORG.
OFFICE 365 TENANT
EXTERNAL USER
(O365)
EXCHANGE ONLINE
TENANT
ORGANIZATIONAL RELATIONSHIP
EXCHANGE
2013
(CAS)
HYBRID MAIL FLOW
EXCHANGE
2013
(MBX)
INTERNAL OWA USER
(O365)
HTTPS
EXCHANGE USER
SMTP
ONLINE PROTECTION
ACTIVE DIRECTORY
EXCHANGE ONLINE
AUTHENTICATION
HTTPS
SERVICE
HTTPS
SYNC
HTTPS
AZURE AD
ADFS
PROXY
ADFS
OWA USER
(O365)
ACTIVE
DIRECTORY
HTTP(S)
DIRSYNC
SERVER
MAIL FLOW
AUTHENTICATION
SYNCHRONIZATION
APP. ACCESS (HTTP(S))
1.
2.
Deploy
Exchange
Configure
SSO
(optional)
3.
4.
Setup
DirSync
Configure
Certificates
7.
“The Internet”
5.
Configure
WebServices
6.
MX
Configure
MX Records
Run Hybrid
Configuration Wizard
Office 365 (w14)
Office 365 (w15)
w/ on-prem 2010
Office 365 (w15)
w/ on-prem 2013
Exchange 2003 SP2
w/ Ex2010 SP2+
YES
NO
Exchange 2007 SP2/SP3
w/ Ex2010 SP2+
YES
NO
Exchange 2007 SP3 UR10+
w/ Ex2010 SP2+
YES
YES
Exchange 2010 SP1
YES
NO
NO
Exchange 2010 SP2
YES
NO
NO
Exchange 2010 SP3
YES
YES
YES
Exchange 2013
N/A
NO
YES
Exchange 2013 SP1
N/A
NO
YES
Only with Exchange 2013 SP1 ‘Hybrid’
Each organization must have its own non-shared SMTP/AutoD namespace
Limitations and restrictions apply
Office 365
Hybrid
contoso.com
Hybrid
fabrikam.com
Hybrid Configuration
Engine
Determine required Hybrid functionality: FreeBusy, MoveMailbox, Mailtips, MessageTracking,
OwaRedirection, OnlineArchive, SecureMail, CentralizedTransport, Photos
List domains in scope of the configuration
Check mail flow parameters (certificates, servers…)
Check Connectors
Inbound Connector / Receive Connector
Outbound Connector / Send Connector
Version level (of the Hybrid Configuration Object)
Verify if Organization Relationship(s) already exists
Check Domain configuration
Accepted Domains (Get-AcceptedDomain)
Remote Domains
Check Email Address Policies
tenant.mail.onmicrosoft.com
add above domain to the policy
stamp each recipient with a secondary email address (required for cross-premises mail flow)
Uses Get-FederationInformation to verify domain ownership
on-premises only
New-OrganizationRelationship
-Name ‘On-premises to O365 - <id>’
-TargetApplicationUri 'outlook.com'
-TargetAutodiscoverEpr
'https://pod<id>.outlook.com/autodiscover/autodiscover.svc/
WSSecurity'
-Enabled: $true
-DomainNames {tenant.mail.onmicrosoft.com}
New-OrganizationRelationship
-Name 'O365 to On-premises - <id>'
-TargetApplicationUri '<appuri>'
-TargetAutodiscoverEpr
'https://autodiscover.onprem.tld/autodiscover/autodiscover.
svc/WSSecurity'
-Enabled: $true -DomainNames {<domains>}
FreeBusyAccess(Level)
ArchiveAccess
Mailtips
…
on-premises only
In on-premises organization
In on-premises organization
In Office 365 tenant
Specific values if centralized mail flow is selected (-RouteAllMessagesViaOnPremises: $true)
MRS
“The Internet”
Exchange
On-Prem
Admin
Exchange
Online
(Office 365)
Except for the authentication popup
Leverage ADFS or Password Sync to avoid user complexity
Although this sometimes does not happen…
<drive>:\Program Files\Microsoft\Exchange Server\V15\Logging\Update-HybridConfiguration
Get-FederationInformation –DomainName <domainname>
Get-OrganizationRelationShip | fl *
Remote Connectivity Analyzer (www.testexchangeconnectivity.com)
What if the customer wants to re-use those?
Exchange Online
Exchange Online
Protection (EOP)
Relay to internet
YES
YES
TCP Port(s)
25, 587 – TLS required
25, TLS optional, static IP(s) required
Requires Auth.
YES
NO
Bypasses Anti/Spam
YES
NO
Limits
10k recipients/day
‘reasonable limits’
Licensing
Std/Shared MBX
EOP license per sender
(included in EXO license)
FQDN
Smtp.office365.com
Tenant-tld.mail.protection.outlook.com
http://blogs.technet.com/b/mikehall/archive/2013/06/27/large-mail-item-script.aspx
Expired
Not from a trusted source
Missing/Wrong subject (alternative) name
Subject name is too long (> 256 characters)
ADFS can be a delicate and complex matter
Not all firewalls support domain-based ACLs
Datacenter IP addresses are badly documented
It’s no longer the server you have to care about…
Tooling?
What do I have to monitor?
http://technet.microsoft.com/en-us/library/dn497703(v=exchg.150).aspx
OFC-B222 Introduction to Microsoft Office 365 Identity Management
OFC-B250 Multi-Factor Authentication for Microsoft Office 365
OFC-B317 Microsoft Office 365 Directory Synchronization and Federation
Options
OFC-H345 Performing an Exchange Hybrid Deployment with Microsoft
Office 365
Related documents
October Announcements
October Announcements
FRESH is more than a movie. It is a call to action! Join the FRESH
FRESH is more than a movie. It is a call to action! Join the FRESH
Tax Filing Instructions
Tax Filing Instructions
Post Office/Centre Assistant Job Description
Post Office/Centre Assistant Job Description
test administration instructions
test administration instructions
Credit Controller - Mail Call Couriers
Credit Controller - Mail Call Couriers
Download
advertisement