© 2012 Microsoft Corporation. All rights reserved.
Microsoft Confidential
Exchange 2010 SP2 Hybrid Mode & Office 365
Co-Existence
Kamal Abburi
Premier Field Engineer - Microsoft Services
Microsoft Confidential
Premier Field Engineering - What do we do
Reactive Support
Troubleshooting & RCA
Proactive Services
Workshops
Health Checks
Risk Assessments
Supportability Reviews
Chalk & Talks
Knowledge Transfers
2
Microsoft Confidential
Partner with PG
Technical Leadership
Global Community
Onsite and Remote
Conditions and Terms of Use
Microsoft Confidential
This training package is proprietary and confidential, and is intended only for uses described in the training materials. Content and software
is provided to you under a Non-Disclosure Agreement and cannot be distributed. Copying or disclosing all or any portion of the content
and/or software included in such packages is strictly prohibited.
The contents of this package are for informational and training purposes only and are provided "as is" without warranty of any kind,
whether express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and noninfringement.
Training package content, including URLs and other Internet Web site references, is subject to change without notice. Because Microsoft
must respond to changing market conditions, the content should not be interpreted to be a commitment on the part of Microsoft, and
Microsoft cannot guarantee the accuracy of any information presented after the date of publication. Unless otherwise noted, the companies,
organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no
association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should
be inferred.
Copyright and Trademarks
© 2012 Microsoft Corporation. All rights reserved.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this
document. Except as expressly provided in written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this
document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic,
mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
For more information, see Use of Microsoft Copyrighted Content at
http://www.microsoft.com/about/legal/permissions/
Microsoft®, Internet Explorer®, and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the United
States and/or other countries. Other Microsoft products mentioned herein may be either registered trademarks or trademarks of Microsoft
Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.
Overview
Hybrid Deployment
Terminology and Components
Requirements and Configuration
4
Microsoft Confidential
Objective
Understand Hybrid deployments and scenarios
Understand the planning involved
Understand the steps involved for successful
implementation
5
Microsoft Confidential
Hybrid Deployment
6
Microsoft Confidential
Hybrid Deployment Features
Secure mail routing between on-premises and Exchange Online
organizations.
Mail routing with a shared domain namespace.
A unified global address list, also called a “shared address book”.
Free/busy and calendar sharing between on-premises and Exchange
Online organizations.
Centralized control of outbound mail flow
A single Outlook Web App URL for both the on-premises and
Exchange Online organizations.
Move existing on-premises mailboxes to the Exchange Online
organization.
Centralized mailbox management using the on-premises Exchange
Management Console
Message tracking, MailTips, and multi-mailbox search between onpremises and Exchange Online organizations.
Cloud-based message archiving for on-premises Exchange mailboxes
7
Microsoft Confidential
Hybrid Scenarios - Migration to Office 365
Pilot Office 365
Large Migrations
Migrate users to the cloud at your own pace
Minimal or no disruption in Service
8
Microsoft Confidential
Hybrid Scenarios – Coexist with Office 365
Maintain a hybrid Exchange environment indefinitely
Organizational Requirements
Public Folders
Legacy, email-enabled line-of-business applications
Compliance
Easy Off Boarding
Mergers and acquisitions
Mailbox
9
Mailbox
Archive
Microsoft Confidential
Mailbox
Things to Consider
Highly Configurable - Not Customizable
Networks – Datacenter Locations
Regulatory and Compliance requirements
Manageability
Deployment and Maintenance
Lifecycles
Workloads not available in Exchange Online
Outlook 2003
Public Folders
Limits
Address Lists
Permissions
Multiple Forests
10
Microsoft Confidential
How do I Decide
Exchange Deployment Options Whitepaper
Office 365 for Enterprise Service Descriptions
Office 365 Advisor
Microsoft Office 365 Deployment Readiness Tool
Microsoft Office 365 Deployment Guide for Enterprises
11
Microsoft Confidential
Decision Made.. Where do I Start
Exchange Server Deployment Assistant
On-Premises Only
Upgrade from Exchange Server 2003
Upgrade from Exchange 2007
Upgrade from mixed Exchange 2003 and Exchange Server 2007
New installation of Exchange 2010
Hybrid Deployment (On-Premises + Cloud)
Exchange 2003
Exchange 2007
Exchange 2010
Cloud Only
12
Microsoft Confidential
ExDeploy
13
Microsoft Confidential
Sample Deployment
14
Microsoft Confidential
Components
Office 365
Hybrid server(s) - On Premises
Active Directory synchronization
ADFS
Microsoft Federation Gateway
Transport
Certificates
Hybrid Configuration Wizard
15
Microsoft Confidential
Office 365 and Hybrid server(s) - On Premises
Office 365 for enterprises
Microsoft Exchange 2010 SP1 or later
SP2 for the Hybrid Configuration Wizard
Mailbox, Client Access, and Hub Transport server roles
Windows Server 2003 forest functional mode or higher
16
Microsoft Confidential
Sample Deployment
17
Microsoft Confidential
ADFS
Enables access with a single user name and password
On Premises Policy and Control
Single Active Directory forest
Active Directory Federation Services 2.0
Requires unique third-party SSL certificate
establish a relying party trust relationship
18
Microsoft Confidential
Sample Deployment
19
Microsoft Confidential
Active Directory synchronization
Provides Unified GAL
Directory Synchronization tool (32-bit and 64-bit)
Cannot be a domain controller
Uses SQL Server 2008 Express
All Users, mail-enabled contacts and groups
Two-way synchronization (write-back)
KB 2256198
SafeSendersHash, BlockedSendersHash, SafeReceipientsHash,
msExchArchiveStatus, ProxyAddresses, msExchUCVoiceMailSettings,
PublicDelelgates
20
Microsoft Confidential
Sample Deployment
21
Microsoft Confidential
Microsoft Federation Gateway
Identity service that runs over the Internet
Uses SSL certificates and proof of domain ownership
Establish trust relationships with multiple partners
O365 Tenant automatically creates Federation Trust
Org Relationship
22
Microsoft Confidential
Sample Deployment
23
Microsoft Confidential
Mail Flow
Shared SMTP Namespaces
Secured and Authenticated Mail Flow
Channel Privacy
Receiver Authentication with Domain Validation
Sender Authentication
Each organization treats the other one as an internal
24
Microsoft Confidential
Things to Consider
Single AD Forest and Domain
20,000 Objects limit
Contact support to increase
UPN
Federated domain should be public (.local ?)
Set up single sign-on before AD synchronization.
High Availability
Network Security
Inbound; 25 TCP and 443 TCP
Outbound; 25 TCP, 80 TCP and 443 TCP
Bandwidth
25
Microsoft Confidential
Things to Consider
Outlook 2010 for best experience
Outlook 2007
Unified Messaging
Mobile Devices
Partnership should be disabled and re-enabled
Licenses
Public Folders
All Management from On Premises
No transfer of permissions
DNS Records
Autodiscover, spf
26
Microsoft Confidential
Things to Consider - Certificates
Active Directory Federation Services
Security token services(sts.contoso.com)
Exchange federation
Self Signed can be used
Exchange services
Autodiscover(autodiscover.contoso.com)
OWA
ActiveSync
EWS
Outlook Anywhere
Transport
FQDN of your Exchange 2010 hybrid server
27
Microsoft Confidential
Hybrid Configuration Wizard
Guides End-to-End process for Hybrid Deployment
Replaces approximately 50 manual steps
Validate Permissions
Verify Prerequisites and Topology
Creates the HybridConfiguration object in Active Directory
Makes the configuration changes to create and enable the
hybrid deployment
28
Microsoft Confidential
Hybrid Configuration Engine
29
Microsoft Confidential
Hybrid Configuration
Coexistence domain
Adds as accepted domain <domain>.mail.onmicrosoft.com
Adds as secondary proxy domain to any e-mail address policies
Exchange federation
Check for an existing federation trust
Use Existing or Create a federation trust
Create and Configure organizational relationships
Enable free/busy sharing, Outlook Web App redirection, message
tracking, and MailTips
Mailbox Moves
Enable the Mailbox Replication Service (MRS) proxy
Mail flow
Configure On Premises Servers and FOPE for Mail Routing
30
Microsoft Confidential
New Hybrid Configuration
31
Microsoft Confidential
Demo
32
Microsoft Confidential
Manage
33
Microsoft Confidential
Troubleshooting
34
Microsoft Confidential
Take Away
Run ExDeploy
Sign Up for 0365
Register your Domains with 0365
Run Microsoft Office 365 Deployment Readiness Tool
Deploy Single Sign On
Deploy Directory Synchronization
Install Exchange 2010 SP2
Configure External Access , DNS records, Certificates
Dependencies are Key
Run Hybrid Wizard
35
Microsoft Confidential