Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Document

advertisement 


Step 2 Deployment Overview

What is DirSync?
 Purpose – What does it do?

Understanding Synchronization

Understanding Coexistence

Understanding Migrations
 Self Service
 Admin lead

Migration Options
 PST migrations
 IMAP migrations
 Staged Exchange migrations
Deploy
Pilot
Pilot complete
Enhance
Deploy Complete
Adopt new features
Deploy Experience – what’s added
Setup in days
Sign-on
Adds on-premises
integration
Pilot user and info is
sustained
Sign-on with the same user and password as on premises
Integrated mail flow and migration
Global address list
Full mail content migration – mail, calendar, contacts
Mail
IT driven migration
Mail migration that best
fits environment
Integrated identity management
Sharing and working with others
Collaboration
Lync business partner federation
Site governance and provisioning support
Setup of Apps for Office corporate app catalog
Clients
IT managed client productivity
Mobile
Managed mobile connectivity
Administration
Office 365 ProPlus deployed to user desktop via IT process
Send and receive mail from mobile device as on-prem email
Control & monitor
Data loss prevention configuration (limited)
Exchange Online Protection mail protection configuration (limited)
Deploy – what’s required
Unique requirements per
mail platform
Dedicated customer IT
team
What’s Required
Identity
Directory Sync server/s
AD meets service requirements for hygiene
Same password on-prem and in cloud via password sync
What you need to connect
Network
Change management
readiness
Network access to service from client end points
Network bandwidth availability
Access to maintain DNS entries for share domains
Required to setup and migrate
Admin access
Mail
Clients
Required to connect and deploy
Web client – minimum browser
Office 365 Pro Plus – clients running Windows 7 +
Deploy Identity Scenario
Pilot
Deploy
Enhance
Cloud Identity
Directory & Password
Synchronization
Federated Identity
Single identity in the cloud
Single identity without federation
Single federated identity
and credentials
http://aka.ms/sync






























































































On-premises
Active Directory
Office 365
Sync Cycle
Stage 4:
Export “Write Back” attributes
Sync Cycle
Stage 2:
Import Users, Groups, and
Contacts from Office 365
Exchange
User Object
Mailbox-Enabled
ProxyAddresses:
SMTP: John.Doe@contoso.com
Sync Cycle
Stage 3:
Export Users, Groups, and
Contacts to Office 365
Authentication Platform
Windows Azure
Active Directory
Logon Enabled User
Exchange Online
Mail-Enabled (not mailbox-enabled)
ProxyAddresses:
SMTP: John.Doe@contoso.com
smtp: John.Doe@contoso.onmicrosoft.com
smtp: John.Doe@contoso.mail.onmicrosoft.com
TargetAddress:
SMTP: John.Doe@contoso.com
SharePoint Online
Directory
Synchronization
Provisioning Web
Service
Lync Online
 Introduced
with DirSync in June 2013
 Benefits of using Password Sync as an alternative to
Federated Authentication

“Single set of credentials” to access both on-premises and
online resources
 Managed in the customer’s Active Directory and is synchronized with Office 365
(username + password)
Fully integrated in the DirSync appliance
 No requirement for Active Directory Federation Services.

 Keeps the deployment simple and eliminates IT costs associated with AD/FS
 Does
not require nor access the plain text password
 No requirement for AD reversible encrypted format
 AD user password hash is hashed again using a nonreversible encryption function and digest is
synchronized into Azure AD
 The digest in Azure AD cannot be used to access
resources in the customer’s on-premises
environment
 One-way
cloud
synchronization from on-premises to the
 Password
Complexity Policy implemented in the onpremises AD is the master policy
 Password Expiration Policy on the Azure AD is set to “Never Expire”
 Password expiration and sync to Azure AD is driven by on-premises events








On-premises
MX Record:
contoso.com
User Object
Mailbox-Enabled
ProxyAddresses:
SMTP: John.Doe@contoso.com
Exchange
Message Filtering
Active Directory
Office 365
MX Record:
contoso.com
Exchange
User Object
Mail-Enabled (not mailbox-enabled)
ProxyAddresses:
SMTP: Jane.Doe@contoso.com
TargetAddresses:
SMTP: Jane.Doe@contoso.mail.onmicrosoft.com
DirSync
Message Filtering
Active Directory
MX Record:
contoso.onmicrosoft.com
contoso.mail.onmicrosoft.com
Exchange Online Protection
On-premises
Exchange Online
Online Directory
Logon Enabled User
Mailbox-Enabled
ProxyAddresses:
SMTP: Jane.Doe@contoso.com
smtp: Jane.Doe@contoso.onmicrosoft.com
smtp: Jane.Doe@contoso.mail.onmicrosoft.com
DirSync Web
Service
Office 365
MX Record:
contoso.com
Exchange
User Object
Mailbox-Enabled
ProxyAddresses:
SMTP: John.Doe@contoso.com
DirSync
Message Filtering
Active Directory
MX Record:
contoso.onmicrosoft.com
contoso.mail.onmicrosoft.com
Exchange Online Protection
On-premises
Exchange Online
Online Directory
Logon Enabled User
Mail-Enabled (not mailbox-enabled)
ProxyAddresses:
SMTP: John.Doe@contoso.com
smtp: JohnDoe@contoso.onmicrosoft.com
smtp: JohnDoe@contoso.mail.onmicrosoft.com
TargetAddresses:
SMTP: John.Doe@contoso.com
DirSync Web
Service
Large
Medium
Small
Exchange
IMAP
Lotus
Notes
40Google
| Microsoft Confidential
Simple
Rich
DirSync
Manual/Bulk
Provisioning
Self serve or
Admin Driven
Features by
user type
Cloud or onpremises tools
In-Cloud
On-Premise
Single
Sign-On
FastTrack Step 2 Migration Options
Supports wide range of email platforms
Email only (no calendar, contacts, or tasks)
X
X
Exchange 2000
X
X
No server required on-premises
Identity federation with on-premises directory
Exchange 2003
X
X
X
Exchange 2007
X
X
X
Exchange 2010
X
X
X
Hybrid deployment
Exchange 2013
X
X
X
Manage users on-premises and online
Enables cross-premises calendaring, smooth migration, and easy offboarding
Notes/Domino
X
X
GroupWise
X
X
Other
X
X
Hybrid
IMAP migration
Exchange 5.5
IMAP migration
Staged Exchange migration
Hybrid
PST Migration
Migration
Import of Archived/Offline Mail
Staged migration
PST Migration
Self Service or Admin Driven Options
Control
Self Service
Admin-Driven
Deployment Type
Description




Works with a large number of source mail systems
Works with on-premises or hosted systems
Users can be migrated in batches
On-premises migration tool is not required

Access to IMAP4 ports (TCP/143/993)


Users + mailboxes must be provisioned prior to migration
 Bulk provisioning, CSV parser, manual, etc.


Gather user credentials or setup admin credentials
Prepare a CSV file with list of users
 EmailAddress, UserName, Password
 Max of 50,000 rows
 Max 10 MB in size

Very limited data migration scope (mail items only)
Migrated
 Mail messages
(Inbox and other folders)
 Maximum of 500,000 items
 Possible to exclude specific
folders from migration
(e.g. Deleted Items, Junk EMail)
Not Migrated
 Contacts, Calendars, Tasks, etc.
 Excluded folders
 Folders with a forward slash
( / ) in the folder name
 Messages larger than 25 MB
Provision
users
+
mailboxes
in O365
(license
assigned)
Gather
IMAP creds,
configure
IMAP
endpoint
and prepare
CSV
Initial
sync
EAC
Wizard:
Enter server
settings and
upload CSV
Change MX
record
Delta
sync
every 24
hours
Mark
migration as
complete
Final
sync and
cleanup









Simple and flexible migration solution
High-fidelity solution – all mailbox content is migrated
Typically best suited to medium and large organizations
Users are provisioned with Directory Sync prior to migration
No limit on the number of mailboxes
Users can be migrated in batches (up to
)
Works with Exchange 2003 and 2007 only, on-premises or hosted
Identity management on-premises
On-premises migration tool is not required

Outlook Anywhere service on source system
(m



Directory Sync tool enabled in


SEM is not supported with Exchange 2010 and 2013
Only simple coexistence is available
(no sharing of Free&Busy, calendar, etc.)







› EmailAddress, Password*, ForceChangePassword*



Migrated








Mail messages and folders
Rules and categories
Calendar (normal, recurring)
Out-of-Office settings
Contacts
Tasks
Delegates and folder perms
Outlook settings (e.g. favorites)
Not Migrated





Security Groups, DDLs
System mailboxes
Dumpster
Send-As Permissions
Messages larger than 25 MB





Partial migrations are not possible
(no folder exclusion, no time range selection, etc.)




*Not required if Password Sync is enabled
Configure
Outlook
Anywhere
Test using
ExRCA
Assign
migration
perms
EAC
Wizard:
Configure
Directory
Sync
Enter
server
settings ,
admin
creds,
batch CSV
Migrate
Batch
Convert
onprem
mailboxes
to MEU
Delete
migration
batch
(optional)
License
users
Convert
onpremises
MBX to
MEU
Change
MX
Record
Related documents
Exchange security and protection - Office 365 Tech
Exchange security and protection - Office 365 Tech
Lab 5 - Concordia University
Lab 5 - Concordia University
Migration
Migration
My Harrow Account - West London Alliance
My Harrow Account - West London Alliance
wg 5.11
wg 5.11
Ispirer - Company Presentation
Ispirer - Company Presentation
The Push Pull Factor
The Push Pull Factor
Licensing Options for Partner Hosted Cloud
Licensing Options for Partner Hosted Cloud
Troubleshooting Active Directory Lingering Objects
Troubleshooting Active Directory Lingering Objects
Download
advertisement