tech days 2013 - deploying a hybrid configuration w/ exchange 2013
Post on 28-Nov-2014
1.014 Views
Preview:
DESCRIPTION
TRANSCRIPT
Deploying Exchange 2013 in Hybrid ModeMichael Van HorenbeeckTechnology Consultant – Xylos, Exchange Server MVP
@mvanhorenbeeckwww.pro-exchange.bemichaelvh.wordpress.com
Building a hybrid configuration
Expectations… Reality (Ex2013)…
What is a hybrid deployment?
ExchangeOn-Prem
“The Internet”
ExchangeOnline
(Office 365)
“Virtual Exchange Organization”
Why hybrid?
• Long-term coexistence• Take advantages of features like e.g. Exchange Online
Archiving• Large migrations where cutover isn’t possible (e.g. EX2010 +)• Transparent mailbox moves (to or from Exchange Online)• “Online” Mailbox Moves• No OST resync!
• Interaction with 3rd party applications• e.g. Fax Solutions
Hybrid Configuration Primer
Federation
• Delegates• Free/Busy• Calendar
Sharing• Message
Tracking• Mail Tips• …
Secure Mail Flow
• Encrypted mail flow
• Header preservation (“internal”)
• Centralized mail flow
DirSync
• Unified GAL• Exchange
Online Archive (EOA)
• Off-boarding
Mailbox moves
• Online mailbox moves through MRS
DirSync Writeback
Write-Back attribute Exchange "full fidelity" feature
SafeSendersHashBlockedSendersHashSafeRecipientHash
Filtering: Writes back on-premises filtering and online safe and blocked sender data from clients.
msExchArchiveStatus Online Archive: Enables customers to archive mail.
ProxyAddresses (LegacyExchangeDN <online LegacyDn> as X500)
Enable Mailbox: Off-boards an online mailbox back to on-premises Exchange.
msExchUCVoiceMailSettings
Enable Unified Messaging (UM) - Online voice mail: This new attribute is used only for UM-Microsoft Lync Server 2010 integration to indicate to Lync Server 2010 on-premises that the user has voice mail in online services.
A trip down memory lane…
Hybrid Configuration Wizard (SP2)
Introducing the ‘new’ hybrid configuration wizard
• Single-step, adaptive configuration wizard• Enhanced mail-flow capabilities• Improved centralized mail flow
• Easier setup of secure mail flow (no more whitelisting IP’s!)
• Integrated support for Exchange 2010 Edge Transport server• Leverages Exchange Online Protection• Enhanced & more detailed logging
Hybrid Prerequisites
• Directory Synchronization (DirSync)• “Hybrid Server”• Add Office 365 tenant to Exchange Admin Center• Certificates• Exchange Web Services• 3rd party certificates for TLS between Exchange Online & On-Premises• Self-Signed Certificate for use w/ Microsoft Federation Gateway
(automatic)
Optional:• ADFS (though recommended)• Edge Transport Server may make life easier (more about that later)
Typical deployment process
“The Internet”
DeployExchange
1.
ConfigureSSO (optional)
2.
Setup DirSync
3.
Configure Certificates
4.
Configure WebServices
5.
Run Hybrid Configuration Wizard
6.
ConfigureMX Records
MX
7.
Hybrid Configuration Wizard Workflow
Current stateDesired state
Hybrid ConfigWizard
Hybrid ConfigurationEngine
Delta-config
Demo: the new Hybrid Configuration Wizard
Supported topologies
Office 365 (v 2010)
Office 365 (v 2013)w/ On-Prem 2010
Office 365 (v 2013)w/ On-Prem 2013
Exchange 2003 SP2 (X) (X)
Exchange 2007 SP2/SP3
(X) (X)
Exchange 2007 SP3 Urx
(X) (X) (X)
Exchange 2010 SP1 X
Exchange 2010 SP2 X
Exchange 2010 SP3 X X X
Exchange 2013 N/A X
(X) = supported w/ dependencies X = supported
Deployment Considerations
• Delegates• Migrated, but mailboxes must be moved at the same time
• Mailbox Permissions• Cross-premises permissions NOT supported• Only explicit permissions get migrated to Exchange Online.
• Multi-forest scenarios are not supported• Interaction with legacy / 3rd party applications• Web Services?• Use an SMTP gateway?
• Bandwidth
Hybrid mailbox moves
ExchangeOn-Prem
“The Internet”
ExchangeOnline
(Office 365)
MRS
Admin
Demo: cross-premise mailbox move
Mailbox moves: user experience
• When using SSO, moves to Exchange online are fully transparent
• Without SSO, users get a new password
• Outlook profile is updated automatically through Autodiscover
Common mistakes/issues
• Certificates• Expired• Not from a trusted source• Missing/Wrong subject (alternative) name
• Single Sign-On• Free/Busy not working• Peers not recognized as “internal”• Outlook-related (e.g. missing updates)
Troubleshooting
• Hybrid Configuration Log Files• <drive>:\Program Files\Microsoft\Exchange Server\V15\Logging\
Update-HybridConfiguration
• Review Federation Information• Get-FederationInformation –DomainName <domainname>
• Review OrganizationRelationShips• Get-OrganizationRelationShip | fl *
• Troubleshoot connection issues (e.g. AutoDiscover/Web Services)• Remote Connectivity Analyzer (www.testexchangeconnectivity.com)
Ex2013 Deployment Assistant
http://technet.microsoft.com/exdeploy2013
Demo: troubleshooting
Key takeaways
1
2
3
Mind the prerequisites! Check certificates.
Use tools like ExDeploy and remote connectivity analyzer to plan and validate your deployment
Review the hybrid configuration logs for more information.
Related Sessions
• Tuesday• Office 365: Do’s and Don’ts (Ilse Van Criekinge)• Troubleshooting Federation, ADFS and More (John Craddock)
• Wednesday• Office 365 ProPlus: Click-to-run deployment and management (Brian
Shiers)• Office 365 Identity Management Options (Jethro Seghers, Michael Van
Horenbeeck)
The result
If you follow the advice from this session, you’ll probably end up with something like this ;-)
THANK YOU!
top related