Please Note: This is made for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Microsoft, Exchange Server, Windows, O365, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. This is made by taking into account of my experience and by referring Wikipedia, Microsoft TechNet Disclaimer
Road2Master Office 365 Hybrid Deployment and Migration Part 1 - Introduction Ashwin Venugopal www.road2master.ms
Know the Voice An Infrastructure consultant with around 8 years of IT industry experience. I m work on Microsoft Infrastructure related products and technologies like Active Directory, Messaging, SCCM, SCOM, Virtualization, Office 365 etc. Welcome and Introduction
Exchange Hybrid Deployment and Migration with Office 365 E-mail Deployment Options Preparing to Deploy The Microsoft Online Services Directory Synchronization tool Mail Routing Migration Methods and Tools Move requests with the Mailbox Replication Service (MRS) Cutover Exchange migration Staged Exchange migration IMAP e-mail migration PST Capture Third-party solutions Agenda
E-mail Deployment Options Hybrid deployment Mailboxes for your organization can reside on-premises in an Exchange organization and in the cloud. In the hybrid deployment scenario, messaging functionality is seamless across the on-premises deployment and the cloud deployment. For the full list of supported features. This hybrid deployment scenario can also include single sign-on, which lets users use their existing Active Directory on-premises credentials to access all on-premises and cloud resources. All mailboxes in the cloud If your long-term goal doesn t require messaging functionality that spans cross-premises, you should plan to move all your mailboxes to the cloud. It may take a week or maybe months to complete the migration, but it s the best option if your long-term goal is to migrate all your mailboxes to the cloud. E-mail Deployment Options
Preparing to Deploy Exchange Online Things to consider Identity management Microsoft Online Services Directory Synchronization tool Mail routing Migration methods and tools Preparing to Deploy Exchange Online
Identity management Non-Federated identity Single sign-on or Federated Identity Non-Federated identity Here all users with mailboxes in the cloud use Office 365-generated credentials to access their Office 365 resources. You can use directory synchronization to automatically provision users from the on-premises Active Directory. Either way, ultimately, credentials are generated and managed by Office 365. If you have an on-premises identity management system such as Active Directory, users will have a set of credentials for their Office 365 resources and a set of credentials for their on-premises resources. The advantage of a non-federated identity management solution is that there is less overhead in deploying and setting up your identity solution. The disadvantage to a non-federated identity solution for organizations that still maintain user resources on-premises is that the user experience is fractured and requires more user education about credential management. Preparing to Deploy Exchange Online
Identity management Non-Federated identity Single sign-on or Federated Identity Single sign-on or Federated Identity When you deploy single sign-on, all users with mailboxes in the cloud use their existing on-premises Active Directory credentials to access both cloud and onpremises resources. You enable this by installing an AD FS server(s) in your on-premises organization. Advantage Users don t need to use different set of credentials. Policy control The administrator can control account policies through Active Directory, which gives the administrator the ability to manage password policies, workstation restrictions, lock-out controls, and more, without having to perform additional tasks in the cloud. Access control The administrator can restrict access to Office 365 so that the services can be accessed through the corporate environment, through online servers, or both. (More) Preparing to Deploy Exchange Online
Identity management Non-Federated identity Single sign-on or Federated Identity Single sign-on or Federated Identity Advantage Reduced support calls Forgotten passwords are a common source of support calls in all companies. If users have fewer passwords to remember, they are less likely to forget them. Security User identities and information are protected because all of the servers and services used in single sign-on are mastered and controlled on-premises. Support for strong authentication You can use strong authentication, also called two-factor authentication, with Office 365. The disadvantage of single sign-on is that you have to install new servers also involves more cost. Preparing to Deploy Exchange Online
Identity management Non-Federated identity Single sign-on or Federated Identity Why Single sign-on or Federated Identity? Single sign-on is recommended, though not required, in the hybrid deployment scenario. Single sign-on may also be a good solution for some large organizations that plan to migrate all mailboxes to Office 365 over many months. NOTE Single sign-on with AD FS requires Active Directory on-premises. Single sign-on requires that you install and run the Microsoft Online Services Directory Synchronization tool. If you deploy AD FS and directory synchronization then you got to perform staged Exchange migration, cut over migration is not possible. Difference between Staged and Cut Over Exchange Migration will be discussed later. Preparing to Deploy Exchange Online
The Microsoft Online Services Directory Synchronization tool Primarily used to synchronize Global Address List Support complex routing scenarios Provision users in a cross-premises deployment By default, the Directory Synchronization tool synchronizes oneway from the on-premises directory to the cloud directory. To enable following features of hybrid deployment, you must grant write access to the Directory Synchronization tool to synchronize some messaging-related user data back into the on-premises Active Directory. Archiving on-premises mailboxes to the cloud Moving mailboxes from the cloud to the on-premises Exchange organization Synchronizing user-managed safe sender and blocked sender lists from the cloud Synchronizing voice mail notifications from the cloud Directory synchronization is required for the following: hybrid deployment; single sign-on; and staged Exchange migration. Directory Synchronization Tool
Mail Routing Generally in a hybrid deployments your MX Record will be pointed to your on-premises Exchange system as the authoritative domain. E-mail to cloud-based recipients is then relayed from the on-premises Exchange organization to the cloud. You can also configure routing for hybrid deployments in such a way that the MX record points to the cloud as the authoritative domain. NOTE: Both cutover Exchange migration and staged Exchange migration manage short-term e-mail synchronization during the migration phase. Cutover Exchange migration synchronizes e-mail using subscriptions until migration is complete. Staged Exchange migration routes e-mail by stamping the cloud target address on the on-premises mailboxes. Mail Routing
Migration Methods and Tools Move requests with the Mailbox Replication Service (MRS) Cutover Exchange migration Staged Exchange migration IMAP e-mail migration PST Capture Third-party solutions Migration Methods and Tools
Move requests with the Mailbox Replication Service (MRS) The Microsoft Exchange Mailbox Replication Service (MRS) resides on all Exchange 2010 Client Access servers and is responsible for mailbox moves Importing and exporting.pst files Restoring disabled and soft-deleted mailboxes. Move requests require a hybrid deployment. Move requests let you move mailboxes back and forth between your on-premises Exchange organization and the cloud. You do this in the Exchange Management Console. Migration Methods and Tools
Cutover Exchange migration Cutover Exchange migration is for organizations that have fewer than 1,000 mailboxes and want to move all mailboxes to the cloud in a single operation. Use E-Mail Migration in the Exchange Control Panel to access the tool. NOTE: Cutover Exchange migration only supports Exchange 2003 or later. If you are running older versions of Exchange, you have to use IMAP e-mail migration or a third-party solution. If you are running Exchange and have more than 1,000 mailboxes, consider using staged Exchange migration. If you plan to deploy single sign-on, run cutover Exchange migration first, and then set up single sign-on (and directory synchronization after the migration is complete). Running directory synchronization before you run cutover Exchange migration will cause the migration to fail. Migration Methods and Tools
Staged Exchange migration Staged Exchange migration is for larger organizations or organizations that want to migrate mailboxes to the cloud over time. In this scenario, you can migrate some mailboxes to the cloud while maintaining the rest of the mailboxes in your on-premises organization. Use E-Mail Migration in the Exchange Control Panel to access the tool. NOTE: Staged Exchange migration has been designed for organizations that plan to move all on-premises Exchange mailboxes to the cloud eventually. Staged Exchange migration only supports Exchange 2003 or Exchange 2007. If you are running older versions of Exchange, you have to use IMAP e-mail migration or a third-party solution. If you are running Exchange 2010, you must implement a hybrid deployment and use move requests to migrate. Staged Exchange migration requires directory synchronization. If you plan to deploy single sign-on as part of your long-term deployment plan, set up single sign-on and directory synchronization before you run the staged Exchange migration. Migration Methods and Tools
IMAP e-mail migration IMAP e-mail migration is designed as a fallback e-mail content migration tool for a wide variety of e-mail servers. If you are running Exchange 2000 Server or Exchange Server 5.5 Service Pack 4, or any other compliant IMAP server, such as Gmail, IMAP e-mail migration is an option. Use E-mail Migration in the Exchange Control Panel and a CSV file. PST Capture Another method for migrating mailbox items to cloud mailboxes is Microsoft Exchange PST Capture. PST Capture lets you search for and collect PST files on computers in your on-premises organization and then import the PST files to cloud mailboxes. Note that you can also use PST Capture to import PST files to on-premises primary or archive mailboxes. Migration Methods and Tools
Third-party solutions Binary Tree BitTitan Cemaphore Quest Metalogix MigrationWiz etc Migration Methods and Tools
END OF PART 1 Thank you for your time Questions? Ashwin Venugopal www.road2master.ms
Please Note: This was made for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Microsoft, Exchange Server, Windows, O365, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. This was made by taking into account of my experience and by referring Microsoft TechNet Disclaimer