460 likes | 591 Views
Exchange Online Notes From The Field…. Neil Johnson Senior Consultant Microsoft Consulting Services, UK Microsoft Corporation. Session Agenda. BPOS Current Version Technology Overview Lessons Learned from the field… Directory Sync Service Sign-Up Client Side Other Stuff.
E N D
Exchange Online Notes From The Field… Neil Johnson Senior Consultant Microsoft Consulting Services, UK Microsoft Corporation
Session Agenda • BPOS Current Version • Technology Overview • Lessons Learned from the field… • Directory Sync • Service Sign-Up • Client Side • Other Stuff
Session Agenda • Office 365 (Next version of BPOS – due H1 2011) • Technology Overview • Lessons learned from the Beta… • Directory Sync and Identity • Prerequisite Requirements • Mailbox Migration
Neil Johnsonwho am i? • 14 years field experience with Exchange • Exchange specialist (Ranger / MCM Exchange 2007 and 2010) • Senior Consultant for Microsoft Consulting, UK • Spent the last 18 months working with Exchange Online • Currently working with Office 365 Beta customers
Presentation Goal “To look at previous deployments of Exchange Online within BPOS and Office 365 Beta and examine the challenges involved, during planning, deployment and migration phases.”
BPOS Technical OverviewCurrent Version • Provides Cloud Services… • Exchange Online • SharePoint Online • OCS Online • Live Meeting • Directory Sync • Tenant Configuration • Sign-in Client • E-mail Co-existence
Directory Sync…Overview • Based on Identity Lifecycle Manager (ILM) • Reads Active Directory objects and attributes • Creates BPOS User Objects • Flows attribute changes between on-premises and BPOS • Simplified install specifically for BPOS What could possibly go wrong? BPOS (Current Version)
Directory SyncThings that you might not expect… • Requires single Active Directory Forest • Resource Forests are 2 Forests! • Forests trusts don’t make 2 Forests = 1 • Yes, you can MAKE it work, but its not supported • Requires a 32bit Server • That means it wont work on 2008 R2! • Requires Enterprise Admin account to install • Manual work-around possible but fiddly BPOS (Current Version)
Directory SyncLessons learned - the hard way… • Validate Active Directory contains GAL information • Outsourced, Cloud based mail service, HMC etc? • Domino, GroupWise etc? • Perform GAL cleanup BEFORE Directory Sync! • 25k default object limit in BPOS • Can be raised via BPOS service request. • SMTP proxyAddresses stop synchronizing once a BPOS user is enabled • Ensure all SMTP domains are verified early! BPOS (Current Version)
Directory SyncMore lessons learned… • Network Connection for Directory Sync? • HTTPS (443/tcp) • Avoid Directory Sync through Proxy! • Error Messages sent to BPOS tenant technical contact • Ensure you can access this mailbox • Even better configure it to be a distribution list • Default Schedule is every 3 hours • Possible to change, but not recommended. • Force via Powershell : start-onlinecoexistencesync BPOS (Current Version)
Infrastructure Readiness Planning…Microsoft Premier Tools and Offerings… • Microsoft Premier Field Engineering can help! • Readiness Analyzer • Checks Exchange Organization • Checks Directory Attributes • Checks Infrastructure prerequisites Top Tip! If you are a Microsoft Premier customer talk to your Technical Account Manager about BPOS/Office 365 readiness offerings. BPOS (Current Version)
Microsoft Online Sign-upTenant Configuration • Sign-up requires Windows Live ID and a service name • Has anyone else registered your company name? • Has anyone completed a BPOS pilot? • Did they register your SMTP namespace? • Does anyone still remember the Admin password? Top Tip! Someone in your organisation may have already completed a Microsoft Online Services trial – this trial service may block you from creating your real tenant if the service name and SMTP domain names are already in use! BPOS (Current Version)
Microsoft Online Single Sign in ClientThe Client… “SIC” for short… • What does it do? • Caches user passwords • Configures Client Applications (Outlook, Communicator, IE, etc) • What doesn't it do? • Connect if the client time is more than 5 minutes out • Connect through a Proxy that requires NTLM Authentication • Work without .NET 2.0 BPOS (Current Version)
Passwords…The Client… password caching comes back to bite us… • No Password Synchronisation Provided • Password complexity rules? • Should you change on-premises to match BPOS? • Password Expiry Schedule? • On Day 1 the passwords may match • By Day 101 they probably wont match! Top Tip! Some of our partners have stepped up to solve this problem – if you are in this situation they may be worth a look. BPOS (Current Version)
Performance…The Client… were going to need a considerably bigger pipe… • All BPOS Services run over HTTPS via your Internet connection. • Have you scaled your Internet connection? • Have you scaled your Firewalls? • Have you scaled your Proxy Servers? • Everything in-between the end-user and BPOS is potentially adding latency, LATENCY=BAD! Top Tip! Where possible try to engineer the most direct path between end users and your cloud services – sending 10k Outlook users via HTTPS through your 32bit proxy server is potentially a recipe for disaster. Shameless Plug! I am running an Interactive session (UNC323-IS) on Friday from 12:30 – 13:30 in (Hall 3.2 Interactive 5) where I will discuss performance and network scaling techniques in more detail… BPOS (Current Version)
E-mail Message Flow and Message HygieneService coexistence… • BPOS will act as another Server for your E-mail domains • They need to be added to your SPF record • Your inbound MTA needs to whitelist BPOS (& Vice Versa) • BPOS has a 25MB attachment limit • What is your internal attachment limit? • BPOS uses FOPE for SPAM and will send out a SPAM digest • End user education – will they know where to look? • No Cross Premises Availability (Free/Busy) Data • Migrate user departments or communities in groups BPOS (Current Version)
Mail Migration…Data Migration… what goes up must come down! • Migration Throughput • Highly dependent on mailbox item count • Consider using multiple migration servers • Are you migrating data through your proxy servers? • BPOS/S SIC Configures Outlook in Cached mode • This is generally a good thing! • However… • Mailbox migrations in Wave 12 require OST resynchronization • If you migrate 1GB to the cloud, you need to sync 1GB back down to the client… BPOS (Current Version)
Mailbox SizesIs Bigger Always Better? • BPOS/S Allows a 25GB Mailbox! • Outlook 2003 doesn’t work so well with large OST files… • Old laptop hardware doesn't handle large OST files so well either… • Roaming users?? Imagine the fun Top Tip! Just because you CAN provide a 25GB mailbox doesn't necessarily mean that you should! Another Top Tip! If you ARE going to provision 25GB Mailboxes consider Outlook 2010 ..and one Final Top Tip! Educate Roaming users to the benefits of OWA BPOS (Current Version)
BPOS Exchange 2003Public Folders? • Public Folders are not supported • BPOS users cannot use PF data on-premises! • Plan to migrate PF data BEFORE migrating to BPOS Top Tip! Reference the following White Paper for more information on Public Folder migration when moving to BPOS. http://www.microsoft.com/downloads/en/details.aspx?familyid=07BED889-7EE1-42FA-96B1-E03DEEF18CE5&displaylang=en BPOS (Current Version)
Terminology… …now the marketing guys have decided on a name we will start calling it “Office 365”… … however I may accidentally refer to it as Wave 14 or V2… … I may also refer to the current version as Wave 12 or V1 or BPOS…
Office 365 Technical OverviewNext Version.. H1 2011 • Provides Better! Cloud Services… • Exchange 2010 Online • SharePoint 2010 Online • Lync 2010 Online • Live Meeting • Improved Directory Sync • Identity Federation • Improved Migration • Rich Exchange Coexistence
Things that are fixed…Stuff we don’t need to worry about anymore… • Directory Sync • proxyAddresses now always flowed to Office 365 user object • Client • No more Outlook 2003 • No more Single Sign In Client • No need for password sync with ADFS deployed! • Migration and Coexistence • No more OST resynchronization after migration • Free/Busy data available cross premises • Online migration possible from Exchange 2010 to Office 365 Office 365
New Stuff to Worry About…or… “Notes from the Technical Preview and Beta program”
Identity Federation with ADFSWhat is Office 365 identity federation? • Provides single user identity • No more password synchronization problems • Single master directory of identity (Active Directory) • Based on industry standards • Can be used with other cloud services • Not enabled by default • Configured on a per domain basis. Office 365
Identity Federation with ADFSWhat is my userPrincipalName? • ADFS Sounds Great, so what's the problem? • ADFS uses AD userPrincipalName for account ID in Office 365 • UPN domain defaults to the Forest Name • Many Forest Names are agnostic and can’t be registered in public DNS • forest.local • company.ad • ….which means that ADFS cannot be configured Top Tip! Update all UPN’s to match user E-mail addresses – this may require re-distribution of user certificates. Top Tip! To perform a small user trial use Active Directory Domains and Trusts to add in a valid UPN suffix then create some test users with the new UPN suffix. Office 365
Identity Federation with ADFSMaking things highly available… • Once Identity Federation is Enabled ADFS MUST be available! • No ADFS = No Office 365 • ADFS Planning and Design becomes critical for success Top Tip! Begin planning for ADFS publishing early in the project and ensure that ADFS infrastructure is available throughout your organization. Office 365
The Client…what's not supported.. • Outlook 2003 not supported • IE6 not supported • Windows XP SP2 not supported Top Tip! Spend time to ensure that your desktop meets the recommended requirements for the service! Desktop upgrades are generally a slow process and can add significant delay. I have some customers that are still working on this – months later… Office 365
MigrationData Migration… certified? • Office 365 uses Exchange 2010 CAS MRS Service • This is a GREAT thing! • Mailbox GUID is persisted so no more OST resync • However… • The MRS service “pulls” data from on-premises CAS • This means you need to publish Exchange 2010 CAS EWS Service • It also means that you need a trusted public certificate! Top Tip! Plan to publish Exchange 2010 services from the outset even if you do not publish them now! Office 365
Office 365 Exchange 2003Public Folders? • Public Folders are still not supported • Office 365 users cannot use PF data on-premises! • Plan to migrate PF data BEFORE migrating to Office 365 • Office 365 uses Exchange 2010 Availability Service • Provides cross-forest Availability! • Where on-premises Exchange is still 2003 • Requires PF Database on Exchange 2010 CAS Server • Does NOT require all PF replicas • Just SCHEDULE+FREE/BUSY replica Office 365
Public Folder Migration…Migrating from Public Folders to BPOS Whitepaper… Migrate from Exchange Public Folders to Microsoft Business Productivity Online Standard Suite http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=07bed889-7ee1-42fa-96b1-e03deef18ce5#QuickDetails Office 365
Top Tips List for Migrating to Exchange OnlineAll versions, past and present
Top Tips List…AWise Man Once Said… • Begin planning early. • Understand the impact to YOUR business • Define your functional requirements. • Don’t assume that because you can do it on-premises you can do it in a cloud environment. • Conduct a thorough proof of concept. • Use your functional requirements list to generate a test plan and work through it. Then perform GAP analysis. • Be prepared to change the way you do things. Office 365
UNC323-IS “Open Forum - Q & A’s on Exchange Online“ Hall 3.2 Interactive 5 Friday, November 12 12:30 PM - 1:30 PM
Question-time… Please be gentle – I’m new to this
Session Evaluations Tell us what you think, and you could win! All evaluations submitted are automatically entered into a daily prize draw* Sign-in to the Schedule Builder at http://europe.msteched.com/topic/list/ * Details of prize draw rules can be obtained from the Information Desk.
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Password PolicyThe Details • Password expiry BPOS = 90 days • Password complexity rules? • The current BPOS password policy is at least 7 characters, and must contain three of the following character types: • Uppercase • Lowercase • Numeral • Non-alphanumeric characters ` ~ ! @ # $ % ^ & * ( ) _ + - = { } | [ ] \ : " ; ' < > ? , . /
Password PolicyThe Details • In addition the following rules apply: • Cannot reuse any of the last 24 passwords • Passwords expire every 90 days • Cannot change the password more than once in any 24 hour period • New parameters added to the MOSI API • StrongPasswordRequired Boolean • PasswordExpiry Boolean