Академический Документы
Профессиональный Документы
Культура Документы
in Production: Part 1
October 2013
Session Overview
2
Session Overview
This session details the options and considerations
when expanding a pilot Office 365 environment into a
production deployment. Unlike on-premises
implementations, IT professionals can scale out their
Office 365 tenants with ease. However, with added
scale, it is important to start to automate user
provisioning, add a production domain and set up the
desired workloads
Step 2: Deployment
Overview
4
Pilot
Deploy
Enhance
Core onboarding
Deploy in days
Companywide cloud use
IT led migration
Optional integration
Extend in weeks
Meet business needs
Customized to landscape
What
What
What
How
Service domain
Cloud Identity
Web Client
How
Office client
Self Service
Pilot
complete
Pilot +
IT led migration *
Customer domain
Directory sync
Deploy +
Federation, Hybrid Delegation, and more
How
Password sync
Admin migrations
OnRamp
Deploy
Complete
Deploy+ *
Configure adv.
features
Federated Identity
Exchange Hybrid
Corporate app store
SharePoint Hybrid
Lync Hybrid
3rd party migration
tools
Adopt new
features
Sign-on
Adds on-premises
integration
Pilot user and info is
sustained
IT driven migration
Mail migration that
best fits environment
From Others
User migration (PST
import) or IMAP Migration
New mail file
Collaboration
Clients
Mobile
Administration
Whats Required
Identity
Network
Change management
readiness
Clients
From Others
PST requirement
Pilot
Deploy
Enhance
Cloud Identity
Federated Identity
On-Premises Identity
Federation
Directory Sync
On-Premises Identity
Agenda
What is DirSync?
Purpose What does it do?
Understanding Synchronization
Understanding Coexistence
Understanding Migrations
Self Service
Admin lead
Migration Options
PST migrations
IMAP migrations
Staged Exchange
migrations
What is DirSync?
10
What is DirSync?
Application
x64
Purpose (#1)
Enables
coexistence
12
Purpose (#2)
Enables
Enabler
Not
tool
13
Understanding
Synchronization
14
Synchronization
Synchronize
attribute
What
is synchronized?
Synchronization
Most
Synchronization
16
Synchronization
User
Objects
Synchronization
Group
Objects
Contacts
Objects
Synchronization
New
Existing
19
Synchronization
Existing
20
Synchronization
First
synchronized
Approximately 5000 objects every 45 to 60 minutes
Plan ahead if synchronizing tens or hundreds of thousands of objects
Subsequent
21
Synchronization
Sync Cycle
Active
Directory
Stage 1:
Import Users, Groups,
and Contacts from onOn-premises
Sync Cycle
premises
Stage 4:
Export Write Back
Sync Cycle
attributes
Stage 2:
Import Users, Groups, and
Contacts from Office 365
Exchang
e
User Object
Mailbox-Enabled
ProxyAddresses:
SMTP:
John.Doe@contoso.com
Directory
Synchronizatio
n
22
Office 365
Sync Cycle
Stage 3:
Export Users, Groups, and
Contacts to Office 365
Authentication
Platform
Windows
Azure
Logon Enabled User
ActiveMail-Enabled (not mailbox-enabled)
Directory
ProxyAddresses:
SMTP: John.Doe@contoso.com
Exchange Online
smtp:
John.Doe@contoso.onmicrosoft.com
smtp:
John.Doe@contoso.mail.onmicrosoft.com
TargetAddress:
SMTP: John.Doe@contoso.com
SharePoint Online
Provisioning
Web Service
Lync Online
Synchronization
Once
implemented, on-premises AD
becomes the source of authority for
synchronized objects
Modifications to synchronized objects must occur in the on-premises
AD
Synchronized objects cannot be modified or deleted via the portal
unless DirSync is disabled for the tenant
Scoping/Filtering
Custom scoping of default management agents is officially
supported
23
Synchronization
On-premises
objectGuid AD attribute is
assigned as the value for immutableID
attribute during initial synchronization of an
object
Referred to as a hard match
DirSync knows which Office 365 objects it is the source of authority
DirSync
24
Synchronization
On-premises
proxyAddresses attribute
values are synchronized
Requires a matching verified domain
Updates/modifications to on-premises proxyAddresses attribute are
25
Synchronization
By
Deleted
26
Synchronization
10GB
Authorization
SSL
27
Synchronization
Synchronization
email address
Example
errors include:
OU
Domain-based
User attribute
Step-by-step
TechNet
instructions available on
Password Synchronization
Scheduled to release in CY2013
Understanding
Coexistence
33
What is Coexistence?
Some
Can
SEM Architecture
On-premises Exchange
Org
Office 365
Directory
Synchronization
App
37
Office 365
User Object
Mailbox-Enabled
ProxyAddresses:
SMTP: John.Doe@contoso.com
38
Exchang
e
Message Filtering
Active
Directory
Office 365
MX Record:
contoso.com
Exchang
e
User Object
Mail-Enabled (not mailbox-enabled)
ProxyAddresses:
SMTP: John.Doe@contoso.com
TargetAddresses:
SMTP:
John.Doe@contoso.mail.onmicrosoft.com
DirSync
39
Message Filtering
Active
Directory
MX Record:
contoso.onmicrosoft.com
contoso.mail.onmicrosoft.c
om
On-premises
Exchange
Online
Online
Directory
DirSync Web
Service
MX Record:
contoso.com
Exchang
e
User Object
Mailbox-Enabled
ProxyAddresses:
SMTP:
Jane.Doe@contoso.com
DirSync
40
Message Filtering
Active
Directory
MX Record:
contoso.onmicrosoft.com
contoso.mail.onmicrosoft.c
om
On-premises
Exchange
OnlineLogon Enabled User
Online
Directory
DirSync Web
Service
Understanding
Migrations
42
MigrationCoexistenc
Option Decision Factors
Size
Large
Medium
Small
e
Requiremen
t
Simple
Provisioning
Rich
DirSync
Manual/Bul
k
Provisionin
g
43
Self serve or
Admin Driven
Features by
user type
Cloud or onpremises
tools
Identity
Manageme
nt
Source
Server
Exchange
IMAP
Lotus
Notes
Google
43
| Microsoft Confidential
Time to Value
DEPLOYMEN
T PLAN
Migration
Migration
solution
solution is
is
part
part of
of the
the
plan
plan
In-Cloud
OnPremise
Single
Sign-On
Deployment Type
New mailbox
Self Service
Description
User receives new green
field mailbox i.e. user is
onboarded to without data
migration.
User receives new mailbox and
either attaches or imports PST
files for access to pre-Office
365 data.
User receives new mailbox and
configures connected accounts
via OWA.
User receives a new mailbox
and admin uses PST Export
features of Exchange and 3rd
Party tools to import PST data
into the users Exchange
Online mailbox.
Sta
PST
ged
IMAP
Hyb
Migr
mig
migr
rid
ation
rati
ation
on
Mig
rati
on
IMAP migration
Supports wide range of email platforms
Email only (no calendar, contacts, or tasks)
Hybrid deployment
Hyb
rid
Exchange 5.5
Exchange 2000
Exchange 2003
Exchange 2007
Exchange 2010
Exchange 2013
Notes/Domino
GroupWise
Other
Migration Options
IMAP
Migrations
48
49
Not Migrated
Contacts, Calendars,
Tasks, etc.
Excluded folders
Folders with a forward
slash
( / ) in the folder name
Messages larger than 25
MB
Gather
IMAP
creds,
configur
e IMAP
endpoint
and
prepare
CSV
EAC
Wizard:
Enter
server
settings
and
upload
CSV
Initial
sync
Change
MX
record
Delta
sync
every 24
hours
Mark
migratio
n as
complet
e
Final
sync and
cleanup
IMAP
Migrations
Questions?
Staged
Exchange
Migrations
(SEM)
SEM Requirements
Outlook Anywhere service on source system
(must have SSL certificate issued by a public CA)
Migration Account with Full Access or Receive-As
permissions to all mailboxes that will be migrated
SMTP domain(s) configured in O365 tenant
Directory Sync tool enabled in O365 tenant
(i.e. requires simple coexistence)
55
SEM Limitations
SEM is not supported with Exchange 2010 and
2013
Only simple coexistence is available
(no sharing of free/busy, calendar, etc.)
56
CSV format
EmailAddress, Password, ForceChangePassword
58
Not Migrated
61
EAC
Wizard:
Configu
re
Directo
ry
Sync
Enter
server
setting
s,
admin
creds,
batch
CSV
Migrate
Batch
Convert
onprem
mailbox
es to
MEU
Delete
migrati
on
batch
(option
al)
License
users
Change
MX
Record
Staged
Exchange
Migrations
Questions?
2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be
interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.