Hybrid Exchange deployments: Highlights from Ignite
Last week during Microsoft's Ignite conference, I had the pleasure to co-present a session with...
MEC in Austin, TX covered all aspects of Exchange including Office 365, On-Premise and Hybrid configurations. Microsoft is working hard to simplify all of these deployments for their customers and there were some exciting takeaways in all of these areas, but for this article I will focus on Hybrid configurations.
There are a many reasons an organization may consider a hybrid email configuration. Hybrid can be used as a stepping stone for moving organizational email to Office 365, it can be used as an option for your archived mail or there may be use cases where some of your mailboxes will be hosted within Office 365 and some remain within Exchange On-Premise. Before starting, determine your organizational use cases since there are many possible Exchange hybrid deployment choices.
There are several different migration options for Office 365. Microsoft provides “cutover migrations” where an organization works toward moving their email to the cloud in a very short time window such as over a weekend. They also support “staged migrations” where an organization can move to Office 365 over a period of time such as several months. Alternatively, a hybrid configuration can be the end result where some of your organizational email is stored in the cloud and some is maintained On-Premise.
Benefits to a hybrid migration to office 365 are “rich coexistence” which includes the ability to see free busy calendaring and secure mail flow between your on-premise deployment and your Office 365 tenant. With the correct hybrid design, the user will not be aware of whether the mailbox is setup in Office 365 or Exchange On-Premise. With all of these options organizations have the ability to pick the right combination for their needs.
The conference sessions did bust a few myths about hybrid deployments that are worth recognizing. First there is a misconception that organizations must use hybrid configurations to move to Office 365. The reality is that this is not true, but depending on the user experience you wish to provide and the migration approach used, Hybrid will potentially be the best option. For example, your organization might be considering a “staged migration” and the goal is for the user experience to be as seamless as possible. The recommended approach would involve a hybrid configuration to move to Office 365. The overall process will be more seamless to the user and provide a more robust experience.
The other myth is that Dirsync or federated Active Directory is absolutely required to move to Office 365. However, it should be noted that it is a requirement for hybrid deployments. Again this will depend on the decisions you make about how you wish to get there. If your organization prefers to have their users access their mail through the same account they use when they are working locally and on-premise, then Dirsync with/without password sync or Federated Active Directory Federation will be required to provide this experience to the end-user.
Hybrid Configuration Wizard
Over time, the Hybrid Configuration Wizard has improved greatly. Microsoft is continually working to improve the experience for their hybrid deployments. In fact there was a time when there wasn’t a wizard, but rather a 60+ page document to follow instead. In time the actual wizard was introduced, but still took a considerable amount of time to run through. As demonstrated at MEC, the hybrid configuration wizard can be run in as little as 10 minutes. They were also proud to state that this wizard is also stateless which means it simply can just be run again as needed if there are any deployment issues.
Microsoft has also made strides in improving the mail-flow capabilities for hybrid configurations. Key takeaways for mail routing are that Office 365 doesn’t use MX records for outbound mail routing and relies on the Fully Qualified Domain Name (FQDN) to deliver mail. Email messages are secured between Office 365 and Exchange On-Premise through your Exchange send and receive connectors which are configured by the Hybrid Wizard. All messages are encrypted via TLS.
Other Noteworthy Value-Adds
There are many other new features that have been added to the latest Exchange product-sets that benefit Hybrid Exchange deployments. There is integrated support for Edge Transport server which aligns with the reintroduction of this role with Exchange 2013 SP1. Logging has been improved so that it is easier to determine whether or not the entry was for Exchange On-Premise or Office 365. There is now support for multiple Exchange organizations with a single Office 365 tenant. Centrally manage your Office 365 and Exchange On-Premise users through the same Exchange Admin Center. Enjoy the benefits of cross-premise calendaring and free/busy functionality across Office 365 and On-Premise deployments.
With any product deployment with any vendor there are always considerations to deployment success. MEC sessions called out calendar delegates as one of these considerations. The recommendation for delegate success is to move delegates to Office 365 with the mailboxes of those individuals they manage. Other suggestions included taking a close look at mailbox permissions, because only explicit permissions will be migrated to Office 365. Also called out was that cross-premise permissions are NOT supported. Be sure to test any interactions with legacy or 3rd party applications, determine which certificates are required, evaluate your data footprint and network bandwidth. Being thoughtful of these considerations will lead to the best possible experience for your users.
Hybrid Exchange may or may not be the right decision for your organization, but it great to see the product growth and the great strides toward simplifying the design and setup process.
Be sure to check out ENow's "Top 5 Exchange Hybrid Considerations" on-demand webinar.
Exchange administrators are using Mailscape for Exchange Online to accelerate the setup and configuration of their Hybrid deployments. Mailscape automatically tests that the networking components, mail flow, Active Directory Federation Services, and DirSync components are setup correctly.
Theresa is a Sr. Technical Systems Administrator and has been working as a technical expert in IT for over 18 years. Theresa has her MCSE, CCA and EPIC ECSM certifications. Her areas of expertise are in the areas of Exchange, Active Directory, Lync, SharePoint and Citrix XenApp. She has architected, designed, implemented and led complex projects in all of these areas. She also is a public speaker, speaking at events such as Briforum 2013 and upcoming will be at E2E Virtulization conference in May 2014.