1 / 49

Sofia Event Center 21-22 ноември 2013 г.

Sofia Event Center 21-22 ноември 2013 г. Преходът към Office365 – различни сценарии, но винаги полезни . Христо Христов Service Centrix Ltd. Introducing the FastTrack Deployment Methodology

tovah
Download Presentation

Sofia Event Center 21-22 ноември 2013 г.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Sofia Event Center 21-22 ноември 2013 г. Преходът към Office365 – различни сценарии, но винаги полезни Христо Христов Service Centrix Ltd.

  2. Introducing the FastTrack Deployment Methodology Components and Scenarios of Office 365 solutions Microsoft Consulting Services Customer scenarios: Prista Oil, Contoso Ltd. Additional tools and information Q&A Agenda

  3. Traditional Deployment Methodology Disadvantages of the Traditional Approach The FastTrack Deployment Process Advantages of the FastTrack Approach The FastTrack Phases Introducing the FastTrack Deployment Methodology

  4. Traditional Deployment Methodology Note: Timeline in Weeks

  5. Disadvantages of the Traditional Approach First Mailbox Note: Timeline in Weeks Do not treat a cloud deployment like an on-premises deployment

  6. The FastTrack Deployment Process Gain real world benefits Achieve production use Implement full features; meet organizational needs Experience value early; discover cloud advantage

  7. Advantages of the FastTrack Approach • No throw-away effort on a production pilot • Full Office 365 user experience with minimal on-premises requirements • Reduced time to value against effort invested • Multiple data migration methods: • New mailbox, self-service, and IT managed • Range of identity options: • Cloud IDs, synchronized IDs, password sync, and federated IDs • Deployment portal with prescriptive guidance • http://fasttrack.office.com/

  8. Core Components of Office 365 Core Identity Scenarios with Office 365 Core Messaging Scenarios with Office 365 Core Lync Scenarios with Office 365 Core SharePoint Scenarios with Office 365 Core Client Scenarios with Office 365 Office 365 Capability Matrix per Deployment Step Components and Scenarios of Office 365 solutions

  9. Core Components of Office 365 Exchange Online SharePoint Online Lync Online Office 365 ProPlus Windows Azure Active Directory

  10. Core Identity Scenarios with Office 365 CloudIdentity Directory Synchronization Federated Identity Windows Azure Active Directory Windows Azure Active Directory Windows Azure Active Directory Webform or Upload DirSync/ PasswordSync Directory Sync Federation On-Premises Identity On-Premises Identity • Single identity in the cloud Suitable for small organizations with no integration to on-premises directories Single identitysuitable for medium and large organizations without federation Single federated identity and credentials suitable for medium and large organizations

  11. Office 365 Capability Matrix per Deployment Step

  12. Core Messaging Scenarios with Office 365 Simple Coexistence Federated Coexistence No Coexistence Exchange Online Exchange Online Exchange Online Service Generated Namespace New NameSpace Calendar Sharing Exch Federation Shared Namespace Onboarding/Offboarding Mail routing between on-premises and Office 365

  13. Office 365 Capability Matrix per Deployment Step Exchange

  14. Core Lync Scenarios with Office 365 Enterprise Features Advanced Features Basic Features Lync Online Lync Online Lync Online Lync External Federation IM & Presence PBX Integration IM & Presence Lync Hybrid AV Conferencing

  15. Office 365 Capability Matrix per Deployment Step Lync

  16. Core SharePoint Scenarios with Office 365 Basic Web Page Site Collections/Team Sites User Sites SharePoint Online SharePoint Online SharePoint Online News Feeds SkyDrive Pro External Web Page Site Collection Team Sites Sub Sites

  17. Office 365 Capability Matrix per Deployment Step SharePoint

  18. Core Client Scenarios with Office 365 All Clients Web Based Clients Browser Based Browser Based + Outlook Web Access Office Pro Plus Lync Web Access Lync Office2007/2010/2013 Office Web Apps Office Pro Plus – self service optional

  19. MCS Customer scenario: Prista Oil

  20. Customer Information • PRISTA OIL GROUP is a holding structure, with two main activities: • Production and trading of motor and industrial oils, greases and special fluids • Battery Business – part of the MONBAT structure (one of the blue chips on Sofia Stock Exchange) • PRISTA OIL has its own production facilities in Bulgaria, Turkey and Hungary • PRISTA OIL HOLDING EAD isoperating in more than 20 countries in Central and Eastern Europe, Near and Middle East, as well as in Ukraine, Georgia, Kazakhstan and others

  21. Existing Environment • Two locations in Bulgaria with several hundreds of users • Several locations with less than 100 users • AD was partially deployed in PristaOil • Different mail services (Qmail) and mail address spaces were implemented in Bulgarian locations • Variety of e-mail clients are currently used – Outlook, Outlook Express and Thunderbird • An existing trial of Office 365 service was used • Business location outside Bulgaria have heterogeneous e-mail systems - Exchange, MDaemon, cloud based and etc.

  22. Project Objectives and Team • Design and optimization of IT infrastructure services • Design and implementation of Active Directory services • Provide Exchange Online Services • Develop unified workstations images with management • Provide a new solution services for pilot users Project team includes experts from: • Microsoft Consulting Services • Service Centrix • Prista Oil IT department

  23. Project Scope – Exchange Online Services • Subscription to Office 365 service and verification of the SMTP domains for Prista Oil in Office 365. • Implementation of Office 365 Directory synchronization and PasswordSync • Configuration of coexistence with Office 365. • Establish mail flow between QmailServers on-premises and Exchange Online. • Configure coexistence and changes in domain name system (DNS) and firewalls. • Migration of pilot mailboxes to Exchange Online.

  24. Directory Synchronization – Objects Flow Sync Cycle Stage 1: Import Users, Groups, and Contacts from on-premises On-premises Office 365 Sync Cycle Stage 4: Export “Write Back” attributes Sync Cycle Stage 2: Import Users, Groups, and Contacts from Office 365 Sync Cycle Stage 3: Export Users, Groups, and Contacts to Office 365 Authentication Platform Active Directory Exchange Windows Azure Active Directory User Object Mailbox-Enabled ProxyAddresses: SMTP: John.Doe@contoso.com Logon Enabled User Mail-Enabled (not mailbox-enabled) ProxyAddresses: SMTP: John.Doe@contoso.com smtp: John.Doe@contoso.onmicrosoft.com smtp: John.Doe@contoso.mail.onmicrosoft.com TargetAddress: SMTP: John.Doe@contoso.com Exchange Online SharePoint Online Directory Synchronization Provisioning Web Service Lync Online

  25. Password Synchronization • Introduced with DirSync in June 2013 • Benefits of using Password Sync as an alternative to Federated Authentication • “Single set of credentials” to access both on-premises and online resources • Managed in the customer’s Active Directory and is synchronized with Office 365 (username + password) • Fully integrated in the DirSync appliance • No requirement for Active Directory Federation Services. • Keeps the deployment simple and eliminates IT costs associated with AD/FS

  26. Email Migration Factor Triage Rich Exchange Server Exchange 2003 or later Which Exchange Server Version? Is there any need for long-term mail co-existence? What is the current email system? Yes Hybrid Exchange Third-party Exchange 2000 or earlier No Coexistence 2,000 or over Is there any need for long-term mail co-existence? How many users are there? How do clients connect? IMAP Yes Cross-Premises Coexistence POP3 or proprietary No Under 2,000 Simple 2,000 or over Can it be configured for IMAP? How many users are there? Yes Want more than just email folders Under 2,000 No Staged Exchange or IMAP migration Temporary PST migration or 3rd party migration tool Cutover Exchange migration IMAP migration Migration

  27. IMAP Migration Prepare for IMAP Migration Create a CSVs for IMAP Migration Create IMAP Migration Endpoint Start IMAP Migration Batch Delete IMAP Migration Batches Create IMAP Migration Batch Configure MX Record Pointing to Office 365

  28. IMAP Migration Process Prepare for IMAP Migration Configure IMAP server to accept connections from Office 365 (port TCP/143 or TCP/993) Add and verify email domain in Office 365 Create users and mailboxes in Office 365 -> Manual/Bulk/DirSync Best practices Reconfigure MX record TTL to 15 mins Create a dedicated migration admin user Add permissions to the migration admin If not possible: collect user passwords

  29. IMAP Migration Process Start IMAP Migration Batch Create IMAP Migration Batch User list is defined in CSV files Multiple migration batches CSV file limits: 50,000 rows, max 10 MB Best practices Keep CSV files at secure location Newly arriving emails land where MX record points to - no redirection Client software reconfiguration (pointing to ExO)

  30. MCS Customer scenario: Contoso Ltd.

  31. Customer Information • Contoso Ltd. is part of international group and offers broad range of telecommunications services • Operates in Bulgaria • Provides hosting services for group companies and partners

  32. Existing Environment • Two locations in Bulgaria with several hundreds of users • Several locations with less than 100 users • Existing Active Directory forest with multiple domains • Messaging infrastructure based on Exchange Server 2007 • Unified Communications based on Lync Server 2010

  33. Project Objectives and Team • Enable Office 365 services for Contoso users • Demonstrate the benefits of using Microsoft Online services • Drive business agility • Improve operational effectiveness of users and IT staff Project team includes experts from: • Microsoft Consulting Services • Service Centrix • Contoso Ltd. IT department

  34. Project Scope – Exchange and Lync Online Services • Subscription to Office 365 service and verification of the SMTP domains for Contoso in Office 365. • Establishment of federation trust with Office 365 • Implementation of Office 365 Directory synchronization. • Configuration of hybrid coexistence with Exchange Online • Configuration of hybrid coexistence with Lync Online • Migration of pilot users to Exchange and Lync Online.

  35. Federated Identity Authentication Windows Azure Active Directory Office 365 Admin Portal OAuth2 Office Activation Service Authorization Metadata Exchange Mailbox Access SAML-P … Graph API WS-Federation One way trust On Premises Active Directory Federation Services DirSync Active Directory

  36. Exchange Hybrid Overview Federation trust Delegated authentication for on-premises/cloud web services Enables free/busy, calendar sharing, message tracking & online archive Native mailbox move Online mailbox moves Preserve the Outlook profile and offline folders Leverages the Mailbox Replication Service (MRS) Integrated admin experience Manage all of your Exchange functions, whether cloud or on-premises from the same place: Exchange Admin Center Secure mail flow Authenticated and encrypted mail flow between on-premises and the cloud Preserves the internal Exchange messages headers, allowing a seamless end user experience Support for compliance mail flow scenarios (centralized transport)

  37. Exchange Hybrid Server Roles On-premises Exchange organization Active Directory Federation Services Office 365 Office 365 Federated Trust Office 365 Active Directory synchronization User, contacts, & groups via DirSync Secure mail flow Sharing (free/busy, Mail Tips, archive, etc.) Existing Exchange environment (Exchange 2007 or later) Mailbox data via Mailbox Replication Service (MRS) Exchange 2013 client access & mailbox server

  38. Exchange 2013 hybrid deployment • Prepare • Install Exchange SP and/or updates across the ORG • Prepare AD with E2013 schema • Deploy Exchange 2013 servers • Install both E2013 MBX and CAS servers • Set an ExternalUrl and enable the MRSProxyon the Exchange Web Services vdir • Obtain and deploy Certificates • Obtain and deploy certificates on E2013 CAS servers • Publish protocols externally • Create public DNS A records for the EWS and SMTP endpoints • Validate using Remote Connectivity Analyzer • Switch autodiscover namespace to E2013 CAS • Change the public autodiscover DNS record to resolve to E2013 CAS • Run the Hybrid Configuration Wizard • Move mailboxes Office 365 From an existing Exchange 2007 or 2010 environment—no Edge Transport server Clients autodiscover.contoso.com mail.contoso.com 5 5 1 1 2 2 4 4 EWS SMTP E2010 or 2007 Hub E2010 or 2007 CAS Exchange 2010 or 2007 Servers 3 3 E2013 CAS SP3/RU10 SP3/RU10 6 6 7 E2010 or 2007 MBX Internet-facing site Intranet site E2013 MBX

  39. Lync 2013 Hybrid Coexistence Office 365 Lync Online Exchange Online SharePoint Online Interoperability—IM/P, Federation, OWA, UM Lync Federation Edge Microsoft Federation Gateway Directory sync Sign-on and authentication Edge Integration between local IT systems and the cloud Lync 2010+ Pool Directory Sync AD FS v2 DirSync—Provisioning, GAL Same as Exchange Federation for SSO Active Directory Lync 2010 Pool Legacy OCS 2007 R2 Lync Hybrid Interoperability

  40. Lync Hybrid—Checklist

  41. Office 365 Tools • https://portal.microsoftonline.com/Tools • OnRamp - https://onramp.office365.com/onramp/ • Office 365 Best Practices Analyzer for Exchange Server 2013 (beta) • Microsoft Connectivity Analyzer • http://community.office365.com/en-us/wikis/diagnostic_tools/default.aspx • Exchange Online PowerShell • IdFixDirSync Error Remediation Tool • Lync Online Transport Reliability IP Probe (TRIPP) Tool • Microsoft Online Services Diagnostics and Logging (MOSDAL) Support Toolkit • Microsoft Outlook Configuration Analyzer Tool (OCAT) • Windows Azure Active Directory Module for Windows PowerShell

  42. Office 365 Resources • Office 365 FastTrack Deployment Center • Office Ignite Readiness • TechNet Center for Office 365 • TechNet Center for the new Office • Office IT Pro Blog • Office 365 Trust Center • Office 365 Service Descriptions • Service Updates for Office 365 for Enterprises • Microsoft Planning Services

  43. Customer Immersion Experience (CIE) If you would like to implement the technologies that you just saw in your organization, then join us for a Customer Immersion Experience (CIE), a hands-on introduction to Windows 8 and the new Office, new servers for business productivity as well as a variety of other Microsoft technologies, including Windows Phone, and Dynamics CRM. A CIE is not a generic demo about all the features Microsoft products offer. It's a true-to-life user experience that takes you through common work-related scenarios such as staying productive while mobile, using social networking to get work done, and connecting in real time with coworkers. It also gives you a first-hand look at the fast and fluid experience of Windows 8 and the exciting features of the new Office across a variety of devices, including tablets, PCs, and smartphones. If you are interested please fill in the feedback form by choosing CIE workshop. Thank you!

  44. Споделете вашата обратна връзка за тази сесия и за цялостната организация на конференцията http://aka.ms/incharge и участвайте в томболата за HTC 8S и други награди!

  45. Hybrid mail flow enhancements Enhanced Secure Mail feature Certificate based attribution for mail flow connectors - no more static IP address lists Explicit TLS certificate selection avoids certificate conflicts Remote domains no longer required for secure mailzSimplerconfiguration and troubleshooting Centralized Transport feature supports more mail flow paths Edge Server support – Edge Transport Server 2010

  46. Secure Mail Internet On-premises organization MX resolves to on-premises gateway MX is switched to Exchange Online Protection Outbound Exchange Online traffic is delivered direct You can choose to route outbound on-premises mail via EOP External recipient Third Party Email Security System Secure Mail Exchange Online Protection Encrypted & authenticated mail flow Exchange Online Exchange DAVIDOn-premises mailbox CHRISCloud mailbox

  47. Things to remember about Secure Mail All email between Exchange on-premises and Exchange Online is encrypted and authenticated Internal mail flow going from Exchange to Exchange must go direct and not through 3rd party gateways External (Internet) mail can be routed to wherever you choose – on premises, 3rd party service, EOP The MX record for the domain controls where inbound external email is received The hybrid wizard’s “OnPremisesSmartHost” property controls the flow of internal mail from Exchange Online to Exchange on-premises The FQDN defined within OnPremisesSmartHost can be: A single Exchange 2013 CAS or 2010 Edge server Multiple round robin Exchange 2013 CAS or 2010 Edge servers Multiple load balanced Exchange 2013 CAS or 2010 Edge servers (recommended) If you want outbound email from on-premises to the Internet to go through EOP you need to create an extra “*.*” send connector that forwards all mail to EOP

  48. Secure Mail Internet On-premises organization MX resolves to on-premises gateway MX is switched to Exchange Online Protection All email in and out of the Exchange Online tenant must go via on-premises External recipient Third-party email security system Exchange Online Protection Secure Mail Encrypted & authenticated mail flow Exchange Online Exchange DAVIDOn-premises mailbox CHRISCloud mailbox

  49. Things to remember about Centralized Transport It is built on top of Secure Mail You cannot enable Centralized Transport without it All email in and out of Exchange Online is routed via on-premises Unless you have a business requirement to route mail via on-premises you do not need to enable it You can now route inbound Internet email to Exchange Online Protection even when Centralized Transport is turned on No more need for FOPE “duplicate domains”, multiple FOPE companies. It simply works out of the box

More Related