Calendar Sharing and Federation in Microsoft Exchange Server 2010 - PowerPoint PPT Presentation

slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Calendar Sharing and Federation in Microsoft Exchange Server 2010 PowerPoint Presentation
Download Presentation
Calendar Sharing and Federation in Microsoft Exchange Server 2010

play fullscreen
1 / 26
Calendar Sharing and Federation in Microsoft Exchange Server 2010
Download Presentation
Download Presentation

Calendar Sharing and Federation in Microsoft Exchange Server 2010

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Calendar Sharing and Federation in Microsoft Exchange Server 2010 Crystal Flores Program Manager Microsoft UNC 317

  2. Outline • Sharing Goals • How Federated Sharing Works in Exchange 2010 • Free Busy • Calendar and Contact Sharing • Role of Microsoft Federation Gateway • Sharing Policy Not addressing Exchange Online, SSO

  3. Exchange 2010 Sharing Goals Sharing Relationships • Make it convenient • Users can share easily • Low admin overhead • Leverage relationships • Make it secure • Set the sharing dial • Allow admin to scope • Avoid exposure Mary Joe people orgs Sharing Dial DISCOVER MANAGE VIEW EDIT

  4. How Should Free Busy Work? Viewing free busy for someone else should be as simple as typing in their e-mail address. External Contact Free/Busy Information

  5. Cross Org Free Busy Solution • Current Overhead • Data replication • Credential Management • Service Accounts • AD Replication • Exchange 2010 Solution • No data replication • No credentials needed • No account management • No AD replication

  6. Federation for Secure Sharing • Federation Details • Microsoft Federation Gateway • Secure Token Service Provider • Free Service • One time set up • Requires proof of ownership • One-to-Many Trust Relationship • Secure access to any other “member” • No certificate management overhead

  7. Benefits of Exchange 2010 Federation • Federated Sharing provides • Easy setup of external data sharing • Broader reach without additional steps to setup • More secure with controls for admins and users

  8. Free Busy – WS and FederationExchange2010 Contoso Fabrikam No user action or client publishing Mary Joe Free busy request Free busy response fabrikam\mary Convenient Admin controls which users participate Token: Client Access No user action required No directory replication Client Access No service accounts, no replication Federated token No AD trusts or service accounts Org Relationship Org Relationship Microsoft Federation Gateway Secure Admin controls which orgs have access Mailbox Can specify external users Federated Trust Federated Trust Admin can control per user

  9. Establishing Federation in Exchange 2010One-time setup Federation Gateway Fabrikam Contoso Certificate Certificate Certificate Federation trust Organization ID: C293… URL: http://... Federation trust Organization ID: A154… URL: http://... Organization Id: A154… Domains: Organization Id: C293… Domains: DNS Record DNS Record TXT appId= A154… TXT appId= C293… • Step 1 – Create trust with certificate exchange • Step 2 – Prove domain ownership • Step 3 – Add domains

  10. Federation Certificate Management AD FederationTrust object Federation Gateway Reads the certificate from local machine store and set thumbprint in Active Directory. Current Certificate: 1 New-FederationTrust –thumbprint 1 Uploads public cert to gateway Organization Id: A154… Public Cert: 1 2010 Admin Box Securely installs certificate to all CAS/HUB servers in the same site the task runs Certificate 1 Certificate 1 Certificate 1 2010 CAS/HUB 2010 CAS/HUB Machine where task is run Cert distribution Service Local service pulls cert from remote sites to all CAS/HUB servers based on thumbprint information in AD Local cert store Servers in same site where task is run Servers in other sites Import-ExchangeCertificate Imports certificate from a file into the local machine’s certificate store Local cert store Local cert store

  11. Organization Relationship CommandsConfigure Per Organization • Enter External Org Info • Domain name, endpoint • Discover info with cmdlet • Set the dial • Maximum level of detail • Scope target users • Specify which users in your org will share their free busy • Does not restrict outbound free busy requests Get-FederationInformation –DomainName | New-OrganizationalRelationship Set-OrganizationRelationship –FreeBusyAccessEnabled $TRUE -FreeBusyAccessLevel freebusy Set-OrganizationRelationship -FreeBusyAccessScope department1 orgs • Org-level relationship removes need for individual AD recipients

  12. Federated Free Busy Access 1 5 Free busy request Free busy request Mary Fabrikam Contoso Federated Token 8 7 Free busy response Free busy response CAS CAS Org-Org relationship Domain: Freebusy: true Level: Free busy Group: Department1 … Org-Org relationship Domain: Endpoint: https://... … Crack token, lookup info for requesting org, and enforce restrictions 6 Lookup info for target org Organization Id: A154… Domains: 2 3 4 All connections over SSL Organization Id: C293… Domains: Encrypted token has requestor’s e-mail address, can only be cracked by target org Exchange server submits signed request for token on behalf of user Token request Alias: To: For: Free busy Federated Token Alias: To: For: Free busy No e-mail addresses are stored in the cloud No accounts need to be managed MS Federation Gateway Gateway verifies signature, ensures e-mail alias matches domains Signs token and encrypts with target org’spublic key Encrypted

  13. Exchange 2010 Federated Free BusyInterop with Exchange 2007 • Use Exchange 2010 to proxy down-level requests • Configure Exchange 2007 SP2 to proxy requests to Exchange 2010 • Outlook 2007 still requires recipients in AD Free busy request Add-AvailabilityAddressSpace -ForestName -AccessMethodInternalProxy Exchange 2010 Client Access Server Exchange 2007 SP2 Client Access Server Fabrikam

  14. Federated Calendar Sharing • Uses federation infrastructure • Requires federation trust, but notorg-org relationship • Ad-hoc, person-person sharing • Does not require person to be in the GAL • Relationship created with sharing invitation • Server maintains calendar subscription • Updated when user views the calendar • Server uses federated token to fetch data on user’s behalf • Can be viewed by any client that views mailbox folders • Attachments, attendees never not brought over • Exchange Web Services supports invitation, sync Joe Mary people

  15. Federated Contact Sharing • Same approach as federated calendar sharing • Same invitation model • Same server-based subscription model • Exchange 2010 and Outlook 2010 only

  16. Sharing Policy Contoso • Sharing policy limits level of personal sharing • Calendar – free busy, detailed free busy, reviewer • Contacts – reviewer • Identify specific domains or * • Enforced during invitations • Permissions monitored • Default Policy • User can share free busy w/ anyone • Admin can add policies • Apply per user Mailbox: Joe Sharing Policy: Default Policy Default Policy: Mailbox: Bill Sharing Policy: Sales Policy Sales Policy:

  17. demo Setting up and Using Federation in Exchange 2010

  18. Summing Up • Exchange Federated Sharing provides • Easy setup of external data sharing • Broader reach without additional steps to setup • More secure with controls for admins and users • Exchange Federated Sharing is convenient • Sharing between two orgs or two people • No trusts or service accounts • No end user accounts and credential prompts • Exchange Federated Sharing is secure • Control which orgs you share with • Control which users can share and at what level • Exchange Federated Sharing works with online services

  19. Resources • Sessions On-Demand & Community • • Microsoft Certification & Training Resources • • Resources for IT Professionals • Resources for Developers

  20. Additional Resources Business Value • Exchange 2010 site IT Pros • Exchange TechCenter • Download Exchange RC • Certification and Training Blogs • Get the latest Exchange news

  21. Related Content Breakout Sessions: UNC201Introducing Microsoft Exchange Server 2010 UNC202 Discover the New OWA: Outlook Web App OFS216Outlook 2010: Client Overview & Exchange 2010 Integration MOB201What’s New in Mobile Messaging: Outlook Mobile and Office Communicator Mobile UNC301Exchange Server 2010 Upgrade and Coexistence with Exchange Server 2007 and 2003 UNC306 Information Protection and Control in Microsoft Exchange Server 2010 UNC307Microsoft Exchange Server 2010 High Availability UNC309 Getting the Most out of Microsoft Exchange Server 2010: Performance and Scalability UNC311Deploying and Managing Microsoft Exchange Server 2010 Transport Servers UNC312Addressing E-mail Archiving and Retention with Microsoft Exchange Server 2010 UNC 314 Microsoft Exchange Server 2010 Storage Architecture UNC315Microsoft Exchange Server 2010 Unified Messaging UNC316 Microsoft Exchange Server 2010 Management and Operations UNC317Calendar Sharing and Federation in Microsoft Exchange Server 2010 Interactive Theater Sessions: UNC01-ISMicrosoft Exchange Server 2010 Archiving Q&A UNC02-ISMicrosoft Exchange Server 2010 Upgrade Strategies and Caveats UNC03-IS Microsoft Exchange Server Virtualization: Does It Make Sense? UNC06-IS Site Resiliency in Microsoft Exchange Server 2010

  22. Complete an evaluation on CommNet and enter to win!

  23. question & answer

  24. Complete an evaluation on CommNet and enter to win an Xbox 360 Elite!

  25. Required Slide © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.