exchange online real world migration challenges
Post on 12-Nov-2014
2.516 Views
Preview:
DESCRIPTION
TRANSCRIPT
Steve Goodman
Exchange MVPPhoenix IT Group
Exchange OnlineReal-World Migration
Challenges
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
2
EXCHANGE ONLINE – REAL WORLD MIGRATION CHALLENGES
The Case for Hybrid Hybrid Challenges Coexistence Challenges Planning your migration The migration itself
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
THE CASE FOR HYBRID
When and when not to use Hybrid
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
4
WHAT MAKES A HYBRID EXCHANGE DEPLOYMENT?
Exchange Servers
AD FS
DirSync & FIM
AD
Users, Contacts & Groups
Secure Mail Flow
Sharing (free/busy, MailTips,, etc.)
Mailbox Moves
SSO
Organization
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
5
WHY HYBRID Exchange 2010 (SP2+) and Exchange 2013 only support Hybrid methods for migration – cutover and staged are not an option.
Makes moving from a pilot to a full migration simple, and re-uses Exchange skills
Think of it as a transition rather than a migration
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
6
WHY NOT HYBRID Smaller 2007 and 2003 migrations Non-Microsoft migrations Multiple on-premises Exchange organizations
Various options available Staged
Cutover
Third Party Solutions including MigrationWiz, Binary Tree E2E Complete and Quest Toolset
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
HYBRID CHALLENGES
What you’ll need to overcome before you can start planning to migrate mailboxes
7
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
8
CHALLENGES FOR EXCHANGE 2007 AND 2003
Migration of Client Facing Services including Implementing a legacy namespace
Moving AutoDiscover and other services
Similar to an Exchange 200x to 201x front-end services migration
Options available Exchange 2013 RTM CU2 “Hybrid Servers”
Exchange 2010 SP3 “Hybrid Severs” Free licenses available for both from Microsoft Support.
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
9
CHALLENGES FOR EXCHANGE 2010 ORGS Should you implement Exchange 2013 RTM CU2 as a Hybrid Server?
Where do you need to deploy Exchange 2010 SP3?
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
10
EXTERNAL CONNECTIVITY External HTTPS Namespaces
Use the Remote Connectivity Analyser to test Exchange Web Services (EWS) and AutoDiscover
Access to the above virtual directories is required for Hybrid Configuration and Mailbox Migrations
Verify you add the correct firewall exceptions to all services, both inbound and outbound For outbound MS recommend by URL rather than IP due to Content
Distribution Networks (CDNs)
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
11
EXTERNAL CONNECTIVITY Authenticated proxy servers cause issues
Exchange Servers cannot authenticate to proxy servers, and outbound communications, including Federated Sharing and the Hybrid Configuration Wizard will fail.
Outlook clients cannot authenticate to proxy servers and will fail to connect to Office 365.
Solutions Configure the proxy server to exclude the Exchange Online
datacentre URLs from Authentication
On Exchange Servers, set the proxy server in netsh& Exchange Netsh winhttp import proxy source=ie
Set-ExchangeServer <servername> -InternetWebProxy:"http://proxy:8080"
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
13
CERTIFICATES You need valid third-party certificates for HTTPS namespaces and SMTP
Exception: Federation Certificate is self-signed Did you ever set up Federated Sharing before Exchange 2010 SP1?
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
14
CERTIFICATES HCW attempts AutoDiscover for each hybrid
domain If you have some domains without AutoDiscover DNS names and
appropriate certificates configured, the HCW will fail to complete.
Exchange 2013 and Exchange 2010 SP3 RU1+ has a solution Set-HybridConfiguration -Domain "domain.com, autod:primary.com"
SSL Offload will cause issues with mailbox moves Remote Mailbox Moves will fail as SSL Offload is not supported by
the MRS Proxy
You may need to retain SSL offload, but there are workarounds - For example, use an additional FQDN for Remotes Mailbox Moves that by-
passes SSL offload using a different Load Balancer VIP
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
15
PRE-AUTHENTICATION What is pre-authentication? What uses pre-authentication? Why is this a problem?
Federated Sharing e.g. /EWS/Exchange.asmx/WSSecurity
What are the solutions? Rules before pre-authentication to exclude these paths:
http://community.office365.com/en-us/wikis/exchange/1042.aspx
Disable pre-authentication for /AutoDiscover/* and /EWS/* completely!
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
16
SMTP MAIL FLOW Make sure you understand the organization’s mail routing
Make sure you put the right certificates on the Hub servers you will use for the Hybrid configuration
Bear in mind firewalls and load balancers that mask the real sender’s address Changes to Receive Connectors may be needed
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
17
FEDERATED SHARING Provides Free/Busy and Calendar Sharing Relies on AutoDiscover and Exchange Web Services
These components can’t use pre-authentication
Troubleshooting tools include IIS logs and event logs
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
18
FEDERATED SHARING SSL offload can cause issues here too URL used can be specified manually, but try not to
Remember the limitations of Federated Sharing
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
19
MULTI-FOREST SCENARIOS Forests with Sub-Domains are no problem
Account + Resource Forests. Exchange is in a dedicated resource forest and user accounts are in
one or more forests.
Windows Azure Active Directory Connector can replace DirSync
Multiple Forests and Exchange organizations No supported partner/self deployable solution. Must involve
Microsoft.
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
20
S/MIME Used for encrypted mail While not unsupported can cause challenges Certificates are not automatically available to allow users to sign
and encrypt mail to organization contacts
DirSync will not push user certificates to Office 365, so the cert is not in the GAL
Solution Use an LDAP Provider in Outlook with the Fully Qualified Domain
name of a Global Catalog Server.
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
21
MOBILE DEVICE MANAGEMENT SOLUTIONS
Commonly used to manage iPads, Android tablets and similar
Not just for managing Exchange features, but also deployment of Applications and device monitoring.
Non-ActiveSync solutions like Good will need updates
Inline ActiveSync solutions may cause issues
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
COEXISTENCE CHALLENGES
While you’re migrating, what do you need to consider?
22
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
23
SHARING AND COLLABORATION Larger the organization often means more sharing
Sharing may cross many intra-org boundaries
Not all sharing is easy to discover Cross-premises sharers need to re-share Calendars
No cross-premises access to Shared Mailboxes
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
24
DISTRIBUTION GROUP MANAGEMENT While you use DirSync, on-premises DGs cannot be managed in Office 365
This means DGs cannot be managed in Outlook or OWA
What solutions are available? FIM Portal
ADUC Delegation
Post-migration you could move to cloud-only DGs
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
25
PUBLIC FOLDERS Public Folder access is not configured automatically Access is configured using RPC over HTTPS (Outlook Anywhere)
During coexistence all users access on-premises public folders
Only migrate public folders after migrating all users to the cloud
Limited to 2.5TB of Public Folders This limit cannot be increased on a per-customer basis
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
PLANNING YOUR MIGRATION
Measure twice, cut once
26
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
27
PLANNING – MICROSOFT TOOLS The most important part Base tools are very useful
OnRamp replaces the Deployment Readiness Tools
https://onramp.office365.com/OnRamp
ExDeploy – Exchange Deployment Assistant
Other great MS tools including MAP for MS Online Services
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
28
PLANNING – DEEPER DISCOVERY Active Directory & Exchange information
Mailbox and message sizes
Clients like Outlook, ActiveSync, IMAP, SMTP clients, EWS, BES
Shared Mailboxes and who shares with who
UM and archive mailboxes in use
Policies that aren’t migrated, such as ActiveSync, OWA Mailbox and Retention Policies
Previous cross-forest migrations
Local Knowledge Stats aren’t everything – IT staff supporting the users generally are
a wealth of information about the user base
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
29
PLANNING – DEEPER DISCOVERY
Department Mailbox Size Collaboration and Shared Mailboxes
Outlook Clients
Active Directory Data Exchange Server
General User Information
ActiveSync Clients
IMAP/POP3 Clients
BES Devices
BES
Consolidated Data
Migration Groups (Batches)
Local IT Support Knowledge
C2C Archive
One Users
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
30
TEST YOUR MIGRATION PROCESS Migration concurrency depends on multiple factors
Test throughput during the times you will migrate
Leavers mailboxes provide good candidates for throughput testing
Remember you can move mailboxes back to re-test (and should test that you can do this, anyway)
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
31
TEST YOUR MIGRATION PROCESS Double check your pre-requisites for successful moves Is it an on-premises mailbox with a corresponding mail user in the
cloud?
Does the Mailbox have a licence assigned?
Does the UPN match on-premises and in the cloud (and of course, does AD FS work correctly)
Have all required details, like email addresses synchronized successfully?
Were there any mailbox items larger than 25MB?
Do you have any clean up for cross premise migrations to do?
Check-EXOMigPreRequisites.ps1 script available to download from www.stevieg.org
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
32
TEST YOUR MIGRATION PROCESS Good documentation should be tested alongside your pilot migration
User and IT documentation ActiveSync users may need most support because these devices to
not automatically update server settings.
Listen to recommendations from IT staff who know the user base well
Consider an end-user portal
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
THE MIGRATION
The easy bit
33
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
34
BUILDING MIGRATION BATCHES Distribution Groups are great to use for migration batches!
It’s a communications channel The helpdesk can use them You can feed them to test scripts And of course to create Remote Move Requests
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
35
BUILDING MIGRATION BATCHES
Migration BatchImport Batch into Active Directory
Group
Communicate with end users within
batch
User requests re-schedule?
Add to retry batch
Yes
Schedule batch
Leave other users in migration batch
Communicate with end-user IT support
Inform IT support of change
Determine successful users
Staff Mailbox Sign-Off if required
Add unsuccessful users to retry batch
Successful batch complete
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
36
PRE-PILOT AND PILOT PHASES Before the main pilot iron out all issues you can
Treat the pilot like the real deal Don’t just use IT! Use real users who’ll give you real feedback!
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
37
THE MIGRATION By this point it should be straightforward Communicate with users so they know what’s coming
Make sure you have the appropriate resources
Don’t be afraid to scale up as you come along
Again, keep reviewing feedback
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
38
WHAT NEXT? If you’ve moved all users to the cloud is it time to get rid of on-premises entirely?
SMTP senders may require an on-premises SMTP server or EOP connector
Consider provisioning and management Remember you need to patch and maintain
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
SUMMARY
39
www.devconnections.com
EXCHANGE ONLINE – REAL-WORLD MIGRATION CHALLENGES
40
SUMMARY It’s all in the planning The more you test the more chance of success
If you plan on a on-going hybrid environment or longer migration, discovery is very important
Exchange 2010 SP3 is still a great option for a “hybrid” Exchange server if Exchange 2013 isn’t planned for on premises.
top related