(ism317) amazon workmail: corporate email in less than 10 minutes
TRANSCRIPT
![Page 1: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/1.jpg)
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Thomas Doehler – General Manager
Milo Oostergo – Sr. Product Manager
October 2015
ISM317
Amazon WorkMailSecure, Corporate Email
in Less Than 10 Minutes
![Page 2: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/2.jpg)
What to Expect from the Session
• Why we built Amazon WorkMail
• What is Amazon WorkMail?
• Features and functionality
• Pricing and availability
• Getting started with Amazon WorkMail
• Integrating with your on-premises environment
• Migrating to Amazon WorkMail
• Q&A
![Page 3: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/3.jpg)
Why we built Amazon WorkMail
• Email has evolved from a simple communication tool to
an enabler of almost any business process
• Secure access is key
• Managing the infrastructure required to operate this
mission critical service adds cost and complexity
![Page 4: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/4.jpg)
Managed service
• Eliminate up-front investments to license and provision on-premises email servers
• WorkMail automatically handles all of the patches, back-ups, and upgrades
• As needs grow, add more users with a few clicks in the AWS Management console
![Page 5: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/5.jpg)
Enterprise grade security
Encryption using
customer managed
keys
Regional data
control
Secure mobile
access
Protection from
malware, spam, and
viruses
![Page 6: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/6.jpg)
Anywhere access
From Outlook on
your PC/Mac
From any browser From your phone
![Page 7: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/7.jpg)
Outlook features
• Native compatible with
Microsoft Outlook on Windows
and Mac
• Shared calendars and shared
mailboxes
• Global Address Book
• Support for resource booking
• Advanced permissions and
delegation
• Server side rules
![Page 8: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/8.jpg)
WebMail features
• Access to your email,
contacts and calendar
• Shared calendars
• Free/busy Scheduling
• Amazon WorkDocs
integration
![Page 9: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/9.jpg)
Pricing and availability
• Pay-as-you-go
• No user or long-term commitments
• Cost-effective - $4/user/month for 50 GB
mailbox
• Bundled with WorkDocs - $6/user/month
• 30-day free trial for up to 25 users
• Initially available in US East (N. Virginia), US
West (Oregon), and EU West (Ireland) region
![Page 10: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/10.jpg)
Set up Amazon WorkMail
![Page 11: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/11.jpg)
Getting started
• Available through the AWS
Management Console
• Quick setup let you get started
in 10 minutes and automatically
creates all required AWS
resources for you
• Custom setup let you integrate
WorkMail with your corporate
directory and use custom keys
![Page 12: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/12.jpg)
Quick setup
Step 1: Create your organization
Step 2: Add your domains
Step 3: Create your users, groups, and resources
Step 4: Migrate your mailboxes
Step 5: Configure your desktop and mobile clients
![Page 13: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/13.jpg)
![Page 14: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/14.jpg)
Step 1 – Create your organization
• WorkMail creates all required AWS resources for you:
• VPC
• Simple AD directory
• Test mail domain
• Service default key in AWS KMS
• Recommended setup for evaluation purposes and small
business deployments
![Page 15: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/15.jpg)
Step 2 - Setting up your domains
• Add your domains (like yourcorporate.com) to WorkMail
to use in your email addresses
• You can have multiple domains to your organization
• Users/groups can have multiple email addresses across
different domains
![Page 16: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/16.jpg)
Setting up your domains (2)
• Add your domain
• Verify your domain by
adding a verification token
in the TXT DNS record
• Set up DomainKeys
Identified Mail (DKIM)
signing
• Switch the MX and
AutoDiscover DNS record
when mailbox migration is
complete
![Page 17: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/17.jpg)
Step 3 - Provisioning of users and groups
• After domains are added, you can provision users and
distribution groups using the domains
• With quick setup, users can be created in the WorkMail
console
![Page 18: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/18.jpg)
Next steps
Step 4 and step 5 are similar to custom setup and will be
discussed later in this presentation
![Page 19: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/19.jpg)
Custom setup
Use custom setup to:
• Use your existing VPC
• Integrate WorkMail with your existing directory
environment
• Use a customer master key for mailbox encryption
Recommended setup for medium size businesses and
enterprises
![Page 20: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/20.jpg)
Custom setup - steps
Step 1: Extend your VPC to your on-premises network and
set up an AD Connector
Step 2: Create your organization in WorkMail
Step 3: Add your domain names
Step 4: Enable your existing users and groups
Step 5: Migrate your mailboxes
Step 6: Configure your desktop and mobile clients
![Page 21: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/21.jpg)
![Page 22: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/22.jpg)
Prerequisites
• Extend your on-premises network to your VPC through a
virtual private network (VPN) connection or AWS Direct
Connect
• Have two subnets in different Availability Zones in VPC
available
• Set up AWS Directory Service AD Connector in the VPC
• No need for any additional on-premises software
components!
![Page 23: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/23.jpg)
AD Connector architecture
Availability Zone
Availability Zone
VPN
connection
corporate data center
AD
LDAP &
Kerberos
requests proxied
to on-premises
over VPN
AD Connector
proxy instance
AD Connector
proxy instance
![Page 24: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/24.jpg)
Using on-premises directory integration
• Easily provision existing users for WorkMail
• Reuse existing AD/Exchange security and distribution
groups in WorkMail
• Automatic propagation of users/groups changes every 4
hours
• Authentication requests are forwarded to your
on-premises directory
![Page 25: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/25.jpg)
![Page 26: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/26.jpg)
Protect your mailbox data
• Mailbox data at rest is protected by AWS Key
Management Service
• Use service default key or customer master key
• Key actions logged in AWS CloudTrail
• WorkMail configures grant to master key during initial
setup
![Page 27: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/27.jpg)
How is WorkMail encrypting your data
• Master key for your
organization
• Asymmetric key per mailbox
• Each item in mailbox
encrypted by symmetric key
Item encrypted with data key
Data keyencrypted withpublic mailbox key
Mailbox private keyencrypted withKMS key
![Page 28: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/28.jpg)
Interoperability support
![Page 29: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/29.jpg)
Integrate WorkMail with your existing email
environment
• Provide users with an unified global address book
containing all users, groups, and resources
• Email routing between on-premises email system and
WorkMail
• Calendar free/busy lookups between on-premises email
systems and WorkMail
![Page 30: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/30.jpg)
Set up interoperability support
• Add all domains to WorkMail
• Set up free/busy service accounts in Microsoft Exchange
and WorkMail
• Set up Availability Address Space in Microsoft Exchange
Add-AvailabilityAddressSpace -ForestNameexample.awsapps.com -AccessMethod OrgWideFB-Credentials <Credential>
• Enable interoperability support in WorkMail
![Page 31: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/31.jpg)
Unified Global Address Book
• Interoperability support will automatically sync all
Microsoft Exchange users, groups, and resources to
WorkMail
• Object changes must be done using Exchange
Management console
• Enabling users for WorkMail still done through AWS
Management console
![Page 32: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/32.jpg)
Email routing in an integrated environment
On-premises environment Amazon WorkMail
example.comexample.comexample.awsapps.com
Forward to: [email protected]
Primary: [email protected] Alias: [email protected]
![Page 33: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/33.jpg)
Calendar free/busy interoperability
On-premises environment Amazon WorkMail
example.com4. Free/busy lookup for Mary
with WM service account
john
1. Free/busy lookup for Mary
targetAddress:[email protected]
Primary: [email protected]: [email protected]
23
5
![Page 34: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/34.jpg)
Migrating to WorkMail
• WorkMail migration tool is utility for migration of
Microsoft Exchange and Office365 mailboxes
• Integration with 3rd party migration vendors will be
available for migrations from Microsoft, Google Apps,
Lotus Notes, Novell Groupwise, Zimbra, and other email
servers
![Page 35: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/35.jpg)
Using the WorkMail migration tool
• Prepare your Microsoft Exchange
environment
• Enable and configure WorkMail
migration setup
• Install and configure the migration
tool
• Prepare the migration user list
• Migrate mailboxes to WorkMail
![Page 36: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/36.jpg)
Using the WorkMail migration tool (2)
• Run migration tool close on an on-premises Windows
client, Amazon EC2, or Amazon WorkSpaces
• Run migration tool close to WorkMail endpoints for
lowest latency
• When migrating large batches, run migration tool on
multiple servers or instances
![Page 37: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/37.jpg)
Finalizing migration
After all mailboxes are successfully migrated:
• Create AutoDiscover DNS record
autodiscover.example.com CNAME autodiscover.mail.us-east-1.awsapps.com
• Turn off local AutodiscoverGet-ClientAccessServer | Set-ClientAccessServer-AutodiscoverServiceInternalURI $Null
• Change MX DNS record to WorkMail SMTP servers
• Turn off interoperability support
• Decommission on-premises email environment
![Page 38: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/38.jpg)
Sign up for WorkMail preview today
• aws.amazon.com/workmail
![Page 39: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/39.jpg)
Q&A
Meet us at the AWS Enterprise Applications booth
![Page 40: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/40.jpg)
Remember to complete
your evaluations!
![Page 41: (ISM317) Amazon WorkMail: Corporate Email in Less Than 10 Minutes](https://reader031.vdocuments.site/reader031/viewer/2022021922/58ecd63e1a28ab09628b467f/html5/thumbnails/41.jpg)
Thank you!