office 365 in a hybrid world
DESCRIPTION
Slides from European SharePoint Conference 2013 in Copenhagen. In this session, we will focus on various hybrid scenarios, which possibilities you have on your way to the cloud and how you can manage your hybrid world. What common questions should be answered for hybrid solutions?TRANSCRIPT
Office 365 in a hybrid world
Martina Grom, Office 365 MVP, atwork
@magrom
Agenda
Agenda
Office 365 componentsDemo
What is hybrid?Architecture
Why Hybrid?Common migration scenarios
Office 365 | What is it?Latest productivity services running in Microsoft’s cloud
Office 365 for Enterprises
4
What is Hybrid?• Split Workload between On-Premises and the cloud
• Some users of Exchange, SharePoint or Lync are in the cloud where others
stay on-prem.
High FlexibilityCloud on your terms
Fast Move to the cloud is not possiblebusiness or technical reasons
WorkloadsSplit workloads between services
Compliance and security reasonsyou decide which data will move to the cloud
Reasons for Hybrid Solutions
Migration to the CloudHybrid helps in transitioning
Permanent Hybrid ModelHybrid-solution stays in the enterprise
(for a longer time, maybe „forever“)
Hybrid: 2 possible Scenarios
On-Premises Deployment of Usern or Sites
Transfer of Workloads, users or sites in the cloud for a pilot or a staged Migration
Deployment of the whole company
Hybrid to help migrationsFlexibility in
Migration in your desired speed – low impact on
users and on your current infrastructure
Piloting
Online Services with some Test Users
Move of workloads users, sites to the cloud for specific reasons. Hybrid as a permanent model
Customers have the choice to have users
on-prem or in the cloudManage Users and services on-prem and online, depending on your enterprise
To secure existent investments on prem.
Easy on- and offboarding of Exchange Mailboxes between on-prem
and Office 365.
Migration of remote users for better performance
Data Hosting in specific regions because of compliance or security
Migration to the Cloud on your terms
On-Premises Deployment of users or sites
Permanent Hybrid Model
Online and On-Premises Features
• Hierarchical address book
and segmenting of your
Global Adress book
• Language support of
Exchange VoiceMail
• Customized OWA
Templates, Logos and
add-ins
• old APIs
Not available Features**
• Voice to PSTN*
• Enterprise Voice and PBX
Hybrid deployments keeps your flexibility for Support of Features, please check back on public availability of Office 365 vnext
Not available Features**Not available Features**
• Central administration
• Full-trust Code
**List is subject to change, depending on service updates
Matrix of Hybrid Scenarios
„can we do it on a weekend?“
Plan your Deployments
DEPLOYMENT
PLAN
Migration
solution is part of
the plan
Hybrid
Hybrid
Exchange sharing features
Source Server
Exchange
IMAP
Lotus Notes
Size
Large
Medium
Small
Identity
Management
On-Premises
Single Sign-On
On-Cloud
Provisioning
DirSync
Bulk Provisioning
Deployment Planning
Architecture
Bronze Sky customer
premises
AD
MS Online
Directory Sync
Provisioning
platformLync
Online
SharePoint
Online
Exchange
Online
Federation
Gateway
Active Directory
Federation
Server 2.0
Trust
IdPDirectory
Store
Admin Portal
Authentication
platformIdP
Service
connector
Core identity scenarios with Office 365
Cloud identity
Single identity in the cloud Suitable
for small organizations with no
integration to on-premises
directories
Cloud identity with directory synchronization
Single identity
suitable for medium
and large organizations without
federation*
Federated identity
Single federated identity
and credentials suitable
for medium and large
organizations
Federation options
Suitable for educational organizations j
Recommended where customers may use
existing non-ADFS Identity systems
Single sign-on
Secure token based authentication
Support for web clients and outlook only
Microsoft supported for integration only,
no shibboleth deployment support
Requires on-premises servers & support
Works with AD and other directories on-
premises
Shibboleth
Works with AD & Non-AD
Suitable for medium, large enterprises
including educational organizations
Recommended option for Active Directory
(AD) based customers
Single sign-on
Secure token based authentication
Support for web and rich clients
Microsoft supported
Works for Office 365 Hybrid Scenarios
Requires on-premises servers, licenses &
support
Works with AD
Suitable for medium, large enterprises
including educational organizations
Recommended where customers may use
existing non-ADFS Identity systems with AD or
Non-AD
Single sign-on
Secure token based authentication
Support for web and rich clients
Third-party supported
Requires on-premises servers, licenses &
support
Verified through ‘works with Office 365’
program
Works for Office 365 Hybrid Scenarios
Works with AD & Non-AD
Exchange HybridOn-Premises Cloud Service
Coexistence
Microsoft will regularly deliver new features and capabilities to SharePoint
Online
Single sign on
ADFS
Rich Coexistence
+
Hybrid Deployment
On-premises organization: at least Exchange Server 2007
One Exchange Server 2013 CAS Server
Directory Synchronization (DirSync) installed and working
Autodiscover and working public DNS record
Exchange Web Services and Autodiscover reachable, public certificate
Federation trust with Microsoft Federation Gateway
IMA
P m
igra
tio
n
Cu
tov
er
mig
rati
on
Sta
ge
d m
igra
tio
n
20
10
Hy
bri
d
20
13
Hy
bri
d
Exchange 5.5 ●
Exchange 2000 ●
Exchange 2003 ● ● ● ●
Exchange 2007 ● ● ● ● ●
Exchange 2010 ● ● ● ●
Exchange 2013 ● ● ●
Notes/Domino ●
GroupWise ●
Other ●
Summary of Migration Options *S
imp
le M
igra
tio
ns
Hyb
rid
IMAP Migration
Supports wide range of email platforms
Email only (no calendar, contacts, or tasks)
Cutover Exchange Migration (CEM)
Good for fast, cutover migrations
No migration tool or computer required on-premises
Staged Exchange Migration (SEM)
No migration tool or computer required on-premises
Requires Directory Synchronization with on-premises AD
Hybrid Deployment
Manage users on-premises and online
Enables cross-premises calendaring, smooth migration, and easy off-boarding
19
20
Hybrid – Stages vs. HybridFeature Staged Hybrid
Mail routing between on-premises and cloud (recipients on either side) ● ●
Mail routing with shared namespace (if desired) - @company.com on both sides ● ●
Unified GAL ● ●
Free/Busy and calendar sharing cross-premises ●
Mailtips, messaging tracking, and mailbox search work cross-premises ●
OWA Redirection cross-premise (single OWA URL for both on-premises and cloud) ●
Exchange Online Archive ●
Exchange Management Console used to manage cross-premises relationship & mailbox migrations ●
Native mailbox move supports both onboarding and offboarding ●
No outlook reconfiguration or OST resync required after mailbox migration ●
Online Mailbox Move allows users to start logged into their mailbox while it is being moved to the cloud ●
Secure Mail ensure emails cross-premises are encrypted, and the internal auth headers are preserved ●
Centralized mailflow control, ensures that all email routes inbound/outbound via On Premises ●
Exchange Sharing Exchange Sharing
Secure TransportSecure Transport
Mailbox MoveMailbox Move
Hybrid Features
True SSO experience
One Address Book
Free/Busy sharing
Hybrid Features
Manage users in one interface
Switch between on-prem and
Office 365
Hybrid Config Wizard helps in
configuration
SharePoint HybridOn-Premises Cloud Service
Coexistence
Complete control and ownership of hardware, maintenance, resources,
and administration
Microsoft will regularly deliver new features and capabilities to SharePoint
Online
Single sign on
ADFS
Rich Coexistence
Reverse Proxy*
+
Decision making
Hybrid Model fits
•Split workloads and features (Features, who are not yetavalable in the cloud and/or on prem)
•Current investments in (z.B. custom code solutions)
•Network performance
•No central adminsitration
•Sandboxed Solutions
•Search between Office365 and On-Prem
•NAPA
Hybrid Model possible, but take care
•Compliance or security
•Complex Auditing
•Custom Code
Hybrid for SharePoint
SharePoint Search
SharePoint: BCS
SharePoint: other services
Exchange Integration
Lync Integration
These non-SharePoint things need to be configured to support hybrid
– Reverse Proxy and certificate authentication*
– Identity Provider (ADFS or Shibboleth or Third Party for O365)
– MSOL Tools
– SSO with O365
– Dirsync
* Only required if you are consuming on-premdata in o365. You don’t HAVE to do both directions – you can “only” consume o365 data on-prem, or only on-prem data in o365
Non-SharePoint Configuration Tasks
Environment Configuration
Reverse Proxy and
Certificate Auth
Identity Provider
MSOL Tools
Dirsync
UAG
ADFS Servers
SharePoint Servers
Office 365
Dirsync and Tools Servers
MSOL Tools
Manage RequestsWhen using hybrid features O365 sends requests from sites in the cloud to your on-premfarm
Reverse ProxyYou need to establish a reverse proxy for these calls to be channeled through to secure the process.
AuthenticateThose requests can be authenticated at the reverse proxy before they are forwarded to SharePoint
Public CertificateSharePoint supports using a certificate for authenticating to the reverse proxy server when sending a request
Reverse Proxy and Authentication*
These things need to be configured in SharePoint to support hybrid– New SharePoint STS Token Signing Certificate (replace with Public one
Set-SPSecurityTokenServiceConfig with –ImportSigningCertificate )
– Configure a trust between SharePoint on-prem and ACS
– Try out Search or BCS!
SharePoint Configuration Tasks
• Exchange Deployment Options whitepaperhttp://www.microsoft.com/download/en/details.aspx?id=18206
• Hybrid SharePoint Environments with Office 365 Whitepaperhttp://aka.ms/oht1dx
• Exchange Server Hybrid Deploymenthttp://technet.microsoft.com/en-us/library/hh852414.aspx
• Deployment Readiness Toolhttp://community.office365.com/en-us/f/183/p/2285/8155.aspx
• Office 365 Deployment Guide for Enterpriseshttp://technet.microsoft.com/en-us/library/hh852466.aspx
• Office 365 Service Descriptionshttp://technet.microsoft.com/en-us/library/jj819284.aspx
Links
About me
Martina Grom
CEO atwork
Blogger
Consulting
blogs.technet.com/austria
Microsoft Office365 Blog
cloudusergroup.at
@magrom
Publications