download.microsoft.com/documents/hk/technet/techdays2013...staged exchange migration (sem) no...
TRANSCRIPT
Assess
• Infrastructure
• Desktop
• Identity
• Messaging
Integration
Remediate
• Infrastructure
• Desktop
• AD
• Messaging
Optimization
Enable
• Service
Provisioning
• Messaging
Integration
Migrate
• Migrate
content
• Separate credential from on-
premises credential
• Authentication occurs via cloud
directory service
• Password policy is stored in Office
365
• Does not require on-premises server
deployment
• Same credential as on-premises
credential
• Authentication occurs via on-
premises directory service
• Password policy is stored on-
premises
• Requires on-premises DirSync server
• Requires on-premises ADFS server
Cloud Identity Cloud Identity + DirSync Federated Identity
Scenario
Smaller organizations with or without on-premises Active Directory
Medium to Large organizations with Active Directory on-premises
Large enterprise organizations with Active Directory on-premises
Benefits
Does not require on-premises server deployment
“Source of Authority” is on-premises
Enables coexistence
Single Sign-On experience
“Source of Authority” is on-premises
2 Factor Authentication options
Enables coexistence
Limitations
No Single Sign-On
No 2 Factor Authentication options
Two sets of credentials to manage
Different password policies
No Single Sign-On
No 2 Factor Authentication options
Two sets of credentials to manage
Different password policies
Requires on-premises DirSync server deployment
Requires on-premises ADFS server deployment
in high availability scenario
Requires on-premises DirSync server
deployment
• Microsoft Online Portal • Active Directory tools
• Exchange Management
Tools
• Identity management
solutions
• Microsoft Online
Services Module for
Windows PowerShell
• Remote PowerShell
http://technet.microsoft.com/en-us/library/hh852469.aspx
12
IMA
P m
igra
tio
n
Cu
tover
mig
rati
on
Sta
ged
mig
rati
on
20
10
Hyb
rid
20
13
Hyb
rid
Exchange 5.5
Exchange 2000
Exchange 2003
Exchange 2007
Exchange 2010
Exchange 2013
Notes/Domino
GroupWise
Other
Sim
ple
Mig
rati
on
sH
yb
rid
IMAP MigrationSupports wide range of email platforms
Email only (no calendar, contacts, or tasks)
Cutover Exchange Migration (CEM)
Good for fast, cutover migrations
No migration tool or computer required on-premises
Staged Exchange Migration (SEM)
No migration tool or computer required on-premises
Requires Directory Synchronization with on-premises AD
Hybrid Deployment
Manage users on-premises and online
Enables cross-premises calendaring, smooth migration, and easy off-boarding
18
19 | Microsoft Confidential
Exchange
IMAP
Lotus Notes
Large
Medium
Small
On-Premise
Single Sign-On
On-Cloud
DirSync
Manual/Bulk Provisioning
Automatic Provisioning
Simple
Rich
19
In EAC, select
recipients | migration
Start migration
wizard
Choose migration
type and follow
prompts
Set of Migration Cmdlets
New-MigrationBatch
Start-MigrationBatch
Get-MigrationBatch
Get-MigrationStatus
Complete-Migration
Test-MigrationServerAvailability
• Works with a large number of source mail systems
• Works with on-premises or hosted systems
• Users can be migrated in batches
• On-premises migration tool is not required
On-premises migration tool is not required
Access to IMAP ports (TCP/143/993)
Users + mailboxes must be provisioned in advance Bulk provisioning, CSV parser, manual, etc.
SMTP domains configured in O365 tenant
Gather user credentials or setup admin credentials
Prepare a CSV file with list of users EmailAddress, UserName, Password
Max of 50,000 rows
Max 10 MB in size
Migrated Mail messages
(Inbox and other folders)
Maximum of 500,000 items
Possible to exclude specific
folders from migration
(e.g. Deleted Items, Junk E-
Mail)
Not Migrated Contacts, Calendars, Tasks, etc.
Excluded folders
Folders with a forward slash
( / ) in the folder name
Messages larger than 35 MB
25
Delta
sync
every 24
hours
Mark
migration
as
complete
Change
MX
record
Gather
IMAP
creds and
prepare
CSV
26
Provision
users
+
mailboxes
in O365
(license
assigned)
Wizard:
Enter
server
settings
and
upload
CSV
Initial
sync
Final
sync and
cleanup
Simple and quick migration solution
High-fidelity – all mailbox content is migrated
Designed for small and medium organizations
Users are provisioned automatically during migration
Works with Exchange 2003 and newer
Identity management in the cloud (at least initially)
On-premises migration tool is not required
Up to 1000 mailboxes in source system
Outlook Anywhere service on source system(must have SSL certificate issued by a public CA)
Migration Account with Full Access or Receive-Aspermissions to all mailboxes that will be migrated
Directory Sync tool disabled in O365 tenant
SMTP domains configured in O365 tenant
30
On-premises Exchange Org
Users, Groups, Contacts via Outlook
Anywhere (NSPI)
Mailbox Data via Outlook Anywhere
(RPC over HTTP)
Office 365
Exchange 2003 or later
32
Migrated Mail messages and folders
Rules and categories
Calendar (normal, recurring)
Out-of-Office settings
Contacts
Tasks
Delegates and folder perms
Outlook settings (e.g. favorites)
Not Migrated Security Groups, DDLs
System mailboxes
Dumpster
Send-As Permissions
Messages larger than 35 MB
Partial migrations are not possible (folder exclusion, time range)
Mailboxes enabled for Unified Messaging cannot
be migrated
Existing cached-mode files (OST files) cannot be
preserved
Admin needs to distribute new passwords to users
Users create their new Outlook profile using O365 username and new passwords (Autodiscover)
All mail is downloaded from the Office 365 mailbox (i.e. the OST file must be recreated)
Wizard:
Enter
server
settings
and admin
creds Delta
sync
every 24
hours
Mark
migration
as
complete
Change
MX
record
Initial
sync
Final
sync and
cleanup
License
users
Configure
Outlook
Anywhere
Test using
ExRCA
Assign
migration
perms
Migration
tool
provisions
users
mailboxes
DLs
contacts
in O365
Simple and flexible migration solution
High-fidelity – all mailbox content is migrated
Designed for medium and large organizations
Users are provisioned with Directory Sync in advance
No limit on the number of mailboxes
Users can be migrated in batches (1000 per batch)
Works with Exch 2003/2007 only
Identity management on-premises
Outlook Anywhere service on source system(must have SSL certificate issued by a public CA)
Migration Account with Full Access or Receive-Aspermissions to all mailboxes that will be migrated
Directory Sync tool enabled in O365 tenant
SMTP domain(s) configured in O365 tenant
Does not work with Exchange 2010
39
On-premises Exchange Org
Users, Groups, Contacts via DirSync
Mailbox Data via Outlook Anywhere
(RPC over HTTP)
Office 365
Exchange 2003 or 2007
Office 365 Directory
Synchronization
App
CSV format› EmailAddress, Password, ForceChangePassword
One user per line
Max of 1000 users in each CSV
Smart-check against the Office 365 directory
Migrated Mail messages and folders
Rules and categories
Calendar (normal, recurring)
Out-of-Office settings
Contacts
Tasks
Delegates and folder perms
Outlook settings (e.g. favorites)
Not Migrated Security Groups, DDLs
System mailboxes
Dumpster
Send-As Permissions
Messages larger than 35 MB
Partial migrations are not possible (folder exclusion, time range)
Mailboxes enabled for Unified Messaging cannot
be migrated
Existing cached-mode files (OST files) cannot be
preserved
Admin needs to distribute new passwords to users
Users create their new Outlook profile using O365 username and new passwords (Autodiscover)
All mail is downloaded from the Office 365 mailbox
(i.e. the OST file must be recreated)
Configure
Directory
Sync
Wizard:
Enter
server
settings
and admin
creds Delta
sync
every 24
hours
Mark
migration
as
complete
Change
MX
record
Initial
sync
Final
sync and
cleanup
License
users
Configure
Outlook
Anywhere
Test using
ExRCA
Assign
migration
perms
47
• Delegated authentication for on-premises/cloud web services
• Enables Free/Busy, calendar sharing, message tracking, online
archive, and moreFederation Trust
• Manage all of your Exchange functions, whether cloud or on-
premises from the same place - Exchange Administration Center
(EAC)
Integrated Admin
Experience
• Online mailbox moves
• Preserve the Outlook profile and offline file (OST)
• Leverages the Mailbox Replication Service (MRS)
Native Mailbox
Move
• Authenticated and encrypted mail flow
• Preserves the internal Exchange messages headers
• Support for compliance mail flow scenarios (central transport)Secure Mail Flow
48
On-premises Exchange Org
Users, Groups, Contacts via DirSync
Office 365
Existing
Exchange
2007 or
later
Office 365 Directory
Synchronization
App
Exchange
2013 CAS
and MBX
Secure Mail Flow
Sharing (free/busy, MailTips, archive, etc.)
Mailbox Data via MRS
2. Deploy Exchange 2013 servers
Install both E2013 MBX and CAS servers
Install E2010 EDGE servers
Set an ExternalUrl for the Exchange Web Services vdir
E2010 or
2007 Hub
Internet facing site
Intranet site
Exchange 2010
or 2007 Servers
1. Prepare
Install Exchange SP and/or updates across the ORG
Prepare AD with E2013 schema
4. Publish protocols externally
Create public DNS A records for the EWS and SMTP
endpoints
Validate using Remote Connectivity Analyzer
5. Switch autodiscover namespace to E2013 CAS
Change the public autodiscover DNS record to resolve
to E2013 CAS
6. Run the Hybrid Configuration Wizard
E2013
CAS
3. Obtain and Deploy Certificates
Obtain and deploy certificates on E2013 MBX and CAS
servers & E2010 EDGE servers
Clientsautodiscover.contoso.com
mail.contoso.com
1 2
3
4
5
6
E2010 or
2007 CAS
E2010
or 2007
MBX
E2013
MBX
SP/RU
SP/RU
Office 365
Autodiscover &
EWS SMTP
E2010
EDGE
7
2. Deploy Exchange 2013 servers
Install both E2013 MBX and CAS servers
Install E2010 EDGE servers
Set an ExternalUrl for the Exchange Web Services vdir
E2010 or
2007 Hub
Internet facing site
Intranet site
Exchange 2010
or 2007 Servers
1. Prepare
Install Exchange SP and/or updates across the ORG
Prepare AD with E2013 schema
4. Publish protocols externally
Create public DNS A records for the EWS and SMTP
endpoints
Validate using Remote Connectivity Analyzer
5. Switch autodiscover namespace to E2013 CAS
Change the public autodiscover DNS record to resolve
to E2013 CAS
6. Run the Hybrid Configuration Wizard
E2013
CAS
3. Obtain and Deploy Certificates
Obtain and deploy certificates on E2013 MBX and CAS
servers & E2010 EDGE servers
Clientsautodiscover.contoso.com
mail.contoso.com
1 2
3
4
5
6
E2010 or
2007 CAS
E2010
or 2007
MBX
E2013
MBX
SP/RU
SP/RU
Office 365
7. Move mailboxes
Autodiscover &
EWS SMTP
E2010
EDGE
7
http://technet.microsoft.com/en-us/library/hh852466.aspx
http://onramp.office365.com
https://www.testexchangeconnectivity.com/
http://technet.microsoft.com/en-us/exdeploy2013
http://technet.microsoft.com/en-us/library/hh974317