TechFuse 2012: Rich Coexistence

Download TechFuse 2012: Rich Coexistence

Post on 19-Oct-2014

1.574 views

Category:

Technology

4 download

Embed Size (px)

DESCRIPTION

Learn about Rich Coexistence scenarios including: On Premise, Hosted, Segmented, and Hybrid. Presented by Tom Moen.

TRANSCRIPT

<p>Rich Coexistence (wrongfully Hybrid Deployment)Thomas MoenDirector of Strategy and Innovationtmoen@avtex.com@cloudmovr</p> <p>5.16.20121It is GREAT to Have OptionsOn Premise services on premiseHosted services hosted by someone else Segmented host some users/apps, keep some users/apps on premise Hybrid some services, i.e., filtering, archive encryption, are hosted. Azure Appliance or Azure SQLSegmented2</p> <p>3AgendaIntroductionRich Coexistence Features ExplainedPlanningDeploymentMigrationManagement5/29/2012 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.4TechReady11</p> <p>Not for the faint of heart. This is a high impact ride. People with back, neck, heart, or cursing at computer problems, should not attempt this ride. Stay at the Exchange server at all times. Hold on with both hands!5Think I am Joking? </p> <p>6If you are feel any discomfort with</p> <p>ADFS 2.0Dir SyncRich CoexistencePowerShell</p> <p>Call a professional immediately! If you do proceed, proceed at your own peril7 and Keep These Close at Hand!On the occasion of a Service Interrupting Event (SIE), Microsoft Online Services continuously updates the channels below to provide you necessary information to manage your business. Microsoft Online Services strives to earn your business and trust through our best in class service and ongoing communication.8Your Four New Best Friendshttp://www.microsoft.com/en-us/download/confirmation.aspx?id=26509</p> <p>http://technet.microsoft.com/en-us/exdeploy2010/default.aspx#Index</p> <p>tmoen@avtex.com@cloudmovr</p> <p>Jackhttp://www.jackdaniels.com/9Rich Coexistence SummarizedExecuted over a longer period of time (a week, a month, a year, etc.)No requirement to ever flip a switchcan run in coexistence scenario indefinitelyRequires on-premises configuration and hardwareWhat does coexistence mean?5/29/2012 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.10TechReady11Rich Coexistence SummarizedSimple vs. Rich Coexistence feature-setFeatureSimpleRich*Mailrouting between on-premises and cloud (recipients on either side)Mailrouting with shared namespace (if desired) - @company.com on both sidesUnified GALFree/Busy and calendar sharing cross-premisesMailtips, messaging tracking, and mailbox search work cross-premisesOWA Redirection cross-premise (single OWAURL for both on-premises and cloud)Exchange Online ArchiveExchange Management Console used to managecross-premrelationship &amp; mailbox migrationsNative mailbox move supports both onboardingand offboardingNo outlook reconfigurationorOST resyncrequired after mailbox migrationOnline Mailbox Move allows usersto start logged into their mailbox while it is being moved to the cloudSecure Mail ensure emails cross-premises are encrypted, and the internalauthheaders are preservedCentralized mailflowcontrol, ensures that all email routes inbound/outbound via On PremisesTodaysFocusExchange Sharing Secure TransportMailbox Move5/29/2012 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.11TechReady11Directory SynchronizationManages online users in Active DirectoryEliminates the need to manage users and groups in two placesPowers unified global address listSimplifies user provisioningEnables rich coexistence scenariosDesigned for single-forest topologiesCustomers Active Directory is the replication master</p> <p>Microsoft OnlineDirectory Service</p> <p>Active Directory</p> <p>DirSync tool runs on local server</p> <p>12Active Directory Federation Services</p> <p>Users are authenticated by local Active Directory Federation Services server.</p> <p>No Microsoft Outlook sign-in tool is required.</p> <p>Active Directory Federation Services 2.0</p> <p>Microsoft OnlineDirectory Service</p> <p>Users dont need to remember separate cloud passwordsAdministrators can retain existing domain security policies</p> <p>Supports multi-factor authentication for Outlook Web AppAllows administrators to block user access outside the corporate network.Requires corporate infrastructure5/29/2012 4:04 PM13Exchange 2010 FederationFederated Sharing provides:Easy setup of external data sharingBroader reach without additional steps to set upMore security with controls for admins and users</p> <p>Federated Sharing is made possible because:Server can act on behalf of a specific userSpecific user identified by email addressUser not prompted for credentialsMicrosoft Federation Gateway acts as a trust brokerReduces explicit point-to-point trust managementNo Active Directory trusts, service ,or cloud accounts to manageMinimizes certificate exchangesVerifies domain ownership14Cross-Premises Free/Busy and Calendar Sharing*Creates the look and feel of a single, seamless organization for meeting scheduling and management of calendarsWorks with any supported Outlook client; the heavy lifting is done by the Exchange Server 2010 CAS servers and the MS Federation Gateway, making this transparent to the end user.</p> <p>*Caution with Exchange 2003 or earlier15Cross-Premises Free/Busy and Calendar Sharing How it Works</p> <p>Ben requests free/busy info for JoeCAS Server finds that Joes mailbox is external and there is a matching Organization Relationship</p> <p>CAS connects to the MFG to request a Delegation TokenCAS Server passes the MFG token and requests Joes free/busy on behalf of BenMFG returns a Delegation TokenFreeBusyRequestFrom BenTo Joe</p> <p>Free/busy info is returned to the CAS ServerJoes free/busy is returned to the Outlook client5/29/2012 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.16TechReady11Cross-Premises MailTipsCreates the look and feel of a single, seamless organization. Correct evaluation of Internal to vs. External to organization contextAllows awareness and correct Outlook 2010 representation of MailTips for size and quantity limits on DGs, etc.</p> <p>17Cross-Premises Message TrackingCreates the look and feel of a single, seamless organizationMessage tracking started from on-premises or from the cloud will track through to the edge of the combined organizationTracking fidelity across Exchange Server 2010 SP1 servers will be identical to fully on-premises organizations (i.e., high fidelity)Tracking fidelity across pre-2010 servers will be identical to fully on-premises organizations (i.e., lower fidelity)</p> <p>18Cross-Premises Mailbox SearchAllows administrators to select/manage mailboxes for mailbox searches from on-premises or cloud-hosted mailboxesGraphical representation allows to differentiate between on-premises and cloud-hosted mailboxes in the pickerSearch results returned across all selected mailboxes, regardless of mailbox location!</p> <p>19Cross-Premises OWA RedirectionSingle URLAllows mailbox access to OWA via a single URL (pointed to on-premises CAS)Ensures a good end-user experience as mailboxes are moved in and out of the cloud, since OWA URL remains unchanged</p> <p>Better cloud log-in experienceLog-in experience can be greatly improved by adding your domain name into your cloud URL so that you can access your cloud mailbox without the interruption of Go There page</p> <p>20Cross-Premises Mail FlowSecure transportRich coexistence adds the ability to preserve internal organizational headers:Allows us to treat a message from the cloud as authenticated. This means we trust the message and resolve the sender to a recipient in the GAL. Restrictions specified for that recipient get honored. When sender is expanded in Outlook, GAL card is opened (not SMTP address).Possible centralized mail flow scenario</p> <p>21Cross-Premises Mail Flow</p> <p>TLSThe Hub/Edge transport certificate subject is mail.contoso.comThe FOPE transport certificate subject is mail.messaging.microsoft.comDomain SecureSecure TLS Connection5/29/2012 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.22TechReady11</p> <p>Cross-Premises Mail Flow</p> <p>Sending Internal Headers to CloudTLS</p> <p>XOORG Data</p> <p>XOORG Data</p> <p>Certificate SubjectIf the outbound email is destined for Exchange Online, XOORG Data is added to the email.FOPE records the senders certificate subject. In this example it is: mail.contoso.comExchange Online verifies cert subject matches the configured value. If cert subject is valid, Exchange promotes XOORG data. Cross-premises emails are authenticated as Internal5/29/2012 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.23TechReady11</p> <p>Cross-Premises Mail Flow</p> <p>Sending Internal Headers to On PremTLS</p> <p>XOORG Data</p> <p>Emails from the cloud are seen as Internal by Transport &amp; Journal RulesXOORG Data</p> <p>If the outbound email is destined for Exchange On Premises, XOORG Data is added to the email.Exchange On Premises verifies cert subject matches the configured value. If cert subject is valid, Exchange promotes XOORG data. 5/29/2012 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.24TechReady11</p> <p>Cross-Premises Mail Flow</p> <p>Centralized mail flow scenarioTLSAll outbound cloud email is sent via on premises</p> <p>Exchange Online to On Premises Connector Address Space = *@*Only Exchange On Premises is allowed to send mail into the cloud5/29/2012 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.25TechReady11Rich CoexistenceFeature summary5/29/2012 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.26TechReady11Federation ScenariosFederation: A very overloaded wordSign-On Scenarios ADFSv2: Fe...</p>