Office 365 Hybrid Deployment and Migration - Introduction Part 1
Office 365Hybrid Deployment and Migration Part 1 - Introduction
This is the documentation for the Online discussion we conducted on Office 365.
Recording of the session is available on
https://www.youtube.com/playlist?list=PLQupF2rE3mCf0S482zpjXOkttyePGgopr&feature=view_all
Here we discussed about.
Exchange Hybrid Deployment and Migration with Office 365
- E-mail Deployment Options
- Preparing to Deploy
- The Microsoft Online Services Directory Synchronization tool
- Mail Routing
- Migration Methods and Tools
- Move requests with the Mailbox Replication Service (MRS)
- Cutover Exchange migration
- Staged Exchange migration
- IMAP e-mail migration
- PST Capture
- Third-party solutions
And Lets start with an Introduction.
E-mail Deployment Options for Exchange Online
Hybrid deployment
Mailboxes for your organization can reside on-premises in an Exchange organization and in the cloud. In the hybrid deployment scenario, messaging functionality is seamless across the on-premises deployment and the cloud deployment. For the full list of supported features.
This hybrid deployment scenario can also include single sign-on, which lets users use their existing Active Directory on-premises credentials to access all on-premises and cloud resources.
All mailboxes in the cloud
If your long-term goal doesn’t require messaging functionality that spans cross-premises, you should plan to move all your mailboxes to the cloud. It may take a week or maybe months to complete the migration, but it’s the best option if your long-term goal is to migrate all your mailboxes to the cloud.
Preparing to Deploy Exchange Online
Things to consider
- Identity management
- Microsoft Online Services Directory Synchronization tool
- Mail routing
- Migration methods and tools
Identity management
- Non-Federated identity
- Single sign-on or Federated Identity
Non-Federated identity
Here all users with mailboxes in the cloud use Office 365-generated credentials to access their Office 365 resources.
You can use directory synchronization to automatically provision users from the on-premises Active Directory. Either way, ultimately, credentials are generated and managed by Office 365.
If you have an on-premises identity management system such as Active Directory, users will have a set of credentials for their Office 365 resources and a set of credentials for their on-premises resources.
The advantage of a non-federated identity management solution is that there is less overhead in deploying and setting up your identity solution.
The disadvantage to a non-federated identity solution for organizations that still maintain user resources on-premises is that the user experience is fractured and requires more user education about credential management.
Single sign-on or Federated Identity
When you deploy single sign-on, all users with mailboxes in the cloud use their existing on-premises Active Directory credentials to access both cloud and on-premises resources.
You enable this by installing an AD FS server(s) in your on-premises organization.
Advantage
Users don’t need to use different set of credentials.
Policy control
The administrator can control account policies through Active Directory, which gives the administrator the ability to manage password policies, workstation restrictions, lock-out controls, and more, without having to perform additional tasks in the cloud.
Access control
The administrator can restrict access to Office 365 so that the services can be accessed through the corporate environment, through online servers, or both.
Advantage
Reduced support calls
Forgotten passwords are a common source of support calls in all companies. If users have fewer passwords to remember, they are less likely to forget them.
Security
User identities and information are protected because all of the servers and services used in single sign-on are mastered and controlled on-premises.
Support for strong authentication
You can use strong authentication, also called two-factor authentication, with Office 365.
The disadvantage of single sign-on is that you have to install new servers also involves more cost.
Why Single sign-on or Federated Identity?
Single sign-on is recommended, though not required, in the hybrid deployment scenario.
Single sign-on may also be a good solution for some large organizations that plan to migrate all mailboxes to Office 365 over many months.
NOTE
Single sign-on with AD FS requires Active Directory on-premises.
Single sign-on requires that you install and run the Microsoft Online Services Directory Synchronization tool.
If you deploy AD FS and directory synchronization then you got to perform staged Exchange migration, cut over migration is not possible.
Difference between Staged and Cut Over Exchange Migration will be discussed later.
The Microsoft Online Services Directory Synchronization tool
- Primarily used to synchronize
- Global Address List
- Support complex routing scenarios
- Provision users in a cross-premises deployment
By default, the Directory Synchronization tool synchronizes one-way from the on-premises directory to the cloud directory.
To enable following features of hybrid deployment, you must grant write access to the Directory Synchronization tool to synchronize some messaging-related user data back into the on-premises Active Directory.
- Archiving on-premises mailboxes to the cloud
- Moving mailboxes from the cloud to the on-premises Exchange organization
- Synchronizing user-managed safe sender and blocked sender lists from the cloud
- Synchronizing voice mail notifications from the cloud
Directory synchronization is required for the following: hybrid deployment; single sign-on; and staged Exchange migration.
Mail Routing
Generally in a hybrid deployments your MX Record will be pointed to your on-premises Exchange system as the authoritative domain.E-mail to cloud-based recipients is then relayed from the on-premises Exchange organization to the cloud.
You can also configure routing for hybrid deployments in such a way that the MX record points to the cloud as the authoritative domain.
NOTE:
Both cutover Exchange migration and staged Exchange migration manage short-term e-mail synchronization during the migration phase.
Cutover Exchange migration synchronizes e-mail using subscriptions until migration is complete.
Staged Exchange migration routes e-mail by stamping the cloud target address on the on-premises mailboxes.
Migration Methods and Tools
- Move requests with the Mailbox Replication Service (MRS)
- Cutover Exchange migration
- Staged Exchange migration
- IMAP e-mail migration
- PST Capture
- Third-party solutions
Move requests with the Mailbox Replication Service (MRS)
The Microsoft Exchange Mailbox Replication Service (MRS) resides on all Exchange 2010 Client Access servers and is responsible for mailbox moves
- Importing and exporting .pst files
- Restoring disabled and soft-deleted mailboxes.
Move requests require a hybrid deployment.
Move requests let you move mailboxes back and forth between your on-premises Exchange organization and the cloud. You do this in the Exchange Management Console.
Cutover Exchange migration
Cutover Exchange migration is for organizations that have fewer than 1,000 mailboxes and want to move all mailboxes to the cloud in a single operation.
Use E-Mail Migration in the Exchange Control Panel to access the tool.
NOTE:
Cutover Exchange migration only supports Exchange 2003 or later.
If you are running older versions of Exchange, you have to use IMAP e-mail migration or a third-party solution.
If you are running Exchange and have more than 1,000 mailboxes, consider using staged Exchange migration.
If you plan to deploy single sign-on, run cutover Exchange migration first, and then set up single sign-on (and directory synchronization after the migration is complete). Running directory synchronization before you run cutover Exchange migration will cause the migration to fail.
Staged Exchange migration
Staged Exchange migration is for larger organizations or organizations that want to migrate mailboxes to the cloud over time.
In this scenario, you can migrate some mailboxes to the cloud while maintaining the rest of the mailboxes in your on-premises organization.
Use E-Mail Migration in the Exchange Control Panel to access the tool.
NOTE:
Staged Exchange migration has been designed for organizations that plan to move all on-premises Exchange mailboxes to the cloud eventually.
Staged Exchange migration only supports Exchange 2003 or Exchange 2007.
If you are running older versions of Exchange, you have to use IMAP e-mail migration or a third-party solution.
If you are running Exchange 2010, you must implement a hybrid deployment and use move requests to migrate.
Staged Exchange migration requires directory synchronization.
If you plan to deploy single sign-on as part of your long-term deployment plan, set up single sign-on and directory synchronization before you run the staged Exchange migration.
IMAP e-mail migration
IMAP e-mail migration is designed as a fallback e-mail content migration tool for a wide variety of e-mail servers.
If you are running Exchange 2000 Server or Exchange Server 5.5 Service Pack 4, or any other compliant IMAP server, such as Gmail, IMAP e-mail migration is an option.
Use E-mail Migration in the Exchange Control Panel and a CSV file.
PST Capture
Another method for migrating mailbox items to cloud mailboxes is Microsoft Exchange PST Capture.
PST Capture lets you search for and collect PST files on computers in your on-premises organization and then import the PST files to cloud mailboxes.
Note that you can also use PST Capture to import PST files to on-premises primary or archive mailboxes.
Third-party solutions
- Binary Tree
- BitTitan
- Cemaphore
- Quest
- Metalogix
- MigrationWiz
etc - Discussion on these tools will be out of scope of this documentation.
Please find the slides as attached.
Thanks you all for spending your valuable time.
[Video]
Road2Master - Hybrid Deployment and Migration with Office 365 - PART 1.pdf
Comments
- Anonymous
January 01, 2003
Hi, thanks for the artcile and the slides!