Organizations are feeling the shift to the hybrid cloud as leading publishers such as Microsoft pushes their cloud platforms. Executive management is left pondering what solutions can be cloud based and how to integrate them into existing IT investments without significant effort and cost. Microsoft has created a number of hybrid options that allow companies to selectively migrate enterprise solutions or build new apps that use cloud services while maintaining an on-premises infrastructure. Spend an hour learning about Microsoft's Cloud stack and 3 trending Hybrid scenarios built on top of it. Hybrid Identity, Hybrid Storage and Hybrid Exchange will be discussed in this session.

1. Take a Leap into the Connected Cloud
3 Trending Hybrid Scenarios
Gina Montgomery, V-TSP, MCTS, MCP
Microsoft Strategic Director

2. Introductions Today’s
Workplace
Scenario 3:
Hybrid Storage
Scenario 2:
Hybrid Identity
Scenario 1:
Hybrid Exchange

3. Introductions:
www.ginamontgomery.com
Gina.Montgomery@Softmart.com
/in/ginaMMontgomery

4. Softmart Roots
• Founded in 1982
• Headquarters in USA:
Outside Philadelphia, Pennsylvania
• Privately Held
• Global Reseller of Everything IT
• Awarded Microsoft Operational
Excellence for 7 consecutive years
• Recipient of Microsoft Platinum Award
4 years in a row
• 30+ Sales Offices in U.S.
First to sell a
customized
Microsoft
• Microsoft Managed Partner – Mid-Atlantic
Select
Agreement
1993
First to sell a
customized
Microsoft
Enterprise
Agreement
First to sell an 1994
extended
Microsoft
Enterprise
Agreement
2005
Wrote the
largest Microsoft
Enterprise
Agreement in the
world for US Army
800,000

5. Introductions Today’s
Workplace
Scenario 3:
Hybrid Storage
Scenario 2:
Hybrid Identity
Scenario 1:
Hybrid Exchange

6. Microsoft Cloud Thought Leadership Session
Business Drivers
Focus on core value-added activities and stay competitive
Respond quickly to changes in business and customer needs

7. The Modern Workplace

8. Take a Leap into the Connected Cloud
Scenario 1: Hybrid Exchange
Gina Montgomery, VTSP, MCTS, MCP
Microsoft Strategic Director

9. Business Drivers - Exchange Online
Globally redundant data
centers
$3bn+ investment
in cloud infrastructure
Simplify the management of your
messaging environment and alleviate
many of the burdens that come with
maintaining on-premises hardware and
software.
.
Use built-in DLP templates to keep
your users in compliance with your
organization’s regulations & policies.
Microsoft Office 365 Thought Leadership Session
Empower your users with a large
mailbox to allow them the flexibility
to retain email in their primary
mailbox or move items to an In-
Place Archive.

10. Microsoft Office 365 Thought Leadership Session
More Exchange Online Business Drivers
Built-in capabilities and customer controls
Security Best-in-class security with over a decade of experience building Enterprise software & online services
Physical and data security with access control, encryption and strong authentication
Security best practices like penetration testing, defense-in-depth approach to protect against cyber-threats
Unique customer controls with Rights Management Services to empower customers to protect information
Compliance Commitment to industry standards and organizational compliance
Enable customers to meet global compliance standards in ISO 27001, EUMC, HIPAA, FISMA
Contractually commit to privacy, security and handling of customer data through Data Processing Agreements
Admin Controls like Data Loss Prevention, Legal Hold, E-Discovery to enable organizational compliance
Privacy Privacy by design with a commitment to use customers’ information only to deliver services
No mining of data for advertising
Transparency with the location of customer data, who has access and under what circumstances
Privacy controls to regulate sharing of sites, libraries, folders and communications with external parties

11. Delegated authentication
for on-premises/cloud
web services
Enables free/busy,
calendar sharing,
message tracking &
online archive
Online mailbox moves
Preserve the Outlook
profile and offline folders
Leverages the Mailbox
Replication Service (MRS)
Manage all of your
Exchange functions,
whether cloud or on-premises
from the
same place: Exchange
Admin Center
Authenticated and encrypted mail
flow between on-premises and
the cloud
Preserves the internal Exchange
messages headers, allowing a
seamless end user experience
Support for compliance mail flow
scenarios (centralized transport)

12. On-premises Exchange organization
Office 365 Active
Directory synchronization
Existing Exchange environment
(Exchange 2007 or later)
Exchange 2013
client access &
mailbox server
Office 365
User, contacts, & groups via dirsync
Secure mail flow
Sharing (free/busy, Mail Tips, archive, etc.)
Mailbox data via Mailbox Replication Service (MRS)

13. Sign up for
Office 365
Register
your
domains
with Office
365
Deploy
Office 365
Directory
Sync
Install
Exchange
2013 CAS
& MBX
Servers
(Edge opt)
Publish the
CAS Server
(Assign SSL
certificate,
firewall
rules)
Run the
Hybrid
Wizard
Exchange specific deployment
tasks (deep dive on next slide)
General Office 365 deployment tasks

14. From an existing Exchange 2007 or 2010 environment—no Edge Transport server
autodiscover.contoso.com
mail.contoso.com
E2010 or
2007 Hub
E2010 or
2007 CAS
SP3/RU10 SP3/RU10
E2010 or 2007 MBX
E2013 CAS
E2013 MBX
Exchange 2010 or 2007 Servers
Intranet site
Internet-facing site
1. Prepare
Install Exchange SP and/or updates across the ORG
Prepare AD with E2013 schema
2. Deploy Exchange 2013 servers
Install both E2013 MBX and CAS servers
Set an ExternalUrl and enable the MRSPRoxy on the Exchange
Web Services vdir
3. Obtain and deploy Certificates
Obtain and deploy certificates on E2013 CAS servers
4. Publish protocols externally
Create public DNS A records for the EWS and SMTP
endpoints
Validate using Remote Connectivity Analyzer
5. Switch autodiscover namespace to E2013 CAS
Change the public autodiscover DNS record to resolve to
E2013 CAS
6. Run the Hybrid Configuration Wizard
7. Move mailboxes
EWS SMTP

16. On-Premises Exchange Organization
Desired
state
Hybrid Configuration Engine
I n t e r n t
Step 1
Step 2
Step 3
Step 4
Step 5
Exchange Server Level
Configuration
(Mailbox Replication Service
Proxy, Certificate Validation,
Exchange Web Service
Virtual Directory Validation,
& Receive Connector)
Exchange
Management
Tools
Organization Level
Configuration
Objects
(Exchange Federation Trust,
Organization Relationship,
Forefront Inbound
Connector, & Forefront
Outbound Connector)
Domain Level
Configuration
Objects
(Accepted Domains &
Remote Domains)
Hybrid
Configuration
Object
Domain Level
Configuration Objects
(Accepted Domains,
Remote Domains, &
E-mail Address Policies)
Organization Level
Configuration Objects
(Exchange Federation Trust,
Organization Relationship,
Availability Address Space,
& Send Connector)
1
2 4 5
5
4
The Update-HybridConfiguration
cmdlet triggers the Hybrid
Configuration Engine to start.
The Hybrid Configuration Engine
reads the “desired state” stored
on the HybridConfiguration
Active Directory object.
The Hybrid Configuration Engine
connects via Remote PowerShell
to both the on-premises and
Exchange Online organizations.
The Hybrid Configuration
Engine discovers topology data
and current configuration from
the on-premises Exchange
organization and the Exchange
Online organization.
Based on the desired state,
topology data, and current
configuration, across both the
on-premises Exchange and
Exchange Online organizations,
the Hybrid Configuration Engine
establishes the “difference” and
then executes configuration
tasks to establish the “desired
state.”
Remote
Powershell
Remote
Powershell

18. Certificate based attribution for mail flow connectors - no more static IP address lists
Explicit TLS certificate selection
- Avoids certificate conflicts
Remote domains no longer required for secure mail
- Simpler configuration and troubleshooting

19. External recipient
DAVID
On-premises mailbox
Exchange
CHRIS
Cloud mailbox
Third Party Email
Security System
Secure Mail
Encrypted &
authenticated mail flow

20. All email between Exchange on-premises and Exchange Online is encrypted and authenticated
Internal mail flow going from Exchange to Exchange must go direct and not through 3rd party
gateways
External (Internet) mail can be routed to wherever you choose – on premises, 3rd party service, EOP
The MX record for the domain controls where inbound external email is received
The hybrid wizard’s “OnPremisesSmartHost” property controls the flow of internal mail from
Exchange Online to Exchange on-premises
The FQDN defined within OnPremisesSmartHost can be:
A single Exchange 2013 CAS or 2010 Edge server
Multiple round robin Exchange 2013 CAS or 2010 Edge servers
Multiple load balanced Exchange 2013 CAS or 2010 Edge servers (recommended)
If you want outbound email from on-premises to the Internet to go through EOP you need to
create an extra “*.*” send connector that forwards all mail to EOP

21. External recipient
DAVID
On-premises mailbox
Exchange
CHRIS
Cloud mailbox
Third-party email
security system
Secure Mail
Encrypted &
authenticated mail flow

24. Exchange Admin Center (EAC) is your
one stop shop for managing
Exchange Server 2013 on-premises,
your Exchange Online tenant, hybrid
settings, and mailbox migrations
EAC is 100% browser based, so you
can manage on-premises and cloud
from anywhere (subject to your
access controls)
Support for a merged recipient views
for helpdesk staff
Exchange Admin Center provides a
single consolidated set of Exchange
Notifications across all premises
33

26. Take a Leap into the Connected Cloud
Scenario 2: Hybrid Identity
Gina Montgomery, VTSP, MCTS, MCP
Microsoft Strategic Director

27. Business Drivers – Hybrid Identity
Create a centralized
identity across on-premises
and cloud
Simplify the management of your
messaging environment and alleviate
many of the burdens that come with
maintaining on-premises hardware and
software.
.
Use built-in DLP templates to keep
your users in compliance with your
organization’s regulations & policies.
Microsoft Cloud Thought Leadership Session
Empower your users with a large
mailbox to allow them the flexibility
to retain email in their primary
mailbox or move items to an In-
Place Archive.

28. The time to
address enterprise
mobility is now

29. Microsoft Cloud Thought Leadership Session
Introducing: Azure Active Directory Premium
Built on top of a free offering.
Robust set of capabilities for empowering enterprises with demanding
identity and access management needs.
Usage rights for Microsoft Forefront Identity Manager server licenses and CALs.
TAKE ADVANTAGE OF A
DIRECTORY IN THE CLOUD
Group-based application access
assignment and provisioning to
thousands of Software-as-a-Service
(SaaS) applications for single sign-on.
Company branding.
Enterprise SLA of 99.9 percent.
EMPOWER USERS
Self-service password reset.
Delegated group management.
MONITOR AND PROTECT
ACCESS TO APPLICATIONS
Security reports based on machine
learning.
Application usage reports.
Multi-factor authentication.
http://azure.microsoft.com/en-us/gallery/active-directory/#all

30. Microsoft Azure Active Directory Premium
Pre-integrated for Single Sign On (SSO) to over 500 popular SaaS apps
Easily add custom cloud-based apps.
Connect to your on-premises Windows Server Active Directory
Many apps, one
identity repository
Manage identities
and access to cloud
apps
Monitor and protect
access to enterprise
apps
Enable users
Comprehensive identity and access management console
Centralized management for assigning access to applications with groups
Secure business processes with advanced access management capabilities
Security reporting to track inconsistent access patterns
Included Multi-Factor authentication capabilities
Advanced machine-learning-based reporting
Consistent experience for SSO – the access panel
Tenant branded access panel
Self service password reset
Microsoft Enterprise Mobility Suite Thought Leadership Session

31. Microsoft Cloud Thought Leadership Session
Azure Active Directory Free vs. Premium
Azure AD Free (O365) Azure AD Premium
Directory as a service Up to 500,000 objects No limit
User and group management
Single sign-on for pre-integrated SaaS and custom applications 10 apps per user No limit
Microsoft Directory Synchronization Tool
(Windows Server Active Directory extension)
User-based access management and provisioning
Group-based access management and provisioning
Self-service group management for cloud users
Self-service password change for cloud users
Self-service password reset for cloud users
Security reports
Advanced security reporting (based on machine learning)
Usage reporting
Company branding
(logon pages and Access Panel customization)
Multi-factor authentication (all available features on Windows Azure
and on-premises environments)
Service-level agreement (SLA)
Forefront Identity Manager CAL + Forefront Identity Manager Server

33. Take a Leap into the Connected Cloud
Scenario 3: Hybrid Storage
Gina Montgomery, VTSP, MCTS, MCP
Microsoft Strategic Director

34. Microsoft Azure Thought Leadership Session
Microsoft Azure is a cloud computing platform and infrastructure for
building, deploying and managing applications and services through a
global network of Microsoft-managed datacenters.
Microsoft Azure:
• Supports many different programming languages, tools and frameworks,
including both Microsoft & third-party software and systems.
• What does this mean? – Azure supports Oracle, Linux, PHP, WordPress,
etc…

35. Microsoft Azure
An open and flexible cloud platform that enables you to
quickly build, deploy, and manage solutions across a global
network of Microsoft-managed datacenters.
• Build applications using Usage-based services
any language, tool, or
App
framework
services
• Integrate public cloud
solution with the existing
Compute
IT environment
• 99.95% monthly SLA
Storage
• Automatic OS and
service patching
Network
Caching Identity Service bus Media CDN Integration HPC Analytics
Virtual
machines Websites
Cloud
services
Mobile
services
SQL
database HDInsight Tables
Blob
storage
Connect
Virtual
network
Traffic
manager
Microsoft Azure Thought Leadership Session

36. Microsoft Enterprise Mobility Suite Thought Leadership Session
Introducing Microsoft’s Cloud OS vision
Global reach, scale and security business demands
One consistent platform across multiple premises
Extend existing IT and developer skillsets to cloud
Customer
Service
Provider
Microsoft
ONE
Consistent
Platform

37. Microsoft Cloud Thought Leadership Session
Business Drivers - Azure Storage
• Cloud Storage - Anywhere and anytime access
 Blobs, Disks, Tables and Queues
• Highly Durable, Available and Massively Scalable
 Easily build “internet scale” applications
 900K request/sec on average (2.3+ trillion per month)
 10 trillion stored objects
• Pay for what you use!
• Exposed via easy and open REST APIs
• Client libraries in .NET, Java, Node.js, Python, PHP, Ruby

38. Microsoft Cloud Thought Leadership Session
Azure Storage Options
• Blobs – Simple interface to store and retrieve files in
cloud
 Data sharing – share documents, pictures, video, music,
etc.
 Big Data – store raw data/logs
 Backups – data and device backups
• Disks – Network mounted durable disks for VMs in
Azure
 Mounted disks are VHDs stored in Azure Blobs
 Move on-premise applications to cloud

39. Microsoft Cloud Thought Leadership Session
Azure Storage Options
• Tables –Massively scalable and extremely easy to use
NoSQL system that auto scales
 Key-value lookups at scale
 Store user information, device information, any type of
metadata for your service
• Queues – Reliable messaging system
 Decouple components/roles
 Web role to worker role communication
 Allows roles to scale independently
 Implement scheduling of asynchronous tasks
 Building process/workflows

41. Questions?