Office 365 in a hybrid world

1. Office 365 in a hybrid worldMartina Grom, Office 365 MVP, atwork @magrom

2. AgendaOffice 365 componentsDemoWhat is hybrid?Architecture AgendaWhy Hybrid?Common migration scenarios

3. Office 365 | What is it?Latest productivity services running in Microsoft’s cloud

4. Office 365 for Enterprises4

5. What is Hybrid?• Split Workload between On-Premises and the cloud• Some users of Exchange, SharePoint or Lync are in the cloud where others stay on-prem.

6. Reasons for Hybrid SolutionsHigh FlexibilityCloud on your termsFast Move to the cloud is not possiblebusiness or technical reasonsWorkloadsSplit workloads between servicesCompliance and security reasonsyou decide which data will move to the cloud

7. Hybrid: 2 possible ScenariosMigration to the CloudHybrid helps in transitioningPermanent Hybrid ModelHybrid-solution stays in the enterprise(for a longer time, maybe „forever“)

8. Hybrid to help migrationsFlexibility inMigration in your desired speed – low impact onusers and on your current infrastructure Deployment ofPiloting the whole companyOnline Services with some T Users est Transfer of Workloads, users or sites in the cloud for a pilot or a staged Migration On-Premises Deployment of Usern or Sites

9. Permanent Hybrid ModelCustomers have the choice to have userson-prem or in the cloud Move of workloads users, sites to theManage Users and services on-prem and online, depending on your enterprise cloud for specificT secure existent investments on prem. o reasons. Hybrid as aEasy on- and offboarding of Exchange Mailboxes between on-prem permanent modeland Office 365.Migration of remote users for better performanceData Hosting in specific regions because of compliance or securityMigration to the Cloud on your terms On-Premises Deployment of users or sites

10. Online and On-Premises FeaturesHybrid deployments keeps your flexibility for Support of Features,please check back on public availability of Office 365 vnext Not available Features** Not available Features** Not available Features** • Hierarchical address book • Central administration • Voice to PSTN* and segmenting of your Global Adress book • Full-trust Code • Enterprise Voice and PBX • Language support of Exchange VoiceMail • Customized OWA Templates, Logos and add-ins • old APIs **List is subject to change, depending on service updates

11. Matrix of Hybrid Scenarios

12. Plan your Deployments „can we do it on a weekend?“

13. Deployment Planning Identity Source Server Size Management Exchange Large On-Premises IMAP Medium Single Sign- Lotus Small On Notes On-Cloud Google Hybrid Provisioning Hybrid DEPLOYMENT DirSync Exchange PLAN Bulk sharing Migration Provisioning features solution is part of the plan

14. Architecture Bronze Sky customer Trust Federation premises Gateway Exchange Online Active Directory Authentication Federation platform SharePoint Server 2.0 IdP OnlineIdP MS Online Provisioning Directory Sync Directory Lync AD platform Store Online Service connector Admin Portal

15. Core identity scenarios with Office 365 Cloud identity with Cloud identity directory synchronization Federated identitySingle identity in the cloud Suitable Single identity Single federated identityfor small organizations with no suitable for medium and credentials suitableintegration to on-premises and large organizations without for medium and largedirectories federation* organizations

16. Federation options ShibbolethWorks with AD Works with AD & Non-AD Works with AD & Non-ADSuitable for medium, large enterprises Suitable for medium, large enterprises Suitable for educational organizations jincluding educational organizations including educational organizations Recommended where customers may useRecommended option for Active Directory Recommended where customers may use existing non-ADFS Identity systems(AD) based customers existing non-ADFS Identity systems with AD or Non-AD Single sign-onSingle sign-on Single sign-on Secure token based authenticationSecure token based authentication Secure token based authentication Support for web clients and outlook onlySupport for web and rich clients Support for web and rich clients Microsoft supported for integration only,Microsoft supported Third-party supported no shibboleth deployment supportWorks for Office 365 Hybrid Scenarios Requires on-premises servers, licenses & Requires on-premises servers & support supportRequires on-premises servers, licenses & Works with AD and other directories on-support Verified through ‘works with Office 365’ premises program Works for Office 365 Hybrid Scenarios

17. Exchange HybridOn-Premises Cloud Service Coexistence Single sign on ADFS Rich Coexistence + Microsoft will regularly deliver new features and capabilities to SharePoint Online

18. Hybrid DeploymentOn-premises organization: at leastExchange Server 2007One Exchange Server 2013 CAS ServerDirectory Synchronization (DirSync) installed andworkingAutodiscover and working public DNS recordExchange Web Services and Autodiscover reachable,public certificateFederation trust with Microsoft Federation Gateway

19. Summary of Migration Options * IMAP Migration Cutover migration Staged migration IMAP migration Simple Migrations Supports wide range of email platforms 2010 Hybrid 2013 Hybrid Email only (no calendar, contacts, or tasks) Cutover Exchange Migration (CEM) Good for fast, cutover migrations No migration tool or computer required on-premises Exchange 5.5 ● Staged Exchange Migration (SEM) Exchange 2000 ● No migration tool or computer required on-premises Exchange 2003 ● ● ● ● Requires Directory Synchronization with on-premises AD ● ● ● ● ● Exchange 2007 Exchange 2010 ● ● ● ● Hybrid Deployment ● ● ● Hybrid Exchange 2013 Manage users on-premises and online Notes/Domino ● Enables cross-premises calendaring, smooth migration, and GroupWise ● easy off-boarding ● Other19

20. Hybrid – Stages vs. Hybrid Feature Staged Hybrid Mail routing between on-premises and cloud (recipients on either side) ● ● Mail routing with shared namespace (if desired) - @company.com on both sides ● ● Unified GAL ● ● Free/Busy and calendar sharing cross-premises ● Mailtips, messaging tracking, and mailbox search work cross-premises ● Exchange Sharing OWA Redirection cross-premise (single OWA URL for both on-premises and cloud) ● Exchange Online Archive ● Exchange Management Console used to manage cross-premises relationship & mailbox migrations ● Native mailbox move supports both onboarding and offboarding ● Mailbox Move No outlook reconfiguration or OST resync required after mailbox migration ● Online Mailbox Move allows users to start logged into their mailbox while it is being moved to the cloud ● Secure Mail ensure emails cross-premises are encrypted, and the internal auth headers are preserved ● Secure Transport Centralized mailflow control, ensures that all email routes inbound/outbound via On Premises ● 20

21. Hybrid Features True SSO experience Free/Busy sharing One Address Book

22. Hybrid Features Switch between on-prem and Office 365 Manage users in one interfaceHybrid Config Wizard helps in configuration

23. SharePoint Hybrid On-Premises Cloud Service Coexistence Single sign on ADFS Rich Coexistence Reverse Proxy* +Complete control and ownership of Microsoft will regularly deliver newhardware, maintenance, resources, features and capabilities to SharePoint and administration Online

24. Decision makingHybrid Model fits Hybrid Model possible, but take care•Split workloads and features (Features, who are not yet •Compliance or security avalable in the cloud and/or on prem) •Complex Auditing•Current investments in (z.B. custom code solutions) •Custom Code•Network performance•No central adminsitration•Sandboxed Solutions•Search between Office365 and On-Prem•NAPA

25. Hybrid for SharePointSharePoint SearchSharePoint: BCSSharePoint: other servicesExchange IntegrationLync Integration

26. Non-SharePoint Configuration TasksThese non-SharePoint things need tobe configured to support hybrid – Reverse Proxy and certificate authentication* – Identity Provider (ADFS or Shibboleth or Third Party for O365) – MSOL T ools – SSO with O365 – Dirsync * Only required if you are consuming on-prem data in o365. You don’t HAVE to do both directions – you can “only” consume o365 data on-prem, or only on- prem data in o365

27. Environment Configuration Office 365 Reverse Proxy and Certificate Auth UAG Dirsync MSOL Tools Identity Provider Dirsync and Tools Servers ADFS Servers MSOL Tools SharePoint Servers

28. Reverse Proxy and Authentication*Manage RequestsWhen using hybrid features O365 sends requests from sites in the cloud to your on-premfarmReverse ProxyYou need to establish a reverse proxy for these calls to be channeled through to secure theprocess.AuthenticateThose requests can be authenticated at the reverse proxy before they are forwarded toSharePointPublic CertificateSharePoint supports using a certificate for authenticating to the reverse proxy server whensending a request

29. SharePoint Configuration TasksThese things need to be configured inSharePoint to support hybrid– New SharePoint STS T oken Signing Certificate (replace with Public one Set-SPSecurityTokenServiceConfig with –ImportSigningCertificate )– Configure a trust between SharePoint on-prem and ACS– Try out Search or BCS!

30. Links• Exchange Deployment Options whitepaper http://www.microsoft.com/download/en/details.aspx?id=18206• Hybrid SharePoint Environments with Office 365 Whitepaper http://aka.ms/oht1dx• Exchange Server Hybrid Deployment http://technet.microsoft.com/en-us/library/hh852414.aspx• Deployment Readiness Tool http://community.office365.com/en-us/f/183/p/2285/8155.aspx• Office 365 Deployment Guide for Enterprises http://technet.microsoft.com/en-us/library/hh852466.aspx• Office 365 Service Descriptions http://technet.microsoft.com/en-us/library/jj819284.aspx

31. About me Publications Martina Grom CEO atwork Blogger Consulting mg@atwork.atblogs.technet.com/austriaMicrosoft Office365 Blog cloudusergroup.at @magrom