Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Exchange Online
Hybrid Coexistence
Presenter name
Presenter role
This training package is proprietary and confidential, and is intended only for uses described in the training materials. Content and software is provided
to you under a Non-Disclosure Agreement and cannot be distributed. Copying or disclosing all or any portion of the content and/or software included in
such packages is strictly prohibited.
The contents of this package are for informational and training purposes only and are provided "as is" without warranty of any kind, whether express or
implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
Training package content, including URLs and other Internet Web site references, is subject to change without notice. Because Microsoft must respond
to changing market conditions, the content should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the
accuracy of any information presented after the date of publication. Unless otherwise noted, the companies, organizations, products, domain names, email addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product,
domain name, e-mail address, logo, person, place, or event is intended or should be inferred.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject
matter in this document. Except as expressly provided in written license agreement from Microsoft, the furnishing of this
document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of
this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means
(electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
For more information, see Use of Microsoft Copyrighted Content at
http://www.microsoft.com/about/legal/permissions/
Microsoft, Internet Explorer, Outlook, SkyDrive, Windows Vista, Zune, Xbox 360, DirectX, Windows Server and
Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
Other Microsoft products mentioned herein may be either registered trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries. All other trademarks are property of their respective owners.
Overview
Objectives
Overview of a
Hybrid
Deployment
What is a
Hybrid
Deploymen
t
Hybrid
Deploymen
t Benefits
Federation Trust
Integrated
Admin
Experience
Manage all of your daily Exchange tasks, be it onpremises or in Exchange Online, from one central
location, the Exchange Admin Center
Native Mailbox
Move
Secure Mail
Flow
Hybrid
Coexistenc
e Feature
Comparison
Hybrid
Deploymen
t
Prerequisite
s
Hybrid
Deploymen
t Exchange
Requiremen
ts
10
Hybrid
Server
Roles
11
Hybrid
Deploymen
t
Limitations
12
Managing
Exchange
in Hybrid
mode
13
Hybrid Deployment
Implementation
and Architecture
14
Collaboratio
n Before
Exchange
2010
Federated
Delegation
Microsoft
Federation
Gateway
17
Federation
Trust
18
Federation
Trust
Example
20
Organizatio
n
Relationshi
ps
Organizatio
n
Relationshi
ps
(continued)
22
Hybrid
Server
With the configuration of a Hybrid deployment the onpremises Exchange 2010/2013 server designated for this
purpose is now referred to as a hybrid server
Hybrid servers are a requirement for hybrid deployments:
The server needs to be Exchange 2010 SP3 or Exchange
2013
The hybrid server enables messaging features and
message delivery between your on-premises and
Exchange Online organizations
Communicates with the Exchange Online servers using
exchange web services over HTTPS and SMTP over TLS
23
Hybrid
Server
License
The server cannot be used for any other purposes other than
bridging the on-premises Exchange environment with Exchange
Online
24
Coexistenc
e Domain
25
Hybrid
Configurati
on Process
relationships
Remote domains
Accepted domains
Email address policies
Send/Receive connectors
EOP inbound/outbound
connectors
MRSProxy
Prerequisite checks
26
Before
Running the
HCW
Sign up
for Office
365
Register
your
domains
with
Office
365
ID Fix
and
Deploy
Office
365
Directory
Sync
Install
Exchang
e 2013
CAS &
MBX
Servers
Publish
the CAS
Server
(Assign
SSL
certificat
e,
firewall
rules)
Exchange specific
deployment tasks
27
Run the
Hybrid
Wizard
The Hybrid
Configurati
on Engine
28
Running the
HCW
The following general steps are performed when the HCW is run:
Verifies prerequisites and performs topology checks:
Checks both on-premises and EXO organizations Exchange versions
Checks DirSync presence as well as Federated and accepted domains
Checks existing federation trust, organization relationships and
Exchange certificates
Testing Account credentials:
HCW ensures the accounts have the appropriate permissions and are
members of the Organization Management role group both onpremises and Office 365
Creates the Hybrid Configuration object:
Hybrid configuration data is stored in AD under the configuration
container and is created when the New-HybridConfiguration cmdlet is
called by the HCW
This object contains the configuration settings chosen during the HCW
29
Hybrid
Configurati
on Object
30
New
New organization
organization
level
level tab
tab that
that
contains
the
contains the
Hybrid
Hybrid
Configuration
Configuration
Object
Object
Exchange
2010
Hybrid
Configurati
on Wizard
End
End to
to end
end wizard
wizard
that
that guides
guides you
you
through
each
through each step
step
of
of configuring
configuring
hybrid
hybrid
31
New
New Hybrid
Hybrid section
section
within
within the
the Exchange
Exchange
Admin
Admin Center
Center that
that
contains
the
Hybrid
contains the Hybrid
Configuration
Configuration Object
Object
Exchange
2013
Hybrid
Configurati
on Wizard
End
End to
to end
end wizard
wizard that
that
guides
you
through
guides you through
each
each step
step of
of configuring
configuring
hybrid
hybrid
32
Hybrid
Deployment
Improvemen
ts in
Exchange
Server 2013
Adaptive HCW
Drive mailbox moves (in any direction) from the one location
using EAC
33
Troubleshooti
ng Hybrid
Configuration
Located under:
<Exchange Install Directory>\Logging\Update-HybridConfiguration
The log will contain a record of each cmdlet run, the start and end time,
and also any errors that may have been thrown in the process
The Update-HybridConfiguration cmdlet calls many other cmdlets
Clients
Office 365
autodiscover.contoso.c
om
mail.contoso.com
Autodiscover &
EWS SMT
P
E2010 or E2010 or
2007 Hub 2007 CAS
E201
3 CAS
SP/RU
Exchange
2010 or 2007
Servers
SP/RU
Intranet site
6
E2010
or
2007
MBX
E2013
MBX
Example
Hybrid
Topology
37
On-premises user
SMTP:paul@contoso.c
om
Microsoft Federation
Gateway
5. Generate token
7. Obtain free/busy
information
Hybrid Server
/ews
On-Prem to O365 Org Relationship
Domain: contoso.mail.onmicrosoft.com.com
Endpoint: https://outlook.com/EWS
Contoso
Ex2013 CAS
6. Authenticate with token and
submit free/busy request
9. Return free/busy
/ews
Consideratio
ns for
Exchange
Server 2003
Mailboxes
The RPC Client Access Service running on the Hybrid server intercepts any
Free/Busy request destined for this folder and routes it to the Availability Service
The Availability Service detects it is a request for Office 365
The request is passed to the destination Client Access Server in Exchange Online
The response is placed back as a message in the External
(FYDIBOHF25SPDLT) public folder for Outlook to consume and is cached for 15
minutes
39
Troubleshootin
g Organization
Relationships
Verifies that there is an organization relationship in place onpremises and that Exchange can successfully perform external
lookups
Verifies that the organization relationship has a configured
TargetAutodiscoverEPR value, and verifies that Exchange can
resolve the AutoDiscover settings
Retrieves Federation information from the MFG including certificate
status information
If the -UserIdentity parameter is specified, verifies that the
organization relationship is in place for the users SMTP addresses
and that Exchange can request delegation tokens for those users
Tests delegation tokens
40
Trusted and
Secure Mail
Flow
Secure Mail
Third Party
Email
Security
System
Internet
External Recipient
MX resolves
MX is
Outbound
toYou
on-canto
switched
Exchange
premises
Exchange
choose to
Online
traffic
gateway
Online
route
isProtection
delivered
outbound
direct
on-premises
mail via EOP
Exchange Online
Protection
Secure Mail
Encrypted & Authenticated Mail Flow
David
Exchange
On-premises
Mailbox
On-Premises
Organization
Chris
Cloud
Mailbox
42
Exchange Online
Hybrid
Transport
Options
Centralized
Transport
Third Party
Email
Security
System
Internet
External Recipient
Secure Mail
Encrypted & Authenticated Mail Flow
David
Exchange
On-premises
Mailbox
On-Premises
Organization
MXAllresolves
email in
MX is
to
onand out
of the
switched
to
premises
Exchange
Exchange
gateway
Online
tenant
Online
must go via
Protection
on-premises
Exchange Online
Protection
Chris
Cloud
Mailbox
Exchange Online
44
Mailbox
Migrations
45
Component
s Used for
Mailbox
Moves
46
Mailbox
Migration
47
The Remote
Mailbox
Move
Process
48
Outlook
And Mailbox
Migrations
Outlook detects the mailbox has been moved and prompts the
user to close and reopen Outlook
Outlook then performs an AutoDiscover lookup against the
email domain found in the TargetAddress attribute of the
user which will resolve to Exchange Online
Outlook updates the users Outlook profile automatically with
the new connection details
The mailbox move persists the msExchMailboxGUID which
means no .ost resynchronization needs to occur post mailbox
move
49
SoftDeleted
Mailboxes
50
OffBoarding
Mailboxes
52
Module
Review
53
Module
Summary
In
55
2013
2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks
in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of
this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and
Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION