Introduction
I recently wrote two blogs recently on SharePoint Online and Lync Online Hybrid. I figured I complete this out and write some notes on Exchange Online hybrid with Exchange 2013.
The reason why I started off with SharePoint and Lync Hybrid was because there were some major advances with the new 2013 platform being released. Exchange Hybrid has already been a fairly robust solution even before the 2013 release. There are still improvements to be talked about and some good resources you should have.
In this blog I will capture some of the new changes to Exchange Hybrid good resources you should be aware of for planning.
Resource
The best resource to reach is the Exchange Server 2013 Hybrid Deployments Whitepaper - http://technet.microsoft.com/en-us/library/jj200581.aspx. This covers all the details for setting up hybrid.
What is Exchange Hybrid?
Exchange Hybrid allows organizations to host Exchange servers on-premise that are connected to Exchange Online in Office 365. Organizations have the ability to share the same domain space across they hybrid environment and route inbound/outbound email securely between both environments. With Exchange hybrid there is a unified GAL, free/busy is shared, unified messaging, mailboxes can be moved between environments, centralized mailbox management across environments, messaging tracking, mailbox search across environments, etc.
Why Hybrid?
In most cases, the goal of going to the cloud is to remove all on-premise mail servers. In many cases, organizations are able to achieve that. However there can be scenarios that organizations may encounter that may require keeping some mail servers running in hybrid. Two most common are running an extended migration where customers want to slowly move to the cloud or the customer may have a server side add-in that needs to be maintained for a period of time which cannot run in Exchange Online. I have seen scenarios where there are scenarios where there are policies that customers must support which does not allow them to have certain mailboxes reside in the cloud, while everyone else can.
Whatever the scenario is, Office 365 and Exchange Online support this allowing customers some real flexibility when moving to the cloud.
Solution Architecture
This solution architecture has been around for a while. To recap at a high level:
- DirSync – This needed to support the unified GAL across both environments. The organization’s AD will be synchronized to the cloud.
- ADFS – Used to authenticate users in the cloud using their on-premise credentials and domain. Single Sign On is not required, but highly recommended when implementing Exchange Hybrid.
- Microsoft Federation Gateway – Is the trust broker between the two environments.
- CAS / Edge Server Connection – On-premise an Exchange CAS or Edge Transport server can be connected to the cloud instance. Here is more information about the server the transport server you would configure to run with the cloud - http://technet.microsoft.com/en-us/library/hh134662.aspx.
- Mailbox / CAS Server - There are pre-requisites you must consider when setting up this hybrid. One important one is ensuring both the CAS and Mailbox servers that are running in hybrid are running at the right level. For instance is possible to have an Exchange 2007 or later org on-premise but will require the correct level Mailbox/CAS server also be added to the farm on-premise. Please review the prerequisites for details - http://technet.microsoft.com/en-us/library/hh534377.aspx.
What’s New?
Now let’s get to what is new. Actually it is listed here in detail - http://technet.microsoft.com/en-us/library/jj200790(v=exchg.150).aspx – but I will summarize.
- Right out of the gate, we are no longer referring to Exchange hybrid as “rich co-existence”, we are just referring it to Exchange Hybrid J
- Hybrid configuration tools have been consolidated and streamlined to make the configuration simple.
- As you know FOPE has been replaced Exchange Online Protection (EOP). EOP has new features that allow for easier connection configuration between on-premise and the cloud. EOP is the endpoint that is connected to and you no longer have to configure a static IP address. We now have forced TLS configured between the two end points.
- New support options for routing inbound and outbound email based on the location of the MX record.
- Etc.
Planning
This entire whitepaper is filled with very important articles. However when doing your planning, especially on how you want do your mail routing, the following articles two articles are a must read: http://technet.microsoft.com/en-us/library/jj659055(v=exchg.150).aspx and http://technet.microsoft.com/en-us/library/jj659050(v=exchg.150).aspx. The big decision you have is where you want to have your MX record reside. You can have it remain on-premise or have it point to EOP. Both have considerations where are discussed in these articles.
Deployment
As I mentioned, there is a ton of information located off here - http://technet.microsoft.com/en-us/library/jj200581(v=exchg.150).aspx. There is information about prerequisites, considerations, routing, server topologies, deployment steps, and management considerations.