Slides from European SharePoint Conference 2013 in Copenhagen. In this session, we will focus on various hybrid scenarios, which possibilities you have on your way to the cloud and how you can manage your hybrid world. What common questions should be answered for hybrid solutions?
5. What is Hybrid?
• Split Workload between On-Premises and the cloud
• Some users of Exchange, SharePoint or Lync are in the cloud where others
stay on-prem.
6. Reasons for Hybrid Solutions
High Flexibility
Cloud on your terms
Fast Move to the cloud is not possible
business or technical reasons
Workloads
Split workloads between services
Compliance and security reasons
you decide which data will move to the cloud
7. Hybrid: 2 possible Scenarios
Migration to the Cloud
Hybrid helps in transitioning
Permanent Hybrid Model
Hybrid-solution stays in the enterprise
(for a longer time, maybe „forever“)
8. Hybrid to help migrations
Flexibility in
Migration in your desired speed – low impact on
users and on your current infrastructure
Deployment of
Piloting the whole
company
Online Services with some T Users
est
Transfer of
Workloads, users
or sites in the
cloud for a pilot or
a staged Migration
On-Premises
Deployment of
Usern or Sites
9. Permanent Hybrid Model
Customers have the choice to have users
on-prem or in the cloud Move of workloads
users, sites to the
Manage Users and services on-prem and online, depending on your enterprise
cloud for specific
T secure existent investments on prem.
o reasons. Hybrid as a
Easy on- and offboarding of Exchange Mailboxes between on-prem permanent model
and Office 365.
Migration of remote users for better performance
Data Hosting in specific regions because of compliance or security
Migration to the Cloud on your terms
On-Premises
Deployment of
users or sites
10. Online and On-Premises Features
Hybrid deployments keeps your flexibility for Support of Features,
please check back on public availability of Office 365 vnext
Not available Features** Not available Features** Not available Features**
• Hierarchical address book • Central administration • Voice to PSTN*
and segmenting of your
Global Adress book • Full-trust Code • Enterprise Voice and PBX
• Language support of
Exchange VoiceMail
• Customized OWA
Templates, Logos and
add-ins
• old APIs
**List is subject to change, depending on service updates
13. Deployment Planning
Identity
Source Server Size
Management
Exchange Large On-Premises
IMAP Medium Single Sign-
Lotus Small On
Notes On-Cloud
Google
Hybrid Provisioning
Hybrid DEPLOYMENT DirSync
Exchange PLAN Bulk
sharing Migration Provisioning
features solution is part of
the plan
14. Architecture
Bronze Sky customer Trust Federation
premises Gateway
Exchange
Online
Active Directory Authentication
Federation platform SharePoint
Server 2.0
IdP
Online
IdP MS Online Provisioning
Directory Sync
Directory Lync
AD platform
Store Online
Service
connector
Admin Portal
15. Core identity scenarios with Office 365
Cloud identity with
Cloud identity directory synchronization Federated identity
Single identity in the cloud Suitable Single identity Single federated identity
for small organizations with no suitable for medium and credentials suitable
integration to on-premises and large organizations without for medium and large
directories federation* organizations
16. Federation options
Shibboleth
Works with AD Works with AD & Non-AD Works with AD & Non-AD
Suitable for medium, large enterprises Suitable for medium, large enterprises Suitable for educational organizations j
including educational organizations including educational organizations
Recommended where customers may use
Recommended option for Active Directory Recommended where customers may use existing non-ADFS Identity systems
(AD) based customers existing non-ADFS Identity systems with AD or
Non-AD Single sign-on
Single sign-on
Single sign-on Secure token based authentication
Secure token based authentication Secure token based authentication Support for web clients and outlook only
Support for web and rich clients Support for web and rich clients
Microsoft supported for integration only,
Microsoft supported Third-party supported no shibboleth deployment support
Works for Office 365 Hybrid Scenarios Requires on-premises servers, licenses & Requires on-premises servers & support
support
Requires on-premises servers, licenses & Works with AD and other directories on-
support Verified through ‘works with Office 365’ premises
program
Works for Office 365 Hybrid Scenarios
17. Exchange Hybrid
On-Premises Cloud Service
Coexistence
Single sign on
ADFS
Rich Coexistence
+
Microsoft will regularly deliver new
features and capabilities to SharePoint
Online
18. Hybrid Deployment
On-premises organization: at least
Exchange Server 2007
One Exchange Server 2013 CAS Server
Directory Synchronization (DirSync) installed and
working
Autodiscover and working public DNS record
Exchange Web Services and Autodiscover reachable,
public certificate
Federation trust with Microsoft Federation Gateway
19. Summary of Migration Options *
IMAP Migration
Cutover migration
Staged migration
IMAP migration
Simple Migrations
Supports wide range of email platforms
2010 Hybrid
2013 Hybrid
Email only (no calendar, contacts, or tasks)
Cutover Exchange Migration (CEM)
Good for fast, cutover migrations
No migration tool or computer required on-premises
Exchange 5.5 ●
Staged Exchange Migration (SEM) Exchange 2000 ●
No migration tool or computer required on-premises Exchange 2003 ● ● ● ●
Requires Directory Synchronization with on-premises AD ● ● ● ● ●
Exchange 2007
Exchange 2010 ● ● ● ●
Hybrid Deployment ● ● ●
Hybrid
Exchange 2013
Manage users on-premises and online Notes/Domino ●
Enables cross-premises calendaring, smooth migration, and GroupWise ●
easy off-boarding ●
Other
19
20. Hybrid – Stages vs. Hybrid
Feature Staged Hybrid
Mail routing between on-premises and cloud (recipients on either side) ● ●
Mail routing with shared namespace (if desired) - @company.com on both sides ● ●
Unified GAL ● ●
Free/Busy and calendar sharing cross-premises ●
Mailtips, messaging tracking, and mailbox search work cross-premises ●
Exchange Sharing
OWA Redirection cross-premise (single OWA URL for both on-premises and cloud) ●
Exchange Online Archive ●
Exchange Management Console used to manage cross-premises relationship & mailbox migrations ●
Native mailbox move supports both onboarding and offboarding ●
Mailbox Move
No outlook reconfiguration or OST resync required after mailbox migration ●
Online Mailbox Move allows users to start logged into their mailbox while it is being moved to the cloud ●
Secure Mail ensure emails cross-premises are encrypted, and the internal auth headers are preserved ●
Secure Transport
Centralized mailflow control, ensures that all email routes inbound/outbound via On Premises ●
20
21. Hybrid Features
True SSO experience
Free/Busy sharing
One Address Book
22. Hybrid Features
Switch between on-prem and
Office 365
Manage users in one interface
Hybrid Config Wizard helps in
configuration
23. SharePoint Hybrid
On-Premises Cloud Service
Coexistence
Single sign on
ADFS
Rich Coexistence
Reverse Proxy*
+
Complete control and ownership of Microsoft will regularly deliver new
hardware, maintenance, resources, features and capabilities to SharePoint
and administration Online
24. Decision making
Hybrid Model fits Hybrid Model possible, but take care
•Split workloads and features (Features, who are not yet •Compliance or security
avalable in the cloud and/or on prem) •Complex Auditing
•Current investments in (z.B. custom code solutions) •Custom Code
•Network performance
•No central adminsitration
•Sandboxed Solutions
•Search between Office365 and On-Prem
•NAPA
26. Non-SharePoint Configuration Tasks
These non-SharePoint things need to
be configured to support hybrid
– Reverse Proxy and certificate authentication*
– Identity Provider (ADFS or Shibboleth or Third Party
for O365)
– MSOL T ools
– SSO with O365
– Dirsync
* Only required if you are consuming on-prem data in o365. You don’t HAVE to
do both directions – you can “only” consume o365 data on-prem, or only on-
prem data in o365
28. Reverse Proxy and Authentication*
Manage Requests
When using hybrid features O365 sends requests from sites in the cloud to your on-prem
farm
Reverse Proxy
You need to establish a reverse proxy for these calls to be channeled through to secure the
process.
Authenticate
Those requests can be authenticated at the reverse proxy before they are forwarded to
SharePoint
Public Certificate
SharePoint supports using a certificate for authenticating to the reverse proxy server when
sending a request
29. SharePoint Configuration Tasks
These things need to be configured in
SharePoint to support hybrid
– New SharePoint STS T oken Signing Certificate (replace with Public one
Set-SPSecurityTokenServiceConfig with –ImportSigningCertificate )
– Configure a trust between SharePoint on-prem and ACS
– Try out Search or BCS!
31. About me
Publications
Martina Grom
CEO atwork
Blogger
Consulting
mg@atwork.at
blogs.technet.com/austria
Microsoft Office365 Blog
cloudusergroup.at
@magrom