Virtual Vision


Hello everyone
I will talk a little about office 365 here and I will try to make it as short and useful as possible
I will cover the below main areas

  • office 365 features benefits and concerns
  • office 365 migration types
  • office 365 hybrid e mail flow
  • office 365 and Azure


It is always the IT and organizations aim, make life easy, reduce cost and maintenance overhead, you get this by hosting your e mail service fully or partially on Microsoft”s data centers, you will have an admin portal to manage your users and all the things you used to manage on your on premise exchange, but you will not get your hands dirty configuring the severs and DAG and CAS and making sure your system is highly available, Microsoft is going to do that for you, not only that you do not need to worry about keeping your exchange up to date, you will not need to call a consultant to come and do a migration or upgrade for you and get all the $$$ just set back and relax Microsoft will keep your exchange up to date

I must admit that you don”t get the same control over the exchange as you used to with the on premise so yes you lose this, for example sometimes you will need to ask Microsoft to do some configurations for you because you don”t have the upper hand on the system resources now

Office 365 becomes very handy when it comes to productivity and people connecting from anywhere any time, think about it as your Hotmail account all what you need is internet and you are ready to go! internet this brings us to a bottle nick we need to take care of, if you lose internet connection in your head office, users will not complain that they are not able to browse only they will not be able to send e mails even to each other (in a fully cloud scenario) in other words their outlook and OWA is out of service so you need to have a redundant internet connections to be in a better situation

Finally office 365 doesn’t give you e mail only, it gives you lync. web apps and share point as will. Depending on the licensees you have (per user).


So you want to move to office 365 – you have 3 ways methods

1. cut-over migration, useful for small organizations or non Microsoft e mail solutions as google apps, all what you need to do here is to get your tenant account ready, purchase the licenses, start creating the users and assigning the licenses then you are ready to migrate the mailboxes, creating the users can be done using CSV files for bulk users creation, migrating the mailboxes will be done using a CSV file as will, but you need to reset the google apps users password to include that in the file (this is the only way Microsoft migration tool can access google mailbox and start COPYING the e mails), Microsoft will keep syncing the mailboxes data between google apps and o365 every 24 hours, you can change the MX records now to point to o365 and the sync will continue until you remove the batch from the o365 admin portal

what if you are migrating from an exchange environment? in this case you will be having active directory right? , good here you have 2 options, create a separate user account for your employees and they will use that for the e mail – we call it cloud identity – and follow the same steps above for google apps example. or you can use the same active directory user by introducing ADFS (active directory federation service) that will be used to authenticate the cloud users, users information will be synced by a service called dirsync, this user will be called – federated identity – this will allow us to use SSO (single sign on) and the user will not have to remember 2 credentials one for the e mail and one for the active directory

2. staged migration, is used for exchange 2003 / 2007 – this will be suitable for bigger organizations to give more time for moving the mailboxes, why 2003 and 2007? because these 2 doesn’t support the hybrid setup, this is the 3rd and last type of migration

3. hybrid migration that supports 2010 and 2013, again for bigger organizations that needs more time moving to the cloud, you need to configure one of your exchange severs as a hybrid server or you can build a new one, here you need to have the below main components:

A. ADFS and make it highly available (NLB) this will be used to authenticate uses in the local network

B. ADFS proxy and make it highly available (NLB) this will be used to authenticate users from outside the network – to be more secure – and typically will be in your perimeter network

C. Dirsync services – this will be used to sync the changes you do in your active directory because the federated domain on the cloud is just read only so you need to push the changes there, don”t forget no passwords will be synced – by default a sync will happen every 3 hours but you can either change that or force the replication now keeping in mind the bandwidth utilized for that, that is why Microsoft kept it as 3 hours by default 🙂 – this process is done using FIM – forefront identity management

*remember it is one way sync – from the on premise to the cloud*


here we have 3 types as will

A. centralized: e mails sent to and from on premise users or the cloud users to and from the internet has to pass through my on premise exchange severs – the MX record is still pointing to the on premise exchange, yes it is more traffic and the email will be doing more hubs but organizations choose this type mostly for compliance reasons or policies

B. decentralized: incoming internet e mails will have to pass through the on premise 1st, still we have the MX record pointing to on premise exchange , the deference here is with the outgoing e mails, from the on premise mailboxes sure it will have to go through the on premise right, but for the cloud users it will be routed directly from the internet (cloud) to the recipients on the internet so no need for it to come all the way from the internet to the on premise and then back to the internet

wait i am talking here about the internet e mail flow what about from on premise users to the cloud users – because we are on hybrid here right – which means we have users on premise and other users hosted in the cloud , i did not forget that in all cases centralized or decentralized your on premise exchange organization and the cloud exchange origination are acting as one organization and e mails get exchanged directly

here comes the decentralized diagram

ok one more moment here man, how we can configure this centralized or decentralized, from router or switch , non of them when you run the hybrid configuration wizard on the exchange sever the last step you will see it is asking you weather you want to route e mail using public dns severs (this is the decentralized) or you want it to be done over the on premise (this is the second option)

what is the default ? the decentralized, want so more blabla. ok this is done using send and receive connectors created by the hybrid configuration wizard, they will be created both on your local exchange severs and on FOPE on the cloud, what is FOPE? forefront online protection for exchange 🙂 better keep it nice and short ya , ok i will stop here

C. MX to the cloud:

from its name in this setup we will not have our MX record on premise anymore, we will create an MX record on our domain public DNS that will point the e mails to the Microsoft office 365, you can find this record on the o365 admin portal on the domains tab under DNS settings and you can test if it published correctly after you are done creating it by clicking troubleshoot domain from the same place on the admin portal, remember it could take about 72 hours to be fully published on the internet, mostly it will only take 2 – 4 hours

ok before you get board lets finish this, last point i want to talk about i promise


azure means blue sky :), it is Microsoft”s full cloud solution something equivalent to cloudstack from citrix , simply you create a VPN gateway on your local network that connects you to Microsoft”s Azure, then you can start buying resources, i mean severs and they will be a part of you domain, you can even host your domain controller there on the cloud hopping that it wont rain 🙂

what this has to do with office 365 ? when we talked about the hybrid setup which is the most complicated setup and most liked by customers we mentioned that we need the ADFS and the Dirsync right? ok think about this with me, we are on the cloud now and we are happy for the high availability and all, most or some of our users are on the cloud so we don”t have to worry about them accessing or receiving e mils right ? well half of it is right yes they can receive e mail even if our corporate data center or connection is down but remember they need the ADFS to accesstheir mailboxes and the ADFS is located in our corporate DC, that is why we came with the idea of having the ADFS severs on the Azure so we make sure we are really capable to use office 365 mailboxes a way from our corporate servers / network availability not only that we can keep the dirsync and one DC over there as will so we are in good shape even if the corporate DC is out for a long time, you got me you can even have your DR on Azure