Monday, November 12, 2018

Office 365 Hybrid Deployment with Exchange 2016

A hybrid deployment offers organizations the ability to extend the feature-rich experience and administrative control they have with their existing on-premises Microsoft Exchange organization to the cloud. A hybrid deployment provides the seamless look and feel of a single Exchange organization between an on-premises Exchange organization and Exchange Online in Microsoft Office 365.


Exchange hybrid deployment featureshttps://docs.microsoft.com/en-us/exchange/exchange-hybrid#exchange-hybrid-deployment-features

A hybrid deployment enables the following features:
  • Secure mail routing between on-premises and Exchange Online organizations.
  • Mail routing with a shared domain namespace. For example, both on-premises and Exchange Online organizations use the @domain.com SMTP domain.
  • A unified global address list (GAL), also called a "shared address book."
  • Free/busy and calendar sharing between on-premises and Exchange Online organizations.
  • Centralized control of inbound and outbound mail flow. You can configure all inbound and outbound Exchange Online messages to be routed through the on-premises Exchange organization.
  • A single Outlook on the web URL for both the on-premises and Exchange Online organizations.
  • The ability to move existing on-premises mailboxes to the Exchange Online organization. Exchange Online mailboxes can also be moved back to the on-premises organization if needed.
  • Centralized mailbox management using the on-premises Exchange admin center (EAC).
  • Message tracking, MailTips, and multi-mailbox search between on-premises and Exchange Online organizations.
  • Cloud-based message archiving for on-premises Exchange mailboxes. Exchange Online Archiving can be used with a hybrid deployment.

A hybrid deployment involves several different services and components:
  • Exchange 2016 Servers-   The Exchange 2016 Mailbox server role is required in your on-premises Exchange organization. All on-premises
    Exchange 2016 servers need to have the latest release of Exchange 2016, or the release immediately prior to the current release, installed to support hybrid functionality with Office 365.
  • Office 365-   Hybrid deployments are supported with Office 365 Enterprise, Government and Academic plans.
  • Hybrid Configuration wizard-   Exchange 2016 includes the Hybrid Configuration wizard which provides you with a streamlined process to
    configure a hybrid deployment between on-premises Exchange and Exchange Online organizations.
  • Azure AD authentication system-   The Azure Active Directory (AD) authentication system is a free cloud-based service that acts as the trust broker between your on-premises Exchange 2016 organization and the Exchange Online organization. On-premises organizations configuring a hybrid deployment must have a federation trust with the Azure AD authentication system.
  • The Hybrid Configuration wizard as part of configuring a hybrid
    deployment creates the federation trust. A federation trust with the Azure AD authentication system for your Office 365 tenant is automatically configured when you activate your Office 365 service account.
  • Azure Active Directory synchronization-   Azure AD synchronization uses Azure AD Connect to replicate on-premises Active Directory information for mail-enabled objects to the Office 365 organization to support the unified global address list (GAL) and user authentication.
    Organizations configuring a hybrid deployment need to deploy Azure AD Connect
    on a separate, on-premises server to synchronize your on-premises Active Directory with Office 365.
  • Active Directory Federation Services- AD FS provides simplified, secured identity federation and Web single sign-on (SSO) capabilities for end users who want to access applications within an AD FS-secured enterprise, in federation partner organizations, or in the cloud.
  • Web Application Proxy Server- The Web Application Proxy under the Remote Access role that allows administrators to securely publish applications for external access. This service acts as a reverse proxy and as an Active Directory Federation Services (AD FS) proxy.

Hybrid infrastructure
  • Following components are required to configure hybrid.

Exchange Server 2016 with Mailbox Role
EXCH2016
Exchange Server 2016 with Edge Transport Role
EXCH2016EDGE
Windows Server 2016 with Azure Active Directory Connect (AAD Connect) Installed
AADCONNECT
Active Directory Federation Server(s)
ADFS2016
Web Application Proxy Server in perimeter
EDGE2016
Domain Controller running on minimum Windows Server 2008 R2
DC01
Office 365 Subscriptions with default domain configured i.e. Service tenant FQDN
A.    Domain.onmicrosoft.com
Accepted Domain in Office 365 and On-premises
A.    Domain.com
On-premises domain type
Authoritative
Office 365 Domain Type
Internal Relay
User principal name domain and Microsoft Online ID domain
@domain.com
External Azure AD Connect with AD FS FQDN
a.      sts.domain.com
On-premises Autodiscover FQDN
A.    Autodiscover.domain.com
Office 365 Autodiscover
A.    Autodiscover.outlook.com
  • Configuring Hybrid Exchange Server


Step1: Add and validate primary Email domain to Office 365
Step2: Setup Primary SMTP Domain to Internal Relay
Step3: Configure Active Directory synchronization
Step4: Create Federation with Azure Active Directory
Step5: Verify tenant configuration
Step6: Install Edge Transport server
Step7: Configure Edge servers
Step8: Configure DNS
Step9: Firewall Configuration
Step10: Configure Exchange Web Services
Step11: Configure MRS Proxy
Step12: Configure Exchange certificates
Step13: Run Hybrid Configuration wizard
Step14: Send Connector and Receive Connector Configuration on the on-premises server
Step14: Create a test mailbox
Step15: Move or create mailboxes
Step16: Test hybrid deployment connectivity

1 comment:

  1. Great Article
    Cloud Computing Projects


    Networking Projects

    Final Year Projects for CSE


    JavaScript Training in Chennai

    JavaScript Training in Chennai

    The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

    ReplyDelete