View
944
Download
2
Category
Tags:
Preview:
DESCRIPTION
Training session for MS partner on Office 365 FastTrack deployments
Citation preview
Tommy Clarke
Agenda Workshop Materials & Infrastructure
Housekeeping Notes
Whoami!
Lync: tommy.clarke@ucaware.com
Self employed in UCAware AB Working with Microsoft Unified
Communications and Collaboration in the Cloud or on-prem
Lync MVP (Most Valued Professional)
MCSM: Communications (Microsoft Certified Solutions Master)
Microsoft V-TSP ( b-toclar@microsoft.com )
Lots of other Microsoft Certified…
Traditional deployment methodology
1 2 3 4 5 6 7 8 9 10 11 12 ….
Pre Plan Prepare Migrate Post
Don’t treat cloud like an on-premises deployment
Pre-Deployme
ntPlan Prepare Migrate
Post-Deployme
nt
First Mailbox
No throw away effort “Production pilot”
Full Office 365 User Experience with minimal on-premises requirements
Time to value vs. effort invested
Multiple data migration methods: new mailbox, self-service and IT managed
Identity options: cloud IDs, synchronized IDs and federated IDs
Benefits of Office 365 FastTrack
3 - EnhanceOptional integrationExtend in weeksMeet business needsCustomized to landscape
2 - DeployCore onboardingDeploy in daysCompanywide cloud useIT led migration
1 - PilotFull Office 365 servicePilot in hoursPersist to deploymentUser led migration
First use in hours, Onboarding in days
Pilot complete
Deploy Complete
WhatOffice 365 ServiceExchange, SharePoint, Lync, Office Web Apps, Office 365 ProPlus, Mobile
HowService domainCloud IdentityWeb Client
Office clientSelf Service
WhatAll Pilot Features +Shared namespace, simple coexistence, external sites
HowPilot +IT led migration *Customer domainDirectory sync
Password syncAdmin migrationsOnRamp
WhatDeploy +Federation, Hybrid Delegation, and more
HowDeploy+ *Configure adv. featuresFederated IdentityExchange HybridCorporate app store
SharePoint HybridLync Hybrid3rd party migration tools
Adopt new features
1: Pilot ExperiencePilot the service quicklySign-on
User signs into Office 365 with a Cloud ID (jane@contoso.onmicrosoft.com)
Pilot the new Exchange mailboxMailNew mailbox in the cloudInbox content populated via Connected accountUser sends/receives email as Jane@contoso.comUser PST import option for additional content migration (mail/calendar/contacts)
Pilot the new collaboration toolsCollaborationRun online meetings with any user with computer & app sharing, video conferencing, and PC-to-PC callingCollaborate using SharePoint Online team site and newsfeedsEasily store files in the cloud with SkyDrive Pro and share file with external users
Office across multiple devicesClientsAccess the service via a browser - Office Web Apps across devices and platforms – no client requiredUser self-install of Office 365 ProPlus side-by-side with existing Office client installations
Experience Office anywhereMobileMobile connectivity options are built into the service – just start connecting devicesConnect to Office 365 via mobile devices with Exchange Active Sync for mailPlatform specific mobile apps bring best experience where it makes sense - i.e. OneNote, Lync
Control & manage your pilotAdministrationCentralized administration from the Office 365 admin center in the service. Online management centers for Exchange, SharePoint, and Lync. Service health dashboard to monitor service maintenance and incidents.Service use reporting available in the service admin center including service activity.
Setup on day 1Full use of the serviceUser driven pilotPilot setup continues to step 2 deployLimited on-premises requirements
1: Pilot – what’s requiredWhat you need to connectNetwork
Network access to service from client end points over ports 80 and 443Network bandwidth capacity
Pilot user accessClientsWeb client – minimum browserOffice 365 Pro Plus – clients running Windows 7 +
Simple requirements
Easy to start or stop Connect to existing mail for the pilotMailPOP3 or IMAP4 protocol support for pilot users to use Connected Accounts
2: Deploy Experience – what’s added Integrated identity managementSign-on
Sign-on with the same user and password as on premises
Integrated mail flow and migrationMailGlobal address list Full mail content migration – mail, calendar, contacts
Sharing and working with othersCollaborationLync business partner federationSite governance and provisioning supportSetup of Apps for Office corporate app catalog
IT managed client productivityClientsOffice 365 ProPlus deployed to user desktop via IT process
Managed mobile connectivityMobileSend and receive mail from mobile device as on-prem email
Control & monitorAdministrationData loss prevention configuration (limited)Exchange Online Protection mail protection configuration (limited)
Setup in daysAdds on-premises integrationPilot user and info is sustainedIT driven migrationMail migration that best fits environment
From EX 2010 Mail Servers :Managed mail moves (MRS)Free/busy cross premisesUse existing OST
From EX 2007/03 Mail Servers :Staged mail migrationNew mail file download
From Others:User migration (PST import) or IMAP MigrationNew mail file
2: Deploy – what’s requiredWhat’s RequiredIdentity
Directory Sync server/sAD meets service requirements for hygieneSame password on-prem and in cloud via password sync
What you need to connectNetworkNetwork access to service from client end pointsNetwork bandwidth availabilityAccess to maintain DNS entries for share domains
Required to connect and deployClientsWeb client – minimum browserOffice 365 Pro Plus – clients running Windows 7 +
Unique requirements per mail platformDedicated customer IT teamChange management readiness
Required to setup and migrateMailAdmin access
From EX 2010 Mail Servers :Exchange 2010 SP3Certificates - public
From EX 2007/03 Mail Servers :Outlook Anywhere Access
From Others:PST requirement
3: Enhance- What’s addedAdvanced integrationSign-on
Single sign-on / ADFS3rd Party identity providers – “Works with program”
Advance migration scenariosMailNotes migrationsHybrid Exchange for 2007 or 2003
Advanced integration and solution buildingCollaborationLync or SharePoint hybridSharePoint solutions – including BCS, Duet, etc.
Advanced client management capabilitiesClientsVirtual desktop and virtual application scenarios
Connect to the serviceMobileBlackberry Enterprise Sever integration
Leverage advanced service controlsAdministrationData loss prevention configuration Exchange Online Protection mail protection configuration
Adds scenariosExtended durationsCustomer specific implementationAbility to add to deployed clients at point in the future
Portal.FastTrack.office.com
FastTrack EnablersEngineering service adoption enhancements
OnRamp Setup Toolhttps://onramp.office365.com
IdFix-Dirsync Error Remediation ToolIdentifies and remediates AD object issues that
will fail Windows Azure AD DirsyncBuilt on analysis of Dirsync daily error volumes and is targeted at fixing the majority of errors quickly Provides a datagrid with the ability to scroll, sort and editSuggested fixes are provided for known errorsCustomer change confirmation change and undo/rollback functionalityAvailable for download from TechNet
IdFix-Error classesAcross all objects:
Well know exclusions (“Admini*”, “CAS_{“, etc.) Distinguised name contains “\OACNF:” isCriticalSystemObject
Looks for invalid characters, checks length constraints, format and duplicate values across: c, co, displayName, givenName, Mail, mailNickName, proxyAddress,
sAMAccountName, sn, targetAddress, userPrincipalName
IdFix Tool view
Azure AD Dirsync Scoping OptionsAbility to Dirsync to Windows Azure AD only a subset of your usersOptions for Filtering
OU Domain-based User Attribute
Step-by-Step instructions available on TechNet
Exchange HybridCustomers with Exchange 2010 SP3 or Exchange 2013 on-premises can deploy Exchange Hybrid in Step 2The built in Hybrid Configuration Wizard automates the process and allows hybrid configuration to be completed within timelines and effort requirements of Step 2Details are available on TechNet
Password SyncNew feature of Windows Azure Directory Sync as an alternative to Federated AuthenticationCustomer Benefits:
Customer can use a “single set of credentials” (same username and password) to access both on-premises and online resourcesThis single set of credentials is managed in the customer’s Active Directory and is synchronized with Office 365 (username + password)Password Sync is fully integrated in the Dirsync appliance, no additional sw/hw, or changes to the on-premises AD are requiredNo requirement to deploy and maintain Active Directory Federation Services.Keeps the deployment simple and eliminates IT costs associated with ADFS
Password Sync SecurityDoes not require nor access the user’s plain text password.No requirement for AD reversible encrypted format.AD user password hash is hashed again using a non-reversible encryption function and digest is synchronized into Azure AD. The digest in Azure AD cannot be used to access resources in the customer’s on-premises environment.
Password Sync Key Password Policies
Password Sync is one-way synchronization from on-premises to the cloudPassword Complexity Policy implemented in the On-Premises AD is the master policyPassword Expiration Policy on the Azure AD is set to “Never Expire” Password Expiration and sync to Azure AD is driven by on-premises events
Password Sync FastTrack EAP DetailsCurrent Password Sync EAP build only supports single Forest environments Customers must redeploy DirSync to the final GA releaseCustomer must be willing to engage in feedback activities with the Product GroupAs the binaries are pre-release code, the customer will need to sign legal agreements (TAP)
Explore FastTrack
FastTrack Deployment
http://FastTrack.Office.com
FastTrack Data SheetsQuick reference guide
Office 365 Capability Matrix per Deployment StepKey Capabilities Step 1 – Pilot Step 2 – Deploy Step 3 - Extend
Identity
Identity Sign On Cloud IDs Corporate AD user account with same password via Password Sync
Corporate AD user account and password via ADFS Option for Integration
with “Works with O365” Identity Providers
Option for Shibboleth Integration
Active Directory Remediation
Not applicable IdFix Dirsync Error Remediation Tool
IdFix Dirsync Error Remediation Tool
Custom Engagement
Office 365 Capability Matrix per Deployment StepKey Capabilities Step 1 – Pilot Step 2 – Deploy Step 3 - Extend
Exchange
Global Address List Cloud Users Dirsync Users Dirsync users FIM 2010 via O365
connector
Calendar Free/Busy sharing
Cloud Users Dirsync Users (req. Ex 2010 SP3)
Dirsync Users Exchange Federation to
other O365 or Exchange
Corporate Email Yes via “connected accounts”
Yes via Corporate Domain add a
Data Migration Options
User driven migrations via connected accounts (mail only)
User driven PST import (mail/calendar/contacts)
User Driven IT Driven via Staged
Migration or Hybrid Exchange (req. Ex 2010 SP3)
Hybrid Exchange for 2010, 2007 or 2003 on-premises
IBM Notes Migration Option
OWA / Full Outlook a a a
Mobile via Active Sync
Cloud Email Address (Send From)
Corporate Email Address Option for BlackBerry BCS
Corporate Email Address
Option for BlackBerry BCS
Office 365 Capability Matrix per Deployment StepKey Capabilities Step 1 – Pilot Step 2 – Deploy Step 3 - Extend
Lync
IM & P a a a
Online Meetings a a a
Video Conferencing a a a
PC and Application Sharing
a a a
Mobile Lync Clients a a a
Skype Federation (Summer ‘13)
a a a
Lync External Federation a a
Lync Hybrid Option aLync Hybrid Voice Option a
Office 365 Capability Matrix per Deployment StepKey
CapabilitiesStep 1 – Pilot Step 2 – Deploy Step 3 - Extend
SharePoint
Team Sites a a a
Sky Drive Pro a a a
External Sharing a a a
Office Web Apps a a a
Public Site with Corporate DNS
a a
SharePoint Solutions (BCS, Duet)
a
Click-to-Run Office 2013 Prof Plus
Self-Serve for Pilot Users Self-Serve for Dirsync Users
IT Managed Deployment
Self-Serve for Dirsync Users
IT Managed Deployment
Office 365 Customer Effort per Deployment StepEffort Step 1 – Pilot Step 2 – Deploy Step 3 - Extend
Number of Users 25 to 250 Up to Office 365 Licenses Up to Office 365 Licenses
Level of Effort Low Medium High
No on-premises components SMTP/POP needed for
connected accounts experience
Dirsync Appliance Dirsync scoping optional AD Remediation (IdFix
Dirsync Error Remediation Tool available)
Option for Exchange Hybrid configuration if Ex 2013 SP3 On-Prem via Configuration Wizard
Dirsync Appliance – or- O365 Connector for FIM
ADFS Infrastructure and Capacity Planning
Exchange Hybrid configurations via HCW and Manual steps as required per Exchange version
Lync Hybrid Option Lync Hybrid Voice Option
Ignite
Office 365 Technical Blog
Thank You!!!
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Recommended