Office 365 Hybrid Deployment; Get Prepared!!
Over the last several months I’ve worked on a few Office 365 deployment projects. In some cases they can be straight forward, but most commonly they are not. This seems to hold particularly true for Hybrid deployments, especially if there are several integration points, network devices such as load balancers, restrictive server access from the Internet, etc.
Although rolling out a Hybrid deployment of Office 365 isn’t straight forward, it doesn’t necessarily have to be difficult. It’s extremely important to have your documentation and proper planning done in advance in order to be prepared for the implementation (as with any project!).
The main difficulties that I’ve run into seem to be that there is no single point of reference for how a Hybrid Deployment should be implemented or what steps need to be taken and in what sequence. The lack of documentation and improper planning can lead to misconfigurations and re-work, which can cause issues and drive up the costs of the project.
Maybe the lack of a single recommended approach is because the deployment can be done in different ways, or because there is a lot of dependency on your current environment and requirements. Whatever the case I thought I’d share my experiences at a high level overview of the steps and tools you should have readily available before starting your Hybrid Deployment with Office 365.
First off, I highly recommend deploying in a test or lab environment first! If you do have several integration points, or if you do have third party devices, such as an F5 load balancer, or an identity solution you’d like to utilize in place of ADFS, you had better make sure they work before moving into production. This type of Proof of Concept (POC) should hold true for any new technology implementation before it touches your production environment, especially for something with such high visibility that touches every user’s desktop like email!
Before starting, you need to look at your current environment and make sure it meets some basic requirements:
- Active Directory forest must be Windows Server 2003 forest functional level or higher
- Existing Exchange 2007 Servers must be SP3 with Update Rollup 9 or later
- Exchange 2010 Hybrid Server must be SP3 with v15 Exchange on-line tenant. This means upgrading all of your Exchange 2010 servers to SP3 if it is your current on-premises solution
- Exchange 2013 Hybrid Server must be CU1 with v15 Exchange on-line tenant. The previous 2 points hold true for this scenario as well, because they are required to have coexistence with Exchange 2013
After you’ve met the requirements above, these are the steps and tools you should consider from a high level perspective:
1. Complete the Exchange Deployment Assistant
2. Sign up for Office 365 Tenant
- I suggest doing your POC with the Office 365 trial so you don’t have to make any unnecessary commitments in regards to licensing. The trial provides 25 licenses and is good for 30 days. If you determine more time is needed just submit a Service Request through your on-line portal and MS will grant you an extension
3. Utilize the Office 365 Deployment Readiness tool. This tool provides analysis of your on-premises environment in preparation for an Office 365 deployment
4. Prepare for SSO and DirSync. Here are a couple good articles to get you started:
5. Configure SSO
6. Setup DirSync
7. Install Exchange 2010 SP3 Hybrid Server with CA & HT Roles, or Exchange 2013 CU1 Server with Mailbox & Client access roles.
8. Implement HA with your Hybrid servers to protect yourself from the repercussions of a single point of failure
9. Configure your new exchange server/s for coexistence if you’re running legacy versions in your production environment
10. Perform testing with the Exchange Remote Connectivity Analyzer. Particularly any ActiveSync and Auto discover tests should all return successful results
11. Configure your Hybrid Deployment for features such as Shared GAL, Free/Busy Sharing, Secure Mail Routing, etc
12. Integrate your on-premises environment with your Office 365 Tenant
13. Configure any policies in Office 365 that aren’t transferred from on-premises, such as ActiveSync, OWA, etc.
If you’ve made it this far most of your networking concerns about your specific environment should be alleviated. Once your Hybrid Deployment is setup you’ll want to perform multiple tests to ensure the base functionality is working as advertised, then you’ll move on to test your integration points. At minimal I suggest performing the following tests, but I encourage you to perform as many tests and as many different types of tests as you deem necessary. It’s better to find any shortcomings of moving to Office 365 now rather than finding out later when you’ve already moved some or all of your organization to the cloud!
- Create test mailboxes
- Test outlook client functionality
- Test mail flow
- Test federated sharing
- Test Availability
- Test GAL Sharing
- Test mailbox move functionality
- Make sure redirects are working
- Test with Remote Connectivity Analyzer Office 365 tools
I hope this article has been helpful for those of you out there considering the move to the cloud! Happy migrations!!