Before You Configure an Exchange 2010 Hybrid Deployment
Applies to: Exchange Server 2010 SP1
Configuring a hybrid deployment in your organization provides many benefits. However, to enjoy those benefits, you'll need to first do some careful planning. Before you go any further with the Exchange Server Deployment Assistant, we urge you to review this entire topic to make sure that you fully understand how configuring a hybrid deployment could affect your existing network and Exchange organization.
Important
To successfully configure your organization for hybrid deployment, you must create a cloud-based organization in the Microsoft Office 365 for enterprises service. We’ll give you instructions to sign up for Office 365 later in the checklist.
What is a hybrid deployment?
In the Deployment Assistant, a hybrid deployment is when you create a new cloud-based Exchange organization in Office 365 for enterprises and then connect it to your existing on-premises Exchange 2010 organization by configuring an existing Exchange 2010 server as a hybrid server. After configuring the hybrid server, you can enable the following features between the organizations:
Mail routing
Mailbox moves
Shared global address list (GAL)
Shared calendar and free/busy information
Message tracking, MailTips, and Multi-mailbox search
Learn more at: Understanding Hybrid Deployment
Example Hybrid Deployment Scenario
Take a look at the following figure. It's an example topology that provides an overview of a typical Exchange 2010 deployment. Contoso, Ltd. is a single-forest, single-domain organization with two domain controllers, one Exchange 2010 server with the Mailbox, Client Access, and Hub Transport server roles installed, and a single Edge Transport server. Remote Contoso users use Outlook Web App to connect to Exchange 2010 over the Internet to check their mailboxes and access their Outlook calendar.
By the way, the name of the organization in this example, Contoso, Ltd., is also used throughout the Deployment Assistant. When you're working through the steps in your checklist, remember to replace the references to contoso.com with your organization's domain name.
Existing Contoso on-premises organization
Let's say that the network administrator for Contoso is interested in configuring a hybrid deployment and decides to use the Exchange Server Deployment Assistant. The admin answers "Yes" to each of the initial questions posed by the Deployment Assistant. After completing the hybrid deployment checklist, the new topology has the following configuration:
Users will use their existing network account credentials for logging on to the on-premises and cloud-based organizations.
User mailboxes located on-premises and in the cloud-based organization will use the same e-mail address domain. For example, mailboxes located on-premises and mailboxes located in the cloud-based organization will both use @contoso.com in user e-mail addresses.
All mail is delivered to the Internet by the on-premises organization. The on-premises organization controls all messaging transport and serves as a relay for the cloud-based organization.
On-premises and cloud-based organization users can share calendar free/busy information with each other. Organization relationships configured for both organizations also enable cross-premises message tracking, MailTips, and message search.
On-premises and cloud-based users use the same URL to connect to their mailboxes over the Internet.
Using those answers, the Admin begins to work through the hybrid deployment checklist that's tailored to Contoso. After completing the checklist, Contoso has the following organization configuration.
Configuration of Contoso hybrid deployment
If you compare Contoso's existing organization configuration and the hybrid deployment configuration, you'll see that configuring hybrid deployment has added servers and services that support additional communication and features that are shared between the on-premises and cloud-based organizations. Here's an overview of the changes that a hybrid deployment has made from the initial on-premises Exchange organization.
Configuration | Before hybrid deployment | After hybrid deployment |
---|---|---|
Hybrid server |
Not applicable; single organization only. |
Hybrid deployment features are configured on an existing Exchange 2010 server in the on-premises organization. |
Mailbox location |
Mailboxes on-premises only. |
Mailboxes on-premises and cloud-based. |
Message transport |
On-premises Hub transport and Edge transport servers handle all inbound and outbound message routing. |
On-premises hybrid server handles internal message routing between the on-premises and cloud-based organization. The Edge transport server handles external inbound and outbound message routing. |
Outlook Web App |
On-premises mailbox server receives all Outlook Web App requests and displays mailbox information. |
On-premises hybrid server redirects Outlook Web App requests to either the on-premises Exchange 2010 mailbox server or provides a link to log on to the cloud-based organization. |
Unified GAL for both organizations |
Not applicable; single organization only. |
On-premises Active Directory synchronization server replicates Active Directory information for mail-enabled objects to the cloud-based organization. |
Single-sign on used for both organizations |
Not applicable; single organization only. |
On-premises Active Directory Federation Services (AD FS) server supports using single-sign on credentials for mailboxes located either on-premises or in the cloud-based organization. |
Organization relationship established and a federation trust with Microsoft Federation Gateway |
Trust relationship with the Microsoft Federation Gateway and organization relationships with other federated Exchange 2010 organizations may be configured. |
Trust relationship with the Microsoft Federation Gateway is required. Organization relationships are established between the on-premises and cloud-based organization. |
Free/busy sharing |
Free/busy sharing between on-premises users only. |
Free/busy sharing between both on-premises and cloud-based users. |
Things to Consider before Configuring a Hybrid Deployment
Now that you're a little more familiar with what a hybrid deployment is, it's time to carefully consider some important issues. Configuring a hybrid deployment could affect multiple areas in your current network and Exchange organization.
Supported Organizations
The Deployment Assistant is specifically targeted to on-premises Exchange 2010 deployments that are contained to a single Active Directory forest and domain. If your organization contains multiple Active Directory domains, other versions of Exchange, or mail systems other than Exchange, you will need to perform additional steps not outlined in the Deployment Assistant. If your existing on-premises organization is a multiple Active Directory forest and domain deployment, we recommend you delay configuring a hybrid deployment until the Deployment Assistant is updated to support these types of organizations.
Note
Active Directory synchronization between the on-premises and cloud-based organizations is a requirement for configuring a hybrid deployment. The Microsoft Office 365 service has an upper limit for replicating mail-enabled Active Directory objects to the cloud-based organization of 10,000 objects. If your Active Directory environment contains more than 10,000 objects, contact the Microsoft Online Services support team to open a service request for an exception and indicate the number of objects you need to synchronize.
Certificates
Secure Sockets Layer (SSL) digital certificates play a significant role in configuring a hybrid deployment. They help to secure communications between the on-premises hybrid server and the cloud-based organization. If you're already using digital certificates in your Exchange organization, you may have to modify the certificates to include additional domains or purchase additional certificates from a trusted certificate authority (CA). If you aren't already using certificates, you will need to purchase one or more certificates from a trusted CA. Certificates are needed early in the hybrid deployment checklist and are a requirement to configure several types of services.
Learn more at: Understanding Certificate Requirements
Bandwidth
Your network connection to the Internet will directly impact the communication performance between your on-premises organization and the cloud-based organization. This is particularly true when moving mailboxes from your on-premises Exchange 2010 server to the cloud-based organization. The amount of available network bandwidth, in combination with mailbox size and the number of mailboxes moved in parallel, will result in varied times to complete mailbox moves. Additionally, other Office 365 cloud-based services, such as Microsoft SharePoint Online and Lync Online, may also impact the available bandwidth for messaging services.
Before moving mailboxes to the cloud-based organization, you should:
Determine the average mailbox size for mailboxes that will be moved to the cloud-based organization.
Determine the average connection and throughput speed for your connection to the Internet from your on-premises organization.
Calculate the average expected transfer speed, and plan your mailbox moves accordingly.
Learn more at: Company Network Requirements
Edge Transport Servers
If present, Edge Transport servers will handle non-hybrid deployment external inbound and outbound mail routing and the hybrid server will handle messaging between the on-premises and cloud-based organizations in an Exchange organization. However, some Exchange 2010 organizations may not have Edge Transport servers deployed. In these scenarios, both inbound and outbound external messaging and hybrid deployment mail flow between the on-premises and cloud-based organizations will be handled by the hybrid server.
Learn more: Understanding Edge Transport Servers with an Exchange 2010 Hybrid Deployment
Unified Messaging
Unified Messaging (UM) is supported in a hybrid deployment between your on-premises and cloud-based organizations. Your on-premises telephony solution must be able to communicate with the cloud-based organization. This may require that you purchase additional hardware and software.
If you want to move mailboxes from your on-premises organization to the cloud-based organization, and those mailboxes are configured for UM, you should configure UM for hybrid deployment prior to moving those mailboxes. If you move mailboxes before you configure UM for hybrid deployment, those mailboxes will no longer have access to UM functionality.
Learn more at: Plan for UM Coexistence
Information Rights Management
Information Rights Management (IRM) enables users to apply Active Directory Rights Management Services (AD RMS) templates to messages that they send. AD RMS templates can help prevent information leakage by allowing users to control who can open a rights-protected message, and what they can do with that message after it's been opened.
IRM in a hybrid deployment requires planning, manual configuration of the cloud-based organization, and an understanding of how clients use AD RMS servers depending on whether their mailbox is in the on-premises or cloud-based organization.
Learn more at: Understanding IRM in an Exchange 2010 Hybrid Deployment
Mobile Devices
Mobile devices are supported in a hybrid deployment. Exchange ActiveSync is enabled by default on the hybrid server and will automatically redirect requests from mobile devices to mailboxes located in either the cloud-based organization or the on-premises mailbox server. All mobile devices that support Exchange ActiveSync should be compatible with a hybrid deployment.
Learn more at: Mobile Phones
Client Requirements
We recommend that your clients use Microsoft Office Outlook 2010 for the best experience and performance in the hybrid deployment. Outlook 2007 is compatible with a hybrid deployment, but some features may not be available.
Important
Pre-Outlook 2007 clients are not supported by the Office 365 service or by on-premises organizations configured for hybrid deployment. Pre-Outlook 2007 clients that connect directly to the Office 365 service, and clients that connect to on-premises Exchange servers that coexist with Office 365, must be upgraded to a supported version.
Licensing for the Cloud-based Service
To create mailboxes in, or move mailboxes to, a cloud-based organization, you need to sign up for Office 365 for enterprises and you must have licenses available. When you sign up for Office 365, you'll receive a specific number of licenses that you can assign to new mailboxes or mailboxes moved from the on-premises organization. Each mailbox in the cloud-based service must have a license.
Antivirus and Anti-Spam Services
Mailboxes moved to the cloud-based organization are automatically provided with antivirus and anti-spam protection by Forefront Online Protection for Exchange (FOPE). We recommend that you evaluate whether FOPE services protecting your cloud-based organization are sufficient to cover the antivirus and anti-spam needs of your on-premises organization. You may need to upgrade or configure your on-premises antivirus and anti-spam solutions for maximum protection across your organization.
Learn more at: Microsoft ForeFront Online Protection for Exchange
Public Folders
Public folders are not supported in Office 365 and cloud-based mailboxes won't have access to public folders located in the on-premises Exchange organization. Existing on-premises public folder configuration and access for on-premises mailboxes will not be changed when configuring a hybrid deployment.
Questions?
Having problems? Ask for help in the Office 365 forums. To access the forums, you'll need to sign in using an account that's granted administrator access to your cloud-based service. Visit the forums at: Office 365 Forums
© 2010 Microsoft Corporation. All rights reserved.