Hybrid Deployments

Gilt für: Exchange Server 2013, Exchange Online Preview

Letztes Änderungsdatum des Themas: 2012-09-21

A hybrid deployment offers organizations the ability to extend the feature-rich experience and administrative control they have with their existing on-premises Microsoft Exchange organization to the cloud. A hybrid deployment provides the seamless look and feel of a single Exchange organization between an on-premises Exchange organization and Exchange Online in Microsoft Office 365. In addition, a hybrid deployment can serve as an intermediate step to moving completely to an Exchange Online organization.

Hybrid deployment features

A hybrid deployment enables the following features:

• Secure mail routing between on-premises and Exchange Online organizations.
• Mail routing with a shared domain namespace. For example, both on-premises and Exchange Online organizations use the @contoso.com SMTP domain.
• A unified global address list (GAL), also called a “shared address book.”
• Free/busy and calendar sharing between on-premises and Exchange Online organizations.
• Centralized control of outbound mail flow. You can configure Exchange Online to route all messages to Internet recipients through the on-premises Exchange organization.
• A single Microsoft Office Outlook Web App URL for both the on-premises and Exchange Online organizations.
• The ability to move existing on-premises mailboxes to the Exchange Online organization.
• Centralized mailbox management using the on-premises Exchange Administration Center (EAC).
• Message tracking, MailTips, and multi-mailbox search between on-premises and Exchange Online organizations.
• Cloud-based message archiving for on-premises Exchange mailboxes. Exchange Online Archiving can be used with a hybrid deployment. Learn more about Exchange Online Archiving at Microsoft Office 365 Additional Services.

Hybrid deployment components

A hybrid deployment involves several different services and components:

• Exchange 2013 servers   Exchange 2013 Client Access and Mailbox server roles are required in your on-premises Exchange organization.
• Microsoft Office 365   The Office 365 service provides a cloud-based Exchange Online organization as a part of its subscription service. Organizations configuring a hybrid deployment must create and configure this cloud-based Exchange Online organization.
• Exchange Online Protection   The Microsoft Exchange Online Protection service (EOP) is included in all Office 365 for enterprises tenants by default and works with on-premises Exchange 2013 Client Access servers to provide secure message delivery between the on-premises and Exchange Online organizations. Depending on how your organization is configured, it may also handle routing incoming mail from external recipients for your Exchange Online organization and your on-premises Exchange organization.
• Hybrid Configuration wizard   Exchange 2013 includes the Hybrid Configuration wizard which provides you with a streamlined process to configure a hybrid deployment between on-premises Exchange and Exchange Online organizations.
  Learn more at: Assistent für die Hybridkonfiguration.
• Microsoft Federation Gateway   The Microsoft Federation Gateway is a free cloud-based service that acts as the trust broker between your on-premises Exchange 2010 organization and the Exchange Online organization. On-premises organizations configuring a hybrid deployment must have a federation trust with the Microsoft Federation Gateway. The federation trust can either be created manually as part of configuring federated sharing features between an on-premises Exchange organization and other federated Exchange organizations or as part of configuring a hybrid deployment with the Hybrid Configuration wizard. A federation trust with the Microsoft Federation Gateway for your Office 365 tenant is automatically configured when you activate your Office 365 service account.
  Learn more at Microsoft Federation Gateway.
• Active Directory synchronization   Active Directory synchronization replicates on-premises Active Directory information for mail-enabled objects to the Office 365 organization to support the unified global address list (GAL). Organizations configuring a hybrid deployment must deploy Active Directory synchronization on a separate, on-premises server.
  Learn more at Active Directory synchronization: Roadmap.

Hybrid deployment example

Take a look at the following scenario. It's an example topology that provides an overview of a typical Exchange 2013 deployment. Contoso, Ltd. is a single-forest, single-domain organization with two domain controllers, one Exchange 2013 server with the Client Access role installed, and one Exchange 2013 server with the Mailbox server role installed. Remote Contoso users use Outlook Web App to connect to Exchange 2013 over the Internet to check their mailboxes and access their Outlook calendar.

Let's say that you’re the network administrator for Contoso and you’re interested in configuring a hybrid deployment. You deploy and configure a required Active Directory Synchronization server and you also decide to deploy an Active Directory Federation Services server as an option to minimize the number of prompts for account credentials for Contoso users and administrators accessing Office 365 services. After you complete the hybrid deployment prerequisites and use the Hybrid Configuration wizard to select options for the hybrid deployment, your new topology has the following configuration:

• Users will use their existing network account credentials for logging on to the on-premises and Exchange Online organizations (“single sign-on”).
• User mailboxes located on-premises and in the Exchange Online organization will use the same e-mail address domain. For example, mailboxes located on-premises and mailboxes located in the Exchange Online organization will both use @contoso.com in user e-mail addresses.
• All mail is delivered to the Internet by the on-premises organization. The on-premises organization controls all messaging transport and serves as a relay for the Exchange Online organization (“centralized mail transport”).
• On-premises and Exchange Online organization users can share calendar free/busy information with each other. Organization relationships configured for both organizations also enable cross-premises message tracking, MailTips, and message search.
• On-premises and Exchange Online users use the same URL to connect to their mailboxes over the Internet.

If you compare Contoso's existing organization configuration and the hybrid deployment configuration, you'll see that configuring a hybrid deployment has added servers and services that support additional communication and features that are shared between the on-premises and Exchange Online organizations. Here's an overview of the changes that a hybrid deployment has made from the initial on-premises Exchange organization.

Things to consider before configuring a hybrid deployment

Now that you're a little more familiar with what a hybrid deployment is, you need to carefully consider some important issues. Configuring a hybrid deployment could affect multiple areas in your current network and Exchange organization.

Supported organizations

Active Directory synchronization between the on-premises and Office 365 organizations is a requirement for configuring a hybrid deployment. The Microsoft Office 365 service has an upper limit for replicating mail-enabled Active Directory objects to the cloud-based organization of 20,000 objects. If your Active Directory environment contains more than 20,000 objects, contact the Microsoft Online Services support team to open a service request for an exception and indicate the number of objects you need to synchronize.

Hybrid deployment management

You manage a hybrid deployment in Exchange 2013 via a single unified management console that allows for managing both your on-premises and Office 365 Exchange Online organizations. The Exchange Administration Center (EAC), which replaces the Exchange Management Console and the Exchange Control Panel, allows you to connect and configure features for both organizations. When you run the Hybrid Configuration wizard for the first time, you will be prompted to connect to your Exchange Online organization. You must use an Office 365 account that is a member of the Organization Management role group to connect the EAC to your Exchange Online organization.

Certificates

Secure Sockets Layer (SSL) digital certificates play a significant role in configuring a hybrid deployment. They help to secure communications between the on-premises hybrid server and the Exchange Online organization. Certificates are a requirement to configure several types of services. If you're already using digital certificates in your Exchange organization, you may have to modify the certificates to include additional domains or purchase additional certificates from a trusted certificate authority (CA). If you aren't already using certificates, you will need to purchase one or more certificates from a trusted CA.

Learn more at Zertifikatanforderungen für Hybridbereitstellungen.

Bandwidth

Your network connection to the Internet will directly impact the communication performance between your on-premises organization and the Exchange Online organization. This is particularly true when moving mailboxes from your on-premises Exchange 2013 server to the Exchange Online organization. The amount of available network bandwidth, in combination with mailbox size and the number of mailboxes moved in parallel, will result in varied times to complete mailbox moves. Additionally, other Office 365 cloud-based services, such as Microsoft SharePoint 2013 and Microsoft Lync Server 2013, may also affect the available bandwidth for messaging services.

Before moving mailboxes to the Exchange Online organization, you should:

• Determine the average mailbox size for mailboxes that will be moved to the Exchange Online organization.
• Determine the average connection and throughput speed for your connection to the Internet from your on-premises organization.
• Calculate the average expected transfer speed, and plan your mailbox moves accordingly.

Learn more at Company Network Requirements.

Unified Messaging

Unified Messaging (UM) is supported in a hybrid deployment between your on-premises and Exchange Online organizations. Your on-premises telephony solution must be able to communicate with the Exchange Online organization. This may require that you purchase additional hardware and software.

If you want to move mailboxes from your on-premises organization to the Exchange Online organization, and those mailboxes are configured for UM, you should configure UM in your hybrid deployment prior to moving those mailboxes. If you move mailboxes before you configure UM in your hybrid deployment, those mailboxes will no longer have access to UM functionality.

Learn more at Plan for UM Coexistence.

Information Rights Management

Information Rights Management (IRM) enables users to apply Active Directory Rights Management Services (AD RMS) templates to messages that they send. AD RMS templates can help prevent information leakage by allowing users to control who can open a rights-protected message, and what they can do with that message after it's been opened.

IRM in a hybrid deployment requires planning, manual configuration of the Exchange Online organization, and an understanding of how clients use AD RMS servers depending on whether their mailbox is in the on-premises or Exchange Online organization.

Mobile devices

Mobile devices are supported in a hybrid deployment. If Exchange ActiveSync is already enabled on Client Access servers, they’ll continue to redirect requests from mobile devices to mailboxes located on the on-premises Mailbox server. For mobile devices connecting to existing mailboxes that are moved from the on-premises organization to Exchange Online, the Exchange ActiveSync partnership must be disabled and re-established before redirection requests are processed correctly. All mobile devices that support Exchange ActiveSync should be compatible with a hybrid deployment.

Learn more at: Mobile Phones

Client requirements

We recommend that your clients use Microsoft Office Outlook 2010 for the best experience and performance in the hybrid deployment. Pre-Outlook 2010 clients have limited support in hybrid deployments and with the Office 365 service.

Licensing for the Office 365 service

To create mailboxes in, or move mailboxes to, an Exchange Online organization, you need to sign up for Office 365 for enterprises and you must have licenses available. When you sign up for Office 365, you'll receive a specific number of licenses that you can assign to new mailboxes or mailboxes moved from the on-premises organization. Each mailbox in the Exchange Online service must have a license.

Antivirus and anti-spam services

Mailboxes moved to the Exchange Online organization are automatically provided with antivirus and anti-spam protection by Microsoft Exchange Online Protection (EOP). We recommend that you carefully evaluate whether the EOP protection in your Exchange Online organization is also appropriate to meet the antivirus and anti-spam needs of your on-premises organization. If you have protection in place for your on-premises organization, you may need to upgrade or configure your on-premises antivirus and anti-spam solutions for maximum protection across your organization.

Public folders

Public folders are now supported in Office 365 and on-premises public folders can be moved to Exchange Online. However, Exchange Online mailboxes can only access public folders located in Exchange Online and on-premises mailboxes can only access public folders in the on-premises Exchange organization. Existing on-premises public folder configuration and access for on-premises mailboxes doesn’t change when you configure a hybrid deployment.