Before You Configure an Exchange 2003 Hybrid Deployment
Applies to: Exchange Server 2010 SP1
Configuring a hybrid deployment in your organization provides many benefits. However, to enjoy those benefits, you'll need to first do some careful planning. Before you go any further with the Exchange Server Deployment Assistant, we urge you to review this entire topic to make sure that you fully understand how configuring a hybrid deployment could affect your existing network and Exchange organization.
Important
To successfully configure your organization for a hybrid deployment, you must create a cloud-based organization in the Microsoft Office 365 for enterprises service. We’ll give you instructions to sign up for Office 365 later in the checklist.
What is a hybrid deployment?
In the Deployment Assistant, a hybrid deployment is when you create a new cloud-based Exchange organization in Microsoft Office 365 for enterprises and then connect it to your existing on-premises Exchange 2003 organization by adding and configuring an Exchange 2010 hybrid server. After deploying the hybrid server, the following features can be enabled between the organizations:
Mail routing
Mailbox moves
Shared global address list (GAL)
Shared calendar and free/busy information
Message tracking, MailTips, and Multi-mailbox search
Learn more at: Understanding Hybrid Deployment
Example Hybrid Deployment Scenario
Take a look at the following figure. It's an example topology that provides an overview of a typical Exchange 2003 deployment. Contoso, Ltd. is a single forest, single domain organization with two domain controllers and one Exchange 2003 mail server. Contoso users use Outlook Web App to connect to Exchange 2003 over the Internet to check their mailboxes and access their Outlook calendar.
By the way, the name of the organization in this example, Contoso, Ltd., is also used throughout the Deployment Assistant. When you're working through the steps in your checklist, remember to replace the references to contoso.com with your organization's domain name.
Existing Contoso on-premises organization
.png "On-premises organization before coexistence")
Let's say that the network administrator for Contoso is interested in configuring a hybrid deployment and decides to use the Exchange Server Deployment Assistant. The admin answers "Yes" to each of the initial questions posed by the Deployment Assistant. After completing the hybrid deployment checklist, the new topology has the following configuration:
Users will use their existing network account credentials for logging on to the on-premises and cloud-based organizations.
User mailboxes located on-premises and in the cloud-based organization will use the same e-mail address domain. For example, mailboxes located on-premises and mailboxes located in the cloud-based organization will both use @contoso.com in user e-mail addresses.
All mail is delivered to the Internet by the on-premises organization. The on-premises organization controls all messaging transport and serves as a relay for the cloud-based organization.
On-premises and cloud-based organization users can share calendar free/busy information with each other. Organization relationships configured for both organizations also enable cross-premises message tracking, MailTips, and message search.
On-premises and cloud-based users use the same URL to connect to their mailboxes over the Internet.
Using those answers, the Admin begins to work through the hybrid deployment checklist that's tailored to Contoso. After completing the checklist, Contoso has the following organization configuration.
Configuration of Contoso hybrid deployment
.png "Overview of major coexistence components")
If you compare Contoso's existing organization configuration and the hybrid deployment configuration, you'll see that configuring a hybrid deployment has added servers and services that support additional communication and features that are shared between the on-premises and cloud-based organizations. Here's an overview of the changes that a hybrid deployment has made from the initial on-premises Exchange organization.
| Configuration | Before hybrid deployment | After hybrid deployment |
|---|---|---|
Hybrid server |
Not applicable; single organization only |
Installed in the on-premises organization to enable hybrid deployment features |
Mailbox location |
Mailboxes on-premises only |
Mailboxes on-premises and cloud-based |
Message transport |
On-premises mailbox server handles all inbound and outbound message routing |
On-premises hybrid server handles message inbound and outbound message routing for both the on-premises and cloud-based organization |
Outlook Web App |
On-premises mailbox server receives all Outlook Web App requests and displays mailbox information |
On-premises hybrid server redirects Outlook Web App requests to either the on-premises Exchange 2003 mailbox server or provides a link to log on to the cloud-based organization |
Unified GAL for both organizations |
Not applicable; single organization only |
On-premises Active Directory synchronization server replicates Active Directory information for mail-enabled objects to the cloud-based organization |
Single-sign on used for both organizations |
Not applicable; single organization only |
On-premises Active Directory Federation Services (AD FS) server supports using single-sign on credentials for mailboxes located either on-premises or in the cloud-based organization |
Organization relationship established and a federation trust with Microsoft Federation Gateway |
Not applicable, single organization only |
Trust relationship with the Microsoft Federation Gateway. Organization relationship established between the on-premises and cloud-based organization |
Free/busy sharing |
Free/busy sharing between on-premises users only |
Free/busy sharing between both on-premises and cloud-based users |
Things to Consider before Configuring a Hybrid Deployment
Now that you're a little more familiar with what a hybrid deployment is, it's time to carefully consider some important issues. Configuring a hybrid deployment could affect multiple areas in your current network and Exchange organization.
Supported Organizations
The Deployment Assistant is specifically targeted to on-premises Exchange 2003 deployments that are contained to a single Active Directory forest and domain. If your organization contains multiple domains, other versions of Exchange, or mail systems other than Exchange, you will need to perform additional steps not outlined in the Deployment Assistant. If your existing on-premises organization is a multiple Active Directory forest and domain deployment, we recommend you delay configuring a hybrid deployment until the Deployment Assistant is updated to support these types of organizations.
Note
Active Directory synchronization between the on-premises and cloud-based organizations is a requirement for configuring a hybrid deployment. The Microsoft Office 365 service has an upper limit for replicating mail-enabled Active Directory objects to the cloud-based organization of 10,000 objects. If your Active Directory environment contains more than 10,000 objects, contact the Microsoft Online Services support team to open a service request for an exception and indicate the number of objects you need to synchronize.
Certificates
Secure Sockets Layer (SSL) digital certificates play a significant role in configuring a hybrid deployment. They help to secure communications between the on-premises hybrid server and the cloud-based organization. If you're already using digital certificates in your Exchange organization, you may have to modify the certificates to include additional domains or purchase additional certificates from a trusted certificate authority (CA). If you aren't already using certificates, you will need to purchase one or more certificates from a trusted CA. Certificates are needed early in the hybrid deployment checklist and are a requirement to configure several types of services.
Learn more at: Understanding Certificate Requirements
Bandwidth
Your network connection to the Internet will directly impact the communication performance between your on-premises organization and the cloud-based organization. This is particularly true when moving mailboxes from your on-premises Exchange 2003 server to the cloud-based organization. The amount of available network bandwidth, in combination with mailbox size and the number of mailboxes moved in parallel, will result in varied times to complete mailbox moves. Additionally, other Office 365 cloud-based services, such as Microsoft SharePoint Online and Lync Online, may also impact the available bandwidth for messaging services.
Before moving mailboxes to the cloud-based organization, you should:
Determine the average mailbox size for mailboxes that will be moved to the cloud-based organization.
Determine the average connection and throughput speed for your connection to the Internet from your on-premises organization.
Calculate the average expected transfer speed, and plan your mailbox moves accordingly.
Learn more at: Company Network Requirements
Unified Messaging
The Deployment Assistant doesn't support the migration or preservation of any existing Unified Messaging services for mailboxes that are moved from the on-premises organization to the cloud-based organization. If you're using an existing on-premises Unified Messaging solution, moving mailboxes from the on-premises Exchange 2003 mailbox server to the cloud-based organization will disable Unified Messaging for the cloud-based users. Existing Unified Messaging services for user mailboxes that remain on-premises should not be affected by configuring a hybrid deployment. However, on-premises users will not be able to perform any Unified Messaging functions, such as transferring calls and leaving voice mail, to user mailboxes on the cloud-based organization.
Mobile Devices
Mobile devices are supported in a hybrid deployment. Exchange ActiveSync is enabled by default on the hybrid server and will automatically redirect requests from mobile devices to mailboxes located in either the cloud-based organization or the on-premises mailbox server. All mobile devices that support Exchange ActiveSync should be compatible with a hybrid deployment.
Learn more at: Mobile Phones
Client Requirements
We recommend that your clients use Microsoft Office Outlook 2010 for the best experience and performance in the hybrid deployment. Outlook 2007 is compatible with a hybrid deployment, but some features may not be available.
Important
Pre-Outlook 2007 clients are not supported by the Office 365 service or by on-premises organizations configured for hybrid deployment. Pre-Outlook 2007 clients that connect directly to the Office 365 service, and clients that connect to on-premises Exchange servers that coexist with Office 365, must be upgraded to a supported version.
Licensing for the Cloud-based Service
To create mailboxes in, or move mailboxes to, a cloud-based organization, you need to sign up for Office 365 for enterprises and you must have licenses available. When you sign up for Office 365, you'll receive a specific number of licenses that you can assign to new mailboxes or mailboxes moved from the on-premises organization. Each mailbox in the cloud-based service must have a license.
Antivirus and Anti-Spam Services
Mailboxes moved to the cloud-based organization are automatically provided with antivirus and anti-spam protection by Forefront Online Protection for Exchange (FOPE). We recommend that you evaluate whether FOPE services protecting your cloud-based organization are sufficient to cover the antivirus and anti-spam needs of your on-premises organization. You may need to upgrade or configure your on-premises antivirus and anti-spam solutions for maximum protection across your organization.
Learn more at: Microsoft ForeFront Online Protection for Exchange
Public Folders
Existing Exchange public folders have limited support in a hybrid deployment. Free/busy information in your existing public folders will be replicated to the hybrid server and client requests for free/busy information are automatically directed to the hybrid server for processing for both on-premises and cloud-based organization users.
Important
Outlook Web Access in Exchange 2003 isn’t compatible with public folders hosted on Exchange 2010 servers. On-premises Exchange 2003 Outlook Web Access users won’t be able to view free/busy information for cloud-based users.
To enable free/busy information sharing in a hybrid deployment, the OU=EXTERNAL (FYDIBOHF25SPDLT) and OU=Exchange Administrative Group (FYDIBOHF23SPDLT) public folders in your organization must be replicated to the hybrid server. After these replicas have been fully replicated to the hybrid server, you must remove the replicas for these public folders from other Exchange 2003 servers in your organization.
To avoid a single point of failure for these public folder replicas, you should consider adding additional Exchange 2010 SP1 servers to your on-premises organization for redundancy. Additional Exchange 2010 SP1 servers used for hosting public folder replicas should only have the Mailbox server role installed to avoid mail transport configuration problems.
Other public folders are not supported in the cloud-based organization and cloud-based mailboxes won't have access to public folders located in the on-premises organization.
Learn more at: Understanding Shared Free/Busy
Questions?
Having problems? Ask for help in the Office 365 forums. To access the forums, you'll need to sign in using an account that's granted administrator access to your cloud-based service. Visit the forums at: Office 365 Forums
© 2010 Microsoft Corporation. All rights reserved.