posts - 104 , comments - 115 , trackbacks - 0

Exchange Hybrid deployment scenarios

 

Hybrids: The final frontier. These are the voyages of the starship Enterprise.
Whether Exchange or Lync, hybrids are the wave of the future, something everyone will have to start dealing with at one point in their career.

With Exchange Hybrids in particular, we enable coexistence between our on-prem exchange environment and Office 365’s Exchange Online, enabling features such as:

  • Secure mail routing
  • Unified GAL
  • Free/Busy sharing
  • Centralized SMTP control & mail box management
  • A single Outlook Web App URL
  • Moving mailbox back and forth
  • Message tracking, mail box search and mail tips across both environments
  • The possibility to use message archiving in the cloud for on-prem mailboxes (Which could result in a huge cost savings!)

For those who have been in the exchange field a while, these all start to look fairly familiar with cross forest exchange deployments, don’t they? OK, not all these features are available in the same form if we do this between different on-prem forests, but Microsoft had to take its inspiration from somewhere now don’t they!

In essence there are a few deployment options we can consider for our Exchange Hybrid, but just to clarify, I’m talking about a full rich coexistence hybrid here, not some cutover migration plan.

Scenario 1: Direct connection in to the on-prem environment

 

clip_image002

 

The simplest of scenarios in that sense that we have a direct connection in to the on-prem environment. No hassle with reverse proxies and edge servers. Just open the ports, configure the hybrid and you’re ready to rock!

Scenario 2: Direct connection in to the on prem with mail routing through O365

A variation on scenario 1 would be to have your MX traffic going through the Exchange Online environment, which would have it protected by EOP.

 

clip_image004

 

Scenario 3: Direct connection in to the on-prem environment with edge server

 

clip_image006

 

In this scenario we still have a direct connection in to our exchange environment but are utilizing the edge server to have mail traffic filtered before coming in to the on-prem environment. A direct smtp connector still exists between Exchange Online and the Exchange on-prem environment.

Scenario 4: Direct connection in to the on-prem environment with mail routing through the edge server.

A variation on scenario 3 would be to let the edge server handle the mail routing to Exchange online.

clip_image008

 

Scenario 5: Direct connection in to the on-prem environment with mail arriving in O365 and routing down to the on-prem through the edge server

Or, we could have all the mail traffic come in to Exchange Online, using the awesome powers of EOP (Exchange Online Protection in case you have been wondering) and route the on-prem mail in through the edge server(s).

 

clip_image010

 

Scenario 6: No direct connection

And this is where things start to get slightly complex. There are a lot of companies out there that do not like opening up their internal network to O365 directly (I’m looking at you, security teams!). Whilst I can relate to some of the concerns that are raised with that setup, let’s not forget that Exchange is secure by design, and, if you let external users access you exchange servers directly, you should not have any concerns about O365 doing the same!

But how do we solve this conundrum? After all, in order to have rich coexistence Exchange Online will need to be able to access the on-prem EWS services for things like for free/busy lookups…

Enter the reverse proxy (Microsoft Application Request routing)!

 

clip_image012

 

Or, the mail routing alternative:

clip_image014

 

The attentive reader will have noticed two things. One, I didn’t put EWS traffic arrows on the last two images (we will cover that configuration and flow in a future article). And two, there is no directory sync in the diagrams. Nor are any ADFS servers displayed. I’ll cover all that and more in future articles!

 

Ports, IPs and URLs

One important thing to keep in mind is the ports, urls and ip adresses Microsoft uses for traffic. Since these get updated regularly I’ll refer you to the following article: https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US

Print | posted on Tuesday, October 20, 2015 12:16 PM | Filed Under [ Exchange Build Guides Deployment Office 365 ]

Feedback

No comments posted yet.
Post A Comment
Title:
Name:
Email:
Comment:
Verification:
 

Powered by: