Exchange Server 2010 On-Premise Vs. Cloud Presented By: Maureen Data Systems
Oct 19, 2014
Exchange Server 2010On-Premise Vs. Cloud
Presented By:
Maureen Data Systems
About MDS
• Founded originally as Micro Computer Systems in 1986
• MDS is a woman-owned and operated business since 1994
• Listed as one of the INC 500 fasted growing Computer
Companies (2003)
• Awarded with New York State OGS Contract WBE (2004)
• Awarded with Government GSA Contract WBE (2006)
• Lockheed Martin Small Business Vendor of the year Award
(2011)
|
MDS Partners
|
MDS – Four Pillars
TEXT TEXT TEXT TEXT
Virtualization Unified Communication
s
Cloud Computing
Managed Services
• Call Manager• Network
Infrastructure
• Wireless
• Server, App, Desktop
• Storage
• DR
• Backup
• Office 365
• Backup
• Co-Locations
• Monitoring
• Remediation
|
Why MDS?
|
Optimize for Software + Services
• Email Archiving
• Protect
Communications
• Advanced Security
• Manage Inbox
Overload
• Enhance Voicemail
• Collaborate
Effectively
• Continuous
Availability
• Simplify
Administration
• Deployment
Flexibility
Anywhere Access
Flexible and Reliable
Protection and
Compliance
|
• Role-based administration and user self-service
• Web-based management and remote PowerShell
• Single platform for availability, backup, and recovery
• Online mailbox moves keep users connected
• Choice of storage from SAN to low-cost DAS
• Modular server roles ease deployment
Flexible and Reliable
Continuous Availability
Simplify Administration
Deployment Flexibility
Flexibility to tailor deployment based on your unique needs and a simplified way to keep email continuously
available
|
• Evolution of Continuous Replication technology• Provides full redundancy of Exchange roles on as few as two
servers• Reduce backup frequency through up to 16 replicas of each
database• Can be deployed on a range of storage options
Continuous Availability
Mailbox
ServerDB1
DB3
DB2
DB4DB5
Recover quickly from disk and database failures
Mailbox
ServerDB1DB2
DB4DB5
DB3
Mailbox
ServerDB1DB2
DB4DB5
DB3
Replicate databases to remote datacenter
San Jose New York
Simplify mailbox resiliency with new unified solution for High Availability, Backup, and
Disaster Recovery
|
Email Client
Mailbox Server 1 Mailbox Server 2
Client Access Server
• Users remain online while their mailboxes are moved between servers−Sending messages−Receiving messages−Accessing entire mailbox
• Administrators can perform migration and maintenance during regular hours
Keep your users productive during mailbox moves and maintenance
Continuous Availability
|
Compliance Officer
Human Resources
Help Desk Staff
Simplify Administration
Conduct multi-mailbox
searches for e-Discovery
Update employee
information in company directory
Manage mailbox quotas
Delegate specific tasks to specialist users
with role-based administration
|
Simplify Administration
Track the Status of Sent Messages
Create and Manage Distribution Groups
Lower support costs through new user
self-service options
|
Deployment Flexibility
Storage Area Network (SAN)
Direct Attached w/ SAS Disks
JBOD SATA(RAID-less)
Direct Attached w/ SATA Disks
• Continual platform innovation yields over 70% reduction in disk I/O
• Disk I/O patterns optimized for better hardware utilization
• Resilience against corruption through automated page-level repairs
Select from a range of storage enabled by scalability and performance
enhancements
|
Deployment Flexibility
Ease deployment and reduce installation time with flexible server
rolesEnterprise Network
ExternalSMTP
servers
Edge TransportRouting and
AV/AS
Phone system (PBX or VOIP)
Client AccessClient
connectivityWeb services
Hub TransportRouting and
policy
Web browser
Outlook (remote user)
Mobile phone
Outlook (local user)
Line of business application
MailboxStorage of
mailbox items
Unified Messaging
Voicemail and voice access
|
• Text preview of voicemail messages for faster triage
• Customizable call handling rules and menu options
• Enhanced conversation view eases Inbox navigation
• MailTips help avoid undelivered/misdirected email
• Full featured experience across all “three screens”
• Federation of Free/Busy details with partners
Anywhere Access
Manage Inbox Overload
Enhance Voicemail
Collaborate Effectively
Help users get more done with the freedom to securely access their communications from virtually any
platform, browser, or device
|
Manage Inbox Overload
Conversation View
Ignore Conversation
Instant Messaging
Easily organize and communicate with enhanced conversation view and
integrated IM
|
Manage Inbox Overload
MailTips in Outlook 2010
MailTips in Outlook Web
App
Help reduce unnecessary and undeliverable
email through new sender MailTips
|
Enhance Voicemail
Audio playback
Text Preview of Voicemail
Contextual Contact Actions
Quickly triage and take action on messages with Voicemail Preview
|
Enhance Voicemail
Managing Call Answer Rules
Defining a Custom
Voicemail Menu
Create custom voicemail menus and call answer rules to give callers the
right priority
|
Mobile Web
Collaborate Effectively
A familiar and rich Outlook experience across clients, devices, and platforms
Desktop
|
Collaborate Effectively
External Contact Free/Busy Information
Ease collaboration by federating calendar details with external business
partners
|
• Array of Informational Protection and Control tools
• Automate Rights Management policies in Transport
• Integrated archiving, retention, and discovery
• Granular retention and legal hold policies
• Multiple antivirus scanning engines with Forefront
• Choice of service or on-premises protection
Protection and Compliance
Email Archiving
Protect Communication
s
Advanced Security
Simplify and automate the process of protecting your organization’s communications and meeting regulatory
requirements
|
Email Archiving
Preserve and discover email data without changing the user or IT pro experience
Preserve Discover
• Secondary mailbox with separate quota
• Appears in Outlook and OWA
•Managed through EMC or PowerShell
Personal Archive
• Automated and time-based criteria
• Set policies at item or folder level
• Expiry date shown in email message
Move and Delete Policies
• Capture deleted and edited email messages
•Offers single item restore
•Notify user on hold
•Web-based UI
• Search primary, archive, and recoverable items
•Delegate through roles-based admin
Hold Policy Multi-Mailbox Search
|
Email Archiving
Set granular per item retention policies and capture all edits and
deletions with legal holdApply Move and Delete Policies to Individual Messages
Retention Policy and Expiry Details
Policies Applied to All Email Within a Folder
|
Email Archiving
Rich Search Criteria and Targeting Options
Delegate Access to Specialists
Results Stored in Specialized Mailbox
Empower compliance officers to conduct
multi-mailbox searches with ease
|
Email Archiving
• Mailboxes can be moved together or separately• Allows for different storage hardware, DAGs, RPOs, RTOs,
etc.• Exchange 2010 SP1 supports:
• Primary and Archive On-Premises (Same DB)• Primary and Archive On-Premises (Different DBs)• Primary and Archive in the Cloud• Primary On-Premises and Archive in the Cloud
Users primary and archive mailboxes can be located on the same or
separate databases*
*Requires Exchange Server 2010 Service Pack 1
|
LESS RESTRICTIVE MORE RESTRICTIVE
Classify
Block ReviewAppend
Alert Protect Modify Redirect
• Apply the right level of control based on the sensitivity of the data
• Maximize control and minimize unnecessary user disruptions
Protect Communications
Safeguard communications with an array of information protection and
control tools
|
Protect Communications
• Transport Rule action to apply Rights Management template to email or voicemail messages
• Support for scanning of attachments and searching of protected email
• “Do Not Forward” policies available by default
• Information protection across PC, Web, and mobile device
Transport Protection Rule
Automatically protect email after being sent
with Rights Management policies in Transport
|
Advanced Security
Antivirus and anti-spam protection for Exchange Server 2010 Server Roles
On-Premises SoftwareHosted Service
Hub Transport Server
Mailbox Server Client Access Server
Internet SMTP
• Multiple scan engines throughout the corporate infrastructure
• Tight integration with Exchange maximizes availability and performance
• Easy-to-use admin console for central configuration and operation
Prevent malicious software and spam from
entering into the messaging environment
|
Office 365 Includes…
• Store your important documents, and share expertise using personal My Sites
• Share documents, task lists, and schedules to keep business units in sync using team sites
• Work effortlessly with partners and customers by creating
sites to share information securely • 10GB per tenant + 500 MB per user
• 25GB Mailbox• Outlook and Outlook Web App• Premium antivirus/anti-spam (Forefront)• Shared calendars, contacts, and tasks• Mobile email for most mobile devices including
BlackBerry, iPhone, Nokia, Windows Phone• Email archiving and compliance capabilities
• Instant messaging and presence• PC-to-PC audio and video calling • Click-to-communicate from Outlook, SharePoint, and other
Office Applications • Online meetings with PC-audio, video conferencing and screen
sharing• Single click meeting creation and join from Outlook• Calendar integration with Outlook and Exchange
• Flexible service offering with pay-as-you-go, per-user licensing
• The complete Office experience with services integration in Office 365
• Simplified user set-up to preconfigure services• Always the latest version of the Office apps, including
Office Web Apps• Familiar Office user experience to access services
Single user interface to purchase, administer and user with role-based access control | Single sign-on with on-premises Active Directory |
99.9% financially backed SLA | 24x7 IT Pro Support | Built in geo-redundancy in regional datacenters
CONTROL AND EFFICIENCY
|
World Class Data Centers
30
• $2.3B+ Investment in cloud infrastructure• Geo-Redundant Data Centers• Locations in North America, Europe, and Asia to provide optimal
performance• 99.9% guaranteed uptime (99.95% actual)• Secure Infrastructure – ISO27001 and SAS70 certified• Built from the ground up to be environmentally sustainable
|
Summary of Management Tools
Exchange PowerShell• Cmdlets to manage Exchange
features
Microsoft Online Portal• Manage platform-level features• Manage subscriptions and billing
Exchange Control Panel• Manage Exchange-specific settings
GU
IR
ole
sS
hell
Role-based Access Control• Same powerful access control
framework as Exchange Server 2010
Administrative Roles• Six built-in administrative roles
for the Microsoft Online Portal
31
|
Anti-Spam /Anti-MalwarePremium Protection
• High-accuracy spam filtering• Multiple virus-scanning engines• Advanced reporting and policy rules available • Included with Exchange Online subscription
32
Hub Transport Mailbox
External Mail
|
IMA
P migration
Cutover migration
Staged migration
Hybrid
Exchange 5.5
X
Exchange 2000
X
Exchange 2003
X X X X
Exchange 2007
X X X X
Exchange 2010
X X X
Notes/Domino
X
GroupWise X
Other X
* Additional options available with tools from migration partners
Migration OptionsM
igra
tion
Hybri
d
IMAP migrationSupports wide range of e-mail platformsE-mail only (no calendar, contacts, or tasks)
Cutover Exchange migration
(CEM)Good for fast, cutover migrationsNo server required on-premises
Staged Exchange migration
(SEM)No server required on-premisesIdentity federation with on-premises directory
Hybrid deploymentManage users on-premises and onlineEnables cross-premises calendaring, smooth migration, and easy off-boarding
|
• Web based interface• CSV file used for bulk creation of mailboxes• Email only (no calendar, contacts, or tasks)
IMAP Cutover MigrationMigrate IMAP-based email quickly to the cloud
34
|
• Web based interface
• No software to install
• Uses RPC/HTTP to move data
• Full-fidelity migration of email, calendar, contacts and tasks
Exchange Cutover MigrationFast server-to-cloud cutover migration
35
|
Simple Exchange CoexistenceFor simple transition to the cloud
36
• Exchange Online can coexist with Exchange Server on-premises
• All users share the same domain name and global address list
• Directory Sync keeps address lists and groups up to date
• Admin uses Web-based migration tool to move mailboxes in stages
Exchange 2003, 2007 or 2010
Exchange 2010 is not required for simple
coexistence features
|
Exchange HybridFeature summary
• Makes your on-premises organization and cloud organization work together like a single, seamless organization• Offers near-parity of features/experience on-premises and
in the cloud• Seamless interactions between on-premises and cloud
mailboxes• Migrations in and out of the cloud transparent to end-user
• Features not supported:• Coexistence of Delegate permissions – Delegate
permissions are migrated, but do not work when Delegator and Delegate are split between on-prem & cloud
• Migration of Send As/Full Access permissions• Multi-forest – Only single forest source environments• Public Folders
|
Identity Federation
39
Windows Server 2008
Users are authenticated by local ADFS server
No Outlook sign-in tool required
ADFS 2.0
Different identity options for your organization, including full support for single sign on with the cloudFederated IDs (new)
• Sign in to the cloud with your corporate ID
• Single sign on for end users and administrators
• Identity is administered only on premise
• 2 factor authentication options availableMicrosoft Online IDs
• Sign in with cloud identity
• Same across Commerce/Billing and Use
• Users and administrators have two identities – one for the cloud, one for on premise
• Identity is administered both on premise and in the cloud
User Directory Synchronization from On-Premises AD to the Cloud
|
Security ProgramA risk-based, multi-dimensional approach to help safeguard services and data
40
Security Monitoring & Response, Threat & Vulnerability Management
Access Control & Monitoring, File/Data Integrity
Account Management, Training & Awareness, Screening
Secure Development Lifecycle, Access Control & Monitoring, Anti-Malware
Access Control & Monitoring, Anti-Malware, Patch & Config Mgmt
Dual-factor Authentication, Intrusion Detection, Vulnerability Scanning
Edge Routers, Firewalls, Intrusion Detection, Vulnerability Scanning
Video Surveillance, biometrics, Access Control
Security Management
|
• Office 2007 SP2 and above
• Office 2008 for Mac & Entourage 2008 Web Services Edition
• Office 2011 for Mac and Outlook 2011 for Mac
• Lync 2010
• Communicator for Mac
• Internet Explorer 7
• Firefox 3.x
• Safari 4.x
New Platform Requirements
41
• Service Connector with .NET 2.0 or later (highly recommended)
• XP SP3• No identity federation for
XP Home and Media Center editions
• Vista SP2
• Windows 7
• Mac OS X 10.5 (Leopard), 10.6 (Snow Leopard)
|
Support
42
IT-level support, dedicated to Office 365
Phone or online
24x7
Rich community forums
Service health dashboard
Broad community of partners available to help you
|
Which Exchange Server Features Are Not Available in Exchange Online?Client Access• Outlook 2003 support• OWA login: public/private radio
buttons
Directory• Hierarchical address book• Global Address List segmentation
Voice mail• Speech-enablement of directory
and auto-attendant
Administration• Automated PST import and export• Provision users in multiple datacenters• Multiple on-premises AD forests • Resource forest topologies
Compliance/Archiving• Exchange 2007-style Managed Folders• GUI for creating Retention Policies• Third-party add-ins for transport rules
Security• S/MIME in OWA• S/MIME certificate sync
Applications• MAPI/CDO access• Server-side code, .dlls, transport
agents• Custom OWA themes, logos, add-ins• Public folders
|
Internet Access and Performance Considerations
Identify Data Center Used for Hosting
• What is the location of the Microsoft data center that hosts the organization’s data?• Single region, determined by billing country• Primary and secondary data center determined
by Microsoft• No support for multiple regions
Access Considerations
• Is there redundant Internet access?
• Are remote locations directly connected to the Internet, or is all connectivity centralized?
Identify Data Center Used for Hosting
• Has a network impact assessment been completed?
• Is the current performance and reliability of the Internet connectivity acceptable?
• Are there results from the Performance Test for Internet Connection to Microsoft Online Services?
|
The Inevitable Questions
Security
• Is cloud computing secure?
• Is Office 365 secure?
Privacy• What does privacy at
Microsoft mean? • Where’s my data?
Reliability
• Does Microsoft have a formalized continuity program in place for Office 365?
• Does Office 365 have the ability to recover from a disastrous event?
• Are recovery plans in place and tested regularly?
Compliance
• What certifications and capabilities does Office 365 hold?
• How does Office 365 support customer compliance needs?
• Do I have the right to audit Microsoft?
|
Cloud PrinciplesHighly Configurable - Not Customizable
Services Under the Microsoft Security Policy
Data Location and Transfers
No Customer Right to Audit
Capped Liability
Customer Needs to Remain Current
Comfortable with our Roadmap
Comfortable with Deployment Lifecycle
|
Highly Configurable - Not Customizable
• Office 365 is a highly standardized service that Microsoft offers under highly standardized contractual terms and conditions, which will be shared for a deep review.
• All in an effort to keep the multi-tenant service manageable and affordable.
Office 365 service offerings are consistent across all customers.
Customers can mix and match services to meet their requirements.
Benefits exist because we take this approach:i.e. built in upgrades, reliability, availability and price
Office 365 is not a customizable solution.
|
Services Under Microsoft Security
Core Principles:The preservation of confidentiality: ensuring that information is accessible only to those authorized to have access.
Integrity: safeguarding the accuracy and completeness of information and processing methods.
Availability: ensuring that authorized users have access to information and associated assets when required.
“
”
At Microsoft we follow a process we call the Security Development Lifecycle. We take services from the design, through the build and implementation and release phases of its lifecycle, and consider security from all aspects
|
• Microsoft Online Service Privacy Statement
• Microsoft Online Code of Conduct
• Microsoft Online Subscription Agreement
• EU Safe Harbor Certification
Microsoft’s Privacy Solution
Privacy Disclosure & Transparency
• Customers own and control their data
• Transparency on data use, access, primary/backup data centers, and protection
• Adhere to the requirements from strict markets, like the EU data protection directive
What does Privacy at Microsoft mean and where is my data?
At Microsoft, our strategy is to consistently set a “high bar” around privacy practices that support global standards for data handling and transfer
|
Supporting Customer Compliance NeedsMicrosoft online supports customer compliance
be
Office 365 Certifications and Capabilities
• ISO 270001• SAS-70 Type II• (SSAE SOC 1 Type II) • SAS-70 Type I • (SSAE SOC 1 Type I)
• EU Model Clauses• Data Processing
Agreement• FISMA (pending)• HIPAA/BAA (pending)• SSAE16 (pending)
|
Data Location & Transfers
• Microsoft provides in this work stream all contract documentation and also the “privacy addendum” to the Office 365 agreement that covers the responsibilities of Microsoft as the data processor towards the customer and how Microsoft safeguards the data access and transfer from a contractual perspective leveraging the EU Safe Harbor Framework (Microsoft has been Safe Harbor Certified since 2001).
• If needed, we will also elaborate on the technical, organizational and other measures and controls that safeguard your data in our DC’s and during transfer, and how this is certified via ISO 27001 and the certified and standardized audits (SAS 70 Type I or II), executed by a independent trusted 3rd party, Deloitte & Touche currently.
For EU Customers, transfers are Safe Harbor compliant.
Please note that any company with a sufficient presence in the US is obligated to comply with valid demands to produce data from the US government.
Microsoft reserves the right to transfer customer data to provide the services.
|
No Customer Right to Audit
This saves customers time and money, and allows Microsoft online to provide assurances to customers at
scale.
Microsoft provides transparency
• Alignment and adoption of industry standards ensure a comprehensive set of practices and controls in place to protect sensitive data.
• While not permitting audits, we provide independent third-party verifications of Microsoft security, privacy, and continuity controls.
“I need to know Microsoft is doing the right things…”
|
Capped Liability
Liability represents aggregate amount.
Liability is limited to direct damages (with direct link to an act by Microsoft and foreseeable).
Microsoft’s liability is capped at 12 months’ services fees.
|
Comfortable with our Roadmap
• Another great benefits of the service is that there is a clear roadmap towards feature parity with on-premises solutions, meaning that features like enterprise search with FAST will be delivered from the cloud in a foreseeable future and customization via Azure integration extends the capabilities of the platform.
• One of the great benefits of the service is that it is evergreen, meaning always up to date when it comes to security patches, updates and upgrades.
• The consequence of this is that the software update cycle of the on-premises part of the overall solution ideally should be in sync (or at least N-1 for the client software) to avoid integration and compatibility issues.
• For major upgrades the deployment window is roughly 18 months from announcement to enforcement.
Customer Needs to Remain Current
Cloud Principles
|
Cloud Principles: Deployment Considerations
Comfortable with our Roadmap: Microsoft sets release timing and can retire features.• Customers are assured of always getting the latest
commercially available technology with the feature set demanded by the market place. We collaborate with customers to understand requirements and market demands, and will accordingly evolve, add and retire features.
Remaining Current
• This represents one of the key advantages of moving to cloud services, as customers are always deployed on the latest technology.
• Customers can time their update dates with Microsoft, however, we are limited to a 12 month update window following the general availability of a major release.
|
• Leverages MS service and deployment experience
• Service Descriptions
• Leveraging Microsoft Online or 3rd party tools
• End-to-end migration or resource augmentation
• End-to-end migration
• Leveraging MS Online tools
• Customer resources & process
• Migrate at your own pace
Self-Deployment Recommended Partner Microsoft Premier Deployment
Comfortable with Deployment Lifecycle
• Microsoft will be able provide a range of time in weeks for the service ready milestone, not a specific date.
• Current targets for Office 365 are as follows:• Office 365 Multi-Tenant: 8-10 weeks for
planning and preparation to ‘first mailbox deployed’. The average is 14-18 weeks until migrations are completed.
• Initial deployment is still required to migrate data to Office 365.
• AD clean up & network upgrade often required.
• Customers can choose to migrate and deploy: • Themselves
• With a partner or
• With Microsoft Premier Deployment*
Deployment of the Services will require time and effort and needs to
be planned for.
Microsoft cannot set deployment timelines before technical due diligence has been conducted.
|
Q & A