Say you have an on premise environment and you’ve decided to incorporate Office 365 into your productivity strategy. What does that look like for you? What does it look like from a product point of view? Today I would like to look at different Microsoft technologies and talk about they potential for Hybrid and the possibilities, complications and difficulties that might arise.
It all starts with Active Directory. Pretty much every Microsoft product will rely on Active Directory. We aren’t used to talking about identity management, but essentially Active Directory is an identity manager, and Office 365 operates it’s own identity management tool called Azure Active Directory. We need to provide a way to have the two identity management environments talking to each other. To do this we will need three things.
- To establish our domain name on Office 365
- Configure UPN’s in our domain
- Directory Sync with Password Sync
This setup will give you a mechanism to copy accounts to Office 365 and synchronize passwords. This is by far the most simple setup and will cover most cases where single sign on and point of authentication are not an issue.
Let’s take a quick step back and look at identity models for Active Directory and Office 365. There are 3 identity models to be aware of
- Office 365 Cloud Identity
- This involves no on premises server and your domain and accounts live and are managed in Office 365.
- Office 365 synchronized identity
- This is the model discussed above. You will require some directory synchronization servers and some planning to sync accounts to Office 365.
- Office 365 Federated Identity
- This is by far the most complex model and will give your single sign on and on premise authentication in addition to directory synchronization.
Keep in mind that model 2 and 3, all Active Directory management is done in your on premise Active Directory.
Once a model is selected for Active Directory, your other services can then be planned around Hybrid. The most common hybrid environment is Exchange. Extending Exchange into Office 365 allows you to tap into the feature rich environment of Exchange Online. The most basic idea is that you can have some of your mailboxes existing in Office 365 and some living on premise but the environment from a holistic point of view looks like it’s one environment. There are of course other features that make this setup enticing such as
- Secure mail routing between on premise and Online orgs.
- Shared domain space. Both environments will utilize @company.com dns namespace.
- Shared Address book.
- Free/Busy calendar sharing.
- The ability to move mailboxes between Exchange on premise and Exchange Online.
- Cloud based message archiving for on premise Exchange mailboxes.
- Flexibility on mail routing direction.
- Ability to use Exchange Online Protection for your anti-spam and malware strategy
Exchange 2013 has a nice wizard that will walk you through the configuration. The big caveat here is to make sure you have your certificates sorted out.
As a base requirement for a hybrid Exchange configuration is Exchange 2010 SP3 and up.
Lync/Skype for Business Hybrid
With Lync/Skype for Business Hybrid model you get the benefit of splitting your user base between Lync Online and Lync/Skype for Business on premise. You can also choose where you want your unified messaging to live. Unified messaging is the mechanism in Exchange that provides a basic IVR and voicemail for Lync/Skype for Business and it can live on premise or on Office 365’s Exchange. There was once a limitation that required you to maintain on premise version of Lync/Skype for Business if you required enterprise voice/PSTN. These issues have been overcome with the advent of the Office 365 E5 license which includes CloudPBX and PSTN calling. How this plays out is yet to be seen and I haven’t had a chance to work with it yet…my bet is that it will work well but how voice will play out will complicate things.
- Lync 2013 or Skype for Business on premise (Lync 2010 CU March 2013 is technically supported, but I wouldn’t recommend it)
- Office 365 tenant with Lync Online enabled
- ADFS to support single sign on
Life starts to get much more complicated with Lync/Skype for Business. This hybrid model works well, but the setup is very PowerShell heavy. There aren’t as many wizard/GUI tools for this configuration, so you should understand what the PowerShell cmdlets are doing before performing this setup.
The final main solution we will discuss is the SharePoint 2013 hybrid environment. The SharePoint model differs from the previous 3 models in that you are not solely dealing with users and identity, SharePoint deals primarily with content. You are not extending users to SharePoint Online so much as you are extending Sites, Services, Libraries and other resources such as search and business connectivity services.
This is by far the most complex setup with many considerations but at it’s core you want to be able have your web applications on premise, and your Site Collections online, and want to enable a search model ideally both ways (Online and on premise and vice versa).
Here is a link to SharePoint Hybrid considerations. https://technet.microsoft.com/en-us/library/jj838715.aspx
There are some extremely rich and complex coexistence and hybrid scenarios with on premise and Office 365, and to be in the cloud you DON’T have to tear down your previous investment. Your IT staff will transition into architects and designers and you can find help through cloud partners and specialists.