Presentation is loading. Please wait.

Presentation is loading. Please wait.

Moving to a Hybrid Unified Communications environment

Published byDjaja Susman Modified over 6 years ago

Similar presentations

Presentation on theme: "Moving to a Hybrid Unified Communications environment"— Presentation transcript:

1 Moving to a Hybrid Unified Communications environment
9/20/2018 1:02 AM BRK3003 Moving to a Hybrid Unified Communications environment BJ Whalen Principal Program Manager © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Session Overview Objectives Takeaways
9/20/2018 1:02 AM Session Overview Objectives How hybrid in Skype for Business works Define principles, plan, and support boundaries for deploying hybrid Takeaways Hybrid is the primary mechanism to get from on-prem to cloud When basic deployment principles followed, hybrid is straightforward Teams announcement does not change this guidance © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Dis-ambiguating “Hybrid” in Skype for Business
Hybrid “Split Domain” Having a mix of SfB users & devices homed in the cloud and on-prem Key mechanism for on-prem orgs to migrate to cloud Same use of “hybrid” as with other O365 workloads Administrator has configured Shared SIP address space “Hybrid Voice” Voice trunks on-prem provide functionality to users homed in the cloud Achieved via either: Cloud Connector Edition (CCE) Skype For Business on-prem configured for hybrid (OPCH) Enables migration to cloud, while preserving on-premises voice configuration Hybrid voice is a separate concept from split-domain, but requires Shared Sip Address Space This talk is primarily about split domain

4 Canonical Org Configs

5 Canonical Org Configs – Voice
For more details, see: BRK3035

6 Split Domain Basics Prerequisites
On-prem deployment of either SfB or Lync O365 Tenant Azure Active Directory Connect to sync on-prem directory into O365 Enable federation between on-prem SfB deployment and O365 tenant Enabled Shared SIP Address Space SfB Users exist in both cloud & on-prem directories A user is “homed” either online or on-prem On-prem “homed” users interact with on-prem SfB servers Cloud “homed” users interact with SfB online service A user’s “Home” is determined by msRTCSIP-DeploymentLocator attribute Initially, all users in hybrid environment are homed on-prem until admin takes action On-Prem AD is authoritative All new users should be created on-prem and sync’d up Users created in cloud are not sync’d down to on-prem, & are not discoverable by on-prem users

7 Hybrid Mechanics To migrate a user from on-prem to cloud:
9/20/2018 1:02 AM Hybrid Mechanics To migrate a user from on-prem to cloud: Assign a license to the online user From On-prem PowerShell, run Move-CsUser: Changes deployment locator from onprem to cloud Migrates contacts/groups and meeting coordinates Note: Policy assignments & meeting content are not migrated Routing between on-prem & online: Online users find user objects in online On-prem users find user objects on-prem If deployment locator doesn’t match originating user’s, re-route as needed. If user is not found in the local directory, it’s not routable. Hence, don’t create users directly online. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Planning your move to cloud
Assess differences between SfB Online & On-prem Deployment principles Networking considerations Migrate or clean cut-over

9 Functionality differences SfB Online vs On-Prem
Features in SfB on-prem but not SfB Online Comments Advanced Calling Features. E.g. Richer calling queue functionality on-prem Dynamic E-911 & Location Discovery IP Phone policy for common areas Analog support via hybrid voice Call parking Full feature parity coming in Teams Persistent Chat Use Teams Survivable Branch Appliance Not planned. Focus on redundant connectivity to cloud Fewer knobs available in policy model Inherent to online service Exchange interop considerations See next slide

10 Exchange Co-existence
9/20/2018 1:02 AM Exchange Co-existence Best practice is to move the user’s mailbox to Exchange Online before moving the user’s SfB home. Users with Exchange mailboxes on-prem are supported with following known limitations: Client sign on: Users may need to sign on twice during SfB client sign on Server side conversation history, Archiving, Unified Contact Store, HighRes Photo: Requires Exchange 2013 or later Customer must enable OAuth Service to Server communication, see: Meeting Migration Service functionality for Exchange on-prem coming soon Known functional gaps: IM/meetings via on-prem OWA More Details: © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Core Deployment Principles
9/20/2018 1:02 AM Core Deployment Principles Users from any forest can access SFB as long as they are sync’d properly (as disabled user objects) Exchange can be online or on-prem, but there are functionality differences if not online Only 1 on-prem SfB/Lync deployment can be in hybrid with SfBO © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 Multiple Forest Scenarios: Background
9/20/2018 1:02 AM Multiple Forest Scenarios: Background Users can access SfB functionality in another forest, provided: They are sync’d properly into the forest that hosts SfB Historically for pure-on prem, syncing as disabled user objects or AD contacts was ok To function in hybrid, users must be sync’d as disabled user objects! Forest hosting SfB must trust forest containing the users Mechanics User signs in to AD in Account Forest Disabled User object in Resource Forest is used to access SfB resources. msRTCSIP-originatorSID of Resource Forest user object must match SID of user in Account Forest © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Hybrid for a simple multi-forest org
Get an O365 Tenant Sync users from on-prem into cloud via AAD Connect AAD Connect installed locally, in any forest or in DMZ Must sync account forest and resource forest AAD Connect syncs from multiple forests and merges data before sync’ing to cloud Use option to merge on ObjectSID= msRTCSIP-OriginatorSID Enable Split Domain in SfB Move users’ SfB “home” to cloud as needed using on-prem tools This is the most basic path for *any multi-forest* customer to migrate to the cloud.

14 Hybrid for a Complex Deployment
Same basic pattern as canonical path: 1 SfB deployment in 1 forest That SfB deployment is enabled for split domain All users have representations in cloud and on-prem Primary Difference: Customer has already configured more on-prem Sync with MIM

15 Exchange Co-existence
Exchange mailbox can be online or on-prem If on-prem: The mailbox can in the same or different forest as the on-prem SfB deployment If different forest, two-way trust is required. Exchange 2010 or later required, more functionality with Exchange 2013 or later Some functionality differences to be aware of, and possible extra config Oauth Config: Functionality differences:

16 Single Forest Hybrid with Exchange interop
Exact same diagram as earlier single forest topology, except for Exchange. Exchange can be hybrid or pure on-prem.

17 Multi-Forest Hybrid with Exchange Interop
Exact same diagram as canonical multi-forest hybrid except: Exchange is on-prem. Could be either in same forest as SfB or different, or both If different forest, must have 2 way trust

18 1 On-Prem SFB deployments
Only 1 SfB on-prem deployment can be connected to a given tenant Otherwise, routing in federated scenarios breaks Unsupported Supported AcquiredCompany cannot be sync’d to AAD Both forests are sync’d but must stay fully on-prem

19 Managing >1 on-prem deployment
9/20/2018 1:02 AM Managing >1 on-prem deployment Some complex customers have >1 SfB deployment Use Federation for interop Only 1 of the deployments can go to SfB Hybrid The combination that breaks federation is: More than 1 forest with SfB which syncs into Azure AD Split domain enabled in the tenant with any of the on-prem deployments At least 1 on-prem user from the split-domain forest migrated to the cloud. Consider cut-over migration to consolidate in cloud © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Networking Considerations
Update networking gear to support O365 IPs, ports, etc Treat O365 as trusted endpoint: Bypass HTTP proxy for SFB real-time media traffic Turn off deep pack inspection for SFB media traffic Enable UDP More details: Change network egress to be closer to user All non-p2p media routes thru cloud MS network is already peered >2000 ISPs in 130+ locations More details: BRK3029

21 Hybrid or Cutover? Benefits of going hybrid
Allows for gradual move Allows for interop Preserves contacts and meetings Cutover migration to SfB Online Create all new user accounts in cloud Must be done all at once (typically over weekend) Not suited for scenarios with on-prem voice

22 Alternate Id: Background
9/20/2018 1:02 AM Alternate Id: Background Designed for customers that can’t use on-premises UPNs for authentication to Office 365 Typical use cases: Non-routable UPN domains Complex UPNs that are difficult for users to remember Use Smartcards (CAC/PIV) Cannot change UPNs Alternate Id allows you to select an alternate login ID for Office 365 regardless of the identity model you use © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Alternate ID Background
UPN on-premises cannot be used in the cloud Customer picks another attribute to use for UPN Separate UPN in the cloud AltID is often needed for application compatibility

24 Alt ID: Support For best user experience in a hybrid environment, use the same set of credentials (e.g. the UPN) for on-premises and online If possible, change UPNs if possible to avoid the need for AltID. Alternate ID in hybrid environments with Exchange and/or Skype for Business is supported but not recommended. If using AlternateID in hybrid environment: Lync Server 2013 or later required. Consider enabling Modern Authentication for an improved user experience. For details, see Modern Auth: BRK4001 If using mobile clients, ensure that the SIP address is identical to the user’s mail address (and alternate ID).  

25 Skype and Teams MS continues to be committed to SfB on Prem with a v-next release in H2 CY18 Teams and SfB can be used side-by-side Interop between SFB on-prem and Teams is built on top of split domain functionality This deployment guidance applies regardless of when you are ready to move to Teams.

26 Resources Hybrid Deployment Steps: Multi-Forest Support:
Multi-Forest Support: Exchange Interop: Alt ID: Hybrid Voice: Networking guidance:

27 Please evaluate this session
Tech Ready 15 9/20/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 9/20/2018 1:02 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Moving to a Hybrid Unified Communications environment"

Similar presentations

Name | Title | Microsoft Corporation

Name | Title | Microsoft Corporation
Recording Brief EMS Partner Bootcamp Variables Values Module Title

Recording Brief EMS Partner Bootcamp Variables Values Module Title
Lync 2013 Licensing and Pricing

Lync 2013 Licensing and Pricing
Active Directory Modernization Technical competitive comparison

Active Directory Modernization Technical competitive comparison
Success through People with LinkedIn and O365

Success through People with LinkedIn and O365
Make your app a native part of Office with Add-ins

Make your app a native part of Office with Add-ins
5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.

5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.
Demystifying the Office 365 profile experience

Demystifying the Office 365 profile experience
Azure File Sync Setup, configuration and management

Azure File Sync Setup, configuration and management
5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.

5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.
O365 & AZURE ADDS Mladen Baranek, Miadria

O365 & AZURE ADDS Mladen Baranek, Miadria
Microsoft 2016 6/4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,

Microsoft /4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,
Get the most from the Microsoft Dynamics 365 Mobile App

Get the most from the Microsoft Dynamics 365 Mobile App
6/10/2018 3:43 AM THR1000 Making StaffHub work for your organization Business Integrations & Workflows Sushmitha Kini Engineering Manager © Microsoft.

6/10/2018 3:43 AM THR1000 Making StaffHub work for your organization Business Integrations & Workflows Sushmitha Kini Engineering Manager © Microsoft.
6/11/2018 8:14 AM THR2175 Building and deploying existing ASP.NET applications using VSTS and Docker on Windows Marcel de Vries CTO, Xpirit © Microsoft.

6/11/2018 8:14 AM THR2175 Building and deploying existing ASP.NET applications using VSTS and Docker on Windows Marcel de Vries CTO, Xpirit © Microsoft.
Azure Cloud Shell Magic of Modern Command-line Management

Azure Cloud Shell Magic of Modern Command-line Management
Developing Hybrid Apps on Microsoft Azure Stack

Developing Hybrid Apps on Microsoft Azure Stack
6/17/2018 5:54 AM OSP322 Getting the best of both worlds, making the most of SharePoint hybrid search solutions Shyam Narayan Microsoft © 2013 Microsoft.

6/17/2018 5:54 AM OSP322 Getting the best of both worlds, making the most of SharePoint hybrid search solutions Shyam Narayan Microsoft © 2013 Microsoft.
Windows 10 and the cloud: Why the future needs hybrid solutions

Windows 10 and the cloud: Why the future needs hybrid solutions
Firstline Workforce and Office 365: Microsoft StaffHub

Firstline Workforce and Office 365: Microsoft StaffHub

Similar presentations

Ads by Google