Feeds

Chuck Exchange mailboxes into the cloud... sysadmin style

UC certificates, MX records and how to make a teeny bit of extra dosh

Internet Security Threat Report 2014

Sysadmin blog How do we migrate Exchange mailboxes into the cloud? A customer of mine has recently approached me with a request to move his mail hosting into the cloud, and it had to include BlackBerry support. After some discussion of the options available, a hosted exchange solution was deemed best, with Microsoft's own Office 365 emerging the winner.

I've migrated dozens of Exchange installations to Google Apps and Microsoft's BPOS without issue, but this will be my first production Office 365 client. It is an excellent test migration; the client is looking to migrate less than 15 users and an unknown number of shared mailboxes/mail enabled public folders from an SBS 2008 (Exchange 2007) installation.

While hybrid/coexistence mode is available with Office 365, we have chosen to do a cutover deployment. There is no interest in running mailboxes both locally and in the cloud.

Cutover deployments result in one of two flavours: either you have Single-Sign-On (SSO) enabled or you don't. As SSO is something that is generally enabled after the migration is completed, I'll address SSO in a separate article.

If SSO isn't enabled, then accessing your email really isn't all that different from any other web-based provider. Each user will have their own username and password, and they are completely separate from the local usernames and passwords. Office 365 has its own password requirements, but is otherwise pretty standard fare.

The advantage to Office 365 over other solutions is simply that this is a hosted version of exchange. All the lovely bits that make Outlook + Exchange the most popular business mail combination on the planet are available without you having to fuss over the server.

Getting the migration done

First, change the domains MX record TTL in DNS to the shortest possible timing allowed by the DNS provider. This is probably the most important step. When you do your cutover from locally hosted to cloud hosted email, you need your DNS changes to propagate as quickly as possible.

Next we need to enable Outlook Anywhere. This is required to perform the migration from the extant exchange server to Microsoft's cloud.

Outlook Anywhere requires a UC certificate from a public CA; not a huge worry, I've found them for as little as $60. When you think you have that all set up, use ExRCA to verify connectivity.

Create the customer's Office 365 account. If you're set up as a reseller of Microsoft's Office products, then sign in to https://portal.microsoft.com under your account (likely the yellow sticky under your keyboard where the username ends with @yourcompany.onmicrosoft.com) and use the "invites" system.

To do this, once you are logged in click on the word Partner at the top of the screen, and then you can either send a trial invitation or create a purchase offer. By using the invite system you'll get some fraction of the subscription revenues; why throw away free money? After the customer's account is created we log in to their account and start a migration batch from within the Office 365 control panel. This is fairly straight forward and will run you through connecting Office 365 to the local exchange server's Outlook Anywhere.

Right about now you should change your public DNS's MX records to point to cloud provider. Take a coffee break: we need to wait for MX records to propagate, as many DNS providers put a minimum TTL in place that overrides your settings.

After your coffee, complete the migration. This runs a last "sweep" across the local server to move any remaining emails to the cloud that may have accumulated during the MX transition period.

Finally, close the local mail server's firewall ports; it is better for mail to bounce (for those whose DNS providers don't respect TTL) than to accept mail to a server no longer in use. At least bounces provide the sender with a signal that something has gone wrong, and they should try alternate methods of communication.

That's it, we're done! One Exchange server cloudified. This is just part one of two – things get significantly more complicated when SSO is involved – but we'll jump off that bridge in the next article. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
The DRUGSTORES DON'T WORK, CVS makes IT WORSE ... for Apple Pay
Goog Wallet apparently also spurned in NFC lockdown
IBM, backing away from hardware? NEVER!
Don't be so sure, so-surers
Hey - who wants 4.8 TERABYTES almost AS FAST AS MEMORY?
China's Memblaze says they've got it in PCIe. Yow
Microsoft brings the CLOUD that GOES ON FOREVER
Sky's the limit with unrestricted space in the cloud
This time it's SO REAL: Overcoming the open-source orgasm myth with TODO
If the web giants need it to work, hey, maybe it'll work
'ANYTHING BUT STABLE' Netflix suffers BIG Europe-wide outage
Friday night LIVE? Nope. The only thing streaming are tears down my face
Google roolz! Nest buys Revolv, KILLS new sales of home hub
Take my temperature, I'm feeling a little bit dizzy
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.