Collaboration optimize

Migrating to Office 365: Practical aspects of moving email to the cloud

John Joyner walks through real-world experiences of users and administrators of networks that migrated from on-premise Exchange server to Office 365.

A typical decision for an organization at technology refresh time involves what to do with on-premise email. While a conventional choice might be an in place upgrade to the current release of your messaging application, it's also an opportunity to change your messaging service to another application, or to move some or all of the messaging components to a hosting provider in the cloud. For a small organization, especially one under 25 users, there can be strong economic, risk-mitigation, and feature-use scenarios that make a cloud migration quite attractive.

In a previous article, I covered some fundamental decisions an organization faces when looking to upgrade to the latest version of Microsoft Exchange server. In this article, we'll walk through some real-world experiences of users and administrators of networks that migrated from on-premise Exchange server to Microsoft's hosted collaboration environment, Office 365. There are hybrid options for the larger organization that needs long-term co-existence with on-premise email systems. In the scenario that follows, we're looking at a smaller company that wants to migrate completely to a hosted model.

Prepare public DNS records for migration

Once you sign up for Office 365, Microsoft will send you instructions on how to modify the Mail Exchanger (MX) record in your organization's public DNS zone so that inbound email is delivered to the Office 365 cloud. After sending a test message, you flip your inbound mail path, from whatever it was, to point to Office 365. After that, all mail for your organization will arrive at the Office 365 cloud. Initially (before you migrate any user mailboxes), all email flows transparently through the cloud and continues to arrive in your on-premise email system.

In addition to moving the MX record, you can optionally add these other DNS records:

  • The Autodiscover record helps Microsoft Office Outlook locate the Office 365 servers when users check Free/Busy information or use the Out Of Office Assistant.
  • The Sender Policy Framework (SPF) record helps prevent others from using your domain name to send spam or other malicious e-mail.

Microsoft makes available a handy cloud-based connectivity analyzer tool to test that your DNS records are correctly published (be sure and select tests from the tool's Office 365 tab).

Move mailboxes to the cloud

Microsoft makes this part easy for customers with previous versions of Exchange. There is a server-side utility called the Microsoft Online Migration Console that you install on a server in your environment. This console shows you each of your current Exchange mailboxes and whether they reside on-premise or in the cloud, allowing you to granularly move users individually or in small groups. When it comes time to migrate a particular user to the cloud, follow this procedure:

  1. Let the user know there will be a brief interruption in their ability to use email. Close all instances of Outlook for that user and advise them to avoid using their Active-Sync device(s).
  2. Migrate the user's mailbox to the cloud using the Online Migration Console.
  3. Install and run the client-side Microsoft Online Services Sign In utility on the user's PC. (See Figure A.)
  4. Select all the Options in the Sign In Preferences section for the most transparent operation.
  5. After successfully signing in, a wizard will launch that automatically configures the PC's Office 365 applications such as Outlook to work with the cloud.
  6. The user's Active-Sync devices such as iPhone, iPad, Android, or Windows Phone are configured by selecting to create a new Email account. If your autodiscover record is available in your public DNS, this is an automatic procedure. Microsoft also provides Office 365 customers with instructions to manually configure Active-Sync devices with a server name if you don't have an autodiscover DNS record.

Figure A

The Microsoft Online Services Sign In utility configures the user's Office 365 applications.

Enable email for network devices

Many offices have a few network devices, such as scanners or telephony equipment, which use SMTP email to deliver documents or alerts. When you have an on-premise email server, it's a simple matter usually to point that device to the local server's SMTP service for outbound email delivery. However, if you tried to send SMTP email to Internet destinations from an on-premise SMTP post office, after moving your email to Office 365, this would probably result in most of your outbound emails being intercepted as spam.

When there is no longer an on-premise Internet email gateway, you need to use SMTP servers in the Office 365 cloud. Microsoft, like most cloud email service providers, does not allow direct SMTP (TCP port 25) connection from customers. They do make available a secure SMTP receiver on TCP port 587 specifically to support the requirement for email-enabled devices in your office. If your device allows SMTP to be set up with a non-standard port, SSL/TLS encryption, and apply a username and password, you can point the device directly to the cloud.

If your device only supports SMTP on port 25, or can't support SSL/TLS encryption and/or secure login, then a tip is to provision a server-level SMTP postoffice on-premise for relaying to the cloud. Any Windows 2003, Windows 2008, or Windows 2008 R2 server can host an SMTP postoffice that is configured to relay messages to the Office 365 cloud. You can point your on-premise SMTP devices to the on-premise SMTP relay postoffice, which in turn sends everything to the Office 365 cloud for onward delivery.

Figure B shows the detailed Delivery settings in a Windows server SMTP post office to enable this capability. Remember that the username and password entered must belong to an active Office 365 mailbox account, and the password will require changing here every few months when the Office 365 user's password is changed.

Figure B

Details on configuring an on-premise SMTP server to relay to the cloud.

About

John Joyner, MCSE, CMSP, MVP Cloud and Datacenter Management, is senior architect at ClearPointe, a cloud provider of systems management services. He is co-author of the "System Center Operations Manager: Unleashed" book series from Sams Publishing, ...

14 comments
RandyWF
RandyWF

I'm not understanding something (which is mostly normal for me!) about the "Microsoft Online Migration Console" that John is mentioning in this article. Where is the "Microsoft Online Migration Console" utility that we can install on the Server Side? Is this a download from Microsoft? I know there is a Migration Tool for BPOS, but I was unaware of a "Microsoft Online Migration Console" utility that you can install on a server for Office 365. I have done a few searches, but can't seem to find this tool. I sure hope John Joyner is correct on this, I would love to have this utility again for Office 365. Can someone point me in the correct direction on? Thank you, Randy

mbrello
mbrello

I recently read an article regarding the Cloud (The Advantages of Using Cloud Computing, by Christian Arno, dated April 14, 2011, Cloud Computing Journal). Prior to reading this article, my thoughts and opinions on Cloud computing were that it was great for personal use. Most of us are probably unaware that we are already using Cloud computing (Facebook, Skype, G-Mail, anyone?). Other thoughts were that perhaps Cloud computing could be a viable solution for small businesses. However, when it comes to large businesses and governmental entities, I have been less inclined to believe that Cloud computing is all it is cracked up to be. According to the author (Christian Arno), "[t]here are lots of advantages to using Cloud computing for international companies. One of the major ones is the flexibility that it offers." He further goes on to say that as long as users "can get on the Internet, staff can access information from home, on the road, from clients offices or even from a smartphone." By the way, the key phrase here is "as long as users can get to the Internet." Well, forgive my ignorance, but do businesses not already have that flexibility with tools such as Remote Access, VPN, laptops and certificate authentication for mobile devices? And let me just clarify that my use of the term "mobile devices" does not limit that to smartphones; iPads and other tablet PC-types are to be included within that categorization. I understand that by having a Cloud, "[d]ocuments can simultaneously be viewed and edited from multiple locations" and I agree that is a very nice concept, but is there not already at least one way to make that possible without utilizing a Cloud (Microsoft SharePoint Server, anyone?). In his article Mr. Arno further reports that "a major advantage of using Cloud computing ... is that because its online, it offers virtually unlimited storage compared to [traditional] server and hard drive limits." Aren't these Clouds essentially servers which are maintained by an outside source? More importantly, who is making servers with unlimited storage capacity nowadays? Let me just say that I want in on that action, as none of the users at my place of employment believe in data management and our department head will not allow us to implement quota management to remedy the issue. "One of the reasons many businesses choose Cloud computing is because online storage and back-up means their data cant be lost or destroyed." Is there a 100% guarantee that data cannot be lost or destroyed? I think not - mistakes can, do and will happen. What if the server on which your data is being stored goes down? Where does your company rank in the priority queue to have service restored? What if you lose Internet connectivity? I mean, Cloud computing does require the Internet, correct? When Internet connectivity has been lost at my place of employment, internal network operations were still available. Granted, e-mail might not have always worked in that scenario, but I have still been able to access my documents and the software applications I need to perform my duties. If my understanding is correct, if you Cloud compute and you lose connection to the Cloud, you lose connection to your software applications as well. One of the biggest questions I have regarding Cloud computing is who is responsible for backing up the data and maintaining its integrity ... a stranger? What is their motivation to maintain confidentiality or to not sell proprietary information to the highest bidder or to not hold hostage company data? Do not laugh at that last potential threat (holding data hostage) - it has happened ... remember the network administrator for the City of San Francisco who was released from his duties and subsequently held the City's network hostage for a few days? Okay, okay ... maybe I do sound a little paranoid and maybe I am a little bit of a control freak. But when you outsource these types of services, you pay a fee ... most likely a substantial fee that is determined by the provider of those services. I mean, you no longer employ your own IT specialists to take care of these types of matters for you - you are paying someone else to have specialists on hand to perform those duties (who I presume would not be onsite at your place of business). Oh, and by the way, that company needs to make a profit on the services its providing to you. And from a licensing perspective, wouldn't you still have to purchase licensing to use software applications provided by a Cloud? Otherwise, how are those software developers going to make a profit?? And who do you think is going to cover the costs of having to replace the server(s) upon which your little Cloud is located? Those costs (along with a profit) will be passed on to the end user. Please enlighten me as to how all of this is more cost effective? Poh-tay-toh, pah-tah-toh? Who came up with this term anyway? "Cloud" computing. How do you access a Cloud? Via the Internet. What is the Internet? A network. What comprises a network? Computers, servers and other end devices. Well, helllloooooo ... aren't you still in the same scenario you were in before? How are you any better off? Personally, there are still too many "what if's" for me to step into the light and see Cloud computing as the be all, end all. And, like the majority of those people cited in Mr. Arnos article, I still fear too many security flaws in Cloud computing from a business perspective. Besides that, I am a control freak - I cannot fathom turning over control of my data to a stranger and entrusting it to them. Yes, traditional servers and computers can still be hacked and hard drives can fail; but then if a server is what houses a Cloud, cannot the same be said about Clouds? Obviously, I am still not sold on the idea of Cloud computing. I think it is a trend ... it is "new", so it is "fashionable" and therefore "everyone" is doing it. It is an idea that someone came up with which they are banking on selling while glossing over the potential cons that go along with it. In the end, it is all about making a profit. Oh, do not get me wrong ... I am as guilty of Facebooking and Skyping with friends and family as the next person, but the pictures, movies, etc. that I upload to Facebook are still on my own home computer, and I am still the one responsible for backing up those files. In my humble opinion, Cloud computing is just outsourcing no matter what term you apply to it; and while in the short-term it may be a viable, affordable alternative for small businesses, I do not believe those benefits would flourish in the long-term were that small business to expand. Cloud computing definitely would not be my recommendation to a large corporation or governmental entity. I prefer to stay in charge of my own data, thank you very much. Anyway, that's my 2 cents worth. ;)

tselliott63
tselliott63

If your line is cut, you have no internet and your in house email server is fairly useless for communicating with clients. The obvious benefit of having it off site with MS or whomever, is that they have redundant servers and connections that you can still reach using the ever more ubiquitous smartphones. Androids' Exchange problems are ongoing. They're not limited to Office365. By having it hosted off site you have an off site backup. I'm assuming everyone would use the cached Exchange mode which can operate independently and be exported to PSTs should you feel the need. =========== All that being said, the migration to their servers was a TOTAL nightmare. Their documentation is confusing, incomplete, and frequently incorrect. It's scattered over multiple sites and still refers to tools they no longer support or use. It was no fun at all. Since that time (about a month now), we haven't had any major problems. We have had minor issues but nothing too painful yet.

fhrivers
fhrivers

If your company requires e-mail for contact between remote offices and clients, you're up the creek if there's a line cut or other e-mail outage. Also if you're in a regulated industry like banking or healthcare, does the cloud provider abide by the requirements of the regulating body? If one server or array is hacked, is your data compromised as well? I'm pretty agnostic about the cloud, but I get pretty worked up when people beleive that it's some kind of panacea and that they can throw their hands up and let the "other guy" worry about availability and security. At the end of the day it's your data and your responsibility. Any cloud solution should be treated like an extension of your network. If the vendor doesn't want to cooperate with it, then you should consider a private environment hosted by a third party (private cloud). You should also have an internal environment that could function as a "limp-along" DR site where only absolutely critical services are run in house.

ian.edwards
ian.edwards

Sorry John, but one of the major reasons for moving to the cloud, especially for small businesses, is to remove the need for specialised/dedicated hardware. Do you or anyone else have a solution for a non secure email option that does not require hardware in-house. thanks...Ian

kevin8441
kevin8441

I have 3 customers using this product but everytime something goes wrong, you don't have full control of the whole system and when you call Microsoft there support for this product wasn't that good and had no idea what was happaning. In the mean time I keep most of my customers on a exchange server for the fact that I have control to what the customer wants.

BillGates_z
BillGates_z

f the cloud. NO security NO guarantee of availability NO idea when data might just vanish. I'll keep it local thanks (and back it up)

joel
joel

This idea is about 2 years old, and microsoft went from being a leader to a follower. They are trying, but only trying.

tsmith425
tsmith425

I've used many tools and solutions from Microsoft-built ones, manual methods, and third-party companies. Nothing compares to MigrationWiz. They're a MS partner doing migrations from any system. It's all cloud-based, self-services, and automated. I literally don't know what to do with my weekends anymore.

tanernew
tanernew

If there is a problem in internet line, having communication internally does not mean anything. You can send messages with phone, office boy, shared folder or you carry yourself. Importance of mail system comes from external communication. If you can not send the mail and can not purchase some product then it is a problem. If I can not send the report to my manager I can copy it myself

fhrivers
fhrivers

With an internal mail server, with a line cut you still can communicate internally. However, with a cloud based service, you lose everything. My point wasn't to bash the cloud, but to instead point out that it isn't a cure-all. You still need to worry about security and disaster recovery.

ylto
ylto

I second Kevin's comment and also would mention that in a non-federated environment many of my users are prompty frequently (but not every time) for their credentials - credentials they didnt know they had until we moved to the cloud. Also, several Android phones (mostly older) do not deal with Active Sync correctly, even if they have the proper "client" on the phone. There are other issues too. Its far from seamless. I plan on writing up my post mortem soon.

alexisgarcia72
alexisgarcia72

I agree. Is better to have my vmware servers with vmotion and a good exchange infrastructure locally, back it up daily (full) and offisite storage. No complains, easy, fast, reliable and secure!