Interlink Cloud Blog

facebooktwitterlinkedin

Matt Scherocman

Exchange 2013 High Availbility revealed

Exchange 2013 has introduced some new features that bring great options for geographical disaster recovery and High availability.

1. You no longer need a layer 7 load balancing.  you can now use TCP based layer 4 transport load balancers.  These are typically cheaper, and is a clear reason the TMG is being eliminated

2. URL redirection is now built into Exchange 2013, as it is now a true HTTP proxy at the CAS.  It also serves as a stateless proxy for SMTP, which allows for pass through connections through to the mailbox server.

* Exchange will allow a client to cnnect to a CAS in one region, using a single namespace, then identify the URL of the CAS using URL redirection defined in Exchange 2013.  Once identified, it will redirect the client connecting to the CAS in the same AD site (assuming it's internet facing) as the mailbox server that users mailbox resides on.

3. Geographical load-balancing using DNS - Round Robin DNS is a way for you to allow external connections to cache multiple DNS entries, and if one is not available, the other will be pushed in 20 seconds.  What Microsoft also supports for single namespace HA is Geo Loadbalanced DNS, which will identify the DNS entry best suited for a client based on where they are connecting from (IP identification)

4. If you deploy a CAS with a DAG stetched across two sites - it will always route the SMTP connection to the DAG that your active mailbox sits on.  However, if the DAG member you are connecting to is not available, it will create multiple SMTP connections and write to both DAG members with a copy of the mailbox.  This feature is call Safety Net.

5. Managed Availability - All components of Exchange in terms of protocols on the mailbox servers has a recovery mechanism that is sequenced.  Many of the actions taken are automated, allowing for built in recovery mechanisms.

6. Maintenace Mode - you now have the ability to put a DAG member mailbox serveer into maintenace mode to allow for it to be temporarily be in service and not be active in the Exchange 2013 installation.

Matt Scherocman

Lync Mobile: Cloud and On Premise

Microsoft finally released the mobile client for Windows 7 Phones, Androids, iPhones/iPADs, and the Symbian devices.  Finally, we can now use Lync anywhere and those of you out there that have enabled Enterprise Voice have a host of options from dialing out your PSTN connection from anywhere, to auto-joining conferences with a tap on your phone.

The clients have been an average experience for me to this point.  I use the iPhone and, like many, I was anticipating the release of the Lync client to be able to use on my iPAD and iPhone.  Conferencing is the biggest dissappointment to me.  Not being able to connect using the iPad to a conference to see whiteboarding and screen sharing is, to say the least, disappointing.  Especially on the iPad where you would expect a more rich experience.  However, it is classified as mobile and has the same limitations as the other mobile clients.

As for deployment, if you are using Lync online, it couldn't get any easier!  A CNAME change is required for the Lync mobile client to connect, point to online.lync.com. It's as simple as the push notifications provider you have to use anyway!  In discussion with Kevin Peters, MVP and MCM in Lync Voice and Enterprise Messaging, he didn't make any changes; with a single vanity domain, Lync mobile was able to connect with no problems.

Lync on premise is a bit of a different challenge however, there are some great resources out there for you to use.  Don't put your faith in the Microsoft Lync Mobile Deployment Guide - it does not have any of the gotchas in it at all!! 

Resources:

TechNet Deployment Guide

Jeff shertz has a great blow post you can use: http://blog.schertz.name/2011/12/deploying-the-lync-2010-mobility-service/

Jeff does an excellent job clearing up some of the confusion surrounding deployment.

Most notably, the challenge you will run into with certificates and their assignments, how to deploy internally and externally.  There are some good blogs to help with this process, and as always, advise with your partner before attempting to do it on your own.  On this one, there are a ton of catches.

Good luck and enjoy your mobile client!

Matt Scherocman

MIcrosoft Office 365 Now Supports Removal of Directory Sync

Earlier this month, Microsoft announced that Office 365 will now support the ability to break Directory Synchronization if a customer chooses to do so.

Though through the Office 365 Admin page, when enabling Directory Synchronization it still gives the warning that if it is enabled it cannot be disabled, the fact is you can use the Office 365 Online PowerShell module allows you to connect to your environment and disable it. 

In the past, if a user was brought over by Synchronization, that user was permanently managed from the Directory Sync (DirSync), and if DirSync was disabled or removed, the user account became stale. The only thing that you could do to manage that user online was to reset their password.  You could not delete the account, and couldn't modify other aspects of the user account.

The addition of this alleviates many headaches for those out there moving from BPOS (used DirSync as a migration tool) to eliminate the on premise server required to run it.  Moving to Office 365, former BPOS customers can now manage their users online without that need.  This applies to many small businesses that were frustrated with the need to continue to have another server that isn't a domain controller, on premise to run Cloud based mailboxes.

In addition to this, I recently ran into a similar scenario where I was extracting mailboxes from a an envioronment over the 1,000 limit to use the batch migration.  Since these mailboxes were being extracted for the purpose of an acquisition, the installation requirement of Directory Synchronization in the staged migration scenario (note that you can run a staged migration on 100 users or less without Directory Sync).  I then was required to run Directory Synchronization, at the risk that the mailboxes I was extracting would become stale longer term, and if not setup in the acquiring companies Directory, could eventually be removed by accident or deteled.  Note that I had to run a filter of MIIS to ensure that only users with a specific attribute in the Directory could be copied to the cloud.

By disabling Directory Synchrnization I can then modify those accounts, and evenutally make them Cloud only.  And longer term, enable a new Directory Synchronization to take place with no risk.

   

Matt Scherocman

What is Versionless?

Versionless software is software that is always up to date with incremental improvements.  Microsoft has flipped the coin.  Clients used to have to wait for functionality to be available in the cloud.  Now the cloud gets the functionality first and on premise comes later.  This change is tremendous for clients.  The number one obstacle that clients have told me to utilizing new software is the deployment.  Now in the cloud, Microsoft takes care of that deployment and keeps the product up to date.  From the slides you can see their commitment to the cloud and how much functionality is being released on a regular basis. The 2013 graphic was produced in the late summer time frame so it doesn’t include new functionality like encryption included in the E3 plans that came out later in the year.
What we've delivered 1

What We've Delivered 2

 

This posting is provided “AS IS” with no warranties, and confers no rights.

Matt Scherocman

What Data Security and Compliance is Built into Office 365?

Security is at the heart of Office 365.  Here are some great bullet points from a recent Microsoft blog listing.  Check out the full article here:  http://blogs.office.com/b/office365tech/archive/2013/10/23/cloud-services-you-can-trust-security-compliance-and-privacy-in-office-365.aspx
Built-in capabilities

    • Physical security - We monitor our data centers 24/7 and we have technologies and processes to protect our data centers from unauthorized access or natural disasters
    • Security best practices -We use best practices in design like Secure Development Lifecycle and operations like defense-in-depth to keep your data secure in our data centers
    • Data encryption - Every customers' email content is encrypted at rest using BitLocker Advanced Encryption Standard (AES) encryption
    • Secure network layer - Our networks are segmented, providing physical separation of critical back-end servers from the public-facing interfaces at the same time our Edge router security detects intrusions and signs of vulnerability
    • Automated operations like Lock Box processes - Access to the IT systems that store customer data is strictly controlled via lock box processes. This access control mechanism is similar to a system where two people have to turn the key for an action to be allowed.

Compliance

    • Independently Verified - Third party audits verify that Office 365 meets many key world-class industry standards and certifications
    • Control framework - We follow a strategic approach of implementing extensive standard controls that in turn satisfy various industry regulations. Office 365 supports over 600 controls that enable us to meet complex standards and offer contracts to customers in regulated industries or geographies, like ISO 27001, the EU Model Clauses, HIPAA Business Associate Agreements, FISMA/FedRAMP
    • Comprehensive Data Processing Agreement - Our Data Processing Agreement comprehensively addresses privacy and security of customer data, helping customers comply with local regulations

Privacy

    • No Advertising - We do not scan email, documents, build analytics or data mine to build advertising products. In fact, we do not use your information for anything other than providing you services you have subscribed for.
    • Data Portability - As an Office 365 customer, your data belongs to you, and you can export your data at any time with no restrictions. We act only as a data processor and provider of productivity services, not as a data owner
    • Notice and Consent - When we act upon your data, we let you know why and we ask for permission in advance or redirect any inquiries to our customers unless legally prevented to do so.
    • Breach Response - We have strong, tested and audited processes to inform you if there is a breach and re-mediate issues if they occur.
    • Data Minimization - We strive to minimize the actual amount of customer data that our internal teams have access to.


This posting is provided “AS IS” with no warranties, and confers no rights.

Welcome to the Interlink Cloud Blog

All content provided on this blog is for informational purposes only. The owner of this blog makes no representations or warranties regarding the information from our partners or other external sources.

Blog Categories

Interlink Cloud
Interlink Cloud
5 post(s)
Tips and Tricks
Tips and Tricks
1 post(s)
Outlook
Outlook
2 post(s)
Reporting
Reporting
1 post(s)
Cloud Storage
Cloud Storage
1 post(s)
Webinars
Webinars
9 post(s)
OneDrive
OneDrive
5 post(s)
Yammer
Yammer
3 post(s)
Azure
Azure
11 post(s)
SharePoint
SharePoint
9 post(s)
Microsoft
Microsoft
5 post(s)
Lync
Lync
8 post(s)
Office 365
Office 365
47 post(s)

Blog Archive