So, in my previous post i have discussed about the existing setup and the challenges to address the problem.
Here, i’m going to discuss about the proposed architecture and how it is going to address the challenges.
- Before starting the new setup, the mailbox that was created for ABC users on UK.XYZ domains are removed. The synchronizations between mailboxes are removed.
- Reason : This is to make sure there is no duplicate user mailbox residing on either side of the forest.
- UK.XYZ exchange and ABC exchange connected to each other (Quest migration manager).
- Reason : The mailboxes from UK.XYZ to ABC exchange to be migrated and it needs to be associated with the AD Account associated with each users AD account.
- AAD Connect is installed on ABC.COM to synchronize to the AD Azure.
- Reason : This is to make sure only ABC should be the primary domain, eventually the other domains acts as a resource domain for other applications and slowly decommissioned
- New domain called @azuredomain.com and used as upn for both ABC and xyz.com domains
- Reason : This is to have a common authentication. So users can use this as a domain to authenticate themselves to office 365
- Federation trust and connectors on both the uk.xyz.com and abc.com exchange servers
- Reason : When users are connected in their respective domains, they should be able to resolve other users name, share calendar and route autodiscovery service seamlessly
- New exchange CAS server installed in uk.xyz.com and given exception to the CAS Array and a third party certificate installed which just one domain
- Reason : This is to make sure, this server act as a EWS/MRS endpoint. The users don’t connect to this server by giving exception in the CAS array.
- Cloud identity management introduced to make sure it is does the authentication
- Reason : No separate architecture required for ADFS. This also enables the customer to use more cloud based solutions such as Box.
- Remote mailbox has been created for every user mailbox which are migrated from uk.xyz to abc exchange server
- Reason : When user connects to outlook, they should be redirected to Office 365 mailbox. So no matter where the users their desktop, the outlook reaches office 365
- Users office 2010 has been upgraded to office 2013 or 2016
- Reason : This helps to avoid additional autodiscover dns record. Outlook 2013 or 2016 has that capabilities. It tries traditional autodiscovery and finally reaches the office 365 automatically.
- Both incoming and outgoing emails are filtered in abc.com domain.
- Reason : This helps to maintain hygiene and plus maintain single infrastructure for email gateway.
- A new cloud based solution for MDM is introduced. All the user needs to re-configure their device.
- Reason : Mobile iron and Okta apps gives a very good multi-factor authentication method. It is very simple if a user know how to download an app and follow the on screen instruction
This case study may not be perfect solution but it is definitely worth a read. If you have suggestions on how this could be made better, drop your comments.
Incase if you missed my Part – 1