Skype Academy presents: Hybrid and Online Migration Summary

Recently some new videos were published to the Skype Academy training and one i think a lot of people will be interested in is Skype for Business Hybrid and SfB Online Migrations. A list of the new videos available is here

This video covers all aspects of Hybrid at a high level including

Lync / SfB Server Topology requirements
Identity Requirement
AAD Connect ADFS
High Level Network and Firewall Information
Managing and configuring Hybrid
Also some troubleshooting scenarios
Links to Skype operations Framework as well

Definitely worth a watch

Also definitely worth a read is Josh Blalocks Hybrid Handbook download here

Below is a summary of the Skype for Business Academy video here.

This is the January 2017 version of this training.

This content is subject to change as with all Cloud technology information and training.

Agenda

There’s a lot to cover and the video is around 45mins long. It great this video doesn’t just cover Lync / SfB it also talks over identity AAD Connect and ADFS

Skype Operations Framework (SOF)

With Hybrid this fits into Cloud Migration as customer may be looking to migrate from on premises to online and also customers may require to keep and have users homed on premises and online due to functionality not being available online.

For Hybrid we are looking a Cloud Migration workflow of the SOF. Recommend you take out SOF and the great download and assets that are available here. To Quickly get started use the Quick Start on the home page.

Goal of Hybrid

Is to have a shared SIP namespace Online and On premise. Where you can have users home on premises and online using the same SIP address space. This allows customer to move users between on premises and online and back from online to on premises and also provides a migration method from on premises to online which also migrates existing contacts, then allows the on premises environment to be decommissioned once all services and users have moved.

You could look at a hard cut over if you wanted to move to Online only but you would lose existing contacts and the experience is not as seamless. I would recommend hybrid if possible.

For example contoso.com is available on premise and online.

Hybrid Benefits

Move users from On premise to Online and also you can move from online to on premises.
Allows user to leverage CLOUD only features and functionality such as Skype meeting broadcasts and Cloud PBX.
GET the best of both worlds ! Users on premise can leverage full enterprise voice functionality.

Topology Requirements for Hybrid

Full server deployment on premises and Administrator tools of the following:

Skype for Business Server 2015
Lync Server 2013
Lync Server 2010

Please note the latest Cumulative updates are always recommended.

Please note for Cloud PBX with on premises PSTN connectivity you require SfB Server 2015 or Lync Server 2013. Lync Server 2010 is not supported.

Lync Server 2013 – Support Cloud PBX

Lync Server 2010 – DOES NOT support Cloud PBX

Allowing for Mixed Topologies

You can have a mix of Skype for Business Server and Lync Server but note the requirements above.

Certain roles need to be Skype for Business 2015.

For more detailed information please refer to TechNet here

CLOUD PBX with On premises PSTN connectivity Hybrid requirements

Must be SfB Server or Lync Server 2013.

Please note for Cloud PBX you need to have the following server roles with the supported versions

Office 365 and Identity Requirements

Identity is Key and in alot of cases customers already have this deployed if they have Exchange Online for example. If new to Office 365 this is a key requirement.

Also consider Interop with Exchange and Networking Requirements

Skype for Business Edge Connectivity

HA and DR is key on premises as sign in is pointed to on premises servers

If you want Outlook web access integration you must have your mailbox homed Online.

Azure voicemail can also utilise on premises exchange if required.

Networking – Need to open ports on firewall.

Please check Office 365 IP and Ports here

Please check bandwidth requirements as well as traffic will go over the internet to SfB Online. Please check out Skype for Business bandwidth calculator here

MMS Training here

HA and DR Considerations

Hybrid is very very reliant still on the on premises Lync / SfB infrastructure and dont overlook the requirement. All SfB Public DNS records point on premises and are redirect to SfB Online. If clients cant get to the on premises infrastructure then they cant get to SfB online as well.

Please see examples below

The SfB client registration process client does DNS lookup for lyncdiscover.contoso.net which resolves to the on premises reverse proxy server NOT SfB Online.

This returns back the internal web services url which redirect the client to SfB Online.

Http Analyse below.

The on premise SfB external web services does a redirect to SfB Online web services

Open all ports for an On premises edge and reverse proxy server deployment and also open port requirements for SfB Online.

On premises Edge Server requirements here

Server Firewall requirements – Server to SfB Online

Always check

SfB Clients to SfB Online Firewall

Identity Requirements

High level overview only but gives a good overview of Identity requirements for Hybrid. Don’t overlook this requirement.

Identity Management

Authentication and Authorization and definitions above.

Identity Options – Three options for identity with Office 365 only two are suitable with Hybrid.

CLOUD ONLY is NOT an identity option for Hybrid.

~~Cloud Identity (Not available with Hybrid)~~
Synchronized Identity (Directory and Password Sync)
Federated Identity (Directory and Federation)

View the differences in Synchronised and Federation including server counts and SSO. Also consider requirements on where authentication will take place.

Password Sync (Synchronized Identity)

AAD Connect only with Password Sync.

Two User IDS but one username and Password

Authentication happens in the CLOUD

Federated Identity

AAD Connect and ADFS and ADFS Web Proxy

True SSO

Higher Server Count

Authentication happens on premises !!! Again reliance on premises infrastructure.

Note password management and resets are on premises.

ADFS 3.0 deployment Options with federation identity

Can be single server but not recommended due to NO high availability.

Recommended to have ADFS server farm deployment for HA an example below.

AAD Connect – Azure Active Directory Connect

How do we sync out user object into Office 365 AAD Connect which was DirSync.

Required for Synchronized and Federated identities.

What does AAD Connect synchronise ?

Not every sync by default. You can use filtering and additional sync features

Common AD sync questions

Licencing of users is seperate

You can still create users in Office 365 but not recommended. Crate on premise and sync up to the Cloud.

How to Deploy Skype for Business Hybrid and Steps required

So we looked at the prereqs now lets see them all. The following prereqs must be in place before you can configure SfB Hybrid.

Please note ALL of the above items must be in place.

Configure AAD Connect

Various tool consolidated into a deployment assistant

AAD Connect – Express Settings

Start with Express and add other options if required.

SfB Enable Federation and Split Domain

Federation must be configured the same on premises and online. IF you use closed federation and have added allowed domain then you these must be added online as well.

he following requirements must be met to successfully configure a hybrid deployment:

Domain matching must be configured the same for your on-premises deployment and your Office 365 tenant. If partner discovery is enabled on the on-premises deployment, then open federation must be configured for your online tenant. If partner discovery is not enabled, then closed federation must be configured for your online tenant.
The Blocked domains list in the on-premises deployment must exactly match the Blocked domains list for your online tenant.
The Allowed domains list in the on-premises deployment must exactly match the Allowed domains list for your online tenant.
Federation must be enabled for the external communications for the online tenant, which is configured by using the Skype for Business Online Control Panel.

This is from https://technet.microsoft.com/en-us/library/jj205403.aspx

This can be done via Management Shell on premises and online

If you have Skype for Business Server you can use the Hybrid Configuration Wizard in SfB Control Panel to configure Hybrid for you via a GUI. This will also run some configuration checks to ensure all prereqs are met for Hybrid.

Please Note the SfB Front End server do require Internet Access

The Hybrid Control Wizard will do a number of checks to ensure everything is configured before enabling Hybrid.

If it detects an item is not configured it will flag this

After addressing any flagged items run again and

Move Users

Now that the SfB Hybrid is configured its time to move users and we can move them both ways.

BUT before we move them please note

User contacts The limit for contacts for Lync Online users is 250. Any contacts beyond that number will be removed from the user’s contact list when the account is moved to Lync Online.
Instant Messaging and Presence User contact lists, groups, and access control lists (ACLs) are migrated with the user account.
Conferencing data, meeting content, and scheduled meetings This content is not migrated with the user account. Users must reschedule meetings after their accounts are migrated to Lync Online.

https://technet.microsoft.com/en-us/library/jj205403.aspx

Also don’t forget about SOF people !

Remember to refer back to the Skype operations framework

Refer back to the workshop and SOF to ensure you move the correct group of users together.

ALSO KEY to remember user adoption and training, dont skip this in all the excitement.

Before we can move the users we need to determine the migration URL which is a manual process.

Once Migrated URL is determined you can move users.

REMEMBER create users on premises then move Online ! Also key to remember is licence the user in office 365 first otherwise it will error.

What information gets migrated with the users?

Contacts will get migrated but note there’s a 250 contact limit in SfB Online so you need to make sure you don’t have more than 250 contacts otherwise only the first 250 will be migrated.

For Meeting if you mailbox is in Exchange Online you can utilise the new Meeting Migration Service to update existing scheduled meeting URLs.

If your mailbox is in Exchange on premises then there is a Meeting Migration Tool that you can download and install on each users computer that will run and search the user mailbox for scheduled meetings and update the URL and send updated meeting invites to meeting attendees with the new meeting details. MMS does all this as well but its an automated service if your mailbox is online only. Sorry on prem exchange people.

Also note users will now have to use SfB Online policies to your online.

Also note client supportability and On premises SfB / Lync policies are not carried over to online.

Client support Some users may require a new client version when they are moved to Skype for Business Online. For Office Communications Server 2007 R2, users must be moved to a Skype for Business Server or Lync Server 2013 pool prior to migration to Skype for Business Online.
On-premises policies and configuration (non-user) Online and on-premises policies require separate configuration. You cannot set global policies that apply to both

From https://technet.microsoft.com/en-us/library/jj205403.aspx

Moving users back to On premises

Perhaps there are features that are only available on premises that are not available in online.