TEN good reasons to keep a Hybrid Exchange Server
Numerous companies are now looking at the cloud for their mail system. Office 365 migrations are happening everywhere, but there are good reasons why you should consider keeping at least one Exchange Server on premise, i.e. Hybrid mode.
The first three reasons come into play when migrating either cross forest (e.g. from a Resource forest) or when migrating for a non Microsoft platform (in particular Lotus Domino). The remaining reasons are important no matter what platform you are coming from to go to Office 365.
1. Extending the Schema supports Domino to AD Directory Synchronisation
- Most Directory Synchronisation tools seek to set the targetAddress attribute to support mail routing and Free Busy Services from Office 365 to Domino, and the tools typically synchronise the Domino NAB with an on premise Active Directory
- Adding legacy email addresses that have been stamped into Domino Person Documents (following renames etc) should be added to the proxyAddresses AD attribute
2. Data Migration Throughput
- Whatever you migrate up to Office 365 must come down, in the form of an Outlook OST.
Granted with Exchange 2013 you have more control, but be aware that the slider works off the modified date, which for migrated items will usually be all on one day. More detail about this in a future blog
- Migrating to Office 365 frequently runs at around 170 MB – 300 MB per hour, whereas migrating to On-Premise Exchange will run at circa 1 GB per hour
- Migrating to On-Premise Exchange allow for speed of Migration and speed of downloading OST files on the corporate LAN/WAN, followed by a New-MoveRequest for Exchange to Office 365 Migration.
- The New-MoveRequest will back-end trickle migrate via the CAS and MRS Proxy Service. Their AD Account attributes will be flipped and the users will be oblivious until their Outlook Client *may* prompt for a restart.
3. Domino mail shown as internal
- Without an on premise ‘Hybrid’ Exchange server there is no way to make mail that comes from non-migrated Domino users appear as internal mail.
At first glance you might think so what, but there are various reasons why that is important including:
- The from address appears the same as an Outlook to Outlook mail, instead of the Internet format of Display Name <email address>
- Automatic calendar processing is only enabled for internal mail, which impacts things like Blackberry. In a pure Office 365 environment calendar invites from a non migrated Domino user cannot be accepted/declined on a BlackBerry
4. Managing the Office 365 Tenant
- If you are using Directory Synchronization to Office 365, then you will only be able to administer the users from the On Premise Active Directory. Without a Hybrid server this will mean needing to use the likes of ADSIEdit to update the Exchange related attributes
- Administrators and Organisations new to Office 365 often find the Exchange Administration Console (EAC) a friendlier interface than the Office 365 administration portal.
- You have the full Exchange Management Shell available, not only for your own administration but also to ensure that you can integrate applications that are still built with on premise Exchange in mind.
5. User Off-Boarding
- When a user leaves the organisation, Office 365 will permanently delete their mailbox after 30 days.
There is a trick where you can place leavers on litigation hold, after which you can delete the AD account and O365 will retain the data free of charge. However, Microsoft could change this policy of free data storage at any time, and if an administrator accidentally removes the litigation hold for say a day, then the email is gone forever.
A more robust solution is to mailbox move the leavers onto an on premise server that has all its database set to retain disconnected mailboxes for whatever time period you need.
6. Mergers and Acquisitions
- It is much simpler to conduct cross forest migrations to an on premise Exchange environment that a pure O365 hosted environment. As soon as you are a multi forest organisation then you will need a tool like FIM to present a joined up meta verse to Office 365 (or use a third party such as IAmCloud
7. Journal Archiving
- Office 365 allows the configuration of Journal Rules, however they cannot be direct to a cloud mailbox. It either needs to be to an on premise mailbox, or to an external SMTP address.
8. SMTP Integration / Relay
- There will still be on premise applications and devices that need to send mail via SMTP.
Now you can of course set up Inbound connectors on Office 365, however securing email so that only scanners and applications can send mail isn’t as straight forward. You can’t for example restrict the inbound connector based on internal IP addresses.
Sure IPv6 will fix all this, and it has been promising to do so for at least the last 10 years. For now you’d need to set up multiple NATs on firewalls or manage credentials on every device and application
9. It gives you options to migrate back to on premise
- Keeping a hybrid server ensures you have easy options to migrate back to on premise in case Microsoft change their pricing or other terms and conditions (heaven forbid, I know)
10. It’s FREE! (well sort of)
- Saving the best reason to last, the Exchange license is FREE! – https://blogs.technet.microsoft.com/exchange/2018/07/20/hybrid-configuration-wizard-and-licensing-of-your-on-premises-server-used-for-hybrid/ (You can’t store mailboxes on this server though, so if you want to also use it for leaver mailboxes or journal archiving then you will still need an Exchange license)
We hope that this gives food for thought as to why you should seriously consider retaining at least one on premise Exchange server, even when migrating all email to Office 365