Paul Robichaux Introduction Defining the playing field How Exchange Online Archiving works What you can do with EOA Choosing what to archive Best practices Defining the playing field What is archiving ID: 571269
Download Presentation The PPT/PDF document "Exchange Online Archiving: Notes from th..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1Slide2
Exchange Online Archiving: Notes from the Field
Paul RobichauxSlide3
Introduction
Defining the playing field
How Exchange Online Archiving works
What you can do with EOA
Choosing what to archive
Best practicesSlide4
Defining the playing fieldSlide5
What is archiving?
Long-term storage of records or information
Provision for retention controls
Not necessarily the same as additional storage
Specific meaning in some legal / organizational contextsSlide6
What is Exchange Online Archiving?
Additional
archive mailbox
hosted in Office 365 EXO
Appears to user as additional mailbox with unique folder structure and content
Assuming a supported client, that is
Virtually
no difference in how on-premises archive works vs. cloud
archive
Manage, move, and apply retention policies just like with “real” mailboxes
Identical, seamless user experienceSlide7
What is Exchange Online Archiving?
Not
the same as
former Exchange
Hosted Archives (
EHA) product
EOA
is not
journaling
Journaling is still a bit of a problem for Office 365 customers…
Primary user’s mailbox can still be stored on-premises
Hybrid
functionalitySlide8
Hybrid EOA architectureSlide9
Requirements for EOA
Exchange 2010 SP2+ or Exchange 2013
Directory synchronization
Hybrid connectivity
Hybrid
mailflow
is not required, but it’s little extra effort and provides many other benefitsSlide10
Speaking of hybrid…
Archives grow without requiring on-
prem
storage
Potential large cost savings
You are outsourcing the preservation of what may be important information
Microsoft probably puts more resources behind it than you can
Be aware of whether EOA meets your legal / compliance requirements for archiving (as opposed to “storage”)
Requires good connectivity
Behaves almost identically to on-
prem
archives
Recycle your existing retention policies and tagsSlide11
How Exchange Online Archiving worksSlide12
Provisioning
It’s a multi-step process
User
Mailbox
Enable
‘remote’
Archive
DirSync
Create
Exchange
Archive
DirSync
Activate
User
ArchiveSlide13
Step 0: no provisioning yet
On-premises mailbox has no archive properties in it yet
Neither does the mail-enabled user in the cloudSlide14
Step 1: activating the Online Archive
Through Exchange Admin Center:
Or via PowerShell:
Enable-Mailbox –Identity
UserA
`
–
RemoteArchive
`
-
ArchiveDomain
tenant.mail.onmicrosoft.comSlide15
What happens in this step?
On-premises user object gets a few new attributes:
msExchArchiveLink
: URL to archive mailbox store
msExchArchiveName
: string (in mailbox locale) reading “Online Archive – “ + user’s
displayName
msExchArchiveQuota
and
msExchArchiveWarnQuota
:
you can guess what these are
msExchArchiveGuid
: GUID of the archive mailbox
msExchElcMailboxFlags
:
validArchiveDatabase
value = 32
Until
dirsync
runs,
ExO has no idea they’ve been setDon’t expect the archive to show up instantlySlide16
Step 2 – dirsync
Either wait for Directory Synchronization to happen automatically (default every 3 hours)
Or force a synchronization with
Start-
OnlineCoexistenceSyncSlide17
What happens in this step?
Dirsync
synchronizes the attributes that were added earlier to the MEU
After sync completes,
ExO
creates the archive mailbox
object in the storeSlide18
State of the mailbox/MEU after dirsync
On-premises mailbox has archive properties
MEU has archive properties
On-premises Exchange doesn’t know that MEU has been updated yet
On-
prem
msExchArchiveStatus
value is “
HostedPending
”Slide19
Step 3 – dirsync part 2
ExO
sets
msExchArchiveStatus
to “Active”
Attribute syncs back from
ExO
to on-premises
Required to write cloud-based
msExchArchiveStatus
back to on-
prem
user objectSlide20
State of the mailbox/MEU after dirsync
On-premises mailbox and MEU have archive properties
Both sides show
msExchArchiveStatus
of “Active”
Quotas show as “unlimited” on-
prem
and 100GB/90GB in
ExOSlide21
What you can do with Exchange Online ArchivingSlide22
A word about archive quotas
They are
not
unlimited
To be perfectly clear: Microsoft has
not
promised to increase above the current quotas
Market trends suggest that they probably will
Plan on a standard limit of 100GB per user archive
Practical max is probably around 170GB
Requires intervention from MS support to get the quota raisedSlide23
Archives in Outlook
Added as a ‘secondary’ mailbox through Autodiscover.
Initial Autodiscover performed against the on-premises Exchange environment
Based on Autodiscover results, second Autodiscover request to Exchange Online for connection info.
No different from on-premises archiveSlide24
Autodiscover response:
<
AlternativeMailbox
>
<Type>Archive</Type>
<
DisplayName
>Online Archive – Paul Robichaux</
DisplayName
>
<
SmtpAddress
>
94a1a0e0-b24d-4b8a-8bed-491f715ae9d2
@exchangelabonline.mail.onmicrosoft.com</
SmtpAddress
>
<
OwnerSmtpAddress
>paul@robichaux.net</
OwnerSmtpAddress
>
</
AlternativeMailbox
>Slide25
Archives in OWA
Similar process as in Outlook
Exchange performs the
AutoD
request
Archive appears as peer of “real” mailboxSlide26
Archives in other clients
Mac Outlook (“Office 365” edition): supported
Mac Outlook 2011: not supported
Outlook for iOS / Android: not supported
Outlook for Windows Phone: not supported
Universal Outlook: ?
IMAP: not supportedSlide27
How things get into the archiveSlide28
Basic archiving strategies
Users put things in the archives themselves
You use retention policies/tags to archive things
You use bulk import to move PSTs, etc. into archivesSlide29
User self-archiving
Low admin overhead
High flexibility
Can complement with bulk import
Very unlikely to happen
Not all users are selective about what they archive
Difficult to monitor compliance with your policies
Pro
ConSlide30
Retention policies / tags
Automates much of the process
Helps users do the right thing
High flexibility
More admin workload
Requires care and caution when designing policies and tags
Client support limited
Pro
ConSlide31
Retention tags
Retention tags combine a (configurable) retention age and a specific (pre-defined) action.
Can be applied to both folders and individual itemsSlide32
What happens when an item is tagged?
Item (folder/message/calendar entry) gets a few new MAPI properties
PR_ARCHIVE_DATE
PR_ARCHIVE_PERIOD
PR_ARCHIVE_TAGSlide33
Retention Policies
Combine one or more retention tags in a policy which can be applied to individual mailboxes:
Get-
RetentionPolicy
“name” | Select –
ExpandProperty
RetentionPolicyTagLinks
|
ft
Name -AutoSlide34
Managed Folder Assistant (MFA)
Mailbox Assistant which processes items in a mailbox
Throttle-based (work-cycle)
Default work-cycle is 1 day
Configurable
Stamps items with retention settings
Takes policy action on items that pass retention periodSlide35
Additional resources
For more information on designing retention policies / tags:
“
Keeping Your Data in Place with Office 365 Archiving and Retention”
~
Dheepak
Ramaswamy
and Sanjay
Ramaswamy
, Wed 5/6 1045-1200
“Configuring and Using the Features of the Microsoft Office 365 Compliance
Center” ~ Hands-on lab
Microsoft Exchange Server 2013 Inside Out Mailbox and High
Availability
(Tony Redmond
, Microsoft Press):
http://
amzn.to/1EGDDoB
Slide36
Best practicesSlide37
Let’s talk about PSTs
Many customers want to use EOA to hold PST data
This is a perfectly fine idea….
Except that you have to get the PST data into EOA somehowSlide38
PST ingestion options
Allow users to self-migrate data from PST direct to archive
Ingest PST data into primary mailbox; use retention tags to move it
Ingest PST data into archive directlySlide39
Direct ingestion
Option 1: on-
prem
archive, ingest PST, then move archive to cloud
Option 2: EOA, ingest PST directly into it
Each approach has pros and cons…Slide40
The new Office 365 Import service
Not yet available to all tenants
Will allow both drive shipping and online import
May be ideal if you are ingesting large amounts of data
Pricing, timing TBDSlide41
Large archive provisioning
When the MFA kicks in there is potentially a huge amount of data that will be moved
Can potentially cause Outlook to hang while items are being archived.
Described here: http
://support.microsoft.com/kb/2800346Slide42
Bandwidth considerations
Question: how much data will archive provisioning cause to move to Office 365?
Difficult to predict how much data in a mailbox is subject to retention policy / tagSlide43
Bandwidth considerations
Michael van Horenbeeck wrote a script to ‘estimate’ the potential size of an archive:
Estimate-
ArchiveSize
–
Agelimit
365
Sums up the PR_MESSAGE_SIZE MAPI property of items past the specified retention time (
Agelimit
)
Get it from
http
://
bit.ly/1JVl5kf
Slide44
Bandwidth considerations
Consider the use of ExpressRoute if it makes sense
Not available yet
Implementation and service cost TBD
Gives you much more implementation flexibility for mailbox and PST ingestion and ongoing operationsSlide45
Outlook & foreground operations
Users sometimes tend to drag & drop messages from mailbox to archive (or vice versa).
Outlook treats these operations as a ‘foreground’ operation which means it will execute them immediately.
Depending on size of the message, available bandwidth and connection latency this will freeze up Outlook for multiple seconds. [
Not responding…
]Slide46
Outlook & foreground operations
No fix for this issue
in Outlook 2010/2013
User education is crucial
Train users not manually move large numbers of messages
If they need to do so, use OWA
Rely on the “Exchange way of things”
Retention Policies & Tags +
MFA
Moves items on the serverSlide47
Outlook & Authentication
The archive is added to the Outlook profile as a secondary mailbox.
Secondary mailbox is located in Office 365 which only supports basic authentication for Outlook.
No/failed authentication results in:
This may change with the release of modern
auth
for OutlookSlide48
Outlook & authentication
If you are leveraging AD FS, make sure AD FS is highly available
No AD FS = no archive access
Users
must
use UPN in authentication promptSlide49
Initial archive: cloud or on-premises?
Immediately enabling a cloud archive takes more time to get data to the cloud
Consider enabling on-premises archive first and then performing a remote mailbox move with
–
archiveonly
switch
Can easily be automated
Relatively transparent to the userSlide50
Remote mailbox moves
Leverage the power of the Mailbox Replication Service.
Better performance than e.g. PST imports – especially in Office 365.
Less error-prone than PST importsSlide51
High-level archive move process
Initiate move
Move starts, first creates hierarchy, then copies over the content, then finalizes the move
Dirsync
needs to run to mirror the changes of the Archive move before it can completeSlide52
Performing mailbox moves
Think about retention policies & retention tags!
Use the built-in scripts to export & re-import tags to Office 365 (or vice versa):
$
exscripts
\Export-RetentionTags.ps1
$
exscripts
\Import-RetentionTags.ps1Slide53
Performing mailbox moves
Although migrating archives, make sure that if user is UM-enabled you also have UM policies setup in Office 365.Slide54
Migrating 3rd party archiving solutions
Do not always offer the native ability to interface with Office 365 > other 3
rd
party tooling might be required.
Sometimes the only option is to export to PST
Because of performance/error reasons, better to import on-premises first and then perform remote mailbox move to EXO.Slide55
Archives & Active Directory
Even though data is stored in cloud, the link between on-premises & cloud is
strong
When an item gets removed on-premises, it automatically gets removed in Windows Azure AD as well (after
DirSync
).
Take this into account for your Disaster Recovery plans!Slide56
Example: OU accidentally removed
Scenario:
OU was removed from AD. Forest converged within 15 minutes (no roll-back possible). Within these 15 minutes,
DirSync
also ran…
Result: mailboxes gone, archives gone (disabled).Slide57
Possible issues
Disconnected archives
Several causes, most commonly
dirsync
Archive connectivity issues (errors in Outlook)
Autodiscover
not working properly
Network connectivity issues
Outlook is sensitive
How
to retain or export data when someone leaves the companySlide58
MFCMAPI
Can be used to verify if retention policies/tags are applied successfully:Slide59
Diagnostic Logging
Start with increasing event log level:
Set-
EventLogLevel
"<
id>"
–level Expert
"
MSExchange
Assistants\Assistants
"
"
MSExchangeMailboxAssistants
\Service
"
"
MSExchangeMailboxAssistants
\
Email_Lifecycle_Assistant
"
"
MSExchangeMailboxAssistants
\ELC Library
"Slide60
Mailbox Diagnostic Logging
Export-
MailboxDiagnosticLog
–Identity <id> -component MRM
Use –Archive switch to check logs for archive mailboxSlide61
Forcing the MFA to run
You can force the Managed Folder Assistant to immediately start processing a mailbox:
Start-
ManagedFolderAssistant
–Identity <mailbox>
Particularly handy for testing or to immediately start archiving data.Slide62