| | Topic | Notes |
|---|
| 1. | Determine the feasibility of password hash solution for Exchange Online authentication. If feasible, what is the level of effort - Can we use synchronized identity with Azure AD and AD connect on premise?
- Password write back with Azure AD Premium
| - Changing Currently, we use federated identity. Moving to Synchronized identity involves changing too many things. Joe feels that maturity is not there in terms of this solution.
- Writeback Password writeback to campus is currently happening. Maturity not there
- For authentication, the solution is to create passive instances of Domain controller, DirSync, ADFS Web, ADFS DB and ADAPPS create new instances in AWS, would solve this situation. On
- This is an Active/passive solution with campus being the active one will be done on the first phaseprimary and will require manual DNS switch.
- Effort is minimal and only requirement is 4 5 VMs
- Add Priya to add above VMs to AWS migration timeline to go with SCCM and DC
- Scope does not include routing to health sciences
- After AWS environment with 6 5 above instances are is provided, WSG effort is around 2 months.
- ETA Dec 2017 (high risk)
|
| 2. | Determine level of effort for recommended/available routing options, if Exchange Online is the first recipient of email to campus - Can we use Exchange online protection and Exchange routing?
| - Project ongoing to move MTA to linuxWe would continue the migration Linux
- This migration effort will continue and once finished, migrate to AWS
- Change the DNS from exchange.uci.edu to ucirvine.onmicrosoft.com
- Would require rearchitecture
- Will adapt native filtering/anti-spam techniques offered by the service provider (could be in later phase)
- Can setup test domain for testing
- Effort is around 2 months from AWS environment availability
- ETA Dec 2017 (high risk)
|
| 3. | Do we need to move ADFS capability to cloud, if above 2 are not possible? | - Already mentioned aboveCovered in Topic 1
|
| 4. | Determine recommended/available routing options, if Google is the first recipient of email to campus | |
| 5. | Determine recommended/available spam filtering options, if Google is the first recipient of email to campus | |
| 6. | What is level of effort to put MX / MTA servers in the cloud | - No ETA yet on MTA migration to Linux
- Derek and David on the security migration project
- AWS environment availability is a pre-requisite
- Effort is around 2 months from AWS environment availability
|