Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Date

 

Attendees

Agenda

  • Management has indicated that achieving O365 Exchange campus independence is a high priority goal

  • Discuss progress on action items assigned in the prior meeting

  • Is there an agreed upon approach for Office 365 authentication and routing?
  • If so, what is the LOE?

Discussion items

 TopicNotes
1.

Determine the feasibility of password hash solution for Exchange Online authentication. If feasible, what is the level of effort

  • Can we use synchronized identity with Azure AD and AD connect on premise?
  • Password write back with Azure AD Premium

 

  • Currently, we use federated identity. Moving to Synchronized identity involves changing too many things. Joe feels that maturity is not there in terms of this solution.
  • Password writeback to campus is currently happening.
  • For authentication, the solution is to create passive instances of Domain controller, DirSync, ADFS Web, ADFS DB and ADAPPS in AWS. On
  • This is an Active/passive solution with campus being the primary and will require manual DNS switch.
  • Effort is minimal and only requirement is 5 VMs
  • Priya to add above VMs to AWS migration timeline to go with SCCM and DC
  • Scope does not include routing to health sciences
  • After AWS environment with 5 above instances is provided, WSG effort is around 2 months.
  • ETA Dec 2017
2.

Determine level of effort for recommended/available routing options, if Exchange Online is the first recipient of email to campus

  • Can we use Exchange online protection and Exchange routing?
  • Project ongoing to move MTA to Linux
  • This migration effort will continue and once finished, migrate to AWS
  • Change the DNS from exchange.uci.edu to ucirvine.onmicrosoft.com
  • Will adapt native filtering/anti-spam techniques offered by the service provider (could be in later phase)
  • Can setup test domain for testing
  • Effort is around 2 months from AWS environment availability
  • ETA Dec 2017
3.Do we need to move ADFS capability to cloud, if above 2 are not possible?
  • Covered in Topic 1
4.Determine recommended/available routing options, if Google is the first recipient of email to campus
  • N/A
5.Determine recommended/available spam filtering options, if Google is the first recipient of email to campus
  • N/A
6.What is level of effort to put MX / MTA servers in the cloud
  • Derek and David on the security migration project
  • AWS environment availability is a pre-requisite
  • Effort is around 2 months from AWS environment availability

 

Action items

  •  Priya Srinivasan to add above 5 servers to AWS migration timeline  
  • Priya Srinivasan Check with David S and Derek on MTA Linux migration timeline  
  • No labels