Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Date

 

Attendees

Agenda

  • Management has indicated that achieving O365 Exchange campus independence is a high priority goal

  • This meeting is to discuss approaches to remove O365 dependencies on campus.

  • Can a cloud service receive an email first, do spam filtering and route to O365 or MTA?

  • Send report to management on whether there is an agreed approach to achieve this goal 

Discussion items

O365 has routing and authentication dependencies on resources located on campus

Authentication Dependencies

  • DNS, dependent on user location, campus (internal) DNS and external (public) DNS
  • Directory Service (Campus LDAP, Microsoft Active Directory or Azure AD)
  • AutoDiscover

Routing Dependencies

  • DNS, dependent on user location, campus (internal) DNS and external (public) DNS
  • MTA

Following options were discussed to alleviate authentication dependencies

1) Use Option 2 - Synched identities in the cloud with password hash. This would enable replicating password hashes in both locations and authentication can happen on-premise or in the cloud.

  • Need link listing different options from David/WSG.
  • WSG mentioned that currently, we are using federated identities option and would like to determine the feasibility of implementing synched identities.

2) If above approach is not feasible, then we might want to consider lift/shift in Azure/AWS.

  • Approach to be explored after WSG comes back with the feasibility of implementing synched identities.

Following options were discussed to alleviate routing dependencies

1) Can Exchange Online or Google be an initial recipient of O365 emails?

  • Need to figure out if anti-spam and anti-virus filtering by above cloud services are comparable to MTA.
  • There could be route delays to services on-premise due to the cloud being the first delivery point. This needs to be tested in POC
  • Filtering could be limited by cloud provider's capability and not match OIT standards or requirements.
  • Can we test delivering to a cloud delivery point with a POC?
    • exchangetest.uci.edu test domain is available per WSG.
    • We can test with ExchangeOnline and Google being the first delivery point
    • Most of the delivery points are in Google. So WSG and EUS prefer Google to be the initial delivery point for POC.
    • Need level of effort and estimates for POC to test delivery of exchangetest.uci.edu test domain to Google delivery point for virus scan/spam filtering

Action items

  • Priya Srinivasan - Create ServiceNow project to get level of effort and estimates for POC to test delivery of exchangetest.uci.edu test domain to Google delivery point for virus scan/spam filtering   
  • HEINDRICK YU - Can we use synched identities with password hash (option 2) instead of federated identities currently used? WSG to figure out the feasibility of this approach and recommend. If recommended, priya will add this task to the project
  • No labels