Planning for Hybrid Integration with O365

This article is a continuation of Planning for Hybrid Cloud Deployments.

Working through provisioning of a new Office 365 tenant doesn’t take much effort. The real effort is in the planning of the key components of your O365 tenancy. In this blog series, we are going to cover the important items to take into consideration when planning your O365 tenancy, particularly when it comes to hybrid environments. We will briefly cover hybrid O365 scenarios and what components to be aware of. Late in the series, I will dive a bit deeper into specific hybrid scenarios. As usual, along the way I will be sure to highlight the lessons learned and pitfalls to be aware of.

In most cases, it’s safe to say that organizations will not need more than one O365 tenant. There are some special cases where this is a requirement. This article will not cover multi-tenant O365 scenarios. If multiple O365 tenants are required, there will need to be some additional planning around domains, synchronizing users into multiple tenancies, and the impact on other O365 services. The TechNet article found here covers the pros and cons of single and multiple tenant O365 deployments.

The first step in planning your O365 deployment is to perform some discovery around your current IT infrastructure and enterprise applications. For example, you will want to identify all on-premises applications such as Exchange, SharePoint, and Skype for Business that may have integration points into some of the other O365 services. These integration points could potentially have an impact on the deployment of your O365 tenant. Pay special attention to the authentication approach that is selected for users. User authentication is one of those early planning decision items that needs to consider some of the integration points with other on-premises applications mentioned above. Take inventory and make sure that if you are integrating your on-premises environment with O365 that you meet the O365 requirements for each of the following:

  • Active Directory
  • Network architecture and DNS domains
  • Mail routing
  • Authentication solutions
  • Mail archiving and compliance
  • Network bandwidth
  • Certificates
  • Hardware and software for Azure AD Connect and possibly ADFS deployment
  • Mail archiving and compliance

Here is a great O365 deployment checklist which adds much more detail to the inventory which should be taken of the current environment. The table in the checklist includes inventory tasks and overall questions that should be discussed prior to your organization’s deployment. This is particularly true with organizations who want to leverage on-premises investments in a hybrid scenario.

Organizations who want to continue to leverage their existing on-premises technologies and leverage O365 will require hybrid configuration. One of the single most important decisions to be made early with any hybrid configuration is around identity model authentication. Will users be required to enter their credentials when using any of the O365 services when they are connected to the internal network? Unfortunately, there isn’t a universal answer to this question. The answer to this question depends on your organizational requirements will dictate which Azure AD sign-in option that is chosen.

O365 sign-in options

Choosing an identity model is the foundation for your organization’s O365 implementation. Azure AD is the underpinning directory service used by Office 365 to provide access to services. An Azure AD tenant is attached to a single Office 365 tenant. Here are a couple questions that should be asked when planning your O365 identity implementation:

  1. Will existing users be migrated into Azure AD?
  2. If the organization is currently using Active Directory on-premises will users be synced using Azure AD Connect?
  3. Will new users be created directly in O365 or created in the local AD and synced to O365?
  4. What kind of sign-in experience do we want for users accessing O365 services?
  5. Is single sign on (SSO) required when authenticating to O365 services?

Identity Models

Below is a list of the different identity models that are available for configuration using Azure AD connect. Seamless SSO can be used with the password synchronization and pass-through authentication options below. Seamless SSO automatically signs users in when they are using corporate devices connected to your internal corporate network.

Password synchronization

Hashes of user passwords are synchronized from on-premises AD to Azure AD. Passwords are never sent or stored in Azure AD in clear text. Users accessing Azure AD resources (O365 services) will be able to use their corporate account to access these services.

Pass-through authentication (PTA)

User passwords are not stored in Azure AD in any form. This model uses an agent that is installed on an on-premises domain-joined machine. The agent performs all the heavy lifting and does not require any inbound ports to be open to the internet. You can enable seamless SSO on corporate domain-joined machines on the corporate network.

Federated SSO with Active Directory Federation Services (ADFS)

This option requires ADFS infrastructure for more complex environments with multiple domains authenticating to Azure AD. Users accessing O365 services from the corporate network will not have to enter passwords when switching between applications.

Each identity model has its own benefits and limitations. Pass-through authentication is somewhat of a new capability which provides organizations who do not want to store user passwords in the cloud an option. I am not going to cover how PTA works in-depth but a quick search on your favorite search engine will return some great resources and documentation.

If an organization already has invested in an ADFS infrastructure, federated SSO with ADFS is the way to go. The other two options do not require any additional, potentially redundant infrastructure. Azure AD

Connect can be installed on a domain-joined server in your current on-premises environment. Once the installation has completed the Azure AD Connect tool can be used to configure seamless SSO and user sign-in authentication. Azure AD Connect is also used to connect to Azure AD and synchronize on-premises AD directories.

Once users begin synchronizing to Azure AD and the authentication option has been chosen, the next big planning item is identifying what hybrid capabilities your organization would like to use. For example, a common question that should be asked is: “What applications will be kept and used on-premises and which workloads and applications will be migrated to the cloud?” This blog series will focus on the hybrid SharePoint capabilities with O365 and the questions and decisions that need to be made around the hybrid implementation. In the next article in this series we will dive into the different hybrid deployment options for SharePoint 2013/2016 on-premises. Such topics as authentication topology, hybrid taxonomy, hybrid auditing, and cloud hybrid sites and search.

If you are interested in deploying a hybrid system, but do not know where to start, engage B&R's Architects to help provide a detailed analysis and design supporting your deployment requirements.

 
calltoaction-dps.png

Let us help you develop a design that meets your needs

Getting More from Your Microsoft Cloud Hosting

Why Use a Microsoft Cloud Solution Provider (CSP) Such as B&R?

Using a Microsoft Cloud Solution Provider (CSP) can help you get the most out of your cloud hosting experience. More and more, Microsoft is making an effort to drive customers to partners that have the title of ‘Cloud Solution Provider’, or CSP for short. The CSP program is a relatively new (two years old) component of the overall Microsoft partner program that allows partners such as B&R Business Solutions to provide licenses and a variety of services to customers through one of two models:

Direct

The partner has a direct relationship with Microsoft and procures the licenses the customer needs directly from Microsoft and then acts as a trusted adviser for the customer. In this role, the partner provisions any services and licenses needed, bills the customer for the licenses (and any other services bundled with them), monitors the services the customer is using, and provides support for the customer.

Indirect

The partner acts as a reseller and account management is handed off to a distributor who has the relationship with Microsoft. With this approach, the partner is able to leverage the resources of the distributor to provision the licenses and services, and the distributor bills the customer and provides the support and monitoring services.

When B&R became a CSP, we elected to go with the direct model. This means that customers that use B&R can be sure that B&R stays engaged and has the provisioning, support, and billing capabilities that are up to Microsoft standards in-house. Additionally, you can be sure that you are working directly with B&R employees, and not a distributor – ensuring that we build a relationship directly between our customers and our team members.

Let’s break down the benefits of using a Microsoft CSP a bit further:

Savings

If you are purchasing your Office 365 licenses or Azure subscription directly through the office365.com or Azure.com web sites, you are paying the list to Microsoft for the services. With the CSP program, B&R is able to provide discounts on your licenses and consumption that are not available through the ‘web direct’ programs.

Better Terms

When you sign up with B&R for your licenses or Azure consumption, you can pay on NET terms. Additionally, there are no early termination fees for the removal or Office 365 licenses (unlike when you go web direct and you are charged a fee for removing a license prior to its renewal date).

Simplicity

While you may just decide to use B&R for your O365 & Azure subscriptions, if you use B&R for managed services or project-based consulting services, everything appears on one invoice. No more chasing down multiple vendors – you have one place to go for everything and

B&R has a variety of bundles that can further simplify things (and save you money) – check out http://www.bandrsolutions.com/managed-services.

Support

It can be frustrating trying to get the right individuals to support your organization during critical times. With the CSP program, B&R is your trusted partner – and your first line of support to help get you back up and running. The talented team at B&R will work with your on any issues you are experiencing and if needed, B&R has access to ‘Signature Cloud Support’ – which provides a higher level of support to Microsoft CSP partners – and in turn means quick time to resolution and access to excellent Microsoft resources.

Expertise

B&R has been working with Office 365 along with the Azure platform & infrastructure services for many years, and has one of the most talented teams anywhere (the team includes 2 current MVPs and 2 former MVPs). If you want to implement Office 365 and Azure right – the first time – then it makes sense to partner with the best, and that’s exactly what you will get with the B&R Team.

As a CSP, B&R Business Solution is going to ensure that your organization gets the best possible support and works with some of the most experienced individuals in the industry – all while being rewarded with a simplified approach and cost savings.

Interested in the CSP program? Looking to save money? Want to provide your organization with a higher level of support? Then contact B&R Business Solutions today – we can start by taking a look at your current (or proposed) cloud spend and immediately let you know how the CSP program can save you money and make recommendations based on our experience. There’s no charge for this assessment, and we’re confident you will be glad you reached out!

 
calltoaction-msp.png

Worry-free Managed Services with Predictable Pricing

Extending Internal Business Solutions to Azure

As cloud technologies continue to evolve and mature, there is an exciting opportunity that we are seeing more frequently; leveraging Azure’s Platform Services to build and deliver secure business applications for internal company use. While this is a natural progression for organizations already adopting cloud services and technologies like Office 365, we are now seeing this model adopted by companies still primarily running traditional on-premises data centers and applications. There are a lot of advantages to this approach so in this post we will attempt to make the case for taking your first steps toward cloud services used for supporting your internal business solutions.

The key points we will cover in this post are

  • Infinite capacity
  • Consumption based pricing
  • Redundancy immediately available
  • Enhanced insights to further optimize costs

Infinite Capacity

One of the core premises of the cloud services is infinite capacity, and it should not be discounted. From the early days of development, through initial launch, to the long-term use there is no need to worry about having enough capacity on hand to satisfy the application. There is no fear of having to add additional capacity to your Virtual Machine hosts and SANs. Over the years, I cannot count the number of projects that have been delayed because operational capacity issues. These issues are eliminated completely. Likewise, as your app needs to scale out it can do so easily without having to rework anything.

Consumption Based Pricing

Another core premise of cloud services is paying for only what you use. When moving your business solutions from the Virtual Machine (VM) hosted model, to one implementing Azure Platform Services leveraging services like Azure Storage, Web Apps, and Functions we start to see the cost to run our solutions is minimized. We only pay for the processing cycles our solution uses, there is no longer a need to pay for the idle time between requests. Also, unlike traditional on-premises solutions we do not need to budget for the total available disk space (or worse the raw disk space of an underlying disk array), but only what you consume this month. This offers a cost-effective way to approach capacity planning and also encourages good data cleansing and archiving habits.

Redundancy Immediately Available

For those who do not work for a Fortune 500 company with access to geographically distributed data centers and real-time redundancy, you will be pleased to find that you have immediate access to services across data centers with intelligent services to handle synchronization and failover. While redundancy can come at higher utilization costs, the costs are still very reasonable and should be significantly lower than adding the capabilities to your local data centers.

Enhanced Insights to Further Optimize the Costs

If all of this wasn’t enticing enough, there are tools offered from Microsoft and ISVs that can provide rich operational metrics to show where your compute and storage costs are, and how they can be optimized to save money. This allows you to maximize your investment, and continue to leverage the tool while keeping costs under control. We typically look to do a quarterly review with the customer subscriptions we manage to ensure that services and the consumption are optimized for their goals and budgets.

Closing

If you have not already started to look at how you can integrate cloud services into your application development, now is the time. If your organization has an active MSDN subscription, it normally comes with a $150 per month credit to get you started. In our experience that can easily handle dev instances for several projects.

If you are interested, but do not know where to start, engage B&R's Architects to help provide a detailed analysis and roadmap matching your application needs to the appropriate Azure Platform Services and estimate the associated operational costs.

 
calltoaction-paas.png

Need help planning for Azure?

Finding Records with Record Center

Record Center offers users three distinct methods for finding records—each ensuring the security and integrity of the record by only showing a user those records they have been granted access to view. Users tend to mature through these three methods as they gain more understanding of the system and the structure or records within their organization.

 
icon-rc-folders-01.png

Traditional Folder-Like Browsing

“Browse Records” allows a user to navigate through the virtual hierarchy of records defined within the system. This method feels at home to those users that have historically worked in file shares or similar environments, or those that are new to the organization and may want to “explore” to better understand the record hierarchy.

 

Basic Keyword Searching

As a user learns more about the types of records stored within the system, record hierarchies, and metadata associated with given document types, they typically migrate away from browsing and begin to adopt search as the mechanism to find records. Record Center’s generic keyword searching allows you to perform simple keyword searches, or even create your own search queries to find the content you’re looking for.

A simple keyword search for “Lease” as an example, would return any record the user has access to that contains the word “Lease” in any of the record metadata, or in the content of the record itself (provided the record has gone through an OCR/indexing process). When performing a basic keyword search, a user will typically get a larger and less targeted result set. This result set can then be further refined using standardized metadata refiners—allowing the user to incrementally reduce that result set and hone in on their targeted records.

 

Structured Searching with Record Finder

Record Finder allows a user to conduct a structured search and identify a very targeted set of records based on specific criteria. This is the most efficient way for a user to find a record, provided they know at least some of the record’s metadata. Perhaps a user knows that they’re looking for a lease that was associated with a specific business unit, specific office, and affiliated with a specific legal entity. Record Finder allows a user to plug in all known metadata and issue a search for any matching records stored within Record Center. In addition, Record Finder can be configured to support different, allowing different users access to different searching scenarios with differing search fields. Furthermore, the targeted result set returned by Record Finder is may still be refined further using the standardized metadata refiners also available through the basic keyword searching.

 

About Record Center

Record Center is your turnkey solution for enterprise-class record management. An extension of Microsoft SharePoint, Record Center arms your users and record managers with a feature-packed, intuitive solution to manage the entire life-cycle of your records. Configure, Approve and Search for records faster and easier than ever with Record Center.

 

Interested in learning more about Record Center?

Nintex Workflow Migration Considerations

Many companies are making the move from on-premises SharePoint to the cloud. There are many advantages of making the move – resource requirements are lessened, cost, features, accessibility, and more. It's great once you are there, but the biggest challenge can be the work getting there. Migration to the cloud requires careful planning, knowledge and experience to take advantage of the cloud for the different types of content. Nintex Workflows are one of the best additions to Office 365 and migrating your existing on-premises workflows successfully isn't a problem with the following considerations.

Missing Actions

Unfortunately, the cloud version of Nintex Workflows is not a 1-to-1 implementation of on-premises Nintex Workflow 2010 or 2013. The reason for this is because of Microsoft's Workflow Manager model in Office 365 which does not support all of the actions from on-premises. At the time of this writing, there are 40 out-of-the-box Nintex actions unavailable in Nintex for Office 365. Custom workflow actions are also not supported. While most of the Nintex out-of-the-box actions have been replicated, they do not necessarily work the same as it does on-premises. This is due to the architectural differences between the two environments. 

Nintex Workflow 2016 has the unique option of creating workflows that are fully compatible with Nintex Workflow for Office 365. As you begin to create a new workflow in SharePoint 2016, you can choose between creating an on-premises version with the extra 40 actions available or create an Office 365 compatible version that does not. While there are less actions available with the compatible option, it does ensure that your workflow will be compatible with Office 365 when you migrate.

SharePoint Online Limitations

There are also some key differences with SharePoint Online versus on-premises. One limitation is that a workflow file cannot not exceed 5MB in size after it is exported. When checking for a file size, know that a Nintex workflow is compressed when exported. To obtain the actual size, you will need to expand the NWP file to see what the total size is. Workflows exceeding this limit may have issues online. To reduce the risk of error, any large workflow may have to be rearchitected before moving to the cloud.  

There are many other differences with the cloud that should be known. For example, one of the issues most clients run into is the immovable 5000 item List View Threshold limit. This is the maximum number of items that can exist in a list view and keep good performance. In SharePoint on-premises, an administrator can raise the limit or set Daily Time Windows where the limits are raised. In Office 365, this limit cannot be changed and is in place 24x7. It may be necessary to create new lists to address this issue which may affect workflows. This is one example where knowledge of the limitations within SharePoint Online is paramount to a successful migration.

Other Considerations

Because of the differences in Office 365, issues can arise with workflows when implementing features. Turning on something like two-factor authentication may cause significant issues with Nintex workflows.  Knowing the limitations of Nintex's different implementations in relation to Office 365 features prevents downtime by using workarounds.  

The architecture of your workflows should be reviewed. Some actions affect performance more than others (e.g. Execute SQL, Query LDAP, etc.). Excessive looping can significantly slow down, stall, or have their execution throttled. Unfortunately, you cannot modify or increase the hardware running the workflows like you could on-premises. Also, the SharePoint Online Workflow Engine controls workflow throttling which Nintex has no control over. The only option is to increase efficiency through design with the workflow.

How Do I Get There?

All of these considerations can seem very daunting when approaching a migration to the cloud for the first time. This stress is increased since the cloud is always changing. Finding experts that are focused on this activity with experience of various requirements with solutions can help mitigate the unknowns. 

A third-party migration tool like Sharegate can greatly assist with the move. Sharegate works directly with Nintex to improve their ability to produce successful migrations. Sharegate will move all Nintex workflows, including those with actions that are not supported. Placeholders are put where the actions would normally be. The placeholders are labeled with the comments of the original action for easy identification.  This allows for a workaround to be developed within Office 365 which also helps with testing in the target environment.

Conclusion

Migrations are a complex process. The recipe for success is investigation of the existing environment, planning, knowledge of the current target environment, and a good 3rd-party tool. Experience with the cloud and tools involved is also desired. With that combination, getting your Nintex workflows to the cloud will be a success for you and your organization. 

calltoaction-general.png

Need help improving and scaling your workflow processes?