Upload
alberta-education
View
1.449
Download
1
Embed Size (px)
DESCRIPTION
Note: Handout from this session can also be downloaded.
Citation preview
Office 365 for EducationEdmonton Catholic Schools
Microsoft Office 365 for Education
Edmonton Catholic Schools
Agenda: the technical perspective
Live@EDU – Edmonton Catholic SchoolsOur Live@EDU to Office 365 UpgradeOffice 365 Deployment IssuesFuture Plans
ContextEdmonton Catholic Schools
87 Schools36,000 Active Students4398 Active Staff Members
Microsoft Outlook live: 10GB hosted Exchange mailboxMicrosoft Office Web Apps: Word, Excel, PowerPoint, OneNoteWindows Live SkyDrive: 25GB of cloud-based storageWindows Live Spaces: blogging, friends, photo and video sharingWindows Live Messenger: IM and video chat
Windows Live
Other WL services
Live@edu Admin
SkyDrive Live@edu Outlook Live
Tenant
school.ecsd.net
User Mgmt
Web Client
Exchange creates Windows Live IDs
PowerShell & Exchange Control Panel
Admin
Windows Live ID
Live@EDU – Edmonton Catholic Schools2 on-premise servers:
Directory SyncILM 2007 FP1OLSync
Single-Sign OnWindows SSO Toolkit
SchoolWeb Portal
Live@EduMailbox
Directory
Student’s PC
school.ecsd.net
Windows Live SSO
Challenges we encountered at the time:Students couldn’t access live services directly.SkyDrive accessibility.Some mobile devices had issues with office web apps.
Live@EDU – Edmonton Catholic Schools
Plan A4
Plan A2
Students Free
Faculty/Staff Free
Alumni Free
Upgrade from Live@edu
Plan A3
Enrollment for Education Solutions (EES) or MOSA service agreement needed post upgrade to add on a stand-alone or suite subscription
Estimated retail prices listed above per user, per month
7
Office 365 for Education: Licensing
Free $2.50/month $3.00/month
Free $4.50/month $6.00/month
Office 365 for Education: Licensing
Windows Live
Other WL services
Live@edu Admin
SkyDrive Live@edu Outlook Live
Tenant
Windows Live
Other WL services
Windows Live ID
SkyDrive
MSOID
Exchange OnlineTenant
Office 365
O365 Admin
Before Upgrade After Upgrade
school.ecsd.net
User Mgmt
Web Client
Exchange creates Windows Live IDs
Administrator cannot create or manage Windows LiveIDs
In-place tenant conversion to Office 365
PowerShell & Exchange Control Panel
Admin
Office 365 provides a clear distinction between individual and school identities. Office 365 is an organization managed service.
Windows Live ID
school.ecsd.net
User Mgmt
Web Client
Admin
Office 365 for Education
Office 365 - Edmonton Catholic SchoolsDiscovering the Environment
Provides analysis of on-premises environmentLDAP queries
Active Directory Topology, User objects, Workstation Info, Object counts, Network port analysis, DNS Records
Download from http://community.office365.com/en-us/f/183/p/2285/8155.aspx
Office 365 - Edmonton Catholic SchoolsExchange 2010
• Exchange Best Practices Analyzer• Exchange Connectivity Tester
• https://www.testexchangeconnectivity.com/• Exchange Server Updates
• Hybrid Configuration Wizard• Exchange Server Deployment Assistant
• http://technet.microsoft.com/en-gb/exdeploy2010/default.aspx#Index• Microsoft Forefront Online Protection for Exchange
• Available with our current ECAL; included with Office 365
Office 365 – Edmonton Catholic SchoolsLive@EDU Upgrade
Microsoft Timeline for UpgradeCancelled our Live@EDU service
Re-enrolled in Office 365 for Educationecsd.netschool.ecsd.net
Windows Live
Other WL services
Live@edu Admin
SkyDrive Live@edu Outlook Live
Tenant
Windows Live
Other WL services
Windows Live ID
SkyDrive
MSOID
Exchange OnlineTenant
Office 365
O365 Admin
Before Upgrade After Upgrade
school.ecsd.net
User Mgmt
Web Client
Exchange creates Windows Live IDs
Administrator cannot create or manage Windows LiveIDs
In-place tenant conversion to Office 365
PowerShell & Exchange Control Panel
Admin
Dual Identity: IT Administrator ExperienceOffice 365 provides a clear distinction between individual and school identities. Office 365 is an organization managed service.
Windows Live ID
school.ecsd.net
User Mgmt
Web Client
Admin
User Accounts After Upgrade: Dual IdentityOnce the upgrade to Office 365 for education is complete, each end user will
have two identities; Personal Windows Live identity AND an institutional Office 365 identity
Terms of Use
Individual owned Organization owned
Management & Control
Self-managed Institution-managed
Services Windows Live services
Office 365 services
Identity Windows Live ID Org ID
Terms of Use Organization owned
Management & Control
Institution-managed
Services Windows Live services
Identity Windows Live ID
Live@edu: Single Identity Office 365 for education: Two Identities
Windows Live
Services
Org ID
Exchange Online
SharePoint Online
Online Services Platform
Lync Online
Live ID
Outlook Live
All Windows Live
Services
Service Management
Portal
Live ID
Live@edu IdentityWindows Live ID –
ManagedID: [email protected]: ADPassWord!
Windows Live
Other Windows Live
services
Windows LiveID
Live@edu Admin
SkyDrive
Live@edu Outlook Live
Windows Live
Other Windows Live
services
SkyDrive
Organization ID
Exchange OnlineTenant
Personal IdentityWindows Live ID – EASI
ID: [email protected]: ANewPassword
Office 365
Institution IdentityOrganization ID –
ManagedID: [email protected]: ADPassword!
Office 365 Admin
Before Upgrade After Upgrade
Dual Identity: End User Experience• We did do things a bit differently with our upgrade.• We recommend students create self-managed personal Windows Live account,
based on their school email address for SkyDrive etc.• An organization managed Office 365 account
Windows LiveID
Office 365 – Edmonton Catholic SchoolsDeployment Overview
SchoolWeb Portal
Live@EduMailbox
Directory
Student’s PC
Active Directory
Directory Sync
Office 365
Microsoft Federated Gateway
ADFS Internal
ADFS Proxy
LAN
DMZ
Student’s PC
1. Signed up for 3652. Provisioned ADFS 2.0 Internally for
SSO3. Provisioned ADFS 2.0 Proxy for
External Authentication4. Setup DirSync5. Enabled Replication with Office 365
Office 365 – Edmonton Catholic SchoolsDeployment Overview
Leverage our Hyper-V infrastructureOffice 365 Private Cloud
4 ADFS 2.0 Internal Servers - Hardware Load Balanced(F5)4 ADFS Proxy Servers - Hardware Load Balanced(F5)1 DirSync Server with SQL 2008 R2SSL Certificate from Third-Party CA
Existing AD Management toolsQuest Active Roles Server
Office 365 – Edmonton Catholic Schools
Jan 2011 Aug 2012
E-mail • Students were provisioned e-mails addresses (school.ecsd.net) on Live@EDU
• Didn’t require moving any email, calendars, or contacts
Windows Live • Access all live services via Live@EDU account.
• All windows live services were de-coupled• Email as sign in account
Password • AD Username/Password• Self-Service Password reset
• AD Username/Password• Windows LiveID Password• Self-Service Password reset
Provisioning • OLSync / ILM • DirSync
SSO • Windows LiveID SSO Toolkit • Moved to ADFS 2.0
Live@EDU
Office 365
Office 365 – Edmonton Catholic SchoolsEnd User Experience
We still provide a basic html landing page.Allows us to identify issues with devices that cannot connect; prior to any SSO workflows.
Updated URLslogin.microsoftonline.comoutlook.com/school.ecsd.netedmontoncatholicschools.sharepoint.comlive.skydrive.com
END USER EXPERIENCE SSO DEMO
Office 365 – Edmonton Catholic SchoolsSSO Current Issues
Active Directory
Directory SyncOffice 365
Microsoft Federated Gateway
ADFS Internal
ADFS Proxy
LAN
DMZ
Student’s PC
SharePoint
DMZ
DMZ
Exchange
webmail
myecsd.net
Internally Single Sign-On works as it shouldInternet facing servers are configured independently of each other.Students accessing resources externally may have to authenticate twice.
Office 365 – Edmonton Catholic SchoolsNext 6 months
Resolve the SSO issue externallyF5 LTM – Access Policy Manager(APM)
Configure F5 as External Landing Page
Enable Hybrid mode for ExchangeConfigure FOPE for Office 365Determine if faculty can be hosted off-premiseWindows 8Office 2013 Professional Plus
Office 365 – Edmonton Catholic SchoolsImplementation Considerations
Current investment in existing infrastructure.Exchange 2010
DAGCAS ArrayUM
SharePoint 2010Licensed WebPartsHardware SANInternal MySites
OCS 2007 R2Lync 2013 internal coexistence pilot stage.
Core Customer Scenarios for Identity Management
Users, groups, objects mastered On-Premises and identities mastered in the
cloud
Separate credentials for On-Premises and Office 365 Services
DirSync to synchronize AD objects into Office 365
Suitable for Medium to Large Organizations
Users, groups, objects, identities mastered On-Premises
Single identity for On-Premises, Office 365 Services
DirSync to synchronize AD objects into Office 365
Single Sign-on for On-Premises and Office 365 Services
Suitable for large organizations that require Single Sign On
If using SSO toolkit, use this option
Users, groups, objects, identities mastered in the cloud
Separate identity for Office 365 Services
No additional servers required on-premise
Different credentials and password policies for On-Premises and Online
Suitable for Small Orgs
Microsoft Online Identity Only Office 365 Identity With On-Premises AD
Office 365 Federated Identity with On-Premises AD*
DirSync User
Microsoft Online
User
Microsoft Online
DirSync User
Microsoft Online
Office 365 – Edmonton Catholic SchoolsBest Practices
Have a minimum of 2 ADFS Internal and 2 ADFS ProxyDetermine if you will require more than 5 ADFS Internal Servers
Requires Full SQL if 5+ ADFS internal required
Use NLB or HLB to ensure High Availablity>50,000 objects DirSync requires Full SQL installation
Requires Directory Sync Quota increase from Microsoft
SummaryOffice 365 for Education Plan A2 is available for all faculty and students for freeSign-up for Free Trial even if you don’t have a 365 plan now:
Get your onmicrosoft.com premise ID while its still available.ecsd.onmicrosoft.com was taken; settled for edmontoncatholicschools.onmicrosoft.comOnce organization is validated as an education account “purchase” A2 licenses to ensure account isn’t disabledGet use to PowerShell
Get statistics about users, mailboxes and migration progressLicense users in bulkMass update Users
New Capabilities Since Release
*Feature is only available in Enterprise SKUs
Productivity & Collaboration
•
•
•
•
•
•
•
•
Access Anywhere
•
•••
•
•
•
GlobalAvailability
•
•
•
•
Enterprise Security & Reliability•
•
•
•
•
•
IT Control & Efficiency
•
•
•
•
•
•
•
•
•
•
•
•
Office Web Apps Updates
ODF support: View and edit ODF documents in Office Web Apps.
Chrome support: Using Office Web Apps with the Chrome browser.
IE9 native support: Using Office Web Apps with IE9 in native mode (vs. in IE8 mode).
Print from editor: Print Word document from edit mode (in addition to view mode).
Insert chart: Insert charts in Excel Web App
Fill handle: Copy and paste values and formulas by dragging the fill handle.
Print: Print presentations from PowerPoint Web App
Edit text in more shapes: Enabling users to edit text in more shapes, vs. just placeholder shapes.
Choose theme: Picking a presentation theme when you create a new document
Insert clip-art: Insert clip art in PowerPoint Web App
Office 365 - Resources
Title LocationOffice 365 TechCenter http://technet.microsoft.com/Office365
Office 365 Deployment Guide http://technet.microsoft.com/en-us/library/hh974318.aspx
Office 365 System Requirements
http://onlinehelp.microsoft.com/office365-enterprises/ff652534.aspx#BKMK_opsystems
Office 365 Single Sign-On with AD FS 2.0 whitepaper
http://www.microsoft.com/en-us/download/details.aspx?id=28971
Install the Microsoft Online Services Directory Synchronization tool
http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff652545.aspx
Planning for AD FS 2.0 Server Capacity
http://technet.microsoft.com/en-us/library/gg749899(WS.10).aspx
Office 365 Virtual Labs http://technet.microsoft.com/en-us/office365/hh699847.aspx
Sample PowerShell Scripts for Office 365 Deployment
http://technet.microsoft.com/en-us/library/hh974317.aspx
29
Student Tools in Office 365
Office 365 For
Education
Training & Rollout
The Future
Training & Rollout
School Technology Coach
MyECSD Portal
Resources
Student Training Resources
Newsletter
Training & Rollout
Teachers/schools excited about the potential of these tools for student use
Some staff nervous about email and publishing tools for students
Digital Citizenship Training Teachers/studentsResources for parents
Responsible Use Agreements Revised
Questions… further thoughts?
Thank you for your interest! Edmonton Catholic Schools