Planning Your Network for Exchange in Office 365 (Part 1)

  • Article

Each day, I am blessed to have the opportunity to help our great customers solve their business challenges to achieve more.

I recently was working with a large health insurance provider (15K+ users) and they were looking at moving their email from running on Exchange servers on-premises to Exchange in Office 365.  After moving to Office 365, their users will no longer be connecting to their Exchange servers on-premises but will be connecting over the Internet to Office 365 to access their e-mail.  This will have an impact on their Internet network infrastructure.  So, they were prudently concerned over this change and wanted to discuss how to plan for the change.

exchange-onprem

Initial State:  Outlook Users connecting to Exchange servers on-premise

exchange-online

Next Step:  Outlook Users connecting over the Internet to Office 365

 

[Side note:  This is a important consideration for customers looking at moving to Office 365.  I would highly recommend meeting with a Microsoft engineer or Microsoft partner who has experience in moving customers to the cloud.  Microsoft Premier Services also has a network assessment offering to examine your network for Office 365.]

In this blog, I wanted to summarize some of the key things to consider:

Outbound web proxy:  Do you require all outbound Internet traffic to go through web proxies?  Office 365 communication can be severely impacted by requiring it to go through web proxies because of the following considerations

  • Multiple, Persistent Connections:  Most web traffic (browsing the Internet) is short lived connections.  However, Outlook opens multiple connections per user and keeps them open (persistent).  Many customers' web proxy architecture are not sized to handle the number of connections required when Outlook is moved to Office 365.  For example, if a company has 15K users and Outlook opens 3-10 connections per users, then that would be 45K to 150K connections.  If the users are on Outlook all day, then those connections would remain open all day.  If the web proxy closes those connections, then the user may receive a message pop-up stating that the Outlook has lost connection to the server.
  • Encrypted Traffic:  Communications between the users and Office 365 is encrypted.  For example, Outlook, Skype For Business, and SharePoint encrypts traffic from the user's computer to Office 365.  Thus, the web proxy won't be able to inspect the traffic passing through it since it is encrypted.  One of the key value propositions of a web proxy is to inspect the web traffic.  Since the communications is encrypted, customer's won't receive this value from having the Office 365 communications traffic go through the proxy.

web-traffic-with-proxy

Current State:  All Internet traffic goes through web proxy

 

web-traffic-around-proxy

Recommended State:  In most scenarios, I would recommend directing traffic that is going to Office 365 to bypass the web proxy.

This is part one in this series and will explore other considerations in the upcoming posts.

 

For additional information, please review

  • Network Planning for Office 365 (here), (here)
  • Microsoft Mechanics video on Office 365 Network Planning (here)
  • Office 365 URLs and IP Address (here)
  • Great Ignite 2016 session on Overcoming Network Blockers for Office 365 (here)
  • Another Great Ignite 2016 session on Plan Performance and Bandwidth for Office 365 (here)