top-line

MICROSOFT BPOS – AKA MICROSOFT ONLINE SERVICES - should you move to the cloud?

Print
PDF

Written by Chuck Arconi - Senior Consultant

 

Email in the cloud, why should you migrate and if you do what should you be aware of?

So everywhere I go I hear it directors and VP's telling their IT people that they want to move to the cloud. So what does "moving to the cloud" mean? Well in a nutshell it means taking your email and moving it to a third party company outside your organization. That means someone else manages your email, the servers, the security, the storage.

So that sounds pretty good, right? Well let's take a closer look and then you can decide if it's really the "golden goose" or not.

 
FIRST THINGS FIRST WHAT ARE THE MAIN DECIDING FACTORS FOR MOVING TO THE CLOUD?

Well in my humble opinion they should be based on the following for sure but you may have others as well:

  • The size of the organization (how many mailboxes).
  • Third party apps that integrate with your Exchange server – like Blackberry.
  • Your organizations security policies.
  • Available Bandwidth
  • Cost (of course)

In my opinion if you have 100 mailboxes or less it's a no brainer, migrate. That is unless you have some application that your organization can't live without that integrates with Exchange server or your internal email server. So let's move onto the administration of BPOS, one of the main reasons your IT folks will want to get rid of internal email.

 

ADMINISTRATION OF MS BPOS

Will my Administrators be able to manage it just as before? Do I lose any admin control when I move over? Both good questions you should be asking.

  • You still have access to create accounts.
  • You can add aliases just as before.
  • You can create Distribution lists and manage them.
  • You can increase a user's storage (up to 25 gigs)
  • You can create contacts
  • You can create conference rooms
  • You can manage safe and blocked senders
  • You can manage / create multiple domains

There are a lot of administrative tasks that you will not be able to perform anymore and really most of them you will be happy to give up like "EDB defrags". You cannot take advantage of Active Directory Security Groups anymore and you won't be able to set up mailbox forwarding (on your own, you can submit a service ticket for it though) and there are more but you will need to peruse the BPOS documentation at Microsoft's site for details. Below are screen shots of the 3 admin screens available for a user account:

 screen1              screen2

screen3

MIGRATION METHODS

So let's look at the migration process. Basically there are 2 methods for migrating email. The automated tools at the BPOS site and the manual method of exporting to a PST and then importing to the new BPOS profile. The first method is great for larger migrations although in my experience it has problems. The Migration tool is nice because it will migrate mail from your internal Exchange servers and also from third party SMTP/POP hosts. One of the first problems I encountered was after migrating a hundred or so mailboxes in every mailbox I found (or the users found) there were many messages, about 30%, where the body of the message had been removed and added as an attachment called "winmail.dat". This as you can imagine was a huge problem.

We eventually got it fixed with the help of BPOS support. (That's another story I'll cover later.)

Also you will hammer your Internet connection during the migration, you could set up QOS to manage it but that may slow down your migration. So make sure you notify your end users that there may be Internet slowdowns during the migration. You could also choose to run your migrations in a phased approach over weekends so that you limit the impact. BPOS can run in a "mixed" environment so that you can keep your Exchange servers up and running during the migration, what I mean is that you can move some of the mailbox off an Exchange server to BPOS while still leaving others active on Exchange. This way you can migrate in phases again limiting impact to end users.

Below is the screen in BPOS administration where you can set up migration tools and get access to the documents and tools you will need:

screen4

I should note here that there are some third party companies that claim they can help migrate your email to BPOS and other cloud providers at a much faster rate than you can on your own. I don't have any experience with them or data to provide their claims. But I would advise at least investigating them if you have a large number of mailboxes to migrate.

For those of you that would use the later method, not the automated method, the steps are as follows:

  1. Export the end users mailbox to a PST.
  2. Install the "Microsoft Online Service Sign In" component on the user's workstation (you'll have to do this no matter what method you use)
  3. Login to BPOS with the new profile.
  4. Import the PST Outlook.
  5. Remember BPOS has a 2 gig limit for imports. This is confusing so let me explain. BPOS documentation states a limit of 2 gigs on imports, yet you can have up to a 25 gig mailbox? So without detailed information from Microsoft on this my experience is that to successfully migrate mailboxes from PST files you will need to break the PST files into 2 gig files.
  6. You will need to let things sync up before the mail will be available through OWA. (your clients all need to be in cached mode for BPOS)

So those are the steps for a manual BPOS migration. You can see that if were talking about 1000 mailboxes it is a daunting task that takes a huge amount of coordination. So the automated method is preferable for large migrations.

 

WE'VE TALKED ABOUT MIGRATIONS AND HOW THEY'RE HANDLED BUT WHAT ABOUT SECURITY?

From Microsoft's Site:

"Together, multiple layers of security controls and multiple technologies form the Microsoft defense-in-depth strategy. To simplify security management and to enhance performance, Microsoft also recommends that the solution is integrated into the business infrastructure. Microsoft looks at security along three dimensions: security of data (virus and spam filtering in the cloud), secure data access (HTTPS 128-bit encryption) and secure datacenters."

Microsoft isn't going to let me into their data centers (around the world) to confirm their security measures and they aren't going to give me detailed network diagrams either. But I will say that they have not had any break-ins yet, at least none that have been published. And they know that if they don't take security serious then there entire product becomes worthless. That said you still need to decide whether you will let someone else manage the security of your email.

Another point to consider is that for BPOS to work you must enable "Cached Exchange mode" on the Outlook client. Many organizations, like banks, do not allow data storage on endpoints (a fancy name for workstations, laptops, etc.). In fact all the banks I have dealt with do not allow email storage of any kind on anything other than the email server.

You noticed I said around the world earlier that's because Microsoft has BPOS data centers around the world. This way they can load balance and keep your email close to you. In fact when you're adding accounts to BPOS the admin console asks you where the mailbox will be located and you select the region (country / state) the end user will be working in most of the time. So when I mentioned earlier about security I also meant that you could have some of your corporate email sitting on a server in China, some in India, some in New York, etc. So you need to be aware of that and its implications when you're deciding to move or not to the "Cloud".

 

ONE IMPORTANT NOTE ABOUT SECURITY

During my installation / migration experience with MS BPOS there is one glaring security hole that I saw. During a migration issue (one that took several calls to BPOS support to resolve) I had to call in and make changes. When I called in they asked for my user name, I gave it to them and they replied that "because I was not listed as an admin they could not help me". I was frustrated because I had the admin password and was logged into the admin console but because my name was not listed on the account they would not take my call or make changes (I was not listed because I was consulting at a customer). So I hung up and called back and gave them a different name (the name of the customer IT staff that had access) and they said "OK great how can I help you?" From that point on I could do whatever I wanted including removing everyone but myself as an administrator from the system! So by just giving them a false name I had complete access. They should have had some kind of a pin number or password for me to get access. Hopefully they will resolve this soon.

 

STORAGE AND BPOS

Not too much to say here your email will be stored on whatever storage platform is being used by your region. You have up 25 Gigs of storage per user.

 

BANDWIDTH AND YOUR MIGRATION

So one of the things I mentioned earlier was having sufficient bandwidth when you migrate to BPOS. But you will also need to consider it for after the migration and how it will work ongoing with your current internet connections. You may need to increase your internet connection from a T-1 to two bonded T-1's or maybe to a DS3. I migrated a company with 150 mailboxes to BPOS that had dual T-1's and so far they are comfortable and have no user complaints except when they get in on Monday and they have to update their cache from a large influx of emails over the weekend. It's not bad just a little slow on the sync and Outlook is not really usable during the sync.

Remember that all your email traffic, calendar updates, meeting requests, attachments all have to come through your internet pipe. You say well that's how it always worked, right? Well yes from outside mail but all your employee-to-employee communication was over your internal backbone or even on the same server. Now when one employee sends a message to another even if they sit right beside each other it has to go out over the internet to Microsoft Online and then back again. Also you may have external rules that limit incoming and outgoing attachment size but now you will also have an internal limit as the BPOS limit is 30 Megabytes.

To further estimate the bandwidth necessary I copied the section below from Microsoft's website. You can find the following information here: http://www.microsoft.com/online/help/en-us/helphowto/3dea7174-a521-4442-a7c5-5d540e09b20d.htm

 

Bandwidth Considerations

Microsoft Online Services currently offers three online services: Microsoft Exchange Online, SharePoint Online, and Office Live Meeting. Each of the services has its own bandwidth requirements.

There are many variables to consider when estimating network traffic. Some of these variables are:

  • The services that your company has subscribed to
  • The number of client computers in use at one time
  • The type of task each client computer is performing
  • The performance of your Internet browser software
  • The capacity of the network connections and network segments associated with each client computer
  • Your company’s network topology and the capacity of the various pieces of network hardware

The following sections provide guidelines for estimating the bandwidth usage of each service. Detailed specifications are beyond the scope of this topic. For more detailed information about estimating the network traffic for each online service, see the links to other documentation in each of the following sections.

Exchange Online

The information in this section will help you begin to estimate the network bandwidth that your company will need to run Exchange Online.

The estimates provided in this section are based on the following assumptions:

  • The average message size is 50 kilobytes (KB).
  • Every message delivered is read.
  • Half of all incoming mail is deleted.
  • OWA clients log on and log off two times per day.
Note 
Office Outlook 2007 log on and log off costs were not evaluated because company e-mail users generally stay logged on for days at a time.

The following table lists the message usage for light, medium, heavy, and very heavy e-mail users. This information will be used later in this section to estimate network traffic.

ActivityLightMediumHeavyVery heavy
Messages sent per day 5 10 20 30
Messages received per day 20 40 80 120
Average message size 50 KB 50 KB 50 KB 50 KB
Messages read per day 20 40 80 120
Messages deleted per day 10 20 40 60
OWA log on and log off per day 2 2 2 2

The following table shows the amount of network traffic generated by each type of user in each e-mail client. All values are in kilobytes (KB) per day per user.

E-Mail ClientLightMediumHeavyVery Heavy
Office Outlook 2007 1,300 KB/day/user 2,600 KB/day/user 5,200 KB/day/user 7,800 KB/day/user
OWA 6,190 KB/day/user 12,220 KB/day/user 24,270 KB/day/user 36,330 KB/day/user

To apply this information to your company, consider the following examples. Each example assumes that the users are in the same time zone and that they perform most of their work during the same eight hours of the day.

  • Example: If your company has 100 heavy Office Outlook 2007 users, here’s how to calculate the average network traffic, measured in bytes per second.
    Network bytes/sec = (100 heavy users × (5,200 KB/user ÷ day)) ÷ (8 hr/day × 3600 sec/hr) = 18.5 KB/sec
    Assuming a daily peak of twice the average usage, your network connection would need to support approximately 37 KB/sec.
  • Example: If your company has 100 medium OWA users, here’s how to calculate the average network traffic, measured in bytes per second.
    Network bytes/sec = (100 medium users × (12,220 KB/user ÷ day)) ÷ (8 hr/day × 3600 sec/hr) = 42.4 KB/sec
    Assuming a daily peak of twice the average usage, your network connection would need to support approximately 84.9 KB/sec.

For more capacity planning information, see White Paper: Outlook Anywhere Scalability with Outlook 2007, Outlook 2003, and Exchange 2007.

 

END USER EXPERIENCE

So the most important part is how will your users like it? Well they have a single sign on component that you can install. But again you need to have the app installed on the workstation or laptop and you need to start it (you can set it to do this automatically at login of course) to have it sign in for you. My experience is that it works most of the time. If you are using Active Directory integration with BPOS it will update password and some account changes to the BPOS system but not your client. So that means if your user changes their password in AD the single sign on client will fail until they change the password there also.

My single sign on client worked fine until I made a recent password change and updated the client but I still get prompted for a password every time I open Outlook. Microsoft has a fix for it but it didn't work for me. Maybe they will have a fix for that works soon?

Delegating permissions is very slow and sometimes does not work. Lately co-workers and I have had some disappearing appointments. We cannot pinpoint the cause but we all have definitely missed meetings gone back to our calendars and found that the meeting was not on our calendar even though we were definitely included in the invite and we definitely saw the meeting there just a day before?

Out of Office also is a pain. To turn it on you have to log into OWA. You cannot turn it on from within Outlook.

Otherwise overall the performance is good. I can still do meeting requests, I have access through OWA. MS says (in their documentation) that they don't support Outlook 2010 but I have been using Outlook 2010 for months now and it works fine for me.

My mail delivery seems much slower than before. When I send a message it takes what seems like a long time and in some cases it is actually minutes rather than the seconds I was used to when we ran Exchange internally. But I only notice it when I'm on the phone with someone and I send them the message and they tell me "haven't got it yet...haven't got it yet...haven't got..".

Other than those noted I am happy with BPOS as an end user and even happier as an admin that I don't get calls in the middle of the night asking me why mail isn't working.

 

SO WOULD I RECOMMEND YOU MOVE TO THE CLOUD WITH BPOS?

That's a question I can't answer for you. Of the cloud providers out there I will say this; Microsoft has been providing Internet (cloud) hosted email for many years (Hotmail) and they have a lot of experience with it. Of the migrations I have worked on all of the customers are happy after they settled into it. I have read and heard from consulting partners about some companies that made the move and then switched back after they found it wasn't for them.

Like I said earlier if your sub 100 mailboxes it's a no brainer, past that you will need to really think about it before you make any moves. I did move one customer that asked if we could have the migration completed in the "next 2 weeks" I said no initially but they pleaded with us. We went ahead but the lack of planning and testing caused a lot of problems. So do yourself a favor and thoroughly plan and test before you decide. Microsoft Online will give you a test account for free to play with.

 

Add comment


Security code
Refresh

  • Demo Image
  • Demo Image