I have now received a lot of inquiries about Exchange and hybrid mode with Office 365. I have therefore decided to focus more on the topic of Office 365 in conjunction with local Exchange servers in the future. Here is the first article on Exchange 2016 in conjunction with Office 365 and hybrid mode. This article is about the test environment, the other articles will deal with the configuration of Office 365 and Exchange 2016.
At this point, we are therefore only providing an overview of the test environment. Everything else will follow in the next articles.
The surroundings
I have installed a small test environment for this article. There is a domain controller and an Exchange 2016 CU9 server. Both servers run on Windows Server 2016. The name of the Active Directory is frankysweb.org, which fits quite well as I have also registered this domain publicly but am not currently using it.
The domain controller is named DC1.frankysweb.org and the Exchange server is named EX1.frankysweb.org:
A Sophos UTM takes care of the Internet connection, but this only plays a secondary role here. The Internet connection has a static IP address.
The public DNS settings for the frankysweb.org domain are configured as follows:
The MX entry points to outlook.frankysweb.org and therefore to the fixed IP address of the Internet connection. The Sophos UTM works as a SPAM filter for incoming mails and is used by the Exchange server as a smarthost for outgoing mails. In addition, there is an SPF entry (see TXT entry in the screenshot), which only contains the static IP of the Internet connection and allows this for sending mail from frankysweb.org.
Details of the test environment
Here are a few details about the test environment. Not everything is directly relevant and therefore serves to provide a better overview and understanding.
As previously mentioned, the MX entry points to the public IP of the Sophos UTM. The Sophos UTM acts as a router and SPAM filter in my environment. The mail flow is therefore as follows:
Ultimately, this scenario can also be implemented with any other SPAM filter. The SPAM filter is also used by Exchange as a smarthost to send mails to external recipients. There is an SMTP profile on the Sophos UTM that sends all mails to frankysweb.org to the Exchange server of the test environment:
Access to Exchange from the Internet is via the host name outlook.frankysweb.org, the host name is the same for all protocols, only Autodiscover is published under the name autodiscover.frankysweb.org. In this case, the router only forwards port 443 to the Exchange server via DNAT:
I deliberately wanted to leave out the web server protection of the UTM here to keep the articles a little more general.
Outlook Anywhere and all other virtual directories have been configured to the name "outlook.frankysweb.org":
Here is a screenshot of the /OWA directory. With the exception of /PowerShell, the other directories have also been configured to the host name "outlook.frankysweb.org":
The Autodiscover URL has been configured to autodiscover.frankysweb.org:
A wildcard certificate from Let's Encrypt is used as the certificate:
I have created 3 test users and a distribution group in the Active Directory:
All test users are members of the "all" group.
I have also installed a client with Outlook 2016 in the test environment. This means that the Outlook connection can also be checked.
So much for the test environment. The next part will start with the configuration of Office 365 and Exchange 2016.