Challenges and Solutions in Office 365 Deployment

This content explores the challenges faced before and after migrating to Office 365, including issues with proxy servers, global DNS load balancing, and security concerns. It emphasizes the importance of planning for local internet breakout, NAT connections, and security at the endpoint. The evolution from traditional network setups to O365 compatibility is outlined with practical insights and recommendations.

• Office 365
• Challenges
• Solutions
• Security
• Planning

bellard_n Follow

Uploaded on Sep 12, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Office 365 How NOT to do it UKNOF43

2. Andrew Ingram Owner of High Tide Consulting Corporate mergers, acquisitions and divestments expertise Infrastructure Applications User migrations etc Design and Build Data Centres, Citrix, AD Always looking for the next challenge!

3. Before the cloud Proxy servers where king Routing all internet traffic over WAN or VPN back to the DC All external DNS requests send back to the DC Firewall at the DC handling NAT for the whole company out of a single IPv4 address

4. Then came the cloud More traffic to the Internet, links not big enough WAN links are expensive Global DNS load Balancing broke with Central DNS DC Firewall started to struggle Proxy servers struggle QOS implemented as a temporary solution

6. Then came O365 O365 is not Proxy server friendly O365 merges applications and web browser apps together Global DNS Load balancing heavily used CDN networks heavily used with a large list of URL s O365 use TCP Windows Scales TCP Idle times default of 100 to 300 seconds (Previously recommended best practice) Updates of CRL (Certificate Revocation List)

8. What to Plan for Local internet breakout Local DNS Breakout Enterprise grade internet links (Not a domestic ADSL line) Internet Routing, need for a default gateway High number of NAT connections Network devices work on IP ACL, O365 is primarily URL based

9. Challenges Security, sending all traffic via a proxy made people feel safe. NAT Connections, NAT pools may be needed Need to start thinking of security at the Endpoint and not just the Perimeter

10. NAT How bad can it get Maximum supported devices behind a single public IP address = (64,000 - restricted ports)/(Peak port consumption + peak factor) Restricted ports: 4,000 for the operating system Peak port consumption: 6 per device Peak factor: 4 Total of 6,000 devices accessing O365 on a single address

11. How should you NOT do Office 365 Many companies don t do the correct assessment and expect it to just work! Some parts of Office 365 need to talk at Windows System Layer (Causes issues with Proxy and Firewall Authentication) Windows Network Awareness can cause issues If deploying Microsoft Team with Voice and Video ensure WAAS or SD-WAN ensure associated services are configured correctly

12. Creative Work Arounds Bypass Proxy for Office 365 Traffic (PAC Files) Cisco Umbrella Branch to direct DNS requests out of local link without a global update to DNS (Inspection rule on local WAN router) Inject a Default route into the local site out of the DIA link Permit 443 and 80 out of the Local link (Security not happy ) Creating Stub zone in local DNS to refer Microsoft URL to google DNS servers. This forces the local client to query google DNS servers direct. (Not nice)