Basic Authentication: End of an Era
Back in September 2019, Microsoft announced it would start to turn off Basic Authentication for...
Anyone who runs an on-premises Exchange environment today would be forgiven for wondering how long their job will last, at least in its current shape. The sales pressure from Microsoft and other vendors to influence CIOs to consider moving workloads to cloud platforms increases all the time and the inevitable fear is that jobs disappear once work is transitioned.
Anyone who runs an on-premises Exchange environment today would be forgiven for wondering how long their job will last, at least in its current shape. The sales pressure from Microsoft and other vendors to influence CIOs to consider moving workloads to cloud platforms increases all the time and the inevitable fear is that jobs disappear once work is transitioned.
The situation for an Exchange administrator is pretty straightforward. The company can stay with on-premises Exchange for the immediate future as Microsoft’s support policy means that Exchange 2013 will remain in extended support until 2022 while Exchange 2016, due for release in late 2015, will be supported until 2025. The same support window applies for hybrid deployments where some workload stays on-premises and some runs in the cloud. On the other hand, the company might decide to go "all in" and embrace the cloud by moving to Office 365 or another hosted Exchange solution.
majority of mailboxes will be cloud-based by the end of 2016
Over time, the percentage of total deployed Exchange mailboxes will decrease for on-premises and increase in the cloud. Microsoft does not provide exact detail about how many mailboxes currently run inside Office 365 nor are precise data published about the total number of licensed Exchange mailboxes sold and in use today. However, based on public financial information about Office 365 revenues and consultant reports covering the Exchange market, it is possible to estimates that between 10% and 15% of the total base of around 300 million mailboxes had moved to Office 365 by mid-2014 and that the ramp-rate was increasing to a point where the majority of mailboxes will be cloud-based by the end of 2016.
All of this begs the question whether Exchange administrators can expect continued employment. The short answer is "no," at least not doing the same work. Like any period of change, the evolution of email from on-premises to cloud introduces both new challenges and opportunities. The same kind of transformation has occurred at regular intervals as long as IT has existed. In the world of email, the evolutionary path has passed through mainframe-based systems such as IBM PROFS to minicomputer systems like Digital ALL-IN-1 to PC/LAN like Lotus cc:Mail and Microsoft Mail to client/server like Exchange and Lotus Notes.
At each point in the long history of email administrators, those who do remain successful have had to evolve and update their skills. As proven by the shrinking group of programmers available to maintain COBOL for mainframe systems, those who stay embedded in a certain technology can stay fulfilled and happy as long as that technology endures, but opportunities for growth and career progression will shrink as a technology declines in popularity and deployment.
Today, cloud-based systems have been in general use since 2004 or thereabouts and their effectiveness, usefulness, and reliability are no longer doubted. As such, cloud-based email is a good and mature option for many companies who see email as essentially a utility application. Cloud-based email is an excellent choice for companies who have no specialized requirements. Using utility services allows these companies to dedicate their resources and personnel to more important tasks that are better aligned with the business. On the other hand, companies who wish to control their own email destiny, who seek optimum security and privacy, who need customized implementations, or who have integrated email into business workflows often find that on-premises servers offer greater flexibility.
Microsoft produces versions of Exchange that satisfy a wide range of customer needs. Those who want pure a pure cloud play can opt for Exchange Online and benefit from "evergreen software" where Microsoft takes charge of operations and users consume the output of their work. Those who need on-premises servers can choose from Exchange 2007, Exchange 2010, and Exchange 2013 at this point, albeit with the caveat that the first two server versions have shortened support lifetimes. Microsoft plans to produce Exchange 2016 toward the end of calendar 2015 to provide a further path forward for on-premises customers and the application of the standard Microsoft support policy means that Exchange 2016 will be supported well into the middle of the next decade. Hybrid deployments offer the flexibility of keeping some work (usually the most business-sensitive or confidential) on-premises while exploiting the cloud for more general workloads. The hybrid option is a real strength for Microsoft when compared to other cloud-only offerings from their competitors.
Administrators who support Exchange for companies who prefer on-premises servers can continue to operate in much the same mode as they have done for the last decade.
Administrators who support Exchange for companies who prefer on-premises servers can continue to operate in much the same mode as they have done for the last decade. However, taking this approach is a mistake because Exchange introduces new technology in every release and the effective utilization of that technology requires effort from administrators to understand the technical detail and then apply the technology in the most effective manner for their company. Anyone who assumes that they "know Exchange" because they’ve worked with it for many years are in grave danger of falling into the trap of complacency that leads to gradual erosion of their value.
The best administrators keep themselves up to date with developments, even if their company might not use a new server version for a number of years. They keep a wary eye on the changes Microsoft makes to satisfy customer requirements and stay competitive. They track industry changes and how third party software developers are evolving their products to track the path taken by Microsoft and other key players. In short, good administrators stay informed to help their company to make intelligent IT decisions and to maintain healthy career options for themselves.
To illustrate why administrators need to keep up to date with changing technology, let’s explore some of the ways that an on-premises Exchange administrator might have to grow and improve their skill set as cloud services are introduced into the mix. Every company is different and some will spend more time and effort in certain areas than others. It’s also true that a move to the cloud can be painless and swift for some companies, especially if they have a relatively small number of mailboxes and only make use of standard Exchange functionality. However, even with the simplest environment, the planning process required to introduce cloud services requires awareness and insight on the part of the planners if the resultant plan is to be successful.
Despite what might be claimed by some, migration to the cloud is seldom easy. Networks have to be reconfigured to accommodate the transfer of work and data to the cloud, mailboxes have to be scheduled for migration, directories synchronized, and a mass of detail mastered to ensure that a smooth transition occurs or that effective hybrid connectivity is established and maintained. For example, if you have more than a few hundred mailboxes to move to a cloud service, it’s likely that you will spend time considering what migration tools best suit your needs. Companies such as BitTitan, Dell Software, and Binary Tree will be happy to supply information about their toolsets, but only someone who knows the current environment inside out is likely to be able to assess how good a match an individual tool will be.
Exchange is often positioned at the center of an email-driven ecosystem within companies. Applications use Exchange to send email on their behalf; other applications are installed alongside Exchange to make servers easier to manage or to provide specific functions such as mail hygiene. Migrations have to take a holistic view of the way that Exchange is used inside a company if they are to be successful. It is tremendously embarrassing for IT to perform a migration to the cloud only to discover that some essential piece of functionality needed by a business line has no equivalent in the cloud service.
greater awareness and knowledge of security technologies will be demanded in a cloud environment
Thankfully, because migrations tend to take more effort and cost more than the best estimates predict, migration projects don’t last forever. But even when the last mailbox is moved across, more work plies up on the administrator’s plate. Security and privacy are obviously important for both on-premises and cloud environments. The nature of the Internet and the dependency on services run by a partner make security an essential topic for a hybrid or cloud administrator to master. Certificates must be ordered and installed to protect communication across multiple protocols, encryption technologies might need to be investigated to protect email traffic, and so on. Whereas an on-premises Exchange administrator might be able to leave such details to the corporate security team, it’s likely that greater awareness and knowledge of security technologies will be demanded in a cloud environment.
All cloud services come with their own support model, usually delivered through a mixture of web-based updates (to inform cloud tenants when changes are coming or maintenance is due) and phone calls if a problem is discovered. One thing to realize immediately is that cloud support is built around a highly structured model. Tenants do not get the chance to change anything delivered by the service. Apart from selecting options, there is no room to customize a service or vote on what new features will be delivered and when they will appear. In short, tenants remain at the mercy of the service.
Mostly, this does not matter because all of the major cloud services have very good records when it comes to uptime and availability. On this point, we should realize that most cloud vendors measure their performance against SLA at the boundary of their datacenters. In other words, if a service is deemed to be operating satisfactorily within the datacenter, any problem reported by a customer does not impact the SLA. This is an understandable stance because many other influences might contribute to a problem, including client misconfiguration or a temporary localized Internet outage.
cloud support is different, cloud customers have to alter their own support and monitoring arrangements to take account of the new reality
Because cloud support is different, cloud customers have to alter their own support and monitoring arrangements to take account of the new reality. Support no longer has control over all aspects of a problem. Instead of being able to make local changes to servers and other technical steps that might solve an issue, their role becomes more of an interface between vendor support and the end user. Some minor problems can be fixed immediately by helping the user with connectivity, client, or other setup issues, but if a real problem is found in an application like Exchange or SharePoint, the role of local support is to gather information from the user, check any obvious points ("have you plugged in the computer"), and to drive the conversation with cloud support.
Dealing with cloud support can be a tedious business. First level support is all about gathering information about the problem so that it can be checked against problem databases in an attempt to close the call. If that isn’t possible an escalation should occur to second level support for more detailed and in-depth debugging. If a solution isn’t found you might then go to third level support, especially if a change is required in a cloud datacenter or to an application. Local support has to drive this interaction to ensure that the problem being experienced by the user is dealt with in a timely manner. This might require multiple phone calls and email contacts over days and during this time the user has to be kept up to date with progress. It’s a totally different experience when on-premises servers are involved and you can interact with the people who run those servers.
The same issue is true of monitoring. During some cloud outages it has been said that Twitter provides the most accurate source of information because web-based dashboards and other channels used by the cloud vendor are unavailable or not kept updated. Monitoring a local server is easy compared to the task of figuring out what’s happening at all points between a user and a cloud-based application, but it needs to be done so that the company knows early when a problem exists and needs to be reported to the cloud vendor.
Going Hybrid or already in the Cloud? Check out the Reporting & Monitoring Hybrid Management Tool – Mailscape for Exchange Online.
Microsoft has invested huge effort in making hybrid connectivity work well, but establishing the connection between on-premises servers and an Office 365 tenant domain is only the first step in the process. Directory synchronization is likely to take far more time and detailed attention simply because directory objects change all the time as users, groups, and other mail-enabled objects are added and removed. The work becomes more complex if single sign on (SSO) is required, as it almost always is, and the administrator will find themselves becoming familiar with Active Directory Federation Services and other technologies to create and maintain the necessary infrastructure.
Microsoft’s "cloud first, mobile first" strategy encourages the widest possible selection of highly functional clients across multiple platforms. This is great for users, but it does cause some issues for administrators. The relatively simple Exchange ActiveSync (EAS) policies used to control mobile clients are no longer sufficient as they cannot deal with Outlook Web App (OWA) for Devices clients on iOS and Android. Client devices are more powerful, store more information, and take advantage of pervasive connectivity. Users like to change devices to track developments in hardware and form factors and companies have permitted the Bring-Your-Own-Device (BYOD) concept to contribute to a Bring-A-Big-Mess situation.
administrators will continue to have to manage connectivity, monitor and control the types of devices that access Exchange and other corporate applications, and be aware of the latest developments in client-side software
The issues involved in mobile device management (MDM), including control to sensitive corporate information and enabling separation between personal and business personas on the one device will become easier as new management capabilities are rolled out by software vendors, including Microsoft. However, administrators will continue to have to manage connectivity, monitor and control the types of devices that access Exchange and other corporate applications, and be aware of the latest developments in client-side software. Given the consumer-driven pace of evolution in the device space this task is likely to absorb more rather than less time, especially if the company is willing to permit connectivity from multiple mobile platforms (iOS, Android, and Windows).
A company cedes some control over its IT direction after it decides to use cloud services. The cloud provider removes the need for mundane server operations such as software installs and updates; it also sets the pace on how and when new software features are introduced. Within Office 365, Microsoft allows customers to see new features early through the First Release option but there is no way to postpone the arrival of new software as the platform is in a state of perpetual renewal and update.
Administrators are the natural people to take on the role of monitoring the cloud service for upcoming changes so that the updates are assessed and reviewed in the context of the company’s business before being revealed to users. There is nothing worse than coming in on a Monday to face a blizzard of help desk calls from users who have suddenly discovered that a feature such as Delve, Clutter, or Groups has suddenly shown up without warning. Users won’t know what to do and are unlikely to do the right thing if they are not well advised. It makes sense to ask administrators to act as the eyes and ears of the company on the cloud software roadmap so that users take maximum advantage of evergreen software instead of being baffled by constant change.
An Exchange administrator who knows everything about Exchange will have many hours to fill after their organization moves to the cloud. That time is usefully and productively spent by investigating how other technology made available in the cloud can be used to streamline and enhance business processes. Most Office 365 licenses allow companies to use Lync, SharePoint, Yammer, and OneDrive for Business, all of which offer some potential to almost every company.
No one person can be an expert in everything, but it is possible for an email administrator to exploit their knowledge of a company’s business and its policies and procedures to identify what Office 365 technologies are of most interest to the company and how they can be introduced to achieve a positive benefit.
The thing about cloud services is that they change at a much more rapid pace than their on-premises counterparts. This is partly because the cloud service is under the complete control of a single vendor who can plan and manage all of the moving parts necessary to support the introduction of new technology. It’s also partly because on-premises deployments have traditionally moved at the pace of the slowest business unit and are gated by other factors, such as the desktop upgrades.
Because cloud services move and evolve quickly, companies need to keep a wary eye out on the roadmaps published by vendors (such as Microsoft’s Office 365 Roadmap) to understand and assess what features are in development and what are being rolled out. Keeping a watchful eye on the roadmap means that the company will not be surprised when a new feature shows up. It also means that new features can be exploited as soon as they become available. For example, Microsoft introduced Office 365 Message Encryption (OME) technology in mid-2014 to enable tenants to send protected messages within the company and to external correspondents. Implementation of OME is reasonably straightforward but some user training and awareness is required, factors that can be planned – but only if someone makes you aware that the feature is coming or already exists.
Technology is not going to slow down. If anything, you can expect it to continue acceleration as new software, methods, devices, and hardware appear. Administrators who stay bound to the old way and refuse to change their approach will inevitably find themselves side-lined and become a drag that can be all too easily discarded by the business. None of us in IT can expect to do the same job forever and work with the same tools for more than a few years (or at least, the same version of a tool).
It is easy to see that cloud services will evolve to cover an increasing number of IT scenarios over time. Networks will improve, security and privacy issues will be addressed, audit concerns will be managed, and companies will gain more confidence in storing even their most confidential data on servers that they never see.
Utility workloads like email have already made the transition. It takes more time for workloads with specific needs and characteristics to make the change. The tools and techniques to enable workloads to transition are already available and ready for use. All it requires now is for humans to make the decision whether to move the work or keep it in-house.
The future is bright for those who are able to adapt to changing circumstances. The key to success is to stay aware of what’s happening in technology and use that knowledge to help the business to achieve its goals. An IT department that is regarded as overhead is quickly forgotten; one deemed to be a key partner in all aspects of the business is of strategic importance.
Going Hybrid or already in the Cloud? Check out the Reporting & Monitoring Hybrid Management Tool – Mailscape for Exchange Online.
Tony Redmond has been working with Exchange Server since Digital and Microsoft concluded the Alliance for Enterprise Computing in August 1995 and he found out that the OpenVMS-based email server that he was working on had just been superseded. He's written ten books on Exchange to date, including his latest "Inside Out" book on Exchange 2013 (Mailbox and High Availability) that appeared in October 2013. In addition, he has written literally hundreds of articles about different aspects of Exchange and has spoken at conferences such as TechEd, MEC, Exchange Connections, and HP's Technology Forum.
On September 28, Microsoft released their quarterly updates for Exchange Server: