Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2013-01-25
When configuring a hybrid deployment in an Exchange 2010 organization, you aren’t required to install additional Exchange servers in your existing Exchange organization. As long as your Client Access and Hub Transport servers are updated to Exchange 2010 Service Pack 3 (SP3) with the latest update roll up, these servers can coordinate communications between your existing Exchange 2010 organization and the Exchange Online organization. This communication includes message transport and messaging features between the on-premises and Exchange Online organizations. We highly recommend installing more than one Exchange server in your on-premises organization to help increase reliability and availability of hybrid deployment features.
Server Roles in a Hybrid Deployment
Here is a quick overview of the Exchange 2010 server roles in a hybrid deployment:
- Client Access server role The Client
Access server role continues to provide essentially the same
functionality typically provided by Client Access servers in your
Exchange 2010 organization with a few additions required to support
a hybrid deployment. All client connectivity, including Outlook
client access, Outlook Web App, and Outlook Anywhere goes through
the Client Access server role. Organization relationship features
between the on-premises and Exchange Online organizations, such as
free/busy sharing, are also handled by the Client Access server
role.
Learn more at: Understanding Client Access
- Hub Transport server role The Hub
Transport server role handles all mail flow between the on-premises
and Exchange Online organizations and between the on-premises
organization and the Internet. It helps to secure transport
communication between the on-premises and Exchange Online
organizations, as well as handling transport rules, journaling
policies, and message delivery to user mailboxes in a hybrid
deployment.
Learn more at: Overview of the Hub Transport Server Role
Depending on the hybrid deployment configuration that you want, an Exchange 2010 SP3 server requires one or more of the server roles to be installed on it:
- Single Exchange server If you choose to
install a single Exchange server in your on-premises organization,
you’ll need to install the Mailbox, Client Access, and Hub
Transport server roles on the single server.
- More than one Exchange server If you
choose to install more than one Exchange server in your on-premises
organization, you can install the server roles on separate servers
in your on-premises organization. For example, you could install
one Exchange server that has the Mailbox and Client Access roles
installed and also install another Exchange server that has only
the Hub Transport server role installed. However, the best practice
and recommended server configuration is to install the Client
Access and Hub Transport servers on each server deployed in
your on-premises organization.
If you also decide to install the optional Exchange 2010 Mailbox server role in your hybrid deployment, you should add the Mailbox server role to each Exchange server that has the Client Access and Hub Transport server roles installed. Learn more about the Mailbox server role at Overview of the Mailbox Server Role and learn more about Exchange capacity planning at Understanding Multiple Server Role Configurations in Capacity Planning.
Exchange Server Functionality in Hybrid Deployments
A hybrid Exchange server provides several important functions for your on-premises organization in a hybrid deployment:
- Federation Exchange servers enable you
to create a federation trust for your on-premises organization with
the Microsoft Federation Gateway. The Microsoft Federation Gateway
is a free, cloud-based service offered by Microsoft that acts as
the trust broker between your on-premises organization and the
Office 365 tenant organization. Federation is a requirement
for creating an organization relationship between the on-premises
and the Exchange Online organizations.
Learn more at: Understanding Federation
- Organization relationships Exchange
servers with the Client Access server role enable the creation of
organization relationships between the on-premises and Exchange
Online organizations. Organization relationships are required for
many other services in a hybrid deployment, including calendar
free/busy information sharing, message tracking, and mailbox moves
between the on-premises and Exchange Online organizations.
Learn more at: Understanding Federated Delegation
- Message transport Exchange servers with
the Hub Transport server role are responsible for message transport
in a hybrid deployment. Using Send and Receive connectors, they
serve as the connection endpoint for incoming external messages and
also provide outbound message delivery to the Internet and the
Exchange Online organization.
Learn more at: Understanding Transport
- Message transport security Exchange
servers with the Hub Transport server role help to secure message
communication between the on-premises and Exchange Online
organizations by using the Domain Security functionality in
Exchange 2010. Security can be increased by using mutual transport
layer security authentication and encryption for message
communications.
Learn more at: Understanding Domain Security
- Outlook Web App Exchange servers with
the Client Access server role support configuring a single URL
endpoint for external connections to on-premises and Exchange
Online mailboxes. For on-premises mailboxes, Client Access servers
are configured to service Outlook Web App requests.. For Exchange
Online organization mailboxes, Client Access servers are configured
to automatically display a link to the Outlook Web App endpoint on
the Exchange Online organization.
Learn more at: Understanding Outlook Web App
Exchange Server Topology
If you choose to add additional Exchange servers to support your hybrid deployment, the Exchange server would be deployed much like any other Exchange 2010 server would be deployed to your existing Exchange 2010 organization. Configuring your existing on-premises Exchange 2010 organization for a hybrid deployment doesn’t require any special Exchange server topology. The following table describes briefly the changes in services after configuring a hybrid deployment.
| Service | Before hybrid server deployment | After hybrid server deployment | Description |
|---|---|---|---|
|
Message transport (inbound and outbound) |
Exchange 2010 Hub Transport server |
Exchange 2010 Hub Transport server or Exchange Online Protection (EOP) included with Office 365 |
The MX (mail exchanger) record for the domain may remain unchanged or be updated to point to EOP. |
|
Outlook Web App public URL |
Exchange 2010 Client Access server |
Exchange 2010 Client Access server |
Client Access servers continue to handle Outlook Web App requests for on-premises mailboxes. Outlook Web App requests for mailboxes hosted on Exchange Online are provided with a link to the Exchange Online Outlook Web App URL. |
Exchange Server Software
Exchange 2010 SP3 enables hybrid deployment functionality with the Hybrid Configuration wizards. You can use any Exchange 2010 SP3 media when installing additional Exchange 2010 servers.
Additionally, we recommend installing future Update Rollups 4 for Exchange 2010 SP3 on all your hybrid servers. Microsoft releases update rollup packages approximately every six to eight weeks. The rollup packages are available via Microsoft Update and the Microsoft Download Center. In the Search box on the Microsoft Download Center, type "Exchange 2010 SP3 update rollup" to find links to the rollup packages for Exchange 2010 SP3.
Download Exchange Server 2010 SP3 at: Exchange 2010 Service Pack 3 (SP3)
Find update rollup packages at: Microsoft Download Center
 Important: |
|---|
| You need to provide an Exchange 2010 Hybrid Edition product key on the hybrid server when you configure a hybrid deployment with Office 365. To obtain a Hybrid Edition product key, contact Office 365 support. |