Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2013-01-25

When configuring a hybrid deployment, you have to install at least one hybrid server in your existing Exchange organization. Hybrid servers are additional servers configured with Exchange 2010 SP3 server roles that coordinate communication between your existing Exchange 2003 organization and the Exchange Online organization. This communication includes message transport and messaging features between the on-premises and Exchange Online organizations. We highly recommend installing more than one hybrid server in your on-premises organization to help increase reliability and availability of hybrid deployment features.

Hybrid Deployment Server Roles

Depending on the hybrid deployment configuration that you want, a hybrid server requires one or more of the following Exchange 2010 server roles to be installed. If you choose to install a single hybrid server in your on-premises organization, you’ll need to install all the following server roles on the single hybrid server. If you choose to install more than one hybrid server in your on-premises organization, you may choose to install the server roles on separate servers in your on-premises organization. For example, you could install one hybrid server that has both the Client Access and Mailbox server roles installed and install another hybrid server that only has the Hub Transport server role installed. However, the best practice and recommended hybrid server configuration is to install the Client Access, Mailbox, and Hub Transport servers on each hybrid server deployed in your on-premises organization.

Here is a quick overview of the server roles in a hybrid deployment:

  • Client Access server role   The Client Access server role on a hybrid server provides the functionality typically provided by a front-end server in Exchange 2003. All client connectivity, including Outlook client access, Outlook Web App, and Outlook Anywhere goes through the Client Access server role. Organization relationship features between the on-premises and Exchange Online organizations, such as free/busy sharing, are also handled by the Client Access server role.

    Learn more at: Understanding Client Access

  • Hub Transport server role   The Hub Transport server role on a hybrid server handles all mail flow between the on-premises and Exchange Online organizations and between the on-premises organization and the Internet. It helps to secure transport communication between the on-premises and Exchange Online organizations, as well as handling transport rules, journaling policies, and message delivery to user mailboxes in a hybrid deployment.

    Learn more at: Overview of the Hub Transport Server Role

  • Mailbox server role   The Mailbox server role on a hybrid server hosts a replica of the OU=EXTERNAL (FYDIBOHF25SPDLT) public folder that enables calendar free/busy information sharing between the on-premises and Exchange Online organizations. Mailboxes should not be created on a hybrid server in a typical hybrid deployment between an on-premises Exchange 2003 organization and an Exchange Online organization.

    Learn more at: Overview of the Mailbox Server Role

Hybrid Server Functionality

A hybrid server provides several important functions for your on-premises organization in a hybrid deployment:

  • Federation   Hybrid servers enable you to create a federation trust for your on-premises organization with the Microsoft Federation Gateway. The Microsoft Federation Gateway is a free, cloud-based service offered by Microsoft that acts as the trust broker between your on-premises organization and the Office 365 tenant organization. Federation is a requirement for creating an organization relationship between the on-premises and the Exchange Online organizations.

    Learn more at: Understanding Federation

  • Organization relationships   Hybrid Client Access servers enable you to create organization relationships between the on-premises and Exchange Online organizations. Organization relationships are required for many other services in a hybrid deployment, including calendar free/busy information sharing, message tracking, and mailbox moves between the on-premises and Exchange Online organizations.

    Learn more at: Understanding Federated Delegation

  • Message transport   Hybrid Hub Transport servers are responsible for message transport in a hybrid deployment. Using Send and Receive connectors, they replace the on-premises Exchange 2003 server as the connection endpoint for incoming external messages and also provide outbound message delivery to the Internet and the Exchange Online organization.

    Learn more at: Understanding Transport

  • Message transport security   Hybrid Hub Transport servers help to secure message communication between the on-premises and Exchange Online organizations by using the Domain Security functionality in Exchange 2010. Security can be increased by using mutual transport layer security authentication and encryption for message communications.

    Learn more at: Understanding Domain Security

  • Outlook Web App   Hybrid Client Access servers support configuring a single URL endpoint for external connections to on-premises and Exchange Online mailboxes. For on-premises mailboxes, hybrid Client Access servers are configured to automatically redirect user Outlook Web App requests to your Exchange 2003 mailbox server. For Exchange Online organization mailboxes, hybrid Client Access servers are configured to automatically display a link to the Outlook Web App endpoint on the Exchange Online organization.

  • Learn more at: Understanding Outlook Web App

Hybrid Server Topology

A hybrid server is deployed much like an Exchange 2010 server would be deployed to your existing Exchange 2003 organization. Using the Client Access, Mailbox, and Hub Transport server roles, hybrid servers are responsible for many services for your on-premises organization that are currently provided by your existing Exchange 2003 server. The following table describes briefly the changes in services after configuring a hybrid deployment.

Service Before hybrid server deployment After hybrid server deployment Description

Message transport (inbound and outbound)

Exchange 2003 server

Hybrid Hub Transport server(s)

The MX (mail exchanger) record for the domain may be updated to point to hybrid Hub Transport servers.

OU=EXTERNAL (FYDIBOHF25SPDLT) public folder replica

Exchange 2003 server

Hybrid Mailbox server(s)

All other public folder replicas remain on the Exchange 2003 server.

Outlook Web App public URL

Exchange 2003 server

Hybrid Client Access server(s)

Hybrid Client Access servers redirect Outlook Web App requests to the publicly accessible endpoint on the Exchange 2003 server.

Hybrid Server Software

Service Pack 3 (SP3) for Exchange Server 2010 enables hybrid deployment functionality with the Hybrid Configuration wizards. You can use any Exchange 2010 SP3 media when installing the hybrid server.

Additionally, we recommend that you install future Update Rollups for Exchange 2010 SP3 on all your hybrid servers. Microsoft releases update rollup packages approximately every six to eight weeks. The rollup packages are available via Microsoft Update and the Microsoft Download Center. In the Search box on the Microsoft Download Center, type "Exchange 2010 SP3 update rollup" to find links to the rollup packages for Exchange 2010 SP3.

Download Exchange Server 2010 SP3 at: Exchange 2010 Service Pack 3 (SP3)

Important:
You need to provide an Exchange 2010 Hybrid Edition product key on the hybrid server when you configure a hybrid deployment with Office 365. To obtain a Hybrid Edition product key, contact Office 365 support.