Microsoft Online (BPOS)Solution ·
I’ve been looking at the BPOS offering for my company. Since the documentation is quite spread-out on the web, I though a blog post about my findings would be useful.
First thing, let’s clear out the terminology. As it is sometimes the case with Microsoft products, it’s not a simple thing.
Microsoft Online is MS offering for Cloud Services. This mostly include Software as a Service (SaaS) offering, although Windows Azure is also listed (which is a Platform as a Service, PaaS). It includes the Office Server products (e.g. Exchange, SharePoint), Dynamics, MS ForeFront Online, etc. .
Those are the URLs I would recommend to explore MS Online:
- Quick start Online Services: https://www.quickstartonlineservices.com
- Tech Net Forum: http://social.technet.microsoft.com/Forums/en-US/category/microsoftonlineservices
- Customer Portal: https://mocp.microsoftonline.com
- Deployment page (new from early July 2010): http://www.microsoft.com/online/deployment/deploy.mspx
Ok, so that’s Microsoft Online. What is BPOS? BPOS stands for Business Productivity Online Suite. It’s a subset of MS Online. It comprises Exchange, Communicator, SharePoint & Live Meeting. Its home web site is http://www.microsoft.com/online/business-productivity.mspx. You can find a bit of info there and can get cost estimates easily.
After quite a while at looking around the offering, I decided to get more concrete. I found a good article about Exchange Online:
The only problem is that it’s a little old (January 2009, well, BPOS is young and evolves quickly) so a couple of details are inaccurate. Otherwise, it does give a clear big picture.
The other thing I did was to get my hands dirty: I signed up for a trial! Microsoft gives you a free 30 days trial where you have access to the product. The access is limited in the sense you can’t import thousands of users, but otherwise, it let you experience the product quite properly. You can signed in for a trial from the customer portal.
There is a Single Sign On client application the user must install in order to avoid being prompted for user-name / password at each application access. I’ve read BPOS should support Federated Identity (e.g. using ADFS on premise to authenticate you in the cloud), but with no time-line.
You can use Exchange Online in two modes: Simple Microsoft Online Services or Using you own domain. In the former case, you will have emails @something.microsoftonline.com, in the latter, you integrate your domain name.
The platform is quite flexible: it lets you migrate your user base and run it in hybrid mode where some users will be on-premise while others will be in the cloud. This is called email coexistence. This process doesn’t need to stop, you could run your mailing infrastructure in hybrid mode like that forever. You need Exchange 2000+ in order to coexist though.
There is a good Microsoft white paper about migration available for download.
There are tools to migrate mail boxes. Those cover past Exchange Server versions and a few other email systems, but I was only interested in Exchange Server since that’s what my company is currently running.
In order to have email coexistence, you need to synchronize your company’s Active Directory with Online Services. This sync is one-way. When you use directory synchronization, you need to edit users’ attributes directly in your AD, not in the MS Online Web Console.
On the first sync, all email accounts are marked as disabled in the web console. You need to pro-actively activate them and migrate their mail box. That seems very nice.
I didn’t try the directory synchronization for logistic reasons (you need admin privileges in order to do that).
An obscure point remaining for me is the authentication: is the password synchronized from our AD?
MS Online allows you to create site collections on its web console, where you also control the storage quota. The provisioning is very fast.
You can control the security from inside SharePoint: you can see your MS Online users there.
The currently supported version is SharePoint 2007. SharePoint 2010 is announced for the end of 2010 or early 2011.
I was able to use SharePoint designer to access different site collections. I could customized pages (process by which you replace resources from the SP local installation by resources in the content database). So the only limitation I see with look & feel customization is that all changes must be deployed in the content database which means that it must be deployed for each site (whereas with Premise SharePoint we can change the master page on the local disk & deploy CSS / images on disk).
As for custom solution support, it isn’t supported in the trial. This is supported only in SharePoint Online Dedicated offering (as opposed to standard, see https://www.quickstartonlineservices.com/Pages/ResourceCenter.aspx for documentation). The cost of the dedicated offering aren’t available on the Calculate Estimated Cost applet. It’s meant to be a dedicated server, so I suppose it’s substantially more expensive than the standard offering. On the other hand, it seems the dedicated offering would allow a trust with on-Premise Active Directory.
Live Meeting & Communicator
I didn’t look at those two offerings
Overall I was pretty impressed by the trial. It’s easy to setup and administer centrally and quite easy on the client-side too (e.g. Outlook). You can feel the underlying installation has been tuned to death since everything is very responsive.
The big show stopper for us right now is the authentication. My company is investing a lot to make each application follow the Active Directory single sign-on. We have very few applications (all departmental) having their own user name / password. Since we already have Exchange & SharePoint on-premise with single sign-on, going through the Microsoft Online Sign-on application would be a step back and that wouldn’t pass the ramp.
I’ll therefore be awaiting the integration of MS Online with a corporate Security Token Service (STS) before recommending it.