Still dont understand the federation between premise and EOL

%3CLINGO-SUB%20id%3D%22lingo-sub-1744834%22%20slang%3D%22en-US%22%3EStill%20dont%20understand%20the%20federation%20between%20premise%20and%20EOL%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1744834%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20the%20Exhange%202016%20with%20Office%20365%20and%20the%20following%20config.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEmail%20Domain%3A%20mysmtpdomain.com%20%22%3CU%3Euser1%40mysmtpdomain.com%3C%2FU%3E%22%26nbsp%3B%3CEM%3EOnly%20for%20smtp%20address%20and%20EmailAddressPolicy%3C%2FEM%3E%3C%2FP%3E%3CP%3EAutodiscover%20and%20Exhange%20web%20services%3A%20%22email.publicdomain.com%22%20with%20SSL%20certificate%20bound%20to%20this%20domain%2Cand%20the%20smtpdomain%20%22SAN%22%3C%2FP%3E%3CP%3Eaka%20split%20dns%2C%20all%20is%20fine%20and%20no%20issues%2C%20but%20when%20it%20comes%20to%20running%20the%20HCW%2C%20why%20the%20federation%20chose%20to%20create%20a%20federation%20and%20organization%20trust%20using%20the%20mysmtpdomain.com%2C%20why%20not%20the%20URL%20domain%20which%20using%20exchange%20web%20services%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1744834%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3E2016%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ehybrid%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOutlook%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1788529%22%20slang%3D%22en-US%22%3ERe%3A%20Still%20dont%20understand%20the%20federation%20between%20premise%20and%20EOL%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1788529%22%20slang%3D%22en-US%22%3E%3CP%3ESplit%20DNS%20(aka%26nbsp%3Bsplit-horizon%2C%20split-view%2C%20or%20split-brain)%20usually%20refers%20to%20a%20configuration%20where%20one%20namespace%2C%20or%20DNS%20zone%2C%20has%20different%20name%20servers%20that%20respond%20with%20different%20IP%20addresses%20depending%20on%20where%20the%20query%20is%20coming%20from.%20For%20example%2C%20a%20company%20that%20uses%20%22%3CA%20href%3D%22https%3A%2F%2Fowa.example.org%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fowa.example.org%3C%2FA%3E%22%20as%20their%20OWA%20URL%3A%3C%2FP%3E%3CUL%3E%3CLI%3Eusers%20inside%20your%20corporate%20network%20would%20hit%20internal%20DNS%20servers%2C%20which%20would%20return%20the%20internal%2Fprivate%20IP%20of%20your%20OWA%20load%20balancer%3C%2FLI%3E%3CLI%3Eusers%20outside%20your%20corporate%20network%20would%20hit%20public%20DNS%20servers%2C%20which%20would%20return%20the%20public%20IP%20address%20of%20the%20OWA%20load%20balancer%20(of%20course%2C%20at%20a%20high%20level%2C%20this%20would%20be%20NATed%20through%20perimeter%20firewalls%2C%20etc%20to%20the%20internal%20OWA%20load%20balancer)%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUsing%20the%20same%20namespace%20internally%26nbsp%3B%3CEM%3Eand%3C%2FEM%3E%20externally%20(split%20DNS)%20actually%20would%20make%20the%20HCW%20simpler%2C%20because%20it%20has%20to%20handle%20numerous%20processes%20and%20you%20wouldn't%20need%20to%20track%20separate%20configuration%20for%20each%20of%20these%3A%3C%2FP%3E%3CUL%3E%3CLI%3Eidentity%20and%20access%20management%3C%2FLI%3E%3CLI%3Email%20flow%20(MX%20%26gt%3B%20Exchange%20Online%20%26gt%3B%20Exchange%20on-premises)%3C%2FLI%3E%3CLI%3EAutoDiscover%20and%20EWS%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEvery%20environment%20has%20its%20own%20unique%20components%2C%20so%20more%20information%20would%20be%20needed%20to%20determine%20what%20questions%20you%20need%20to%20ask%20and%20how%20best%20to%20move%20forward.%20I'd%20recommend%20professional%20services%2C%20but%20also--if%20you%20have%20a%20chance%20to%20consolidate%20your%20Exchange%20Server%20namespace%20into%20a%20single%20DNS%20namespace%20with%20split%20DNS%2C%20then%20this%20process%20will%20likely%20be%20a%20lot%20simpler%20in%20the%20long%20run.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hi, 

I have the Exhange 2016 with Office 365 and the following config.

 

Email Domain: mysmtpdomain.com "user1@mysmtpdomain.comOnly for smtp address and EmailAddressPolicy

Autodiscover and Exhange web services: "email.publicdomain.com" with SSL certificate bound to this domain,and the smtpdomain "SAN"

aka split dns, all is fine and no issues, but when it comes to running the HCW, why the federation chose to create a federation and organization trust using the mysmtpdomain.com, why not the URL domain which using exchange web services

1 Reply

Split DNS (aka split-horizon, split-view, or split-brain) usually refers to a configuration where one namespace, or DNS zone, has different name servers that respond with different IP addresses depending on where the query is coming from. For example, a company that uses "https://owa.example.org" as their OWA URL:

  • users inside your corporate network would hit internal DNS servers, which would return the internal/private IP of your OWA load balancer
  • users outside your corporate network would hit public DNS servers, which would return the public IP address of the OWA load balancer (of course, at a high level, this would be NATed through perimeter firewalls, etc to the internal OWA load balancer)

 

Using the same namespace internally and externally (split DNS) actually would make the HCW simpler, because it has to handle numerous processes and you wouldn't need to track separate configuration for each of these:

  • identity and access management
  • mail flow (MX > Exchange Online > Exchange on-premises)
  • AutoDiscover and EWS

 

Every environment has its own unique components, so more information would be needed to determine what questions you need to ask and how best to move forward. I'd recommend professional services, but also--if you have a chance to consolidate your Exchange Server namespace into a single DNS namespace with split DNS, then this process will likely be a lot simpler in the long run.