Applies to: Live@edu
Topic last modified: 2011-07-06
If you are deploying cloud-based mailboxes to supplement an existing on-premises messaging system, you may want to have a shared address space. A shared address space is when two different messaging systems share the same domain suffix.
There are two ways to configure a shared address space. This topic describes the on-premises relay configuration, in which all email sent to recipients in the shared address space by a sender on the Internet is first delivered to the on-premises messaging system. The on-premises messaging system is responsible for forwarding email addressed to recipients in the cloud-based email service.
You may also want to consider Shared Address Space with Cloud Relay. With cloud relay, all email sent to recipients in the shared address space by a sender on the Internet is first delivered to the cloud-based email service, and the cloud-based email service is responsible for forwarding email addressed to recipients in the on-premises messaging system using mail users.
An example of on-premises relay
Contoso University uses the @contoso.edu address space for all faculty and staff email addresses in an on-premises messaging system. Contoso University plans on giving all students cloud-based mailboxes. However, Contoso University wants all faculty, staff and students to use the @contoso.edu domain suffix for all email addresses. All email messages must leave the organisation with an @contoso.edu From: address, whether the sender is in the on-premises messaging system or in the cloud-based email service. All incoming messages with an @contoso.edu email address should be correctly delivered whether the recipient is in the on-premises messaging system or in the cloud-based email service. To achieve this goal, Contoso University has to implement a shared address space.
The following diagram illustrates the deployment of a shared address space for Contoso University.
Note the following key points:
-
All email sent to any @contoso.edu recipient by a sender on the Internet is first delivered to the on-premises messaging system.
-
The on-premises messaging system is responsible for forwarding email addressed to students in the cloud-based email service.
Required components for a shared address space
To make the shared address space work, you need the following components:
-
Multiple domains
-
Multiple email addresses
Multiple domains
Ironically, to configure a single shared address space, you need to configure multiple domains. The following domains are required for a shared address space:
-
The domain for the shared address space itself In this example, the shared domain is @contoso.edu. This is also the domain that is used for the on-premises messaging system.
-
A specific domain for mailboxes in the cloud-based email service In this example, the cloud-based domain is @live.contoso.edu.
The cloud-based domain must be different from the on-premises domain so email is correctly routed between the on-premises messaging system and the cloud-based email service. Senders and recipients that are outside the organisation don't care about the cloud-based domain, but it is a vital part of making the shared address space work correctly.
Multiple email addresses
A key ingredient to a shared address space is correctly configuring the email addresses on mailboxes in the on-premises messaging system and in Outlook Live.
Here's how the email addresses must be configured on all mailboxes:
-
The primary address The primary address is used as the From: address for all messages sent from the mailbox. There can be only one value for the primary address. In this example, everyone's primary address is in the shared address space @contoso.edu.
-
Proxy addresses Proxy addresses are additional addresses for a mailbox. Proxy addresses are also known as secondary email addresses. The mailbox can receive email sent to any of its proxy addresses. The primary address is always listed as a proxy address.
Here are the correct values for the primary address and proxy addresses for on-premises mailboxes and Outlook Live mailboxes.
| On-premises mailboxes | Outlook Live mailboxes | |
|---|---|---|
|
Primary address |
<user>@contoso.edu |
<user>@contoso.edu |
|
Proxy addresses |
<user>@contoso.edu |
|
How does email delivery work in the shared address space?
When you share an address space between an on-premises messaging system and the cloud-based email service, one of the messaging systems must be configured as authoritative for the shared address space. When the messaging system is designated as authoritative for the @contoso.edu domain, all unresolved recipients generate a non-delivery report (NDR). This configuration prevents email for nonexistent recipients from bouncing back and forth indefinitely between the on-premises messaging system and the cloud-based email service.
You configure the shared address space @contoso.edu in the cloud-based email service as a non-authoritative address space. If the @contoso.edu recipient isn't found in the cloud-based email service shared address book, the message is forwarded to the on-premises messaging system for processing. If the recipient doesn't exist, the on-premises messaging system is responsible for generating the NDR.
If @contoso.edu is configured as the authoritative name space for the on-premises messaging system, how does the on-premises messaging system know to forward messages for valid cloud-based recipients to the cloud-based email service without generating an NDR? The on-premises messaging system must be configured with a forwarding solution that converts the @contoso.edu recipients to @live.contoso.edu recipients. For example:
-
You create mail users or mail contacts in the on-premises address book for all cloud-based recipients.
-
You use address rewriting from @contoso.edu to @live.contoso.edu for all unresolved @contoso.edu recipients.
Other forwarding solutions may also be available depending on the nature of the on-premises messaging system. Regardless of the forwarding solution that you use, make sure that email for nonexistent recipients is handled correctly for both the on-premises messaging system and the cloud-based email service.
Examples of how email is delivered
As noted earlier, the on-premises messaging system is configured to accept all incoming email from the Internet for the shared address space. In the Contoso University example, all email for the @contoso.edu domain is delivered to the on-premises messaging system. You accomplish this by configuring the MX record for the contoso.edu domain in an Internet-facing DNS server to point to the on-premises messaging system.
After the email arrives, the on-premises messaging system is responsible for correctly determining if the recipient has a mailbox in the on-premises messaging system or in the cloud-based email service, and then delivering the message or forwarding the message as appropriate.
Here are two email routing scenarios in a shared address space:
-
Email sent to students in the cloud-based email service The messages could come from external senders on the Internet, or from faculty and staff in the on-premises messaging system. The on-premises messaging system is configured to forward email for students to the cloud-based email service. The required configuration depends heavily on the nature of the on-premises messaging system. For details, see Configure a Shared Address Space with On-Premises Relay.
-
Email sent from students in the cloud-based email service to faculty and staff in the on-premises messaging system The shared address space @contoso.edu is configured as an internal relay domain in the cloud-based email service. When the faculty or staff recipient isn't found in the cloud-based shared address book, the message is routed to the Internet and the contoso.edu domain points to the on-premises messaging system, so the message is delivered successfully.
Internal email between recipients in the on-premises messaging system or between students in the cloud-based email service is straight-forward. In both cases, the recipients are in their respective address books, so the message is delivered locally.
Likewise, outgoing email to recipients outside the organisation operates as expected. The on-premises messaging system uses its existing path to the Internet to deliver email messages to the Internet for recipients outside the organisation, and the cloud-based email service delivers messages directly to the Internet.
Things to consider
In the shared address space scenario, when incoming email is first delivered to the on-premises messaging system before being forwarded to the cloud-based email service, the on-premises messaging system becomes a single point of failure. The cloud-based domain can be functioning normally, but because something is wrong with the on-premises messaging system, email can't be delivered to cloud-based recipients.
Also, the on-premises messaging system is responsible for protecting messages that are forwarded to the cloud-based email service from spam and viruses. Failure to do so may cause the email coming from the on-premises messaging system to be blocked or severely throttled by Forefront Online Protection for Exchange.
