Applies to: Live@edu
Topic Last Modified: 2011-07-06
If you are deploying cloud-based mailboxes to supplement an existing on-premises messaging system, you may want to have a shared address space. A shared address space is when two different messaging systems share the same domain suffix.
There are two ways to configure a shared address space. This topic describes the cloud-based relay configuration for Live@edu organizations, in which all e-mail sent to recipients in the shared address space by a sender on the Internet is first delivered to the cloud-based e-mail service. The cloud-based e-mail service is responsible for forwarding e-mail addressed to recipients in the on-premises messaging system using mail users.
You may also want to consider Shared Address Space with On-Premises Relay for Live@edu. With on-premises relay, all e-mail sent to recipients in the shared address space by a sender on the Internet is first delivered to the on-premises messaging system, and the on-premises messaging system is responsible for forwarding e-mail addressed to recipients in the cloud-based e-mail service.
Important This topic describes the on-premises relay configuration for Live@edu organizations. For Microsoft Office 365 for enterprises, see Hybrid Routing – Pointing your MX record to the Cloud.
An example of cloud relay
The University of Fabrikam uses the @fabrikam.edu address space for all faculty and staff e-mail addresses in an on-premises messaging system. The University of Fabrikam plans on giving all students cloud-based mailboxes. However, the University of Fabrikam wants all faculty, staff, and students to use the @fabrikam.edu domain suffix for all e-mail addresses. All e-mail messages must leave the organization with an @fabrikam.edu From: address, whether the sender is in the on-premises messaging system or in the cloud-based e-mail service. All incoming messages with an @fabrikam.edu e-mail address should be correctly delivered whether the recipient is in the on-premises messaging system or in the cloud-based e-mail service. To achieve this goal, the University of Fabrikam has to implement a shared address space.
The following diagram illustrates the deployment of a shared address space for the University of Fabrikam.
Note the following key points in this example:
-
All e-mail sent to any @fabrikam.edu recipient by a sender on the Internet is first delivered to the cloud-based e-mail service.
-
The cloud-based e-mail service is responsible for forwarding e-mail addressed to faculty and staff in the on-premises messaging system using mail users.
Note If you want e-mail delivered to the on-premises messaging system first, and then forwarded to students in the cloud-based e-mail service, see Shared Address Space with On-Premises Relay for Live@edu.
Required components for a shared address space
To make the shared address space work, you need the following components:
-
Multiple domains
-
Multiple e-mail addresses
Multiple domains
Ironically, to configure a single shared address space, you need to configure multiple domains. The following domains are required for a shared address space:
-
The domain for the shared address space itself In this example, the shared domain is @fabrikam.edu. This is also the domain that is used for the cloud-based e-mail service.
-
A specific domain for mailboxes in the on-premises messaging system In this example, the cloud-based domain is @campus.fabrikam.edu. If the shared address is already used to deliver e-mail to the on-premises messaging system, you must add an on-premises domain for the on-premises messaging system so you can move the shared address space to the cloud-based e-mail service.
The cloud-based domain must be different from the on-premises domain so e-mail is correctly routed between the cloud-based e-mail service and the on-premises messaging system. Senders and recipients that are outside the organization don't care about the on-premises domain, but it is a vital part of making the shared address space work correctly.
Multiple e-mail addresses
A key ingredient to a shared address space is correctly configuring the e-mail addresses on mailboxes in the on-premises messaging system and in the cloud-based e-mail service.
Here's how the e-mail addresses must be configured on all mailboxes:
-
The primary address The primary address is used as the From: address for all messages sent from the mailbox. There can be only one value for the primary address. In this example, everyone's primary address is in the shared address space @fabrikam.edu.
-
Proxy addresses Proxy addresses are additional addresses for a mailbox. Proxy addresses are also known as secondary e-mail addresses. The mailbox can receive e-mail sent to any of its proxy addresses. The primary address is always listed as a proxy address.
Here are the correct values for the primary address and proxy addresses for on-premises mailboxes and Outlook Live mailboxes.
|
|
Outlook Live mailboxes |
On-premises mailboxes |
|
Primary address |
<user>@fabrikam.edu |
<user>@fabrikam.edu |
|
Proxy addresses |
<user>@fabrikam.edu |
|
How does e-mail delivery work in the shared address space?
When you share an address space between the cloud-based e-mail service and an on-premises messaging system, one of the messaging systems must be configured as authoritative for the shared address space. When the messaging system is designated as authoritative for the @fabrikam.edu domain, all unresolved recipients generate a non-delivery report (NDR). This configuration prevents e-mail for nonexistent recipients from bouncing back and forth indefinitely between the cloud-based e-mail service and the on-premises messaging system.
You configure the shared address space @fabrikam.edu in the on-premises messaging system as a non-authoritative address space. If the @fabrikam.edu recipient isn't found in the on-premises messaging system, the message is forwarded to the cloud-based e-mail service for processing. If the recipient doesn't exist in the cloud-based shared address book, the cloud-based e-mail service is responsible for generating the NDR.
If @fabrikam.edu is configured as the authoritative name space for the cloud-based e-mail organization, how does the cloud-based e-mail service know to forward messages for valid on-premises recipients to the on-premises messaging system without generating an NDR? The on-premises users must be represented in the cloud-based shared address book as mail users. The mail user objects in the cloud-based shared address book convert @fabrikam.edu e-mail addresses to @campus.fabrikam.edu e-mail addresses for delivery to the on-premises messaging system.
Examples of how e-mail is delivered
As noted earlier, the cloud-based e-mail service is configured to accept all incoming e-mail from the Internet for the shared address space. In the University of Fabrikam example, all e-mail for the @fabrikam.edu domain is delivered to the cloud-based e-mail service. You accomplish this by configuring the MX record for the fabrikam.edu domain in an Internet-facing DNS server to point to the cloud-based e-mail service.
After the e-mail arrives, the cloud-based e-mail service is responsible for correctly determining if the recipient has a mailbox in the cloud-based e-mail service or in the on-premises messaging system, and then delivering the message or forwarding the message as appropriate.
Here are two interesting e-mail routing scenarios in a shared address space:
-
E-mail sent to faculty and staff in the on-premises messaging system The messages could come from external senders on the Internet, or from students in the cloud-based e-mail service. The faculty and staff are represented in the cloud-based shared address book as mail users. The mail user object converts the @fabrikam.edu e-mail address to an @campus.fabrikam.edu address for delivery to the on-premises messaging system.
-
E-mail sent from faculty and staff in the on-premises messaging system to students in the cloud-based e-mail service The shared address space @fabrikam.edu is configured as a non-authoritative domain in the on-premises messaging system. When the student recipient isn't found in the address book of the on-premises messaging system, the message is routed to the Internet, and the fabrikam.edu domain points to the cloud-based e-mail service, so the message is delivered successfully.
Internal e-mail between recipients in the on-premises messaging system or between students in the cloud-based e-mail service isn't so interesting. In both cases, the recipients are in their respective address books, so the message is delivered locally.
Likewise, outgoing e-mail to recipients outside the organization isn't very interesting. The on-premises messaging system uses its existing path to the Internet to deliver e-mail messages to the Internet for recipients outside the organization, and the cloud-based e-mail service delivers messages directly to the Internet.
Things to consider
-
What if you are already using the shared address space as an authoritative domain in your on-premises messaging system?
That scenario is probably the most common, so it's covered in Configure a Shared Address Space with Cloud Relay for Live@edu. Briefly, you'll have to configure a specific on-premises domain, such as campus.fabrikam.edu, as the authoritative domain for your on-premises messaging system. You need to leave the shared address space configured in the on-premises messaging system as a non-authoritative domain. You can then enroll the shared address space in the cloud-based e-mail service as an authoritative domain.
-
What about redirecting the MX record for the shared address space from the on-premises messaging system to the cloud-based e-mail service?
Internet DNS servers cache their DNS query results for up to 48 hours. Therefore, when you redirect the MX record for the shared address space from the on-premises messaging system to the cloud-based e-mail service, it is very likely that e-mail will be delivered to both locations during that 48-hour period. However, after you configure the shared address space as a non-authoritative domain in the on-premises messaging system, you can configure mail routing to the cloud-based e-mail service for recipients in the shared address space. That information is covered in Configure a Shared Address Space with Cloud Relay for Live@edu.
