Category Archives: cloud computing

amazon, cloud computing, microsoft, tech

VMware Cloud on AWS: a game changer? What about Microsoft’s Azure Stack?

The biggest announcement from VMWorld in Las Vegas and then Barcelona was VMware Cloud on AWS; essentially VMware hosts on AWS servers.

image

A key point is that this really is VMware on AWS infrastructure; the release states “Run VMware software stack directly on metal, without nested virtualization”.

Why would you use this? Because it is hybrid cloud, allowing you to plan or move workloads between on-premises and public cloud infrastructure easily, using the same familiar tools (vCenter, vSphere, PowerCLI) as you do now, presuming you use VMware.

You also get low-latency connections to other AWS services, of which there are far too many to mention.

This strikes me as significant for VMware customers; and let’s not forget that the company dominates virtualisation in business computing.

Why would you not use VMware Cloud on AWS? Price is one consideration. Each host has 2 CPUs, 36 cores, 512GB RAM, 10.71TB local flash storage. You need a minimum of 4 hosts. Each host costs from $4.1616 to $8.3681 per hour, with the lowest price if you pay up front for a 3-year subscription (a substantial investment).

Price comparisons are always difficult. A big VM of a similar spec to one of these hosts will likely cost less. Maybe the best comparison is an EC2 Dedicated Host (where you buy a host on which you can run up VM instances without extra charge). An i3 dedicated host has 2 sockets and 36 cores, similar to a VMware host. It can run 16 xlarge VMs, each with 950GB SSD storage. Cost is from $2.323 to $5.491. Again, the lowest cost is for a 3 year subscription with payment upfront.

I may have this hasty calculation wrong; but there has to be a premium paid for VMware; but customers are used to that. The way the setup is designed (a 4-host cluster minimum) also makes it hard to be as flexible with with costs as you can be when running up individual VMs.

A few more observations. EC2 is the native citizen of AWS. By going for VMware on AWS instead of EC2 you are interposing a third party between you and AWS which intuitively seems to me a compromise. What you are getting though is smoother hybrid cloud which is no small thing.

What about Microsoft, previously the king of hybrid cloud? Microsoft’s hypervisor is Hyper-V and while there are a few features in VMware ESXi that Hyper-V lacks, they are not all that significant in my opinion. As a hypervisor, Hyper-V is solid. The pain points with Microsoft’s solution though are Cluster Shared Volumes, for high availability Hyper-V deployments, and System Center Virtual Machine Manager; VMware has better tools. There is a reason Azure uses Hyper-V but not SCVMM.

Hyper-V will always be cheaper than VMware (other than for small, free deployments) because it is a feature of Windows and not an add-on. Windows Server licenses are not cheap at all but that is another matter, and you have to suffer these anyway if you run Windows on VMware.

Thus far, Hyper-V has not been all that attractive to VMware shops, not only because of the cost of changing course, but also because of the shortcomings mentioned above.

Microsoft’s own game-changer here is Azure Stack, pre-packaged hardware which uses Azure rather than System Center technology, relieving admins of the burden of managing Cluster Shared Volumes and so forth. It is a great solution for hybrid since it really is the same (albeit with some missing features and some lag over implementing features that come to the public version) as Microsoft’s public cloud.

Azure Stack, like VMware on AWS, is new. Further, there is much more friction in migrating an existing datacenter to use Azure Stack, than in extending an existing VMware operation to use VMware Cloud on AWS.

But there is more. Is cloud computing really about running up VMs and moving them about? Arguably, not. Containers are another approach with some obvious advantages. Serverless is a big deal, and abstracts away both VMs and containers. Further, as you shift the balance of applications away from code you write and more towards use of cloud services (database, ML, BI, queuing and so on), the importance of VMs and containers lessens.

Azure Stack has an advantage here, since it gives an on-premises implementation of some Azure services, though far short of what is in Microsoft’s cloud. And VMware, of course, is not just about VMs.

Overall it seems to me that while VMware Cloud on AWS is great for VMware customers migrating towards hybrid cloud, it is unlikely to be optimal, either for cost or features, especially when you take a long view.

It remains a smart move and one that I would expect to have a rapid and significant take-up.

cloud computing, microsoft

An overreaching Office 365 integration from Sage

4 Comments

Sage, a software vendor best known for its accounting software, recently introduced an Office 365 integration in its products called Sage 50C Accounts (the “C” is for cloud).

The integration offers several features including:

  • Automatic data backup to OneDrive
  • Contact integration so that you can easily see Sage accounts data for contacts in Office 365/Outlook
  • A mobile app that lets you capture receipts with your smartphone and import them
  • Excel reports
  • A Business Performance Dashboard

image

Very good; but how is this implemented? Users get a special Getting Started email which says:

Are you ready to integrate your Microsoft Office 365 account with Sage 50c Accounts? All you need to do is click Get Started and sign in using the administrator account for your Office 365 Business Premium subscription, and we will guide you through accepting terms and conditions, how to sync your data and setup the Sage apps and users

To sign in, you’ll enter your email and password for your administrator account. Your email is formatted as follows: xxx@xxx.onmicrosoft.com. If you have forgotten your Office 365 administrator password, please click here for more information.

You’ll be asked to accept a provider invitation to give us permission to activate the Sage add-ins for your Office 365 account. Easy.

If you know Office 365 you will spot something odd in the above. Sage is asking you not just to install an Office 365 application, but to “accept a provider invitation”.

It is as bad as it sounds. In order to get its integration working, Sage demands that you appoint it as a Cloud Solution Provider (CSP) for your entire Office 365 tenancy. This does not require that you start paying for your tenancy via Sage, as it can be alongside an existing CSP relationship. However it does give Sage complete access to the tenancy including the ability to reset the global administrator password.

While I do not think it is likely that Sage will do anything bad, this is a lot to ask. It means that in the unlikely event that Sage has its systems compromised, your Office 365 data is at risk.

It gets worse. Once you have agreed to hand over the keys to your Office 365 kingdom, you click a “Let’s get started” button in Sage 50C Accounts on your desktop. You have to log in as manager (a local Sage administrator) and then enter the credentials for your Office 365 global administrator. These credentials are then stored by Sage for 90 days and used to perform synchronization. After 90 days, it will demand that the credentials are entered again.

And by the way, you will need an Office 365 Business Premium license for the global administrator, even though it does not normally use that license for day to day work.

Why is this bad? First, it is a mis-use of the global administrator account. Best practice is that this account is used only for Office 365 administration. It should not be an active user account for email, OneDrive etc, since this increases the risk of the account being compromised.

Second, end users (such as those in the accounts department) do not normally have knowledge of the global administrator credentials. Therefore to perform this operation, they will need to contact their IT support every 90 days.

Third, the fact that Sage has these credentials on a user’s PC, albeit I presume encrypted, adds a possible attack mechanism for your Office 365 tenancy. If the PC became hijacked or infected with malware, some bad guy can now start trying to figure out if there is a way of persuading Sage to do something bad.

Fourth, it is not even wise to enter these credentials on an end user PC. Perhaps I am being excessively cautious, but it is obvious that an end-user PC that is used for day to day work, web browsing and so forth, by someone non-specialist in IT terms, is more vulnerable than an administrator’s PC. If a keylogger were installed, then there is an opportunity to grab the global administrator credentials every 90 days.

Frankly, I do not recommend that businesses use this integration in its current implementation. Nor is it necessary. There are plenty of ways to create Office 365 applications that integrate nicely using the APIs which Microsoft has provided. Maybe there is a feature or two which is difficult to implement without these rights; in this case, the correct thing to do is to badger Microsoft to provide a new API, or perhaps to recognise that the security cost of adding the feature is not worth the value which it adds.

My suspicion is that Sage has gone down this path by a process of evolution. It set itself up as an Office 365 CSP (before doing this integration) in order to get some extra business, which is fair enough. Then it started adding value to its Office 365 tenants, making use of what it could do as the customer’s CSP. Then it wanted to extend that to other Office 365 customers, those for whom it was not the CSP, and went down the path of least resistance, “oh, let’s just require that we become their CSP as well.”

Imagine if other third-party vendors go down this route. Your specialist business software supplier, your CRM supplier, your marketing software, all demanding total access and control over your Office 365 setup.

It is overreaching and disappointing that Microsoft CEO Satya Nadella blessed this integration with a quote about “empowering professionals” when the truth is that this is the wrong way to go about it.

cloud computing, microsoft, Notes from the field, tech

Unhealthy Identity synchronization Notification: a trivial solution (and Microsoft’s useless troubleshooter)

If you use Microsoft’s AD Connect, also known as DirSync, you may have received an email like this:

image

It’s bad news: your Active Directory is not syncing with Office 365. “Azure Active Directory did not register a synchronization attempt from the Identity synchronization tool in the last 24 hours.”

I got this after upgrading AD Connect to the latest version, currently 1.1.553.

The email recommends you run a troubleshooting tool on the AD Connect server. I did that. Nothing wrong. I rebooted, it synced once, then I got another warning.

This is only a test system but I still wanted to find out what was wrong. I tweaked the sync configuration, again without fixing the issue.

Finally I found this post. Somehow, AD Connect had configured itself not to sync. You can get the current setting in PowerShell, using get-adsyncscheduler:

image

As you can see, SyncCycleEnabled is set to false. The fix is trivial, just type:

set-adsyncscheduler –SyncCycleEnabled $true

Well, I am glad to fix it, but should not Microsoft’s troubleshooting tool find this simple configuration problem?

cloud computing, dell, hardware, hp, microsoft, professional

Server shipments decline as customers float towards cloud

Gartner reports that worldwide server shipments have declined by 4.2% in the first quarter of 2017.

Not a surprise considering the growth in cloud adoption but there are several points of interest.

One is that although Hewlett Packard Enterprise (HPE) is still ahead in revenue (over $3 billion revenue and 24% market share), Dell EMC is catching up, still number two with 19% share but posting growth of 4.5% versus 8.7% decline for HPE.

In unit shipments, Dell EMC is now fractionally ahead, with 17.9% market share and growth of 0.5% versus HPE at 16.8% and decline of 16.7%.

Clearly Dell is doing something right where HPE is not, possibly through synergy with its acquisition of storage vendor EMC (announced October 2015, completed September 2016).

The larger picture though is not great for server vendors. Businesses are buying fewer servers since cloud-hosted servers or services are a good alternative. For example, SMBs who in the past might run Exchange are tending to migrate to Office 365 or perhaps G Suite (Google apps). Maybe there is still a local server for Active Directory and file server duties, or maybe just a NAS (Networked Attached Storage).

It follows that the big cloud providers are buying more servers but such is their size that they do not need to buy from Dell or HPE, they can go directly to ODMs (Original Design Manufacturers) and tailor the hardware to their exact needs.

Does that mean you should think twice before buying new servers? Well, it is always a good idea to think twice, but it is worth noting that going cloud is not always the best option. Local servers can be much cheaper than cloud VMs as well as giving you complete control over your environment. Doing the sums is not easy and there are plenty of “it depends”, but it is wrong to assume that cloud is always the right answer.

cloud computing, microsoft

Microsoft financials: cloud good, Surface down, and “We had no material phone revenue this quarter”

Microsoft has released its financial results for the third quarter of its financial year. Revenue was up 8% year on year, and operating income up 6%. I’m always interested in the segmentation of the figures so here is a quick table:

Quarter ending  March 31st 2017 vs quarter ending March 31st 2016, $millions

Segment Revenue Change Operating income Change
Productivity and Business Processes 7958 +1437 2783 -198
Intelligent Cloud 6763 +667 2181 +5
More Personal Computing 8836 -703 2097 +346
Corporate and Other -1467 +158 -1467 +158

There is a bit more detail in the earnings slide:

image

A few points of note:

Cloud growth remains on track. Office 365 business revenue is up 45% year on year, according to Microsoft. Dynamics 365 revenue is up 81%. Azure revenue is up 93%. Of course these figures are offset by static or declining sales of on-premises licenses, though Microsoft does not spell this out precisely.

Windows is not doing too badly, despite continuing weakness in the PC market. OEM revenue up 5%, which the company attributes to “a higher mix of premium SKUs”. Surface is weak. Revenue is down 26%. Microsoft blames “heightened price competition and product end of lifecycle dynamics.” The truth is that the Surface range is not good value versus the competition. There should be a perfect marriage of hardware and software, given that it is all Microsoft, but instead there have been too many little issues. The likes of HP and Dell do a better job at lower price and with easier upgradeability.

“We had no material phone revenue this quarter” says Microsoft. I remain sad about the killing of Windows Phone, and regard it as a mistake, but that is a done deal.

Xbox is doing OK. Xbox live revenue growth has offset declining hardware sales.

Search revenue is up 8%. Nobody pays for search, so this is about advertising. Windows 10 drives users to “Cortana” search, and Edge defaults to Bing. Users can easily find defaults changed inadvertently, which is annoying, but Microsoft has a touch competitor (Google).

 

 

A reminder of Microsoft’s segments:

Productivity and Business Processes: Office, both commercial and consumer, including retail sales, volume licenses, Office 365, Exchange, SharePoint, Skype for Business, Skype consumer, OneDrive, Outlook.com. Microsoft Dynamics including Dynamics CRM, Dynamics ERP, both online and on-premises sales.

Intelligent Cloud: Server products not mentioned above, including Windows server, SQL Server, Visual Studio, System Center, as well as Microsoft Azure.

More Personal Computing: What a daft name, more than what? Still, this includes Windows in all its non-server forms, Windows Phone both hardware and licenses, Surface hardware, gaming including Xbox, Xbox Live, and search advertising.

cloud computing, microsoft

Microsoft Office 365 Activation Hassles

1 Comment

Imagine you are a customer of Microsoft’s Office 365 service, including a subscription to the Office desktop applications like Word, Excel and Outlook.

One day you click on the shortcut for Word, but instead of opening, it just shows a “Starting” splash screen which never progresses.

Being smart, you try to start Word in safe mode by holding down the Ctrl key, but the exact same thing happens.

Annoying, when you want to do your work. What is going on?

I took a look at a case like this. Two things you should do (after the usual reboot):

1. Look in the event viewer. Here, I found a clue that the issue is related to software activation, specifically Event 2011 “Office Subscription Licensing exception”:

image

2. For all things related to Office licensing, open a command prompt, go to (for example) C:\Program Files (x86)\Microsoft Office\Office16, and type:

cscript ospp.vbs /dstatus

In this case I got the following:

image

This told me that Windows thinks TWO product keys for Office are installed. One has expired, the other is fine.

The guilty party may (or may not) be the trial version of Office typically pre-installed with a new PC. Or it could be a consequence of changing your Office 365 subscription. Neither would be the fault of the user, who is fully licensed and has done nothing other than follow Microsoft’s normal procedures for installing Office 365.

Solution: we reinstalled Office from the Office 365 portal, and attempted to remove the dud product key with:

cscript ospp.vbs /unpkey:<Last five characters of product key>

as explained here. All is well for the moment.

This kind of thing drives me nuts though. Activation and subscription license checking is for the benefit of the vendor, not the user, and should never get in the way like this.

Further, cannot Microsoft find some way of informing the user when this happens, and not have Word simply hang on starting? How difficult is it to check for licensing and activation issues, and throw up a message?

azure, cloud computing, microsoft

From Windows Embedded to cloud: Microsoft announces the Connected Vehicle Platform

Microsoft has announced the Connected Vehicle Platform, at the CES event under way in Las Vegas.

image

The company is not new to in-car systems, but its track record is disappointing. It used to be all about Windows Embedded, using Windows CE to make a vehicle into a smart device.

Ford was Microsoft’s biggest partner. It built Ford SYNC on the platform and in 2012 announced five years of partnership and 5 million SYNC-enabled vehicles.

However in 2014 Ford announced SYNC 3 with no mention of Microsoft – because SYNC 3 uses Blackberry’s QNX.

What went wrong? There’s a 2014 analysis from Bill Howard that offers a few clues. The bit that chimes with me is that Microsoft was too slow in updating the system. The overall Windows story over the last 10 years is convoluted to say the least, with many changes to the platform and disruptive (in a bad way) strategy shifts. The same factor is a large part of why Windows Phone failed.

It is not clear at this stage whether or not Microsoft’s Connected Vehicle Platform partners (which include Renault-Nissan and BMW) will use Windows Embedded in their solutions; but what is notable is that Microsoft’s release makes no mention of it. The company has shifted to a cloud strategy, and is primarily offering Azure services rather than mandating how manufacturers choose to consume them. The detail of the announcement identifies five key areas:

  • Telematics and Predictive services
  • Marketing (“Customer insights and engagement”)
  • Productivity (Office 365, Skype)
  • Connected ADAS (Advanced Driver Assistance Systems), ie. the car helping you to drive
  • Advanced Navigation

Cortana also gets a mention. We may think of Cortana as a virtual assistant, but what this means is a user interface to intelligent services.

There is big competition for all this of course, with Google, Amazon and Apple also in this space. There is also politics involved. If you read Howard’s analysis linked above, note that he mentions how the auto companies dislike restrictions such as Google insisting that you can’t have Google Search unless you also use Google Maps (I have no idea if this is still the case). There is a tension here. In-car systems are an important value-add for customers and critical to marketing vehicles, but the auto companies do not want their vehicles to become just another channel for big data-gathering companies like Google and Amazon.

Another point of interest is how smartphones interact with your car. If you want a simple and integrated experience, you can just dock your phone and use it for navigation, communication and entertainment – three key areas for in-car systems. On the other hand, a docked phone will not have the built-in screen and control of vehicle features that an embedded system can offer.

amazon, cloud computing

Amazon Web Services opens London data centers

Amazon Web Services (AWS) has opened a London Region, fulfilling its promise to open data centers in the UK, and joining Microsoft Azure which opened UK data centers in September 2016.

This is the third AWS European region, joining Ireland and Germany, and a fourth region, in France, has also been announced.

A region is not a single data center, but is comprised of at least two “Availability Zones”, each of which is a separate data center.

cloud computing, microsoft, office 365

Notes from the field: Office 365 Cutover Migration for a small business and the mysteries of mail-enabled users

1 Comment

I assisted a small company in migrating from Small Business Server 2011 to Office 365.

SBS 2011 was the last full edition of Small Business Server, with Exchange included. It still works fine but is getting out of date, and Microsoft has no replacement other than full Exchange and multiple servers at far greater cost, or Office 365.

There must be hundreds of thousands of businesses who have done this or will do it, and you would expect Microsoft’s procedures to be pretty smooth by now. I have done this before, but not for a couple of years, so was interested to see how it now looks.

The goal here is to migrate email (I am not going to cover SharePoint or other aspects of migration here) in such a way that no email or other Oulook data in lost, and that users have a smooth transition from using an internal mail server to using Office 365.

What you do first is to set up the Office 365 tenant and add the email domain, for example yourbusiness.co.uk. You do not complete the DNS changes immediately, in particular the MX record that determines where incoming mail is sent.

Now you have a few choices. In the new Office 365 Admin center, in the Users section, there is a section called Data Migration, which has an option for Exchange. “We will … guide you through the rest of the migration experience,” it says.

If you select Exchange you are offered the Office 365 Hybrid Configuration Wizard. You do not want to use this for Small Business Server. It sets up a hybrid configuration with Exchange Federation Trust, for a setup where Office 365 and on-premises Exchange co-exist. Click on this image if you want to know more. I have no idea if it would work but it is unnecessarily complicated.

image

No, what you should do is go down the page and click “Exchange Online migration and deployment guidance for your organisation”. Now we have a few options, the main relevant ones being Cutover and Hybrid 2010. Except you cannot use Hybrid 2010 if you have a single-server setup, because this requires directory synchronization. And you cannot install DirSync, nor its successor Azure AD Connect, on a server that is a Domain Controller.

So in most SBS cases you are going to do a Cutover migration, suitable for “fewer than 2000 mailboxes” according to Microsoft. The SBS maximum is 75 so you should be fine.

Click Cutover Migration and you get to a nice migration assistant with 15 steps. Let’s get started.

image

So I did, and while it mostly works there are some gotchas and I am not impressed with the documentation. It has a combination of patronising “this is going to be easy” instructions with links that dump you into other documents that are more general, or do not cover your exact situation, particularly in the case of the mysterious “Create mail-enabled users” of which more below.

Steps 1-5 went fine and than I was on step 6, Migrate your mailboxes. This guides you to the Migration Batch tool. This tool connects to your SBS Exchange, creates Office 365 users for each Exchange mailbox if they do not already exist, and then copies all the contents of those mailboxes to the new mailboxes in Office 365.

image

While this tool is useful, I found I had what seemed to me obvious questions that the documentation, such as it is, does not address. One is, what do you do if one or more mailboxes fail to sync, or sync with errors reported, which is common. The document just advises you to look at the log files. What if you stop and then resume a migration batch, what actually happens? What if you delete and recreate a migration batch (as support sometimes advises), do you get duplicate items? Do you need to delete the existing users? How do you get to the Finalized state for a mailbox? It would be most helpful if Microsoft would provide detailed documentation for this too, but if it does, I have not found it.

The migration can take a long time, depending of course on the size of your mailboxes and the speed of your connection. I was lucky, with just 11 users it tool less than a day. I have known this tool to run for several days; it could take weeks over an ADSL connection.

Note that even when all mailboxes are synced, mail is still flowing to on-premises Exchange, so the sync is immediately out of date. You are not done yet.

The mysteries of converting to Mail-Enabled Users

I got to Synced after only a few hiccups. Now comes the strange bit. Step 7 is called Create mail-enabled users.

 

image

There are numerous problems with this step. It does not fully explain the implications of what it describes. It does not actually work without tweaking. The documentation is sloppy.

Do you need to do this step at all? No, but it does have some advantages. What it does is to remove (actually disconnect rather than delete) the on-premises mailbox from each user, and set the TargetAddress attribute in Active Directory, which tells Exchange to route mail to the TargetAddress rather than trying to deliver it locally. The TargetAddress, which is only viewable through ADSI Edit or command-line tools, should be set to the unique Office 365 email address for each users, typically username@yourbusiness.onmicrosoft.com, rather than the main email address. If I have this right (and it is not clearly explained), this means that any email that happens to arrive at on-premises Exchange, either because of old MX records, or because the on-premises Exchange is hard-coded as the target server, then it gets sent to Office 365.

Update: there is one scenario where you absolutely DO need this step. This is if you want to use ADConnect to synch on premise AD with Office 365, after doing the mail migration. See this thread and the comment:

“To covert on-premises mailboxes to mail-enabled users is required. When you convert on-premises mailboxes to mail-enabled users (MEUs), the proxy addresses and other information from the Office 365 mailboxes are copied to the MEUs, which reside in Active Directory in your on-premises organization. These MEU properties enable the Directory Synchronization tool, which you activate and install in step 3, to match each MEU with its corresponding cloud mailbox.”

The documentation for this step explains how to create a CSV file with the primary email addresses of the users to convert (this works), and then refers you to this document for the PowerShell scripts to complete the step. You will note that this document refers to Exchange 2007, though the steps also apply to Exchange 2010, and to a Staged Exchange migration, when you are doing a Cutover. Further, the scripts are embedded in the text, so you have to copy and paste. Further, the scripts do not work if you try to follow the instructions exactly. There are several issues.

First, this step seems to be in the wrong place. You should change the MX records to route mail to Office 365, and then leave an interval of at least a few hours, before doing this step. The reason is that once you convert SBS users to mail-enabled users, the Migration tool will not be able to re-sync their mailbox. You must complete a sync immediately before doing the conversion. The only way I know to force a sync is to stop and then resume the Migration Batch. Check that all mailboxes are synced, which only takes a few minutes, before doing the conversion. You may still lose an email if it arrives in the window between the last sync and the conversion, which is why you should change the MX records first.

Second, if you run ExportO365UserInfo.ps1 in the Small Business Server Exchange Shell, it will not work, since “By default, Import-PSSession does not import commands that have the same name as commands in the current session.” This means that when the script runs mailbox commands they run against the local Exchange server rather than Office 365, unless you use the –AllowClobber parameter. I found the solution was to run this script on another machine.

Third, the script still does not work, since, in my case at least, the Migration Batch did not populate the onmicrosoft.com email address for imported users. I fixed this with a handy script.

Note that the second script, Exchange2007MBtoMEU.ps1, must be run in the SBS server Exchange Shell, otherwise it will not work.

Bearing in mind all these hazards, you might think that the whole, not strictly necessary, step of converting to mail-enabled users is not worth it. That is perfectly reasonable.

Finishing the job

Bearing in mind the above, the next steps do not altogether make sense. In particular, step 11, which says to make sure that:

“Office 365 mailboxes were synchronized at least once after mail began being sent directly to them. To do this, make sure that the value in the Last Synced Time box for the migration batch is more recent than when mail started being routed directly to Office 365 mailboxes.”

In fact, you will get errors here if you followed Step 7 to create mail-enabled users. Did anyone at Microsoft try to follow these steps?

Still, I have to say that the outcome in our case was excellent. Everything was copied correctly, and the Migration Batch tool even successfully replicated fiddly things like calendar permissions. The transition was smooth.

Note that you should not attempt to point an existing Outlook profile at the Office 365 Exchange. Instead, create a new profile. Otherwise I am not sure what happens; you probably get thousands of duplicate items.

One puzzle. I did not spot any duplicates in the synced mailboxes, but the item count increased by around 20% compared to the old mailboxes, as reported by PowerShell. Currently a mystery.

Closing words

I am puzzled that Microsoft does not have any guidance specifically for Small Business Server migrations, given how common these are, as well as by the poor and inaccurate documentation as noted above.

There are perhaps two factors at play. One is that Microsoft expects businesses of any size to use partners for this kind of work, who specialise in knowing the pitfalls. Second, the company seems so focused on enterprises that the needs of small businesses are neglected. Note, for example, the strong push for businesses to use the Azure AD Connect tool even though this requires a multi-server setup. There is a special tool in Windows Server Essentials, but this does not apply for businesses using a Standard edition of Small Business Server.

Finally, note that there are third-party tools you can use for this kind of migration, in particular BitTitan’s MigrationWiz, which may well be easier though a small cost is involved.