DRAG DROP
You have an Exchange Server 2010 Service Pack 1 (SP1) organization named contoso.com. A partner
company named Fabrikam, Inc., has an Exchange Server 2010 (SP1) organization named
fabrikam.com. All client computers in contoso.com and fabrikam.com run Microsoft Outlook 2010.
You need to ensure that users in fabrikam.com can view the availability information of users in
contoso.com.What should you do?
Explanation:
I think this answer is wrong and the correct answer is that Fabrikam should created the trust and the
organization relationship
Implementing Federated Sharing
With federated sharing, you can use federation technologies to establish trusted relationships and
hence enable secure Internet communications between organizations. This requires that you use
Microsoft Federation Gateway as a trust broker, that each participating organization establish and
manage its trust, and that federated sharing is supported for all messaging clients. To establish a
federation trust, organizations exchange security certificates with public keys with each other or
with a trusted third party and use those certificates to authenticate and secure all
interorganizational communications.
The Microsoft Federation Gateway The Microsoft Federation Gateway is an identity service that runs
over the Internet and functions as a trust broker for federated sharing. It provides a broker service to
establish the communication between the organizations but does not authenticate individual users
or store any user account information from either organization. To enable federated sharing, you
need to register your organization with the Federation Gateway and then configure a federated
sharing relationship with another organization that also registers with the Federation Gateway. The
Federation Gateway then acts as a hub for all connections that the organizations make with eachother, For example, Client Access servers in each organization connect through the Federation
Gateway to exchange availability information and enable calendar sharing. These Client Access
servers use the federated trust that you configure with the Federation Gateway to verify you
partner’s Client Access servers and to encrypt traffic sent between the organizations. Users can also
send encrypted and authenticated email messages between the organizations.
In federated sharing, each organization needs only to manage its trust relationship with the
Federation Gateway and its own user accounts. After an organization establishes a trust relationship
with the Federation Gateway, you can identify other trusted organizations and the types of
information you want to share with them.
When you enable federation sharing, all interorganizational communication is sent through your
organization’s Exchange Server 2010 servers. This traffic is transparent to the messaging clients so
that federated sharing works with any client that can connect to Exchange Server 2010, including
Microsoft Outlook Web Access,
Outlook 2003, Outlook 2007, and Outlook 2010.
Note:
FEDERATION GATEWAY
For more information about the Federation Gateway, see http://msdn.microsoft.com/enus/library/cc287610.
aspx. For information about how to connect to and use the Federation Gateway, see
http://msdn.microsoft.com/
en-us/library/dd164396.aspx.
Federated Sharing Requirements
To implement federated sharing, you need to establish and configure the following components in
Exchange
Server 2010:
A federation trust A federation trust configures the Federation Gateway as a federation partner with
the Exchange Server organization, which enables Exchange Server 2010 Web Services on the Client
Access servers to validate all Federation Gateway authentication requests. You establish a federation
trust by submitting your organization’s public key and a valid X.509 certificate issued by a Certificate
Authority (CA) trusted by Windows Live Domain Services to the Federation Gateway and
downloading the Federation Gateway public key and certificate.
An organization identifier An organization identifier defines what authoritative domains in an
Exchange organization are available for federation. If your organization supports multiple SMTP
domains, you can include one or all of your domain names in your organization identifier. Users can
participate in Federated Sharing only if they have email addresses in the domains that you configure
with the organization identifier. The first domain you specify with the organization identifier is
known as the account namespace. Federation Gateway creates federated user identifiers within this
namespace when the Client Access server requests a delegation token for a user. This process is
transparent to the Exchange Server organization.
Create a new organisational relationship
To enable free/busy sharing between two cloud-based organisations, run the following command:
Get-FederationInformation -DomainName <the other cloud-based organization> | NewOrganizationRelationship -Name <the other tenant domain> -FreeBusyAccessEnabled $true –
FreeBusyAccessLevel LimitedDetails
Here’s an example of what the command would look like in the Contoso scenario, where the
administrator for the Contoso organisation configures an organisational relationship with Fabrikam
College:Get-FederationInformation -DomainName fabrikam.edu | New-OrganizationRelationship -Name
Fabrikam -FreeBusyAccessEnabled $true -FreeBusyAccessLevel LimitedDetails