Windows Azure Active Directory: Identity Management in the Cloud

  • 1,423 views
Uploaded on

Windows Azure Active Directory provides easy-to-use, multi-tenant identity management services for applications running in the cloud and on any device and any platform. Originally created to support …

Windows Azure Active Directory provides easy-to-use, multi-tenant identity management services for applications running in the cloud and on any device and any platform. Originally created to support Office 365 it is now available as an Azure service. On November 28th, 2012 Microsoft shared that Windows Azure Active Directory (AD) has processed 200 BILLION authentications.

“At Microsoft, we have been on a transformative journey to cloud computing and we have been working with customers every step of the way. Millions of customers have embraced the cloud and we are excited to share the news that we’ve reached a major milestone in cloud scale computing. Since the inception of the authentication service on the Windows Azure platform in 2010, we have now processed 200 BILLION authentications for 50 MILLION active user accounts. In an average week we receive 4.7 BILLION authentication requests for users in over 420 THOUSAND different domains. This is a massive workload when you consider others in the industry are attempting to process 7B logins per year, Azure processes close to that amount in a week.

These numbers sound big right? They are. To put it into perspective, in the 2 minutes it takes to brew yourself a single cup of coffee, Windows Azure Active Directory (AD) has already processed just over 1 MILLION authentications from many different devices and users around the world. Not only are we processing a huge number of authentications but we’re doing it really fast! We respond to 9,000 requests per second and in the U.S. the average authentication takes less than 0.7 seconds. That’s faster than you can get your coffee from your cup and into your mouth! (Do not attempt this at home :-))!”

In this session we will take a tour of Windows Azure Active Directory to learn about its capabilities, interfaces and supported scenarios, and understand how you can take advantage of the features in your application.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,423
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
36
Comments
0
Likes
3

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Windows Azure Active Directory:Identity Management in the cloudChris Dufour, ASP .NET MVPSoftware Architect, CompuwareFollow me @chrdufhttp://www.linkedin.com/in/cdufourNET349
  • 2. Agenda• What is Active Directory (AD)• What’s the problem?• What is Windows Azure Active Directory?• Create and Publish an Application to the Cloud
  • 3. What is Active Directory (AD)• Directory system created by Microsoft in 1999• Provides a central location for network administration andsecurity• Makes use of Lightweight Directory Access Protocol(LDAP) versions 2 and 3, Kerberos and DNS• Most popular directory system in use by organizations
  • 4. ProblemADWhile enterprises working to consolidate identity system on-premises, cloud apps are fragmenting identity… againSeparate username/password sign-inManual or semi-automated provisioningNo direct connection to directory
  • 5. Anatomy of a Typical Cloud ApplicationClients using wide variety ofdevices/languages/platformsBrowserMobile AppServer AppWeb ApplicationAccount andprofile storeWeb Service APIServer applications using widevariety of platforms/languages
  • 6. What is Windows Azure Active Directory?• Service that provides identity and access capabilities foron-premises and cloud applications• Extension of Active Directory into the cloud• Built concurrently with Office 365• Provides integration of applications with Azure AD toprovide single sign-on• Designed primarily to meet the needs of cloud applications
  • 7. Released to production April 8, 2013• Processed over 265 Billion authentications since 2010• 2.9 million businesses, government bodies and schools arealready enjoying the benefits of Windows Azure ActiveDirectory, using it to manage access to Office365,Dynamics CRM online, Windows Intune and WindowsAzure• Over the last 90 days, Windows Azure AD has processedover 65 billion authentication requests while maintaining99.97% or better monthly availability.Source: http://bit.ly/13UZ1mS
  • 8. Identity Management as a Service• Consolidate identitymanagement across cloud apps• Connect to directory from anyplatform, any device• Connect with people from webidentity providers and otherorganizations
  • 9. Design Principles• Maximize device and platform reach http/web/REST based protocols• Multi-tenancy Customer owns directory, not Microsoft• Optimize for availability, consistent performance and scale Keep it simple
  • 10. Identity TypesCloud Identity• Separate credential fromcorporate credential• Authentication occurs viacloud service• Password policy stored inthe cloudFederated Identity• Same credential ascorporate credential• Authentication occurs viaon-premises ADFS• Password policy stored on-premises• Requires directorysynchronization
  • 11. Relationship to Windows Server AD• On-premises and cloud ActiveDirectory managed as one• Directory informationsynchronized to cloud, madeavailable to cloud apps via roles-based access control• Federated authentication enablessingle sign on to cloudapplications
  • 12. Anatomy of Windows Azure Active DirectoryDirSyncAD
  • 13. Directory Graph API• RESTful programmatic access to directory Objects such as users, groups, roles, licenses Relationships such as member, memberOf, manager, directReport• Requests use standard HTTP methods POST, GET, PATCH, DELETE to create, read, update, and delete Response in XML or JSON; standard HTTP status codes Compatible with OData 3.0• OAuth 2.0 for authentication Role-based assignment for application and user authorization
  • 14. Create an Application For Your Organization1. Get developer prerequisites for Windows Azure AD Visual Studio 2012 Web Tools Extensions for Visual Studio 2012 Microsoft ASP.NET Tools for Windows Azure Active Directory – VisualStudio 20122. Get a Windows Azure AD tenant to test your app3. Integrate your app with Windows Azure AD4. Test your application5. Publish your application to Azure Websites (optional)
  • 15. DemoCreate and Publish an Application to the Cloud
  • 16. Next Steps• Get a Windows Azure Active Directory tenant• Integrate your application with Windows Azure ActiveDirectory• Publish your application to Azure Websites
  • 17. Resources• Free Windows Azure Active Directory Tenanthttp://bit.ly/18mpaOZ• Sign in to Windows Azure Active Directoryhttp://bit.ly/1aq3rCn• Graph Explorerhttp://bit.ly/11XJnt2• Windows Azurehttp://bit.ly/19gEMT9• Manage Windows Azure Active Directory by using Windows PowerShellhttp://bit.ly/10B8Mm1
  • 18. Resources• Visual Studio Express 2012http://bit.ly/16ZC9Wx• Web Tools Extensions for Visual Studio 2012http://bit.ly/ZoefBA• Web Tools Extensions for Visual Studio Express 2012http://bit.ly/12YaxwS• Microsoft ASP.NET Tools for Windows Azure Active Directory – VisualStudio 2012http://bit.ly/14Wzh9k• Microsoft ASP.NET Tools for Windows Azure Active Directory – VisualStudio Express 2012 for Webhttp://bit.ly/16keQr7
  • 19. Thank YouPlease fill out an evaluation for this talkWindows Azure Active Directory:Identity Management in the cloud - NET349