Supporting architecture for office 365 spo
Upcoming SlideShare
Loading in...5
×
 

Supporting architecture for office 365 spo

on

  • 898 views

 

Statistics

Views

Total Views
898
Views on SlideShare
831
Embed Views
67

Actions

Likes
0
Downloads
10
Comments
0

2 Embeds 67

https://twitter.com 66
http://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Note: Passwords are NOT synced. If you want to use your on-premise passwords in Office 365/Azure, you will have to deploy ADFS.Future release of DirSync might support Password Synchronization** Functionality nor a release date have been confirmed by Microsoft. As far as I understood, this sync will not really sync the password, but it will rather use the password’s hash
  • http://social.technet.microsoft.com/wiki/contents/articles/3286.ad-fs-2-0-how-to-use-fiddler-web-debugger-to-analyze-a-ws-federation-passive-sign-in.aspx

Supporting architecture for office 365 spo Supporting architecture for office 365 spo Presentation Transcript

  • 1. MS Online IDs 2. MS Online IDs + Dir Sync 3. Federated IDs + Dir SyncAppropriate for Appropriate for Appropriate for • Smaller organizations without • Orgs with AD on-premise • Larger enterprise organizations AD on-premise with AD on-premise ProsPros • Users and groups mastered on- Pros • No servers required on- premise • SSO with corporate cred premise • Enables co-existence scenarios • Users and groups mastered on- premise Cons • Password policy controlled on-Cons • No SSO premise • No SSO • No 2FA • 2FA solutions possible • No 2FA (strong authentication) • 2 sets of credentials to manage • Enables co-existence scenarios • 2 sets of credentials to with differing password policies manage with differing • Single server deployment Cons password policies • High availability server • Users and groups mastered in deployments required the cloud
  • Microsoft Office 365 ServicesBronze Sky customer premises Trust Federation Exchange Gateway Online Active Directory Authentication Federation Server platform SharePoint 2.0 IdP OnlineIdP MS Online Directory Provisioning Sync Directory Lync AD platform Store Online Service connector Admin Portal
  • Federated vs. Non-Federated Summary Office 2010, or Office ActiveSync, POP, Outlook Outlook Outlook 2007 or Outlook Web 2007 SP2 IMAP, Entourage 2010 2007 2010 Application SharePoint Online Win 7 Win 7 Vista/XP Win 7/Vista/XPMS Online IDs Online ID Online ID Online ID Online ID Online ID Online IDFederated IDs,domain joined AD credentials
  • DirSyncActive Directory METAVERSE
  • Identity Co-Existence
  • Application Co-Existence
  • Application Co-Existence
  • lD85BkxzEE2NilRewNm0CQ==
  • Authentication flow (passive profile) Customer Microsoft Office 365 Active Directory AD FS 2.0 Server Federation Gateway ` Client Exchange Online (joined to CorpNet)
  • Authentication flow (active profile) Customer Microsoft Office 365 Active Directory AD FS 2.0 Server Federation Gateway ` Client Exchange Online (joined to CorpNet)
  • AD FS 2.0 deployment options Active Directory AD FS 2.0 AD FS 2.0 AD FS 2.0 Server Server Server Proxy AD FS 2.0 Server Proxy Internal user Enterprise DMZ
  • Active DirectoryAD FS 2.0 AD FS 2.0 AD FS 2.0 Server Server Server Proxy AD FS 2.0 Server ProxyInternal user Enterprise DMZ
  • Active Active Directory DirectoryAD FS 2.0 AD FS 2.0 AD FS 2.0 AD FS 2.0 Server Server Server ServerInternal External user Enterprise user IAAS
  • Active Active Directory DirectoryAD FS 2.0 AD FS 2.0 Server ServerInternal External user Enterprise user IAAS
  • Active Directory AD FS 2.0 AD FS 2.0 AD FS 2.0 Server Server Server LB ENDPOINT IP SEC GATEWAY AD FS 2.0 DEVICE ServerCLOUD SERVICE Enterprise Windows Azure
  • Active Directory AD FS 2.0 AD FS 2.0 Server ServerInternalExternal IAAS user
  • W.A.A.D.Already used in:
  • W.A.A.D.W.A.A.D.W.A.A.D.