Supporting architecture office 365 on windows azure
Upcoming SlideShare
Loading in...5
×
 

Supporting architecture office 365 on windows azure

on

  • 1,428 views

How to deploy your supporting architecture for Office 365 on Windows Azure ..

How to deploy your supporting architecture for Office 365 on Windows Azure ..

Statistics

Views

Total Views
1,428
Views on SlideShare
1,173
Embed Views
255

Actions

Likes
0
Downloads
21
Comments
0

4 Embeds 255

http://j-solutions.azurewebsites.net 194
http://blog.j-solutions.be 43
http://immencloud.wordpress.com 17
http://webcache.googleusercontent.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • * Using DirSync for only provisioning is NOT supported!
  • Note: Passwords are NOT synced. If you want to use your on-premise passwords in Office 365/Azure, you will have to deploy ADFS.Future release of DirSync might support Password Synchronization** Functionality nor a release date have been confirmed by Microsoft. As far as I understood, this sync will not really sync the password, but it will rather use the password’s hash

Supporting architecture office 365 on windows azure  Supporting architecture office 365 on windows azure Presentation Transcript

  • #comdaybeSupporting Architecture Office 365on Windows Azure - IaaSJ-Solutions - FlexamitJethro Seghers
  • Jethro Seghers
  • Agenda• Different types of Identity• Supporting Architecture• Different Deployments• Windows Azure IaaS• ADFS + DirSync + Azure• Migration• Q&A
  • Identity Options
  • Introduction to identity options1. MS Online IDsAppropriate for• Smaller organizations withoutAD on-premisePros• No servers required on-premiseCons• No SSO• No 2FA (strong authentication)• 2 sets of credentials tomanage with differingpassword policies• Users and groups mastered inthe cloud2. MS Online IDs + Dir SyncAppropriate for• Orgs with AD on-premisePros• Users and groups mastered on-premise• Enables co-existence scenariosCons• No SSO – BUT PASSWORDSYNC• No 2FA• 2 sets of credentials to managewith differing password policies• Single server deployment3. Federated IDs + Dir SyncAppropriate for• Larger enterprise organizationswith AD on-premisePros• SSO with corporate cred• Users and groups mastered on-premise• Password policy controlled on-premise• 2FA solutions possible• Enables co-existence scenariosCons• High availability serverdeployments required
  • Directory Synchronisation
  • What is DirSync?•“…is a Directory Synchronization enginebased on Forefront Identity Manager (FIM)that will synchronize a subset of your on-premise Active Directory with Windows AzureActive Directory (Office 365).”
  • Why use DirSync?Long term coexistence between Active Directory On Premise andWindows Azure Active Directory.(Easy/quick provisioning*)Single place for managing identities including:• Users• Groups• Memberships• …Enabler for Hybrid Deployments (required)• Two-way Directory Synchronization
  • Deployment ConsiderationsActive Directory Assessment• Prerequisites check (Readiness Tool)Topology• Single Forest?• Multiple Domains?Security• Firewalls, Permissions64-bit only!De/Activation time; can take some time to completeObject filtering required?SQL Version - Windows 2012 Server Supported
  • DirSyncHow does DirSync work?Active DirectoryMETAVERSE
  • What objects are synced?From AD to Office 365: http://support.microsoft.com/kb/2256198From Office 365 to AD (aka write-back):Write-Back attribute Exchange "full fidelity" featureSafeSendersHashBlockedSendersHashSafeRecipientHashFiltering: Writes back on-premises filtering and onlinesafe and blocked sender data from clients.msExchArchiveStatus Online Archive: Enables customers to archive mail.ProxyAddresses(LegacyExchangeDN <online LegacyDn> as X500)Enable Mailbox: Off-boards an online mailbox back to on-premises Exchange.msExchUCVoiceMailSettingsEnable Unified Messaging (UM) - Online voice mail: Thisnew attribute is used only for UM-Microsoft Lync Server2010 integration to indicate to Lync Server 2010 on-premises that the user has voice mail in online services.
  • Active Directory FederationServices
  • ADFS: On Premise TopologyEnterprise DMZAD FS 2.0ServerProxyInternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0ServerAD FS 2.0ServerProxy
  • ADFS: On Premise TopologyEnterprise DMZAD FS 2.0ServerProxyInternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0ServerAD FS 2.0ServerProxy
  • ADFS: Hybrid Topology: IAASEnterpriseInternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0ServerIAASExternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0Server
  • ADFS: Hybrid Topology: IAASEnterpriseInternaluserActiveDirectoryAD FS 2.0ServerIAASExternaluserActiveDirectoryAD FS 2.0Server
  • ADFS: Cloud Topology: IAASIAASInternalExternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0Server
  • What about Windows Azure
  • Windows Azure & ADFS• Virtual Network Support – Site to Site VPN• Computing: 99,95% SLA Uptime for High Available System– 99,9% SLA Uptime for Single System• Storage: 99,9%• Full Control over your Virtual Machines• Pay as you Go, OPEX vs CAPEX• PowerShell Support
  • Windows Azure: TerminologyCloud Service: Role which several VM’s take upon themselves toexecute. E.G. ADFS. Cloud services need to have two instances or moreto quality for the SLA of 99,95%. 1 External Virtual IP Address per CloudServiceAvailability Set
  • Windows Azure: TerminologyEndPoints: You need to add an endpoint to a machine for other resourceson the Internet or other virtual networks to communicate with it. You canassociate specific ports and a protocol to endpoints. Resources canconnect to an endpoint by using a protocol of TCP or UDP. The TCPprotocol includes HTTP and HTTPS communication.Virtual Network enables you to create secure site-to-site connectivity, aswell as protected private virtual networks in the cloud.
  • Windows Azure Example
  • demoHow does it look like in Azure
  • Migration
  • MigrationDirSync:1. Shutdown DirSync on Premise2. Install DirSync on Azure3. Configure DirSync on Azure4. Uninstall DirSync on AzureADFS:1. Convert all ADFS Domains to Standard Domains2. Logon to primary ADFS on Azure3. Convert all Standard Domains back to Federated Domains
  • Q&A
  • Thank you!Twitter: @jseghers