Supporting architecture office 365 on windows azure

  • 1,001 views
Uploaded on

How to deploy your supporting architecture for Office 365 on Windows Azure ..

How to deploy your supporting architecture for Office 365 on Windows Azure ..

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,001
On Slideshare
0
From Embeds
0
Number of Embeds
4

Actions

Shares
Downloads
27
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • * Using DirSync for only provisioning is NOT supported!
  • Note: Passwords are NOT synced. If you want to use your on-premise passwords in Office 365/Azure, you will have to deploy ADFS.Future release of DirSync might support Password Synchronization** Functionality nor a release date have been confirmed by Microsoft. As far as I understood, this sync will not really sync the password, but it will rather use the password’s hash

Transcript

  • 1. #comdaybeSupporting Architecture Office 365on Windows Azure - IaaSJ-Solutions - FlexamitJethro Seghers
  • 2. Jethro Seghers
  • 3. Agenda• Different types of Identity• Supporting Architecture• Different Deployments• Windows Azure IaaS• ADFS + DirSync + Azure• Migration• Q&A
  • 4. Identity Options
  • 5. Introduction to identity options1. MS Online IDsAppropriate for• Smaller organizations withoutAD on-premisePros• No servers required on-premiseCons• No SSO• No 2FA (strong authentication)• 2 sets of credentials tomanage with differingpassword policies• Users and groups mastered inthe cloud2. MS Online IDs + Dir SyncAppropriate for• Orgs with AD on-premisePros• Users and groups mastered on-premise• Enables co-existence scenariosCons• No SSO – BUT PASSWORDSYNC• No 2FA• 2 sets of credentials to managewith differing password policies• Single server deployment3. Federated IDs + Dir SyncAppropriate for• Larger enterprise organizationswith AD on-premisePros• SSO with corporate cred• Users and groups mastered on-premise• Password policy controlled on-premise• 2FA solutions possible• Enables co-existence scenariosCons• High availability serverdeployments required
  • 6. Directory Synchronisation
  • 7. What is DirSync?•“…is a Directory Synchronization enginebased on Forefront Identity Manager (FIM)that will synchronize a subset of your on-premise Active Directory with Windows AzureActive Directory (Office 365).”
  • 8. Why use DirSync?Long term coexistence between Active Directory On Premise andWindows Azure Active Directory.(Easy/quick provisioning*)Single place for managing identities including:• Users• Groups• Memberships• …Enabler for Hybrid Deployments (required)• Two-way Directory Synchronization
  • 9. Deployment ConsiderationsActive Directory Assessment• Prerequisites check (Readiness Tool)Topology• Single Forest?• Multiple Domains?Security• Firewalls, Permissions64-bit only!De/Activation time; can take some time to completeObject filtering required?SQL Version - Windows 2012 Server Supported
  • 10. DirSyncHow does DirSync work?Active DirectoryMETAVERSE
  • 11. What objects are synced?From AD to Office 365: http://support.microsoft.com/kb/2256198From Office 365 to AD (aka write-back):Write-Back attribute Exchange "full fidelity" featureSafeSendersHashBlockedSendersHashSafeRecipientHashFiltering: Writes back on-premises filtering and onlinesafe and blocked sender data from clients.msExchArchiveStatus Online Archive: Enables customers to archive mail.ProxyAddresses(LegacyExchangeDN <online LegacyDn> as X500)Enable Mailbox: Off-boards an online mailbox back to on-premises Exchange.msExchUCVoiceMailSettingsEnable Unified Messaging (UM) - Online voice mail: Thisnew attribute is used only for UM-Microsoft Lync Server2010 integration to indicate to Lync Server 2010 on-premises that the user has voice mail in online services.
  • 12. Active Directory FederationServices
  • 13. ADFS: On Premise TopologyEnterprise DMZAD FS 2.0ServerProxyInternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0ServerAD FS 2.0ServerProxy
  • 14. ADFS: On Premise TopologyEnterprise DMZAD FS 2.0ServerProxyInternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0ServerAD FS 2.0ServerProxy
  • 15. ADFS: Hybrid Topology: IAASEnterpriseInternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0ServerIAASExternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0Server
  • 16. ADFS: Hybrid Topology: IAASEnterpriseInternaluserActiveDirectoryAD FS 2.0ServerIAASExternaluserActiveDirectoryAD FS 2.0Server
  • 17. ADFS: Cloud Topology: IAASIAASInternalExternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0Server
  • 18. What about Windows Azure
  • 19. Windows Azure & ADFS• Virtual Network Support – Site to Site VPN• Computing: 99,95% SLA Uptime for High Available System– 99,9% SLA Uptime for Single System• Storage: 99,9%• Full Control over your Virtual Machines• Pay as you Go, OPEX vs CAPEX• PowerShell Support
  • 20. Windows Azure: TerminologyCloud Service: Role which several VM’s take upon themselves toexecute. E.G. ADFS. Cloud services need to have two instances or moreto quality for the SLA of 99,95%. 1 External Virtual IP Address per CloudServiceAvailability Set
  • 21. Windows Azure: TerminologyEndPoints: You need to add an endpoint to a machine for other resourceson the Internet or other virtual networks to communicate with it. You canassociate specific ports and a protocol to endpoints. Resources canconnect to an endpoint by using a protocol of TCP or UDP. The TCPprotocol includes HTTP and HTTPS communication.Virtual Network enables you to create secure site-to-site connectivity, aswell as protected private virtual networks in the cloud.
  • 22. Windows Azure Example
  • 23. demoHow does it look like in Azure
  • 24. Migration
  • 25. MigrationDirSync:1. Shutdown DirSync on Premise2. Install DirSync on Azure3. Configure DirSync on Azure4. Uninstall DirSync on AzureADFS:1. Convert all ADFS Domains to Standard Domains2. Logon to primary ADFS on Azure3. Convert all Standard Domains back to Federated Domains
  • 26. Q&A
  • 27. Thank you!Twitter: @jseghers