#comdaybeSupporting Architecture Office 365on Windows Azure - IaaSJ-Solutions - FlexamitJethro Seghers
Jethro Seghers
Agenda• Different types of Identity• Supporting Architecture• Different Deployments• Windows Azure IaaS• ADFS + DirSync + ...
Identity Options
Introduction to identity options1. MS Online IDsAppropriate for• Smaller organizations withoutAD on-premisePros• No server...
Directory Synchronisation
What is DirSync?•“…is a Directory Synchronization enginebased on Forefront Identity Manager (FIM)that will synchronize a s...
Why use DirSync?Long term coexistence between Active Directory On Premise andWindows Azure Active Directory.(Easy/quick pr...
Deployment ConsiderationsActive Directory Assessment• Prerequisites check (Readiness Tool)Topology• Single Forest?• Multip...
DirSyncHow does DirSync work?Active DirectoryMETAVERSE
What objects are synced?From AD to Office 365: http://support.microsoft.com/kb/2256198From Office 365 to AD (aka write-bac...
Active Directory FederationServices
ADFS: On Premise TopologyEnterprise DMZAD FS 2.0ServerProxyInternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0ServerAD FS ...
ADFS: On Premise TopologyEnterprise DMZAD FS 2.0ServerProxyInternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0ServerAD FS ...
ADFS: Hybrid Topology: IAASEnterpriseInternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0ServerIAASExternaluserActiveDirect...
ADFS: Hybrid Topology: IAASEnterpriseInternaluserActiveDirectoryAD FS 2.0ServerIAASExternaluserActiveDirectoryAD FS 2.0Ser...
ADFS: Cloud Topology: IAASIAASInternalExternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0Server
What about Windows Azure
Windows Azure & ADFS• Virtual Network Support – Site to Site VPN• Computing: 99,95% SLA Uptime for High Available System– ...
Windows Azure: TerminologyCloud Service: Role which several VM’s take upon themselves toexecute. E.G. ADFS. Cloud services...
Windows Azure: TerminologyEndPoints: You need to add an endpoint to a machine for other resourceson the Internet or other ...
Windows Azure Example
demoHow does it look like in Azure
Migration
MigrationDirSync:1. Shutdown DirSync on Premise2. Install DirSync on Azure3. Configure DirSync on Azure4. Uninstall DirSyn...
Q&A
Thank you!Twitter: @jseghers
Upcoming SlideShare
Loading in...5
×

Supporting architecture office 365 on windows azure

301

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
301
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • * Using DirSync for only provisioning is NOT supported!
  • Note: Passwords are NOT synced. If you want to use your on-premise passwords in Office 365/Azure, you will have to deploy ADFS.Future release of DirSync might support Password Synchronization** Functionality nor a release date have been confirmed by Microsoft. As far as I understood, this sync will not really sync the password, but it will rather use the password’s hash
  • Supporting architecture office 365 on windows azure

    1. 1. #comdaybeSupporting Architecture Office 365on Windows Azure - IaaSJ-Solutions - FlexamitJethro Seghers
    2. 2. Jethro Seghers
    3. 3. Agenda• Different types of Identity• Supporting Architecture• Different Deployments• Windows Azure IaaS• ADFS + DirSync + Azure• Migration• Q&A
    4. 4. Identity Options
    5. 5. Introduction to identity options1. MS Online IDsAppropriate for• Smaller organizations withoutAD on-premisePros• No servers required on-premiseCons• No SSO• No 2FA (strong authentication)• 2 sets of credentials tomanage with differingpassword policies• Users and groups mastered inthe cloud2. MS Online IDs + Dir SyncAppropriate for• Orgs with AD on-premisePros• Users and groups mastered on-premise• Enables co-existence scenariosCons• No SSO – BUT PASSWORDSYNC• No 2FA• 2 sets of credentials to managewith differing password policies• Single server deployment3. Federated IDs + Dir SyncAppropriate for• Larger enterprise organizationswith AD on-premisePros• SSO with corporate cred• Users and groups mastered on-premise• Password policy controlled on-premise• 2FA solutions possible• Enables co-existence scenariosCons• High availability serverdeployments required
    6. 6. Directory Synchronisation
    7. 7. What is DirSync?•“…is a Directory Synchronization enginebased on Forefront Identity Manager (FIM)that will synchronize a subset of your on-premise Active Directory with Windows AzureActive Directory (Office 365).”
    8. 8. Why use DirSync?Long term coexistence between Active Directory On Premise andWindows Azure Active Directory.(Easy/quick provisioning*)Single place for managing identities including:• Users• Groups• Memberships• …Enabler for Hybrid Deployments (required)• Two-way Directory Synchronization
    9. 9. Deployment ConsiderationsActive Directory Assessment• Prerequisites check (Readiness Tool)Topology• Single Forest?• Multiple Domains?Security• Firewalls, Permissions64-bit only!De/Activation time; can take some time to completeObject filtering required?SQL Version - Windows 2012 Server Supported
    10. 10. DirSyncHow does DirSync work?Active DirectoryMETAVERSE
    11. 11. What objects are synced?From AD to Office 365: http://support.microsoft.com/kb/2256198From Office 365 to AD (aka write-back):Write-Back attribute Exchange "full fidelity" featureSafeSendersHashBlockedSendersHashSafeRecipientHashFiltering: Writes back on-premises filtering and onlinesafe and blocked sender data from clients.msExchArchiveStatus Online Archive: Enables customers to archive mail.ProxyAddresses(LegacyExchangeDN <online LegacyDn> as X500)Enable Mailbox: Off-boards an online mailbox back to on-premises Exchange.msExchUCVoiceMailSettingsEnable Unified Messaging (UM) - Online voice mail: Thisnew attribute is used only for UM-Microsoft Lync Server2010 integration to indicate to Lync Server 2010 on-premises that the user has voice mail in online services.
    12. 12. Active Directory FederationServices
    13. 13. ADFS: On Premise TopologyEnterprise DMZAD FS 2.0ServerProxyInternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0ServerAD FS 2.0ServerProxy
    14. 14. ADFS: On Premise TopologyEnterprise DMZAD FS 2.0ServerProxyInternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0ServerAD FS 2.0ServerProxy
    15. 15. ADFS: Hybrid Topology: IAASEnterpriseInternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0ServerIAASExternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0Server
    16. 16. ADFS: Hybrid Topology: IAASEnterpriseInternaluserActiveDirectoryAD FS 2.0ServerIAASExternaluserActiveDirectoryAD FS 2.0Server
    17. 17. ADFS: Cloud Topology: IAASIAASInternalExternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0Server
    18. 18. What about Windows Azure
    19. 19. Windows Azure & ADFS• Virtual Network Support – Site to Site VPN• Computing: 99,95% SLA Uptime for High Available System– 99,9% SLA Uptime for Single System• Storage: 99,9%• Full Control over your Virtual Machines• Pay as you Go, OPEX vs CAPEX• PowerShell Support
    20. 20. Windows Azure: TerminologyCloud Service: Role which several VM’s take upon themselves toexecute. E.G. ADFS. Cloud services need to have two instances or moreto quality for the SLA of 99,95%. 1 External Virtual IP Address per CloudServiceAvailability Set
    21. 21. Windows Azure: TerminologyEndPoints: You need to add an endpoint to a machine for other resourceson the Internet or other virtual networks to communicate with it. You canassociate specific ports and a protocol to endpoints. Resources canconnect to an endpoint by using a protocol of TCP or UDP. The TCPprotocol includes HTTP and HTTPS communication.Virtual Network enables you to create secure site-to-site connectivity, aswell as protected private virtual networks in the cloud.
    22. 22. Windows Azure Example
    23. 23. demoHow does it look like in Azure
    24. 24. Migration
    25. 25. MigrationDirSync:1. Shutdown DirSync on Premise2. Install DirSync on Azure3. Configure DirSync on Azure4. Uninstall DirSync on AzureADFS:1. Convert all ADFS Domains to Standard Domains2. Logon to primary ADFS on Azure3. Convert all Standard Domains back to Federated Domains
    26. 26. Q&A
    27. 27. Thank you!Twitter: @jseghers
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×