Your SlideShare is downloading. ×
Supporting architecture office 365 on windows azure
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Supporting architecture office 365 on windows azure

234
views

Published on

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
234
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • * Using DirSync for only provisioning is NOT supported!
  • Note: Passwords are NOT synced. If you want to use your on-premise passwords in Office 365/Azure, you will have to deploy ADFS.Future release of DirSync might support Password Synchronization** Functionality nor a release date have been confirmed by Microsoft. As far as I understood, this sync will not really sync the password, but it will rather use the password’s hash
  • Transcript

    • 1. #comdaybeSupporting Architecture Office 365on Windows Azure - IaaSJ-Solutions - FlexamitJethro Seghers
    • 2. Jethro Seghers
    • 3. Agenda• Different types of Identity• Supporting Architecture• Different Deployments• Windows Azure IaaS• ADFS + DirSync + Azure• Migration• Q&A
    • 4. Identity Options
    • 5. Introduction to identity options1. MS Online IDsAppropriate for• Smaller organizations withoutAD on-premisePros• No servers required on-premiseCons• No SSO• No 2FA (strong authentication)• 2 sets of credentials tomanage with differingpassword policies• Users and groups mastered inthe cloud2. MS Online IDs + Dir SyncAppropriate for• Orgs with AD on-premisePros• Users and groups mastered on-premise• Enables co-existence scenariosCons• No SSO – BUT PASSWORDSYNC• No 2FA• 2 sets of credentials to managewith differing password policies• Single server deployment3. Federated IDs + Dir SyncAppropriate for• Larger enterprise organizationswith AD on-premisePros• SSO with corporate cred• Users and groups mastered on-premise• Password policy controlled on-premise• 2FA solutions possible• Enables co-existence scenariosCons• High availability serverdeployments required
    • 6. Directory Synchronisation
    • 7. What is DirSync?•“…is a Directory Synchronization enginebased on Forefront Identity Manager (FIM)that will synchronize a subset of your on-premise Active Directory with Windows AzureActive Directory (Office 365).”
    • 8. Why use DirSync?Long term coexistence between Active Directory On Premise andWindows Azure Active Directory.(Easy/quick provisioning*)Single place for managing identities including:• Users• Groups• Memberships• …Enabler for Hybrid Deployments (required)• Two-way Directory Synchronization
    • 9. Deployment ConsiderationsActive Directory Assessment• Prerequisites check (Readiness Tool)Topology• Single Forest?• Multiple Domains?Security• Firewalls, Permissions64-bit only!De/Activation time; can take some time to completeObject filtering required?SQL Version - Windows 2012 Server Supported
    • 10. DirSyncHow does DirSync work?Active DirectoryMETAVERSE
    • 11. What objects are synced?From AD to Office 365: http://support.microsoft.com/kb/2256198From Office 365 to AD (aka write-back):Write-Back attribute Exchange "full fidelity" featureSafeSendersHashBlockedSendersHashSafeRecipientHashFiltering: Writes back on-premises filtering and onlinesafe and blocked sender data from clients.msExchArchiveStatus Online Archive: Enables customers to archive mail.ProxyAddresses(LegacyExchangeDN <online LegacyDn> as X500)Enable Mailbox: Off-boards an online mailbox back to on-premises Exchange.msExchUCVoiceMailSettingsEnable Unified Messaging (UM) - Online voice mail: Thisnew attribute is used only for UM-Microsoft Lync Server2010 integration to indicate to Lync Server 2010 on-premises that the user has voice mail in online services.
    • 12. Active Directory FederationServices
    • 13. ADFS: On Premise TopologyEnterprise DMZAD FS 2.0ServerProxyInternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0ServerAD FS 2.0ServerProxy
    • 14. ADFS: On Premise TopologyEnterprise DMZAD FS 2.0ServerProxyInternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0ServerAD FS 2.0ServerProxy
    • 15. ADFS: Hybrid Topology: IAASEnterpriseInternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0ServerIAASExternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0Server
    • 16. ADFS: Hybrid Topology: IAASEnterpriseInternaluserActiveDirectoryAD FS 2.0ServerIAASExternaluserActiveDirectoryAD FS 2.0Server
    • 17. ADFS: Cloud Topology: IAASIAASInternalExternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0Server
    • 18. What about Windows Azure
    • 19. Windows Azure & ADFS• Virtual Network Support – Site to Site VPN• Computing: 99,95% SLA Uptime for High Available System– 99,9% SLA Uptime for Single System• Storage: 99,9%• Full Control over your Virtual Machines• Pay as you Go, OPEX vs CAPEX• PowerShell Support
    • 20. Windows Azure: TerminologyCloud Service: Role which several VM’s take upon themselves toexecute. E.G. ADFS. Cloud services need to have two instances or moreto quality for the SLA of 99,95%. 1 External Virtual IP Address per CloudServiceAvailability Set
    • 21. Windows Azure: TerminologyEndPoints: You need to add an endpoint to a machine for other resourceson the Internet or other virtual networks to communicate with it. You canassociate specific ports and a protocol to endpoints. Resources canconnect to an endpoint by using a protocol of TCP or UDP. The TCPprotocol includes HTTP and HTTPS communication.Virtual Network enables you to create secure site-to-site connectivity, aswell as protected private virtual networks in the cloud.
    • 22. Windows Azure Example
    • 23. demoHow does it look like in Azure
    • 24. Migration
    • 25. MigrationDirSync:1. Shutdown DirSync on Premise2. Install DirSync on Azure3. Configure DirSync on Azure4. Uninstall DirSync on AzureADFS:1. Convert all ADFS Domains to Standard Domains2. Logon to primary ADFS on Azure3. Convert all Standard Domains back to Federated Domains
    • 26. Q&A
    • 27. Thank you!Twitter: @jseghers