SlideShare a Scribd company logo

Supporting architecture office 365 on windows azure

Download as PPTX, PDF
Jethro Seghers
Jethro Seghers

This document summarizes an agenda for supporting Office 365 architecture on Windows Azure infrastructure as a service (IaaS). It discusses different identity options including directory synchronization and Active Directory Federation Services. It provides details on directory synchronization, including how it works and which objects are synced. It also covers ADFS topologies for hybrid deployments in IaaS and considerations for deploying ADFS in Windows Azure, including terminology like availability sets and endpoints. The document concludes with a brief overview of migrating directory synchronization and ADFS from on-premises to Windows Azure.

Technology
1 of 27
#comdaybe Supporting Architecture Office 365 on Windows Azure - IaaS J-Solutions - Flexamit Jethro Seghers
Jethro Seghers
Agenda • Different types of Identity • Supporting Architecture • Different Deployments • Windows Azure IaaS • ADFS + DirSync + Azure • Migration • Q&A
Identity Options
Introduction to identity options 1. MS Online IDs Appropriate for • Smaller organizations without AD on-premise Pros • No servers required on- premise Cons • No SSO • No 2FA (strong authentication) • 2 sets of credentials to manage with differing password policies • Users and groups mastered in the cloud 2. MS Online IDs + Dir Sync Appropriate for • Orgs with AD on-premise Pros • Users and groups mastered on- premise • Enables co-existence scenarios Cons • No SSO – BUT PASSWORD SYNC • No 2FA • 2 sets of credentials to manage with differing password policies • Single server deployment 3. Federated IDs + Dir Sync Appropriate for • Larger enterprise organizations with AD on-premise Pros • SSO with corporate cred • Users and groups mastered on- premise • Password policy controlled on- premise • 2FA solutions possible • Enables co-existence scenarios Cons • High availability server deployments required
Directory Synchronisation
What is DirSync? • “…is a Directory Synchronization engine based on Forefront Identity Manager (FIM) that will synchronize a subset of your on- premise Active Directory with Windows Azure Active Directory (Office 365).”
Why use DirSync? Long term coexistence between Active Directory On Premise and Windows Azure Active Directory. (Easy/quick provisioning*) Single place for managing identities including: • Users • Groups • Memberships • … Enabler for Hybrid Deployments (required) • Two-way Directory Synchronization
Deployment Considerations Active Directory Assessment • Prerequisites check (Readiness Tool) Topology • Single Forest? • Multiple Domains? Security • Firewalls, Permissions 64-bit only! De/Activation time; can take some time to complete Object filtering required? SQL Version - Windows 2012 Server Supported
DirSync How does DirSync work? Active Directory METAVERSE
What objects are synced? From AD to Office 365: http://support.microsoft.com/kb/2256198 From Office 365 to AD (aka write-back): Write-Back attribute Exchange "full fidelity" feature SafeSendersHash BlockedSendersHash SafeRecipientHash Filtering: Writes back on-premises filtering and online safe and blocked sender data from clients. msExchArchiveStatus Online Archive: Enables customers to archive mail. ProxyAddresses (LegacyExchangeDN <online LegacyDn> as X500) Enable Mailbox: Off-boards an online mailbox back to on- premises Exchange. msExchUCVoiceMailSettings Enable Unified Messaging (UM) - Online voice mail: This new attribute is used only for UM-Microsoft Lync Server 2010 integration to indicate to Lync Server 2010 on- premises that the user has voice mail in online services.
Active Directory Federation Services
ADFS: On Premise Topology Enterprise DMZ AD FS 2.0 Server Proxy Internal user Active Directory AD FS 2.0 Server AD FS 2.0 Server AD FS 2.0 Server Proxy
ADFS: On Premise Topology Enterprise DMZ AD FS 2.0 Server Proxy Internal user Active Directory AD FS 2.0 Server AD FS 2.0 Server AD FS 2.0 Server Proxy
ADFS: Hybrid Topology: IAAS Enterprise Internal user Active Directory AD FS 2.0 Server AD FS 2.0 Server IAAS External user Active Directory AD FS 2.0 Server AD FS 2.0 Server
ADFS: Hybrid Topology: IAAS Enterprise Internal user Active Directory AD FS 2.0 Server IAAS External user Active Directory AD FS 2.0 Server
ADFS: Cloud Topology: IAAS IAAS Internal External user Active Directory AD FS 2.0 Server AD FS 2.0 Server
What about Windows Azure
Windows Azure & ADFS • Virtual Network Support – Site to Site VPN • Computing: 99,95% SLA Uptime for High Available System – 99,9% SLA Uptime for Single System • Storage: 99,9% • Full Control over your Virtual Machines • Pay as you Go, OPEX vs CAPEX • PowerShell Support
Windows Azure: Terminology Cloud Service: Role which several VM’s take upon themselves to execute. E.G. ADFS. Cloud services need to have two instances or more to quality for the SLA of 99,95%. 1 External Virtual IP Address per Cloud Service Availability Set
Windows Azure: Terminology EndPoints: You need to add an endpoint to a machine for other resources on the Internet or other virtual networks to communicate with it. You can associate specific ports and a protocol to endpoints. Resources can connect to an endpoint by using a protocol of TCP or UDP. The TCP protocol includes HTTP and HTTPS communication. Virtual Network enables you to create secure site-to-site connectivity, as well as protected private virtual networks in the cloud.
Windows Azure Example
demo How does it look like in Azure
Migration
Migration DirSync: 1. Shutdown DirSync on Premise 2. Install DirSync on Azure 3. Configure DirSync on Azure 4. Uninstall DirSync on Azure ADFS: 1. Convert all ADFS Domains to Standard Domains 2. Logon to primary ADFS on Azure 3. Convert all Standard Domains back to Federated Domains
Q&A
Thank you! Twitter: @jseghers

Recommended

Deploying .net application using VSTS on ACS in kubernetes
Deploying .net application using VSTS on ACS in kubernetesDeploying .net application using VSTS on ACS in kubernetes
Deploying .net application using VSTS on ACS in kubernetes
girish goudar
 
Secure Hadoop clusters on Windows platform
Secure Hadoop clusters on Windows platformSecure Hadoop clusters on Windows platform
Secure Hadoop clusters on Windows platform
Remus Rusanu
 
Microservices using .Net core
Microservices using .Net coreMicroservices using .Net core
Microservices using .Net core
girish goudar
 
Secure Hadoop as a Service - Session Sponsored by Intel
Secure Hadoop as a Service - Session Sponsored by IntelSecure Hadoop as a Service - Session Sponsored by Intel
Secure Hadoop as a Service - Session Sponsored by Intel
Amazon Web Services
 
Cloud Computing101 Azure, updated june 2017
Cloud Computing101 Azure, updated june 2017Cloud Computing101 Azure, updated june 2017
Cloud Computing101 Azure, updated june 2017
Fernando Mejía
 
Azure AD Connect
Azure AD ConnectAzure AD Connect
Azure AD Connect
Sasha Rosenbaum
 
Windows Azure Diagnostics
Windows Azure DiagnosticsWindows Azure Diagnostics
Windows Azure Diagnostics
Neil Mackenzie
 
How Microsoft learned to love Java
How Microsoft learned to love JavaHow Microsoft learned to love Java
How Microsoft learned to love Java
Brian Benz
 

Recommended

Deploying .net application using VSTS on ACS in kubernetes
Deploying .net application using VSTS on ACS in kubernetesDeploying .net application using VSTS on ACS in kubernetes
Deploying .net application using VSTS on ACS in kubernetes
girish goudar
 
Secure Hadoop clusters on Windows platform
Secure Hadoop clusters on Windows platformSecure Hadoop clusters on Windows platform
Secure Hadoop clusters on Windows platform
Remus Rusanu
 
Microservices using .Net core
Microservices using .Net coreMicroservices using .Net core
Microservices using .Net core
girish goudar
 
Secure Hadoop as a Service - Session Sponsored by Intel
Secure Hadoop as a Service - Session Sponsored by IntelSecure Hadoop as a Service - Session Sponsored by Intel
Secure Hadoop as a Service - Session Sponsored by Intel
Amazon Web Services
 
Cloud Computing101 Azure, updated june 2017
Cloud Computing101 Azure, updated june 2017Cloud Computing101 Azure, updated june 2017
Cloud Computing101 Azure, updated june 2017
Fernando Mejía
 
Azure AD Connect
Azure AD ConnectAzure AD Connect
Azure AD Connect
Sasha Rosenbaum
 
Windows Azure Diagnostics
Windows Azure DiagnosticsWindows Azure Diagnostics
Windows Azure Diagnostics
Neil Mackenzie
 
How Microsoft learned to love Java
How Microsoft learned to love JavaHow Microsoft learned to love Java
How Microsoft learned to love Java
Brian Benz
 
Azure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTAzure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPT
Radhakrishnan Govindan
 
Storage and Archiving Options on AWS
Storage and Archiving Options on AWS Storage and Archiving Options on AWS
Storage and Archiving Options on AWS
Amazon Web Services
 
Introduction to Windows Azure
Introduction to Windows AzureIntroduction to Windows Azure
Introduction to Windows Azure
Ravi Ranjan Karn
 
Aws managed microsoft ad
Aws managed microsoft adAws managed microsoft ad
Aws managed microsoft ad
Subramanyam Vemala
 
04 Azure IAAS 101
04 Azure IAAS 10104 Azure IAAS 101
04 Azure IAAS 101
Herman Keijzer
 
Understanding Azure AD Webinar Presentation
Understanding Azure AD Webinar PresentationUnderstanding Azure AD Webinar Presentation
Understanding Azure AD Webinar Presentation
New Horizons Ireland
 
Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013
Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013
Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013
RightScale
 
Microsoft Azure Ağ Servisleri
Microsoft Azure Ağ ServisleriMicrosoft Azure Ağ Servisleri
Microsoft Azure Ağ Servisleri
Önder Değer
 
O'Reilly Webcast: Architecting Applications For The Cloud
O'Reilly Webcast: Architecting Applications For The CloudO'Reilly Webcast: Architecting Applications For The Cloud
O'Reilly Webcast: Architecting Applications For The Cloud
O'Reilly Media
 
Azure SQL Database
Azure SQL Database Azure SQL Database
Azure SQL Database
nj-azure
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active Directory
Önder Değer
 
Azure service fabric
Azure service fabricAzure service fabric
Azure service fabric
Fernando Mejía
 
Using Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management ChallengesUsing Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management Challenges
Michael Collier
 
Azure deployments and ARM templates
Azure deployments and ARM templatesAzure deployments and ARM templates
Azure deployments and ARM templates
gjuljo
 
Tokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup #5 - Microservices and Azure Service FabricTokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
Taswar Bhatti
 
Amazon Virtual Private Cloud - VPC 2
Amazon Virtual Private Cloud - VPC 2Amazon Virtual Private Cloud - VPC 2
Amazon Virtual Private Cloud - VPC 2
AWS Riyadh User Group
 
AWS Messaging
AWS MessagingAWS Messaging
AWS Messaging
AWS Riyadh User Group
 
Azure Virtual Machines Deployment Scenarios
Azure Virtual Machines Deployment ScenariosAzure Virtual Machines Deployment Scenarios
Azure Virtual Machines Deployment Scenarios
Brian Benz
 
IBM Cloud Object Storage
IBM Cloud Object StorageIBM Cloud Object Storage
IBM Cloud Object Storage
Nagesh Ramamoorthy
 
Sa corporate brochure 2014 (1)
Sa corporate brochure 2014 (1)Sa corporate brochure 2014 (1)
Sa corporate brochure 2014 (1)
Security Alliance
 
Exchange Data Loss Prevention in Exchange 2013 - Exchange Online
Exchange Data Loss Prevention in Exchange 2013 - Exchange OnlineExchange Data Loss Prevention in Exchange 2013 - Exchange Online
Exchange Data Loss Prevention in Exchange 2013 - Exchange Online
Jethro Seghers
 

More Related Content

What's hot

Storage and Archiving Options on AWS
Storage and Archiving Options on AWS Storage and Archiving Options on AWS
Storage and Archiving Options on AWS
Amazon Web Services
 
Using Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management ChallengesUsing Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management Challenges
Michael Collier
 
Tokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup #5 - Microservices and Azure Service FabricTokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup
 

What's hot (20)

Azure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTAzure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPT
 
Storage and Archiving Options on AWS
Storage and Archiving Options on AWS Storage and Archiving Options on AWS
Storage and Archiving Options on AWS
 
Introduction to Windows Azure
Introduction to Windows AzureIntroduction to Windows Azure
Introduction to Windows Azure
 
Aws managed microsoft ad
Aws managed microsoft adAws managed microsoft ad
Aws managed microsoft ad
 
04 Azure IAAS 101
04 Azure IAAS 10104 Azure IAAS 101
04 Azure IAAS 101
 
Understanding Azure AD Webinar Presentation
Understanding Azure AD Webinar PresentationUnderstanding Azure AD Webinar Presentation
Understanding Azure AD Webinar Presentation
 
Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013
Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013
Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013
 
Microsoft Azure Ağ Servisleri
Microsoft Azure Ağ ServisleriMicrosoft Azure Ağ Servisleri
Microsoft Azure Ağ Servisleri
 
O'Reilly Webcast: Architecting Applications For The Cloud
O'Reilly Webcast: Architecting Applications For The CloudO'Reilly Webcast: Architecting Applications For The Cloud
O'Reilly Webcast: Architecting Applications For The Cloud
 
Azure SQL Database
Azure SQL Database Azure SQL Database
Azure SQL Database
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active Directory
 
Azure service fabric
Azure service fabricAzure service fabric
Azure service fabric
 
Using Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management ChallengesUsing Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management Challenges
 
Azure deployments and ARM templates
Azure deployments and ARM templatesAzure deployments and ARM templates
Azure deployments and ARM templates
 
Tokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup #5 - Microservices and Azure Service FabricTokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup #5 - Microservices and Azure Service Fabric
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
 
Amazon Virtual Private Cloud - VPC 2
Amazon Virtual Private Cloud - VPC 2Amazon Virtual Private Cloud - VPC 2
Amazon Virtual Private Cloud - VPC 2
 
AWS Messaging
AWS MessagingAWS Messaging
AWS Messaging
 
Azure Virtual Machines Deployment Scenarios
Azure Virtual Machines Deployment ScenariosAzure Virtual Machines Deployment Scenarios
Azure Virtual Machines Deployment Scenarios
 
IBM Cloud Object Storage
IBM Cloud Object StorageIBM Cloud Object Storage
IBM Cloud Object Storage
 

Viewers also liked

Exchange Data Loss Prevention in Exchange 2013 - Exchange Online
Exchange Data Loss Prevention in Exchange 2013 - Exchange OnlineExchange Data Loss Prevention in Exchange 2013 - Exchange Online
Exchange Data Loss Prevention in Exchange 2013 - Exchange Online
Jethro Seghers
 
Protect your online with IRMS
Protect your online with IRMSProtect your online with IRMS
Protect your online with IRMS
Jethro Seghers
 

Viewers also liked (6)

Sa corporate brochure 2014 (1)
Sa corporate brochure 2014 (1)Sa corporate brochure 2014 (1)
Sa corporate brochure 2014 (1)
 
Exchange Data Loss Prevention in Exchange 2013 - Exchange Online
Exchange Data Loss Prevention in Exchange 2013 - Exchange OnlineExchange Data Loss Prevention in Exchange 2013 - Exchange Online
Exchange Data Loss Prevention in Exchange 2013 - Exchange Online
 
Emerald Group Frankfurt - Corporate Brochure
Emerald Group Frankfurt - Corporate BrochureEmerald Group Frankfurt - Corporate Brochure
Emerald Group Frankfurt - Corporate Brochure
 
Protect your online with IRMS
Protect your online with IRMSProtect your online with IRMS
Protect your online with IRMS
 
enParadigm Corporate Brochure
enParadigm Corporate BrochureenParadigm Corporate Brochure
enParadigm Corporate Brochure
 
SPEDUC: SharePoint on Premises vs Online for Education
SPEDUC: SharePoint on Premises vs Online for EducationSPEDUC: SharePoint on Premises vs Online for Education
SPEDUC: SharePoint on Premises vs Online for Education
 

Similar to Supporting architecture office 365 on windows azure

Simplify hybrid data integration at an enterprise scale. Integrate all your d...
Simplify hybrid data integration at an enterprise scale. Integrate all your d...Simplify hybrid data integration at an enterprise scale. Integrate all your d...
Simplify hybrid data integration at an enterprise scale. Integrate all your d...
varanasisatyanvesh
 
6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure
C/D/H Technology Consultants
 
Get your Hybrid Identity in 4 steps with Azure AD Connect
Get your Hybrid Identity in 4 steps with Azure AD ConnectGet your Hybrid Identity in 4 steps with Azure AD Connect
Get your Hybrid Identity in 4 steps with Azure AD Connect
Ronny de Jong
 
Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...
Nordic Infrastructure Conference
 

Similar to Supporting architecture office 365 on windows azure (20)

Simplify hybrid data integration at an enterprise scale. Integrate all your d...
Simplify hybrid data integration at an enterprise scale. Integrate all your d...Simplify hybrid data integration at an enterprise scale. Integrate all your d...
Simplify hybrid data integration at an enterprise scale. Integrate all your d...
 
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365
 
Building Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stackBuilding Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stack
 
Adelaide Global Azure Bootcamp 2018 - Azure 101
Adelaide Global Azure Bootcamp 2018 - Azure 101Adelaide Global Azure Bootcamp 2018 - Azure 101
Adelaide Global Azure Bootcamp 2018 - Azure 101
 
ECS19 - Mustafa Toroman, Sasa Kranjac - SOUP TO NUTS: MICROSOFT AZURE POWERCLASS
ECS19 - Mustafa Toroman, Sasa Kranjac - SOUP TO NUTS: MICROSOFT AZURE POWERCLASSECS19 - Mustafa Toroman, Sasa Kranjac - SOUP TO NUTS: MICROSOFT AZURE POWERCLASS
ECS19 - Mustafa Toroman, Sasa Kranjac - SOUP TO NUTS: MICROSOFT AZURE POWERCLASS
 
Office 365 Identity Management - SMBNation 2015
Office 365 Identity Management - SMBNation 2015Office 365 Identity Management - SMBNation 2015
Office 365 Identity Management - SMBNation 2015
 
KoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersKoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginners
 
2014.10.22 Building Azure Solutions with Office 365
2014.10.22 Building Azure Solutions with Office 3652014.10.22 Building Azure Solutions with Office 365
2014.10.22 Building Azure Solutions with Office 365
 
Amazon WorkSpaces - Fully Managed Desktops in the Cloud
Amazon WorkSpaces - Fully Managed Desktops in the CloudAmazon WorkSpaces - Fully Managed Desktops in the Cloud
Amazon WorkSpaces - Fully Managed Desktops in the Cloud
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
 
Azure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSOAzure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSO
 
6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure
 
Amazon WorkSpaces - Fully Managed Desktops in the Cloud
Amazon WorkSpaces - Fully Managed Desktops in the Cloud Amazon WorkSpaces - Fully Managed Desktops in the Cloud
Amazon WorkSpaces - Fully Managed Desktops in the Cloud
 
Get your Hybrid Identity in 4 steps with Azure AD Connect
Get your Hybrid Identity in 4 steps with Azure AD ConnectGet your Hybrid Identity in 4 steps with Azure AD Connect
Get your Hybrid Identity in 4 steps with Azure AD Connect
 
Building Azure RemoteApp - Microsoft Campus Days 2014
Building Azure RemoteApp - Microsoft Campus Days 2014Building Azure RemoteApp - Microsoft Campus Days 2014
Building Azure RemoteApp - Microsoft Campus Days 2014
 
Building Intelligent Cloud with Microsoft Azure
Building Intelligent Cloud with Microsoft AzureBuilding Intelligent Cloud with Microsoft Azure
Building Intelligent Cloud with Microsoft Azure
 
6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure
 
6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure
 
Amazon WorkSpaces - Fully Managed Desktops in the Cloud
Amazon WorkSpaces - Fully Managed Desktops in the Cloud Amazon WorkSpaces - Fully Managed Desktops in the Cloud
Amazon WorkSpaces - Fully Managed Desktops in the Cloud
 
Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...
 

More from Jethro Seghers

SharePoint 2013 in a hybrid world
SharePoint 2013 in a hybrid worldSharePoint 2013 in a hybrid world
SharePoint 2013 in a hybrid world
Jethro Seghers
 
Share point 2013 in a hybrid world
Share point 2013 in a hybrid worldShare point 2013 in a hybrid world
Share point 2013 in a hybrid world
Jethro Seghers
 
Preparing for an Exchange 2013 Hybrid
Preparing for an Exchange 2013 HybridPreparing for an Exchange 2013 Hybrid
Preparing for an Exchange 2013 Hybrid
Jethro Seghers
 
Supporting architecture for office 365 spo
Supporting architecture for office 365 spoSupporting architecture for office 365 spo
Supporting architecture for office 365 spo
Jethro Seghers
 

More from Jethro Seghers (8)

SharePoint 2013 in a hybrid world
SharePoint 2013 in a hybrid worldSharePoint 2013 in a hybrid world
SharePoint 2013 in a hybrid world
 
Office365 BI
Office365 BIOffice365 BI
Office365 BI
 
Share point 2013 in a hybrid world
Share point 2013 in a hybrid worldShare point 2013 in a hybrid world
Share point 2013 in a hybrid world
 
Preparing for an Exchange 2013 Hybrid
Preparing for an Exchange 2013 HybridPreparing for an Exchange 2013 Hybrid
Preparing for an Exchange 2013 Hybrid
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
 
SharePoint 2013 in a hybrid world
SharePoint 2013 in a hybrid worldSharePoint 2013 in a hybrid world
SharePoint 2013 in a hybrid world
 
Supporting architecture for office 365 spo
Supporting architecture for office 365 spoSupporting architecture for office 365 spo
Supporting architecture for office 365 spo
 
Adfs azure
Adfs azureAdfs azure
Adfs azure
 

Recently uploaded

Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
David Michel
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
ScyllaDB
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
CzechDreamin
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 

Recently uploaded (20)

Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdf
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 

Supporting architecture office 365 on windows azure

  • 1. #comdaybe Supporting Architecture Office 365 on Windows Azure - IaaS J-Solutions - Flexamit Jethro Seghers
  • 3. Agenda • Different types of Identity • Supporting Architecture • Different Deployments • Windows Azure IaaS • ADFS + DirSync + Azure • Migration • Q&A
  • 5. Introduction to identity options 1. MS Online IDs Appropriate for • Smaller organizations without AD on-premise Pros • No servers required on- premise Cons • No SSO • No 2FA (strong authentication) • 2 sets of credentials to manage with differing password policies • Users and groups mastered in the cloud 2. MS Online IDs + Dir Sync Appropriate for • Orgs with AD on-premise Pros • Users and groups mastered on- premise • Enables co-existence scenarios Cons • No SSO – BUT PASSWORD SYNC • No 2FA • 2 sets of credentials to manage with differing password policies • Single server deployment 3. Federated IDs + Dir Sync Appropriate for • Larger enterprise organizations with AD on-premise Pros • SSO with corporate cred • Users and groups mastered on- premise • Password policy controlled on- premise • 2FA solutions possible • Enables co-existence scenarios Cons • High availability server deployments required
  • 7. What is DirSync? • “…is a Directory Synchronization engine based on Forefront Identity Manager (FIM) that will synchronize a subset of your on- premise Active Directory with Windows Azure Active Directory (Office 365).”
  • 8. Why use DirSync? Long term coexistence between Active Directory On Premise and Windows Azure Active Directory. (Easy/quick provisioning*) Single place for managing identities including: • Users • Groups • Memberships • … Enabler for Hybrid Deployments (required) • Two-way Directory Synchronization
  • 9. Deployment Considerations Active Directory Assessment • Prerequisites check (Readiness Tool) Topology • Single Forest? • Multiple Domains? Security • Firewalls, Permissions 64-bit only! De/Activation time; can take some time to complete Object filtering required? SQL Version - Windows 2012 Server Supported
  • 10. DirSync How does DirSync work? Active Directory METAVERSE
  • 11. What objects are synced? From AD to Office 365: http://support.microsoft.com/kb/2256198 From Office 365 to AD (aka write-back): Write-Back attribute Exchange "full fidelity" feature SafeSendersHash BlockedSendersHash SafeRecipientHash Filtering: Writes back on-premises filtering and online safe and blocked sender data from clients. msExchArchiveStatus Online Archive: Enables customers to archive mail. ProxyAddresses (LegacyExchangeDN <online LegacyDn> as X500) Enable Mailbox: Off-boards an online mailbox back to on- premises Exchange. msExchUCVoiceMailSettings Enable Unified Messaging (UM) - Online voice mail: This new attribute is used only for UM-Microsoft Lync Server 2010 integration to indicate to Lync Server 2010 on- premises that the user has voice mail in online services.
  • 13. ADFS: On Premise Topology Enterprise DMZ AD FS 2.0 Server Proxy Internal user Active Directory AD FS 2.0 Server AD FS 2.0 Server AD FS 2.0 Server Proxy
  • 14. ADFS: On Premise Topology Enterprise DMZ AD FS 2.0 Server Proxy Internal user Active Directory AD FS 2.0 Server AD FS 2.0 Server AD FS 2.0 Server Proxy
  • 15. ADFS: Hybrid Topology: IAAS Enterprise Internal user Active Directory AD FS 2.0 Server AD FS 2.0 Server IAAS External user Active Directory AD FS 2.0 Server AD FS 2.0 Server
  • 16. ADFS: Hybrid Topology: IAAS Enterprise Internal user Active Directory AD FS 2.0 Server IAAS External user Active Directory AD FS 2.0 Server
  • 17. ADFS: Cloud Topology: IAAS IAAS Internal External user Active Directory AD FS 2.0 Server AD FS 2.0 Server
  • 19. Windows Azure & ADFS • Virtual Network Support – Site to Site VPN • Computing: 99,95% SLA Uptime for High Available System – 99,9% SLA Uptime for Single System • Storage: 99,9% • Full Control over your Virtual Machines • Pay as you Go, OPEX vs CAPEX • PowerShell Support
  • 20. Windows Azure: Terminology Cloud Service: Role which several VM’s take upon themselves to execute. E.G. ADFS. Cloud services need to have two instances or more to quality for the SLA of 99,95%. 1 External Virtual IP Address per Cloud Service Availability Set
  • 21. Windows Azure: Terminology EndPoints: You need to add an endpoint to a machine for other resources on the Internet or other virtual networks to communicate with it. You can associate specific ports and a protocol to endpoints. Resources can connect to an endpoint by using a protocol of TCP or UDP. The TCP protocol includes HTTP and HTTPS communication. Virtual Network enables you to create secure site-to-site connectivity, as well as protected private virtual networks in the cloud.
  • 23. demo How does it look like in Azure
  • 25. Migration DirSync: 1. Shutdown DirSync on Premise 2. Install DirSync on Azure 3. Configure DirSync on Azure 4. Uninstall DirSync on Azure ADFS: 1. Convert all ADFS Domains to Standard Domains 2. Logon to primary ADFS on Azure 3. Convert all Standard Domains back to Federated Domains
  • 26. Q&A

Editor's Notes

  1. * Using DirSync for only provisioning is NOT supported!
  2. Note: Passwords are NOT synced. If you want to use your on-premise passwords in Office 365/Azure, you will have to deploy ADFS.Future release of DirSync might support Password Synchronization** Functionality nor a release date have been confirmed by Microsoft. As far as I understood, this sync will not really sync the password, but it will rather use the password’s hash