Identity management for cloud deployed applications can be a challenge. Often users will want to leverage an existing social network or corporate identity. Now we have to worry about dealing with multiple APIs, any updates to those APIs, or the addition of new identity providers. Windows Azure Access Control Services offers a better way! ACS allows for federated user authentication via popular social networks and Active Directory. In this session we’ll provide a crash course in claims as they relate to identity management. We’ll discuss why claims are important and how to add additional claims beyond what is provided by the identity providers. We'll also take a look at Windows Azure Active Directory and see how to manage corporate identities in the cloud.
Automating Your Microsoft Azure Environment (DevLink 2014)Michael Collier
Discussion of various automation options available in the Microsoft Azure platform - Azure Automation, PowerShell, Azure Management Libraries, Azure Resource Manager, and Brewmaster.
Learn how to leverage various tools to quickly and consistently create full environments in minutes.
Like most things in life, there's an easy way and a hard way. The same holds true when working in cloud environments such as Microsoft Azure. The Azure management portal and Visual Studio can be great for relatively simple projects, but quickly become tedious when trying to create the multiple resources that often make up a real-world solution. This session will demonstrate how to leverage various tools, such as PowerShell, Azure Resource Manager, Azure Automation, and the Azure Management Library, to quickly and consistently create full environments in minutes.
You will learn:
- How to use Azure Management Library to create various Azure assets
- How to use Azure PowerShell cmdlets to query Azure services, deploy VMs and Cloud Services
- How to leverage Azure Automation to reduce operating costs and other management tasks
Windows Azure for Developers - Service ManagementMichael Collier
With the Windows Azure Service Management API we can control nearly all aspects of a Windows Azure deployment. This allows us to easily manage areas such as deployments, service upgrades, and subscription management. Additionally, with the PowerShell cmdlets we gain even greater power over the management of a Windows Azure service. In this webcast, we will take a look at managing a Windows Azure service from a developer's point of view. We'll look at using both the Windows Azure Service Management API and PowerShell cmdlets to exercise control over our Windows Azure services.
Automating Your Microsoft Azure Environment (DevLink 2014)Michael Collier
Discussion of various automation options available in the Microsoft Azure platform - Azure Automation, PowerShell, Azure Management Libraries, Azure Resource Manager, and Brewmaster.
Learn how to leverage various tools to quickly and consistently create full environments in minutes.
Like most things in life, there's an easy way and a hard way. The same holds true when working in cloud environments such as Microsoft Azure. The Azure management portal and Visual Studio can be great for relatively simple projects, but quickly become tedious when trying to create the multiple resources that often make up a real-world solution. This session will demonstrate how to leverage various tools, such as PowerShell, Azure Resource Manager, Azure Automation, and the Azure Management Library, to quickly and consistently create full environments in minutes.
You will learn:
- How to use Azure Management Library to create various Azure assets
- How to use Azure PowerShell cmdlets to query Azure services, deploy VMs and Cloud Services
- How to leverage Azure Automation to reduce operating costs and other management tasks
Windows Azure for Developers - Service ManagementMichael Collier
With the Windows Azure Service Management API we can control nearly all aspects of a Windows Azure deployment. This allows us to easily manage areas such as deployments, service upgrades, and subscription management. Additionally, with the PowerShell cmdlets we gain even greater power over the management of a Windows Azure service. In this webcast, we will take a look at managing a Windows Azure service from a developer's point of view. We'll look at using both the Windows Azure Service Management API and PowerShell cmdlets to exercise control over our Windows Azure services.
Windows Azure for Developers - Building Block ServicesMichael Collier
Learn about the next generation building block services available in Windows Azure that help to create connected, secure, and reliable services.
With services such as Caching, Service Bus (relay, queues, and topics), and Access Control Services (ACS) developers can focus more on building great solutions and less on plumbing services necessary to do so. In this webcast, we will take a look at many of the additional services offered as part of Windows Azure. We'll see just how easy it can be to add scalable caching with Windows Azure Caching, create robust connected solutions with the Service Bus, and secure applications with ACS.
10 Ways to Gaurantee Your Azure Project will FailMichael Collier
Most conference presentations will share “best practices”. That’s not this presentation. In this session we'll discuss what NOT to do. These surefire fail activities are inspired from real customer engagements (names changed to protect the innocent). Looking at the unsuccessful architecture and development patterns of others can help us not repeat the same mistakes in future cloud projects.
-- This was originally presented at StirTrek 2014. --
Identity and Access (AD), Azure and Office 365: Building a Single Page Application (SPA) with ASP.NET Web API and Angular.js using Azure Active Directory to Log in Users
Agenda:
What is AAD Connect?
Features provided with AAD Connect
Syncing your on-premises identities using AAD Connect
Setting up AAD Connect
Conclusion
The demos and presentations that show you how awesome a certain technology is are certainly exciting. But, let’s be real – there are often times when the demo “happy path” doesn’t work for real-world projects. Creating production ready Windows Azure applications often require deviating from the “next, next, publish, magic, let’s party” path often seen. In this session we will pull back the curtains on common Windows Azure scenarios such as debugging and diagnostics, environment setup, build and deployment process, Access Control Services (ACS), and role upgrades – just to name a few. Coming away from this session you’ll have gained valuable, real-world inspired knowledge you can apply to your Windows Azure applications right now!
Unlock new and powerful ways to manage your Azure resources.
Keeping track of all the various resources used by a solution is a daunting task. There needs to be an easier way to combine various resources into logical groups. The Azure Resource Manager enables you to group and manage multiple resources as a single logical group. With the ability to create reusable templates, it becomes much easier to consistently deploy solutions. In this session we will explore how the Azure Resource Manager can be used to better manage our Azure solutions. We will dive deep into creating resources and manipulating the Resource Manager templates. In the end, you'll be able to unlock new and powerful ways to manage your Azure resources.
You will learn:
- How to create and manage Resource Groups from PowerShell and the Cross-Platform Command-Line Interface
- How to create custom Azure Resource Manager templates
- How to manage security for resources using Azure Resource Manager and Azure Active Directory
The Windows Azure platform is a fairly feature rich environment. You can run your web applications there. You can run your data processing applications (services) there. But you don’t have to run your entire application there. You can run part of your application in “the cloud”, and part of your application on premise – giving you the best of both worlds. But why would you not put everything in the cloud? Perhaps you don’t need the massive computing power Windows Azure provides, but you would like a cheap an easily accessible data store. Maybe your application just isn’t ready, yet, to be run in the cloud. Whatever the reason, in this session you will learn the basics for creating a hybrid application which leverages various features of Windows Azure. You will see how to leverage Windows Azure’s rich features and APIs to extend your application to new heights.
Stephane Lapointe, Frank Boucher & Alexandre Brisebois: Les micro-services et...MSDEVMTL
16 Avril 2016
Groupe Azure
Sujet: Les micro-services et Azure Service Fabric
Conférenciers: Alexandre Brisebois, Microsoft, Stéphane Lapointe, Orckestra et Frank Boucher, Lixar IT
Nous vous proposons une journée complète sur les micro-services et Azure Service Fabric, le but étant d'appendre la théorie avec une série de présentations pour ensuite concrétiser le tout avec une partie pratique "hands-on" et des labs.
Pour participer, vous devrez obligatoirement apporter votre ordinateur portable, avoir installé Visual Studio 2015 Update 2 et Service Fabric SDK 2.0.135.
[Mustafa Toroman, Saša Kranjac] More and more services we use every day are moving to cloud. This creates many challenges, especially if we look at things from security point of view. Taking services out of our datacenter, opens our data and services to new kind of threats but fortunately new tools are available to protect us. See from both perspectives how attackers can try to exploit our journey to cloud and how can we detect threats and stop attacks before they occur. We will show examples how Red Team attacks our Cloud and how Blue Team can detect and stop Red Team.
Enter The Matrix Securing Azure’s AssetsBizTalk360
This talk is mainly on the security aspects of Azure, in any context. you’ll get an overview on where security is handled, some practices and how to monitor and act accordingly to certain threats and issues. It will focus on IaaS, PaaS and SaaS. As security is an integral part of an environment, the integration aspect is not far away. Focus products include Azure and all related services.
Azure Active Directory (AD) is a directory as a service on Microsoft Azure. More than the cloud identity Azure AD provides a platform to build cloud applications with multi tenancy support. A flexible authentication systems which enables developers to leverage the cloud identity model and develop applications at ease. The session will walk you through on the basics of Azure AD and how to develop .NET applications using Azure AD.
Windows Azure for Developers - Building Block ServicesMichael Collier
Learn about the next generation building block services available in Windows Azure that help to create connected, secure, and reliable services.
With services such as Caching, Service Bus (relay, queues, and topics), and Access Control Services (ACS) developers can focus more on building great solutions and less on plumbing services necessary to do so. In this webcast, we will take a look at many of the additional services offered as part of Windows Azure. We'll see just how easy it can be to add scalable caching with Windows Azure Caching, create robust connected solutions with the Service Bus, and secure applications with ACS.
10 Ways to Gaurantee Your Azure Project will FailMichael Collier
Most conference presentations will share “best practices”. That’s not this presentation. In this session we'll discuss what NOT to do. These surefire fail activities are inspired from real customer engagements (names changed to protect the innocent). Looking at the unsuccessful architecture and development patterns of others can help us not repeat the same mistakes in future cloud projects.
-- This was originally presented at StirTrek 2014. --
Identity and Access (AD), Azure and Office 365: Building a Single Page Application (SPA) with ASP.NET Web API and Angular.js using Azure Active Directory to Log in Users
Agenda:
What is AAD Connect?
Features provided with AAD Connect
Syncing your on-premises identities using AAD Connect
Setting up AAD Connect
Conclusion
The demos and presentations that show you how awesome a certain technology is are certainly exciting. But, let’s be real – there are often times when the demo “happy path” doesn’t work for real-world projects. Creating production ready Windows Azure applications often require deviating from the “next, next, publish, magic, let’s party” path often seen. In this session we will pull back the curtains on common Windows Azure scenarios such as debugging and diagnostics, environment setup, build and deployment process, Access Control Services (ACS), and role upgrades – just to name a few. Coming away from this session you’ll have gained valuable, real-world inspired knowledge you can apply to your Windows Azure applications right now!
Unlock new and powerful ways to manage your Azure resources.
Keeping track of all the various resources used by a solution is a daunting task. There needs to be an easier way to combine various resources into logical groups. The Azure Resource Manager enables you to group and manage multiple resources as a single logical group. With the ability to create reusable templates, it becomes much easier to consistently deploy solutions. In this session we will explore how the Azure Resource Manager can be used to better manage our Azure solutions. We will dive deep into creating resources and manipulating the Resource Manager templates. In the end, you'll be able to unlock new and powerful ways to manage your Azure resources.
You will learn:
- How to create and manage Resource Groups from PowerShell and the Cross-Platform Command-Line Interface
- How to create custom Azure Resource Manager templates
- How to manage security for resources using Azure Resource Manager and Azure Active Directory
The Windows Azure platform is a fairly feature rich environment. You can run your web applications there. You can run your data processing applications (services) there. But you don’t have to run your entire application there. You can run part of your application in “the cloud”, and part of your application on premise – giving you the best of both worlds. But why would you not put everything in the cloud? Perhaps you don’t need the massive computing power Windows Azure provides, but you would like a cheap an easily accessible data store. Maybe your application just isn’t ready, yet, to be run in the cloud. Whatever the reason, in this session you will learn the basics for creating a hybrid application which leverages various features of Windows Azure. You will see how to leverage Windows Azure’s rich features and APIs to extend your application to new heights.
Stephane Lapointe, Frank Boucher & Alexandre Brisebois: Les micro-services et...MSDEVMTL
16 Avril 2016
Groupe Azure
Sujet: Les micro-services et Azure Service Fabric
Conférenciers: Alexandre Brisebois, Microsoft, Stéphane Lapointe, Orckestra et Frank Boucher, Lixar IT
Nous vous proposons une journée complète sur les micro-services et Azure Service Fabric, le but étant d'appendre la théorie avec une série de présentations pour ensuite concrétiser le tout avec une partie pratique "hands-on" et des labs.
Pour participer, vous devrez obligatoirement apporter votre ordinateur portable, avoir installé Visual Studio 2015 Update 2 et Service Fabric SDK 2.0.135.
[Mustafa Toroman, Saša Kranjac] More and more services we use every day are moving to cloud. This creates many challenges, especially if we look at things from security point of view. Taking services out of our datacenter, opens our data and services to new kind of threats but fortunately new tools are available to protect us. See from both perspectives how attackers can try to exploit our journey to cloud and how can we detect threats and stop attacks before they occur. We will show examples how Red Team attacks our Cloud and how Blue Team can detect and stop Red Team.
Enter The Matrix Securing Azure’s AssetsBizTalk360
This talk is mainly on the security aspects of Azure, in any context. you’ll get an overview on where security is handled, some practices and how to monitor and act accordingly to certain threats and issues. It will focus on IaaS, PaaS and SaaS. As security is an integral part of an environment, the integration aspect is not far away. Focus products include Azure and all related services.
Azure Active Directory (AD) is a directory as a service on Microsoft Azure. More than the cloud identity Azure AD provides a platform to build cloud applications with multi tenancy support. A flexible authentication systems which enables developers to leverage the cloud identity model and develop applications at ease. The session will walk you through on the basics of Azure AD and how to develop .NET applications using Azure AD.
Information security in office 365 a shared responsibility - antonio maioAntonioMaio2
There is no denying that Office 365 can make us highly productive, sharing and collaborating with coworkers, partners and clients. But, does it take care of our security and compliance issues? Is our data secure in Office 365? Yes, and no. The security of our information in Office 365 is a shared responsibility between Microsoft (the cloud provider) and us (the customers). Office 365 is a secure platform, but to truly secure our data we must make effective use of the security capabilities and features provided within the platform. We must also have strong information governance structures in place to control how information is shared and accessed through the platform. This session will provide a detailed review of the Office 365 Security and Compliance Center, including how to use the built in capabilities for alerts, data loss prevention policies, activity audit logs, advanced security management and customer lockbox. We'll also review recommended information governance and security practices based on customer experiences to help you effectively secure your information in Office 365 and uphold your end of the shared responsibility.
Build and Deploy LightSwitch Application on Windows AzureK.Mohamed Faizal
Visual Studio LightSwitch is the simplest way to build business applications for the desktop and cloud. LightSwitch simplifies the development process by letting you concentrate on the business logic, while LightSwitch handles the common tasks for you.
In this session you see the demo, Which shows you end-to-end, how to build and deploy a data-centric business application using LightSwitch and deploy to Windows Azure
Inspired by one of the Windows Azure gods (Wade Wegner), Maarten decided to order a homebrewing starter kit. Being a total cloud fanboy, he decided to hook those delicious creations to the cloud. Join Maarten and discover how you can connect a variety of devices (like *duino) and USB temperature sensors to Windows Azure to monitor brewing and fermentation temperatures. He'll show you how to do distributed brewing in this fun yet practical session on an interesting use case for the cloud: beer.
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...Amazon Web Services
Windows workloads are often the backbone of the data center and AWS Consulting Partners are responsible for the design, deployment, maintenance, and operation of these infrastructures. Deploying and operating a common set of management tooling is challenging and becomes even harder as you try to onboard new customers at scale. In this session, we discuss patterns for deploying a common shared infrastructure to host your management and backend assets. We dive deep on various components of the windows toolkit like core VPC, Active Directory, management tools, and finally a development pipeline. You walk away knowing how to design and deliver a common toolset so that you scale out instantly to any new customer workload.
In this session, learn how you evaluate, design, build, and manage distributed applications over hybrid infrastructures using Amazon Web Services. This session follows the evolution of a simple legacy data center expansion with basic connectivity into managing complex hybrid applications. Along the way, we investigate best practice designs in use by AWS customers. Topics covered include interconnectivity, availability, security, and hybrid networks with Amazon VPC and AWS Direct Connect, as well as automated provisioning with AWS CloudFormation and configuration management with AWS OpsWorks.
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
This session will teach you everything that you need to know in order to understand SharePoint Apps, authentication and authorization. Learn about the different type of Apps, the underlying Apps architecture and how to configure an on-premises environment to support Apps. Also you will learn about the different authentications options available for integrating apps, devices, and applications for on-prem scenarios, in the cloud and hybrid.
The Skype for Business (Lync) apps are one of the ubiquitous aspect of the product. Mobility is cross platform (Android, IOS and Windows are supported), has specific requirements and (in Skype for Business) adds some specific limits for clients on authentication, security and features. As part of the default server features, mobility is now both easier and more critical to understand. In this session, we will see what has been made available for the mobile users and what will be released. Configurations, requirements and deployment suggestions will be explained for on-premises, Cloud and hybrid deployments
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio Live, Las Vegas 2013)
1. Using Windows Azure for
Solving Identity Management
Challenges
Michael S. Collier
National Architect, Cloud
Level: Intermediate
2. About Me
Michael S. Collier
National Architect, Cloud
michael.collier@neudesic.com
@MichaelCollier
www.MichaelSCollier.com
http://www.slideshare.net/buckeye01
3. Agenda
• Identity Management Challenges
• Access Control Services
– Claims
– Setup tips
– Gotcha’s
• Windows Azure Mobile Services
– Quickly leverage social identities
• Windows Azure Active Directory
– What it is
– Quick setup
– Exploring the directory graph
4. Who Are You?
• Personalization
• Business Rules
• Functionality / Features
5. Traditional Identity Management
• Windows Integrated Authentication
(Active Directory)
• Membership Provider
• Proven Approach
• Leverage WIF?
SQL
AD
My Enterprise
6. Cloud? We Have a Problem
• Multiple islands of identity
• Environment not under our physical control
• Disconnected from the enterprise (potentially)
7. Options
• Social Networks • Membership Provider
– They change . . . Often – SQL Database
– The right one? – Table Storage
– Another? – Pros
– More work! Mostly known entity
Migrate existing data
– Cons
Microsoft Account User management
Security leak
New
8. Windows Azure Access Control
Service
• No need to build your own identity management
solution.
• Authenticate (WIF – OAuth and WS-Federation)
• Claims-based authorization
• Multiple Identity Providers (ADFSv2, Google, Live
ID, etc.)
• Ability to bring your own via membership
• One to rule them all!
• Easy for your users
Windows Azure icons courtesy of David Pallmann.
9. Key ACS Concepts
• Relying Party (RP): Web application that outsources
authentication. The RP trusts that authority. The RP is
your app.
• Identity Provider (IP): Authenticates users and
issues tokens
• Token: Digitally signed security data issued after user
authenticated. Used to gain access to the RP (your
app).
• Claim: Attributes about the authenticated user (age,
birthdate, email address, name, etc.)
• Federation Provider: Intermediary between the RP
and IP. ACS is a Federation Provider.
• STS: Simple Token Service – issues tokens
containing claims. ACS is an STS
10. Authentication Workflow
Identity Access
Browser Application
Provider Control
1. Request Resource
2. Redirect to Identity Provider
4. Authenticate &
3. Login
Issue Token
5. Redirect to AC service
7. Validate Token,
Run Rules Engine,
6. Send Token to ACS Issue Token
8. Redirect to RP with ACS Token 10. Validate
Token
9. Send ACS Token to Relying Party
11. Return resource representation
Courtesy Windows Azure Boot Camp
11. Claims Enrichment
• Identity Providers only provide a few claims
– Microsoft Account / Live ID provides just one (Name
Identifier)
– Facebook, Google and Yahoo! Provide at least three (email,
name, named identifier)
– ADFSv2
– http://msdn.microsoft.com/en-
us/library/windowsazure/gg185971.aspx
• Add more claims that are known to your
application
– ClaimsAuthenticationManager
13. Recap
1. Create a new ASP.NET 4.5 Web Site
a) Capture User.Identity.Name
2. Create a ACS namespace
a) Portal
b) Visual Studio tooling
3. Configure site using ‘Identity and Access’
tool in Visual Studio
a) Provide ACS namespace and management password
b) Enable desired Identity Providers (i.e. Google)
c) Configure realm, reply to address, etc.
4. Optional: Add ClaimsAuthenticationManager
5. Run it
14. Tips & Tricks
• WIF relies on the web.config file
• Problematic for staging deployments – don’t know the
URL until deployed
• Add logic to WebRole’s OnStart() to update the WIF
settings in web.config
– Read in configuration settings from .cscfg
– Update and save the web.config
– Changing .cscfg settings can cause a role recycle . . . causing
web.confg to update
15. Tips & Tricks
• Staging vs. Production
– WIF configuration in web.config
– Staging URL unknown until deployment
– Change WIF configuration in web.config during role startup
See Vittorio Bertocci’s blog post at http://blogs.msdn.com/b/vbertocci/archive/2011/05/31/edit-
and-apply-new-wif-s-config-settings-in-your-windows-azure-webrole-without-redeploying.aspx
16. Tips & Tricks
• Cookie Encryption
– DPAPI used to protect cookies sent to the client.
– DPAPI not supported in Windows Azure
– Use RsaEncryptionCookieTransform to encrypt with
same cert used for SSL.
20. Gotchas
• Single sign-out not currently supported
– Provide a sign-out link for the specific Identity Provider
• Windows Azure co-admin cannot administer
an ACS namespace
– Add Live ID, WAAD, Google, etc.
• WIF not installed on Windows Azure roles
(.NET 3.5)
– Microsoft.IdentityModel CopyLocal = true
– Install WIF via a startup task (recommended)
21. The Impact for Mobile Apps
• Social Networks – Important
– Users likely already have at least one
– Quick and easy signup
– Potential for rapid user base expansion
• Multiple identity provider choices via Windows
Azure Mobile Services
23. Recap
• Windows Azure Mobile Services app
• Developer accounts for social networks
– Microsoft Account
– Facebook
– Twitter
– Google
• Add key/secret to WAMS app
• Prompt for user authentication
await App.MobileService.LoginAsync
(MobileServiceAuthenticationProvider.Twitter);
• Optional
– Live SDK to use SSO in Windows Store apps
24. Windows Azure Active Directory
• Extends AD into the cloud
• Started as directory for Office365
• Provides single sign-on for cloud applications
• Query-able social graph (native apps too)
• Connect from any device and platform
– RESTful access to the directory
– XML/JSON request/response
• Can sync or federate on-premises AD to cloud
WAAD is in a Developer Preview status. ☺
26. The Directory
Windows Azure Active Directory
Multi-tenant directory
27. The Directory
WAAD Tenant
DirSync
On-Premises Active Directory
28. Getting Started
• Organization ID
– Office365
– Dev/Test Tenant
http://aka.ms/WAADSignup
<tenant>.onmicrosoft.com
• Windows Azure Subscription
• Microsoft ASP.NET Tools for Windows Azure
Active Directory – Visual Studio 2012
– http://go.microsoft.com/fwlink/?LinkID=282306
• Office365 / Windows Azure Active Directory
Management Cmdlets
– http://aka.ms/aadposh
30. Recap
1. Pre-reqs
a) Windows Azure AD Powershell cmdlets
b) Windows Azure AD tenant
c) Visual Studio tools
2. Create new ASP.NET 4.5 web site
3. ‘Enable Windows Azure Authentication’
a) Under ‘Project’ menu in Visual Studio
b) Authenticate with WAAD administrative account
4. Run
31. Graph API
• RESTful interface for Windows Azure AD
– Compatible with OData V3
– Use latest WCF 5.3 update (API v0.9)
– OAuth 2.0 for authentication
• Programmatic access to the directory
– DirectoryObject – User, Group, Role, Licenses,
Tenant, etc.
– Links – memberOf, directReports
• Standard HTTP methods
– GET, POST, PATCH, DELETE for directory objects
– HTTP status codes
32. Directory Permissions
• The application has rights to the directory,
not the authenticated user
• Your application == service principal
• Application Roles
– Partner Tier1 Support
– Partner Tier2 Support
– Company Administrator
– Helpdesk Administrator
– Directory Readers
– Directory Writers
– Billing Administrator
– Service Support Administrator
– User Account Administrator
36. Windows Azure Authentication
Library (WAAL)
• Simplifies authentication
• Client-side only
– Used to obtain an authentication token only; no token
validation
– Web apps/services or rich clients
• Server-side token authentication
– JSON Web Token Handler (JWT Handler)
– Samples
http://code.msdn.com
Search “aal”
Filter – Technology = Windows Azure
Visual Studio Version = VS2012
(AAL > Windows Azure > Visual Studio 2012)
37. Registering You App with WAAD
• AppPrincipalId (ServicePrincipal)
– identityConfiguration/audienceUris
– system.identityModel.services/federationConfiguration
/wsFederation
• Read this blog post by Vittorio Bertocci
– http://www.cloudidentity.com/blog/2013/01/22/group-
amp-role-claims-use-the-graph-api-to-get-back-
isinrole-and-authorize-in-windows-azure-ad-apps/
38. Registering You App with WAAD
Import-Module MSOnlineExtended -force
# Connect to the WAAD tenant. Use tenant admin credentials (same used in the MVC VS2012 tools).
<user>@<tenant>.onmicrosoft.com
Connect-MsolService
# The AppPrincipalId from the web.config
$AppPrincipalId = '9a90ed83-acff-44d7-813f-d7e724fef1aa'
# Get the Service Principal object
$servicePrincipalId = (Get-MsolServicePrincipal -AppPrincipalId $AppPrincipalId)
# Add the service principal to the appropriate role in WAAD.
Add-MsolRoleMember -RoleMemberType "ServicePrincipal" -RoleName "User Account Administrator" -
RoleMemberObjectId $servicePrincipalId.ObjectId
# Dates for which the credential is valid (1 year)
$timeNow = Get-Date
$expiryTime = $timeNow.AddYears(1)
#Generating the symmetric key
$cryptoProvider = new-object System.Security.Cryptography.RNGCryptoServiceProvider
$byteArr = new-object byte[] 32
$cryptoProvider.GetBytes($byteArr)
$signingKey = [Convert]::ToBase64String($byteArr)
Write-Output $signingKey | Out-File signingKey.txt
# Create a new service principal credential, with the created key, and assign to the service principal.
New-MsolServicePrincipalCredential -AppPrincipalId $AppPrincipalId -Type symmetric -StartDate $timeNow
-EndDate $expiryTime -Usage Verify -Value $signingKey
40. Going Further
• Multitenant applications
– Leverage identity from other WAAD tenants
– http://www.windowsazure.com/en-
us/develop/net/tutorials/multitenant-apps-for-active-
directory/
• Phone 2FA
– Additional administrative users
– Username/pwd + text message code
– ONLY for WAAD users and applications now
• Configure as an Identity Provider in ACS
41. Windows Azure Virtual Network
Windows Azure
Site-to-Site
VPN Tunnel
Currently in Preview Image courtesy of the Windows Azure Training Kit
42. Summary
• Traditional identity management in the cloud is hard
– Many external islands of identity
– Current technology hard or not interoperable
• ACS provides standards-based approach
– Integrates with Windows Identity Foundation
– Claims-based authorization
– Built-in support for ADFSv2, Google, Live ID, Yahoo!, & Facebook
• Enrich functionality using WIF
• Leverage Windows Azure Mobile Services for mobile apps
• Windows Azure Active Directory shows the future direction
43. Resources
• Windows Azure ACS Guide
– http://www.windowsazure.com/en-us/develop/net/how-to-guides/access-
control/#config-trust
• Programming Windows Identity Foundation, Vittorio Bertocci
• CloudIdentity.com, Vittorio Bertocci’s blog
• “Claims-Based Authorization with WIF”, Michele Bustamante
– http://msdn.microsoft.com/en-us/magazine/ee335707.aspx
• ACS Cheat Sheet - http://bit.ly/ACSCheatSheet
• ACS How To’s - http://bit.ly/ACSHowTo
• ACS Tips - http://bit.ly/HYhxjY
• Publishing a ACS v2 Federated Identity Web Role -
http://bit.ly/HPT6rk
• MVC Sample App for Windows Azure Active Directory Graph
– http://code.msdn.microsoft.com/Write-Sample-App-for-79e55502
• Windows Azure Active Directory Graph Team
– http://blogs.msdn.com/b/aadgraphteam/
45. Thank You!!
Michael S. Collier
National Architect, Cloud
michael.collier@neudesic.com
@MichaelCollier
www.MichaelSCollier.com
http://www.slideshare.net/buckeye01
Please fill out your session evals!