SlideShare uma empresa Scribd logo

Supporting architecture office 365 on windows azure

Transferir como PPTX, PDF
Jethro Seghers
Jethro Seghers

How to deploy your supporting architecture for Office 365 on Windows Azure ..

Tecnologia
1 de 27
#comdaybe Supporting Architecture Office 365 on Windows Azure - IaaS J-Solutions - Flexamit Jethro Seghers
Jethro Seghers
Agenda • Different types of Identity • Supporting Architecture • Different Deployments • Windows Azure IaaS • ADFS + DirSync + Azure • Migration • Q&A
Identity Options
Introduction to identity options 1. MS Online IDs Appropriate for • Smaller organizations without AD on-premise Pros • No servers required on- premise Cons • No SSO • No 2FA (strong authentication) • 2 sets of credentials to manage with differing password policies • Users and groups mastered in the cloud 2. MS Online IDs + Dir Sync Appropriate for • Orgs with AD on-premise Pros • Users and groups mastered on- premise • Enables co-existence scenarios Cons • No SSO – BUT PASSWORD SYNC • No 2FA • 2 sets of credentials to manage with differing password policies • Single server deployment 3. Federated IDs + Dir Sync Appropriate for • Larger enterprise organizations with AD on-premise Pros • SSO with corporate cred • Users and groups mastered on- premise • Password policy controlled on- premise • 2FA solutions possible • Enables co-existence scenarios Cons • High availability server deployments required
Directory Synchronisation
What is DirSync? • “…is a Directory Synchronization engine based on Forefront Identity Manager (FIM) that will synchronize a subset of your on- premise Active Directory with Windows Azure Active Directory (Office 365).”
Why use DirSync? Long term coexistence between Active Directory On Premise and Windows Azure Active Directory. (Easy/quick provisioning*) Single place for managing identities including: • Users • Groups • Memberships • … Enabler for Hybrid Deployments (required) • Two-way Directory Synchronization
Deployment Considerations Active Directory Assessment • Prerequisites check (Readiness Tool) Topology • Single Forest? • Multiple Domains? Security • Firewalls, Permissions 64-bit only! De/Activation time; can take some time to complete Object filtering required? SQL Version - Windows 2012 Server Supported
DirSync How does DirSync work? Active Directory METAVERSE
What objects are synced? From AD to Office 365: http://support.microsoft.com/kb/2256198 From Office 365 to AD (aka write-back): Write-Back attribute Exchange "full fidelity" feature SafeSendersHash BlockedSendersHash SafeRecipientHash Filtering: Writes back on-premises filtering and online safe and blocked sender data from clients. msExchArchiveStatus Online Archive: Enables customers to archive mail. ProxyAddresses (LegacyExchangeDN <online LegacyDn> as X500) Enable Mailbox: Off-boards an online mailbox back to on- premises Exchange. msExchUCVoiceMailSettings Enable Unified Messaging (UM) - Online voice mail: This new attribute is used only for UM-Microsoft Lync Server 2010 integration to indicate to Lync Server 2010 on- premises that the user has voice mail in online services.
Active Directory Federation Services
ADFS: On Premise Topology Enterprise DMZ AD FS 2.0 Server Proxy Internal user Active Directory AD FS 2.0 Server AD FS 2.0 Server AD FS 2.0 Server Proxy
ADFS: On Premise Topology Enterprise DMZ AD FS 2.0 Server Proxy Internal user Active Directory AD FS 2.0 Server AD FS 2.0 Server AD FS 2.0 Server Proxy
ADFS: Hybrid Topology: IAAS Enterprise Internal user Active Directory AD FS 2.0 Server AD FS 2.0 Server IAAS External user Active Directory AD FS 2.0 Server AD FS 2.0 Server
ADFS: Hybrid Topology: IAAS Enterprise Internal user Active Directory AD FS 2.0 Server IAAS External user Active Directory AD FS 2.0 Server
ADFS: Cloud Topology: IAAS IAAS Internal External user Active Directory AD FS 2.0 Server AD FS 2.0 Server
What about Windows Azure
Windows Azure & ADFS • Virtual Network Support – Site to Site VPN • Computing: 99,95% SLA Uptime for High Available System – 99,9% SLA Uptime for Single System • Storage: 99,9% • Full Control over your Virtual Machines • Pay as you Go, OPEX vs CAPEX • PowerShell Support
Windows Azure: Terminology Cloud Service: Role which several VM’s take upon themselves to execute. E.G. ADFS. Cloud services need to have two instances or more to quality for the SLA of 99,95%. 1 External Virtual IP Address per Cloud Service Availability Set
Windows Azure: Terminology EndPoints: You need to add an endpoint to a machine for other resources on the Internet or other virtual networks to communicate with it. You can associate specific ports and a protocol to endpoints. Resources can connect to an endpoint by using a protocol of TCP or UDP. The TCP protocol includes HTTP and HTTPS communication. Virtual Network enables you to create secure site-to-site connectivity, as well as protected private virtual networks in the cloud.
Windows Azure Example
demo How does it look like in Azure
Migration
Migration DirSync: 1. Shutdown DirSync on Premise 2. Install DirSync on Azure 3. Configure DirSync on Azure 4. Uninstall DirSync on Azure ADFS: 1. Convert all ADFS Domains to Standard Domains 2. Logon to primary ADFS on Azure 3. Convert all Standard Domains back to Federated Domains
Q&A
Thank you! Twitter: @jseghers

Recomendados

Deploying .net application using VSTS on ACS in kubernetes
Deploying .net application using VSTS on ACS in kubernetesDeploying .net application using VSTS on ACS in kubernetes
Deploying .net application using VSTS on ACS in kubernetes
girish goudar
 
Secure Hadoop clusters on Windows platform
Secure Hadoop clusters on Windows platformSecure Hadoop clusters on Windows platform
Secure Hadoop clusters on Windows platform
Remus Rusanu
 
Microservices using .Net core
Microservices using .Net coreMicroservices using .Net core
Microservices using .Net core
girish goudar
 
Secure Hadoop as a Service - Session Sponsored by Intel
Secure Hadoop as a Service - Session Sponsored by IntelSecure Hadoop as a Service - Session Sponsored by Intel
Secure Hadoop as a Service - Session Sponsored by Intel
Amazon Web Services
 
Cloud Computing101 Azure, updated june 2017
Cloud Computing101 Azure, updated june 2017Cloud Computing101 Azure, updated june 2017
Cloud Computing101 Azure, updated june 2017
Fernando Mejía
 
Azure AD Connect
Azure AD ConnectAzure AD Connect
Azure AD Connect
Sasha Rosenbaum
 
Windows Azure Diagnostics
Windows Azure DiagnosticsWindows Azure Diagnostics
Windows Azure Diagnostics
Neil Mackenzie
 
How Microsoft learned to love Java
How Microsoft learned to love JavaHow Microsoft learned to love Java
How Microsoft learned to love Java
Brian Benz
 

Recomendados

Deploying .net application using VSTS on ACS in kubernetes
Deploying .net application using VSTS on ACS in kubernetesDeploying .net application using VSTS on ACS in kubernetes
Deploying .net application using VSTS on ACS in kubernetes
girish goudar
 
Secure Hadoop clusters on Windows platform
Secure Hadoop clusters on Windows platformSecure Hadoop clusters on Windows platform
Secure Hadoop clusters on Windows platform
Remus Rusanu
 
Microservices using .Net core
Microservices using .Net coreMicroservices using .Net core
Microservices using .Net core
girish goudar
 
Secure Hadoop as a Service - Session Sponsored by Intel
Secure Hadoop as a Service - Session Sponsored by IntelSecure Hadoop as a Service - Session Sponsored by Intel
Secure Hadoop as a Service - Session Sponsored by Intel
Amazon Web Services
 
Cloud Computing101 Azure, updated june 2017
Cloud Computing101 Azure, updated june 2017Cloud Computing101 Azure, updated june 2017
Cloud Computing101 Azure, updated june 2017
Fernando Mejía
 
Azure AD Connect
Azure AD ConnectAzure AD Connect
Azure AD Connect
Sasha Rosenbaum
 
Windows Azure Diagnostics
Windows Azure DiagnosticsWindows Azure Diagnostics
Windows Azure Diagnostics
Neil Mackenzie
 
How Microsoft learned to love Java
How Microsoft learned to love JavaHow Microsoft learned to love Java
How Microsoft learned to love Java
Brian Benz
 
Azure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTAzure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPT
Radhakrishnan Govindan
 
Storage and Archiving Options on AWS
Storage and Archiving Options on AWS Storage and Archiving Options on AWS
Storage and Archiving Options on AWS
Amazon Web Services
 
Introduction to Windows Azure
Introduction to Windows AzureIntroduction to Windows Azure
Introduction to Windows Azure
Ravi Ranjan Karn
 
Aws managed microsoft ad
Aws managed microsoft adAws managed microsoft ad
Aws managed microsoft ad
Subramanyam Vemala
 
04 Azure IAAS 101
04 Azure IAAS 10104 Azure IAAS 101
04 Azure IAAS 101
Herman Keijzer
 
Understanding Azure AD Webinar Presentation
Understanding Azure AD Webinar PresentationUnderstanding Azure AD Webinar Presentation
Understanding Azure AD Webinar Presentation
New Horizons Ireland
 
Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013
Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013
Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013
RightScale
 
Microsoft Azure Ağ Servisleri
Microsoft Azure Ağ ServisleriMicrosoft Azure Ağ Servisleri
Microsoft Azure Ağ Servisleri
Önder Değer
 
O'Reilly Webcast: Architecting Applications For The Cloud
O'Reilly Webcast: Architecting Applications For The CloudO'Reilly Webcast: Architecting Applications For The Cloud
O'Reilly Webcast: Architecting Applications For The Cloud
O'Reilly Media
 
Azure SQL Database
Azure SQL Database Azure SQL Database
Azure SQL Database
nj-azure
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active Directory
Önder Değer
 
Azure service fabric
Azure service fabricAzure service fabric
Azure service fabric
Fernando Mejía
 
Using Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management ChallengesUsing Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management Challenges
Michael Collier
 
Azure deployments and ARM templates
Azure deployments and ARM templatesAzure deployments and ARM templates
Azure deployments and ARM templates
gjuljo
 
Tokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup #5 - Microservices and Azure Service FabricTokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
Taswar Bhatti
 
Amazon Virtual Private Cloud - VPC 2
Amazon Virtual Private Cloud - VPC 2Amazon Virtual Private Cloud - VPC 2
Amazon Virtual Private Cloud - VPC 2
AWS Riyadh User Group
 
AWS Messaging
AWS MessagingAWS Messaging
AWS Messaging
AWS Riyadh User Group
 
Azure Virtual Machines Deployment Scenarios
Azure Virtual Machines Deployment ScenariosAzure Virtual Machines Deployment Scenarios
Azure Virtual Machines Deployment Scenarios
Brian Benz
 
IBM Cloud Object Storage
IBM Cloud Object StorageIBM Cloud Object Storage
IBM Cloud Object Storage
Nagesh Ramamoorthy
 
SharePoint 2013 in a hybrid world
SharePoint 2013 in a hybrid worldSharePoint 2013 in a hybrid world
SharePoint 2013 in a hybrid world
Jethro Seghers
 
Share point 2013 in a hybrid world
Share point 2013 in a hybrid worldShare point 2013 in a hybrid world
Share point 2013 in a hybrid world
Jethro Seghers
 

Mais conteúdo relacionado

Mais procurados

Storage and Archiving Options on AWS
Storage and Archiving Options on AWS Storage and Archiving Options on AWS
Storage and Archiving Options on AWS
Amazon Web Services
 
Using Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management ChallengesUsing Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management Challenges
Michael Collier
 
Tokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup #5 - Microservices and Azure Service FabricTokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup
 

Mais procurados (20)

Azure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTAzure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPT
 
Storage and Archiving Options on AWS
Storage and Archiving Options on AWS Storage and Archiving Options on AWS
Storage and Archiving Options on AWS
 
Introduction to Windows Azure
Introduction to Windows AzureIntroduction to Windows Azure
Introduction to Windows Azure
 
Aws managed microsoft ad
Aws managed microsoft adAws managed microsoft ad
Aws managed microsoft ad
 
04 Azure IAAS 101
04 Azure IAAS 10104 Azure IAAS 101
04 Azure IAAS 101
 
Understanding Azure AD Webinar Presentation
Understanding Azure AD Webinar PresentationUnderstanding Azure AD Webinar Presentation
Understanding Azure AD Webinar Presentation
 
Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013
Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013
Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013
 
Microsoft Azure Ağ Servisleri
Microsoft Azure Ağ ServisleriMicrosoft Azure Ağ Servisleri
Microsoft Azure Ağ Servisleri
 
O'Reilly Webcast: Architecting Applications For The Cloud
O'Reilly Webcast: Architecting Applications For The CloudO'Reilly Webcast: Architecting Applications For The Cloud
O'Reilly Webcast: Architecting Applications For The Cloud
 
Azure SQL Database
Azure SQL Database Azure SQL Database
Azure SQL Database
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active Directory
 
Azure service fabric
Azure service fabricAzure service fabric
Azure service fabric
 
Using Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management ChallengesUsing Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management Challenges
 
Azure deployments and ARM templates
Azure deployments and ARM templatesAzure deployments and ARM templates
Azure deployments and ARM templates
 
Tokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup #5 - Microservices and Azure Service FabricTokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup #5 - Microservices and Azure Service Fabric
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
 
Amazon Virtual Private Cloud - VPC 2
Amazon Virtual Private Cloud - VPC 2Amazon Virtual Private Cloud - VPC 2
Amazon Virtual Private Cloud - VPC 2
 
AWS Messaging
AWS MessagingAWS Messaging
AWS Messaging
 
Azure Virtual Machines Deployment Scenarios
Azure Virtual Machines Deployment ScenariosAzure Virtual Machines Deployment Scenarios
Azure Virtual Machines Deployment Scenarios
 
IBM Cloud Object Storage
IBM Cloud Object StorageIBM Cloud Object Storage
IBM Cloud Object Storage
 

Destaque

SharePoint 2013 in a hybrid world
SharePoint 2013 in a hybrid worldSharePoint 2013 in a hybrid world
SharePoint 2013 in a hybrid world
Jethro Seghers
 
Share point 2013 in a hybrid world
Share point 2013 in a hybrid worldShare point 2013 in a hybrid world
Share point 2013 in a hybrid world
Jethro Seghers
 
Protect your online with IRMS
Protect your online with IRMSProtect your online with IRMS
Protect your online with IRMS
Jethro Seghers
 

Destaque (7)

SharePoint 2013 in a hybrid world
SharePoint 2013 in a hybrid worldSharePoint 2013 in a hybrid world
SharePoint 2013 in a hybrid world
 
Share point 2013 in a hybrid world
Share point 2013 in a hybrid worldShare point 2013 in a hybrid world
Share point 2013 in a hybrid world
 
Office365 BI
Office365 BIOffice365 BI
Office365 BI
 
SharePoint 2013 in a hybrid world
SharePoint 2013 in a hybrid worldSharePoint 2013 in a hybrid world
SharePoint 2013 in a hybrid world
 
Protect your online with IRMS
Protect your online with IRMSProtect your online with IRMS
Protect your online with IRMS
 
Office 365 and SharePoint 2013 Hybrid Environments
Office 365 and SharePoint 2013 Hybrid EnvironmentsOffice 365 and SharePoint 2013 Hybrid Environments
Office 365 and SharePoint 2013 Hybrid Environments
 
Webinar office 365 Synergie Informatique
Webinar office 365 Synergie InformatiqueWebinar office 365 Synergie Informatique
Webinar office 365 Synergie Informatique
 

Semelhante a Supporting architecture office 365 on windows azure

6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure
C/D/H Technology Consultants
 
Get your Hybrid Identity in 4 steps with Azure AD Connect
Get your Hybrid Identity in 4 steps with Azure AD ConnectGet your Hybrid Identity in 4 steps with Azure AD Connect
Get your Hybrid Identity in 4 steps with Azure AD Connect
Ronny de Jong
 
Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...
Nordic Infrastructure Conference
 

Semelhante a Supporting architecture office 365 on windows azure (20)

Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365
 
Building Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stackBuilding Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stack
 
Adelaide Global Azure Bootcamp 2018 - Azure 101
Adelaide Global Azure Bootcamp 2018 - Azure 101Adelaide Global Azure Bootcamp 2018 - Azure 101
Adelaide Global Azure Bootcamp 2018 - Azure 101
 
ECS19 - Mustafa Toroman, Sasa Kranjac - SOUP TO NUTS: MICROSOFT AZURE POWERCLASS
ECS19 - Mustafa Toroman, Sasa Kranjac - SOUP TO NUTS: MICROSOFT AZURE POWERCLASSECS19 - Mustafa Toroman, Sasa Kranjac - SOUP TO NUTS: MICROSOFT AZURE POWERCLASS
ECS19 - Mustafa Toroman, Sasa Kranjac - SOUP TO NUTS: MICROSOFT AZURE POWERCLASS
 
Office 365 Identity Management - SMBNation 2015
Office 365 Identity Management - SMBNation 2015Office 365 Identity Management - SMBNation 2015
Office 365 Identity Management - SMBNation 2015
 
KoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersKoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginners
 
2014.10.22 Building Azure Solutions with Office 365
2014.10.22 Building Azure Solutions with Office 3652014.10.22 Building Azure Solutions with Office 365
2014.10.22 Building Azure Solutions with Office 365
 
Amazon WorkSpaces - Fully Managed Desktops in the Cloud
Amazon WorkSpaces - Fully Managed Desktops in the CloudAmazon WorkSpaces - Fully Managed Desktops in the Cloud
Amazon WorkSpaces - Fully Managed Desktops in the Cloud
 
Azure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSOAzure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSO
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
 
6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure
 
Amazon WorkSpaces - Fully Managed Desktops in the Cloud
Amazon WorkSpaces - Fully Managed Desktops in the Cloud Amazon WorkSpaces - Fully Managed Desktops in the Cloud
Amazon WorkSpaces - Fully Managed Desktops in the Cloud
 
Get your Hybrid Identity in 4 steps with Azure AD Connect
Get your Hybrid Identity in 4 steps with Azure AD ConnectGet your Hybrid Identity in 4 steps with Azure AD Connect
Get your Hybrid Identity in 4 steps with Azure AD Connect
 
Building Azure RemoteApp - Microsoft Campus Days 2014
Building Azure RemoteApp - Microsoft Campus Days 2014Building Azure RemoteApp - Microsoft Campus Days 2014
Building Azure RemoteApp - Microsoft Campus Days 2014
 
Building Intelligent Cloud with Microsoft Azure
Building Intelligent Cloud with Microsoft AzureBuilding Intelligent Cloud with Microsoft Azure
Building Intelligent Cloud with Microsoft Azure
 
6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure
 
6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure
 
Amazon WorkSpaces - Fully Managed Desktops in the Cloud
Amazon WorkSpaces - Fully Managed Desktops in the Cloud Amazon WorkSpaces - Fully Managed Desktops in the Cloud
Amazon WorkSpaces - Fully Managed Desktops in the Cloud
 
Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...
 
Powering Remote Developers with Amazon Workspaces
Powering Remote Developers with Amazon WorkspacesPowering Remote Developers with Amazon Workspaces
Powering Remote Developers with Amazon Workspaces
 

Mais de Jethro Seghers

Preparing for an Exchange 2013 Hybrid
Preparing for an Exchange 2013 HybridPreparing for an Exchange 2013 Hybrid
Preparing for an Exchange 2013 Hybrid
Jethro Seghers
 
Exchange Data Loss Prevention in Exchange 2013 - Exchange Online
Exchange Data Loss Prevention in Exchange 2013 - Exchange OnlineExchange Data Loss Prevention in Exchange 2013 - Exchange Online
Exchange Data Loss Prevention in Exchange 2013 - Exchange Online
Jethro Seghers
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
Jethro Seghers
 
Supporting architecture for office 365 spo
Supporting architecture for office 365 spoSupporting architecture for office 365 spo
Supporting architecture for office 365 spo
Jethro Seghers
 

Mais de Jethro Seghers (6)

Preparing for an Exchange 2013 Hybrid
Preparing for an Exchange 2013 HybridPreparing for an Exchange 2013 Hybrid
Preparing for an Exchange 2013 Hybrid
 
Exchange Data Loss Prevention in Exchange 2013 - Exchange Online
Exchange Data Loss Prevention in Exchange 2013 - Exchange OnlineExchange Data Loss Prevention in Exchange 2013 - Exchange Online
Exchange Data Loss Prevention in Exchange 2013 - Exchange Online
 
SPEDUC: SharePoint on Premises vs Online for Education
SPEDUC: SharePoint on Premises vs Online for EducationSPEDUC: SharePoint on Premises vs Online for Education
SPEDUC: SharePoint on Premises vs Online for Education
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
 
Supporting architecture for office 365 spo
Supporting architecture for office 365 spoSupporting architecture for office 365 spo
Supporting architecture for office 365 spo
 
Adfs azure
Adfs azureAdfs azure
Adfs azure
 

Último

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Último (20)

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 

Supporting architecture office 365 on windows azure

  • 1. #comdaybe Supporting Architecture Office 365 on Windows Azure - IaaS J-Solutions - Flexamit Jethro Seghers
  • 3. Agenda • Different types of Identity • Supporting Architecture • Different Deployments • Windows Azure IaaS • ADFS + DirSync + Azure • Migration • Q&A
  • 5. Introduction to identity options 1. MS Online IDs Appropriate for • Smaller organizations without AD on-premise Pros • No servers required on- premise Cons • No SSO • No 2FA (strong authentication) • 2 sets of credentials to manage with differing password policies • Users and groups mastered in the cloud 2. MS Online IDs + Dir Sync Appropriate for • Orgs with AD on-premise Pros • Users and groups mastered on- premise • Enables co-existence scenarios Cons • No SSO – BUT PASSWORD SYNC • No 2FA • 2 sets of credentials to manage with differing password policies • Single server deployment 3. Federated IDs + Dir Sync Appropriate for • Larger enterprise organizations with AD on-premise Pros • SSO with corporate cred • Users and groups mastered on- premise • Password policy controlled on- premise • 2FA solutions possible • Enables co-existence scenarios Cons • High availability server deployments required
  • 7. What is DirSync? • “…is a Directory Synchronization engine based on Forefront Identity Manager (FIM) that will synchronize a subset of your on- premise Active Directory with Windows Azure Active Directory (Office 365).”
  • 8. Why use DirSync? Long term coexistence between Active Directory On Premise and Windows Azure Active Directory. (Easy/quick provisioning*) Single place for managing identities including: • Users • Groups • Memberships • … Enabler for Hybrid Deployments (required) • Two-way Directory Synchronization
  • 9. Deployment Considerations Active Directory Assessment • Prerequisites check (Readiness Tool) Topology • Single Forest? • Multiple Domains? Security • Firewalls, Permissions 64-bit only! De/Activation time; can take some time to complete Object filtering required? SQL Version - Windows 2012 Server Supported
  • 10. DirSync How does DirSync work? Active Directory METAVERSE
  • 11. What objects are synced? From AD to Office 365: http://support.microsoft.com/kb/2256198 From Office 365 to AD (aka write-back): Write-Back attribute Exchange "full fidelity" feature SafeSendersHash BlockedSendersHash SafeRecipientHash Filtering: Writes back on-premises filtering and online safe and blocked sender data from clients. msExchArchiveStatus Online Archive: Enables customers to archive mail. ProxyAddresses (LegacyExchangeDN <online LegacyDn> as X500) Enable Mailbox: Off-boards an online mailbox back to on- premises Exchange. msExchUCVoiceMailSettings Enable Unified Messaging (UM) - Online voice mail: This new attribute is used only for UM-Microsoft Lync Server 2010 integration to indicate to Lync Server 2010 on- premises that the user has voice mail in online services.
  • 13. ADFS: On Premise Topology Enterprise DMZ AD FS 2.0 Server Proxy Internal user Active Directory AD FS 2.0 Server AD FS 2.0 Server AD FS 2.0 Server Proxy
  • 14. ADFS: On Premise Topology Enterprise DMZ AD FS 2.0 Server Proxy Internal user Active Directory AD FS 2.0 Server AD FS 2.0 Server AD FS 2.0 Server Proxy
  • 15. ADFS: Hybrid Topology: IAAS Enterprise Internal user Active Directory AD FS 2.0 Server AD FS 2.0 Server IAAS External user Active Directory AD FS 2.0 Server AD FS 2.0 Server
  • 16. ADFS: Hybrid Topology: IAAS Enterprise Internal user Active Directory AD FS 2.0 Server IAAS External user Active Directory AD FS 2.0 Server
  • 17. ADFS: Cloud Topology: IAAS IAAS Internal External user Active Directory AD FS 2.0 Server AD FS 2.0 Server
  • 19. Windows Azure & ADFS • Virtual Network Support – Site to Site VPN • Computing: 99,95% SLA Uptime for High Available System – 99,9% SLA Uptime for Single System • Storage: 99,9% • Full Control over your Virtual Machines • Pay as you Go, OPEX vs CAPEX • PowerShell Support
  • 20. Windows Azure: Terminology Cloud Service: Role which several VM’s take upon themselves to execute. E.G. ADFS. Cloud services need to have two instances or more to quality for the SLA of 99,95%. 1 External Virtual IP Address per Cloud Service Availability Set
  • 21. Windows Azure: Terminology EndPoints: You need to add an endpoint to a machine for other resources on the Internet or other virtual networks to communicate with it. You can associate specific ports and a protocol to endpoints. Resources can connect to an endpoint by using a protocol of TCP or UDP. The TCP protocol includes HTTP and HTTPS communication. Virtual Network enables you to create secure site-to-site connectivity, as well as protected private virtual networks in the cloud.
  • 23. demo How does it look like in Azure
  • 25. Migration DirSync: 1. Shutdown DirSync on Premise 2. Install DirSync on Azure 3. Configure DirSync on Azure 4. Uninstall DirSync on Azure ADFS: 1. Convert all ADFS Domains to Standard Domains 2. Logon to primary ADFS on Azure 3. Convert all Standard Domains back to Federated Domains
  • 26. Q&A

Notas do Editor

  1. * Using DirSync for only provisioning is NOT supported!
  2. Note: Passwords are NOT synced. If you want to use your on-premise passwords in Office 365/Azure, you will have to deploy ADFS.Future release of DirSync might support Password Synchronization** Functionality nor a release date have been confirmed by Microsoft. As far as I understood, this sync will not really sync the password, but it will rather use the password’s hash