SlideShare ist ein Scribd-Unternehmen logo

Supporting architecture office 365 on windows azure

Als PPTX, PDF herunterladen
Jethro Seghers
Jethro Seghers

How to deploy your supporting architecture for Office 365 on Windows Azure ..

Technologie
1 von 27
#comdaybe Supporting Architecture Office 365 on Windows Azure - IaaS J-Solutions - Flexamit Jethro Seghers
Jethro Seghers
Agenda • Different types of Identity • Supporting Architecture • Different Deployments • Windows Azure IaaS • ADFS + DirSync + Azure • Migration • Q&A
Identity Options
Introduction to identity options 1. MS Online IDs Appropriate for • Smaller organizations without AD on-premise Pros • No servers required on- premise Cons • No SSO • No 2FA (strong authentication) • 2 sets of credentials to manage with differing password policies • Users and groups mastered in the cloud 2. MS Online IDs + Dir Sync Appropriate for • Orgs with AD on-premise Pros • Users and groups mastered on- premise • Enables co-existence scenarios Cons • No SSO – BUT PASSWORD SYNC • No 2FA • 2 sets of credentials to manage with differing password policies • Single server deployment 3. Federated IDs + Dir Sync Appropriate for • Larger enterprise organizations with AD on-premise Pros • SSO with corporate cred • Users and groups mastered on- premise • Password policy controlled on- premise • 2FA solutions possible • Enables co-existence scenarios Cons • High availability server deployments required
Directory Synchronisation
What is DirSync? • “…is a Directory Synchronization engine based on Forefront Identity Manager (FIM) that will synchronize a subset of your on- premise Active Directory with Windows Azure Active Directory (Office 365).”
Why use DirSync? Long term coexistence between Active Directory On Premise and Windows Azure Active Directory. (Easy/quick provisioning*) Single place for managing identities including: • Users • Groups • Memberships • … Enabler for Hybrid Deployments (required) • Two-way Directory Synchronization
Deployment Considerations Active Directory Assessment • Prerequisites check (Readiness Tool) Topology • Single Forest? • Multiple Domains? Security • Firewalls, Permissions 64-bit only! De/Activation time; can take some time to complete Object filtering required? SQL Version - Windows 2012 Server Supported
DirSync How does DirSync work? Active Directory METAVERSE
What objects are synced? From AD to Office 365: http://support.microsoft.com/kb/2256198 From Office 365 to AD (aka write-back): Write-Back attribute Exchange "full fidelity" feature SafeSendersHash BlockedSendersHash SafeRecipientHash Filtering: Writes back on-premises filtering and online safe and blocked sender data from clients. msExchArchiveStatus Online Archive: Enables customers to archive mail. ProxyAddresses (LegacyExchangeDN <online LegacyDn> as X500) Enable Mailbox: Off-boards an online mailbox back to on- premises Exchange. msExchUCVoiceMailSettings Enable Unified Messaging (UM) - Online voice mail: This new attribute is used only for UM-Microsoft Lync Server 2010 integration to indicate to Lync Server 2010 on- premises that the user has voice mail in online services.
Active Directory Federation Services
ADFS: On Premise Topology Enterprise DMZ AD FS 2.0 Server Proxy Internal user Active Directory AD FS 2.0 Server AD FS 2.0 Server AD FS 2.0 Server Proxy
ADFS: On Premise Topology Enterprise DMZ AD FS 2.0 Server Proxy Internal user Active Directory AD FS 2.0 Server AD FS 2.0 Server AD FS 2.0 Server Proxy
ADFS: Hybrid Topology: IAAS Enterprise Internal user Active Directory AD FS 2.0 Server AD FS 2.0 Server IAAS External user Active Directory AD FS 2.0 Server AD FS 2.0 Server
ADFS: Hybrid Topology: IAAS Enterprise Internal user Active Directory AD FS 2.0 Server IAAS External user Active Directory AD FS 2.0 Server
ADFS: Cloud Topology: IAAS IAAS Internal External user Active Directory AD FS 2.0 Server AD FS 2.0 Server
What about Windows Azure
Windows Azure & ADFS • Virtual Network Support – Site to Site VPN • Computing: 99,95% SLA Uptime for High Available System – 99,9% SLA Uptime for Single System • Storage: 99,9% • Full Control over your Virtual Machines • Pay as you Go, OPEX vs CAPEX • PowerShell Support
Windows Azure: Terminology Cloud Service: Role which several VM’s take upon themselves to execute. E.G. ADFS. Cloud services need to have two instances or more to quality for the SLA of 99,95%. 1 External Virtual IP Address per Cloud Service Availability Set
Windows Azure: Terminology EndPoints: You need to add an endpoint to a machine for other resources on the Internet or other virtual networks to communicate with it. You can associate specific ports and a protocol to endpoints. Resources can connect to an endpoint by using a protocol of TCP or UDP. The TCP protocol includes HTTP and HTTPS communication. Virtual Network enables you to create secure site-to-site connectivity, as well as protected private virtual networks in the cloud.
Windows Azure Example
demo How does it look like in Azure
Migration
Migration DirSync: 1. Shutdown DirSync on Premise 2. Install DirSync on Azure 3. Configure DirSync on Azure 4. Uninstall DirSync on Azure ADFS: 1. Convert all ADFS Domains to Standard Domains 2. Logon to primary ADFS on Azure 3. Convert all Standard Domains back to Federated Domains
Q&A
Thank you! Twitter: @jseghers

Empfohlen

Deploying .net application using VSTS on ACS in kubernetes
Deploying .net application using VSTS on ACS in kubernetesDeploying .net application using VSTS on ACS in kubernetes
Deploying .net application using VSTS on ACS in kubernetes
girish goudar
 
Secure Hadoop clusters on Windows platform
Secure Hadoop clusters on Windows platformSecure Hadoop clusters on Windows platform
Secure Hadoop clusters on Windows platform
Remus Rusanu
 
Microservices using .Net core
Microservices using .Net coreMicroservices using .Net core
Microservices using .Net core
girish goudar
 
Secure Hadoop as a Service - Session Sponsored by Intel
Secure Hadoop as a Service - Session Sponsored by IntelSecure Hadoop as a Service - Session Sponsored by Intel
Secure Hadoop as a Service - Session Sponsored by Intel
Amazon Web Services
 
Cloud Computing101 Azure, updated june 2017
Cloud Computing101 Azure, updated june 2017Cloud Computing101 Azure, updated june 2017
Cloud Computing101 Azure, updated june 2017
Fernando Mejía
 
Azure AD Connect
Azure AD ConnectAzure AD Connect
Azure AD Connect
Sasha Rosenbaum
 
Windows Azure Diagnostics
Windows Azure DiagnosticsWindows Azure Diagnostics
Windows Azure Diagnostics
Neil Mackenzie
 
How Microsoft learned to love Java
How Microsoft learned to love JavaHow Microsoft learned to love Java
How Microsoft learned to love Java
Brian Benz
 

Empfohlen

Deploying .net application using VSTS on ACS in kubernetes
Deploying .net application using VSTS on ACS in kubernetesDeploying .net application using VSTS on ACS in kubernetes
Deploying .net application using VSTS on ACS in kubernetes
girish goudar
 
Secure Hadoop clusters on Windows platform
Secure Hadoop clusters on Windows platformSecure Hadoop clusters on Windows platform
Secure Hadoop clusters on Windows platform
Remus Rusanu
 
Microservices using .Net core
Microservices using .Net coreMicroservices using .Net core
Microservices using .Net core
girish goudar
 
Secure Hadoop as a Service - Session Sponsored by Intel
Secure Hadoop as a Service - Session Sponsored by IntelSecure Hadoop as a Service - Session Sponsored by Intel
Secure Hadoop as a Service - Session Sponsored by Intel
Amazon Web Services
 
Cloud Computing101 Azure, updated june 2017
Cloud Computing101 Azure, updated june 2017Cloud Computing101 Azure, updated june 2017
Cloud Computing101 Azure, updated june 2017
Fernando Mejía
 
Azure AD Connect
Azure AD ConnectAzure AD Connect
Azure AD Connect
Sasha Rosenbaum
 
Windows Azure Diagnostics
Windows Azure DiagnosticsWindows Azure Diagnostics
Windows Azure Diagnostics
Neil Mackenzie
 
How Microsoft learned to love Java
How Microsoft learned to love JavaHow Microsoft learned to love Java
How Microsoft learned to love Java
Brian Benz
 
Azure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTAzure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPT
Radhakrishnan Govindan
 
Storage and Archiving Options on AWS
Storage and Archiving Options on AWS Storage and Archiving Options on AWS
Storage and Archiving Options on AWS
Amazon Web Services
 
Introduction to Windows Azure
Introduction to Windows AzureIntroduction to Windows Azure
Introduction to Windows Azure
Ravi Ranjan Karn
 
Aws managed microsoft ad
Aws managed microsoft adAws managed microsoft ad
Aws managed microsoft ad
Subramanyam Vemala
 
04 Azure IAAS 101
04 Azure IAAS 10104 Azure IAAS 101
04 Azure IAAS 101
Herman Keijzer
 
Understanding Azure AD Webinar Presentation
Understanding Azure AD Webinar PresentationUnderstanding Azure AD Webinar Presentation
Understanding Azure AD Webinar Presentation
New Horizons Ireland
 
Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013
Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013
Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013
RightScale
 
Microsoft Azure Ağ Servisleri
Microsoft Azure Ağ ServisleriMicrosoft Azure Ağ Servisleri
Microsoft Azure Ağ Servisleri
Önder Değer
 
O'Reilly Webcast: Architecting Applications For The Cloud
O'Reilly Webcast: Architecting Applications For The CloudO'Reilly Webcast: Architecting Applications For The Cloud
O'Reilly Webcast: Architecting Applications For The Cloud
O'Reilly Media
 
Azure SQL Database
Azure SQL Database Azure SQL Database
Azure SQL Database
nj-azure
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active Directory
Önder Değer
 
Azure service fabric
Azure service fabricAzure service fabric
Azure service fabric
Fernando Mejía
 
Using Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management ChallengesUsing Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management Challenges
Michael Collier
 
Azure deployments and ARM templates
Azure deployments and ARM templatesAzure deployments and ARM templates
Azure deployments and ARM templates
gjuljo
 
Tokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup #5 - Microservices and Azure Service FabricTokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
Taswar Bhatti
 
Amazon Virtual Private Cloud - VPC 2
Amazon Virtual Private Cloud - VPC 2Amazon Virtual Private Cloud - VPC 2
Amazon Virtual Private Cloud - VPC 2
AWS Riyadh User Group
 
AWS Messaging
AWS MessagingAWS Messaging
AWS Messaging
AWS Riyadh User Group
 
Azure Virtual Machines Deployment Scenarios
Azure Virtual Machines Deployment ScenariosAzure Virtual Machines Deployment Scenarios
Azure Virtual Machines Deployment Scenarios
Brian Benz
 
IBM Cloud Object Storage
IBM Cloud Object StorageIBM Cloud Object Storage
IBM Cloud Object Storage
Nagesh Ramamoorthy
 
SharePoint 2013 in a hybrid world
SharePoint 2013 in a hybrid worldSharePoint 2013 in a hybrid world
SharePoint 2013 in a hybrid world
Jethro Seghers
 
Share point 2013 in a hybrid world
Share point 2013 in a hybrid worldShare point 2013 in a hybrid world
Share point 2013 in a hybrid world
Jethro Seghers
 

Weitere ähnliche Inhalte

Was ist angesagt?

Storage and Archiving Options on AWS
Storage and Archiving Options on AWS Storage and Archiving Options on AWS
Storage and Archiving Options on AWS
Amazon Web Services
 
Using Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management ChallengesUsing Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management Challenges
Michael Collier
 
Tokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup #5 - Microservices and Azure Service FabricTokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup
 

Was ist angesagt? (20)

Azure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTAzure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPT
 
Storage and Archiving Options on AWS
Storage and Archiving Options on AWS Storage and Archiving Options on AWS
Storage and Archiving Options on AWS
 
Introduction to Windows Azure
Introduction to Windows AzureIntroduction to Windows Azure
Introduction to Windows Azure
 
Aws managed microsoft ad
Aws managed microsoft adAws managed microsoft ad
Aws managed microsoft ad
 
04 Azure IAAS 101
04 Azure IAAS 10104 Azure IAAS 101
04 Azure IAAS 101
 
Understanding Azure AD Webinar Presentation
Understanding Azure AD Webinar PresentationUnderstanding Azure AD Webinar Presentation
Understanding Azure AD Webinar Presentation
 
Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013
Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013
Key Design Considerations Private and Hybrid Clouds - RightScale Compute 2013
 
Microsoft Azure Ağ Servisleri
Microsoft Azure Ağ ServisleriMicrosoft Azure Ağ Servisleri
Microsoft Azure Ağ Servisleri
 
O'Reilly Webcast: Architecting Applications For The Cloud
O'Reilly Webcast: Architecting Applications For The CloudO'Reilly Webcast: Architecting Applications For The Cloud
O'Reilly Webcast: Architecting Applications For The Cloud
 
Azure SQL Database
Azure SQL Database Azure SQL Database
Azure SQL Database
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active Directory
 
Azure service fabric
Azure service fabricAzure service fabric
Azure service fabric
 
Using Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management ChallengesUsing Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management Challenges
 
Azure deployments and ARM templates
Azure deployments and ARM templatesAzure deployments and ARM templates
Azure deployments and ARM templates
 
Tokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup #5 - Microservices and Azure Service FabricTokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup #5 - Microservices and Azure Service Fabric
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
 
Amazon Virtual Private Cloud - VPC 2
Amazon Virtual Private Cloud - VPC 2Amazon Virtual Private Cloud - VPC 2
Amazon Virtual Private Cloud - VPC 2
 
AWS Messaging
AWS MessagingAWS Messaging
AWS Messaging
 
Azure Virtual Machines Deployment Scenarios
Azure Virtual Machines Deployment ScenariosAzure Virtual Machines Deployment Scenarios
Azure Virtual Machines Deployment Scenarios
 
IBM Cloud Object Storage
IBM Cloud Object StorageIBM Cloud Object Storage
IBM Cloud Object Storage
 

Andere mochten auch

SharePoint 2013 in a hybrid world
SharePoint 2013 in a hybrid worldSharePoint 2013 in a hybrid world
SharePoint 2013 in a hybrid world
Jethro Seghers
 
Share point 2013 in a hybrid world
Share point 2013 in a hybrid worldShare point 2013 in a hybrid world
Share point 2013 in a hybrid world
Jethro Seghers
 
Protect your online with IRMS
Protect your online with IRMSProtect your online with IRMS
Protect your online with IRMS
Jethro Seghers
 

Andere mochten auch (7)

SharePoint 2013 in a hybrid world
SharePoint 2013 in a hybrid worldSharePoint 2013 in a hybrid world
SharePoint 2013 in a hybrid world
 
Share point 2013 in a hybrid world
Share point 2013 in a hybrid worldShare point 2013 in a hybrid world
Share point 2013 in a hybrid world
 
Office365 BI
Office365 BIOffice365 BI
Office365 BI
 
SharePoint 2013 in a hybrid world
SharePoint 2013 in a hybrid worldSharePoint 2013 in a hybrid world
SharePoint 2013 in a hybrid world
 
Protect your online with IRMS
Protect your online with IRMSProtect your online with IRMS
Protect your online with IRMS
 
Office 365 and SharePoint 2013 Hybrid Environments
Office 365 and SharePoint 2013 Hybrid EnvironmentsOffice 365 and SharePoint 2013 Hybrid Environments
Office 365 and SharePoint 2013 Hybrid Environments
 
Webinar office 365 Synergie Informatique
Webinar office 365 Synergie InformatiqueWebinar office 365 Synergie Informatique
Webinar office 365 Synergie Informatique
 

Ähnlich wie Supporting architecture office 365 on windows azure

6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure
C/D/H Technology Consultants
 
Get your Hybrid Identity in 4 steps with Azure AD Connect
Get your Hybrid Identity in 4 steps with Azure AD ConnectGet your Hybrid Identity in 4 steps with Azure AD Connect
Get your Hybrid Identity in 4 steps with Azure AD Connect
Ronny de Jong
 
Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...
Nordic Infrastructure Conference
 

Ähnlich wie Supporting architecture office 365 on windows azure (20)

Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365
 
Building Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stackBuilding Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stack
 
Adelaide Global Azure Bootcamp 2018 - Azure 101
Adelaide Global Azure Bootcamp 2018 - Azure 101Adelaide Global Azure Bootcamp 2018 - Azure 101
Adelaide Global Azure Bootcamp 2018 - Azure 101
 
ECS19 - Mustafa Toroman, Sasa Kranjac - SOUP TO NUTS: MICROSOFT AZURE POWERCLASS
ECS19 - Mustafa Toroman, Sasa Kranjac - SOUP TO NUTS: MICROSOFT AZURE POWERCLASSECS19 - Mustafa Toroman, Sasa Kranjac - SOUP TO NUTS: MICROSOFT AZURE POWERCLASS
ECS19 - Mustafa Toroman, Sasa Kranjac - SOUP TO NUTS: MICROSOFT AZURE POWERCLASS
 
Office 365 Identity Management - SMBNation 2015
Office 365 Identity Management - SMBNation 2015Office 365 Identity Management - SMBNation 2015
Office 365 Identity Management - SMBNation 2015
 
KoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersKoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginners
 
2014.10.22 Building Azure Solutions with Office 365
2014.10.22 Building Azure Solutions with Office 3652014.10.22 Building Azure Solutions with Office 365
2014.10.22 Building Azure Solutions with Office 365
 
Amazon WorkSpaces - Fully Managed Desktops in the Cloud
Amazon WorkSpaces - Fully Managed Desktops in the CloudAmazon WorkSpaces - Fully Managed Desktops in the Cloud
Amazon WorkSpaces - Fully Managed Desktops in the Cloud
 
Azure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSOAzure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSO
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
 
6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure
 
Amazon WorkSpaces - Fully Managed Desktops in the Cloud
Amazon WorkSpaces - Fully Managed Desktops in the Cloud Amazon WorkSpaces - Fully Managed Desktops in the Cloud
Amazon WorkSpaces - Fully Managed Desktops in the Cloud
 
Get your Hybrid Identity in 4 steps with Azure AD Connect
Get your Hybrid Identity in 4 steps with Azure AD ConnectGet your Hybrid Identity in 4 steps with Azure AD Connect
Get your Hybrid Identity in 4 steps with Azure AD Connect
 
Building Azure RemoteApp - Microsoft Campus Days 2014
Building Azure RemoteApp - Microsoft Campus Days 2014Building Azure RemoteApp - Microsoft Campus Days 2014
Building Azure RemoteApp - Microsoft Campus Days 2014
 
Building Intelligent Cloud with Microsoft Azure
Building Intelligent Cloud with Microsoft AzureBuilding Intelligent Cloud with Microsoft Azure
Building Intelligent Cloud with Microsoft Azure
 
6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure
 
6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure
 
Amazon WorkSpaces - Fully Managed Desktops in the Cloud
Amazon WorkSpaces - Fully Managed Desktops in the Cloud Amazon WorkSpaces - Fully Managed Desktops in the Cloud
Amazon WorkSpaces - Fully Managed Desktops in the Cloud
 
Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...
 
Powering Remote Developers with Amazon Workspaces
Powering Remote Developers with Amazon WorkspacesPowering Remote Developers with Amazon Workspaces
Powering Remote Developers with Amazon Workspaces
 

Mehr von Jethro Seghers

Preparing for an Exchange 2013 Hybrid
Preparing for an Exchange 2013 HybridPreparing for an Exchange 2013 Hybrid
Preparing for an Exchange 2013 Hybrid
Jethro Seghers
 
Exchange Data Loss Prevention in Exchange 2013 - Exchange Online
Exchange Data Loss Prevention in Exchange 2013 - Exchange OnlineExchange Data Loss Prevention in Exchange 2013 - Exchange Online
Exchange Data Loss Prevention in Exchange 2013 - Exchange Online
Jethro Seghers
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
Jethro Seghers
 
Supporting architecture for office 365 spo
Supporting architecture for office 365 spoSupporting architecture for office 365 spo
Supporting architecture for office 365 spo
Jethro Seghers
 

Mehr von Jethro Seghers (6)

Preparing for an Exchange 2013 Hybrid
Preparing for an Exchange 2013 HybridPreparing for an Exchange 2013 Hybrid
Preparing for an Exchange 2013 Hybrid
 
Exchange Data Loss Prevention in Exchange 2013 - Exchange Online
Exchange Data Loss Prevention in Exchange 2013 - Exchange OnlineExchange Data Loss Prevention in Exchange 2013 - Exchange Online
Exchange Data Loss Prevention in Exchange 2013 - Exchange Online
 
SPEDUC: SharePoint on Premises vs Online for Education
SPEDUC: SharePoint on Premises vs Online for EducationSPEDUC: SharePoint on Premises vs Online for Education
SPEDUC: SharePoint on Premises vs Online for Education
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
 
Supporting architecture for office 365 spo
Supporting architecture for office 365 spoSupporting architecture for office 365 spo
Supporting architecture for office 365 spo
 
Adfs azure
Adfs azureAdfs azure
Adfs azure
 

Kürzlich hochgeladen

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 

Kürzlich hochgeladen (20)

A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 

Supporting architecture office 365 on windows azure

  • 1. #comdaybe Supporting Architecture Office 365 on Windows Azure - IaaS J-Solutions - Flexamit Jethro Seghers
  • 3. Agenda • Different types of Identity • Supporting Architecture • Different Deployments • Windows Azure IaaS • ADFS + DirSync + Azure • Migration • Q&A
  • 5. Introduction to identity options 1. MS Online IDs Appropriate for • Smaller organizations without AD on-premise Pros • No servers required on- premise Cons • No SSO • No 2FA (strong authentication) • 2 sets of credentials to manage with differing password policies • Users and groups mastered in the cloud 2. MS Online IDs + Dir Sync Appropriate for • Orgs with AD on-premise Pros • Users and groups mastered on- premise • Enables co-existence scenarios Cons • No SSO – BUT PASSWORD SYNC • No 2FA • 2 sets of credentials to manage with differing password policies • Single server deployment 3. Federated IDs + Dir Sync Appropriate for • Larger enterprise organizations with AD on-premise Pros • SSO with corporate cred • Users and groups mastered on- premise • Password policy controlled on- premise • 2FA solutions possible • Enables co-existence scenarios Cons • High availability server deployments required
  • 7. What is DirSync? • “…is a Directory Synchronization engine based on Forefront Identity Manager (FIM) that will synchronize a subset of your on- premise Active Directory with Windows Azure Active Directory (Office 365).”
  • 8. Why use DirSync? Long term coexistence between Active Directory On Premise and Windows Azure Active Directory. (Easy/quick provisioning*) Single place for managing identities including: • Users • Groups • Memberships • … Enabler for Hybrid Deployments (required) • Two-way Directory Synchronization
  • 9. Deployment Considerations Active Directory Assessment • Prerequisites check (Readiness Tool) Topology • Single Forest? • Multiple Domains? Security • Firewalls, Permissions 64-bit only! De/Activation time; can take some time to complete Object filtering required? SQL Version - Windows 2012 Server Supported
  • 10. DirSync How does DirSync work? Active Directory METAVERSE
  • 11. What objects are synced? From AD to Office 365: http://support.microsoft.com/kb/2256198 From Office 365 to AD (aka write-back): Write-Back attribute Exchange "full fidelity" feature SafeSendersHash BlockedSendersHash SafeRecipientHash Filtering: Writes back on-premises filtering and online safe and blocked sender data from clients. msExchArchiveStatus Online Archive: Enables customers to archive mail. ProxyAddresses (LegacyExchangeDN <online LegacyDn> as X500) Enable Mailbox: Off-boards an online mailbox back to on- premises Exchange. msExchUCVoiceMailSettings Enable Unified Messaging (UM) - Online voice mail: This new attribute is used only for UM-Microsoft Lync Server 2010 integration to indicate to Lync Server 2010 on- premises that the user has voice mail in online services.
  • 13. ADFS: On Premise Topology Enterprise DMZ AD FS 2.0 Server Proxy Internal user Active Directory AD FS 2.0 Server AD FS 2.0 Server AD FS 2.0 Server Proxy
  • 14. ADFS: On Premise Topology Enterprise DMZ AD FS 2.0 Server Proxy Internal user Active Directory AD FS 2.0 Server AD FS 2.0 Server AD FS 2.0 Server Proxy
  • 15. ADFS: Hybrid Topology: IAAS Enterprise Internal user Active Directory AD FS 2.0 Server AD FS 2.0 Server IAAS External user Active Directory AD FS 2.0 Server AD FS 2.0 Server
  • 16. ADFS: Hybrid Topology: IAAS Enterprise Internal user Active Directory AD FS 2.0 Server IAAS External user Active Directory AD FS 2.0 Server
  • 17. ADFS: Cloud Topology: IAAS IAAS Internal External user Active Directory AD FS 2.0 Server AD FS 2.0 Server
  • 19. Windows Azure & ADFS • Virtual Network Support – Site to Site VPN • Computing: 99,95% SLA Uptime for High Available System – 99,9% SLA Uptime for Single System • Storage: 99,9% • Full Control over your Virtual Machines • Pay as you Go, OPEX vs CAPEX • PowerShell Support
  • 20. Windows Azure: Terminology Cloud Service: Role which several VM’s take upon themselves to execute. E.G. ADFS. Cloud services need to have two instances or more to quality for the SLA of 99,95%. 1 External Virtual IP Address per Cloud Service Availability Set
  • 21. Windows Azure: Terminology EndPoints: You need to add an endpoint to a machine for other resources on the Internet or other virtual networks to communicate with it. You can associate specific ports and a protocol to endpoints. Resources can connect to an endpoint by using a protocol of TCP or UDP. The TCP protocol includes HTTP and HTTPS communication. Virtual Network enables you to create secure site-to-site connectivity, as well as protected private virtual networks in the cloud.
  • 23. demo How does it look like in Azure
  • 25. Migration DirSync: 1. Shutdown DirSync on Premise 2. Install DirSync on Azure 3. Configure DirSync on Azure 4. Uninstall DirSync on Azure ADFS: 1. Convert all ADFS Domains to Standard Domains 2. Logon to primary ADFS on Azure 3. Convert all Standard Domains back to Federated Domains
  • 26. Q&A

Hinweis der Redaktion

  1. * Using DirSync for only provisioning is NOT supported!
  2. Note: Passwords are NOT synced. If you want to use your on-premise passwords in Office 365/Azure, you will have to deploy ADFS.Future release of DirSync might support Password Synchronization** Functionality nor a release date have been confirmed by Microsoft. As far as I understood, this sync will not really sync the password, but it will rather use the password’s hash