2. Jethro Seghers 3. Agenda Different types of Identity
Supporting Architecture Different Deployments Windows Azure IaaS
ADFS + DirSync + Azure Migration Q&A 4. Identity Options 5.
Introduction to identity options1. MS Online IDsAppropriate for
Smaller organizations withoutAD on-premisePros No servers required
on-premiseCons No SSO No 2FA (strong authentication) 2 sets of
credentials tomanage with differingpassword policies Users and
groups mastered inthe cloud2. MS Online IDs + Dir SyncAppropriate
for Orgs with AD on-premisePros Users and groups mastered
on-premise Enables co-existence scenariosCons No SSO BUT
PASSWORDSYNC No 2FA 2 sets of credentials to managewith differing
password policies Single server deployment3. Federated IDs + Dir
SyncAppropriate for Larger enterprise organizationswith AD
on-premisePros SSO with corporate cred Users and groups mastered
on-premise Password policy controlled on-premise 2FA solutions
possible Enables co-existence scenariosCons High availability
serverdeployments required 6. Directory Synchronisation 7. What is
DirSync?is a Directory Synchronization enginebased on Forefront
Identity Manager (FIM)that will synchronize a subset of your
on-premise Active Directory with Windows AzureActive Directory
(Office 365). 8. Why use DirSync?Long term coexistence between
Active Directory On Premise andWindows Azure Active
Directory.(Easy/quick provisioning*)Single place for managing
identities including: Users Groups Memberships Enabler for Hybrid
Deployments (required) Two-way Directory Synchronization 9.
Deployment ConsiderationsActive Directory Assessment Prerequisites
check (Readiness Tool)Topology Single Forest? Multiple
Domains?Security Firewalls, Permissions64-bit only!De/Activation
time; can take some time to completeObject filtering required?SQL
Version - Windows 2012 Server Supported 10. DirSyncHow does DirSync
work?Active DirectoryMETAVERSE 11. What objects are synced?From AD
to Office 365: http://support.microsoft.com/kb/2256198From Office
365 to AD (aka write-back):Write-Back attribute Exchange "full
fidelity"
featureSafeSendersHashBlockedSendersHashSafeRecipientHashFiltering:
Writes back on-premises filtering and onlinesafe and blocked sender
data from clients.msExchArchiveStatus Online Archive: Enables
customers to archive mail.ProxyAddresses(LegacyExchangeDN as
X500)Enable Mailbox: Off-boards an online mailbox back to
on-premises Exchange.msExchUCVoiceMailSettingsEnable Unified
Messaging (UM) - Online voice mail: Thisnew attribute is used only
for UM-Microsoft Lync Server2010 integration to indicate to Lync
Server 2010 on-premises that the user has voice mail in online
services. 12. Active Directory FederationServices 13. ADFS: On
Premise TopologyEnterprise DMZAD FS
2.0ServerProxyInternaluserActiveDirectoryAD FS 2.0ServerAD FS
2.0ServerAD FS 2.0ServerProxy 14. ADFS: On Premise
TopologyEnterprise DMZAD FS
2.0ServerProxyInternaluserActiveDirectoryAD FS 2.0ServerAD FS
2.0ServerAD FS 2.0ServerProxy 15. ADFS: Hybrid Topology:
IAASEnterpriseInternaluserActiveDirectoryAD FS 2.0ServerAD FS
2.0ServerIAASExternaluserActiveDirectoryAD FS 2.0ServerAD FS
2.0Server 16. ADFS: Hybrid Topology:
IAASEnterpriseInternaluserActiveDirectoryAD FS
2.0ServerIAASExternaluserActiveDirectoryAD FS 2.0Server 17. ADFS:
Cloud Topology: IAASIAASInternalExternaluserActiveDirectoryAD FS
2.0ServerAD FS 2.0Server 18. What about Windows Azure 19. Windows
Azure & ADFS Virtual Network Support Site to Site VPN
Computing: 99,95% SLA Uptime for High Available System 99,9% SLA
Uptime for Single System Storage: 99,9% Full Control over your
Virtual Machines Pay as you Go, OPEX vs CAPEX PowerShell Support
20. Windows Azure: TerminologyCloud Service: Role which several VMs
take upon themselves toexecute. E.G. ADFS. Cloud services need to
have two instances or moreto quality for the SLA of 99,95%. 1
External Virtual IP Address per CloudServiceAvailability Set 21.
Windows Azure: TerminologyEndPoints: You need to add an endpoint to
a machine for other resourceson the Internet or other virtual
networks to communicate with it. You canassociate specific ports
and a protocol to endpoints. Resources canconnect to an endpoint by
using a protocol of TCP or UDP. The TCPprotocol includes HTTP and
HTTPS communication.Virtual Network enables you to create secure
site-to-site connectivity, aswell as protected private virtual
networks in the cloud. 22. Windows Azure Example 23. demoHow does
it look like in Azure 24. Migration 25. MigrationDirSync:1.
Shutdown DirSync on Premise2. Install DirSync on Azure3. Configure
DirSync on Azure4. Uninstall DirSync on AzureADFS:1. Convert all
ADFS Domains to Standard Domains2. Logon to primary ADFS on Azure3.
Convert all Standard Domains back to Federated Domains 26. Q&A
27. Thank you!Twitter: @jseghers
