Supporting architecture office 365 on windows azure

• 1. #comdaybeSupporting Architecture Office 365on Windows Azure - IaaSJ-Solutions - FlexamitJethro Seghers

2. Jethro Seghers 3. Agenda Different types of Identity Supporting Architecture Different Deployments Windows Azure IaaS ADFS + DirSync + Azure Migration Q&A 4. Identity Options 5. Introduction to identity options1. MS Online IDsAppropriate for Smaller organizations withoutAD on-premisePros No servers required on-premiseCons No SSO No 2FA (strong authentication) 2 sets of credentials tomanage with differingpassword policies Users and groups mastered inthe cloud2. MS Online IDs + Dir SyncAppropriate for Orgs with AD on-premisePros Users and groups mastered on-premise Enables co-existence scenariosCons No SSO BUT PASSWORDSYNC No 2FA 2 sets of credentials to managewith differing password policies Single server deployment3. Federated IDs + Dir SyncAppropriate for Larger enterprise organizationswith AD on-premisePros SSO with corporate cred Users and groups mastered on-premise Password policy controlled on-premise 2FA solutions possible Enables co-existence scenariosCons High availability serverdeployments required 6. Directory Synchronisation 7. What is DirSync?is a Directory Synchronization enginebased on Forefront Identity Manager (FIM)that will synchronize a subset of your on-premise Active Directory with Windows AzureActive Directory (Office 365). 8. Why use DirSync?Long term coexistence between Active Directory On Premise andWindows Azure Active Directory.(Easy/quick provisioning*)Single place for managing identities including: Users Groups Memberships Enabler for Hybrid Deployments (required) Two-way Directory Synchronization 9. Deployment ConsiderationsActive Directory Assessment Prerequisites check (Readiness Tool)Topology Single Forest? Multiple Domains?Security Firewalls, Permissions64-bit only!De/Activation time; can take some time to completeObject filtering required?SQL Version - Windows 2012 Server Supported 10. DirSyncHow does DirSync work?Active DirectoryMETAVERSE 11. What objects are synced?From AD to Office 365: http://support.microsoft.com/kb/2256198From Office 365 to AD (aka write-back):Write-Back attribute Exchange "full fidelity" featureSafeSendersHashBlockedSendersHashSafeRecipientHashFiltering: Writes back on-premises filtering and onlinesafe and blocked sender data from clients.msExchArchiveStatus Online Archive: Enables customers to archive mail.ProxyAddresses(LegacyExchangeDN as X500)Enable Mailbox: Off-boards an online mailbox back to on-premises Exchange.msExchUCVoiceMailSettingsEnable Unified Messaging (UM) - Online voice mail: Thisnew attribute is used only for UM-Microsoft Lync Server2010 integration to indicate to Lync Server 2010 on-premises that the user has voice mail in online services. 12. Active Directory FederationServices 13. ADFS: On Premise TopologyEnterprise DMZAD FS 2.0ServerProxyInternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0ServerAD FS 2.0ServerProxy 14. ADFS: On Premise TopologyEnterprise DMZAD FS 2.0ServerProxyInternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0ServerAD FS 2.0ServerProxy 15. ADFS: Hybrid Topology: IAASEnterpriseInternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0ServerIAASExternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0Server 16. ADFS: Hybrid Topology: IAASEnterpriseInternaluserActiveDirectoryAD FS 2.0ServerIAASExternaluserActiveDirectoryAD FS 2.0Server 17. ADFS: Cloud Topology: IAASIAASInternalExternaluserActiveDirectoryAD FS 2.0ServerAD FS 2.0Server 18. What about Windows Azure 19. Windows Azure & ADFS Virtual Network Support Site to Site VPN Computing: 99,95% SLA Uptime for High Available System 99,9% SLA Uptime for Single System Storage: 99,9% Full Control over your Virtual Machines Pay as you Go, OPEX vs CAPEX PowerShell Support 20. Windows Azure: TerminologyCloud Service: Role which several VMs take upon themselves toexecute. E.G. ADFS. Cloud services need to have two instances or moreto quality for the SLA of 99,95%. 1 External Virtual IP Address per CloudServiceAvailability Set 21. Windows Azure: TerminologyEndPoints: You need to add an endpoint to a machine for other resourceson the Internet or other virtual networks to communicate with it. You canassociate specific ports and a protocol to endpoints. Resources canconnect to an endpoint by using a protocol of TCP or UDP. The TCPprotocol includes HTTP and HTTPS communication.Virtual Network enables you to create secure site-to-site connectivity, aswell as protected private virtual networks in the cloud. 22. Windows Azure Example 23. demoHow does it look like in Azure 24. Migration 25. MigrationDirSync:1. Shutdown DirSync on Premise2. Install DirSync on Azure3. Configure DirSync on Azure4. Uninstall DirSync on AzureADFS:1. Convert all ADFS Domains to Standard Domains2. Logon to primary ADFS on Azure3. Convert all Standard Domains back to Federated Domains 26. Q&A 27. Thank you!Twitter: @jseghers