Identity management, provisioning, role management, and authentication are key services both on-premises and through the (hybrid) cloud. With:
- The Bring Your Own Apps (BYOA) for the cloud and the Software as a Service (SaaS) applications,
- The desire to better collaborate a la Facebook with the “social” enterprise,
- The need to support and integrate with social networks, which lead to a Bring Your Own Identity (BYOI) trend,
Identity becomes a service where identity “bridges” in the cloud talk to on-premises directories or the directories themselves move and/or are located in the cloud.
Active Directory (AD) is a Microsoft brand for identity related capabilities. Within on-premises world, Windows Server AD provides a set of identity capabilities and services and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). Azure AD is AD reimagined for the cloud, designed to help you solving the new identity and access challenges that come with the shift to a cloud-centric, multi-tenant world.
Azure AD is the identity foundation for many Microsoft services like Office 365, Intune, Dynamics CRM, and others. Azure AD is a comprehensive identity and access management cloud solution, utilizing the enterprise-grade quality and proven capabilities of Windows AD on-premises. It combines core directory services, advanced identity governance, security and application access management.
This series of whitepapers on Windows Azure AD offerings comprises:
- Active Directory from the on-premises to the cloud.
- An overview of Azure AD.
- An overview of Azure AD B2C.
- Introducing Azure AD B2B collaboration.
- Azure AD & Windows 10: Better together for Work or School.
- Azure AD/Office 365 single sign-on with AD FS in Windows Server 2012 R2.
- Azure AD/Office 365 single sign-on with Shibboleth 2.
- Leverage Multi-Factor Authentication with Azure AD.
- Leverage Multi-Factor Authentication Server on your premises.
- Leverage Azure AD for modern Business Applications.
The Active Directory from the on-premises to the cloud whitepaper (AD-from-on-premises-to-the-cloud.docx) introduces the trends that sustains a new identity model, the role of Identity Management as a Service (IdMaaS) and presents in this context the Microsoft’s identity offerings in the hybrid era.
The An overview of Azure AD whitepaper (An-overview-of-AAD.docx) further presents the capabilities that can be leveraged to centralize the identity management needs of your modern business applications, and your SaaS subscriptions, whether they are cloud-based, hybrid, or even on-premises. The free edition of Azure AD is a complete offering that can help you take advantage of your on-premises existing investment, fully outsource to the cloud your users (and devices) management and anything in between. For enterprises with more demanding needs an advanced offering, Azure AD Basic and Azure AD Premium help complete the set of capabilities that this identity and access management solution delivers.
In addition, the An overview of Azure AD B2C whitepaper (An-overview-of-AAD-B2C.docx) presents the new service for Business-to-Consumer: Azure AD B2C to embrace identity management (IDM) of individual consumers.
Similarly, the Introducing Azure AD B2B collaboration whitepaper (Introduce-AAD-B2B-collaboration.docx) presents the new feature Azure AD B2B collaboration that can be used with on the above editions to embrace identity management (IDM) of partner and supply chains, and manage Business-to-Business collaboration.
The Azure AD & Windows 10: Better together for Work or School whitepaper (Azure-AD-Windows-10-better-together.docx) introduces how Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education editions will enable a device to connect to your Azure AD tenancy to seamlessly access SaaS applications in the cloud and traditional applications on-premises, and all of that without needing the traditional WSAD domains on-premises if you want to. It depicts the related experiences whether you are cloud-only, hybrid or have an on-premises AD infrastructure as well as how to enable them.
The Azure AD/Office 365 single sign-on with AD FS in Windows Server 2012 R2 whitepaper in two parts (AAD-Office-365-Single-Sign-On-with-ADFS-in-Windows-Server-2012-R2-Part-1.docx, and AAD-Office-365-Single-Sign-On-with-ADFS-in-Windows-Server-2012-R2-Part-2.docx/AAD-Office-365-Single-Sign-On-with-ADFS-in-Windows-Server-2012-R2-Part-2bis.docx) provides an understanding of the different single sign-on deployment options with Azure AD/Office 365, how to enable single sign-on using corporate AD credentials and AD FS to Azure AD/Office 365, and the different configuration elements to be aware of for such deployment. It also provides an end-to-end walkthrough to setup an Azure-based lab environment to further familiarize yourself with both the installation and configuration of the related infrastructure. It notably features in this context Azure AD Connect and Azure AD Connect Health now in GA.
The AAD-Office-365-Single-Sign-On-with-ADFS-in-Windows-Server-2012-R2-(PS-Scripts) archive file contains the script New-TestLabEnvironment.ps1 referred in the whitepaper for building the Azure-based lab environment. This script illustrates how to leverage the remote Windows PowerShell capabilities along with the Windows Server automation with Windows PowerShell to setup the required virtual machines.
Likewise, the Azure AD/Office 365 single sign-on with Shibboleth 2 whitepaper (AAD-Office-365-Single-Sign-On-with-Shibboleth-2.docx) provides an understanding of how to enable single sign-on using corporate LDAP-based directory credentials and Shibboleth 2 with the SAML 2.0 protocol to Azure AD/Office 365, and the different configuration elements to be aware of for such deployment. It also provides an end-to-end walkthrough of the related setup and configuration.
The Leverage Multi-Factor Authentication with Azure AD whitepaper (Leverage-Multi-Factor-Authentication-with-AAD.docx) covers the Azure Multi-Factor Authentication paid offering and how to leverage it with Azure AD (Premium).
As an addition, the Leverage Multi-Factor Authentication Server on your premises whitepaper (Leverage-Multi-Factor-Authentication-Server-on-your-premises.docx) describes how to use Azure Multi-Factor Authentication Server and to configure it to secure cloud resources such as Office 365 so that so that federated users will be prompted to set up additional verification the next time they sign in on-premises. In order not to “reinvent the wheels”, this document leverages the instrumented walkthrough provided in the second part of the above whitepaper Azure AD/Office 365 single sign-on with AD FS in Windows Server 2012.
The Leverage Azure AD for modern Business Applications whitepaper (Leverage-AAD-for-modern-business-apps.docx) further presents the aspects that relates to the development of solutions. Azure AD offers to developers and cloud ISVs an identity management platform to deliver access control to their modern business applications, based on centralized policy and rules.
One of the major trends in the last few years has been a huge explosion in amount of data being generated by OLTP systems often coupled with the need to retain ever longer durations of historical data that needs to be made available for querying on demand. In order to meet customer needs in terms of data retention and performance, hosted database implementations had to choose between the following less than optimal options:
- expanding and managing local storage which led to increasing cost
- archive less frequently queried data into offline backup systems like tapes which prevents on-demand querying
- simply put in place more aggressive data retention policies that reduced the need for this data to be stored in the first place leading to data loss
SQL Server 2016 introduces a number of major capabilities which enable seamless scale-out of SQL Server for low cost storage which is available for anytime On-Demand querying using Azure. With Azure’s almost limitless storage, hosters can offer low cost hyper-scale benefits to their SQL Server implementations for their customers. In this document, detailed technical guidance is provided in the context of a customer scenario on how to implement a hyper-scale database offering. For the implementation, the following SQL Server 2016 capabilities are leveraged
- Stretched database and Azure Stretch database service
- AlwaysOn Availability Groups with asynchronous replica in Azure
- In-Memory ColumnStore
- Temporal Database
The following Guide explains these capabilities and also enumerate considerations that the Hosting Service Provider (HSP) database administrator has to keep in mind while implementing this offer.
Why Microsoft Azure Stack?
Microsoft Azure Stack is a new hybrid cloud platform product that enables your organization to deliver Azure services from your own datacenter to help you achieve more. Get the power of cloud services, yet maintain control of your datacenter for true hybrid cloud agility. You decide where to keep your data and applications—in your own datacenter or with a hosting service provider. Easily access public cloud resources to scale at busy times of the year, for dev-test, or whenever you need them. Only Microsoft builds and runs its own hyper-scale datacenters and delivers that proven innovation to your datacenter.
Getting started with Operations Management Suite Security and Audit Solution for your Hybrid Datacenters
Microsoft Operations Management Suite (OMS) is Microsoft’s cloud based IT management solution that helps you manage and protect your on-premises and cloud infrastructure. For more information about OMS, read the article Operations Management Suite.
The OMS Security and Audit solution provides a comprehensive view into your organization’s IT security posture with built-in search queries for notable issues that require your attention. The Security and Audit dashboard is the home screen for everything related to security in OMS. It provides high-level insight into the security state of your computers. It also includes the ability to view all events from the past 24 hours, seven days or any other custom time frame.
SQL Server 2012 SP1 CU2 and SQL Server 2014 have built in capability to back up to Windows Azure storage. The SQL Server Backup to Windows Azure tool provides the same functionality for previous versions of SQL Server. It can also be used to provide encryption and compression for your backups.
Using the 3-step wizard, you can specify a rule or set of rules that are applied to any SQL Server backup. One example of a rule could be to redirect all local backups to the specified Windows Azure storage. Another example of a rule would be to use compression or encryption for backups stored in a specific location.
Once you configure the rules, these rules are applied to SQL Server Backup files. If the rule is set to use a Windows Azure storage account, the tool redirects the backups to the specified Windows Azure storage account, but leaves a stub file in the local storage with metadata information to be used during restore.
- Support for backups to Windows Azure Storage for SQL Server versions that do not have the built-in capability. Using Windows Azure storage for your backups has several benefits, such as providing off-site storage for disaster recovery, accessibility regardless of location, etc. For more information, see SQL Server Backup and Restore with Windows Azure.
- Encryption support for SQL Server versions that do not have the built in capability. Currently only SQL Server 2014 has encryption support.
- Compression support for SQL Server versions that do not have the built in capability. Currently, SQL Server 2008 supports compression in Enterprise edition only, but SQL Server 2008 R2 and later, encryption is supported on Enterprise and Standard editions.
SQL Server and Operating Systems Support:
This tool is supported on SQL Server 2005 or later, and Operating System versions: Windows Server 2008 or later for Servers, and Windows 7 or later for Client Operating Systems.
This diagram shows the classes used or defined in the management pack
The Microsoft Azure SQL Database Management Pack enables you to monitor the availability and performance of applications that are running on Microsoft Azure SQL Database.
After configuration, the Microsoft Azure SQL Database Monitoring Management Pack offers the following functionalities:
- User-friendly wizard to discover Microsoft Azure SQL Database servers.
- Provides availability status of Microsoft Azure SQL Database server.
- Collects and monitors health of Microsoft Azure SQL Database databases.
- Space monitoring:
- Used space
- Free space
- Total allocated quota
- Track the total number of databases per server
- Successful connections count
- Failed connections count
- Number of deadlocks
- Throttling/long transactions count
- Connections blocked by firewall count
- Space monitoring:
- Collects and monitors performance information:
- Average memory per session
- Total memory per session
- Total CPU time per session
- Total I/O per session
- Number of database sessions
- Maximum Transaction execution time
- Maximum Transaction lock count
- Maximum Transaction log space used
- Network Egress/Ingress bandwidth
- Percentage of CPU used
- Percentage of workers used
- Percentage of CPU used
- Ability to define Custom thresholds for each monitor to configure the warning and critical alerts.
- Run-as profile to securely connect to Microsoft Azure SQL Database.
- Detailed knowledge to guide the IT operator with troubleshooting the problem.
- Custom tasks to redirect the user to the Microsoft Azure SQL Database online portal.
- Custom query support to enable application-specific availability and performance monitoring.
- Dashboard functionality