mountainss Cloud and Datacenter Management Blog

Microsoft SystemCenter blogsite about virtualization on-premises and Cloud


Leave a comment

Active Directory from on-premises to the #cloud – #Azure AD whitepapers #Identity

Azure AD B2C Engine

Identity management, provisioning, role management, and authentication are key services both on-premises and through the (hybrid) cloud. With:

  • The Bring Your Own Apps (BYOA) for the cloud and the Software as a Service (SaaS) applications,
  • The desire to better collaborate a la Facebook with the “social” enterprise,
  • The need to support and integrate with social networks, which lead to a Bring Your Own Identity (BYOI) trend,

Identity becomes a service where identity “bridges” in the cloud talk to on-premises directories or the directories themselves move and/or are located in the cloud.

Active Directory (AD) is a Microsoft brand for identity related capabilities. Within on-premises world, Windows Server AD provides a set of identity capabilities and services and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). Azure AD is AD reimagined for the cloud, designed to help you solving the new identity and access challenges that come with the shift to a cloud-centric, multi-tenant world.

Azure AD is the identity foundation for many Microsoft services like Office 365, Intune, Dynamics CRM, and others. Azure AD is a comprehensive identity and access management cloud solution, utilizing the enterprise-grade quality and proven capabilities of Windows AD on-premises. It combines core directory services, advanced identity governance, security and application access management.

This series of whitepapers on Windows Azure AD offerings comprises:

  • Active Directory from the on-premises to the cloud.
  • An overview of Azure AD.
  • An overview of Azure AD B2C.
  • Introducing Azure AD B2B collaboration.
  • Azure AD & Windows 10: Better together for Work or School.
  • Azure AD/Office 365 single sign-on with AD FS in Windows Server 2012 R2.
  • Azure AD/Office 365 single sign-on with Shibboleth 2.
  • Leverage Multi-Factor Authentication with Azure AD.
  • Leverage Multi-Factor Authentication Server on your premises.
  • Leverage Azure AD for modern Business Applications.

The Active Directory from the on-premises to the cloud whitepaper (AD-from-on-premises-to-the-cloud.docx) introduces the trends that sustains a new identity model, the role of Identity Management as a Service (IdMaaS) and presents in this context the Microsoft’s identity offerings in the hybrid era.

The An overview of Azure AD whitepaper (An-overview-of-AAD.docx) further presents the capabilities that can be leveraged to centralize the identity management needs of your modern business applications, and your SaaS subscriptions, whether they are cloud-based, hybrid, or even on-premises. The free edition of Azure AD is a complete offering that can help you take advantage of your on-premises existing investment, fully outsource to the cloud your users (and devices) management and anything in between. For enterprises with more demanding needs an advanced offering, Azure AD Basic and Azure AD Premium help complete the set of capabilities that this identity and access management solution delivers.

In addition, the An overview of Azure AD B2C whitepaper (An-overview-of-AAD-B2C.docx) presents the new service for Business-to-Consumer: Azure AD B2C to embrace identity management (IDM) of individual consumers.

Similarly, the Introducing Azure AD B2B collaboration whitepaper (Introduce-AAD-B2B-collaboration.docx) presents the new feature Azure AD B2B collaboration that can be used with on the above editions to embrace identity management (IDM) of partner and supply chains, and manage Business-to-Business collaboration.

The Azure AD & Windows 10: Better together for Work or School whitepaper (Azure-AD-Windows-10-better-together.docx) introduces how Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education editions will enable a device to connect to your Azure AD tenancy to seamlessly access SaaS applications in the cloud and traditional applications on-premises, and all of that without needing the traditional WSAD domains on-premises if you want to. It depicts the related experiences whether you are cloud-only, hybrid or have an on-premises AD infrastructure as well as how to enable them.

The Azure AD/Office 365 single sign-on with AD FS in Windows Server 2012 R2 whitepaper in two parts (AAD-Office-365-Single-Sign-On-with-ADFS-in-Windows-Server-2012-R2-Part-1.docx, and AAD-Office-365-Single-Sign-On-with-ADFS-in-Windows-Server-2012-R2-Part-2.docx/AAD-Office-365-Single-Sign-On-with-ADFS-in-Windows-Server-2012-R2-Part-2bis.docx) provides an understanding of the different single sign-on deployment options with Azure AD/Office 365, how to enable single sign-on using corporate AD credentials and AD FS to Azure AD/Office 365, and the different configuration elements to be aware of for such deployment. It also provides an end-to-end walkthrough to setup an Azure-based lab environment to further familiarize yourself with both the installation and configuration of the related infrastructure. It notably features in this context Azure AD Connect and Azure AD Connect Health now in GA.

The AAD-Office-365-Single-Sign-On-with-ADFS-in-Windows-Server-2012-R2-(PS-Scripts) archive file contains the script New-TestLabEnvironment.ps1 referred in the whitepaper for building the Azure-based lab environment. This script illustrates how to leverage the remote Windows PowerShell capabilities along with the Windows Server automation with Windows PowerShell to setup the required virtual machines.

Likewise, the Azure AD/Office 365 single sign-on with Shibboleth 2 whitepaper (AAD-Office-365-Single-Sign-On-with-Shibboleth-2.docx) provides an understanding of how to enable single sign-on using corporate LDAP-based directory credentials and Shibboleth 2 with the SAML 2.0 protocol to Azure AD/Office 365, and the different configuration elements to be aware of for such deployment. It also provides an end-to-end walkthrough of the related setup and configuration.

The Leverage Multi-Factor Authentication with Azure AD whitepaper (Leverage-Multi-Factor-Authentication-with-AAD.docx) covers the Azure Multi-Factor Authentication paid offering and how to leverage it with Azure AD (Premium).

As an addition, the Leverage Multi-Factor Authentication Server on your premises whitepaper (Leverage-Multi-Factor-Authentication-Server-on-your-premises.docx) describes how to use Azure Multi-Factor Authentication Server and to configure it to secure cloud resources such as Office 365 so that so that federated users will be prompted to set up additional verification the next time they sign in on-premises. In order not to “reinvent the wheels”, this document leverages the instrumented walkthrough provided in the second part of the above whitepaper Azure AD/Office 365 single sign-on with AD FS in Windows Server 2012.

The Leverage Azure AD for modern Business Applications whitepaper (Leverage-AAD-for-modern-business-apps.docx) further presents the aspects that relates to the development of solutions. Azure AD offers to developers and cloud ISVs an identity management platform to deliver access control to their modern business applications, based on centralized policy and rules.

Here you can download the Microsoft Azure Active Directory Whitepapers

azure-banner

Advertisements


Leave a comment

Download the detailed Microsoft #Azure Handbook #Cloud

Microsoft Azure Handbook

This Microsoft Azure handbook provides a detailed guide for Microsoft customers & partners to get a jumpstart on Azure.
You can download the Microsoft Azure Handbook here


Leave a comment

Busy with Deploying Remote Desktop Services (RDS) Roles in Microsoft #Azure and Private Cloud #BYOD

This video walks through the architecture of RDS solutions hosted in Azure, public, and private clouds. The discussion includes high availability considerations and capacity planning, as well as connectivity to corporate Active Directory and network resources. Whether you are a service provider thinking of hosting apps/desktops or enterprise IT admin thinking of rolling out desktops on private cloud, watch this video to learn about best practices for configuring session-based desktops and remote application services in a cloud computing environment using the Microsoft RDS solution running on a Dell infrastructure. Get insights into which components can run on tenant environment and provider environment, security and licensing considerations, and the infrastructure components (storage, networking, and servers) required to successfully build your RDS cloud deployment.

 


Leave a comment

Free #Microsoft Azure Active Directory Solutions Architecture White Paper #Azure #HybridCloud

Active Directory Azure

Standard hybrid enterprise

Many organizations can use the standard enterprise deployment pattern with a single or multi-forest Active Directory Domain Services (AD DS) instantiation connected with Azure AD. In this pattern, Azure AD enables and controls all user access to business cloud applications such as Office 365, Microsoft Intune, Salesforce.com, and other company applications. This same pattern enables user access to existing applications on the corporate network. This hybrid access is enabled for mobile access from iOS, Android, and Windows devices.

More you can read in this Microsoft Azure Active Directory Solutions Architecture White Paper


Leave a comment

Free Microsoft E-book Building Cloud Apps with Microsoft Azure #Cloudapps #Cloud #Azure #Dev

Building Cloud Apps

Organization of this book
This ebook explains thirteen recommended patterns for cloud development. “Pattern” is used here in a broad sense to mean a recommended way to do things: how best to go about developing, designing, and coding cloud apps. These are key patterns that will help you “fall into the pit of success” if you follow them.

• Automate everything
• Use scripts to maximize efficiency and minimize errors in repetitive processes.
• Demo: Azure management scripts.
• Source control
• Set up branching structures in source control to facilitate a DevOps workflow.
• Demo: add scripts to source control.
• Demo: keep sensitive data out of source control.
• Demo: use Git in Visual Studio.
• Continuous integration and delivery
• Automate build and deployment with each source control check-in.
• Web development best practices
• Keep web tier stateless
• Demo: scaling and autoscaling in Azure Websites.
• Avoid session state.
• Use a Content Delivery Network (CDN).
• Use an asynchronous programming model.
• Demo: async in ASP.NET MVC and Entity Framework.
• Single sign-on
• Introduction to Azure Active Directory.
• Demo: create an ASP.NET app that uses Azure Active Directory.

• Data storage options
• Types of data stores.
• How to choose the right data store.
• Demo: Azure SQL Database.
• Data partitioning strategies
• Partition data vertically, horizontally, or both to facilitate scaling a relational database.
• Unstructured blob storage
• Store files in the cloud by using the Blob service.
• Demo: using blob storage in the Fix It app.
• Design to survive failures
• Types of failures.
• Failure scope.
• Understanding SLAs.
• Monitoring and telemetry
• Why you should both buy a telemetry app and write your own code to instrument your app.
• Demo: New Relic for Azure
• Demo: logging code in the Fix It app.
• Demo: built-in logging support in Azure.
• Transient fault handling
• Use smart retry/back-off logic to mitigate the effect of transient failures.
• Demo: retry/back-off in Entity Framework 6.
• Distributed caching
• Improve scalability and reduce database transaction costs by using distributed caching.
• Queue-centric work pattern
• Enable high availability and improve scalability by loosely coupling web and worker tiers.
• Demo: Azure storage queues in the Fix It app. 11

More cloud app patterns and guidance
• Appendix: The Fix It Sample Application
• Known issues.
• Best practices.
• Download, build, run, and deploy instructions.
These patterns apply to all cloud environments, but we’ll illustrate them by using examples based on Microsoft technologies and services, such as Visual Studio, Team Foundation Service, ASP.NET, and Azure.

You can download the free E-book Building Cloud Apps with Microsoft Azure here


Leave a comment

FREE WhitePaper : System Center 2012 R2 Configuration Manager – Disaster Recovery #sysctr #SCCM

System Center 2012 R2 Configuration Manager

Configuration Manager 2012 R2 disaster recovery is a complex process. It requires sufficient knowledge of the Configuration Manager Product & dependent components. This document describes the steps to recover a full Configuration Manager 2012 R2 hierarchy in case of disaster. This document also describes the steps to recovery either CAS or Primary sites as well as additional steps that Configuration Manager Administrators should follow in order to restore a Configuration Manager Hierarchy or Sites without data loss. This document also provides some helpful troubleshooting tips.
At a higher level, there are the following few steps described below to recover an entire hierarchy in the event of disaster. Please note that the steps are different for recovering an entire hierarchy and individual site servers such as CAS or Primary sites. Please refer to appropriate sections within this document to recover appropriate site servers. The approximate time noted below in each of the tasks may vary significantly as there are many factors involved when recovering an entire hierarchy so use this timing as an example ONLY.

  1. Collect CAS & Primary Site Information (~1 hour)  In this step, collect & document all the necessary information required from the existing hierarchy. This task should be followed regularly whenever there are updates/changes at the site level so that it will save time at the time of disaster recovery.
  2. Backup Sites – CAS & Primary (~3 hrs.)  This section describes backup options.
  3. Recover CAS Site (~3 to 48 hrs.) This section provides the steps to recover the CAS Site server. Global data can be recovered within 3-4 hours but for site data it can take up to 48 hours.
  4. Recover Primary Site(s) (~3 to 48 hrs.)  This section provides the steps to recover Primary Site servers. Global data can be recovered within 3-4 hours but for site data it can take up to 48 hours.  Recover from supplemental backups (~2 hrs.)
  5. This section describes the steps to recover the additional components of Configuration Manager.

You can download this Microsoft System Center 2012 R2 Configuration Manager WhitePaper here