Date post: | 24-Dec-2015 |
Category: |
Documents |
Upload: | madlyn-nichols |
View: | 222 times |
Download: | 0 times |
Windows Azure Networking & Active Directory
Nasir (Muhammad Nasiruddin)Developer Evangelist - AzureMicrosoft [email protected]
How do you connect your on-premise machines to the Cloud?
Different scenarios require different levels of cross-premise connectivity
Cross-premise ConnectivityCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity & Messaging
Service Bus
Secure Machine-to-Machine Network Connectivity
Windows Azure Connect
Secure Site-to-Site Network Connectivity
Windows Azure Virtual Network
IP-level connectivity
For network administrators
Provides network admins the control to setup subnets in the Cloud and manage them as extensions of on-premise datacenters
Virtual Network
Network-level Connectivity
For developers
Designed for developers so it is simple to setup, easy to manage and can be rapidly provisioned
Connect
On premise machines
Windows Azure Roles
Windows Azure ConnectEasy agent-based installationDoes not require network admin involvementWorks within corporate firewall policyManagement through Windows Azure Portal
Rapid provisioning & reconfigurationSet up a connection within minutesEasily reconfigure connections as needed
End-to-End SecurityBuilt on open, secure standardsGranular control over connectivity
5
Windows Azure Connect
DEMO
Windows Azure Virtual NetworkBuild virtual networks that scale Traditional, familiar approach to build extension to datacenter
Scalable approach to building virtual networks
Complete control over network configurationDefine your own IP addresses
Decide where Azure roles are placed
Be compliant with corporate IT security policy
Enables complex hybrid scenarios Allows cloud machine or on-premise machine to be a non-Windows machine
Hybrid applications which require Cloud machines to reach all or a large portion of the on-premise network
7
Windows Azure subnets
On-premise subnets
Hybrid applications with “built-in“ connectivityIndependent Software Vendors wanting “built-in” cloud connectivity, seamlessly enabled as part of their application experience (e.g. HPC, Cloud DV)
No VPN deviceSmall businesses (or departments within an enterprise) who don’t have existing VPN devices and/or network expertise to manage VPN devices and routing tables
Specific, scoped connectivityDevelopers needing Windows Azure access to an on-premise SQL server
Roaming laptop access to Azure VM’s for debugging
Connectivity ScenariosConnect Ideal for:
Connect with non-Windows machinesApplications which require Cloud machines or on-premise machine to be non-Windows machine (e.g. Linux, mainframe)
Virtual Network ideal for:Setup connectivity at scaleCloud machines needing to reach all or a large portion of the on-premise network such as in domain joining
Virtual Private Network (VPN) over Internet Architecture is has built-in tolerance for throughput/latency limitations of a traditional VPN working over the Internet
Competitive Positioning
Windows Azure provides more options compared to other Cloud vendors, to help customers connect their on-premise infrastructure with Microsoft datacenters
Windows Azure virtual networking options support both Infrastructure-As-A-Service and Platform-As-A-Service compared to other Cloud vendors
Windows Azure Virtual Networking
DEMO
Windows Azure Traffic ManagerAzure caters to customers across the GLOBE Performance policy ensures that the customer is served for the fasters cloud service for him / her
Allowing Orgs to grow exponentially across the GLOBE
Azure does not sleep Failover Policy ensures that the service always responds, if primary fails, secondary…
Allowing Orgs to always get business irrespective of situations
Azure is purely secular (treats equally) Round-Robin policy ensures all services are used equally and there is no over burdening on one service
11
Windows Azure Traffic Manager
DEMO
Windows Azure Active Directory
Public
Commontechnologie
s
Identity ▪ Virtualization ▪ Management ▪ Development
Private
Broad & deep array of solutions enables customers to use cloud in their own way, at their own pace
Microsoft approach: hybrid cloud
Identity Challenges
UserDoesn’t want to use different identity for every app
DeveloperDoesn’t want to write code to support multiple identity providers
AdministratorWants to easily grant access to apps to Active Directory identities
Active Directory
Cloud App
Identity Challenges
What if we could?
RESPONDING to the needs for interoperability, social networking, flexibility, and simplicity
REINVENTED for the cloud with modern protocols
PROVIDE the enterprise capabilities of Active Directory
Windows Azure Active Directory is a modern cloud service providing identity management and access control capabilities to cloud applications.
Identity Solution: Cloud Single Sign-on with Access Control
Windows Live ID
On-PremisesActive Directory
ADFS 2.0
Third Party Apps
Windows AzureActive Directory
Microsoft Apps
Your Apps
Active Directory in IaaS
• Through Virtual Networking connectivity, on-premises Active Directory allows domain join and single sign-on for applications in Azure
• Windows Server Active Directory can now be hosted in a Virtual Machine in Windows Azure to support SharePoint or SQL Server and for performance and redundancy
On-premise subnets
DCDNS
Active Directory
Persistent VM Role
DC DNS
Active Directory
Persistent VM Role
Persistent VM Role
SQL
SharePoint
Windows Azure Active Directory
Windows Azure Authentication
LibraryDeveloper library to make authentication in Azure apps easy
Windows Azure AD Graph
Developer Restful API for the cloud directory
Windows Azure AD
Access ControlCentralized
authentication and authorization hub
Windows Azure AD
DirectoryCloud-based identity
store / provider
Single sign-on across all your cloud applications
ScenariosWindows Azure Active Directory enables:
Build social enterprise apps in the cloud
Build Secure Applications that integrate with multiple web identity providers
For ISVs and organizations of all sizes
Enterprises
CSVs
• Centralized policy and access control• Single sign-on for users to Microsoft and 3rd
party applications running in the cloud• Easy administration – sync and federate to on-
prem AD• Deliver SaaS solutions in Azure with single-
sign-on from users in Windows Azure AD (Office 365)
• Write applications using a new enterprise social graph
Small Business• Provide access control with no on-prem identity
infrastructure required• Easy to use with little IT skills required
© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.