sessions about to start – get your rig on!. highly available cloud-based sso for office365 james...
TRANSCRIPT
Sessions about to start – Get your rig on!
Highly Available Cloud-based SSO for Office365James Lewis – KloudAndreas Wasita – Kloud
OSS307
• @jimmylewis @andreaswasita
Gartner = Through 2016, Federated Single Sign-On Will Be the Predominant SSO Technology, Needed by 80 Percent of Enterprises*
* Gartner Identity and Access Management Summit 2013, March 11-13, in London, U.K
AgendaOffice 365 Federated SSO Deployment ScenariosAzure Deployment BenefitsAAD SyncAAD Connect
Office 365 Deployment ScenariosOn-premises deploymentAzure deploymentHybrid deployment
All too hard…
Typical On-Premises Deployment
• Infrastructure, Storage, Facilities
• Dependency on internal datacentres for access to “cloud services”
• Lots of network gear and configuration
Azure Deployment Configuration
• VNET• Azure Cloud
Service• Azure ILB• Azure VMs• Endpoint• Availability Sets
Azure VM high availability
Availability Set = to ensure VMs are located in different fault domains
Fault Domain
Rack
Fault Domain
Rack
AD FS Availability Set
WAP Availability Set
WAP WAP
AD FS AD FS
Demo – Highly Available SSO on AzureJames Lewis – Kloud Andreas Wasita – Kloud
Rapid Recovery
New-AzureVM
Scalable Architecture• 1,000 – 15,000
users15,000 – 60,000 users
Hybrid Deployment Configuration
zAzure
On-Premises
Azure VM sizing for AD FS and WAP
WAP
AD FS
MS Recommendation: Dual Quad Core 2.27GHz CPU (8 cores) , 4 GB RAM
Azure VM Size A3 = 4 Cores, 7 GB RAM $0.364/h - $270.28/monthA4 = 8 Cores, 14 GB RAM $0.727/h - $540.56/month
Some design considerations for Azure …Operational and Configuration Management
Passive Authentication Flows
Domain Controllers – at least one per domain
Azure VNETs – plan configuration carefully
Azure traffic manager for Geo DR
All Azure services need to run 24x7 to ensure HA – consider costs
Why on Azure ?
Weeks vs Months
Agility
Simple HA
Resilience
Scalable
Scale Instantly
Opex vs Capex
Economy
Endpoint & ACL
Security
AAD Sync
AAD Sync = One Sync Service to Rule
Multi – Forest to AAD (incl. multi Exchange orgs)
Non-AD based directory sources
Advanced provisioning, mapping and filtering rules
Password Failover – DR for SSO Coming
soon
Coming
soon
Demo – DirSync Password failover
James Lewis – Kloud Andreas Wasita – Kloud
What about AAD Connect?
Removing complexity out of AAD integration
Wizard driven tool to make deployment easier
Downloads all installation pre-requisites
Provides the flexibility to deploy to patterns wehave discussed today
Currently in public preview
Key Session Takeaways
Use the deployment model that best suits your Office 365 authentication requirements
Understand the benefits of Azure Deployment
Microsoft is making deployment easier for you!
Contact [email protected]@jimmylewishttp://blog.kloud.com.au/
[email protected]@andreaswasitahttp://blog.kloud.com.au/http://wasita.net/
Azure User GroupsMelbourne: http://www.meetup.com/MelbourneAzure/Sydney: http://www.meetup.com/Azure-Sydney-User-Group/
www.meetup.com/Azure-Sydney-User-Group/
Office365 User GroupsMelbourne: http://www.meetup.com/Melbourne-Office-365-Meetup/Sydney: http://www.meetup.com/Sydney-Office-365-Meetup/
Related content
Microsoft Office 365 Security, Privacy and Compliance Overview (OSS203)Cloud Identities and Azure Active Directory Premium (DCI305)Microsoft Office 365 ProPlus Deployment (OSS301)
Thanks! Don’t forget to complete your evaluations
aka.ms/mytechedmel