240 likes | 350 Views
Windows Azure Networking & Active Directory. Nasir (Muhammad Nasiruddin ) Developer Evangelist - Azure Microsoft Corporation Mohammed.Nasiruddin@microsoft.com. Different scenarios require different levels of cross-premise connectivity.
E N D
Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation Mohammed.Nasiruddin@microsoft.com
Different scenarios require different levels of cross-premise connectivity How do you connect your on-premise machines to the Cloud?
Cross-premise Connectivity ENTERPRISE CLOUD Data Synchronization SQL Azure Data Sync Application-layer Connectivity & Messaging Service Bus Secure Machine-to-Machine Network ConnectivityWindows Azure Connect Secure Site-to-Site Network ConnectivityWindows Azure Virtual Network IP-level connectivity
Network-level Connectivity Virtual Network Connect For network administrators Provides network admins the control to setup subnets in the Cloud and manage them as extensions of on-premise datacenters For developers Designed for developers so it is simple to setup, easy to manage and can be rapidly provisioned
Windows Azure Connect Windows Azure Roles Easy agent-based installation Does not require network admin involvement Works within corporate firewall policy Management through Windows Azure Portal Rapid provisioning & reconfiguration Set up a connection within minutes Easily reconfigure connections as needed End-to-End Security Built on open, secure standards Granular control over connectivity On premise machines
Windows Azure Virtual Network Windows Azure subnets Build virtual networks that scale Traditional, familiar approach to build extension to datacenter Scalable approach to building virtual networks Complete control over network configuration Define your own IP addresses Decide where Azure roles are placed Be compliant with corporate IT security policy Enables complex hybrid scenarios Allows cloud machine or on-premise machine to be a non-Windows machine Hybrid applications which require Cloud machines to reach all or a large portion of the on-premise network On-premise subnets
Connectivity Scenarios Virtual Network ideal for: Connect Ideal for: Setup connectivity at scale Cloud machines needing to reach all or a large portion of the on-premise network such as in domain joining Specific, scoped connectivity Developers needing Windows Azure access to an on-premise SQL server Roaming laptop access to Azure VM’s for debugging No VPN device Small businesses (or departments within an enterprise) who don’t have existing VPN devices and/or network expertise to manage VPN devices and routing tables Connect with non-Windows machines Applications which require Cloud machines or on-premise machine to be non-Windows machine (e.g. Linux, mainframe) Hybrid applications with “built-in“ connectivity Independent Software Vendors wanting “built-in” cloud connectivity, seamlessly enabled as part of their application experience (e.g. HPC, Cloud DV) Virtual Private Network (VPN) over Internet Architecture is has built-in tolerance for throughput/latency limitations of a traditional VPN working over the Internet
Competitive Positioning Windows Azure provides more options compared to other Cloud vendors, to help customers connect their on-premise infrastructure with Microsoft datacenters Windows Azure virtual networking options support both Infrastructure-As-A-Service and Platform-As-A-Service compared to other Cloud vendors
Windows Azure Traffic Manager Azure caters to customers across the GLOBE Performance policy ensures that the customer is served for the fasters cloud service for him / her Allowing Orgs to grow exponentially across the GLOBE Azure does not sleep Failover Policy ensures that the service always responds, if primary fails, secondary… Allowing Orgs to always get business irrespective of situations Azure is purely secular (treats equally) Round-Robin policy ensures all services are used equally and there is no over burdening on one service
Microsoft approach: hybrid cloud Broad & deep array of solutions enables customers to use cloud in their own way, at their own pace Public Identity ▪ Virtualization ▪ Management ▪ Development Commontechnologies Private
Identity Challenges Identity Challenges UserDoesn’t want to use different identity for every app DeveloperDoesn’t want to write code to support multiple identity providers AdministratorWants to easily grant access to apps to Active Directory identities Cloud App Active Directory
What if we could? PROVIDE the enterprise capabilities of Active Directory REINVENTED for the cloud with modern protocols RESPONDING to the needs for interoperability, social networking, flexibility, and simplicity
Windows Azure Active Directory is a modern cloud service providing identity management and access control capabilities to cloud applications.
Identity Solution: Cloud Single Sign-on with Access Control Windows Live ID Microsoft Apps ADFS 2.0 On-Premises Active Directory Windows Azure Active Directory Third Party Apps Your Apps
Active Directory in IaaS Active Directory Active Directory DNS DNS DC DC Persistent VM Role Persistent VM Role • Through Virtual Networking connectivity, on-premises Active Directory allows domain join and single sign-on for applications in Azure • Windows Server Active Directory can now be hosted in a Virtual Machine in Windows Azure to support SharePoint or SQL Server and for performance and redundancy SharePoint Persistent VM Role SQL On-premise subnets
Windows Azure Active Directory Windows Azure AD GraphDeveloper Restful API for the cloud directory Windows Azure Authentication Library Developer library to make authentication in Azure apps easy Windows Azure AD Access Control Centralized authentication and authorization hub Windows Azure AD Directory Cloud-based identity store / provider
ScenariosWindows Azure Active Directory enables: Single sign-on across all your cloud applications Build social enterprise apps in the cloud Build Secure Applications that integrate with multiple web identity providers
For ISVs and organizations of all sizes Enterprises • Centralized policy and access control • Single sign-on for users to Microsoft and 3rd party applications running in the cloud • Easy administration – sync and federate to on-prem AD CSVs • Deliver SaaS solutions in Azure with single-sign-on from users in Windows Azure AD (Office 365) • Write applications using a new enterprise social graph Small Business • Provide access control with no on-premidentity infrastructure required • Easy to use with little IT skills required
Questions? Mohammed.Nasiruddin@microsoft.com