Wednesday, July 03, 2013

Journey to Cloud - Scenario V - SharePoint and Integration with Active Directory

While more and more customers, everyday, move towards adopting cloud as the platform for hosting their applications, they still adopt a hybrid scenario where the applications need integration with Active Directory on-premises, for identity and authentication.

Consider the following scenario

Scenario V:
An organization with 500+ employees have around 200 Intranet applications, most of them on SharePoint 2010 and others on a technology stack of ASP.NET with SQL Server. While the customer is looking to migrate his 200 odd applications on to Azure, he wants to make sure that his Active Directory and Domain Controller still remain on premises, and the applications still leverage these, even after these are moved to Azure.


With most applications on SharePoint 2010, the best bet for the customer will be to use Azure Infrastructure as a Service (IaaS) to migrate these existing applications as such to Azure Virtual machines. Following the DRY (Don't repeat yourself) principle, the whitepaper here gives a clear step by step procedure on how this could be achieved. 

For other applications that require an integration with AD on premises, Windows Azure Active Directory (WAAD) services can be leveraged. Windows Azure Active Directory (Windows Azure AD) is a modern, REST-based service that provides identity management and access control capabilities for your cloud applications. The best part of this service is that if there are Office 365 applications, this identity service can be integrated across Windows Azure, Microsoft Office 365 and other cloud services such as Dynamics CRM Online, Windows Intune too. Thus, with WAAD, we get a a seamless,
 single sign-on experience across Microsoft Online Services. 

The How part:

The first step involves creating a Windows Azure AD Tenant.  Windows Azure AD tenant is simply a dedicated instance of Windows Azure Active Directory (Windows Azure AD) in the cloud that your organization receives and owns when it signs up for one of Microsoft's cloud services.You can get a Windows Azure AD tenant by either signing up for a Microsoft cloud service that you want to start using or evaluating or by creating one with your Windows Azure subscription - from Azure Management portal as shown below:

Once a tenant is added, similar to how we configure on premises application, we have some administrative activities to be done. The next step now is on Administration and Integration of the application. A detailed step by step procedure on how this can be done is given here.
This gives a solution to integrating with on premises Active Directory and existing O365 applications.

Now for organizations who need their complete applications with AD on cloud, we could also
 install the entire Active Directory and Domain controller on Azure Virtual machines and configure these as we do on-premises. 

This article gives the complete steps on how Active Directory Domain controller can be installed and configured in Azure.

Tuesday, July 02, 2013

Journey to Cloud - Scenario IV - Windows Azure for Backup

In the past 3 posts, we covered the three major scenarios and solutions where Windows Azure can be used. One of the most frequently asked features in Azure is how cloud can be leveraged for Backup scenarios.

Scenario IV:
Recently we had a customer who had SharePoint running on Hyper-V on premise and they were using Symantec NBU to back up the environment as per their policy (full back up every week, incremental backup every day). The customer was looking out for Backup options and reached out to us if we have something form Azure that could take care of his requirements. They want a backup strategy for  SharePoint in Azure Virtual machines where in it can be stored on Azure VMs only.


With Windows Azure, there are several options one can choose from - for Backup. When we say Backup, what we want to back up is the first question. Hence, depending on what we want to backup, we have different solutions in Azure that will be the best fit.

1. Back up of Files and Appplications:

This includes item level backup and restore of Azure Virtual machines - Windows server 2008 R2 or Windows Server 2012 and backup of applications like SQL Server 2012. The best way to do this is to use Windows Azure Backup services.To backup files and data from your Windows Server to Windows Azure, you must create a backup vault in the geographic region where you want to store the data.

As of the time of publishing this article, the service is in Preview. Hence, we need to first sign up for the service.  Windows Azure Backup needs System Center Data Protection Manager (DPM) to copy SQL backups to Azure.

Once signed up, the service can be accessed from Storage services-> Recovery services -> Backup vault-> Quick create

A complete step by step tutorial on how Backup Vault can be leveraged for Backup solutions can be found here.

2. Back up of Virtual Machines:
The second scenario is when you will need to take a complete backup of your virtual machines as such and restore them later. This can be either from on-premises to Azure VM or from one Azure VM to another Azure VM.

For backup of VMs on Azure, we can use blobs to take a snapshot of the backup and restore it using PowerShell scripts. These links give the steps and scripts for doing this:

Hope this gives a good idea on how Azure can be leveraged for Backup and DR solutions.