Wednesday, July 03, 2013

Journey to Cloud - Scenario V - SharePoint and Integration with Active Directory

While more and more customers, everyday, move towards adopting cloud as the platform for hosting their applications, they still adopt a hybrid scenario where the applications need integration with Active Directory on-premises, for identity and authentication.

Consider the following scenario

Scenario V:
An organization with 500+ employees have around 200 Intranet applications, most of them on SharePoint 2010 and others on a technology stack of ASP.NET with SQL Server. While the customer is looking to migrate his 200 odd applications on to Azure, he wants to make sure that his Active Directory and Domain Controller still remain on premises, and the applications still leverage these, even after these are moved to Azure.

Solution:

With most applications on SharePoint 2010, the best bet for the customer will be to use Azure Infrastructure as a Service (IaaS) to migrate these existing applications as such to Azure Virtual machines. Following the DRY (Don't repeat yourself) principle, the whitepaper here gives a clear step by step procedure on how this could be achieved. 

For other applications that require an integration with AD on premises, Windows Azure Active Directory (WAAD) services can be leveraged. Windows Azure Active Directory (Windows Azure AD) is a modern, REST-based service that provides identity management and access control capabilities for your cloud applications. The best part of this service is that if there are Office 365 applications, this identity service can be integrated across Windows Azure, Microsoft Office 365 and other cloud services such as Dynamics CRM Online, Windows Intune too. Thus, with WAAD, we get a a seamless,
 single sign-on experience across Microsoft Online Services. 


The How part:

The first step involves creating a Windows Azure AD Tenant.  Windows Azure AD tenant is simply a dedicated instance of Windows Azure Active Directory (Windows Azure AD) in the cloud that your organization receives and owns when it signs up for one of Microsoft's cloud services.You can get a Windows Azure AD tenant by either signing up for a Microsoft cloud service that you want to start using or evaluating or by creating one with your Windows Azure subscription - from Azure Management portal as shown below:



Once a tenant is added, similar to how we configure on premises application, we have some administrative activities to be done. The next step now is on Administration and Integration of the application. A detailed step by step procedure on how this can be done is given here.
This gives a solution to integrating with on premises Active Directory and existing O365 applications.

Now for organizations who need their complete applications with AD on cloud, we could also
 install the entire Active Directory and Domain controller on Azure Virtual machines and configure these as we do on-premises. 

This article gives the complete steps on how Active Directory Domain controller can be installed and configured in Azure.


No comments: