While more and more
customers, everyday, move towards adopting cloud as the platform for hosting their applications,
they still adopt a hybrid scenario where the applications need integration with
Active Directory on-premises, for identity and authentication.
Consider the following
scenario
Scenario V:
An organization with 500+
employees have around 200 Intranet applications, most of them on SharePoint
2010 and others on a technology stack of ASP.NET with SQL Server. While the
customer is looking to migrate his 200 odd applications on to Azure, he wants to
make sure that his Active Directory and Domain Controller still remain on
premises, and the applications still leverage these, even after these are moved
to Azure.
Solution:
With most applications on SharePoint 2010, the best bet for the customer will be to use Azure Infrastructure as a Service (IaaS) to migrate these existing applications as such to Azure Virtual machines. Following the DRY (Don't repeat yourself) principle, the whitepaper here gives a clear step by step procedure on how this could be achieved.
For other applications that require an integration with AD on premises, Windows Azure Active Directory (WAAD) services can be leveraged. Windows Azure Active Directory (Windows Azure AD) is a modern, REST-based service that provides identity management and access control capabilities for your cloud applications. The best part of this service is that if there are Office 365 applications, this identity service can be integrated across Windows Azure, Microsoft Office 365 and other cloud services such as Dynamics CRM Online, Windows Intune too. Thus, with WAAD, we get a a seamless, single sign-on experience across Microsoft Online Services.
The How part:
The first step involves
creating a Windows Azure AD Tenant. Windows Azure AD tenant is
simply a dedicated instance of Windows Azure Active Directory (Windows Azure
AD) in the cloud that your organization receives and owns when it signs up for
one of Microsoft's cloud services.You can get a Windows Azure AD tenant by
either signing up for a Microsoft cloud service that you want to start using or
evaluating or by creating one with your Windows Azure subscription - from Azure
Management portal as shown below:
Once a tenant is added, similar to how we configure on premises application, we
have some administrative activities to be done. The next step now is on
Administration and Integration of the application. A detailed step by step
procedure on how this can be done is given here.
This gives a solution to
integrating with on premises Active Directory and existing O365 applications.
Now for organizations who need their complete applications with AD on cloud, we could also install the entire Active Directory and Domain controller on Azure Virtual machines and configure these as we do on-premises.
This
article gives
the complete steps on how Active Directory Domain controller can be installed
and configured in Azure.