Windows Azure Networking & Active Directory

Nasir (Muhammad Nasiruddin)Developer Evangelist - AzureMicrosoft CorporationMohammed.Nasiruddin@microsoft.com

How do you connect your on-premise machines to the Cloud?

Different scenarios require different levels of cross-premise connectivity

Cross-premise ConnectivityCLOUD ENTERPRISE

Data SynchronizationSQL Azure Data Sync

Application-layer Connectivity & Messaging

Service Bus

Secure Machine-to-Machine Network Connectivity

Windows Azure Connect

Secure Site-to-Site Network Connectivity

Windows Azure Virtual Network

IP-level connectivity

For network administrators

Provides network admins the control to setup subnets in the Cloud and manage them as extensions of on-premise datacenters

Virtual Network

Network-level Connectivity

For developers

Designed for developers so it is simple to setup, easy to manage and can be rapidly provisioned

Connect

On premise machines

Windows Azure Roles

Windows Azure ConnectEasy agent-based installationDoes not require network admin involvementWorks within corporate firewall policyManagement through Windows Azure Portal

Rapid provisioning & reconfigurationSet up a connection within minutesEasily reconfigure connections as needed

End-to-End SecurityBuilt on open, secure standardsGranular control over connectivity

5

Windows Azure Connect

DEMO

Windows Azure Virtual NetworkBuild virtual networks that scale Traditional, familiar approach to build extension to datacenter

Scalable approach to building virtual networks

Complete control over network configurationDefine your own IP addresses

Decide where Azure roles are placed

Be compliant with corporate IT security policy

Enables complex hybrid scenarios Allows cloud machine or on-premise machine to be a non-Windows machine

Hybrid applications which require Cloud machines to reach all or a large portion of the on-premise network

7

Windows Azure subnets

On-premise subnets

Hybrid applications with “built-in“ connectivityIndependent Software Vendors wanting “built-in” cloud connectivity, seamlessly enabled as part of their application experience (e.g. HPC, Cloud DV)

No VPN deviceSmall businesses (or departments within an enterprise) who don’t have existing VPN devices and/or network expertise to manage VPN devices and routing tables

Specific, scoped connectivityDevelopers needing Windows Azure access to an on-premise SQL server

Roaming laptop access to Azure VM’s for debugging

Connectivity ScenariosConnect Ideal for:

Connect with non-Windows machinesApplications which require Cloud machines or on-premise machine to be non-Windows machine (e.g. Linux, mainframe)

Virtual Network ideal for:Setup connectivity at scaleCloud machines needing to reach all or a large portion of the on-premise network such as in domain joining

Virtual Private Network (VPN) over Internet Architecture is has built-in tolerance for throughput/latency limitations of a traditional VPN working over the Internet

Competitive Positioning

Windows Azure provides more options compared to other Cloud vendors, to help customers connect their on-premise infrastructure with Microsoft datacenters

Windows Azure virtual networking options support both Infrastructure-As-A-Service and Platform-As-A-Service compared to other Cloud vendors

Windows Azure Virtual Networking

DEMO

Windows Azure Traffic ManagerAzure caters to customers across the GLOBE Performance policy ensures that the customer is served for the fasters cloud service for him / her

Allowing Orgs to grow exponentially across the GLOBE

Azure does not sleep Failover Policy ensures that the service always responds, if primary fails, secondary…

Allowing Orgs to always get business irrespective of situations

Azure is purely secular (treats equally) Round-Robin policy ensures all services are used equally and there is no over burdening on one service

11

Windows Azure Traffic Manager

DEMO

Windows Azure Active Directory

Public

Commontechnologie

s

Identity ▪ Virtualization ▪ Management ▪ Development

Private

Broad & deep array of solutions enables customers to use cloud in their own way, at their own pace

Microsoft approach: hybrid cloud

Identity Challenges

UserDoesn’t want to use different identity for every app

DeveloperDoesn’t want to write code to support multiple identity providers

AdministratorWants to easily grant access to apps to Active Directory identities

Active Directory

Cloud App

Identity Challenges

What if we could?

RESPONDING to the needs for interoperability, social networking, flexibility, and simplicity

REINVENTED for the cloud with modern protocols

PROVIDE the enterprise capabilities of Active Directory

Windows Azure Active Directory is a modern cloud service providing identity management and access control capabilities to cloud applications.

Identity Solution: Cloud Single Sign-on with Access Control

Windows Live ID

On-PremisesActive Directory

ADFS 2.0

Third Party Apps

Windows AzureActive Directory

Microsoft Apps

Your Apps

Active Directory in IaaS

• Through Virtual Networking connectivity, on-premises Active Directory allows domain join and single sign-on for applications in Azure

• Windows Server Active Directory can now be hosted in a Virtual Machine in Windows Azure to support SharePoint or SQL Server and for performance and redundancy

On-premise subnets

DCDNS

Active Directory

Persistent VM Role

DC DNS

Active Directory

Persistent VM Role

Persistent VM Role

SQL

SharePoint

Windows Azure Active Directory

Windows Azure Authentication

LibraryDeveloper library to make authentication in Azure apps easy

Windows Azure AD Graph

Developer Restful API for the cloud directory

Windows Azure AD

Access ControlCentralized

authentication and authorization hub

Windows Azure AD

DirectoryCloud-based identity

store / provider

Single sign-on across all your cloud applications

ScenariosWindows Azure Active Directory enables:

Build social enterprise apps in the cloud

Build Secure Applications that integrate with multiple web identity providers

For ISVs and organizations of all sizes

Enterprises

CSVs

• Centralized policy and access control• Single sign-on for users to Microsoft and 3rd

party applications running in the cloud• Easy administration – sync and federate to on-

prem AD• Deliver SaaS solutions in Azure with single-

sign-on from users in Windows Azure AD (Office 365)

• Write applications using a new enterprise social graph

Small Business• Provide access control with no on-prem identity

infrastructure required• Easy to use with little IT skills required

Questions?

Mohammed.Nasiruddin@microsoft.com

© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to

be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.