sessions about to start – get your rig on!. highly available cloud-based sso for office365 james...

Sessions about to start – Get your rig on!

Highly Available Cloud-based SSO for Office365James Lewis – KloudAndreas Wasita – Kloud

OSS307

• @jimmylewis @andreaswasita

Gartner = Through 2016, Federated Single Sign-On Will Be the Predominant SSO Technology, Needed by 80 Percent of Enterprises*

* Gartner Identity and Access Management Summit 2013, March 11-13, in London, U.K

AgendaOffice 365 Federated SSO Deployment ScenariosAzure Deployment BenefitsAAD SyncAAD Connect

Office 365 Deployment ScenariosOn-premises deploymentAzure deploymentHybrid deployment

All too hard…

Typical On-Premises Deployment

• Infrastructure, Storage, Facilities

• Dependency on internal datacentres for access to “cloud services”

• Lots of network gear and configuration

Azure Deployment Configuration

• VNET• Azure Cloud

Service• Azure ILB• Azure VMs• Endpoint• Availability Sets

Azure VM high availability

Availability Set = to ensure VMs are located in different fault domains

Fault Domain

Rack

Fault Domain

Rack

AD FS Availability Set

WAP Availability Set

WAP WAP

AD FS AD FS

Demo – Highly Available SSO on AzureJames Lewis – Kloud Andreas Wasita – Kloud

Rapid Recovery

New-AzureVM

Scalable Architecture• 1,000 – 15,000

users15,000 – 60,000 users

Hybrid Deployment Configuration

zAzure

On-Premises

Azure VM sizing for AD FS and WAP

WAP

AD FS

MS Recommendation: Dual Quad Core 2.27GHz CPU (8 cores) , 4 GB RAM

Azure VM Size A3 = 4 Cores, 7 GB RAM $0.364/h - $270.28/monthA4 = 8 Cores, 14 GB RAM $0.727/h - $540.56/month

Some design considerations for Azure …Operational and Configuration Management

Passive Authentication Flows

Domain Controllers – at least one per domain

Azure VNETs – plan configuration carefully

Azure traffic manager for Geo DR

All Azure services need to run 24x7 to ensure HA – consider costs

Why on Azure ?

Weeks vs Months

Agility

Simple HA

Resilience

Scalable

Scale Instantly

Opex vs Capex

Economy

Endpoint & ACL

Security

AAD Sync

AAD Sync = One Sync Service to Rule

Multi – Forest to AAD (incl. multi Exchange orgs)

Non-AD based directory sources

Advanced provisioning, mapping and filtering rules

Password Failover – DR for SSO Coming

soon

Coming

soon

Demo – DirSync Password failover

James Lewis – Kloud Andreas Wasita – Kloud

What about AAD Connect?

Removing complexity out of AAD integration

Wizard driven tool to make deployment easier

Downloads all installation pre-requisites

Provides the flexibility to deploy to patterns wehave discussed today

Currently in public preview

Key Session Takeaways

Use the deployment model that best suits your Office 365 authentication requirements

Understand the benefits of Azure Deployment

Microsoft is making deployment easier for you!

Contact usjames.lewis@kloud.com.au@jimmylewishttp://blog.kloud.com.au/

andreas.wasita@kloud.com.au@andreaswasitahttp://blog.kloud.com.au/http://wasita.net/

Azure User GroupsMelbourne: http://www.meetup.com/MelbourneAzure/Sydney: http://www.meetup.com/Azure-Sydney-User-Group/

www.meetup.com/Azure-Sydney-User-Group/

Office365 User GroupsMelbourne: http://www.meetup.com/Melbourne-Office-365-Meetup/Sydney: http://www.meetup.com/Sydney-Office-365-Meetup/

Related content

Microsoft Office 365 Security, Privacy and Compliance Overview (OSS203)Cloud Identities and Azure Active Directory Premium (DCI305)Microsoft Office 365 ProPlus Deployment (OSS301)

Thanks! Don’t forget to complete your evaluations

aka.ms/mytechedmel