Today, my friend and colleague, Yung Chou, has written a great article overviewing the features provided by the Windows Azure cloud platform. You can check out Yung’s article at:
One of the specific features that is a frequent topic of conversation at IT Pro events relates to supporting Active Directory on Windows Azure. Active Directory is certainly an important infrastructural component of Windows networking shops, and is equally important to plan for when considering applications in the cloud.
The Windows Azure cloud platform provides two different options for running Active Directory services in the Cloud: (1) Windows Azure Active Directory and (2) Windows Server Active Directory on Windows Azure VMs. In this article, I’ll describe the scenarios and considerations for using each option and provide additional resources for further exploration.
When thinking about identity management on Windows Azure, two very different application scenarios immediately spring to mind:
Windows Azure Active Directory is a modern, REST-based service that provides identity management for “cloud-first” applications. Instead of developing a separate identity store and authentication process for each discrete cloud application, Windows Azure AD provides a single identity service that can be leveraged by all of your cloud applications. In addition, Windows Azure AD is the underlying identity management solution for our own cloud offerings, including the Windows Azure Management Portal, Office 365, Dynamics CRM Online, Windows Intune, and Windows Azure Online Backup.
Windows Azure Active Directory management portal
Windows Azure AD can also be integrated with an on-premises Windows Server Active Directory infrastructure via Directory Synchronization and Active Directory Federation Services (ADFS) to provide single sign-on to Enterprise users for both on-premise applications as well as applications developed for the cloud. This integration can be deployed by following the Integration Wizards available within the Management Portal.
Windows Azure Active Directory Integration Wizards
Sign-up for Windows Azure Active Directory to learn more about managing Active Directory for applications developed for the cloud.
Running Windows Server Active Directory on Windows Azure VMs provides the ability to run a traditional on-premise Active Directory infrastructure in the Windows Azure cloud as one or more virtual machines. Many existing on-premise applications expect Windows Server Active Directory to be available for identity management and authentication, and when migrating these applications to a virtual machine in the Windows Azure cloud, we’ll need to continue to provide a Windows Server Active Directory infrastructure for these applications to continue to work properly. This is exactly what Windows Server Active Directory on Windows Azure VMs allows us to do.
While very similar to running virtualized domain controllers as VMs on Hyper-V within your data center, there are a few special considerations to keep in mind when deploying Windows Server Active Directory domain controllers as Windows Azure VMs:
To step through the process of building a new Active Directory forest in Windows Azure with Windows Server 2012, follow this Step-by-Step guide:
Get started with Windows Azure and prepare yourself for following along with the other articles in this series by completing the tasks in the article below:
Are you planning to develop or migrate applications to Windows Azure? Feel free to leave your comments and questions below related to how you will be supporting Active Directory for these applications.
Be sure to check out these additional resources:
Keith Mayer is a Senior Technical Evangelist at Microsoft focused on Cloud and Enterprise platforms. Keith has over 20 years of experience as a technical leader of complex IT projects, in diverse roles, such as Network Engineer, IT Manager, Technical Instructor and Consultant. He has consulted and trained thousands of IT Pros worldwide on design of enterprise technology solutions.
Keith is currently certified on several Microsoft technologies, including Private Cloud, System Center, Hyper-V, Windows, Windows Server, SharePoint and Exchange. He also holds other industry certifications from VMware, IBM, Cisco, Citrix, HP, CheckPoint, CompTIA and Interwoven.
You can contact Keith online at http://aka.ms/AskKeith.