SIA 205 Active Directory Domain Services on Windows

SIA 205 Active Directory Domain Services on Windows Azure Virtual Machines Samuel Devasahayam Active Directory Product Group Microsoft

Why are we even discussing Active Directory? “Is there a session on running NOTEPAD. EXE in Windows Azure, too? ” Vernacular (no, there isn’t) … terminology specific to Windows Azure that will get us all on the same page Considerations for a cloud-deployment … optimal configuration knobs and deployment topologies

Why are we even discussing Active Directory? “Is there a session on running NOTEPAD. EXE in Windows Azure, too? ” Vernacular (no, there isn’t) … terminology specific to Windows Azure that will get us all on the same page Considerations for a cloud-deployment … optimal configuration knobs and deployment topologies

Objectives Why are we even discussing Active Directory? IMPLICATION: “there’s something specific to its deployment in Azure” Vernacular … terminology specific to Windows Azure that will get us all on the same page Considerations for a cloud-deployment … optimal configuration knobs and deployment topologies

Objectives Why are we even discussing Active Directory? IMPLICATION: “there’s something specific to its deployment in Azure” Vernacular … terminology specific to Windows Azure that will get us all on the same page Considerations for a cloud-deployment … optimal configuration knobs and deployment topologies

see http: //www. windowsazure. com/en-us/home/features/identity/

Objectives Why are we even discussing Active Directory? IMPLICATION: “there’s something specific to its deployment in Azure” Vernacular … terminology specific to Windows Azure that will get us all on the same page Considerations for a cloud-deployment … optimal configuration knobs and deployment topologies

Deploy DC in Separate Cloud Service ADVNET Cloud Service for AD Domains Cloud Service for AD Clients Location: North Central US Name: ad-cloudservice. cloudapp. net Affinity Group: ADAG Location: North Central US Name: app-cloudservice. cloudapp. net Affinity Group: ADAG Deployment Virtual Network: ADVNET DNS Ips: (On-Premise AD IP) Virtual Machine Role Name: ad-dc Subnet: ADSubnet IP Address: 192. 168. 1. 4 Deployment DIP Virtual Network: My. VNET DNS Ips: 192. 168. 1. 4 Virtual Machine Role Name: advm 1 Subnet: App. Subnet IP Address: 192. 168. 2. 4

Contoso. com Active Directory Site to Site VPN Tunnel AD Authentication + On-Premises Resources Load Balancer Public IP

Contoso. com Active Directory Site to Site VPN Tunnel AD Authentication + On-Premises Resources AD Auth Load Balancer Public IP

DC 2 Timeline of events DC 1 TIME: T 1 Create Snapshot USN: 100 ID: A RID Pool: 500 - 1000 +100 users added TIME: T 2 USN rollback NOT detected: only 50 users converge across the two DCs 200 on one or the other DC All others. USN: are either DC 2 receives updates: USNs >100 RID Pool: 600 ID: Aprincipals 100 security (users in 1000 this example) with RIDs 500 -599 have conflicting SIDs DC 1(A) @USN = 200 TIME: T 3 T 1 Snapshot USN: 100 Applied! ID: A RID Pool: 500 - 1000 +150 more users created TIME: T 4 USN: 250 ID: A RID Pool: 650 - 1000 DC 2 receives updates: USNs >200 DC 1(A) @USN = 250

Windows Azure Asia US Windows Azure Virtual Networks HQ CORP

Questions? Thank you samueld@microsoft. com

#TESIA 205 Hands-On Labs Talk to our Experts at the TLC DOWNLOAD Windows Server 2012 Release Candidate DOWNLOAD Microsoft System Center 2012 Evaluation microsoft. com/windowsserver microsoft. com/systemcenter

Learning Connect. Share. Discuss. Microsoft Certification & Training Resources http: //europe. msteched. com www. microsoft. com/learning Tech. Net Resources for IT Professionals Resources for Developers http: //microsoft. com/technet http: //microsoft. com/msdn

Evaluations Submit your evals online http: //europe. msteched. com/sessions