windows azure active directory: identity management in the cloud
DESCRIPTION
Windows Azure Active Directory provides easy-to-use, multi-tenant identity management services for applications running in the cloud and on any device and any platform. Originally created to support Office 365 it is now available as an Azure service. On November 28th, 2012 Microsoft shared that Windows Azure Active Directory (AD) has processed 200 BILLION authentications. “At Microsoft, we have been on a transformative journey to cloud computing and we have been working with customers every step of the way. Millions of customers have embraced the cloud and we are excited to share the news that we’ve reached a major milestone in cloud scale computing. Since the inception of the authentication service on the Windows Azure platform in 2010, we have now processed 200 BILLION authentications for 50 MILLION active user accounts. In an average week we receive 4.7 BILLION authentication requests for users in over 420 THOUSAND different domains. This is a massive workload when you consider others in the industry are attempting to process 7B logins per year, Azure processes close to that amount in a week. These numbers sound big right? They are. To put it into perspective, in the 2 minutes it takes to brew yourself a single cup of coffee, Windows Azure Active Directory (AD) has already processed just over 1 MILLION authentications from many different devices and users around the world. Not only are we processing a huge number of authentications but we’re doing it really fast! We respond to 9,000 requests per second and in the U.S. the average authentication takes less than 0.7 seconds. That’s faster than you can get your coffee from your cup and into your mouth! (Do not attempt this at home :-))!” In this session we will take a tour of Windows Azure Active Directory to learn about its capabilities, interfaces and supported scenarios, and understand how you can take advantage of the features in your application.TRANSCRIPT
Windows Azure Active Directory: Identity Management in the cloud
Chris Dufour, ASP .NET MVP
Software Architect, Compuware
Follow me @chrduf
http://www.linkedin.com/in/cdufour
NET349
Agenda
• What is Active Directory (AD) • What’s the problem?• What is Windows Azure Active Directory?• Create and Publish an Application to the Cloud
What is Active Directory (AD)
• Directory system created by Microsoft in 1999• Provides a central location for network administration and
security• Makes use of Lightweight Directory Access Protocol (LDAP)
versions 2 and 3, Kerberos and DNS• Most popular directory system in use by organizations
Problem
Cloudapp
Cloudapp
Cloudapp
AD
While enterprises working to consolidate identity system on-premises, cloud apps are fragmenting identity… again
Separate username/password sign-in Manual or semi-automated provisioning
No direct connection to directory
Anatomy of a Typical Cloud Application
Clients using wide variety of devices/languages/platforms
Browser
Mobile App
Server App
Web Application
Account and profile
store
Web Service API
Server applications using wide variety of platforms/languages
What is Windows Azure Active Directory?
• Service that provides identity and access capabilities for on-premises and cloud applications
• Extension of Active Directory into the cloud• Built concurrently with Office 365• Provides integration of applications with Azure AD to
provide single sign-on• Designed primarily to meet the needs of cloud applications
Released to production April 8, 2013
• Processed over 265 Billion authentications since 2010• 2.9 million businesses, government bodies and schools are
already enjoying the benefits of Windows Azure Active Directory, using it to manage access to Office365, Dynamics CRM online, Windows Intune and Windows Azure
• Over the last 90 days, Windows Azure AD has processed over 65 billion authentication requests while maintaining 99.97% or better monthly availability.
Source: http://bit.ly/13UZ1mS
Identity Management as a Service
• Consolidate identity management across cloud apps
• Connect to directory from any platform, any device
• Connect with people from web identity providers and other organizations
Design Principles
• Maximize device and platform reach http/web/REST based protocols
• Multi-tenancy Customer owns directory, not Microsoft
• Optimize for availability, consistent performance and scale Keep it simple
Identity Types
Cloud Identity• Separate credential from
corporate credential• Authentication occurs via
cloud service• Password policy stored in
the cloud
Federated Identity• Same credential as
corporate credential• Authentication occurs via
on-premises ADFS• Password policy stored on-
premises• Requires directory
synchronization
Relationship to Windows Server AD
• On-premises and cloud Active Directory managed as one
• Directory information synchronized to cloud, made available to cloud apps via roles-based access control
• Federated authentication enables single sign on to cloud applications
Anatomy of Windows Azure Active Directory
Graph API
OAuth2
SAML-P
WS-Federation
Metadata
Fabricam Tenant
Windows Azure Active DirectoryCloudapp
Dir
Sync
Compuware Tenant
Cloudapp
AD
EastTorontoUG Tenant
Directory Graph API
• RESTful programmatic access to directory Objects such as users, groups, roles, licenses Relationships such as member, memberOf, manager, directReport
• Requests use standard HTTP methods POST, GET, PATCH, DELETE to create, read, update, and delete Response in XML or JSON; standard HTTP status codes Compatible with OData 3.0
• OAuth 2.0 for authentication Role-based assignment for application and user authorization
Create an Application For Your Organization
1. Get developer prerequisites for Windows Azure AD Visual Studio 2012 Web Tools Extensions for Visual Studio 2012 Microsoft ASP.NET Tools for Windows Azure Active Directory – Visual
Studio 2012
2. Get a Windows Azure AD tenant to test your app
3. Integrate your app with Windows Azure AD
4. Test your application
5. Publish your application to Azure Websites (optional)
DemoCreate and Publish an Application to the Cloud
Next Steps
• Get a Windows Azure Active Directory tenant• Integrate your application with Windows Azure Active
Directory• Publish your application to Azure Websites
Resources
• Free Windows Azure Active Directory Tenanthttp://bit.ly/18mpaOZ
• Sign in to Windows Azure Active Directoryhttp://bit.ly/1aq3rCn
• Graph Explorerhttp://bit.ly/11XJnt2
• Windows Azurehttp://bit.ly/19gEMT9
• Manage Windows Azure Active Directory by using Windows PowerShellhttp://bit.ly/10B8Mm1
Resources
• Visual Studio Express 2012http://bit.ly/16ZC9Wx
• Web Tools Extensions for Visual Studio 2012http://bit.ly/ZoefBA
• Web Tools Extensions for Visual Studio Express 2012http://bit.ly/12YaxwS
• Microsoft ASP.NET Tools for Windows Azure Active Directory – Visual Studio 2012 http://bit.ly/14Wzh9k
• Microsoft ASP.NET Tools for Windows Azure Active Directory – Visual Studio Express 2012 for Web http://bit.ly/16keQr7
Thank You
Please fill out an evaluation for this talk
Windows Azure Active Directory: Identity Management in the cloud - NET349