Tag Archives: cloud

High availability federated authentication for Office 365 in Azure? Drootoo can help.

13 Comments
From your current on-premise IT infrastructure, you have decided to take baby steps and move to the cloud for taking advantage of the various benefits it affords in terms of expenditure treatment, optimal use of resources, lesser cost of operations, operational flexibility and a lot more. Email management with Exchange or other mail servers and their integration with the existing active directory, productivity applications, messaging and other communication applications has always needed more resources than felt necessary. Many organizations have hence made the leap to the cloud with Office 365 or Google Suite. Hence, the question as to how such domain users can be enabled to access Office on the cloud.
                From a web application perspective, it needs the users to be authenticated in order to access their data. When it is an enterprise web application, integration with the in-house identity management solution is called for. In Windows environments, this is the Active Directory. In Office 365, “choosing if identity management is configured between your on-premises organization and Office 365 is an early decision that is one of the foundations of your cloud infrastructure”. Please note that once the choice is made, reverting to another choice takes a lot of work in this regard. The various options including the scenarios they are suitable for is documented at https://docs.microsoft.com/en-us/office365/enterprise/about-office-365-identity
                Unless this is a trial of Office 365 or where there is No Active Directory or where there is a Very Complex On-Premises Active Directory that one doesn’t want to work with, the choice for large enterprises is to integrate Office 365 by using federated authentication. For a more detailed decision tree, please review the document at https://docs.microsoft.com/en-us/azure/security/azure-ad-choose-authn

 

It is always a good practice to test the desired implementation, and see for yourself the effort involved, whether it works with your environment, and how it all comes together. https://docs.microsoft.com/en-us/office365/enterprise/federated-identity-for-your-office-365-dev-test-environment has the steps to create the required test environment, along with configuration for the participating servers and O365 portal settings. Once testing is completed successfully, deployment options can be considered based on the usage of O365 services. In organizations with heavy usage of productivity and communication applications, ensuring high availability for that is a given. https://docs.microsoft.com/en-us/office365/enterprise/deploy-high-availability-federated-authentication-for-office-365-in-azure has the steps to deploy a high availability federated authentication for Office 365 in Azure.

 

The steps involve virtual machines in a single cross-premises Azure virtual network (VNet). Further, highly available Cross-Premises and VNet-to-VNet connectivity needs to be established. Towards this, one would expect the VPN gateway to handle that, however this is to be noted – “Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically, and resume the S2S VPN or VNet-to-VNet connections. The switch over will cause a brief interruption” – https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable

 

For establishing a dual-redundancy: active-active VPN gateways for both Azure and on-premises networks, you create and setup the Azure VPN gateway in an active-active configuration, and create (at least) two local network gateways and two connections for your (at least) two on-premises VPN devices with the result being a full mesh connectivity of (at least) 4 IPsec tunnels between your Azure virtual network and your on-premises network. The same active-active configuration can also be applied to Azure VNet-to-VNet connections by creating active-active VPN gateways for both virtual networks, and connecting them together to form the same full mesh connectivity of (at least) 4 tunnels between the two VNets.

 

How Drootoo makes this a Snap!?

With Drootoo core services, Provision Cloud Resources is a single, simplified section from where the required cloud resources on Azure can be created for this purpose of integrating on-premises and O365 for user authentication and identity management. Compute options can be used to create the desired VM instances, among the regions exposed by the cloud provider. Our Network options enable creation of Virtual Network, Gateway and VPN connections required to complete the task.

One also wonders whether this collection of configured options can be made available in a cloud resource template like that of AWS CloudFormation. Our new innovation, Drootoo Blueprint, is a  provider agnostic way to provision a collection of resources on the cloud. In this case, a single Drootoo Blueprint can be created with the required resources by the Active Directory and Network experts in an organization. It can be reviewed by the technology management chain of command. Once satisfied with the desired configuration, the Drootoo Blueprint can be Launched to provision the collection of resources on a single/ multiple/ mix of cloud service providers. The Drootoo Blueprint is available for reuse, along with options for version control.

Our future vision is to enable solution providers, system integrators and other organizations to create, share and reuse Drootoo Blueprints, thereby enabling organizations with limited technical resources to simply select and deploy the required cloud resource solutions for their businesses.

 

Do you know your cloud ?

1 Comment

Gartner_2017_State_Of_Cloud

Do you know your right #Cloud? #Gartner has recently published a Magic Quadrant for Cloud Infrastructure as a Service #IaaS, highlighting the various strengths of the public cloud providers.

#AWS: World market leader, common choice for strategic adoption appealing to customers that desire the broadest range of capabilities and long-term market leadership.

#MicrosoftAzure: Appeals to customers employing a multi-cloud strategy and are committed to #Microsoft technologies.

#GoogleCloud: Positioned as an “open” provider, emphasizing #portability as its key value proposition.

#AlibabaCloud: Market share leader in china, with an impressive ecosystem of managed service providers and #ISVs.

Source: Magic Quadrant for Cloud Infrastructure as a Service, Worldwide.

With #Drootoo unified cloud platform, we enable a network across different hyperscale cloud providers. The single interface, seamless integration of these cloud providers by Drootoo will allow you to break out of a non-networked silo and enjoy a host of possibilities for your business with a scaleout infrastructure architecture.

drootoo_architecture

Reach out to us if you will like to find out more! https://drootoo.com/contact.html or mail us at [email protected]

How the cloud is evolving ?

4 Comments

From the 1940s the world had been transformed by the different generations of computer technology . There had been massive paradigm shifts in the fifth generation on how computing is performed. From large centralized  mainframes to the PC -internet era ushering in democratization of computing power to the current mobile and cloud era.

Distributed computing had been used for some time and web hosting had been a popular technology to serve information on internet through web applications on browsers .  There had been evolution in the forms of peer to peer ,network ,client-server and grid computing . However in mid 2000 cloud computing took shape in form of NASA’s Open Nebula and Amazon AWS .Cloud computing had been divided into 3 parts public , private and hybrid computing. Public cloud is where services are rendered over a network that is open for public to use. It gives the option to consume compute ,storage , platform  ,networking and other resources to be consumed from a remote location .

Since 2006 when the term CLOUD was officially used with the introduction of Elastic Compute Cloud  by amazon , there had been a paradigm shift towards the the way IT is consumed. This helped businesses to move from a traditional IT CAPEX model  to OPEX subscription model.  However public cloud did not get picked up in the same manner as it was expected by 2010’s . The main concerns for businesses were security , compliance , governance ,knowledge competency and vendor lockin issues.

To mitigate the risks related to public cloud there was evolution of the strategy of private and hybrid clouds . This again required businesses to rely on building and maintaining  of on premise datacenter to host private cloud or backup environments. The mix of public ,private and hybrid cloud strategy increased the cost of IT as a mix of capex and opex was always going to be on the higher end and tough to control.

However in 2015 the public cloud technology has evolved to be more robust with public cloud providers  securing their systems  and addressing challenges of public cloud consumption. The market had seen more strong players entering the scene like Microsoft , GOOGLE , IBM , Rackspace , Red Hat and Oracle .  This gives rise to the next level of paradigm shift in cloud computing  to have businesses adopt a true public cloud strategy . This is  Multi Cloud Computing .

Multi Cloud Computing helps businesses to have complete 100 % datacenter hardware free  IT operations. You can use the public cloud where you can run your production with one cloud vendor and your test/dev environment with another. You can use public cloud itself as your high availability and disaster recovery strategy rather than having an on premise setup . Even distributed environment can be used for the purpose of expanding businesses in geographies where one cloud provider is not present . Even super computing power can be leveraged through a multi cloud model to gain high performance and optimized cost for projects like genome sequencing , simulating big bang theory , understanding earthquakes,mapping the blood stream , predicting climate changes  or even testing weapon systems.

At DROOTOO we are providing a seamless unified cloud platform to businesses to have a smart and secure way of performing multi cloud computing. This is the true democratization of cloud computing era !