Windows Azure Active Directory provides easy-to-use, multi-tenant identity management services for applications running in the cloud and on any device and any platform. Originally created to support Office 365 it is now available as an Azure service. On November 28th, 2012 Microsoft shared that Windows Azure Active Directory (AD) has processed 200 BILLION authentications.
“At Microsoft, we have been on a transformative journey to cloud computing and we have been working with customers every step of the way. Millions of customers have embraced the cloud and we are excited to share the news that we’ve reached a major milestone in cloud scale computing. Since the inception of the authentication service on the Windows Azure platform in 2010, we have now processed 200 BILLION authentications for 50 MILLION active user accounts. In an average week we receive 4.7 BILLION authentication requests for users in over 420 THOUSAND different domains. This is a massive workload when you consider others in the industry are attempting to process 7B logins per year, Azure processes close to that amount in a week.
These numbers sound big right? They are. To put it into perspective, in the 2 minutes it takes to brew yourself a single cup of coffee, Windows Azure Active Directory (AD) has already processed just over 1 MILLION authentications from many different devices and users around the world. Not only are we processing a huge number of authentications but we’re doing it really fast! We respond to 9,000 requests per second and in the U.S. the average authentication takes less than 0.7 seconds. That’s faster than you can get your coffee from your cup and into your mouth! (Do not attempt this at home :-))!”
In this session we will take a tour of Windows Azure Active Directory to learn about its capabilities, interfaces and supported scenarios, and understand how you can take advantage of the features in your application.
Windows Azure Active Directory: Identity Management in the Cloud
1. Windows Azure Active Directory:
Identity Management in the cloud
Chris Dufour, ASP .NET MVP
Software Architect, Compuware
Follow me @chrduf
http://www.linkedin.com/in/cdufour
NET349
2. Agenda
• What is Active Directory (AD)
• What’s the problem?
• What is Windows Azure Active Directory?
• Create and Publish an Application to the Cloud
3. What is Active Directory (AD)
• Directory system created by Microsoft in 1999
• Provides a central location for network administration and
security
• Makes use of Lightweight Directory Access Protocol
(LDAP) versions 2 and 3, Kerberos and DNS
• Most popular directory system in use by organizations
4. Problem
AD
While enterprises working to consolidate identity system on-
premises, cloud apps are fragmenting identity… again
Separate username/password sign-in
Manual or semi-automated provisioning
No direct connection to directory
5. Anatomy of a Typical Cloud Application
Clients using wide variety of
devices/languages/platforms
Browser
Mobile App
Server App
Web Application
Account and
profile store
Web Service API
Server applications using wide
variety of platforms/languages
6. What is Windows Azure Active Directory?
• Service that provides identity and access capabilities for
on-premises and cloud applications
• Extension of Active Directory into the cloud
• Built concurrently with Office 365
• Provides integration of applications with Azure AD to
provide single sign-on
• Designed primarily to meet the needs of cloud applications
7. Released to production April 8, 2013
• Processed over 265 Billion authentications since 2010
• 2.9 million businesses, government bodies and schools are
already enjoying the benefits of Windows Azure Active
Directory, using it to manage access to Office365,
Dynamics CRM online, Windows Intune and Windows
Azure
• Over the last 90 days, Windows Azure AD has processed
over 65 billion authentication requests while maintaining
99.97% or better monthly availability.
Source: http://bit.ly/13UZ1mS
8. Identity Management as a Service
• Consolidate identity
management across cloud apps
• Connect to directory from any
platform, any device
• Connect with people from web
identity providers and other
organizations
9. Design Principles
• Maximize device and platform reach
http/web/REST based protocols
• Multi-tenancy
Customer owns directory, not Microsoft
• Optimize for availability, consistent performance and scale
Keep it simple
10. Identity Types
Cloud Identity
• Separate credential from
corporate credential
• Authentication occurs via
cloud service
• Password policy stored in
the cloud
Federated Identity
• Same credential as
corporate credential
• Authentication occurs via
on-premises ADFS
• Password policy stored on-
premises
• Requires directory
synchronization
11. Relationship to Windows Server AD
• On-premises and cloud Active
Directory managed as one
• Directory information
synchronized to cloud, made
available to cloud apps via roles-
based access control
• Federated authentication enables
single sign on to cloud
applications
13. Directory Graph API
• RESTful programmatic access to directory
Objects such as users, groups, roles, licenses
Relationships such as member, memberOf, manager, directReport
• Requests use standard HTTP methods
POST, GET, PATCH, DELETE to create, read, update, and delete
Response in XML or JSON; standard HTTP status codes
Compatible with OData 3.0
• OAuth 2.0 for authentication
Role-based assignment for application and user authorization
14. Create an Application For Your Organization
1. Get developer prerequisites for Windows Azure AD
Visual Studio 2012
Web Tools Extensions for Visual Studio 2012
Microsoft ASP.NET Tools for Windows Azure Active Directory – Visual
Studio 2012
2. Get a Windows Azure AD tenant to test your app
3. Integrate your app with Windows Azure AD
4. Test your application
5. Publish your application to Azure Websites (optional)
16. Next Steps
• Get a Windows Azure Active Directory tenant
• Integrate your application with Windows Azure Active
Directory
• Publish your application to Azure Websites
17. Resources
• Free Windows Azure Active Directory Tenant
http://bit.ly/18mpaOZ
• Sign in to Windows Azure Active Directory
http://bit.ly/1aq3rCn
• Graph Explorer
http://bit.ly/11XJnt2
• Windows Azure
http://bit.ly/19gEMT9
• Manage Windows Azure Active Directory by using Windows PowerShell
http://bit.ly/10B8Mm1
18. Resources
• Visual Studio Express 2012
http://bit.ly/16ZC9Wx
• Web Tools Extensions for Visual Studio 2012
http://bit.ly/ZoefBA
• Web Tools Extensions for Visual Studio Express 2012
http://bit.ly/12YaxwS
• Microsoft ASP.NET Tools for Windows Azure Active Directory – Visual
Studio 2012
http://bit.ly/14Wzh9k
• Microsoft ASP.NET Tools for Windows Azure Active Directory – Visual
Studio Express 2012 for Web
http://bit.ly/16keQr7
19. Thank You
Please fill out an evaluation for this talk
Windows Azure Active Directory:
Identity Management in the cloud - NET349