Microsoft Services Connector -- Connecting Active Directory To Cloud Service

40 %
60 %
Information about Microsoft Services Connector -- Connecting Active Directory To Cloud...
Technology

Published on January 14, 2009

Author: jthelin

Source: slideshare.net

Description

Learn how to augment your existing IT infrastructure with Microsoft Services. Manage and secure end-user access to cloud services using your existing investment in Active Directory. Enable end users to access Microsoft services through existing Active Directory accounts, the same way they access your intranet-hosted software today. Hear how to enable existing software to use new service capabilities without re-writes, and do it all through the use of open and standard protocols.
TechEd EMEA 2008 - Session IDA306

 

Connecting Active Directory To Cloud Services Jorgen Thelin Senior Program Manager Microsoft Corporation Session Code: IDA306

Session Code: IDA306

Agenda Connecting Active Directory To Cloud Services Identity Challenges from Cloud Services Microsoft Services Connector Microsoft Federation Gateway Next Steps

Identity Challenges from Cloud Services

Microsoft Services Connector

Microsoft Federation Gateway

Next Steps

Microsoft Identity Software + Services One identity model that puts users in control of their identities Live Framework Live Identity Services .Net Access Control Service “ Geneva” Framework Windows CardSpace “Geneva” “ Geneva” Server Microsoft Federation Gateway Microsoft Services Connector Active Directory Software Services Claims-Based Access Standards Based Enhances Productivity Flexibility via Choice

Identity Challenges Different security zones Intranet Traveling employees Partner extranet Internet enabler with federation More work for Sys Admins Multiple islands of identity Your organization Partners Customers Identity can be a barrier Less Services Revolution

Different security zones

Intranet

Traveling employees

Partner extranet

Internet

Multiple islands of identity

Your organization

Partners

Customers

Identity can be a barrier

Federated Ecosystem Benefits from making federated identity work Open participation -- based on industry standards WS-Federation / SAML Linking service providers and service consumers Access to more customers : Windows Live ID users Other organizations using federated identity Access to more service / application providers : Microsoft cloud applications Developers using Azure Services Platform Developers using other hosting platforms

Open participation -- based on industry standards

WS-Federation / SAML

Linking service providers and service consumers

Access to more customers :

Windows Live ID users

Other organizations using federated identity

Access to more service / application providers :

Microsoft cloud applications

Developers using Azure Services Platform

Developers using other hosting platforms

Switching to Cloud Services Exchange Microsoft Online Microsoft Dynamics CRM Online Windows Live ISV App SharePoint Live Mesh Cloud Live Identity Service Active Directory Enterprise On-Premises Enterprise Apps ISV App Typical IT Requests: Outsource service to cloud-based delivery Move application to cloud hosting Use a new cloud-service Challenge: How to switch to cloud services without scrapping your existing identity infrastructure ? Azure Services Platform

Typical IT Requests:

Outsource service to cloud-based delivery

Move application to cloud hosting

Use a new cloud-service

Federated Identity Relationships Point-to-Point Work, work, work! Work, work, work! Fabrikam Inc. Service Provider Service Provider Service Provider Fabrikam Services Customer Customer Customer

Federated Identity Relationships Hub and Spoke Businesses federate once to connect to any  service Services providers federate once to connect to any  business Fabrikam Inc. Service Provider Service Provider Service Provider Fabrikam Services Customer Customer Customer Federation Hub Federation Hub

Businesses federate once to connect to any  service

Services providers federate once to connect to any  business

Solution: Easy Federated Identity Microsoft Federation Gateway Hub and spoke model  simplified trust management for enterprises & service providers Production deployment since 2006 Now supports self-service federation provisioning Microsoft Services Connection Connects Active Directory to Federation Gateway and Cloud services / applications Simple 1-time federation setup – auto-provisioning Flexible and customizable end -user experience Free download Objective: Switch to cloud services without changing your existing identity infrastructure

Microsoft Federation Gateway

Hub and spoke model

 simplified trust management for enterprises & service providers

Production deployment since 2006

Now supports self-service federation provisioning

Microsoft Services Connection

Connects Active Directory to Federation Gateway and Cloud services / applications

Simple 1-time federation setup – auto-provisioning

Flexible and customizable end -user experience

Free download

Federated Enterprise Software & Service Topology Microsoft Federation Gateway Live Identity Service Exchange ISV Apps SharePoint Active Directory Enterprise On-Premises Microsoft Services Connector Microsoft Online Microsoft Dynamics CRM Online Windows Live Live Mesh Cloud ISV Apps Enterprise Apps Employee Browser Office Apps Azure Services Platform

Microsoft Services Connector Installation & Setup

Microsoft Services Connector Setup Connects Active Directory to Federation Gateway and Cloud services / applications One-time federation setup – auto-provisioning Domain ownership proved with SSL certificate from trusted CA Registers enterprise domain, sign-in endpoint, and signing key(s) On-going federation management tasks automated Enterprise Server Apps Microsoft Services Connector Active Directory Microsoft Federation Gateway Cloud Applications Developer Services

Connects Active Directory to Federation Gateway and Cloud services / applications

One-time federation setup – auto-provisioning

Domain ownership proved with SSL certificate from trusted CA

Registers enterprise domain, sign-in endpoint, and signing key(s)

On-going federation management tasks automated

Microsoft Services Connector Accessing federated resources from inside corporate network

Microsoft Federation Gateway Accessing Services User clicks link -- taken to Microsoft Services Connector for authentication Services Connector validates credentials with Active Directory Services Connector issues login token and redirects to Federation Gateway Desktop Browser Office Apps Enterprise Microsoft Services Connector Active Directory Microsoft Federation Gateway Cloud Applications Developer Services Federation Gateway validates token and transforms claims Federation Gateway issues service token and redirects to service User accesses service

User clicks link -- taken to Microsoft Services Connector for authentication

Services Connector validates credentials with Active Directory

Services Connector issues login token and redirects to Federation Gateway

Federation Gateway validates token and transforms claims

Federation Gateway issues service token and redirects to service

User accesses service

Microsoft Federation Gateway Info for enterprises: Microsoft Services Connector Built on core “Geneva” technology Upgrade path to “Geneva” Server Works for businesses without AD – BYO (Bring Your Own) Protocols: WS-*, SAML later Tokens: SAML Info for relying services: Frameworks: .NET, “Geneva”, Live Messaging: WS-*, SAML , Live Tokens: SAML, Live

Info for enterprises:

Microsoft Services Connector

Built on core “Geneva” technology

Upgrade path to “Geneva” Server

Works for businesses without AD – BYO (Bring Your Own)

Protocols: WS-*, SAML later

Tokens: SAML

Info for relying services:

Frameworks: .NET, “Geneva”, Live

Messaging: WS-*, SAML , Live

Tokens: SAML, Live

Microsoft Services Connector Accessing federated resources from outside corporate network

Deployment Options Enterprise Microsoft Services Connector Active Directory DMZ Services Connector Proxy External user Internal user Range of network infrastructures: Single server, Server farm, Proxy server Active Directory: Single domain, Single forest, Multiple forests

Range of network infrastructures: Single server, Server farm, Proxy server

Active Directory: Single domain, Single forest, Multiple forests

Benefit: Reduced Federation Costs Federation Gateway & Services Connector provides: Fewer federation relationships to configure Protects corporate account security No new user accounts needed No extra passwords for users to forget!  Happier systems administrators! 

Federation Gateway & Services Connector provides:

Fewer federation relationships to configure

Protects corporate account security

No new user accounts needed

No extra passwords for users to forget!

 Happier systems administrators! 

How You Get It Microsoft Services Connector Community Tech Preview (CTP) available now : http://www.microsoft.com/servicesconnector Beta in early 2009 Microsoft Federation Gateway Already in Production since 2006 Whitepaper: http://go.microsoft.com/fwlink/?LinkID=111692 Easy 2-step on-boarding with Microsoft Services Connector BYI on-boarding document: http://go.microsoft.com/fwlink/?LinkID=131673 We want your feedback ! CTP Feedback Forum: http://connect.microsoft.com/servicesconnector

Microsoft Services Connector

Community Tech Preview (CTP) available now : http://www.microsoft.com/servicesconnector

Beta in early 2009

Microsoft Federation Gateway

Already in Production since 2006

Whitepaper: http://go.microsoft.com/fwlink/?LinkID=111692

Easy 2-step on-boarding with Microsoft Services Connector

BYI on-boarding document: http://go.microsoft.com/fwlink/?LinkID=131673

We want your feedback !

CTP Feedback Forum: http://connect.microsoft.com/servicesconnector

Summary Call-to-action Federated identity makes switching to Cloud services easier: Microsoft Federation Gateway for federation of both enterprises and services Microsoft Services Connector extends AD into the Cloud - just a 2-step on-boarding process Try the Microsoft Services Connector CTP now & sign up for early 2009 Beta release

Federated identity makes switching to Cloud services easier:

Microsoft Federation Gateway for federation of both enterprises and services

Microsoft Services Connector extends AD into the Cloud - just a 2-step on-boarding process

Try the Microsoft Services Connector CTP now & sign up for early 2009 Beta release

 

 

With an amazing line up of international speakers, there are even more chances to win an evaluation prize! So make sure you submit feedback for all the sessions you attend! Don’t forget to complete your session feedback forms via the CommNet terminals or the Registered Delegate Pages for your chance to win a HTC Touch Dual! http://www.microsoft.com/emea/teched2008/itpro/feedback.aspx Now extended from 2 to 24 hours after session for more chance to WIN

© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Add a comment

Related presentations

Related pages

Connecting Active Directory To Microsoft Cloud Services

Microsoft Services Connector. Active Directory. ... to a cloud service . ... Connecting Active Directory To Microsoft Cloud Services
Read more

Power BI Analysis Services Connector Deep Dive | Microsoft ...

... Power BI Analysis Services Connector ... Connector. Live Connecting to Analysis Service ... Services Server queries Active Directory ...
Read more

Download Microsoft Azure Active Directory Connect from ...

Azure AD Connect allows you to ... across on-premises or cloud-based services leveraging Windows Server Active Directory and then connecting to ...
Read more

Azure Active Directory Connection | Microsoft Connect

Azure Active Directory Connection Home. ... You must also deploy Active Directory Federation Services ... and enable the Device Registration Service ...
Read more

Active Directory Connector Part 2 | The Official System ...

... Cloud Security; Ask Directory Services; Active ... in Active Directory. When someone using Service ... Active Directory Connector ...
Read more

Connecting to Active Directory (Windows) - msdn.microsoft.com

There are several methods used to access Active Directory. ... Active Directory Service ... The Fabrikam Corporation Connecting to Active Directory.
Read more

Connecting On-Premises Servers to Microsoft Azure Roles ...

... applications to the cloud. ... or domain-join Windows Azure services to an on-premises Active Directory ... Azure Roles with Microsoft ...
Read more

Online Services - technet.microsoft.com

Technical library and product documentation for Microsoft Online Services. ... Azure Active Directory Microsoft cloud services today ... service that lets ...
Read more

Active Directory - Access & identity - IDaaS | Microsoft Azure

Identity and access management for the cloud. Azure Active Directory is a comprehensive identity and access management cloud solution that provides a ...
Read more