Packt+ | Advance your knowledge in tech

You're reading from Mastering Identity and Access Management with Microsoft Azure

Product typeBook

Published inSep 2016

Reading LevelIntermediate

PublisherPackt

ISBN-139781785889448

Edition1st Edition

Languages

PowerShell

Tools

Azure

Concepts

Networking

Author (1)

Jochen Nickel

Chapter 5. Shifting to a Hybrid Scenario

After discussing and implementing a cloud-only identity strategy we will explore some necessary information for a transition process into a hybrid IAM architecture with a single or multi forest On-Premise Active Directory environment. In this chapter, we describe the architecture changes and relevant tasks that need to be applied to provide a successful solution shift. This chapter provides you with the big picture; it will be filled with these details in related chapters:

Identifying the business drivers and changes for a hybrid move
Special handling for moving to a multi forest Active Directory environment
Describing the architecture and needed changes

Identifying business drivers and changes for a hybrid move

There are many reasons why a company needs or wants to move to a hybrid IAM strategy. The first relevant argument is that such a strategy builds the base infrastructure to support all other cloud solutions by providing authentication and authorization over company borders. Another very important side-effect is that you start to support new services and workloads. Furthermore, to be realistic, most companies drive their own On-Premise infrastructure, which needs to be integrated and added with additional functionality to support different cloud scenarios. Typical questions you will receive are:

Does the company need to support different cloud delivery models such as SaaS or PaaS?
Does the company need to support legacy applications or do they try to move them to the cloud?
Does the company need a central solution to manage On-Premise and cloud services at the same time?
Does the company need to integrate external identities to work with...

Special handling for moving to a multi-forest Active Directory environment

Microsoft provides three main integration scenarios that can be used standalone or combined in a hybrid IAM architecture. The first scenario builds the cloud identity scenario which we have already discussed and implemented in the first chapters of the book. The next two scenarios are:

Synchronized Identities: Azure AD Connect with password synchronization
Federated Identities: Azure AD Connect and ADFS for federation and local passwords will be used

As you can see, the Azure AD Connect tool is always required for any hybrid scenario you drive. So we need to start the supported topologies so that you can move to a single or multi forest scenario combined with single or multiple Azure Active Directories.

Supported topologies

The following topologies are supported by Microsoft:

Single Forest mapped to single Azure AD
This scenario is a commonly used one. Single forest and a single instance of Azure AD. For this scenario...

Describing architectures and needed changes

In this section, we will describe different architectures including the needed changes in big picture scenarios. In particular, we will discuss the integration of On-Premise applications with the whole authentication and authorization strategy. Furthermore, we start to take the first steps in the hybrid usage of MFA and Azure Rights Management Services (RMS) with typical examples.

Authentication integration

Azure AD provides the capability to integrate On-Premise applications with the Azure Active Directory Application proxy service. To use these capabilities, you just need to install the dependent module, the application proxy connector on your existing Windows Server 2012 R2 Web Application proxy server. With this installation and the necessary configuration, you have taken the first step in this hybrid authentication solution. The following figure shows this scenario to provide you with a better idea about this concept:

Note

The Azure Active Directory...

Summary

Now that you have finished working through this chapter, you will be able to identify some business drivers, feature sets, and architecture changes involved in stepping into a hybrid IAM scenario. You are also in a position to handle the special requirements of a hybrid approach with a single or multi forest On-Premise Active Directory. Remember that this chapter just provides overview information. However, don't worry, as we will get into all the details in the next couple of chapters.

The rest of the chapter is locked

You have been reading a chapter from

Mastering Identity and Access Management with Microsoft Azure

Published in: Sep 2016Publisher: PacktISBN-13: 9781785889448

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

undefined

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $15.99/month. Cancel anytime

Author (1)

Jochen Nickel

Jochen Nickel is a Cloud, Identity and Access Management Solution Architect with a clear focus and in-depth technical knowledge of Identity and Access Management. He is currently working for inovit GmbH in Switzerland leading and executing projects in the field of Identity and Access Management including Data Classification and Information protection. Jochen is focused on Microsoft Technologies, especially in the Enterprise Mobility + Security Suite, Office 365 and Azure. He is an established speaker at many technology conferences like Azure Bootcamps, TrustInTech Meetups or the Experts Live Switzerland and Europe.
Read more about Jochen Nickel

Personalised recommendations for you

Based on your interests and search pattern

Designing and Implementing Microsoft Azure Networking Solutions

Designing and Implementing Microsoft Azure Networking Solutions Exam Ref AZ-700 is an all-encompassing guide to the AZ-700 exam and contains all the information you need to succeed in the world of virtual networking with Azure. With this book, you will be fully prepared for the exam and the world of cloud networking.

BookAug 2023524 pages

Microsoft 365 Security, Compliance, and Identity Administration

The Microsoft 365 Security, Compliance, and Identity Administration is a comprehensive guide that helps you employ Microsoft 365's robust suite of features and empowers you to optimize your administrative tasks.

BookAug 2023630 pages

Zero Trust Overview and Playbook Introduction

Get started on Zero Trust with this step-by-step playbook and learn everything you need to know for a successful Zero Trust journey with tailored guidance for every role, covering strategy, operations, architecture, implementation, and measuring success. This book will become an indispensable reference for everyone in your organization.

BookOct 2023240 pages

The Self-Taught Cloud Computing Engineer

This self-study book helps you master multiple clouds, including AWS, Azure, and GCP, and serves as a roadmap to becoming a certified cloud computing expert. The book will guide you to develop a professional cloud career by helping you build a broad cloud knowledge base, developing hands-on cloud computing skills, and getting cloud certified.

BookSep 2023472 pages

Technology Operating Models for Cloud and Edge

This book will help you build and create ownership of a technology operating model, as well as connect your leadership with engineering and operations, keeping your internal and external customers in mind. It provides practical tips on why, where, and how to make the cloud and edge platform paradigm sing for you, your team, and your organization.

BookAug 2023228 pages

Azure Architecture Explained

Azure is the preferred platform to build mission-critical and secure apps. This book provides comprehensive coverage of essential Azure products, services, and solutions vital for every solution architect's success. Elevate your knowledge and master the critical components of Azure to excel in your role with Azure Architecture Explained.

BookSep 2023446 pages

Pentesting Active Directory and Windows-based Infrastructure

This practical guide helps you explore the pentesting of Microsoft infrastructure in detail, and enhances your offensive skillset by showing you the different ways to perform security assessment. This book will help blue teamers and IT engineers get up to speed with possible security issues they may encounter in their Windows environments.

BookNov 2023360 pages

Practical Ansible

In Practical Ansible, you'll work with the latest release of Ansible and learn to solve complex issues quickly with the help of task-oriented scenarios. You'll start by installing and configuring Ansible to automate monotonous and repetitive IT tasks and get to grips with concepts such as playbooks, inventories, plugins, collections, and network modules.

BookSep 2023420 pages

Windows 11 for Enterprise Administrators

Microsoft’s launch of Windows 11 is a step toward satisfying the enterprise administrator’s needs for better management and enhanced user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 11 Enterprise.

BookOct 2023286 pages

The Linux DevOps Handbook

This book is for software and IT professionals seeking knowledge on Linux systems and DevOps practices. This book will provide you with guidance and tools to learn and gain proficiency in managing Linux-based infrastructures and knowledge of DevOps.

BookNov 2023428 pages2