That’s right Cloud AD as a services. A fully managed domain by Microsoft : Azure AD Domain Services to manage Azure IaaS workloads.
Azure AD Domain Services It’s a cloud based service which gives you a fully Windows Server Active Directory compatible set of API’s and protocols, delivered as a managed Azure service.
You don’t need to provision a Virtual Machine running Domain Controller on Azure as a IaaS anymore and have those domain controllers synchronize to their on-premises Active Directory servers using a VPN/Expressroute connection.
You can now turn on support for all the critical directory capabilities your application and server VM’s need, including Kerberos, NTLM, GROUP POLICY and LDAP.
For scenarios like Disaster Recovery and hybrid cloud deployments, it is just perfect. It means a full value of Windows Server AD in the cloud domain, without having to deploy, manage, monitor and patch domain controllers.
There are many scenarios that can be explored with this new feature.
You can enable Azure AD Domain Services for any existing Azure AD tenant – the same tenant you use with Office 365 or other SaaS applications. Azure AD Domain Services are available now.
For pricing, please check : http://azure.microsoft.com/pricing/details/active-directory-ds/
- You already deployed Azure AD Connect (to sync identity information from the on-premises Active Directory to your Azure AD tenant. This includes user accounts, their credential hashes for authentication (password sync) and group memberships)
- Create the ‘AAD DC Administrators’ group and then add all users who need to be administrators on the managed domain to it. These administrators will be able to join machines to the domain and to configure group policy for the domain.
- Configure the Network. Select or create the Azure virtual network you’d like to make domain services available in. Ensure the following:
- The virtual network belongs to a region supported by Azure AD Domain Services. See the region page for details.
- Ensure the virtual network is a regional virtual network and doesn’t use the legacy affinity groups mechanism.
- Ensure your workloads deployed in Azure Infrastructure services are connected to this virtual network
- Enable Azure AD Domain Services for your Azure AD tenant, by going to the Configure tab of your Directory, selecting Yes on ‘Enable Domain Services for This Domain’, specifying the domain name and selecting the Azure Virtual Network. Click on Save to confirm.
- Update DNS settings for the Azure virtual network to point to the new IP address of the Azure AD Domain Services you just enabled.
- Enable synchronization of legacy credential hashes to Azure AD Domain Services. This is a required step. By default, Azure AD does not store the credential hashes required for NTLM/Kerberos authentication. You need to populate these credential hashes in Azure AD so users can use them to authenticate against the domain.
A few salient aspects of the managed domain that is provisioned by Azure AD Domain Services are as follows:
- This is a stand-alone managed domain. It is NOT an extension of your on-premises domain.
- You won’t need to manage, patch or monitor this this managed domain.
- There is no need to manage AD replication to this domain. User accounts, group memberships and credentials from your on-premises directory are already synchronized to Azure AD via Azure AD Connect.
- Since the domain is managed by Azure AD Domain Services, there is no Domain Administrator or Enterprise Administrator privileges on this domain.
Reluctance to experiment: Why Companies Struggle With Business Model Innovation
After a brief summer hiatus, we are back and blogging! As we describe in the recent blog post on HBR Network, innovation success stories are all strikingly similar: a bright idea, supported by a zealot-innovator who sees it through. The windfall of goodies follows. But failures happen for all sorts of reasons, and they often occur even when the idea is sound.
View original post 739 more words
Innovation: Identifying new business opportunities
On this blog, we often share examples of firms that have successfully innovated their business model. While most find these examples inspiring, we often get asked if there is a toolkit or a step-by-step way for firms to innovate themselves along these lines. In our executive teaching, managers routinely want to take “home” a toolkit so that they could transform their companies in the same way as Rolls-Royce did. Our MBA students, often ask us for techniques so that they could become Renaissance Entrepreneurs, a la Michael Dell or Amancio Ortega. This is exactly what we have been working on in our research– the renaissance innovation method.
View original post 394 more words
High availability and disaster recovery are key components of an Enterprise’s IT environment. Disaster recovery should not be seen as an “IT Pro” business enabler, but something that is of vital importance to any organization.
All the above is valid when talking about local datacenters, MPLS networking connections, fibre channel interfaces between servers and storage solutions… but what happens when your virtual machines are “somewhere in the cloud”? How do you deal with disaster recovery in that case? Or even better, what about using “the cloud” as your disaster-recovery solution?
To find out, don’t miss our upcoming webinars, presented by MVP & MCT Peter de Tender and co-hosted by Savision’s CTO Rob Doucette, that will explain how:
-You can leverage on the power of Microsoft Azure for building a Hyper-V based datacenter disaster recovery plan.
-You can migrate your in-house VM’s to Microsoft Azure, guaranteeing uptime and availability of the machine and the applications to your end-users.
Not using Hyper-V yet? No worries, Azure Site Recovery can also act as failover for your VMware or physical host platform.
Learn from Peter De Tender, independent technical speaker, valued Microsoft Infrastructure Architect, Microsoft Certified Trainer and Windows IT Pro MVP, about the core features of Azure Site Recovery, extended with insights on how Savision can assist you in monitoring the ASR topology by showing real-time feedback.
Register for the webinars:
Tuesday, September 29, 2015 11:30 am EDT | 5:30 pm CEST
Thursday, October 8, 2015 2:00 pm EDT | 8 pm CEST
If you still haven’t, you can also download Savision’s complimentary whitepaper, written by MVP & MCT Peter de Tender on leveraging the power of Azure.
Download the whitepaper.