Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation

Different scenarios require different levels of cross- premise connectivity

CLOUDENTERPRISE Data Synchronization SQL Azure Data Sync Application-layer Connectivity & Messaging Service Bus Secure Machine-to-Machine Network Connectivity Windows Azure Connect Secure Site-to-Site Network Connectivity Windows Azure Virtual Network IP-level connectivity

For network administrators Provides network admins the control to setup subnets in the Cloud and manage them as extensions of on-premise datacenters Virtual Network For developers Designed for developers so it is simple to setup, easy to manage and can be rapidly provisioned Connect

On premise machines Windows Azure Roles Easy agent-based installation Does not require network admin involvement Works within corporate firewall policy Management through Windows Azure Portal Rapid provisioning & reconfiguration Set up a connection within minutes Easily reconfigure connections as needed End-to-End Security Built on open, secure standards Granular control over connectivity 5

Windows Azure Connect DEMO

Build virtual networks that scale Traditional, familiar approach to build extension to datacenter Scalable approach to building virtual networks Complete control over network configuration Define your own IP addresses Decide where Azure roles are placed Be compliant with corporate IT security policy Enables complex hybrid scenarios Allows cloud machine or on-premise machine to be a non- Windows machine Hybrid applications which require Cloud machines to reach all or a large portion of the on-premise network 7 Windows Azure subnets On-premise subnets

Hybrid applications with “built-in“ connectivity Independent Software Vendors wanting “built-in” cloud connectivity, seamlessly enabled as part of their application experience (e.g. HPC, Cloud DV) No VPN device Small businesses (or departments within an enterprise) who don’t have existing VPN devices and/or network expertise to manage VPN devices and routing tables Specific, scoped connectivity Developers needing Windows Azure access to an on-premise SQL server Roaming laptop access to Azure VM’s for debugging Connect Ideal for: Connect with non-Windows machines Applications which require Cloud machines or on-premise machine to be non-Windows machine (e.g. Linux, mainframe) Virtual Network ideal for: Setup connectivity at scale Cloud machines needing to reach all or a large portion of the on- premise network such as in domain joining Virtual Private Network (VPN) over Internet Architecture is has built-in tolerance for throughput/latency limitations of a traditional VPN working over the Internet

Windows Azure Virtual Networking DEMO

Azure caters to customers across the GLOBE Performance policy ensures that the customer is served for the fasters cloud service for him / her Allowing Orgs to grow exponentially across the GLOBE Azure does not sleep Failover Policy ensures that the service always responds, if primary fails, secondary… Allowing Orgs to always get business irrespective of situations Azure is purely secular (treats equally) Round-Robin policy ensures all services are used equally and there is no over burdening on one service 11

Windows Azure Traffic Manager DEMO

Windows Azure Active Directory

Broad & deep array of solutions enables customers to use cloud in their own way, at their own pace Microsoft approach: hybrid cloud

User Doesn’t want to use different identity for every app Developer Doesn’t want to write code to support multiple identity providers Administrator Wants to easily grant access to apps to Active Directory identities Active Directory Cloud App

RESPONDING to the needs for interoperability, social networking, flexibility, and simplicity REINVENTED for the cloud with modern protocols PROVIDE the enterprise capabilities of Active Directory

Windows Live ID On-Premises Active Directory ADFS 2.0 Third Party Apps Windows Azure Active Directory Microsoft Apps Your Apps

Active Directory in IaaS Through Virtual Networking connectivity, on-premises Active Directory allows domain join and single sign-on for applications in Azure Windows Server Active Directory can now be hosted in a Virtual Machine in Windows Azure to support SharePoint or SQL Server and for performance and redundancy DC DNS Active Directory Persistent VM Role DC DNS Active Directory Persistent VM Role SQL SharePoint

Single sign-on across all your cloud applications Build social enterprise apps in the cloud Build Secure Applications that integrate with multiple web identity providers

Enterprises CSVs Centralized policy and access control Single sign-on for users to Microsoft and 3 rd party applications running in the cloud Easy administration – sync and federate to on-prem AD Deliver SaaS solutions in Azure with single-sign-on from users in Windows Azure AD (Office 365) Write applications using a new enterprise social graph Small Business Provide access control with no on-prem identity infrastructure required Easy to use with little IT skills required

Questions? m

© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.