SlideShare a Scribd company logo

How AD has been re-engineered to extend to the cloud

LDAPCon
LDAPCon
Technology
1 of 33
Download to read offline
How AD has been reengineered to extend to the Cloud Philippe Beraud, @philberd Architect | Office of CTO | Microsoft France
A Brief History Over the years, there main models have emerged and coexist 1. Identity model of the "firewall age" • Concept of security and administrative domains/realms • Collection of resources tightly integrated under a single and closed administration • Age of organization’s directory services and NOS but also the beginning of metadirectories and other virtual directories to manage multiple identities silos 2. Identity model against the age of the Internet • Consideration of suppliers, customers, and partners as a different category of objects BUT still in the same "administrative domain" • Declaration of these objects in various repositories while having the need for a unified management
A Brief History (cont’d) Over the years, there main model have emerged and coexist 3. First generation of the identity ecosystem model • Concept of the so-called extended enterprise for collaboration with suppliers and partners as well as the interaction with customers • Age of Web SSO, of identity federation with a HUGE step crossed BUT ALSO a lot of complexities, of burdens, etc.
About Windows Server Active Directory (AD) Windows Server Active Directory (AD) represents an illustration of products and technologies that sustain these three models • AD is an on-premises LDAP v3 (RFC 4510 compliant) Directory Service • Active Directory Domain Services (AD DS) • Active Directory Lightweight Domain Services (AD LDS) • With complementary services • Active Directory Federation Services (AD FS) • Active Directory Certificate Services (AD CS) • Active Directory Rights Management Services (AD RMS) • Forefront Identity Management (FIM)
Towards a New Identity Model Identity (and Access) Management as a Service (IdMaaS) • Commodities accessible to EVERYONE • "Organization-owned" identity provider for applications wherever they run, whatever they are on any platform, on any device • Central "hub" to provision/de-provision/manage users and their common devices • Consolidation with the on-premises environment, the SaaS/multi-tenant applications, etc. • Seamless federation and synchronization with on-premises directory services • Multi-factor authentication • Replace the today complexity at the application level by an IdMaaS feature • Combine the most advanced capabilities with operations externalization to achieve a reduction in risk, effort and cost • Control or even reduce costs by taking full advantage of the efficiency of the Cloud and automation
Projecting Identities in the Cloud with Windows Azure Active Directory
Windows Azure Active Directory (AAD) AAD is NOT on-premises Windows Server AD in the Cloud AAD is an enterprise-class IdMaaS cloud-based solution • AAD offers a large set of features at NO cost AAD is the Directory Service for Microsoft’s Online services • Office 365, Dynamics CRM Online, Windows Intune, and now the Windows Azure Portal Microsoft Account (Live ID) is yet ANOTHER identity infrastructure
AAD Design Principles (cont’d) Such a Cloud-based service requires specific capabilities • Optimization of availability, consistent performances, scalability, geo-redundancy, etc. but NOT only AAD is a multi-tenant environment • "Organization-owned“ tenant - The customer organization owns the data of their directory, NOT Microsoft AAD relies on a schema • For the semi-structured information on entities and their relationships AAD does not allow for custom schema AAD will however provide the ability for attribute extensions, links to (external) resources, etc. • As per Windows Azure Graph Store capabilities (Preview)
AAD Design Principles (cont’d) AAD aims at maximizing the reach in terms of platforms and devices • AAD uses http/web/REST-based modern protocols for identity and access management AAD provides RESTful interface for CRUD operations • Directory Graph API provides a programmatic access to directory typed objects and their relationships • GET, POST, PATCH, DELETE are used to create, read, update, and delete • • Response supports JSON, XML, standard HTTP status codes Compatible with OASIS OData • Directory Graph API supports OAuth 2.0 for authentication role-based assignment for apps and user authorization • Operations are scoped to individual tenant context
Demo 1 Graph Explorer browser based query tool http://graphexplorer.cloudapp.net
AAD Design Principles (cont’d) AAD is not AD or LDAP in the cloud BUT there are four aspects to LDAP: • LDAP – network communications protocol (389/636) • AAD supports a RESTful-based Directory Graph API over HTTP/S (and PowerShell) (w/OAuth2) instead of LDAP or Kerberos http://msdn.microsoft.com/en-us/library/windowsazure/hh974476.aspx • LDAP – object data model with inheritance • AAD supports the Graph Entity Data model with inheritance http://msdn.microsoft.com/en-us/library/ee382825.aspx • LDAP – layout (namespace) is hierarchical (i.e. ou=) • AAD is a flat name space, that includes groups and abstract containers, in a multi-tenant environment http://msdn.microsoft.com/en-us/library/ee382835(v=vs.110).aspx • LDAP – distribution model aka replication • AAD is a manage service with geo-redundancy
AAD Key Scenarios Many applications, one identity repository. Manage access to cloud applications. SaaS apps Monitor and protect access to enterprise applications. Personalized access to my applications.
Many applications, one identity repository Connect and sync Windows Server Active Directory (or other (LDAP) identity infrastructure) with an AAD tenant. Preintegrated popular SaaS apps. Easily add custom cloud-based apps. Facilitate developers with identity management. Windows Server Active Directory (or other (LDAP) identity infrastructure) SaaS apps LOB & custom apps Identities and applications in one place. Consumer identity providers
Demo 2 One identity repository for the best UX
Deliver a seamless user authentication experience Multi-Factor Authentication can be configured through Windows Azure Windows Server Active Directory (or other (LDAP) identity infrastructure) Cloud Authentication Directory synchronization with password hash sync User attributes are synchronized including the password hash, authentication is completed against AAD Federated Authentication Windows Server Active Directory (or other (LDAP) identity infrastructure) Multi-Factor Authentication can be configured through the integration with Windows Azure or thanks to other capability Directory synchronizatio n On-premises Identity provider User attributes are synchronized, authentication is passed back through federation and completed against the on-premises identity federation infrastructure
Synchronize the identities with LDAPbased directories The FIM 2010 R2 synchronization engine can be leveraged • AAD Connector available on Microsoft Connect https://connect.microsoft.com/site433/FIM%20Sync%20Connectors • Generic LDAP v3 (RFC 4510 compliant) Connector Beta available on Microsoft Connect • Certain operations, such as delta import, are not specified in the IETF RFCs. Supported Directories for Delta import and Password : Open LDAP, Novell NDS • LDAP referrals between servers (RFC 4511/4.1.10) are not supported https://connect.microsoft.com/site433/FIM%20Sync%20Connectors • OpenLDAP Extensible Management Agent (XMA) available on Source Forge http://openldap-xma.sourceforge.net/
SaaS apps Manage access to many cloud applications Comprehensive identity and access management console. Centralized access administration for preintegrated SaaS apps and other Cloud-based apps. Secure business processes with advanced access management IT capabilities. professional SaaS apps Your cloud apps ready when you are.
Demo 3 Windows Azure Management Portal
Demo 4 Application Access Enhancements for Windows Azure Active Directory
Demo 5 Granting Access for a SaaS multitenant apps
Monitor and protect access to enterprise apps Built-in security features. Security reporting that tracks inconsistent access patterns. Step up to Multi-Factor authentication. X X X X X X X X X X X X X X X Ensure secure access and visibility on usage patterns for SaaS and cloud-hosted LOB applications.
Demo 6 Windows Azure Multi-Factor Authentication
Personalized access to my applications All assigned SaaS apps in one web page: The Access Panel. Single Sign On experience for all SaaS applications. Use Access Panel from all devices with your existing credentials. Users can easily access the SaaS apps they need, using their existing credentials.
Demo 7 User Access Panel
Identities everywhere, accessing everything Microsoft apps Windows Server Active Directory (or other (LDAP) identity infrastructure) Custom ISV/CSV LOB apps apps 3rd party clouds/hosting PCs and devices Consumer identity providers
Manage access to cloud applications. Many applications, one identity repository. • • • IdMaaS directory on Windows Azure. Connect/ synchronize on-premises directories with Windows Azure. Provide IdM to new apps (ACS, Graph API, SDKs). • • Manage Users. Add Cloudbased applications for SSO. Monitor and protect access to enterprise applications. • • • SaaS apps • Build-in security. Secure tools for synchronizat ion (DirSync, AAD connector). Block user access. Personalized access to my applications.
SaaS apps Manage access to cloud applications. Many applications, one identity repository. • IdMaaS directory on Windows Azure. • Connect/ synchronize on-premises directories with Windows Azure. • Provide IdM • Preintegrate to new apps d popular (ACS, Graph SaaS API, SDKs). application s (Preview). • • • • Manage Users. Add Cloudbased applications for SSO. Add preintegra ted SaaS apps from the gallery for SSO (Preview). Add/Remove users to top preintegra ted SaaS apps (Preview). Personalized access to my applications. Monitor and protect access to enterprise applications. • • • • • • Build-in security. Secure tools for synchronizat ion (DirSync, AAD connector, etc.). Block user Security access. reports Multi-factor (Preview). authentication. • • Single screen with assigned SaaS apps for every user: Access Panel (Preview). Single Sign on for SaaS apps from Access Panel (Preview).
In GA since April, 2013 Sign-up for your free AAD tenant and trial Windows Azure account • https://account.windowsazure.com/organization
To Go Beyond Places to start • http://www.windowsazure.com/en-us/solutions/identity/ • http://channel9.msdn.com/search?term=directory Microsoft T echNet Documentation • http://go.microsoft.com/fwlink/p/?linkid=290967 Microsoft MSDN Documentation • http://go.microsoft.com/fwlink/p/?linkid=290966 Microsoft Active Directory T eam Blog • http://blogs.msdn.com/b/active_directory_team_blog Windows Azure Active Directory Graph Team Blog • http://blogs.msdn.com/aadgraphteam
Whitepapers and Step-by-step Guides Active Directory from the on-premises to the Cloud Office 365 Single Sign-On with AD FS 2.0 Office 365 Single Sign-On with Shibboleth 2.0 Office 365 Adapter: Deploying Office 365 Single Sign-On using Windows Azure Available on the Microsoft Download Center
Additional Resources Windows Azure Trust Center • A single location where are aggregated information on security, privacy, and compliance http://www.windowsaz ure.com/enus/support/trustcenter/
Additional Resources (cont’d) http://www.microsoft.com/op enness http://msopentech.com
Thank you!

Recommended

Linux AD integration with OpenDJ
Linux AD integration with OpenDJLinux AD integration with OpenDJ
Linux AD integration with OpenDJPieter Baele
 
Building Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPABuilding Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPALDAPCon
 
Bridging the gap: Adding missing client (security) features using OpenLDAP pr...
Bridging the gap: Adding missing client (security) features using OpenLDAP pr...Bridging the gap: Adding missing client (security) features using OpenLDAP pr...
Bridging the gap: Adding missing client (security) features using OpenLDAP pr...LDAPCon
 
Build your LDAP Web Interface with LinID Directory Manager
Build your LDAP Web Interface with LinID Directory ManagerBuild your LDAP Web Interface with LinID Directory Manager
Build your LDAP Web Interface with LinID Directory ManagerLDAPCon
 
Spring Ldap
Spring LdapSpring Ldap
Spring LdapPiergiorgio Lucidi
 
A Backend to tie them all?
A Backend to tie them all?A Backend to tie them all?
A Backend to tie them all?LDAPCon
 
Do The Right Thing! How LDAP servers should help LDAP clients
Do The Right Thing! How LDAP servers should help LDAP clientsDo The Right Thing! How LDAP servers should help LDAP clients
Do The Right Thing! How LDAP servers should help LDAP clientsLDAPCon
 
Practical-LDAP-and-Linux
Practical-LDAP-and-LinuxPractical-LDAP-and-Linux
Practical-LDAP-and-LinuxBalaji Ravi
 

Recommended

Linux AD integration with OpenDJ
Linux AD integration with OpenDJLinux AD integration with OpenDJ
Linux AD integration with OpenDJPieter Baele
 
Building Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPABuilding Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPALDAPCon
 
Bridging the gap: Adding missing client (security) features using OpenLDAP pr...
Bridging the gap: Adding missing client (security) features using OpenLDAP pr...Bridging the gap: Adding missing client (security) features using OpenLDAP pr...
Bridging the gap: Adding missing client (security) features using OpenLDAP pr...LDAPCon
 
Build your LDAP Web Interface with LinID Directory Manager
Build your LDAP Web Interface with LinID Directory ManagerBuild your LDAP Web Interface with LinID Directory Manager
Build your LDAP Web Interface with LinID Directory ManagerLDAPCon
 
Spring Ldap
Spring LdapSpring Ldap
Spring LdapPiergiorgio Lucidi
 
A Backend to tie them all?
A Backend to tie them all?A Backend to tie them all?
A Backend to tie them all?LDAPCon
 
Do The Right Thing! How LDAP servers should help LDAP clients
Do The Right Thing! How LDAP servers should help LDAP clientsDo The Right Thing! How LDAP servers should help LDAP clients
Do The Right Thing! How LDAP servers should help LDAP clientsLDAPCon
 
Practical-LDAP-and-Linux
Practical-LDAP-and-LinuxPractical-LDAP-and-Linux
Practical-LDAP-and-LinuxBalaji Ravi
 
Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655
Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655
Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655Getting value from IoT, Integration and Data Analytics
 
Pci multitenancy exalogic at AMIS25
Pci multitenancy exalogic at AMIS25Pci multitenancy exalogic at AMIS25
Pci multitenancy exalogic at AMIS25Getting value from IoT, Integration and Data Analytics
 
Oracle application container cloud back end integration using node final
Oracle application container cloud back end integration using node finalOracle application container cloud back end integration using node final
Oracle application container cloud back end integration using node finalGetting value from IoT, Integration and Data Analytics
 
Jupyter + Globus: The Foundation for Interactive Data Science
Jupyter + Globus: The Foundation for Interactive Data ScienceJupyter + Globus: The Foundation for Interactive Data Science
Jupyter + Globus: The Foundation for Interactive Data ScienceGlobus
 
Distributed Virtual Transaction Directory Server
Distributed Virtual Transaction Directory ServerDistributed Virtual Transaction Directory Server
Distributed Virtual Transaction Directory ServerLDAPCon
 
Solutions for bi-directional Integration between Oracle RDMBS & Apache Kafka
Solutions for bi-directional Integration between Oracle RDMBS & Apache KafkaSolutions for bi-directional Integration between Oracle RDMBS & Apache Kafka
Solutions for bi-directional Integration between Oracle RDMBS & Apache KafkaGuido Schmutz
 
Kafka and event driven architecture -og yatra20
Kafka and event driven architecture -og yatra20Kafka and event driven architecture -og yatra20
Kafka and event driven architecture -og yatra20Vinay Kumar
 
Big Data Redis Mongodb Dynamodb Sharding
Big Data Redis Mongodb Dynamodb ShardingBig Data Redis Mongodb Dynamodb Sharding
Big Data Redis Mongodb Dynamodb ShardingAraf Karsh Hamid
 
KSQL - Stream Processing simplified!
KSQL - Stream Processing simplified!KSQL - Stream Processing simplified!
KSQL - Stream Processing simplified!Guido Schmutz
 
Open Source für den geschäftskritischen Einsatz
Open Source für den geschäftskritischen EinsatzOpen Source für den geschäftskritischen Einsatz
Open Source für den geschäftskritischen EinsatzMariaDB plc
 
Spark (Structured) Streaming vs. Kafka Streams
Spark (Structured) Streaming vs. Kafka StreamsSpark (Structured) Streaming vs. Kafka Streams
Spark (Structured) Streaming vs. Kafka StreamsGuido Schmutz
 
The Data Dichotomy- Rethinking the Way We Treat Data and Services
The Data Dichotomy- Rethinking the Way We Treat Data and ServicesThe Data Dichotomy- Rethinking the Way We Treat Data and Services
The Data Dichotomy- Rethinking the Way We Treat Data and Servicesconfluent
 
Getting Started with MariaDB with Docker
Getting Started with MariaDB with DockerGetting Started with MariaDB with Docker
Getting Started with MariaDB with DockerMariaDB plc
 
Ldap2010
Ldap2010Ldap2010
Ldap2010CYJ
 
Hadoop Security Now and Future
Hadoop Security Now and FutureHadoop Security Now and Future
Hadoop Security Now and Futuretcloudcomputing-tw
 
OOW09 Ebs Tuning Final
OOW09 Ebs Tuning FinalOOW09 Ebs Tuning Final
OOW09 Ebs Tuning Finaljucaab
 
[Srijan Wednesday Webinar] Decoupled Demystified: The Present & Future of Dr...
[Srijan Wednesday Webinar] Decoupled Demystified: The Present & Future of Dr... [Srijan Wednesday Webinar] Decoupled Demystified: The Present & Future of Dr...
[Srijan Wednesday Webinar] Decoupled Demystified: The Present & Future of Dr...Srijan Technologies
 
Soaring through the Clouds - Oracle Fusion Middleware Partner Forum 2016
Soaring through the Clouds - Oracle Fusion Middleware Partner Forum 2016 Soaring through the Clouds - Oracle Fusion Middleware Partner Forum 2016
Soaring through the Clouds - Oracle Fusion Middleware Partner Forum 2016 Lucas Jellema
 
Ldap introduction (eng)
Ldap introduction (eng)Ldap introduction (eng)
Ldap introduction (eng)Anatoliy Okhotnikov
 
Writing Blazing Fast, and Production-Ready Kafka Streams apps in less than 30...
Writing Blazing Fast, and Production-Ready Kafka Streams apps in less than 30...Writing Blazing Fast, and Production-Ready Kafka Streams apps in less than 30...
Writing Blazing Fast, and Production-Ready Kafka Streams apps in less than 30...HostedbyConfluent
 
Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudChris Dufour
 
KoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginnersKoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginnersTobias Koprowski
 

More Related Content

What's hot

Jupyter + Globus: The Foundation for Interactive Data Science
Jupyter + Globus: The Foundation for Interactive Data ScienceJupyter + Globus: The Foundation for Interactive Data Science
Jupyter + Globus: The Foundation for Interactive Data ScienceGlobus
 
Distributed Virtual Transaction Directory Server
Distributed Virtual Transaction Directory ServerDistributed Virtual Transaction Directory Server
Distributed Virtual Transaction Directory ServerLDAPCon
 
Solutions for bi-directional Integration between Oracle RDMBS & Apache Kafka
Solutions for bi-directional Integration between Oracle RDMBS & Apache KafkaSolutions for bi-directional Integration between Oracle RDMBS & Apache Kafka
Solutions for bi-directional Integration between Oracle RDMBS & Apache KafkaGuido Schmutz
 
Kafka and event driven architecture -og yatra20
Kafka and event driven architecture -og yatra20Kafka and event driven architecture -og yatra20
Kafka and event driven architecture -og yatra20Vinay Kumar
 
Big Data Redis Mongodb Dynamodb Sharding
Big Data Redis Mongodb Dynamodb ShardingBig Data Redis Mongodb Dynamodb Sharding
Big Data Redis Mongodb Dynamodb ShardingAraf Karsh Hamid
 
KSQL - Stream Processing simplified!
KSQL - Stream Processing simplified!KSQL - Stream Processing simplified!
KSQL - Stream Processing simplified!Guido Schmutz
 
Open Source für den geschäftskritischen Einsatz
Open Source für den geschäftskritischen EinsatzOpen Source für den geschäftskritischen Einsatz
Open Source für den geschäftskritischen EinsatzMariaDB plc
 
Spark (Structured) Streaming vs. Kafka Streams
Spark (Structured) Streaming vs. Kafka StreamsSpark (Structured) Streaming vs. Kafka Streams
Spark (Structured) Streaming vs. Kafka StreamsGuido Schmutz
 
The Data Dichotomy- Rethinking the Way We Treat Data and Services
The Data Dichotomy- Rethinking the Way We Treat Data and ServicesThe Data Dichotomy- Rethinking the Way We Treat Data and Services
The Data Dichotomy- Rethinking the Way We Treat Data and Servicesconfluent
 
Getting Started with MariaDB with Docker
Getting Started with MariaDB with DockerGetting Started with MariaDB with Docker
Getting Started with MariaDB with DockerMariaDB plc
 
Ldap2010
Ldap2010Ldap2010
Ldap2010CYJ
 
Hadoop Security Now and Future
Hadoop Security Now and FutureHadoop Security Now and Future
Hadoop Security Now and Futuretcloudcomputing-tw
 
OOW09 Ebs Tuning Final
OOW09 Ebs Tuning FinalOOW09 Ebs Tuning Final
OOW09 Ebs Tuning Finaljucaab
 
[Srijan Wednesday Webinar] Decoupled Demystified: The Present & Future of Dr...
[Srijan Wednesday Webinar] Decoupled Demystified: The Present & Future of Dr... [Srijan Wednesday Webinar] Decoupled Demystified: The Present & Future of Dr...
[Srijan Wednesday Webinar] Decoupled Demystified: The Present & Future of Dr...Srijan Technologies
 
Soaring through the Clouds - Oracle Fusion Middleware Partner Forum 2016
Soaring through the Clouds - Oracle Fusion Middleware Partner Forum 2016 Soaring through the Clouds - Oracle Fusion Middleware Partner Forum 2016
Soaring through the Clouds - Oracle Fusion Middleware Partner Forum 2016 Lucas Jellema
 
Writing Blazing Fast, and Production-Ready Kafka Streams apps in less than 30...
Writing Blazing Fast, and Production-Ready Kafka Streams apps in less than 30...Writing Blazing Fast, and Production-Ready Kafka Streams apps in less than 30...
Writing Blazing Fast, and Production-Ready Kafka Streams apps in less than 30...HostedbyConfluent
 

What's hot (20)

Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655
Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655
Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655
 
Pci multitenancy exalogic at AMIS25
Pci multitenancy exalogic at AMIS25Pci multitenancy exalogic at AMIS25
Pci multitenancy exalogic at AMIS25
 
Oracle application container cloud back end integration using node final
Oracle application container cloud back end integration using node finalOracle application container cloud back end integration using node final
Oracle application container cloud back end integration using node final
 
Jupyter + Globus: The Foundation for Interactive Data Science
Jupyter + Globus: The Foundation for Interactive Data ScienceJupyter + Globus: The Foundation for Interactive Data Science
Jupyter + Globus: The Foundation for Interactive Data Science
 
Distributed Virtual Transaction Directory Server
Distributed Virtual Transaction Directory ServerDistributed Virtual Transaction Directory Server
Distributed Virtual Transaction Directory Server
 
Solutions for bi-directional Integration between Oracle RDMBS & Apache Kafka
Solutions for bi-directional Integration between Oracle RDMBS & Apache KafkaSolutions for bi-directional Integration between Oracle RDMBS & Apache Kafka
Solutions for bi-directional Integration between Oracle RDMBS & Apache Kafka
 
Kafka and event driven architecture -og yatra20
Kafka and event driven architecture -og yatra20Kafka and event driven architecture -og yatra20
Kafka and event driven architecture -og yatra20
 
Big Data Redis Mongodb Dynamodb Sharding
Big Data Redis Mongodb Dynamodb ShardingBig Data Redis Mongodb Dynamodb Sharding
Big Data Redis Mongodb Dynamodb Sharding
 
KSQL - Stream Processing simplified!
KSQL - Stream Processing simplified!KSQL - Stream Processing simplified!
KSQL - Stream Processing simplified!
 
Open Source für den geschäftskritischen Einsatz
Open Source für den geschäftskritischen EinsatzOpen Source für den geschäftskritischen Einsatz
Open Source für den geschäftskritischen Einsatz
 
Spark (Structured) Streaming vs. Kafka Streams
Spark (Structured) Streaming vs. Kafka StreamsSpark (Structured) Streaming vs. Kafka Streams
Spark (Structured) Streaming vs. Kafka Streams
 
The Data Dichotomy- Rethinking the Way We Treat Data and Services
The Data Dichotomy- Rethinking the Way We Treat Data and ServicesThe Data Dichotomy- Rethinking the Way We Treat Data and Services
The Data Dichotomy- Rethinking the Way We Treat Data and Services
 
Getting Started with MariaDB with Docker
Getting Started with MariaDB with DockerGetting Started with MariaDB with Docker
Getting Started with MariaDB with Docker
 
Ldap2010
Ldap2010Ldap2010
Ldap2010
 
Hadoop Security Now and Future
Hadoop Security Now and FutureHadoop Security Now and Future
Hadoop Security Now and Future
 
OOW09 Ebs Tuning Final
OOW09 Ebs Tuning FinalOOW09 Ebs Tuning Final
OOW09 Ebs Tuning Final
 
[Srijan Wednesday Webinar] Decoupled Demystified: The Present & Future of Dr...
[Srijan Wednesday Webinar] Decoupled Demystified: The Present & Future of Dr... [Srijan Wednesday Webinar] Decoupled Demystified: The Present & Future of Dr...
[Srijan Wednesday Webinar] Decoupled Demystified: The Present & Future of Dr...
 
Soaring through the Clouds - Oracle Fusion Middleware Partner Forum 2016
Soaring through the Clouds - Oracle Fusion Middleware Partner Forum 2016 Soaring through the Clouds - Oracle Fusion Middleware Partner Forum 2016
Soaring through the Clouds - Oracle Fusion Middleware Partner Forum 2016
 
Ldap introduction (eng)
Ldap introduction (eng)Ldap introduction (eng)
Ldap introduction (eng)
 
Writing Blazing Fast, and Production-Ready Kafka Streams apps in less than 30...
Writing Blazing Fast, and Production-Ready Kafka Streams apps in less than 30...Writing Blazing Fast, and Production-Ready Kafka Streams apps in less than 30...
Writing Blazing Fast, and Production-Ready Kafka Streams apps in less than 30...
 

Similar to How AD has been re-engineered to extend to the cloud

Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudChris Dufour
 
KoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginnersKoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginnersTobias Koprowski
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active DirectoryKrunal Trivedi
 
Multiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oidMultiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oidpasalapudi
 
2014.10.22 Building Azure Solutions with Office 365
2014.10.22 Building Azure Solutions with Office 3652014.10.22 Building Azure Solutions with Office 365
2014.10.22 Building Azure Solutions with Office 365Marco Parenzan
 
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupUnderstanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupEPC Group
 
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environmentDEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environmentFelipe Prado
 
AD Basic and Azure AD.pptx
AD Basic and Azure AD.pptxAD Basic and Azure AD.pptx
AD Basic and Azure AD.pptxSumTingWong8
 
SOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class LibrariesSOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class LibrariesVagif Abilov
 
Cause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise DirectoryCause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise Directoryrwgorrel
 
IBM Social Business Toolkit
IBM Social Business ToolkitIBM Social Business Toolkit
IBM Social Business ToolkitVan Staub, MBA
 
IBM Open Cloud Update XCITE Fall 2014
IBM Open Cloud Update XCITE Fall 2014IBM Open Cloud Update XCITE Fall 2014
IBM Open Cloud Update XCITE Fall 2014Christopher Ferris
 
.NET Cloud-Native Bootcamp- Los Angeles
.NET Cloud-Native Bootcamp- Los Angeles.NET Cloud-Native Bootcamp- Los Angeles
.NET Cloud-Native Bootcamp- Los AngelesVMware Tanzu
 
Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureConnect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureK.Mohamed Faizal
 
Dirigible powered by Orion for Cloud Development (EclipseCon EU 2015)
Dirigible powered by Orion for Cloud Development (EclipseCon EU 2015)Dirigible powered by Orion for Cloud Development (EclipseCon EU 2015)
Dirigible powered by Orion for Cloud Development (EclipseCon EU 2015)Nedelcho Delchev
 
Cloud Native Application Development-build fast, low TCO, scalable & agile so...
Cloud Native Application Development-build fast, low TCO, scalable & agile so...Cloud Native Application Development-build fast, low TCO, scalable & agile so...
Cloud Native Application Development-build fast, low TCO, scalable & agile so...Lucas Jellema
 
Jelastic for Hosting & MSP
Jelastic for Hosting & MSPJelastic for Hosting & MSP
Jelastic for Hosting & MSPDmitry Lazarenko
 

Similar to How AD has been re-engineered to extend to the cloud (20)

Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the Cloud
 
KoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginnersKoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginners
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active Directory
 
Multiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oidMultiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oid
 
2014.10.22 Building Azure Solutions with Office 365
2014.10.22 Building Azure Solutions with Office 3652014.10.22 Building Azure Solutions with Office 365
2014.10.22 Building Azure Solutions with Office 365
 
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupUnderstanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
 
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environmentDEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
 
AD Basic and Azure AD.pptx
AD Basic and Azure AD.pptxAD Basic and Azure AD.pptx
AD Basic and Azure AD.pptx
 
Andy Malone - The new office 365 for it pro's
Andy Malone - The new office 365 for it pro'sAndy Malone - The new office 365 for it pro's
Andy Malone - The new office 365 for it pro's
 
What's new for Developers in SharePoint 2013
What's new for Developers in SharePoint 2013What's new for Developers in SharePoint 2013
What's new for Developers in SharePoint 2013
 
SOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class LibrariesSOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class Libraries
 
Cause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise DirectoryCause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise Directory
 
IBM Social Business Toolkit
IBM Social Business ToolkitIBM Social Business Toolkit
IBM Social Business Toolkit
 
IBM Open Cloud Update XCITE Fall 2014
IBM Open Cloud Update XCITE Fall 2014IBM Open Cloud Update XCITE Fall 2014
IBM Open Cloud Update XCITE Fall 2014
 
.NET Cloud-Native Bootcamp- Los Angeles
.NET Cloud-Native Bootcamp- Los Angeles.NET Cloud-Native Bootcamp- Los Angeles
.NET Cloud-Native Bootcamp- Los Angeles
 
Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureConnect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft Azure
 
Demistifying serverless on aws
Demistifying serverless on awsDemistifying serverless on aws
Demistifying serverless on aws
 
Dirigible powered by Orion for Cloud Development (EclipseCon EU 2015)
Dirigible powered by Orion for Cloud Development (EclipseCon EU 2015)Dirigible powered by Orion for Cloud Development (EclipseCon EU 2015)
Dirigible powered by Orion for Cloud Development (EclipseCon EU 2015)
 
Cloud Native Application Development-build fast, low TCO, scalable & agile so...
Cloud Native Application Development-build fast, low TCO, scalable & agile so...Cloud Native Application Development-build fast, low TCO, scalable & agile so...
Cloud Native Application Development-build fast, low TCO, scalable & agile so...
 
Jelastic for Hosting & MSP
Jelastic for Hosting & MSPJelastic for Hosting & MSP
Jelastic for Hosting & MSP
 

More from LDAPCon

Fusiondirectory: your infrastructure manager based on ldap
Fusiondirectory: your infrastructure manager based on ldapFusiondirectory: your infrastructure manager based on ldap
Fusiondirectory: your infrastructure manager based on ldapLDAPCon
 
Benchmarks on LDAP directories
Benchmarks on LDAP directoriesBenchmarks on LDAP directories
Benchmarks on LDAP directoriesLDAPCon
 
Synchronize AD and OpenLDAP with LSC
Synchronize AD and OpenLDAP with LSCSynchronize AD and OpenLDAP with LSC
Synchronize AD and OpenLDAP with LSCLDAPCon
 
Update on the OpenDJ project
Update on the OpenDJ projectUpdate on the OpenDJ project
Update on the OpenDJ projectLDAPCon
 
LDAP Development Using Spring LDAP
LDAP Development Using Spring LDAPLDAP Development Using Spring LDAP
LDAP Development Using Spring LDAPLDAPCon
 
What's New in OpenLDAP
What's New in OpenLDAPWhat's New in OpenLDAP
What's New in OpenLDAPLDAPCon
 
What makes a LDAP server running fast ? An bit of insight about the various b...
What makes a LDAP server running fast ? An bit of insight about the various b...What makes a LDAP server running fast ? An bit of insight about the various b...
What makes a LDAP server running fast ? An bit of insight about the various b...LDAPCon
 
Manage password policy in OpenLDAP
Manage password policy in OpenLDAPManage password policy in OpenLDAP
Manage password policy in OpenLDAPLDAPCon
 
OpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory StudioOpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory StudioLDAPCon
 
Making Research "Social" using LDAP
Making Research "Social" using LDAPMaking Research "Social" using LDAP
Making Research "Social" using LDAPLDAPCon
 
Fortress Open Source IAM on LDAPv3
Fortress Open Source IAM on LDAPv3Fortress Open Source IAM on LDAPv3
Fortress Open Source IAM on LDAPv3LDAPCon
 
eSCIMo - User Provisioning over Web
eSCIMo - User Provisioning over WebeSCIMo - User Provisioning over Web
eSCIMo - User Provisioning over WebLDAPCon
 
Give a REST to your LDAP directory services
Give a REST to your LDAP directory servicesGive a REST to your LDAP directory services
Give a REST to your LDAP directory servicesLDAPCon
 
IAM to IRM: The Shift to Identity Relationship Management
IAM to IRM: The Shift to Identity Relationship ManagementIAM to IRM: The Shift to Identity Relationship Management
IAM to IRM: The Shift to Identity Relationship ManagementLDAPCon
 

More from LDAPCon (14)

Fusiondirectory: your infrastructure manager based on ldap
Fusiondirectory: your infrastructure manager based on ldapFusiondirectory: your infrastructure manager based on ldap
Fusiondirectory: your infrastructure manager based on ldap
 
Benchmarks on LDAP directories
Benchmarks on LDAP directoriesBenchmarks on LDAP directories
Benchmarks on LDAP directories
 
Synchronize AD and OpenLDAP with LSC
Synchronize AD and OpenLDAP with LSCSynchronize AD and OpenLDAP with LSC
Synchronize AD and OpenLDAP with LSC
 
Update on the OpenDJ project
Update on the OpenDJ projectUpdate on the OpenDJ project
Update on the OpenDJ project
 
LDAP Development Using Spring LDAP
LDAP Development Using Spring LDAPLDAP Development Using Spring LDAP
LDAP Development Using Spring LDAP
 
What's New in OpenLDAP
What's New in OpenLDAPWhat's New in OpenLDAP
What's New in OpenLDAP
 
What makes a LDAP server running fast ? An bit of insight about the various b...
What makes a LDAP server running fast ? An bit of insight about the various b...What makes a LDAP server running fast ? An bit of insight about the various b...
What makes a LDAP server running fast ? An bit of insight about the various b...
 
Manage password policy in OpenLDAP
Manage password policy in OpenLDAPManage password policy in OpenLDAP
Manage password policy in OpenLDAP
 
OpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory StudioOpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory Studio
 
Making Research "Social" using LDAP
Making Research "Social" using LDAPMaking Research "Social" using LDAP
Making Research "Social" using LDAP
 
Fortress Open Source IAM on LDAPv3
Fortress Open Source IAM on LDAPv3Fortress Open Source IAM on LDAPv3
Fortress Open Source IAM on LDAPv3
 
eSCIMo - User Provisioning over Web
eSCIMo - User Provisioning over WebeSCIMo - User Provisioning over Web
eSCIMo - User Provisioning over Web
 
Give a REST to your LDAP directory services
Give a REST to your LDAP directory servicesGive a REST to your LDAP directory services
Give a REST to your LDAP directory services
 
IAM to IRM: The Shift to Identity Relationship Management
IAM to IRM: The Shift to Identity Relationship ManagementIAM to IRM: The Shift to Identity Relationship Management
IAM to IRM: The Shift to Identity Relationship Management
 

Recently uploaded

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 

Recently uploaded (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

How AD has been re-engineered to extend to the cloud

  • 1. How AD has been reengineered to extend to the Cloud Philippe Beraud, @philberd Architect | Office of CTO | Microsoft France
  • 2. A Brief History Over the years, there main models have emerged and coexist 1. Identity model of the "firewall age" • Concept of security and administrative domains/realms • Collection of resources tightly integrated under a single and closed administration • Age of organization’s directory services and NOS but also the beginning of metadirectories and other virtual directories to manage multiple identities silos 2. Identity model against the age of the Internet • Consideration of suppliers, customers, and partners as a different category of objects BUT still in the same "administrative domain" • Declaration of these objects in various repositories while having the need for a unified management
  • 3. A Brief History (cont’d) Over the years, there main model have emerged and coexist 3. First generation of the identity ecosystem model • Concept of the so-called extended enterprise for collaboration with suppliers and partners as well as the interaction with customers • Age of Web SSO, of identity federation with a HUGE step crossed BUT ALSO a lot of complexities, of burdens, etc.
  • 4. About Windows Server Active Directory (AD) Windows Server Active Directory (AD) represents an illustration of products and technologies that sustain these three models • AD is an on-premises LDAP v3 (RFC 4510 compliant) Directory Service • Active Directory Domain Services (AD DS) • Active Directory Lightweight Domain Services (AD LDS) • With complementary services • Active Directory Federation Services (AD FS) • Active Directory Certificate Services (AD CS) • Active Directory Rights Management Services (AD RMS) • Forefront Identity Management (FIM)
  • 5. Towards a New Identity Model Identity (and Access) Management as a Service (IdMaaS) • Commodities accessible to EVERYONE • "Organization-owned" identity provider for applications wherever they run, whatever they are on any platform, on any device • Central "hub" to provision/de-provision/manage users and their common devices • Consolidation with the on-premises environment, the SaaS/multi-tenant applications, etc. • Seamless federation and synchronization with on-premises directory services • Multi-factor authentication • Replace the today complexity at the application level by an IdMaaS feature • Combine the most advanced capabilities with operations externalization to achieve a reduction in risk, effort and cost • Control or even reduce costs by taking full advantage of the efficiency of the Cloud and automation
  • 6. Projecting Identities in the Cloud with Windows Azure Active Directory
  • 7. Windows Azure Active Directory (AAD) AAD is NOT on-premises Windows Server AD in the Cloud AAD is an enterprise-class IdMaaS cloud-based solution • AAD offers a large set of features at NO cost AAD is the Directory Service for Microsoft’s Online services • Office 365, Dynamics CRM Online, Windows Intune, and now the Windows Azure Portal Microsoft Account (Live ID) is yet ANOTHER identity infrastructure
  • 8. AAD Design Principles (cont’d) Such a Cloud-based service requires specific capabilities • Optimization of availability, consistent performances, scalability, geo-redundancy, etc. but NOT only AAD is a multi-tenant environment • "Organization-owned“ tenant - The customer organization owns the data of their directory, NOT Microsoft AAD relies on a schema • For the semi-structured information on entities and their relationships AAD does not allow for custom schema AAD will however provide the ability for attribute extensions, links to (external) resources, etc. • As per Windows Azure Graph Store capabilities (Preview)
  • 9. AAD Design Principles (cont’d) AAD aims at maximizing the reach in terms of platforms and devices • AAD uses http/web/REST-based modern protocols for identity and access management AAD provides RESTful interface for CRUD operations • Directory Graph API provides a programmatic access to directory typed objects and their relationships • GET, POST, PATCH, DELETE are used to create, read, update, and delete • • Response supports JSON, XML, standard HTTP status codes Compatible with OASIS OData • Directory Graph API supports OAuth 2.0 for authentication role-based assignment for apps and user authorization • Operations are scoped to individual tenant context
  • 10. Demo 1 Graph Explorer browser based query tool http://graphexplorer.cloudapp.net
  • 11. AAD Design Principles (cont’d) AAD is not AD or LDAP in the cloud BUT there are four aspects to LDAP: • LDAP – network communications protocol (389/636) • AAD supports a RESTful-based Directory Graph API over HTTP/S (and PowerShell) (w/OAuth2) instead of LDAP or Kerberos http://msdn.microsoft.com/en-us/library/windowsazure/hh974476.aspx • LDAP – object data model with inheritance • AAD supports the Graph Entity Data model with inheritance http://msdn.microsoft.com/en-us/library/ee382825.aspx • LDAP – layout (namespace) is hierarchical (i.e. ou=) • AAD is a flat name space, that includes groups and abstract containers, in a multi-tenant environment http://msdn.microsoft.com/en-us/library/ee382835(v=vs.110).aspx • LDAP – distribution model aka replication • AAD is a manage service with geo-redundancy
  • 12. AAD Key Scenarios Many applications, one identity repository. Manage access to cloud applications. SaaS apps Monitor and protect access to enterprise applications. Personalized access to my applications.
  • 13. Many applications, one identity repository Connect and sync Windows Server Active Directory (or other (LDAP) identity infrastructure) with an AAD tenant. Preintegrated popular SaaS apps. Easily add custom cloud-based apps. Facilitate developers with identity management. Windows Server Active Directory (or other (LDAP) identity infrastructure) SaaS apps LOB & custom apps Identities and applications in one place. Consumer identity providers
  • 14. Demo 2 One identity repository for the best UX
  • 15. Deliver a seamless user authentication experience Multi-Factor Authentication can be configured through Windows Azure Windows Server Active Directory (or other (LDAP) identity infrastructure) Cloud Authentication Directory synchronization with password hash sync User attributes are synchronized including the password hash, authentication is completed against AAD Federated Authentication Windows Server Active Directory (or other (LDAP) identity infrastructure) Multi-Factor Authentication can be configured through the integration with Windows Azure or thanks to other capability Directory synchronizatio n On-premises Identity provider User attributes are synchronized, authentication is passed back through federation and completed against the on-premises identity federation infrastructure
  • 16. Synchronize the identities with LDAPbased directories The FIM 2010 R2 synchronization engine can be leveraged • AAD Connector available on Microsoft Connect https://connect.microsoft.com/site433/FIM%20Sync%20Connectors • Generic LDAP v3 (RFC 4510 compliant) Connector Beta available on Microsoft Connect • Certain operations, such as delta import, are not specified in the IETF RFCs. Supported Directories for Delta import and Password : Open LDAP, Novell NDS • LDAP referrals between servers (RFC 4511/4.1.10) are not supported https://connect.microsoft.com/site433/FIM%20Sync%20Connectors • OpenLDAP Extensible Management Agent (XMA) available on Source Forge http://openldap-xma.sourceforge.net/
  • 17. SaaS apps Manage access to many cloud applications Comprehensive identity and access management console. Centralized access administration for preintegrated SaaS apps and other Cloud-based apps. Secure business processes with advanced access management IT capabilities. professional SaaS apps Your cloud apps ready when you are.
  • 18. Demo 3 Windows Azure Management Portal
  • 19. Demo 4 Application Access Enhancements for Windows Azure Active Directory
  • 20. Demo 5 Granting Access for a SaaS multitenant apps
  • 21. Monitor and protect access to enterprise apps Built-in security features. Security reporting that tracks inconsistent access patterns. Step up to Multi-Factor authentication. X X X X X X X X X X X X X X X Ensure secure access and visibility on usage patterns for SaaS and cloud-hosted LOB applications.
  • 22. Demo 6 Windows Azure Multi-Factor Authentication
  • 23. Personalized access to my applications All assigned SaaS apps in one web page: The Access Panel. Single Sign On experience for all SaaS applications. Use Access Panel from all devices with your existing credentials. Users can easily access the SaaS apps they need, using their existing credentials.
  • 25. Identities everywhere, accessing everything Microsoft apps Windows Server Active Directory (or other (LDAP) identity infrastructure) Custom ISV/CSV LOB apps apps 3rd party clouds/hosting PCs and devices Consumer identity providers
  • 26. Manage access to cloud applications. Many applications, one identity repository. • • • IdMaaS directory on Windows Azure. Connect/ synchronize on-premises directories with Windows Azure. Provide IdM to new apps (ACS, Graph API, SDKs). • • Manage Users. Add Cloudbased applications for SSO. Monitor and protect access to enterprise applications. • • • SaaS apps • Build-in security. Secure tools for synchronizat ion (DirSync, AAD connector). Block user access. Personalized access to my applications.
  • 27. SaaS apps Manage access to cloud applications. Many applications, one identity repository. • IdMaaS directory on Windows Azure. • Connect/ synchronize on-premises directories with Windows Azure. • Provide IdM • Preintegrate to new apps d popular (ACS, Graph SaaS API, SDKs). application s (Preview). • • • • Manage Users. Add Cloudbased applications for SSO. Add preintegra ted SaaS apps from the gallery for SSO (Preview). Add/Remove users to top preintegra ted SaaS apps (Preview). Personalized access to my applications. Monitor and protect access to enterprise applications. • • • • • • Build-in security. Secure tools for synchronizat ion (DirSync, AAD connector, etc.). Block user Security access. reports Multi-factor (Preview). authentication. • • Single screen with assigned SaaS apps for every user: Access Panel (Preview). Single Sign on for SaaS apps from Access Panel (Preview).
  • 28. In GA since April, 2013 Sign-up for your free AAD tenant and trial Windows Azure account • https://account.windowsazure.com/organization
  • 29. To Go Beyond Places to start • http://www.windowsazure.com/en-us/solutions/identity/ • http://channel9.msdn.com/search?term=directory Microsoft T echNet Documentation • http://go.microsoft.com/fwlink/p/?linkid=290967 Microsoft MSDN Documentation • http://go.microsoft.com/fwlink/p/?linkid=290966 Microsoft Active Directory T eam Blog • http://blogs.msdn.com/b/active_directory_team_blog Windows Azure Active Directory Graph Team Blog • http://blogs.msdn.com/aadgraphteam
  • 30. Whitepapers and Step-by-step Guides Active Directory from the on-premises to the Cloud Office 365 Single Sign-On with AD FS 2.0 Office 365 Single Sign-On with Shibboleth 2.0 Office 365 Adapter: Deploying Office 365 Single Sign-On using Windows Azure Available on the Microsoft Download Center
  • 31. Additional Resources Windows Azure Trust Center • A single location where are aggregated information on security, privacy, and compliance http://www.windowsaz ure.com/enus/support/trustcenter/