2. Follow me on Twitter @AndyMalone
Andy Malone
Microsoft MVP (Enterprise Security)
Founder: Cybercrime Security Forum!
Microsoft International Event Speaker
MCT (18 Years)
Winner: Microsoft Speaker Idol 2006
See me speak @ Microsoft TechEd 2014
10. Energy In = Heat Out
Removing heat is critical
Environmental control is a
major source of energy and
water consumption
Innovative approaches
increase overall efficiency
over traditional computer
room air conditioning (CRAC)
11. Microsoft’s Datacenter Evolution
1989-2005
2007
2008
2011+
Generation 1
Generation 2
Generation 3
Generation 4
Colocation
Density
Containment
Modular
Server
Capacity
~2 PUE
20 year Technology
Rack
Density and Deployment
1.4 – 1.6 PUE
Minimized Resource Impact
Containers, PODs
Scalability & Sustainability
1.2 – 1.5 PUE
Air & Water Economization
Differentiated SLAs
ITPACs & Colos
Reduced Carbon, Rightsized
1.05 – 1.20 PUE
Faster Time to Market
Outside Air Cooled
12. Office 365 Operates as a Datacenter within
Microsoft Datacenters
• Shared Mechanical & Electrical
• Consumer Services:
•
•
•
•
Different hardware
Separate access control
Separate network
Separate storage
17. Core identity scenarios with Office 365
Cloud Identity
Single identity in the cloud Suitable
for small organizations with no
integration to on-premises
directories
Directory & Password
Synchronization*
Single identity
suitable for medium
and large organizations without
federation*
Federated Identity
Single federated identity
and credentials suitable
for medium and large
organizations
18. Windows Azure Active Directory
One Cloud Directory for every organization
What it is:
•
The identity platform behind Office 365 & other
Microsoft Cloud Services
•
Able to integrate with enterprise identity platforms
•
Enabler of single sign-on for Office 365 and other apps
What it isn’t:
•
Windows Azure Active Directory is not your AD Domain
Controllers running in the Windows Azure
•
We do support AD running as a role on a VM in
Windows Azure IaaS – but that is a separate discussion
19.
20. Protocols to Connect to Windows Azure AD
Protocol
Purpose
Details
REST/HTTP
directory access
Create, Read, Update, Delete directory
objects and relationships
Compatible with OData V3
Authenticate with OAuth 2.0
OAuth 2.0
Service to service authentication
Delegated access
JWT token format
Open ID Connect
Web application authentication
Rich client authentication
Under investigation
JWT token format
SAML 2.0
Web application authentication
SAML 2.0 token format
WS-Federation 1.3
Web application authentication
SAML 1.1 token format
SAML 2.0 token format
JWT token format
21. WAAD Provisioning
• Manual
– Simple Web based user interface
– Bulk import of user
– Best for small customers
• Scriptable
– PowerShell module for windows
– Programmable REST based API
– Limited attribute set/object types
• Automated
– Directory Synchronization with delta
– Full fidelity of attributes and object types
– Optimized for large object sets
26. What is Dirsync?
(Azure Active Directory Sync Tool )
•
Enables Simple & Rich Coexistence
– Provisions objects in Office 365 with same email addresses
as the objects in the on-premises environment
– Provides a unified Global Address List experience between
on-premises and Office 365
• Objects hidden from the GAL on-premises are also
hidden from the GAL in Office 365
– Enables coexistence for Exchange
• Works in both simple and hybrid deployment
scenarios
– Enabler for mail routing between on-premises and Office
365 with a shared domain namespace
– Enables coexistence for Microsoft Lync
27. Dirsync Password Synchronization
• No longer requires ADFS to provide SSO
– Does not sync plaintext passwords
– Dirsync syncs hashes of hashes of your user's passwords
greatly reducing the risk of a password leaking
– You don't need to install any new software on your DCs
or reboot DCs
– Users don't need to change passwords
– Password Syncing is 1 way. Users that have Password
Sync enabled are required to change their passwords on
premises in an AD connected machine.
– “In my opinion not as secure as ADFS”
31. SharePoint Cloud Continuum
• Auto HA, Fault-Tolerance
• Friction-free scale
• Self-provisioning, mgmt @ scale
SharePoint Online (Office 365)
Value Prop:
Value Prop:
• Full h/w control – size/scale
• Roll-your-own HA/DR/scale
• 100% of API surface area
• Easy migration of existing apps
• Roll-your-own HA/DR/scale
SharePoint (Windows Azure)
SharePoint (On-premises)
CONTROL
COST-EFFICIENCY
Value Prop:
32. Layers of SharePoint Online
Physical
Datacenters
Machines
Physical network
Virtual Machine Roles
VMs performing different roles
Units of scalability called “Networks”
Services
1+ services run within VM role
Hundreds of services interacting
33. SharePoint Online components
• SharePoint – actual bits & features
– Same bits used in on-premises deployments
– All features must conform to service fabric horizontals—”cloud ready”
• Service Fabric – components needed to run service
–
–
–
–
–
–
–
Deployment & Environments – Topology
Identity & Sign In
Provisioning Tenants & Users
Tenant Admin
Upgrade
High Availability & Disaster Recovery
Telemetry, Incident Management, Debugging & Patching Code in the Service
• Zoom in on topology, provisioning & upgrade
– Deep dive into system topology & deployment, customers onboarding & upgrades
34. Office Web Apps
• Consumer / Windows Live
– Publicly available to any Live ID user
– Free with SkyDrive & Outlook.com
(Hotmail)
– Iterative release cadence
• On-Premise / Private Cloud
– Runs as Office Web Apps Server
– Integrates with SharePoint,
Exchange,
File shares, etc.
– Minimal changes during life cycle
• Office 365 / Public Cloud
– An option within the service
– Monthly per-user subscription
– 90-day service update cycle
34
35. Browser Requirements for Office 365
Internet Explorer 8
• Safari 5
• latest Chrome
• Latest Firefox
•
36. SharePoint Online Topology
Datacenter 1..N:
Disaster Recovery Datacenter 1..N:
Network 1..N:
Grid Manager
Network 1..N:
AD Sync
SCOM
SPDiag
DNS
Admin
AD Sync
SCOM
SPDiag
DNS
Admin
Prov.
ULS
WER
SMTP
Backup
Prov.
ULS
WER
SMTP
Backup
Stamp 1:
Global Directory
Stamp 1:
Content:
Federated Services:
Tenant Admin (UI)
Content:
Federated Services:
Fed App
Fed CA
WFE
CA
Fed App
Fed CA
WFE
CA
Fed Query
Fed Idx
Crawl WFE
Sandbox
Fed Query
Fed Idx
Crawl WFE
Sandbox
App Server
Timer Jobs
App Server
Timer Jobs
SQL:
SQL
SQL
SQL
SQL
NLB
Directory:
AD
AD
Stamp 2..N:
SQL:
SQL
SQL
SQL
NLB
SQL
Directory:
AD
AD
Stamp 2..N:
Content:
Federated Services:
Fed App
Fed CA
WFE
CA
Fed App
Fed CA
WFE
CA
Fed Query
Fed Idx
Crawl WFE
Sandbox
Fed Query
Fed Idx
Crawl WFE
Sandbox
App Server
Timer Jobs
App Server
Timer Jobs
SQL:
SQL
SQL
SQL
SQL
Directory:
AD
SQL:
SQL
AD
SQL
SQL
SQL
Directory:
AD
NLB
DNS (multiple)
OrgID Auth, Svc.
Content:
Federated Services:
Commerce backend
NLB
AD
Incident
Management
Azure
(Windows/SQL)
CDN Services
37. Keeping Your Data Safe
Data Center
client side
cache
Failure Scope
Data Center
asynchronous
log shipping
synchronous
mirroring
save
none
disk
dc
rack
Copy Count
recycle
bin
1
4
2
10+
6
RAID 10
Rack 1
scheduled
backups
point-in-time
restore
Rack 2
Rack 3
asynchronous
replication
40. Exchange —Work Smarter, Anywhere.
Remain in control, online
and on-premises
Do more,
on any device
Keep the
organization safe
Tailor your solution based on your
unique needs
Manage increasing volumes of
communications
Protect business communications and
sensitive information
Ensure your communications are
always available
Work together more effectively as
teams
Meet internal and regulatory
compliance requirements
42. Email, calendar, and contacts from
Outlook Web App
Additional features through native
integration with the device:
Stored credentials
Voice activated actions
Contact sync to native address book
Apps require Office 365 with the
latest update of Exchange Online
49. Use proximity searches to
understand context
Fine tune
complex queries
Search Exchange,
SharePoint, and
Lync data from a
single interface
Get instant
statistics
Query results across
Exchange, Lync &
SharePoint
Laser focused refiners to help
find the data you need
53. Top Tips & Final Thoughts
•
•
•
•
Choose Correct 365 Solution
Sign up for a free trial
Subscriptions yearly
Options available for
•
•
•
•
Kiosk Plans (Basic browser based,
pop email etc)
Home Premium
Small Business (P Plans)
Enterprise (E Plans)
54. Top Tips & Final Thoughts
•
•
•
•
•
•
•
•
Product V.s. Service
Clean House, users, mailboxes
etc
To SSO or not to SSO?
Read the Planning Guides
Region V.s. Compliance!
Get your DNS Correct
Watch out for Expiring SSL Certs
Beware the Deleted Domains!