Accéder au contenu principal

HOW TO BUILD DATA CENTER FULL SYNCHRONIZE WITH AZURE


HOW TO BUILD DATA CENTER FULL SYNCHRONIZE WITH AZURE



You entrprise don't have data center domain, all your users work on private machine, you need to implement right secure environment center.

HOW TO DO?

I will show you my best pratice for this issue.

First, It's importante to know that each entreprise must have local and cloud environment center (synchronize)  to secure internal intranet area policies and protected storage.

The following diagram shows the Azure AD Connect tool on a virtual machine in Azure (the DirSync server)
synchronizing on-premises AD DS to Office 365.

In the diagram, there are two networks connected by a site-to-site VPN or ExpressRoute connection. There is an on-premises network where AD DS domain controllers are located, and there is an Azure virtual network with a DirSync server, a virtual machine running the Azure Active Directory Sync tool. There are two main traffic flows originating from the DirSync server:
  • The Azure AD Connect tool queries a domain controller on the on-premises network for changes to accounts and passwords.
  • The Azure AD Connect tool sends the changes to accounts and passwords to the Azure AD instance of your Office 365 subscription. Because the DirSync server is essentially in an extended portion of your on-premises network, these changes are sent through the on-premises network’s proxy server.
NoteNote:
This solution describes synchronization of a single Active Directory domain, in a single Active Directory forest. The Azure AD Connect tool synchronizes all Active Directory domains in your Active Directory forest with Office 365. If you have multiple Active Directory forests to synchronize with Office 365, see Multi-forest Directory Sync with Single Sign-On Scenario.
In both cases, the traffic originated by the Azure AD Connect tool is forwarded to a VPN gateway on the virtual network in Azure, which then forwards the traffic across the site-to-site VPN or ExpressRoute connection to the VPN gateway device on the on-premises network. The routing infrastructure of the on-premises network then forwards the traffic to its destination, such as a domain controller or a proxy server.
There are two phases when you deploy this solution:
  1. Creating an Azure virtual network and establishing a site-to-site VPN connection to the on-premises (organization) network. For more information, see Connect an on-premises network to a Microsoft Azure virtual network.
  2. Installing the Azure AD Connect tool on a domain-joined virtual machine in Azure, and then synchronizing the on-premises AD DS to Office 365. This involves:
    1. Creating an Azure Virtual Machine to host the Azure AD Connect tool.
    2. Installing the Azure AD Connect tool.
    3. Configuring the Azure AD Connect tool by providing the credentials (user name and password) of an Azure AD administrator account and an AD DS enterprise administrator account. The Azure AD Connect tool runs immediately and on an ongoing basis to synchronize the on-premises AD DS forest to Office 365.
ImportantImportant:
When the Azure AD Connect tool configuration completes, the Azure AD Connect tool does not save the AD DS enterprise administrator account credentials.
NoteNote:
This solution describes synchronizing a single Active Directory forest to Office 365. The topology discussed in this article represents only one way to implement this solution. Your organization’s topology might differ based on your unique network requirements and security considerations.

Before you begin, review the following prerequisites for this solution:
  • Review the related planning content in Plan your Azure Virtual Network.
  • Ensure you meet all prerequisites for configuring the Azure virtual network.
  • Have an Office 365 subscription that includes the Active Directory integration feature. For information about Office 365 subscriptions, go to the Office 365 subscription page.
  • Provision one Azure Virtual Machine that runs the Azure AD Connect tool to synchronize your on-premises AD DS forest with Office 365.
  • You must have the credentials (names and passwords) for an AD DS enterprise administrator account and an Azure Active Directory Administrator account.

The following list represents the design choices made for this solution. For additional solution design choices, see the Variations to solution designsection in this topic.
  • This solution uses a single Azure virtual network with a site-to-site VPN connection. The Azure virtual network hosts a single subnet that contains one server, the DirSync server that is running the Azure AD Connect tool.
  • On the on-premises network, a domain controller (to be synchronized with Office 365) and DNS servers exist.
  • The Azure AD Connect tool is used for password synchronization instead of single sign-on. You do not have to deploy an Active Directory Federation Services (AD FS) infrastructure. To learn more about password synchronization and single sign-on options, see Determine which directory integration scenario to use.

Libellés :
Pays/territoire : Israel

Commentaires

Enregistrer un commentaire

Posts les plus consultés de ce blog

HOW DOCKERIZED JAVA APPLICATION

As we start some account should be created. Docker account on the  Docker Hub  portal Git   or  Bitbucket   account, which required when using automated build Docker Create Docker Hub account Open the  Docker Hub  web site and subscribe for a new account. After the subscription and login you’ll navigated to your Dashboard (at start empty). on the top left menu press the Explore   link – this will used us later as a base for our Docker. The other thing that we need to set up is the source control provider. It’s only required when using automated build Docker. Press the  Create Automated Build  linked, after it the Link Accounts button. Create & Manage Git Account I believe that must of you have one of the source-controls Git / Bitbucket providers. In this post I will show how to use the Git source-control. If you don’t have an  account please open and create repository, each repository dedicate to a single Docker (I named it Docker_Java_App). Ins
Enregistrer un commentaire
Lire la suite