Back in 2006, I was working with a large Canadian managed-hosting service provider. At that time, there was huge demand for hosting dedicated servers. Hardware, bandwidth, and management all came at a high cost. However, things started to change with the rise of virtualization: it was able to bring the hosting costs down. I still remember that there were all sorts of discussions, arguments, articles, and summits where people were bringing the pros and cons of virtualization to the table. As with any technology, in the beginning, there were issues, but virtualization technologies developed rapidly and brought businesses to a point that they can't look away from.
For us, it was the same: business-wise, we were safe with dedicated server hosting. We were making good profits. But with virtualization, customers were able to bring racks of dedicated servers into a few hypervisor hosts. Then, the businesses in the hosting field started to find new ways of making money with virtualized technologies. This was the beginning of the cloud era. However, what I want to emphasize is similar to the technological shift from dedicated servers to virtualization: the majority of today's infrastructures are going through a very interesting phase of moving workloads from on-premises infrastructure to the public cloud. When Microsoft Azure was released, the technology world was deluged with all sorts of discussions again. Most of the points were related to data security, compliance, reliability, and cost.
Over the past few years, Microsoft has been addressing all those concerns and challenges, and it came to the point where organizations could not stay away from it anymore for the following reasons:
- The cloud pricing model (only pay for the resources you use) and operational model can bring down long-term infrastructure operation and maintenance costs.
- Software vendors started replacing their products with cloud-based versions and discontinued support for on-premises versions.
- Microsoft products have equivalent cloud versions on-premises, and new features will only be available in the cloud versions. Also, the cloud versions have more frequent updates and bug fixes compared to on-premises versions.
- It removed dependencies (such as network connectivity, VPN, and firewall configuration) for mobile workers and provided seamless access to workloads from anywhere.
- The cloud adopts new technology changes more quickly compared to on-premises infrastructures.
- A robust cloud infrastructure setup provides high availability (HA) for workloads, which may not be possible to achieve on-premises.
When an organization adopts cloud technologies, it's not easy to bring each and every workload to the public cloud at once. There are limitations for applications that still require some workloads to run on-premises. Even though workloads operate from two technologies, the user identities for the organization would stay the same. Azure Active Directory (AD) helps to extend the on-premises identity infrastructure to Azure Cloud and use the same on-premises identities to authenticate with the application and services, regardless of where they are running from.
In this chapter, we will look at the following topics:
- How to integrate Azure AD with the on-premises AD
- Password hash synchronization
- Azure AD pass-through authentication
- Azure AD seamless Single Sign-On (SSO)
- A step-by-step guide to integrating an on-premises AD environment with Azure AD