Upload
hi-techpoint
View
961
Download
1
Embed Size (px)
DESCRIPTION
Description of win-2008 active directory services
Citation preview
Connecting Active Directory To Microsoft Services
Lynn AyresProgram ManagerIdentity Services
Tore SundelinProgram ManagerIdentity Services
BB29
Microsoft Identity Software + ServicesOne identity model that puts users in control of their identities
“Geneva” Framework
Live Framework
Windows CardSpace “Geneva”
Active Directory
“Geneva” Server
Microsoft Services
Connector
Soft
war
eSe
rvic
es Claims-Based Access
Standards BasedEnhances Developer ProductivityFlexibility via Choice
Live IDMicrosoft
Federation Gateway
.Net Access Control Service
Microsoft Identity Software + Services One identity model that puts users in control of their identities
Live Framework
Standards BasedEnhances Developer Productivity
Live ID.Net Access
Control Service
“Geneva” Framework
Windows CardSpace “Geneva”
“Geneva” Server
Microsoft Federation Gateway
Microsoft Services
Connector
Active DirectorySoft
war
eSe
rvic
es Claims-Based Access
Flexibility via Choice
Why Are We Here?
Services Revolution
Identity can be a barrier enabler
Different security zones
Multiple islands
Identity Challenges
Identity can be a barrier
1. Switch from a server (Exchange) to a cloud service
2. Adopt a new service3. Move an on-premises app to a
cloud service
Scenarios
How does a business use services without changing their on-premises identity infrastructure? (ex: Active Directory)
Enterprise Software And Service Topology
DesktopExchange
Azure Services Platform
ISV Apps Microsoft Online
Microsoft Dynamics
CRM Online
Windows Live
Browser
Office
Apps ISV Apps SharePoint
EnterpriseApps
LiveMesh
Cloud
Live Identity Service
Active Directory
Enterprise On-Premises
IT admin
Employees
Developers
Solution Must Satisfy:
Federation is the solution, but we need to do more
Microsoft will offer a free tool that greatly simplifies on-boarding to cloud services
Federation Is Industry Endorsed Solution
Federation hub brokers access for Cloud services: Microsoft cloud applications Developers using Azure Services Platform Other businesses using the Gateway
Manage one relationship to connect to any service
Solution: Microsoft Federation Gateway
Free download for quick and easy setup
Connects Active Directory to the Gateway and cloud services and applications
Protects corporate account security
Solution: Microsoft Services Connector
Enterprise Software And Service Topology
Desktop
Azure Services Platform
ISV Apps
Browser
Office
Apps
EnterpriseApps
Microsoft Federation Gateway
Live Identity Service
Exchange ISV Apps SharePoint
ActiveDirectory
Enterprise On-PremisesMicrosoft Services
Connector
Microsoft Online
Microsoft Dynamics
CRM Online
Windows Live
LiveMesh
Cloud
Microsoft Services Connector Gurbinder Microsoft Partner
demo
Registers the enterprise’s domain, sign-in endpoint, and a token signing key
Enterprise asserts domain ownership via an SSL cert issued by a trusted CA
Ongoing management is automatic
What Happened: Setup
Enterprise
Server Apps
Microsoft Services
Connector
ActiveDirectory
Microsoft Federation Gateway
Microsoft CloudApplications
Developer Services
What Happened: Accessing Services User clicks link for service
Desktop
Browser
Office
Apps
Enterprise
Server Apps
Microsoft Services
Connector
ActiveDirectory
Microsoft Federation Gateway
Microsoft Cloud
Connector validates credentials with Active Directory Connector issues a login token and redirects to Microsoft Federation Gateway
Federation Gateway validates token and transforms claims
Federation Gateway issues service token and redirects to requested service
User accesses service User taken to Microsoft Services Connector for authentication
Applications
Developer Services
Businesses federate once to connect to any service
Services federate once to connect to any business
Hub and spoke model abstracts complexity: Endpoint changes, key rollovers, protocol
changes, etc.
Drill Down: Microsoft Federation Gateway
For businesses: Microsoft Services Connector, “Geneva” Works for businesses without AD Protocols: WS-*, SAML Tokens: SAML
Drill Down: Microsoft Federation Gateway
For relying services: Frameworks: .NET, “Geneva”, Live Messaging: WS-*, SAML , Live Tokens: SAML, Live
Supports range of network infrastructures:
Single server, server farm, proxy server
Active Directory: single domain, single forest, multiple forests
Automates Complex Management Tasks
Drill Down: Microsoft Services Connector
Flexible and customizable end user experience
Architecture consistent with “Geneva”
Microsoft has an internal deployment
Drill Down: Microsoft Services Connector
Businesses adding services to their existing IT infrastructure
Identity must be an enabler
Solution is available today
Why Are We Here?
Microsoft Services Connector Preview available today:
www.microsoft.com/servicesconnector Beta in early 2009
Microsoft Federation Gateway Released, available today Whitepaper On-boarding documentation
We want your feedback! Forum
How You Get It
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.