Header-Leuchtturm-b

Phone  +49 6126 710 796 0

Integration of Cloud Services like Office 365

Integrating Cloud Services in the enterprise network

The use of cloud services is being discussed intensively in many companies. The discussions does usually lead to the following questions:

  • Is our data safe in the cloud?
  • Can I get fast access? At any time and from any place on the world ?
  • Do Cloud Services meet the compliance guidelines of the company?

It gets really interesting when the decision is "pro cloud" and the implementation project is about to start. If you need help, you can rely on the experience of our specialists. Feel free to call or to send us a message.

Cloud services in general

Cloud services are a complex issue. There are many providers whose offers differ just in details. Due to the already gathered project experience the experts of FirstAttribute focus on the Microsoft cloud solutions.

Microsoft cloud solutions can be

  • IaaS (Infrastructure as a Service)
  • PaaS (Platform as a Service) and
  • SaaS (Software as a Service).

It is a mix of public cloud and private cloud services. Microsoft calls its public cloud service MS Online (Microsoft Online) or in short MS-O, the private cloud is called the On-Premises or short OnPrem.

On the way from OnPremises to a SaaS solution, responsibilities also move from from the local IT to the cloud service provider. The picture below shows you how the responsibilities for each cloud solution are balanced between the local IT and the cloud service provider .


Comparison of cloud variations OnPremise , IaaS , PaaS and SaaS

Cloud-Comparison

 
Cloud Computing with Microsoft - Examples :

OnPremises Server and applications are in your own computer center
IaaS Microsoft Azure Server in the Cloud computing center, OS are in self-responsibility
PaaS Microsoft Azure SQL Server in the Cloud computing center
SaaS Office365, Exchange, Sharepoint, Lync are in the cloud

 

Microsoft Office 365

Microsoft Office 365 is a SaaS (Software as a Service) solution from Microsoft .
Office365 comes in 3 versions:

  • Office 365 Small Business Premium
  • Office 365 Midsize Business
  • Office 365 Enterprise

The characteristics and of each verison can be found on the Microsoft website: http://office.microsoft.com/en-us/business/

Basically, the follwing components are offered:

  • Exchange Online ( EXO )
  • SharePoint Online (SPO)
  • Lync Online (LYO)
  • Office Online (Word, Excel, PowerPoint, Outlook, Access)

Technically seen, Microsoft provides a Microsoft Azure Active Directory domain in a so-called cloud tenant (client). This domain is the basis for an Exchange organization and the provision of other services such as SharePoint. The Office programs (Word, Excel etc.) are streamed via App-V directly to the terminals.

 

Workplace integration

The main questions here are:

  • How do cloud services fit into the existing environment?
  • How does the daily business look like for the user?
  • How does the end user access to the cloud services ?
  • Is it all transparent and understandable to the user ?


Three-step concept for the integration

1 Directory synchronization

Establish a directory synchronization between the OnPremises AD domain in your own data center and the Microsoft Azure Active Directory domain based on the MIIS (Microsoft Identity Integration Server). So you can access the cloud tenant with the regular user name. You can now access a different domain (Azure AD) and with a different password.

2 MIIS Password Synchronization

Establish a MIIS Password Synchronization. The directory synchronization with the Microsoft Identity Integration Server enables the transmission of passwords in the Microsoft Azure Active Directory domain. Thus, users can sign in with the same username and password both OnPremises as well as in the cloud - but on two different domains.

3 Single Sign-on SSO

Establishment of the single sign-on SSO. A STS (security token service) is required which is set up with a ADFS Trust (Active Directory Federation Services) between the Microsoft Azure Active Directory domain and the AD domain OnPremises. This allows you to directly access to cloud services without further notification. The SSO solution is the best solution for the user, but also the most complex.

For this reason we want to go a bit more into detail in the next chapter.

Cloud-Office365-Integration

 

Single Sign-On SSO

The implementation of SSO requires a Windows domain in mode 2003R2, 2008, 2008R2 or 2012. You can install the ADFS service either as ADFS 2.0 on a Windows Server 2008R2 or as ADFS role on a Windows Server 2012. If users want to log on to the cloud using SSO outside the intranet, an AD FS 2.0 proxy server in the DMZ is necessary. The Cloud login page passes the authentification on the ADFS proxy to the ADFS server and the OnPremises domain.
The routing works if the user logs on using his UPN (UserPrincipalName), eg username@company.com. In addition, the DNS suffix of the UPN must be a public registered DNS domain. Only that way the forwarding target can be resolved externally to the ADFS proxy in the DMZ.
It is might be the best to use the e-mail address as UPN here, as this is known to the user. Even for users who log on to their workstation to a domain PC, the UPN of the user object must be correctly maintained to provide a proper SSO.

 

Conclusion

If you look at SSO it is easy to see that a cloud service integration is a very complex issue. The UPN is just one of many examples that must be considered before and during the implementation. In addition there are public certificates, external DNS entries, firewall rules, and trusted sites entries in Internet Explorer (to name just a few). All these should be taken into consideration to get the connection to the cloud work smoothly.

If you have questions or need support, you can rely on the experience and expertise of FirstAttribute. We support and accompany you on your journey to the cloud. Feel free to contact us.

graphics: adapted from Microsoft sources

©2016 FirstAttribute AG - All rights reserved.

Realization Site Point GmbH

Legal notice