Is it required that I create my own Azure ACS if I want to use the Active Directory? Am I able to simply create a new application instance on the Active Directory Pane (on the Azure Management Console) without having an ACS to build on? I don't want to need to pay to create my own ACS niche.
I think you're talking about creating an "Access Control Namespace".
It actually isn't necessary to do so. You can register an application with Azure AD without having an ACN "niche" - having an ACN is something that is generally better for larger enterprise applications or those that have to handle requests on many different levels (with many different applications). So unless you're building something very large, there's no reason to set an ACN up on the Management Console (and you can continue to use everything for free with the AD functionality without an ACN). Hope this helps.
Related
My company process sensitive data and needs to restrict access to production environment. How do I organize subscriptons and (storage) accounts so that I have separate environments?
I could have completely distinct subscriptions but I want to give some devs the power to deploy on production while others should only have access to development assets.
In my ideal world, I'd add individuals to security groups. Whenever a thw dev wants to deploy on production, he/she would use his/her credentials plus an extra confirmation step, like an otp. This way I'd avoid mistakes but still keep simple users management. Is that possible in azure?
Eventually what you are wanting to do will be possible, and is possible to some degree depending on the resource. As more of the features of Azure make it into the preview portal (portal.azure.com) they are showing up with Role Based Access Controls, which is what you are looking for. Unfortunately, right now not all of the resources are there and some are there without full RBAC baked in (such as storage accounts).
For now, the best bet is to still separate by subscription. If you need developers to have the ability to perform a deployment you can create a script that performs the deployment (using stored PowerShell credentials or secured management certs) and then give the developers the ability to execute the script.
Is DirSync a must for AD FS hosted on Azure Virtual Machines?
I keep reading Azure solution with DirSync. Is it absolutely impossible to federate directly without syncing active directory.
I am looking to implement Federated Web SSO on Azure, it would be a huge set back having to sync client Active Directories.
Yes, you will need DirSync for AD FS to function properly with Azure. What's the setback, specifically? The only real caveat I can find is a 300,000 object limit, not sure if that's per domain but it seems they're open to lifting the limit if you contact support.
If it's the setup you're concerned about, it's pretty basic. You will likely need clients to provision a VM, but that's not crazy talk or anything. Here's a few (short) TechNet articles to walk you through it:
Prepare for directory synchronization
Active directory synchronization
Install or upgrade the Directory Sync tool
Synchronize your directories
Could someone please confirm whether it's possible to make user of Azure Dedicated Cache using normal console application OR it should be the azure project?
If you're using In Role caching, then it would only work from within your roles that too within the roles in your cloud service. You can't use In Role cache outside of your roles.
If you want your cache to be accessible from outside of your roles, you may want to look into Windows Azure Caching Service which is in preview currently. From whatever documentation I have read about it, my understanding is that this cache can be shared among various cloud resources (Cloud Services, Web Sites, VM etc.). Going by that, I would assume that this cache should be available to your console application also. Check out this blog post from Scott Guthrie: http://weblogs.asp.net/scottgu/archive/2013/09/03/windows-azure-new-distributed-dedicated-high-performance-cache-service-more-cool-improvements.aspx.
You can have a console app for development purposes, but if you want to access with a decent latency, you would anyway have to use cloud.
I work for a network management company and I want to write a .Net application (MVC 4) that will allow us to service Active Directory users from a cloud-based application.
As I have never written a cloud-based app, I don't know if I'm using that term correctly or not. I am in the requirements gathering stage. Basically, I'd like to provide our customers with the ability, for example, to change their own password using our cloud-based application.
is this an application that should be written specifically using Azure? If not, what tools and platform(s) should I take into consideration?
What tutorials or other resources are available ?
Actually, I don't even know enough about Active Directory and Cloud computing to ask the right questions. But, I hope someone will point me in the right direction
Read How to Authenticate Web Users with Windows Azure Active Directory Access Control. There are great walk-throughs there. There is more reading and code samples here - Access Control Service 2.0.
That's using ACS.
You could go direct to Azure Active Directory if you wished?
Refer: Adding Sign-On to Your Web Application Using Windows Azure AD.
If you use Office 365, you already have an AAD tenant.
We are thinking of using Windows Azure for simulation. ~100 VM nodes each working on it's problem set and reporting back the result to a Master node.
I have created VM instances from the web UI. In order for this to work, we would need to use Azure API to bring servers up and shut them down once they are done.
Does anyone have any experience with something like this? I am looking for advise, gotchas etc.
thanks.
You sure can do it and I have helped other to make it happen on hundreds on nodes. Take a look at Windows Azure Rest API to configure your role as described here. While others may have other idea, I think the general steps would be as below:
Create a master machine or a webrole to manage your roles using REST API
Create a worker role instance and use it to clone multiple instances as if needed
Use REST API to start and shutdown worker role along with update the instance count when in need
Use Azure Boot Strapper to bootstrap the VM depend on your requirement
Azure REST based Service Management API can work from a web app or a standalone app, so you can also have a web role to make it happen from anywhere in world. This way you don't need any on premise components at all as it will be totally cloud solution. If you need any help on creating web role I sure can help.
You can provision Virtual Machines using Service Management REST API (there's also a managed API on NuGet).
But in your case you might want to consider using Cloud Services (PaaS). With Cloud Services you simply build your application, you package it and deploy it. Then using the portal or the management API you can simply configure the number of instances. There is even a command line tool (csmanage.exe) which allows you to to change the number of instances through the service configuration.