31 Days of Servers in the Cloud: Step-by-Step: Extending On-Premise Active Directory to the Cloud with Windows Azure (Part 20 of 31) by Keith Mayer

At 10:00 AM on Sunday, January 20, 2013, Keith Mayer posted Part 20 of 31 in the 31 Days of Servers in the Cloud Blog Series. Below is a small excerpt from his blog.

Extending an on-premise Windows Server Active Directory ( AD ) infrastructure into the cloud is an important topic to consider when planning the migration or implementation of cloud-based applications. Many existing applications require Active Directory for authentication and identity management. When migrating applications to the cloud, having a locally accessible Active Directory is an important factor to ensuring that AD authentication is fast and reliable.

What about Disaster Recovery of Active Directory?

Great point! Extending an on-premise Active Directory into the cloud can also provide a cost-effective option for protecting Active Directory in DR scenarios. In the event of a physical disaster or outage at your primary data center location, a VM running Active Directory in the Windows Azure cloud can provide uninterrupted access to Active Directory for cloud-based applications and other on-premise AD-integrated applications.

Active Directory Options in the Cloud

When planning for Active Directory in the Cloud with our Windows Azure cloud platform, there’s two options available:

  • Windows Azure Active Directory – a cloud-based authentication service that is similar to on-premise Active Directory, but primarily intended for new applications that are being developed for the cloud ( ie., “Cloud-first” applications ).
  • Windows Server Active Directory on Windows Azure VMs – this option provides the ability to host a full instance of Windows Server Active Directory, running on Windows Server 2008 R2 SP1 or Windows Server 2012, as a virtual machine in the Windows Azure cloud.

You can read more about both Active Directory cloud options at:

In this article, we’ll be stepping through the components involved with the second option listed above to extend an on-premise Active Directory infrastructure using Windows Server Active Directory on Windows Azure VMs.

In future articles, I’ll cover the configuration of Windows Azure Active Directory for providing authentication and identity management for “Cloud-first” applications.

Scenario: Extending Windows Server Active Directory into the Cloud

In the scenario described in this article, we’ll be connecting an existing on-premise network with a virtual network in the Windows Azure cloud via a secure Site-to-Site IPsec VPN tunnel. Once the tunnel is connected, the Windows Azure Virtual Network can be treated much like any another subnet on a Wide Area Network (WAN) when provisioning network services that will run in a Windows Azure Virtual Machine.

Scenario: Extending Active Directory into the Cloud


The following is recommended to follow along with this article:

  • A Windows Azure subscription with the Virtual Machines Preview enabled.
    DO IT: Sign up for a FREE Trial of Windows Azure
    NOTE: When activating your FREE Trial for Windows Azure, you will be prompted for credit card information. This information is used only to validate your identity and your credit card will not be charged, unless you explicitly convert your FREE Trial account to a paid subscription at a later point in time.
  • Completion of the Getting Started tasks in the following article:
    DO IT: Getting Started with Servers in the Cloud
  • Prior experience with Windows Server Active Directory. This article also assumes that the reader is already somewhat familiar with configuring Windows Server 2012 Active Directory in an on-premise deployment. For a primer on What’s New in Windows Server 2012 Active Directory, join our Windows Server 2012 “Early Experts” study group and review the following study guide:
    DO IT: Complete the “Early Experts” Installer Quest – Installing Active Directory
Steps: Extending Windows Server Active Directory into the Cloud

To complete the scenario described in this article for extending Windows Server Active Directory into the cloud, we will be using the following exercises:

  1. Configure On-Premise Active Directory Sites and Subnets
  2. Register DNS Servers in Windows Azure
  3. Build Windows Azure Virtual Network with Site-to-Site VPN connectivity
  4. Provision a new Replica Domain Controller in Windows Azure

To get the full article, please read it here: http://blogs.technet.com/b/keithmayer/archive/2013/01/20/step-by-step-extending-on-premise-active-directory-to-the-cloud-with-windows-azure-31-days-of-servers-in-the-cloud-part-20-of-31.aspx.

Harold Wong