Mastering Identity and Access Management with Microsoft Azure
上QQ阅读APP看书,第一时间看更新

Stretched Active Directory to Azure IaaS

Extending your local AD Domain Services to Azure IaaS provides you with a very flexible scenario to use your line-of-business applications in the cloud. To use this integration, you need to build a VPN or Express Route connection to Azure.

Domain controllers are highly sensitive roles and will have the most concerns focus on the trust of the service. Many alternative solutions don't support seamless lift and shift migration to Azure like this one:

Extending your Active Directory to the cloud

Follow the following notes:

  • Domain controllers (RW): The best choice for IaaS workloads and will be aware of your replication considerations
  • Domain controllers (RO): Normally used for scenarios with poor security and not an appropriate choice for IaaS workloads
  • Resource forest scenarios: Not recommended for use in IaaS

In the next section, we'll take a look at the Azure AD B2B integration scenario.