What I learned at Microsoft Azure Training Course


Date: Thursday, November 2, 2017

I have been given the idea to share with you some impressions from the Azure course I took last week in Birmingham. So, here are the top 3 features/services that I found useful/enjoyed the most:

1. Implementing directory synchronisation and federation between AD DS (Active Directory Domain Services) and Azure AD which allows for integrating AD DS with Microsoft cloud technologies.

AD DS is a service, managed by Microsoft, which provides the standard Active Directory features (domain joins, for example). It is the preferable option in scenarios where we need to deploy AD DS-dependent workloads in Azure but are also willing to reduce the overhead, caused by the deployment and management of the Active Directory domain controllers which are hosted on Azure VMs (Note: This is because the domain controllers hosted on Azure VMs are managed by the customer whereas the ones hosted on Azure AD DS are managed by Microsoft).

Now about the integration of Azure AD with AD DS, which I find useful as it greatly simplifies the management of identities in hybrid environments. There are two primary integration options: same sign-on and SSO. Both options depend on Azure AD Connect (another tool) to provide the synchronisation between AD DS and Azure AD.

- Same sign-on:
Since the synchronisation process includes password hashes, AD DS users can authenticate and thus, access Azure resources by using the same credentials as those they use to sign in to their on-premises PCs.

- SSO:
This option relies on either pass-through authentication or federation b/n AD DS and Azure AD to provide access to Azure resources without having to reauthenticate.

As mentioned, we can use Azure AD Connect to implement the synchronisation process. This tool automatically synchronises objects from on-premises AD DS to Azure AD, i.e. it makes a copy of the directory objects that are on-premises and pushes to an Azure Directory instance in Azure. But how?! Well, synchronisation is the main component of Azure AD Connect and uses a subset of Microsoft Identity Manager features, including AD DS and Azure AD connectors which allow for the communcation b/n the two identity providers. Indeed, another component of this tool is AD FS (Azure Directory Federation Services) which provides the functionality necessary to implement the federation b/n AD DS and Azure AD.

2. Azure Container Service (ACS)

One of the reasons I like this service is because Azure containers do not require a hypervisor to implement isolation services and apps within containers as they are isolated from the virtual machine host execution environment (in fact, they view the container as a unique operating-system instance). Moreover, developers can start, stop and quickly move services and apps ,which are placed in containers, between development, test and production environments which is very good.

We can even use the Azure Container Service with Mesos (established, tried/tested) and Docker (relatively new technology, excited about this one).
Microsoft teams are now working on AKS (Azure Container Service), which is Microsoft's new managed Kubernetes service and is expected to be even better.

3. Content Delivery Network (CDN)

I find this useful since the services, such as App Service and PaaS cloud services, can benefit from it as it provides globally distributed storage for their content. This allows us to improve the customer experience when accessing these services from remote locations by reducing their response time. Now about the way it works. It replicates the selected content to many servers, which indeed reside in a number of locations around the world and when the user requests CDN-resident content, the request is being forwarded to a CDN server which is closest to the user's location. CDN comes with a lot of benefits, including better service performance, quicker downloads, resiliency, lower latencies, scalability, security.
Also, I was told that Azure CDN has supported HTTPS for many years, but has only been supported when used with a domain, provided by Azure. Good news is that it has been announced recently that we can enable this feature with custom domain HTTPS as well.

Hope you found this useful or interesting.