Solved

Azure Cloud Active Directory

Posted on 2015-01-20
5
145 Views
Last Modified: 2015-10-11
Hey everyone,

I have three sites where the client does not want to incur the management of physical servers.  They would rather push their AD to the cloud.  Currently they do not have AD just three sites with a mix of WIndows 7 Pro  workstations and no central management.

Based on the diagram I have attached, has anyone setup up anything like this? Azure documentation says that on prem DNS and AD is needed.  I am trying to do it without this and all over a site to site VPN connection.

Any Thoughts?

Azure brainstorm idea
0
Comment
Question by:nappy_d
  • 2
  • 2
5 Comments
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 40561317
You cannot do what you want. The closest you can get is a VM in azure running as a DC. But at that point, VMs still need management, patching. You are only shuffling off the cost of hardware maintenance. And if a VPN link is down, so it all authentication. I still *strongly* recommend a DC (or RODC) at every site.
0
 
LVL 32

Accepted Solution

by:
nappy_d earned 0 total points
ID: 40562868
There has been a change Google cloud wil be used to store company data instead of a NAS at each site. We don't want a DC at each site and even if the VPN link is temporarily lost, Windows profiles will be cached to allow pre-existing users to continue their login.

Have you done such a setup before?

Are there issues with sonicwalls? Or is this agnostic in relation to Vpn hardware.
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 40563007
I have done it in a lab, and in some larger environments I have a DC in a VM in Azure for redundancy in ADFS scenarios, but I do not have any environments where the *only* DC is in Azure. I still see too many performance and reliability issues to make that practical. YMMV.  As far as VPNs go, a site to site VPN should be fine as long as you stick to industry standards. Most sonicwalls I've seen can be configured to work, but you won't be using their proprietary client or engine.
0
 
LVL 32

Author Closing Comment

by:nappy_d
ID: 40602735
currently testing with AWS.  Found some documentation on AWS on how to set this solution up.
0
 

Expert Comment

by:zimboman
ID: 41035406
Care to share the AWS experience Nappy?
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Companies keep a much closer eye on costs today, so changing to new Technology – Microsoft Office 365 is the smartest move to take.
The Nano Server Image Builder helps you create a custom Nano Server image and bootable USB media with the aid of a graphical interface. Based on the inputs you provide, it generates images for deployment and creates reusable PowerShell scripts that …
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question