compdigit44
asked on
Replicating OnPrem AD with Azure Hosted AD VM's
We have a large AD environment and already in the process of moving to Office 365 and have a dedicated circuit in place just to handle all MS traffic. We would like to AD to VM in AZure that are running AD to extend our infrastructure to the cloud for DR purposes. I konw we have to plan out the Azure Network environment and also ensure all data stay within N.A geolocations but was wondering what other items we should consider. I am interest to hear freed back from others who are already doing this.
Guessing you have expressroute? Create a site-site vpn and then on azure join the machines to the domain
ASKER
Right now we have a redundant circuit for all Microsoft traffic and our ISP is setting up Express Route within the next two weeks. My main concerns are the following.
1) Should I be concerned about replication delays?
2) I assume it would be best to have the Azure ADDc's in their own site correct? If this is the case not clients with authenticate to them unless their closet site I.E onprem if offline?
3) Can we install our own AV software?
Also we planned on adding to ADFS server into Azure as well so we have two onprem and two in the cloud. How would traffic go to the cloud if the onprem ADFS servers are offline?
1) Should I be concerned about replication delays?
2) I assume it would be best to have the Azure ADDc's in their own site correct? If this is the case not clients with authenticate to them unless their closet site I.E onprem if offline?
3) Can we install our own AV software?
Also we planned on adding to ADFS server into Azure as well so we have two onprem and two in the cloud. How would traffic go to the cloud if the onprem ADFS servers are offline?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you very much for the great feedback regarding your comment: You don't need to put ADFS servers on premise and cloud as well.
If entire ADFS infra goes down, you can redirect O365 traffic directly to cloud for authentication via Azure AD Connect sync within 30 minutes, this will bypass ADFS, for that purpose you need to configure AD sync with password sync at 1st place
If ADFS goes down then any of our apps that use ADFS will be down as well. I have read the others have created to farms, onprem and in the cloud using SQL ALwaysON to replicate the onprem DB to the clound and manually updated the external DNS when you need to failover..
THoughts???
If entire ADFS infra goes down, you can redirect O365 traffic directly to cloud for authentication via Azure AD Connect sync within 30 minutes, this will bypass ADFS, for that purpose you need to configure AD sync with password sync at 1st place
If ADFS goes down then any of our apps that use ADFS will be down as well. I have read the others have created to farms, onprem and in the cloud using SQL ALwaysON to replicate the onprem DB to the clound and manually updated the external DNS when you need to failover..
THoughts???
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Just some quick basic considerations. My point is while its fine to try show your DR into the cloud, have can you guarantee connectivity/availability if it is your DR solution?