0
votes

We want to setup our enterprise Active Directory on Azure as a fail-over option. ie If the on-premise AD goes down, we should be able to seamlessly switch over to Azure for authentication. How do we realize this?

  1. Should I be considering Windows Azure Active directory (WAAD) or setup a domain controller on an Azure VM image?
  2. In both the cases, how do we setup a sync to ensure both on-premise and Azure AD are always in sync?
1

1 Answers

0
votes

I am not 100% sure, but I think that the Windows Azure Active Directory cannot be used for Enterprise login. It can be synced with On-Premises AD to provide SSO funcionalities across applications, but not to provide Windows Kerberos Authentication.

Installing an AD in a Windows Azure VM would be the way to go here. And the way you do is by creating a Replica AD having your primary AD on premises and your secondary in the Azure VM. You have create a Virtual Network and add it to your local net, so that the Azure VM is accessible from the local net.

A good-to-know is also how the Windows Azure Name Resolution works.