We are planning a new multi tenency azure application based on ASP.NET MVC. The customer data must be completely separated from each other. Customer A may know nothing about customer B nor its existance.
In addition to our business logic the customer may create own users and groups, maintain private contacts and calendars with user management. To meet these criteria, I would like to use the Active Directory and the Exchange Server. According to my research the Exchange Server 2013 is capable of multiple tenents and domains.
So my idea is the following I'm not able to post images. So please take a look to http://img144.imagevenue.com/img.php?image=551844509_AD_Structure_122_27lo.jpg
- A main domain is created in Azure (parent domain)
- users in this domain are just for our global app support
- Each customer is sperated into its own active directory child domain
- Our support has administrative privleges in each customer domain
- Customer has a single admin account and is able to creates several users and groups
- He can discover his domain, but not other customer domains or the parent domain
- A Exchange Server 2013 server is installed on a VM.
- each customer domain is connected to the exchange (multi tenency feature)
- contacts, tasks and calendars are managed with exchange for each customer
- customer A is not able to discover and cannot find any other customer or his data
- login will be done with WIF and user will intact as domain user in his own domain
- We do not want to use Office 365
Is this scenario and structure possible? And it is possible with Azure? We will migrate about 3-5000 customers to this application and we will grow up the next years up to 20.000 customers.
Other features would be nice:
- We want to host our own database servers in our datacenters and connect them through VPN to our Azure Application to prevent copies of them to the U.S. by Microsoft
- Same for shared files and customer files
- Single Sign On from customer site to the application