MongoDB World 2018: Partner Talk - Microsoft: LDAP in the Enterprise: Integrating MongoDB with Azure Active Directory Domain Services
Download as PPTX, PDF1 like240 views
This document discusses integrating MongoDB with Azure Active Directory Domain Services. It provides an overview of using Azure AD Domain Services to enable LDAP authentication for applications migrated to Azure, allowing them to use existing on-premises Active Directory credentials. Key points include that AD Domain Services provides a managed Active Directory in Azure that is compatible with on-premises AD and allows applications to authenticate users via LDAP or LDAPS without needing to modify applications. The document also references migrating line of business applications that use LDAP authentication to Azure virtual machines joined to the AD Domain Services domain.
MongoDB World 2018: Partner Talk - Microsoft: LDAP in the Enterprise: Integrating MongoDB with Azure Active Directory Domain Services
- 1. LDAP in the Enterprise: Integrating MongoDB with Azure AD Domain Services Kenn White – MongoDB Rafael Godinho - Microsoft
- 2. AI/ML Analytics Compute Containers Databases Developer Tools Identity Integration IoT Media Mobile Networking Security Storage Web
- 3. 50
- 5. But how do get there? Subscribe to SaaS applications Rewrite existing applications “Lift and shift” on-premises applications to IaaS
- 6. My apps depend on AD Domain Services* I can’t modify some ISV apps—I don’t have source code. “Lift and shift” existing on-premises apps What about identity in the cloud? *AD Domain Services • Domain join • Group policy • LDAP bind/authentication • Kerberos, NTLM • LDAP read/write Windows Server Active Directory Windows Server Active Directory On-premises apps
- 7. VPN Gateway / ExpressRoute connection Domain Controller VM in Azure Azure Windows Server Active Directory On-premises apps Azure Windows Server Active Directory On-premises apps
- 8. Azure AD Domain Services On premises Azure Active Directory Windows Server Active Directory Your virtual network Your Azure IaaS workloads/apps Azure
- 9. Simple • No DC deployment • Forget about patching DCs • Corporate credentials Compatible • Fully compatible with Windows Server AD • Your apps just keep working in the cloud Available • Highly available domain • Auto-remediation • Automatic backups Cost-effective • Pay-as-you-go • No need for complicated networking (VPN/ExpressRoute)
- 10. An LOB application uses a web-form to collect user credentials and authenticates users via LDAP bind to the directory. • Migrate & deploy the app in domain-joined Azure VMs. • End-users sign in using their existing corporate credentials. • This app pattern is often used by organizations to grant access to vendors or partners to their applications. … Virtual network LDAP bind
- 11. Move apps that connect to AD over LDAP/LDAPS to Azure. Access your managed domain over LDAPS: • From app servers within the virtual network • Over the internet (optional) Use LDAPS certificates issued by: • Public certification authority • Self-signed certificates More information: https://docs.microsoft.com/en- us/azure/active-directory-domain-services/active-directory-ds- admin-guide-configure-secure-ldap … Virtual network LDAPS LDAPS over the internet
- 12. Demo Enable Azure Active Directory Domain Services
Editor's Notes
- #4: Trusted Azure is continuing expand its infrastructure footprint around the globe. In fact, Microsoft is the first cloud provider to put data centers in South Africa. Right now, we’re at 42 Azure regions—which is more than AWS and Google combined. The approach Azure takes is different as it is important for enterprise customers to have data in region, close to employees, close to customers as well as have unique data handling capabilities. Learn more: For more information on how we run and secure the datacenters, there are more resources online. Tours are available for our datacenters if you wish to see the capabilities and technologies that are in use in Azure. Trusted: We understand every company, organization, and industry has unique needs and requirements. That’s why we’re building our global infrastructure to provide the scale and performance needed to bring applications closer to users, keep them running with robust resiliency features, and meet your local data residency and compliance needs. Microsoft has invested to more than double the number of Azure regions available to customers over the last three years. We’ve announced 50 regions around the globe, more than any provider – 38 (40 as of April 2) available now, 12 coming soon In March alone we announced: Our first cloud regions in the Middle East (UAE - Abu Dhabi & Dubai) Our intention to be the first global cloud operator to introduce regions in Switzerland (cantons of Geneva and Zurich) New datacenter regions in Germany New regions dedicated to the US government General availability of our France and (as of April 2) Australia (Canberra) regions
- #5: Azure is truly productive, hybrid, intelligent, and trusted. Which is why >95% of fortune 500 use Microsoft Cloud