27 februarie 2012 07:39
I am building a solution wherein a web application, hosted on-premise, is accessed from within an Azure role. The web application should allow active directory credentials to be used for authentication.
The on-premise intranet machine where the web application is hosted and Azure role are domain joined using Windows Azure Connect. Is it necessary to have Windows Azure Connect endpoint installed on the active directory server too?
Please share if you have any inputs on this.
27 februarie 2012 14:40
I think in your scenario, the application hosted in Azure is trying to access an on-premises application that accepts AD credentials only. Right? In that case,
Is the Windows Azure Connect used solely for the puropose of authentication? If the answer is yes, the recommended solution is to upgrade the web sites to be claims aware and use federated authentication using ADFS or both ACS and ADFS.
27 februarie 2012 17:52
I am using Azure Connect as the solution is basically a load testing rig with the load test agent running on cloud and the app which is being load tested running within the intranet. The app accepts only AD credentials. Do I need to have the Windows Azure Connect endpoint installed on the active directory server too?
28 februarie 2012 03:43Moderator
Using ADFS is an option, but it will take quite a few work unless ADFS has already been setup. And since it is service to service communication, delegation is required.
In your case, if all you need is to connect from Windows Azure to a local service using Windows authentication, you can use Windows Azure Connect. Yes, the domain controller need to join the Connect group. I would like to suggest you to check http://msdn.microsoft.com/en-us/library/windowsazure/gg433029.aspx for more information.
2 martie 2012 12:39
Yes you need to install connect endpoint agent you get from management portal on you AD server. Once you install connect agent on AD server, it will appear under Activate Endpoints section on Azure management portal Then you need to add AD server in the same Azure Connect group under local computers section where your roles are added and make sure you select the check box "Allow connection between endpoint in group".
Some more checkpoint - Make sure that IPv6 enabled on AD server. Open firewall port outbound for TCP 433
The DNS server should be configured to listen on all IP address. You can verify this by going to DNS manager, right click on your server -Properties - tab "Interfaces".
I recommend you create a separate Organization Unit (OU) in Active Directory server for your Windows Azure Role instances so that they can be easily managed.
Hope it helps.
Mark As Answer if it helps you | My Blog
- Marcat ca răspuns de MingXu-MSFTModerator 5 martie 2012 11:35
5 martie 2012 11:35Moderator
I will mark the reply as an answer. If you find it no help, please feel free to unmark it and follow up.