The Schwartz Cloud Report

Blog archive

Microsoft Talks Up Active Directory as a Service

Identity management is a key focus in managing ensuring security in the cloud, a technology Microsoft has invested heavily in. The company has a major effort afoot to extend Active Directory, the widely used component of Windows Server for enterprise authentication and identity management, into the cloud.

Microsoft already lets users access Office 365, Dynamics CRM and Windows Intune services via its new Windows Azure Active Directory (WAAD), but its goal is to broadly offer cloud-based authentication and single sign-on as a service.

While the company has remained rather quiet about WAAD, it's starting to disseminate more information. For one, WAAD is not simply a port of the premises-based version of Active Directory bundled with Windows Server. That wouldn't provide the Internet scale and high availability to reliably offer such a service, explained Microsoft technical fellow John Shewchuk in a blog post last week. Here's the upshot:

To make the Active Directory service operate at extremely high scale and with very high availability (including the ability to do incremental servicing) and provide integrated disaster recovery, we made significant changes to the internal architecture of Active Directory and moved from a server-based system to a scale-out, cloud-based system. For example, instead of having an individual server operate as the Active Directory store and issue credentials, we split these capabilities into independent roles. We made issuing tokens a scale-out role in Windows Azure, and we partitioned the Active Directory store to operate across many servers and between data centers.

Beyond these architectural changes, it was also clear that we needed to reimagine how Active Directory would operate in the cloud. In talking with many developers, customers, and partners, we heard that they wanted us to enhance the ability for Active Directory to "connect" -- to the new Internet-based identities from Google, Facebook, and other social networks; to new SaaS applications; and to other cloud platforms.

This process has taken many years, Shewchuk noted. Now that it's baked into Office 365, Dynamics and Intune, select organizations are building applications using WAAD. One example he cites is easyJet in Europe, which is using WAAD and the Windows Azure Service Bus for passenger check-in and other tasks by gate managers.

In a follow-up post due to hit any day, Shewchuk said he will explain how Microsoft is looking to make it easier for developers to tie WAAD to their apps and use it to secure social enterprises.

Posted by Jeffrey Schwartz on 05/31/2012 at 1:14 PM


comments powered by Disqus

Subscribe on YouTube