I am at the Ignite again. Tuesday was the day for application publishing and AD Federation Services for me.
I just want focus on the main points:
AD FS
- AD FS 3.0 is using OAuth2 as the strategic protocol (reasons: platform support much broader, no api pre-requisited, always a web logon experience (consent to use app, MFA integration))
- AD FS 3.0 will allow other LDAP servers as authentication system
Web Application Proxy Service:
- strategically seen from Microsoft as the successor of UAG and TMG
- Features will be first introduces in Azure AD and then later also be available with the new Windows Server 2016
- The WAP service on Azure requires the install of a small agent on one of your on-premise servers. Interesting is that this client requires only outgoing traffic but no incoming ports. Is that a relief for you or does it scare you? What will your Information Security team think about that? Do they think about it like about a Trojan Horse, possible. So get prepared for their questions.
- The WAP connector can be installed on multiple machines to provide fault-tolerance and load-share. Microsoft has plans to allow to have connectors in multiple locations and to bind URLs to a specific connector, e.g. you run a app in a co-location and all others in you main datacenter.
- Microsoft will also add better monitoring and logging to the WAP service. Right now troubleshooting is very limited.
So if you ask me, the Web Application Proxy service in Azure is they way to go. And if you see how easy it is to configure it, you probably do not want go back to the old days with UAG and TMG.
btw: WAP is used from Microsoft as acronym for Windows Azure Pack and Web Application Proxy, so don't get confused. Here it is all about the Web Application Proxy
If you want watch the sessions online go here
http://channel9.msdn.com/Events/Ignite/2015/BRK3867
and
http://channel9.msdn.com/Events/Ignite/2015/BRK3864
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment