关于在内部使用AADDS和Azure Active Directory +的困惑 [英] Confusion about using AADDS and Azure Active Directory + On premise
问题描述
大家好,
我相信我对如何使用AADDS和Azure AD非常了解,但我有一些难以将部件放入拼图中。我知道如何在on prem和azure AD之间进行同步以及Azure AD和AADDS之间的同步是如何工作的,但是我在努力寻找你在内部部署时需要AADDS的主要原因?
I believe I have pretty good knowledge how to use AADDS and Azure AD, however I have some difficulties to put the parts in the puzzle. I know how to do sync between on prem and azure AD and how the sync between Azure AD and AADDS works, however I am struggling finding the main reason why you will need AADDS when you have on - premise?
我知道当人们需要Kerberos或LDAP或者需要某种"DC"时,人们正在使用AADDS而不是Azure AD。解决方案,但是因为他们有On-prem为什么他们需要AADDS?
I know that people are using AADDS instead of Azure AD when they need Kerberos or LDAP or need some "kind of DC" solution, however since they have On-prem why they will need AADDS?
这将是使用这些应用程序的主要原因吗?但是让所有这些帐户在azure AD中同步,这些用户仍然可以使用SAAS应用程序。 所以你有什么想法吗?
Will be the main reason using the apps ? but having all those accounts synced in azure AD those users still will be able to use SAAS applications. So do you have any ideas guys?
提前致谢!
Thanks in advance!
干杯。 SS
推荐答案
您好 Scorpio69 ,
其中一个创建Azure AD域服务的最重要原因是因为许多客户在Azure中为其内部部署应用程序请求了旧版身份验证方法。一旦客户开始评估azure并将他们的应用程序
工作负载移动到云,他们发现有许多目录感知应用程序(需要执行任何LDAP查询)和仅适用于基于WIA( windows集成身份验证)的遗留身份验证协议,如
Kerberos,NTLM等。将应用程序迁移到azure的成本相当低,但现代化它们以支持更新的基于REST的现代身份验证方法支持Azure AD本身就像oAuth一样。因此很多客户要求
相同。因此,产品工程将此功能构建为一种产品,可帮助组织帮助他们将本地应用程序"升级并转移"到云中,而不会出现任何问题,确保应用程序已具有相同类型的基础架构
在云端,因为他们有内部部署。
One of the most important reasons Azure AD domain services was created was because a lot of customers requested for legacy authentication methods for their on-premise applications in Azure . Once the customers started evaluating azure and moving their application workloads to cloud , they found that there were many directory-aware applications (which needed to do any LDAP queries) and applications which worked only on WIA based(windows integrated authentication) legacy authentication protocols like Kerberos, NTLM etc. The cost of moving the applications to azure was quite less but modernizing them for supporting newer REST based modern authentication methods supported natively by Azure AD like oAuth was far more . Hence a lot of customers requested for the same. So the product engineering built this feature as a product offering for helping organisations to help them 'lift-and-shift' on-premises applications to the cloud without any issues making sure that the application already have the same kind of infrastructure in the cloud as they have on-premise .
现在问到为什么他们需要Azure ADDS,如果他们已经拥有内部部署DC。他们中的很多人不需要它,但在大型组织中运行和管理具有各种硬件维护成本远低于b $ b的内部部署环境的成本超过了优势,因此如果将应用程序迁移到Azure,每个人都可以获得更好的ROI 。因此,任何想要完全迁移到azure的组织都希望拥有此功能并使用它。它在很大程度上取决于组织需求。如果考虑到一个组织的所有因素,它们可能很可能决定使用本地环境而不启用Azure AD域服务。
Now coming to the question why they would need Azure ADDS if they already have on-premise DCs. A lot of them would not need it but in large organisations the cost to run and manage on-premise environments with all kinds of hardware maintenance costs far outweighs the benefits hence everyone finds a better ROI if the applications are moved to Azure. So any organisations thinking to migrate completely to azure would like to have this capability and use it . Also it largely depends on organisational needs. It may be very much possible that if one considers all the factors for one's organisation , they may decide to rather use on-prem environment and not enable Azure AD domain services .
我希望上面的解释能够解答您的疑问。如果您有任何疑问,请随时告诉我们,我们将很乐意为您提供帮助。这是一个很好的问题,如果以上解释对您有帮助,请将其标记为答案,以便帮助
其他社区成员搜索相同的查询。
I hope the above explanation answers your queries. Feel free to let us know in case you have any further queries and we will be happy to help . this is a great question and if the above explanation helps you , please do mark it as answer so that it helps other community members who are searching for the same queries.
谢谢。
这篇关于关于在内部使用AADDS和Azure Active Directory +的困惑的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
