Team,
One of our client is using the Cognitive seach offering created using the Search SDK(Azure.Search.Documents) for their web sites hosted in Azure App Service. This is a multi layered text based search. Now they want to use the similar feature in on-premise for some internal apps hosted inside their on-premise environment. I am aware that the Cognitive Search has container offerings fo some of their Cognitive based services.
My query here is can i get the similar feature from on-premise using the Azure Search SDK, without having outbound connection from on-premise to Azure for Invoking the Cognitive Services Deployed in Azure? Or do we have any container based offering for Search, which can offer the similar feature? Does the Container offering is providing the the search feature too?
Thanks
TM
Related
We are using the ADFS activity report to migrate our applications to AAD. Everything shows as Ready and when we click on the Ready link, the text says "We've detected on-premises settings for this relying party that can be migrated to a new Azure AD enterprise application. We'll map the fields and create the new application, but users won't be redirected to it until you say so." By the last statement, it seems like the application is automatically created now. Is that the case? If so, how long does it take to create the application and does it keep the same name as in ADFS?
• The message that you encountered “We've detected on-premises settings for this relying party that can be migrated to a new Azure AD enterprise application. We'll map the fields and create the new application, but users won't be redirected to it until you say so.” Means that the application is a SaaS application available in Enterprise application gallery in Azure AD. This does not in anyway mean that the application has been created automatically, it just means that the application is ready to be migrated to Azure AD and is fully available as a SaaS application in Azure AD gallery and doesn’t need any further relying party configuration migration from the on-premises ADFS server.
• Since the message is displayed only for SaaS apps readily available in Azure AD gallery and are equally configured as a relying party trust in ADFS, its configuration information is readily migrated through the ADFS Connect health application to Azure AD and it can be configured in the cloud itself with admin account access needed for the SaaS application’s account for SSO and SAML authentication configuration required through Azure AD.
You can find the image below for your reference, it shows the ‘Dropbox’ application as ready for migration from ADFS to Azure AD: -
Through the above option enabled, you can easily configure your application’s SSO configuration in Azure AD. If all the configurations are up and running, it will happen instantaneously within a few minutes of time.
Kindly refer to this link for more information on migrating federated apps from ADFS to Azure AD: -
https://github.com/AzureAD/Deployment-Plans/tree/master/ADFS%20to%20AzureAD%20App%20Migration
I think the report is still in preview and it is missing a create application button.
All the documentation only shows the reports & not the create process.
Also this migration tool, is a repackage of the powershell test commands:
https://github.com/AzureAD/Deployment-Plans/tree/master/ADFS%20to%20AzureAD%20App%20Migration
So I assume you need to create the application manually based on the report.
I want to increase my usage of managed service identities for azure resources (aka MSI).
This works perfectly within my azure ecosystem of course, but we have this one single oracle on-premise database that uses a simple user+pw credential.
Afaik there is Oracle Identity Federation (OIF) that can integrate with (non-Azure) Active Directory via ADFS.
Is there a way I can use this with Azure AD as well?
Cheers
I would like to know if it's possible to use Active Directory integrated security within Azure Webapp Standard version to access Azure VM SQL Server.
We have an Azure VM with SQL Server installed and joined into an Azure Directory Domain Services. The VM/SQLServer is being restricted to be accessed only within the VNet, so this VM has no Public IP.
The Webapp is connected via VNet Integration to the VNet of the AD DS and VM's.
if someone could explain me if that possible/not possible to implement such a solution and what are the options that I havein AZure to use the integrated security.
Edit: Regarding managed identity in AZure Web App, only certain Azure Resources that can have a Managed Identity assigned, which here the Web App is one of them.
And to be able to access a resource using MI that resource needs to support Azure AD Authentication, this is limited to specific resources:
Source: Services that support managed identities for Azure resources
- Azure Resource Manager
- Azure Key Vault
- Azure Data Lake
- Azure SQL
- Azure Event Hubs and Service Bus
- Azure Storage
The Azure vm SQL Server is not listed as one of the resources that can be accessed through AD managed identity.
if someone could explain me if that possible/not possible to implement such a solution and what are the options that I havein AZure to use the integrated security.
Yes, it's possible. You could configure your App Service app to use Azure Active Directory to access Azure VM sql server.
Work Flow:
The VNet Integration feature is built on top of point-to-site VPN technology. Apps in Azure App Service are hosted in a multi-tenant system, which precludes provisioning an app directly in a VNet. The point-to-site technology limits network access to just the virtual machine hosting the app. Apps are restricted to only send traffic out to the internet, through Hybrid Connections or through VNet Integration.
For more details, you could refer to this article.
Can we use aws mobile hub for authentication and integrate asp.net web api for other business logic is it a good design ? I want to use sql server instead of dynamodb also i am not very fimiliar with lambda functions. Any suggestiosnb
I'm not providing a recommendation here regarding ASP.net, but I just wanted to let you know that you can use AWS RDS to host managed SQL Server instances, so you do have the option of using an architecture like...
Amazon API Gateway ->
AWS Lambda ->
AWS RDS (SQL Server)
You can find documentation on that here:
http://docs.aws.amazon.com/lambda/latest/dg/vpc-rds.html
...and more info about AWS-hosted SQL Server...
https://aws.amazon.com/rds/sqlserver/
And, if you want to kick the tires on hosting business logic in the cloud using Amazon API Gateway and AWS Lambda, you can create an API in AWS Mobile Hub, here:
https://aws.amazon.com/mobile
I'm researching whether or not it makes sense for my company to use Azure for some outward facing applications. We need it to integrate with Active Directory so that it knows who they are without having to login to the site, kind of a single sign-on. Has anyone done anything like this or what tools I'd need to use to do it?
To elaborate a little, currently all of our intranet apps use Window Authentication with AD groups to determine who has what access and what level of access they have to the apps. So, once they log onto their machines, they don't have to login again to access any of our home grown apps. We're looking at using the Cloud but we want to keep the same login paradigm if at all possible. Ideas?
Thanks,
Jeremy
You can federate AD to Azure - you will need at least 1 server (on premise) running Windows Server 2008 R2 to get the ADFS bits (code name was Geneva). Then on the Azure side, you use the Azure App Fabric authentication. See MSDN.
An observation on Pat's answer:
*Then on the Azure side, you use the Azure App Fabric authentication. See MSDN
That is not necessarily correct. In the simplest form, which looks like what Jeremy needs, the web site on Windows Azure would simply trust the local ADFS server on-premises. To do this you would use WIF (Windows Identity Foundation).
This scenario is extensibly described in multiple documents. Check Here
A scenario in which you would use Windows Azure AppFabric (the latest CTP) is one in which the app would trust multiple identities simultaneously, and Appfabric would act as an "Identity Hub".