Microsoft Cloud – Which SSO option is right for your company?

As IT organizations begin to implement Microsoft Cloud services, the need for a single sign-on capability increases.   Single sign-on, or SSO, allows users to login once with their account and password and gain access all of their systems without having to login in again to each of those systems.   It significantly reduces administrative costs while increasing user productivity.

The different Microsoft Cloud subscriptions (Office 365, Intune, Azure, etc.) all leverage directories hosted by Windows Azure Active Directory.   The directories are created when you setup a subscription and provide a name.   The suffix is appended to the name you provide and becomes the domain name for users added to the service (e.g.    

Most companies want to leverage their own domain (e.g. for user accounts and use those credentials for access to email and other services.  SSO can be setup across your on-premises and cloud Microsoft environments, but since customers have so many different configurations and requirements, designing and configuring an SSO solution can be very complex.  

There are three different ways to achieve single sign-on with Microsoft Cloud services and Windows Azure Active Directory. Each alternative fits an organization’s particular environment and/or requirements.  

No Synchronization

With this alternative, all accounts are created and maintained in Windows Azure Active Directory. Users authenticate through with their organizational account, which is <user name>@<company domain> because the company domain is added to the subscription through the Office 365 or Azure portals.   This SSO alternative is called “No Synchronization” because there is only one directory and therefore no synchronization with an on-premises domain.

Setup for this SSO alternative is the simplest. The company’s domain is first verified through DNS and a new directory is created in Windows Azure Active Directory for the domain.   The directory is marked as the default directory and users are added to that directory.   Exchange Online and DNS are configured to use that domain name.

This option is a good alternative for organizations that are cutting over entirely to cloud based services. It doesn’t require any on-premises components and there is no synchronization to another directory service. It is not a feasible SSO alternative for organizations maintaining on-premises IT services.

Directory and Password Synchronization

Most companies are implementing specific cloud-based services, not necessarily transitioning all services to the cloud. Therefore, they typically have existing Active Directory domains and on-premises IT services that will be maintained going forward.    

With this alternative, accounts and password are maintained in the on premises Active Directory. The account information and password hash values are synchronized to the directory in Windows Azure Active Directory.   This is not actually an SSO solution, it is a “same sign-on” solution. Users that access local resources are authenticated locally by a domain controller, and if that same user accesses a Microsoft cloud resource, they are authenticated again in the cloud. The benefit to them that they use the same logon and password as they do on premises.

Setting up involves:

  • Verifying and registering your domain with Windows Azure Active Directory
  • Installing and configuring DirSync for directory and password synchronization
  • Licensing synched accounts for cloud services

This option is easy to configure and allows users to leverage their same credentials for all IT services. It doesn’t provide a true single sign-on experience and therefore some features, like Exchange free/busy will not work seamlessly.

Directory Synchronization and Active Directory Federation Services

This alternative is the only true SSO solution for users that require access to both on-premises and cloud systems. It is also required to ensure all functionality is available to users of Hybrid Exchange and SharePoint environments. This alternative involves implementing a security token service (typically an ADFS farm) that trusts a federated domain in Windows Azure Active Directory.  All logons are redirected to ADFS and ADFS issues security tokens that are then passed to the trusting services.  

Setting up involves:

  • Obtaining domain certificate from trusted authority
  • Verifying and registering your domain with Windows Azure Active Directory
  • Configuring your domain for federation
  • Installing and configuring DirSync for directory sync
  • Licensing synched accounts for cloud services
  • Installing and configuring ADFS servers
  • Installing and configuring ADFS proxy servers

The option provides a seamless single sign-on experience, but involves a much greater effort to plan, implement and operate.  

Hopefully this has provided you some good information to help you understand your SSO options for Microsoft Cloud services.   Cloud 9 has developed an SSO QuickStart service offering geared toward quickly implementing a Microsoft single sign-on solution. Give us at 1-855 2 CLOUD 9 to learn more about this or other cloud services.

Posted in Cloud Computing, SQL Azure, Uncategorized, Windows Azure | Leave a comment

Trouble getting started with Microsoft Azure?

Cloud 9 has helped several organizations save money and become more agile by moving their on-premises systems to Microsoft Azure, both Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) solutions. We’ve found that while PaaS solutions provide the greatest long term benefit, IaaS solutions are a quicker path to the cloud. You realize the cost savings sooner, gain valuable experience operating cloud services, and are better positioned to move to PaaS in the future.
We have taken the experience gained and intellectual property created over the years and refined them into a services offering for our customers. The QuickStart for Microsoft Azure IaaS is a short, focused engagement that follows a proven methodology to access, design, plan, and execute your migration to an IaaS cloud solution.
The engagement is led by a Cloud 9 Azure consultant that works closely with your IT resources. The key engagement deliverables are:

  • A detailed assessment outlining issues/risks with suggested remediation/mitigation steps
  • A cloud architecture design identifying Azure components, estimated monthly run costs  and key operational processes
  • Detailed migration plan addressing cloud configuration and system cut-over tasks
  • Your IT service running as Microsoft Windows Azure IaaS solution
  • Knowledge transfer on Microsoft Windows Azure best practices throughout the engagement

A typical IaaS Quickstart engagement takes three to six weeks to complete, depending upon the complexity of the systems targeted for migration to Azure. Cloud 9 will work closely with you to scope the effort and develop an effort/cost estimate.

If you would like learn more about the QuickStart for Microsoft Azure IaaS call us at 1-855 2 CLOUD 9.

Posted in Cloud Computing, Windows Azure | Leave a comment

Azure Import/Export service now generally available

You can use the Microsoft Azure Import/Export service to transfer large amounts of file data to Azure Blob storage in situations where uploading over the network is prohibitively expensive or not feasible. You can also use the Import/Export service to transfer large quantities of data resident in Blob storage to your on-premises installations in a timely and cost-effective manner.

To transfer a large set of file data into Blob storage, you can send one or more hard drives containing that data to an Azure data center, where your data will be uploaded to your storage account. Similarly, to export data from Blob storage, you can send empty hard drives to an Azure data center, where the Blob data from your storage account will be copied to your hard drives and then returned to you. Before you send in a drive that contains data, you’ll encrypt the data on the drive; when the Import/Export service exports your data to send to you, the data will also be encrypted before shipping.

You can create and manage import and export jobs in one of two ways:

Read More:


Link | Posted on by | Leave a comment

Azure HDInsight previewing HBase clusters as a NoSQL database on Azure Blobs

On June 3, Microsoft announced an update to HDInsight to support Hadoop 2.4 for 100x faster queries. Today, we are announcing the preview of Apache HBase clusters inside HDInsight.

HBase is a low-latency NoSQL database that allows online transactional processing (OLTP) of big data. HBase is offered as a managed cluster integrated into the Azure environment. The clusters are configured to store data directly in Azure Blob storage that provides low latency and elasticity between performance and cost. This enables customers to build interactive websites that work with large datasets, to build services that store sensor and telemetry data from millions of end points, and to analyze this data with Hadoop jobs.

How To Create a HBase cluster

To try HBase during the preview, PowerShell should be leveraged.

1. Install Windows Azure PowerShell

2. Setup Environment

3. Capture cluster credentials in a variable

PS C:\> $creds = Get-Credential

4. Create HBase cluster:

PS C:\> New-AzureHDInsightCluster -Name yourclustername -ClusterType HBase -Version 3.0 -Location “West US” `

-DefaultStorageAccountName -DefaultStorageAccountKey “yourstorageaccountkey” `

-DefaultStorageContainerName hbasecontainername -Credential $creds -ClusterSizeInNodes 4

Manipulating Data in HBase Cluster

Application developers can access HBase data through REST APIs, HBase shell and different types of map reduce jobs like Hive and Pig. HBase shell provides interactive console to manage HBase cluster, create and drop tables and manipulate data in them.

1. To open HBase shell first enable RDP connection to the cluster and connect to it

After the cluster is created it will appear in the Azure Portal under HDInsight service

Open the CONFIGURATION tab of the cluster.

Click on the ENABLE REMOTE button at the bottom of the page to enable the RDP connection to the cluster.

Click on the CONNECT button at the bottom of the CONFIGURATION tab.

2. Open the HBase Shell

Within your RDP session, click on the Hadoop command prompt shortcut located on the desktop.

Open the HBase shell:

cd %HBASE_HOME%\bin

hbase shell

3. Create a sample table, add a row to the table and list the rows in the table:

create ‘sampletable’, ‘cf1′

put ‘sampletable’, ‘row1′, ‘cf1:col1′, ‘value1′

scan ‘sampletable’

Posted in Uncategorized | Leave a comment

10 Things You Need to Know About Office 365

With the final release of Microsoft Office 365 (Home Premium), Microsoft has taken bold steps to change its game. The latest office suite is radically different from previous versions of Microsoft Office, from how it’s distributed to what’s included to how it’s priced.

The good news is most of the changes are extremely positive, a large reason Microsoft Office 365 Home Premium edition remains an Editors’ Choice here at PCMag. Even though change is good in this case, there’s still a lot you need to know before deciding to buy or install the suite. Here are ten of the most important facts about the new Microsoft Office 365.

1. In the cloud. Microsoft Office 365 is “in the cloud” from two perspectives. First, buying the suite necessarily requires downloading it, which is to say, you can’t buy it on a disc (the exception being in developing countries, where Microsoft will continue to sell discs). Second, the office suite itself is set up to save your documents to the cloud, SkyDrive in this case, if you so choose. You do still have the option to save files locally, but the apps integrate tightly with SkyDrive.

2. Price and subscription model. Microsoft Office 365 Home Premium is now being sold in the subscription model, and it costs $99 per year for an entire household to install (more details below). Some of the other versions of the suite are sold as a “perpetual” license, meaning one copy of the software is licensed to only one machine, but that license is good for life.

3. License good for five devices. Paying a subscription fee for Microsoft Office 365 Home Premium does have one huge advantage: You can install Office on up to five devices, and these can include both Windows machines and Macs. Microsoft says you’ll be able to install the suite on additional, select mobile devices “when available,” which is a cryptic way of not promising apps for the big two mobile OSes, while still dangling the carrot.

4. Operating systems. You can install Microsoft Office 365 on machines running Windows 7 or 8 (but not Vista or XP). When you install the software on a Mac running OS X (10.5.8 and higher), you’ll actually get Office 2011 (full version), rather than Office 365.

5. Apps included. The Home Premium version of Office includes Word, Excel, PowerPoint, Outlook, Publisher, OneNote, and Access. OneNote is not included in the Mac version, however.

6. Must install all apps. You cannot customize your installation of Office 365 Home Premium by choosing not to install some of the apps. The whole suite gets installed despite whether you plan to use, say, Microsoft Access or Publisher.

7. Works on touch-screen devices. The new Office is designed to work on touch-screen devices, like tablets and touch-screen laptops running Windows 8. (See my early hands-on first impressions of the suite on the touch-screen device.)

8. Includes 27GB cloud storage. As mentioned, Office 365 was designed to integrate tightly with SkyDrive, Microsoft’s answer to Google Drive. Every SkyDrive user gets 7GB space free to start, and Home Premium subscribers of Microsoft Office 365 get an additional 20GB of space, giving them a total of 27GB.

9. Free Skype minutes. One neat perk that’s easy to overlook is that Home Premium subscribers get 60 free Skype minutes per month to call landlines in supported countries. Skype-to-Skype calls are always free, but for times when you need to dial an international landline number, you can use your free Office minutes.

10. Additional versions and discounts. Home Premium is just one of several slices of Microsoft Office that’s available. The Office 365 business editions are due to be released on February 27. University students and faculty can also get a big discount for an Office package that’s a little pared down, but much less expensive at only $79 for four years, usable on two devices.

Posted in Uncategorized | Leave a comment

Backup and Restore of Azure Virtual Machines

Microsoft recently announced a new capability in Azure that provides the ability to create snapshots of running Virtual Machines (OS and data disks).   It is implemented as a specialized image that can be then provisioned using the New-AzureQuickVM cmdlet.     The functionality is not currently available through the Azure Management Portal, but can be done via Azure PowerShell cmdlets available with the Azure SDK.

I will walk through an example of “backing up”  a virtual machine using the Save-AzureVMImage cmdlet, and then “restoring” from that specialized image.  If you are new to managing Azure with PowerShell, refer to How to install and configure Azure PowerShell.

The virtual machine to be backed up is C9test:

PS C:\> get-azurevm | where {$_.Name -eq "c9test"}
ServiceName                Name                       Status
-----------                ----                       ------
C9Test                     C9Test                     ReadyRole                 

C9Test has the following disks (1 OS disk and 1 data disk) in blob storage:


1. Execute Save-AzureVMImage to create the specialized image (Backup)

PS C:\> Save-AzureVMImage -ServiceName "c9test" -Name "C9test" -ImageName "c9test-backup" -OSState Specialized

OperationDescription             OperationId                                 OperationStatus 
--------------------             -----------                                 --------------- 

Save-AzureVMImage                dbf853a7-9a3b-9f46-97a8-25700dfc8cf9        Succeeded

The disks created are named as follows:

<vm name>-os-YYYY-MM-DD.vhd    (for the OS disk)

<vm name>-datadisk-<#>-YYYY-MM-DD.vhd   (for the data disks)

Here are the disks created in this example:


2. Delete the C9test virtual machine and cloud service  (so we can demonstrate the restore from image)

Remove virtual machine:

PS C:\> Remove-AzureVM -Name "c9test" -ServiceName "c9test" -DeleteVHD
OperationDescription         OperationId                                OperationStatus                           
--------------------         -----------                                ---------------
Remove-AzureVM               26b610c1-e49c-9182-a54c-1ab8ed4c4022       Succeeded

Disks have been removed and only disks from the backup exist:


Remove cloud service:

PS C:\> remove-azureservice -ServiceName "C9test" -Force
WARNING: 10:02:41 PM - Removing cloud service C9test...

3. Create a Virtual Machine from the specialized image using New-AzureQuickVM (Restore)

PS C:\> New-AzureQuickVM -ImageName "C9Test-backup" -Windows -ServiceName "C9Test" -Location "East US"

OperationDescription                       OperationId                                OperationStatus
--------------------                       -----------                                ---------------
New-AzureQuickVM                           fd42d11b-f9c0-95d8-92e2-c666d7ef8de3       Succeeded
New-AzureQuickVM                           6261cc5a-b3d6-9c72-9808-3013fbad8274       Succeeded 

PS C:\> get-azurevm | where {$_.Name -eq "c9test"}

ServiceName                     Name                               Status
-----------                     ----                               ------
C9Test                          C9Test                             ReadyRole

The VM creation has created new disks in blob storage:



To remove saved Images, you can use the Remove-AzureVMImage cmdlet

PS C:\> remove-azurevmimage -ImageName "c9test-backup" -DeleteVHD
OperationDescription               OperationId                                 OperationStatus                           
--------------------               -----------                                 ---------------
Remove-AzureVMImage                f11c14e2-dac7-993b-9811-5c944f9e8428        Succeeded

Hopefully this example around saving specialized images will help you implement a backup strategy for your Microsoft Azure virtual machines.   Cloud9 has additional tools and techniques for managing virtual machines and storage.   Contact us at or 1-855 2CLOUD9 to for more information.

Ken Channon






Posted in Cloud Computing, Windows Azure | Leave a comment


As Microsoft, Amazon, Google compete for capturing the Cloud market, Microsoft is standing by its commitment to match the prices of AWS.  Microsoft is cutting prices on compute by up to 35% and storage by up to 65%.  This will mean:- 

  • General Purpose Instances called “Basic” (A0-A4) that offers similar machine configurations as available today but without Load balancing or auto scaling to cost 27% less effective April 3rd
  • Microsoft is reducing Memory-Intensive Instance (A5-A7) prices by up to 35% for Linux instances and up to 27% for Windows instances, effective May 1.
  • Microsoft is reducing Block Blob storage pricing by up to 65% for LRS and up to 44% for GRS, effective May 1.
  • Azure is moving to region-specific pricing.

Read more on:


Aside | Posted on by | Leave a comment