Deployment scenario: Directory integration components in Azure for disaster recovery

 

Applies to: Office 365

Summary: Describes an Office 365 deployment scenario in which directory integration components are deployed on-premises and on Azure Virtual Machines for disaster recovery purposes.

We're listening to your feedback and consolidating all our Office 365 deployment content. On July 1st, 2015, all information in this guide will be moved to https://support.office.com/, and these pages will be removed from TechNet. As you review the content still on TechNet, you'll notice many have links pointing to the new content already on https://support.office.com/.

To explore content available on https://support.office.com/, start with the Office 365 for business - Admin Help page.

Deploying Office 365 directory integration components across the on-premises environment and Microsoft Azure is the third deployment scenario. AD FS and directory synchronization software are added to the existing on-premises infrastructure as well as being extended to Azure.

This scenario uses your on-premises environment for active use and Azure for business continuity. Combined, they provide a redundant infrastructure for Office 365 directory integration services.

Deploy Office 365 directory integration components deployed across the on-premises environment and Azure

We recommend this scenario for customers who want directory integration with their on-premises environment and a disaster recovery capability in the event their on-premises environment is unavailable.

The following diagram illustrates the high-level architecture for this scenario.

High-level architecture of directory components deployed on-premises and in Azure for disaster recovery

Directory components deployed for recovery

In this topology, customers deploy and operate Office 365 directory integration components on-premises and on Azure Virtual Machines for redundancy. This topology includes the Office 365 directory integration components as shown in the following table.

Location Component Quantity

Customer corporate network

Directory synchronization server

One

Customer corporate network

AD FS servers

Two or more

Customer perimeter network

AD FS proxy

Two or more

Customer corporate network

VPN router

One or two

Azure

AD DS domain controllers

Two per Active Directory domain

Azure

Standby directory synchronization server

One

Azure

AD FS servers

Two or more

Azure

AD FS proxy

Two or more

We recommend at least two servers for all components that support redundancy as shown in the previous table. Your specific server capacity demand may require additional virtual servers. For details, see AD FS capacity planning.

While your existing VPN connections and data centers are online and the directory integration components are functioning, directory synchronization is managed on-premises and authentication traffic takes place only through on-premises components.

In case of a disaster, the failover between the on-premises infrastructure and the hosted infrastructure is a manual operation. The failover procedures for Federation Services and directory synchronization are different. At a high level, these procedures include:

  • Federation Services failover. Requires DNS changes. Until the change is effective and DNS records are propagated, clients are affected and can’t access Office 365 services. End users still experience a downtime during the failover.

  • Directory synchronization failover. Requires the re-installation of the Azure Active Directory Sync tool on a standby Azure Virtual Machine. Because directory replication is required only for directory object changes, existing users can continue to use the service with little to no disruption until the service is restored.

While customers may consider setting up a cross-premises, high-availability (active/active) configuration, we don’t recommend this topology for the following reasons:

  • There is a one-to-one relationship between an Active Directory forest and the Office 365 tenant. Only a single instance of the Directory Sync tool can be deployed to manage that relationship. Installing more than one Directory Sync tool to manage the relationship is unsupported.

  • Site-resilient AD FS configurations are supported; however, to be effective, these configurations require that global load-balancers are deployed in all active locations. This may not be practical because of the following issues:

    • Global load-balancing solutions support multi-datacenter topologies. In a cross-premises scenario, load-balancer components would need to be deployed on-premises and in Azure. This ensures business continuity if the on-premises network is no longer available. While virtual load-balancers may be deployed in Azure, such solutions haven’t been tested for the scope of this article.

    • While DNS round-robin may easily be used for cross-premises deployments, we don’t recommend this approach. It doesn’t guarantee affinity and may result in increased authentication prompts.