At Microsoft, we have been on a transformative journey to cloud computing and we have been working with customers every step of the way. Millions of customers have embraced the cloud and we are excited to share the news that we’ve reached a major milestone in cloud scale computing. Since the inception of the authentication service on the Windows Azure platform in 2010, we have now processed 200 BILLION authentications for 50 MILLION active user accounts. In an average week we receive 4.7 BILLION authentication requests for users in over 420 THOUSAND different domains. This is a massive workload when you consider others in the industry are attempting to process 7B logins per year, Azure processes close to that amount in a week.
These numbers sound big right? They are. To put it into perspective, in the 2 minutes it takes to brew yourself a single cup of coffee, Windows Azure Active Directory (AD) has already processed just over 1 MILLION authentications from many different devices and users around the world. Not only are we processing a huge number of authentications but we’re doing it really fast! We respond to 9,000requests per second and in the U.S. the average authentication takes less than 0.7 seconds. That’s faster than you can get your coffee from your cup and into your mouth! (Do not attempt this at home :-))!
While cloud computing is certainly evolving, Microsoft has been delivering cloud services for some time. Six years ago we introduced cloud productivity services and Live@edu was one of the first offerings for our education customers. This enabled universities to get out of email and infrastructure administration and focus on their core strengths of educating the future generation in higher education. Today Live@edu has transformed into Office365 for Education and has expanded to deliver anywhere access to email, calendars, Office Web Apps, video and online meetings, and document-sharing.
As we continue to evolve our cloud services it may not be widely known that all of the Microsoft Office365 authentication is driven through Windows Azure AD. And that’s not all, Windows Azure AD is also the directory for many of Microsoft’s first party cloud-based SaaS offerings for our customers including Microsoft Dynamics CRM Online, Windows Server Online Backup, Windows Intune, and as we’ll discuss tomorrow, Windows Azure itself.
In addition, Windows Azure AD goes beyond the first party services delivered from Microsoft. It is being used by our customers and third party developers as well. By using Windows Azure AD we deliver cloud based authentication services for you at scale with fast response and, if desired, enable federation and synchronization with your existing on-premise Windows Server Active Directory (AD). This is important as Gartner estimates that 95% of organizations already have Active Directory deployed in their environment.
By connecting your existing Windows Server AD to Windows Azure AD you can manage a hybrid environment that provides unified authentication and access management for both cloud and on premise services and servers, eliminating the need to maintain new, independent cloud directories. In addition, Windows Azure AD supports multiple protocols and token types, therefore apps that use it can be accessed from any device that supports an industry standard web browser including smartphones, tablets, and multiple PC, desktop and server operating systems.
There are a few key concepts where we’d like to offer more insight. First, Windows Azure AD has been architected to operate in the cloud as a multitenant service with high scale, high availability, and integrated disaster recovery – this goes far beyond taking AD and simply running it within a virtual machine in a hosted environment.
- Authentication requests (e.g. to service user logins) are sent from the user and/or devices to Windows Azure AD. Authentication types vary but some common examples include refreshing your Outlook email from your phone or logging in to the Windows Azure Management portal.
- Federation is the ability for Azure Active Directory and your existing on premise infrastructure to work together delivering a single sign on experience for users while keeping user passwords on-premise in a company’s servers. Federation also gives IT the option to require multifactor authentication for increased security.
- Single-Sign On is the ability for a person to login in once and not have to re-enter their credentials each time when accessing different services or applications. It’s an important part of the Azure AD because it delivers a secure, yet simple way for your users to connect to their resources running on Azure.
One of my favorite stories about how customers are taking advantage of a ‘hybrid’ architecture, leveraging Azure, maintaining IT control while saving costs and improving their end-user experience, is from Georgia State University.
Georgia State University (GSU) switched to cloud based Microsoft Office365 and saved $1 Million in operating costs to better support mobile and remote workers using PCs, Macs and various mobile devices and to better interoperate with already-planned on-premise deployments, including Windows Server Active Directory and Microsoft Office applications. “We’re saving the equivalent of 2.5 full time employees who no longer have to deal with on premises server administration,” says J.L. Albert Associate Provost and Chief Information Officer.
During this effort Microsoft worked with GSU to ensure that their on premise AD would fully support Office365 with federated identity and single sign-on capabilities – all integrated using Windows Azure Active Directory. This approach allowed GSU’s IT department to maintain only one user ID and password per employee, saving time for both IT staff and users, enabling them to repurpose IT resources to higher priority projects. “Using a single sign-on integrates everything for us and saves us valuable time versus the multiple processes we had before,” says Bill Gruska, Director of IT Production Services.
For more details on how we’re using Windows Azure Active Directory to enable authentication and single sign on for Microsoft’s software as a service offerings, and how you, as a Developer or an IT Pro, can leverage Windows Azure AD, check out John Shewchuk’s blog posts on Reimagining Active Directory Part 1 and Part 2 as well as Alex’s Simon’s posts Enhancements to Windows Azure Active Directory Preview . Go ahead and give it a try. You can check out the Windows Azure Active Directory Preview here.
Thanks,
Bill Hilf
General Manager
Windows Azure