Chaps, your comments about not needing a domain have me alarmed a bit. Ten years ago I set one up here for the home (and home office) for unified management of accounts and groups, and it worked wonders! We can login to all machines and VMs here with our domain accounts and all the permissions work. Most connection strings can say Trusted_Account=True, and so on.
I don't know to replace this functionality without a domain. Any links or articles? I just looked up ADFS<http://en.wikipedia.org/wiki/Active_Directory_Federation_Services> and I see it's a new server role in 2008R2, but I can't get the big picture just yet and see how I would migrate to it. Greg On 18 November 2013 10:43, David Connors <da...@connors.com> wrote: > On 17 November 2013 17:35, Greg Keogh <g...@mira.net> wrote: > >> The last hurdle is the domain controller. I'm not sure how I can have a >> DC in the cloud, has anyone done this sort of thing? I'm guessing I'll have >> to have a VPN that includes our home machines and the other cloud >> machine(s). Any general advice on this matter would be welcome. >> > > Depends on your appetite for risk. Nothing precludes you from having your > DC face the Internet though that is definitely not commonly done. > > At Codify we run 10.x.x.x address space for all of our 'core' stuff > including SVN, sharepoint, etc, etc. Some of that is dual homed to the > Internet for customer access etc. > > You just set up a VPN connection using split tunnelling and "allow anyone > to use this connection" and you can dial in to our internal network during > Windows logon, even creating a new profile on the machine if need be. Works > fine and I've lived this way for years since we turfed all hardware out of > the office and into our colo. > > The only downside I've noticed I mentioned a while back, which is Windows > not getting the password change notifications if you change your password > during logon ( > http://blogs.msdn.com/b/shawnfa/archive/2004/05/05/126825.aspx) but that > is easy to work around by changing your password manually when connected. > > Which brand? I've been playing around with the free Azure account I get >> with MSDN, I've created a server, deployed some services, got the storage >> explorer, etc. It all works quite well and I get a fake bill each month >> with the cost negated for my subscription. I've also fiddled around with >> the "micro" AW <http://aws.amazon.com/>S virtual servers and related >> facilities that are free for a year. My Azure billing hints that my >> relatively trivial experiments would average out to $550/year. My AWS >> single server is free for a year, but it would be about $170/year for each >> new server (with SQL Server and IIS). I get the casual impression that >> Azure is much more expensive than AWS overall. Has anyone compared the >> figures more reliably? >> > > If you have a decent workload that requires stuff is always on, Cloud is > expensive. If you have the skills/care factor in house, I'd always > recommend colo and your own kit. > > I'd also echo Stephen Price's comments - I see less and less value in > Windows domains as time goes by. Even though our machines are domain joined > we end up using claims/adfs to access most stuff anyway using normal web > based auth mechanisms or Azure ACS. Windows market share is dropping > precipitously relative to iOS/Android and they certainly don't give a toss > about being on a domain. > > Claims/ADFS/SAML/whatever floats your boat is the way forward. > > David. > >
