Skip to content

December 6, 2012


Summary: Microsoft shares considerations for extending AD into Windows Azure

by adamstephensen


The article discusses setting up Azure VMs to run Active Directory, as an alternative to using ‘Windows Azure Active Directory’

Key points in this article

– “To extend AD services such as directory and authentication to VMs in Azure, an architect can now start to include Domain Controllers (DCs) and Read-only DCs (RODCs) in Azure as part of a design or solution.”

– “Microsoft lets you BYON (bring your own network) into Windows Azure, so it’s technically feasible to securely connect on-premise, WAN, and private cloud networks with Azure virtual networks.”

Reasons to have a DC or RODS in Azure

1. Latency: Latency in the AD authentication between on-premise and cloud networks can cause timeout issues (e.g. authentication timeouts) and issues for demanding applications.

2. Resiliency: Having a DC/RODC in Azure ensures the cloud environment continues to function if the connection to the on-premise DCs fail.

3. Cost: “Azure download bandwidth charges are saved by keeping AD-related network traffic such as DNS and LDAP in the cloud. There is no charge for uploads into Azure, so an RODC in Azure, which has no outbound replication channel, will save money compared to having Azure VMs use the Azure virtual network for all AD traffic.”

4. You need a stand-alone AD: “A self-contained AD that lives only in your Azure cloud might provide directory and authentication services to elastic clusters or farms of computers that have no need for authentication with an on-premise AD.”

Create an AD site in Windows Azure

– Azure is really just a huge network of VMs. Configuring AD in Azure is almost the same as hosting AD on VMs on-premise….
“general precautions about ensuring AD recoverability when AD is deployed on VMs apply to VMs in Azure.”

– Issues discussed.. dynamically-assigned network addresses, defining subnets

Provision a DC with the Azure data disk type

– Important details about provisioning a DC:

o “You must add an additional disk to the Azure VM that will be a DC, before running DCPROMO. This second disk must be of the “data” type, not the “OS” type. The C: drive of every Azure VM is of the “OS disk” type, which has a write cache feature that cannot be disabled. Running a DC with the SYSVOL on an Azure OS disk is not recommended and could cause problems with AD.”

o “This means you must not perform a default installation of DCPROMO on an Azure VM, but rather you attach a data disk, then run DCPROMO and locate AD files such as SYSVOL on the data disk, not the C: drive. This link at Microsoft has checklists to add an Azure VM data disk or attach an empty data disk:

Alternative Option: “Windows Azure Active Directory” product

– “Windows Azure Active Directory” – is a separate product

– It is an alternative to setting up Azure VMs to run AD (what we are talking about in this article)

– It is an outsourced AD that lives completely and only in the cloud.

– It appeals to Microsoft Office 365, Dynamics CRM Online, and Windows InTune customers

Follow Up Reading

– Guidelines for Deploying Windows Server Active Directory on Windows Azure Virtual Machines

– BYON into the public cloud with Azure Virtual Networks

Read more from Azure
1 Comment Post a comment
  1. Dec 19 2015

    Hi Bin Cheng,I guess that depends on what you mean by Media Pipeline’. Traditionally, that term is rsevreed for a filter-graph pipeline of sources, transforms and sinks (DirectShow / Media Foundation) which acts on the frames or groups of frames of a single stream or file. This does not apply to Media Services. Media services acts on individual files and groups of files (at a much higher level) arranged in logical objects we call assets. For more on assets, see the bottom of .The server components do deal with smaller sub-sections of files, typically: 2 seconds groups of pictures for H.264 encoded video (for smooth streaming) and 10 seconds of interleaved audio and video for HLS transport streams. But this is only when streaming them. Otherwise, they flow through the system, and are acted upon, as assets’.Transmuxing is the process of extracting the elementary stream(s) from a container and, typically, writing it to a new container. An example would be from an MP4 container into a transport stream (.ts). The media content is the same, but it has been wrapped’ differently. Various target player frameworks may need different wrappers’, the player frameworks unwrap these, and pass the media information down to the decoder (which is often offered by the hardware or operating system platform), for actual playback.Unfortunately, due to deep market penetration of particular mobile devices (I’m sure you don’t have to think hard to know which device I’m referring to!), some container formats and transfer protocols persist despite significant standardizations efforts in the media industry (Common Streaming Format, Common Encoding Format and DASH). These new standards offer content owners significant advantages, but ultimately, delivery is dictated by the receiving device and it’s massive market share so transmuxing is required to accommodate it. Doing it in the cloud’ allows companies to concentrate on their business model, not the details of the media transforms.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments