Skip main navigation

Case Study 3: The Solution Architecture

In this video, you will learn about the implementation solution used in case study 3.
So the solution architecture was to use Microsoft Azure. So the hotel chain had existing investment in Microsoft Technologies, with Windows clients and Active Directory in use within the organization. What they sought to do was to extend this investment out into cloud-based services. And so, they federated their local Active Directory services into an Active Directory implementation in Azure, based on Active Directory becoming an IdP. Email was migrated from on-premise exchange servers hosted in Bangkok, to servers hosted online in the Office 365 environment. So this federation of on-premise identity to the cloud meant that Office 365 could use the cloud-based copy of the Azure Directory Service as an IdP.
This meant that if the on-premise directory server went offline, 365 would still be able to perform its identity and access management services. This also brought additional services as well, including Skype, SharePoint, and OneNote, that come as part of the Office 365 suite. And importantly, it reduced the dependence on the Bangkok data center. So some challenges are migration of data and services and forming the integration. This is a complex piece of work. Creating a new directory service in Azure is part of that work. And also then connecting Azure to the Office 365 space. We have the integration work. We have the training.
And because we’re using cloud-based services, we need to ensure that we tackle the compliance requirements, any requirements we have regarding regulation or legislation. With cloud-based services, our paradigm around connectivity changes as well. Now individual hotels need to be connected still to the Bangkok data center, but also to the internet more broadly. Now internet connectivity is quite often more straightforward to achieve than connectivity to a specific data center. But here, we require both. We do need that connection to Office 365 and those cloud-based services. Let’s just take a look at the overview of the solution then. On the left, we have our internal Active Directory and our Active Directory services.
We have a directory sync service at the top there on the left, with the little green and white arrows. That synchronises the local Active Directory to the Azure Directory Service. And the Azure Directory Service acts as an IdP for exchange online. We can also use ADFS proxies to provide that information. And we have a network load balancer to try to cater for resilience within the perimeter network, as well. So just another activity for us. If you can hit pause, and if you have time, please do. What additional benefits would the solution confer? What might we be able to do that we couldn’t do before, with this solution?
What security controls may be required to ensure the safety of customer and employee data during and beyond the Microsoft contract? And how would you ensure the solution is resilient for each hotel? OK. So just to address those points in turn, the additional benefits in part relate to the ability for us to use our cloud-based IdP to connect to other software as a solution services. So this can become a point of access and integration and federation for other services. We get the main benefits that we were looking for around resilience. For the security controls, we need to make sure that we are addressing any legislative requirements.
And if we’re dealing with people visiting the hotel from other nation states, following the standard GDPR European Union guidance is helpful. That level of protection is a good baseline for us to meet because it’s commonly becoming adopted as best practice internationally. For the third item, how could we ensure that the solution is resilient? There are several points to this. Firstly, we may want to ask Microsoft, as our provider, what level of resilience and how they insure their resilience. We also mentioned internet connectivity. If we have 20 hotels and those are based in very rural areas, we may want to try to provision divergent internet connections where possible.
Maybe even using technologies like satellite internet connections to provide backup solutions for us. The internet connection becomes critical to day-to-day operations.

In this video, you will learn about the implementation solution used in case study 3.

Reflect and share: Now that you have learned the solution architecture, how might you answer the following questions:

  • What additional benefits may arise from this solution architecture?
  • What security controls may be required to ensure the safety of customer and employee data during and beyond the contract with Microsoft?
  • How would you ensure the solution is resilient for each hotel?
This article is from the free online

Cyber Security Foundations: Reinforcing Identity and Access Management

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education