Forum Discussion
Large-scale VDI deployment management with Active Directory and domains
Hello I am working for a start up and deployed RDS persitent VDI for just one enterprise which works perfectly. Now office wants to offer Persitent VDI to multiple company. I don't have muc...
Thank you so much for your response. I really appreciate your feedback.
We are a Startup data center targeting Mid-size organization from 5-50 users to mostly external companies.
1. We want to provide VDI, M365, Mail, Onedrive, Azure backup, Azure Storage, Lighthouse and all Microsoft services through our Account.
2. VDI's will be hosted at our data center as each organization have different requirement viz, accounting, designing, drafting, documenting, high graphics, etc
3. We want each organization to be separate, but controlled by our domain.
4. There can be more than 300 organization with 5-50 users under each organization.
5. Customer Billing will be done, under our company, as we are providing different services to different organizations.
6. We will have our own AD, DNS, DCHP for on premises IT infrastructure.
7. We plan to sync AD to Azure AD via AD Connect.
8. Important concern is, 'AAA' organization shouldn't be able to communicate with 'BBB' organization.
Neither, organization should be able to see / view organization under our domain. e.g aaa.aaa.com shouldn't be able to communicate / view bbb.aaa.com or ccc.aaa.com... can this be done by GPO or ?
9. Should we consider sub-domain topology or any other is suggested ?
I look forward to your feedback
Best Regards
We are a Startup data center targeting Mid-size organization from 5-50 users to mostly external companies.
1. We want to provide VDI, M365, Mail, Onedrive, Azure backup, Azure Storage, Lighthouse and all Microsoft services through our Account.
2. VDI's will be hosted at our data center as each organization have different requirement viz, accounting, designing, drafting, documenting, high graphics, etc
3. We want each organization to be separate, but controlled by our domain.
4. There can be more than 300 organization with 5-50 users under each organization.
5. Customer Billing will be done, under our company, as we are providing different services to different organizations.
6. We will have our own AD, DNS, DCHP for on premises IT infrastructure.
7. We plan to sync AD to Azure AD via AD Connect.
8. Important concern is, 'AAA' organization shouldn't be able to communicate with 'BBB' organization.
Neither, organization should be able to see / view organization under our domain. e.g aaa.aaa.com shouldn't be able to communicate / view bbb.aaa.com or ccc.aaa.com... can this be done by GPO or ?
9. Should we consider sub-domain topology or any other is suggested ?
I look forward to your feedback
Best Regards
Hi... Let me join this wonderful conversation... as I am/was responsible for the multi tenant active directory my company has.
Setting this all up is 1 thing.... but hardening it is 2, automating it is 3, and having it properly licenced is 4 and 5 (you need SPLA... SPLA --> no azure ad connect for you 🙂 or you need to become a csp partner.... ) and having it tested for security issues is 6 🙂 , keeping it all backuped up (offline,online,replication) is 7...
My advice when looking back.. 😛 hire someone that could tell you where to begin...
Setting this all up is 1 thing.... but hardening it is 2, automating it is 3, and having it properly licenced is 4 and 5 (you need SPLA... SPLA --> no azure ad connect for you 🙂 or you need to become a csp partner.... ) and having it tested for security issues is 6 🙂 , keeping it all backuped up (offline,online,replication) is 7...
My advice when looking back.. 😛 hire someone that could tell you where to begin...