Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Question about Infrastructure

Copper Contributor

Hi ! 

I have a project that has 3 remote site, with the requirement of a file server,
printer management, ERP integration, cross-site networking and a mail solution.

To answer it, I would like to propose a 100% cloud solution, via Azure.

By cons, I can not find information on different points:

For the file server:
-Create a virtual network
- Create a VPN gateway
- Parameterize a VM with the role ADFS / DNS / Server files

My question :

if i implement this solution, can i be satisfied with the onmicrosoft.com domain?
or should I have a domain?
With the VPN gateway service there is a limit of 128 users?
The company in question has about 200 users, do I have to subscribe to the express route?
Is the point-to-site VPN type possible with a full cloud infrastrutuce?

 

Thanks for your help ! 

Jonh.

 

3 Replies

Hi,

 

I would suggest to go for Office 365 for mail, file sharing and productivity solution.

 

ERP you can host on Azure.

 

Go for your own domain.

 

create site to site VPN from 3 sites to Azure. Use Point to site for mobile workers.

 

Any further questions, please do post.

Hi, 

 

As per your queries, i suggest you can go ahead with Azure File Sync service in Azure... If users want to access the files from organization network then create the VPN based on the users... If users are very less then go for P2S or if users are good in number then opt for S2S connection... 

 

For email, the solution goes for O365 and do the ERP integration. 

 

 https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction- Azure file Sync Brief

https://gallery.technet.microsoft.com/office/migrate-office-365-to-sap-aad0636f - O365 email and ERP integration like SAP.

 

 

 

 

if i implement this solution, can i be satisfied with the onmicrosoft.com domain?
or should I have a domain?

 

If prefer to use a domain, one of the core problems with solely using AAD is that it isn't multi-region capable (well at least it wasn't for some time, i haven't checked recently to see if that is now resolved) 


With the VPN gateway service there is a limit of 128 users?

The point to site solution is ok on a small site, most of the documentation states to use self signed certs, you can also use your on prem pki if you want. 


The company in question has about 200 users, do I have to subscribe to the express route?.

 

You do not need express route it is simply the high performance tier of the site to site gateway. For a site that small you may get away with a standard site to site link. 


Is the point-to-site VPN type possible with a full cloud infrastrutuce?

 

yes you can use a point to site solution. 

 

You mentioned building AD / ADFS in the cloud. If you are going down this route i would recommend a hub n spoke topology. 

 

You essentially put all your AD / ADFS content into the hub network. the you use vnet peering to link your resource systems. The benefits you get out of this implementation is that it is highly scalable. As you organisation grows you can grow the solution exponentially as well 

 

the other benefit here is that your spoke networks will inherit the security of the hub network. 

 

typically you would lock down your hub network so people cannot deploy content into it to ensure it stays secure. The spokes are less restrictive although you would want to prevent public ip's etc in the spokes and force them to route through the hub network. 

 

it is quite a complex setup but highly secure and highly scalable.