ADFS v 2.0 Migration to ADFS 2016

1st of February, 2017 / / 14 Comments

Introduction
Some organisations may still have ADFS v2 or ADFS v2.1 running in their environment, and haven’t yet moved to ADFS v3. In this blog, we will discuss how can you move away from ADFS v2 or ADFS v2.1 and migrate or upgrade to ADFS 2016.
In previous posts, Part 1 and Part 2 we have covered the migration of ADFS v3.0 to ADFS 2016. I have received some messages on LinkedIn to cover the migration process from ADFS v2 to ADFS 2016 as there currently isn’t much information about this.… [Keep reading] “ADFS v 2.0 Migration to ADFS 2016”

WAP (2012 R2) Migration to WAP (2016)

25th of January, 2017 / / No Comments

In Part 1, and Part 2 of this series we have covered the migration from ADFS v3 to ADFS 2016. In part 3 we have discussed the integration of Azure MFA with ADFS 2016, and in this post (technically part 4) we will cover the migration or better yet upgrade WAP 2012 R2 to WAP 2016.
Again, this blog assumes you already have installed the Web Application Proxy feature while adding the Remote Access role.… [Keep reading] “WAP (2012 R2) Migration to WAP (2016)”

ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016) – Part 3 – Azure MFA Integration

24th of January, 2017 / / No Comments

In Part 1 and Part 2 of this series we have covered the migration from ADFS v3 to ADFS 2016. In this series we will continue our venture in configuring Azure MFA in ADFS 2016.
Azure MFA – What is it about?
It is a bit confusing when we mention that we need to enable Azure MFA on ADFS. Technically, this method is actually integrating Azure MFA with ADFS. MFA itself is authenticating on Azure AD, however, ADFS is prompting you enter an MFA code which will be verified with the Azure AD to sign you in.… [Keep reading] “ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016) – Part 3 – Azure MFA Integration”

ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016) – Part 2

23rd of January, 2017 / / 17 Comments

In Part 1 of this series we have been getting ready for our ADFS v3.0 migration to ADFS v4.0 (ADFS 2016).
In part 2 we will cover the migration process, step-by-step. However, a friendly reminder that this series does not cover installation of ADFS and federation from scratch. This post assumes you already have a federated domain and Single Sign On (SSO) for your applications.

You may notice domain change and federation service name change from swayit.com.au

[Keep reading] “ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016) – Part 2”

ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016) – Part 1

20th of January, 2017 / / 2 Comments

Introduction
With the release of Windows Server 2016, Microsoft has introduced new and improved features. One of those features is ADFS 4.0, better known as ADFS 2016.
Organisations have already started leveraging ADFS 2016 as it covers most of their requirement, specially in terms of security.
In this series of blog posts, I will demonstrate how you can upgrade from ADFS v 3.0 (Running Windows Server 2012 R2) to ADFS 2016 (Running Windows Server 2016 Datacenter).… [Keep reading] “ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016) – Part 1”

Configuring AWS Web Application Firewall

30th of November, 2016 / / No Comments

In a previous blog, we discussed Site Delivery with AWS CloudFront CDN, one aspect in that blog was not covered and that was WAF (Web Application Firewall).
What is Web Application Firewall?

AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules.

[Keep reading] “Configuring AWS Web Application Firewall”

Site Delivery with AWS CloudFront CDN

29th of November, 2016 / / 1 Comment

Nowadays, most companies are using some sort of a Content Delivery Network (CDN) to improve the performance and high availability of their sites, those include Azure CDN, CloudFlare, CloudFront, Varnish, and so on.
In this blog however, I will demonstrate how you can deliver your entire website through AWS’s CloudFront. This blog will not go through other CDN services. This blog also assumes you have knowledge of AWS services, DNS, and CDN.
What is CloudFront?

Amazon CloudFront is a global content delivery network (CDN) service that accelerates delivery of your websites, APIs, video content or other web assets.

[Keep reading] “Site Delivery with AWS CloudFront CDN”

Exchange Deployment in the Cloud

28th of November, 2016 / / No Comments

A little Introduction
Some organisations, would still prefer hosting their own Exchange server(s), rather than migrating to Office 365. And since the Cloud is the way to go for many organisations, deploying an Exchange server in the Cloud, be it Azure or AWS, could be challenging on so many levels. This includes latency, failovers, data disk corruption, replication and so forth.
If you’re unsure on how to start, unfortunately Azure does not provide a free test drive for Exchange server (as of this writing).… [Keep reading] “Exchange Deployment in the Cloud”

Forcing MFA in Amazon Web Services

24th of November, 2016 / / No Comments

Many organisations will want to enforce MFA for an added security layer for their users. As each service is different, in some cases enforcing MFA may not be as easy as it sound.
In AWS, an administrator cannot simply “tick” to enable MFA on all users (as of this writing). However, MFA can be enforced on API calling, to “force” a user to setup MFA. Think of it as a backdoor, to forcing or enabling MFA on all your IAM users.… [Keep reading] “Forcing MFA in Amazon Web Services”

Creating Organizational Units, and Groups in AD with GUID

27th of September, 2016 / / No Comments

A recent client of Kloud, wanted to have the chance to create new organizational units, and groups, automatically, with a unique ID (GUID) for each organizational unit. The groups created needed to share the GUID of the OU.

In this blog, I will demonstrate how you could achieve the aforementioned, through a simple PowerShell script, naturally.

Before you start however, you may have to run PowerShell (run as Administrator), and execute the following cmdlet:
Set-ExecutionPolicy RemoteSigned
This is to allow PowerShell scripts to run on the computer.… [Keep reading] “Creating Organizational Units, and Groups in AD with GUID”