Download 20412B-ENU-TrainerHandbook PDF

Title20412B-ENU-TrainerHandbook
File Size16.6 MB
Total Pages540
Table of Contents
                            77116_Trainer
7711600
7711601
7711602
7711603
7711604
7711605
7711606
7711607
7711608
7711609
7711610
7711611
7711612
7711613
7711614
7711615
7711616
7711617
7711618
7711619
7711620
7711621
7711622
7711623
7711624
                        
Document Text Contents
Page 1

O F F I C I A L M I C R O S O F T L E A R N I N G P R O D U C T

20412B
Configuring Advanced Windows Server®
2012 Services

Page 2

ii Configuring Advanced Windows Server® 2012 Services

Information in this document, including URL and other Internet Web site references, is subject to change
without notice. Unless otherwise noted, the example companies, organizations, products, domain names,
e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with
any real company, organization, product, domain name, e-mail address, logo, person, place or event is
intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the
user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in
or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property
rights covering subject matter in this document. Except as expressly provided in any written license
agreement from Microsoft, the furnishing of this document does not give you any license to these
patents, trademarks, copyrights, or other intellectual property.

The names of manufacturers, products, or URLs are provided for informational purposes only and
Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding
these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a
manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links
may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not
responsible for the contents of any linked site or any link contained in a linked site, or any changes or
updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission
received from any linked site. Microsoft is providing these links to you only as a convenience, and the
inclusion of any link does not imply endorsement of Microsoft of the site or the products contained
therein.

© 2012 Microsoft Corporation. All rights reserved.

Microsoft and the trademarks listed at
http://www.microsoft.com/about/legal/en/us/IntellectualProperty/Trademarks/EN-US.aspx are trademarks of
the Microsoft group of companies. All other trademarks are property of their respective owners







Product Number: 20412B

Part Number: X18-77116

Released: 12/2012

Page 270

Layer 1


M
C

T
U

S
E
O

N
LY. S

T
U

D
E
N

T
U

S
E
P

R
O

H
IB

IT
E
D

8-4 Implementing Active Directory Federation Services

The claim that is used in claims-based authentication is a statement about a user that is defined in one
organization or technology, and trusted in another organization or technology. The claim could include a
variety of information. For example, the claim could define the user’s email address, User Principal Name
(UPN), and information about specific groups to which the user belongs. This information is collected
from the authentication mechanism when the user successfully authenticates.

The organization that manages the application defines what types of claims will be accepted by the
application. For example, the application may require the email address of the user to verify the user
identity, and it may then use the group membership that is presented inside the claim to determine what
level of access the user should have within the application.

Web Services Overview

For claims-based authentication to work,
organizations have to agree on the format for
exchanging claims. Rather than have each
business define this format, a set of specifications
broadly identified as web services has been
developed. Any organization that is interested in
implementing a federated identity solution can
use this set of specifications.

Web services are a set of specifications that are
used for building connected applications and
services, whose functionality and interfaces are
exposed to potential users through web
technology standards such as XML, SOAP, Web Services Description Language (WSDL), and HTTP(S). The
goal for creating web applications using web services is to simplify interoperability for applications across
multiple development platforms, technologies, and networks.

To enhance interoperability, web services are defined by a set of industry standards. Web services are
based on the following standards:

• Most web services use XML to transmit data through HTTP(S). With XML, developers can create their
own customized tags, thereby facilitating the definition, transmission, validation, and interpretation of
data between applications and between organizations.

• Web services expose useful functionality to web users through a standard web protocol. In most
cases, the protocol used is SOAP, which is the communications protocol for XML web services. SOAP
is a specification that defines the XML format for messages, and essentially describes what a valid
XML document looks like.

• Web services provide a way to describe their interfaces in enough detail to enable a user to build a
client application to communicate with the service. This description is usually provided in an XML
document called a WSDL document. In other words, a WSDL file is an XML document that describes a
set of SOAP messages, and how the messages are exchanged.

• Web services are registered so that potential users can find them easily. This is done with Universal
Description Discovery and Integration (UDDI). A UDDI directory entry is an XML file that describes a
business and the services it offers.

Page 271

Layer 1


M
C

T
U

S
E
O

N
LY. S

T
U

D
E
N

T
U

S
E
P

R
O

H
IB

IT
E
D

Configuring Advanced Windows Server® 2012 Services 8-5

WS-* Security Specifications
Web services specifications (also known as WS-* specifications) have many components. However, the
most relevant specifications for an AD FS environment are the WS-Security specifications. The
specifications that are part of the WS-Security specifications include the following:

• WS-Security - SOAP Message Security and X.509 Certificate Token Profile. WS-Security describes
enhancements to SOAP messaging. These enhancements provide message integrity, message
confidentiality, and single message authentication. WS-Security also provides a general-purpose—yet
extensible—mechanism for associating security tokens with messages and a mechanism to encode
binary security tokens—specifically X.509 certificates and Kerberos tickets—in SOAP messages.

• WS-Trust. WS-Trust defines extensions that build on WS-Security to request and issue security tokens
and to manage trust relationships.

• WS-Federation. WS-Federation defines mechanisms that WS-Security can use to enable attribute-
based identity, authentication, and authorization federation across different trust realms.

• WS-Federation Passive Requestor Profile. This WS-Security extension describes how passive clients,
such as web browsers, can acquire tokens from a Federation server, and how the clients can submit
tokens to a Federation server. Passive requestors of this profile are limited to the HTTP or HTTPS
protocol.

• WS-Federation Active Requestor Profile. This WS-Security extension describes how active clients, such
as SOAP-based mobile device applications, can be authenticated and authorized, and how the clients
can submit claims in a federation scenario.

Security Assertion Markup Language
The Security Assertion Markup Language (SAML) is an XML-based standard for exchanging claims
between an identity provider and a service or application provider. SAML assumes that a user has been
authenticated by an identity provider, and that the identity provider has populated the appropriate claim
information in the security token. When the user is authenticated, the identity provider passes a SAML
assertion to the service provider. Based on this assertion, the service provider can make authorization and
personalization decisions within an application. The communication between federation servers is based
around an XML document that stores the X.509 certificate for token-signing, and the SAML 1.1 or SAML
2.0 token.

What Is AD FS?

AD FS is the Microsoft implementation of an
identity federation solution that uses claims-based
authentication. AD FS provides the mechanisms to
implement both the identity provider and the
service provider components in an identity
federation deployment.

AD FS provides the following features:

• Enterprise claims provider for claims-based
applications. You can configure an AD FS
server as a claims provider, which means that
it can issue claims about authenticated users.
This enables an organization to provide its
users with access to claims-aware applications in another organization by using SSO.

Page 539

Configuring Advanced Windows Server® 2012 Services L12-111

 Task 5: Unregister the server from the Windows Azure Online Backup
1. Switch to the Windows Azure Online Backup console, and then click Unregister Server.

2. On the Getting started page, click Unregister this server, and then click Next.

3. On the Account Credentials page, provide the following credentials:

o Username: [email protected]

o Password: Pa$$w0rd

4. Click Unregister.

5. On the Server Unregistration page, click Close.



Results: After completing this exercise, you will have installed the Windows Azure Online Backup agent,
registered the server with Windows Azure Online Backup, configured a scheduled backup, and performed
a restore by using Windows Azure Online Backup.

 To prepare for the next module
1. On the host computer, start Hyper-V® Manager.

2. In the Virtual Machines list, right-click 20412B-LON-DC1, and then click Revert.

3. In the Revert Virtual Machine dialog box, click Revert.

4. Repeat steps 2 and 3 for 20412B-LON-SVR1, and MSL-TMG1.

Similer Documents