I administrate users in Cloud Identity Free Edition now.
They can't use Google Drive, Colaboratory, Spread Sheet, and so on after they started being controlled in Cloud Identity.
What should I do to allow them to use those services again with controlling them?
Should I switch Free Edition to Premium Edition or GSuite?
Correction to my answer earlier to this topic.
Google Drive is actually present in Cloud Identity Free and Premium Edition.
It is just limited to 15GB per User. Just have a look at the Cloud Identity Core Services
You have to activate it in the Admin Console (https://admin.google.com), and after that it is available for all users in the domain, Organizational Unit or group, that you have chosen to activate it for.
If you need additional configuration options to control the access to drive and the sharing possibilities in your domain, you should however switch to a G Suite Licence
Related
i'm creating EMM-managed enterprise. This is the recommended method (no signup page nor google account required)
https://developers.google.com/android/management/create-enterprise#emm-managed_enterprises
but, with this enterprise, end user have no IT admin account to connect to managed google play on https://play.google.com/work
what is the correct way to approve applications with this type of enterprises?
EMM Managed enterprise is no longer the recommended method to create an enterprise, Instead, we suggest starting a Customer-managed enterprises.
Additionally, with Android Management API any application added under the application policy behaves based on the configured installType. The play store mode policy determines the behavior of the apps on the device play store.
You will still need to follow all of the policy distribution steps mentioned in this documentation.
I am getting confused on these 3 terms. What I know OCI is infrastructure provided by Oracle, IAM is user and IDCS is Identity cloud service. But I dont understand differences and terms.
Is IAM user and normal user are same?
is OCI and IDCS are same?
What exactly IDCS is?
Let me try to answer your questions:
IAM or Identity Access Management is a tool designed to control who access to your cloud services. IAM user is an user who access to a service in your Cloud. What do you mean by normal user I cannot know.
OCI or Oracle Cloud Infrastructure, is a deep and broad platform of cloud services that enable you to build and run a wide range of applications in a scalable, secure, highly available, fault-tolerant and high-performance environment.
Oracle Identity Cloud Service (IDCS) is an Identity-as-a-Service (IDaaS) solution available in Oracle Cloud. It is designed to extend enterprise controls by automating PaaS and SaaS account provisioning and deprovisioning, simplifying the user experience for accessing cloud applications by providing seamless integration with enterprise identity stores and authentication services, and facilitating compliance activities by clearly reporting on cloud application usage.
Although it look like IDCS and IAM might look the same, they are designed to different purposes. IDCS is focused on SaaS or PaaS services by integrating itself with identity stores as Active Directory or LDAP inside organizations. IAM is designed to control Cloud resources providing access to each component, like a block storage or a computer instance.
Hope it clarifies a bit.
Regards
First of all
OCI refer to Oracle Cloud infrastructure and it's cloud computing solutions same as MS azure or amazon AWS, but offered by Oracle and it's providing various services such as servers, storage, network, applications and services through a global network of Oracle Corporation managed by different data center around the world.
IAM refer to Identity and Access Management this is services allow you to control who can access to cloud resource and even control what type of access they have, and to which specific resource, there is different Components of IAM such as resource, user, group and more you can check Oracle documentation that provide also examples here
IDCS refer to Oracle Identity Cloud Service and it's consider as Identity-as-a-Service (IDaaS) solution, Oracle Identity Cloud Service provides identity management, single-sign-on (SSO) and identity governance for applications on-premise, in the cloud and mobile applications , Any user can access the application at any time, anywhere on a device in a secure manner. Oracle IDCS integrates directly with existing directories and identity management system, making it easier for users to access applications. Providing a platform that is robust and secure, allows users to access, develop and deploy their applications.
Check the documentation here
The benefits of implementing Oracle Identity Cloud Service are; Improved Business Responsiveness, Enhanced User Productivity and Experience, Hybrid Multi-Channel Access and finally Simplified IT and Reduced Cost.
In addition to the answers above, IDCS can play role of IDP for federated login to Oracle Cloud Infrastructure console.
I've used Visual Studio Online Team Services as a code repository and want to know if it is possible for Microsoft Employees to see the code you upload if they wanted to.
The privacy policy doesn't address this specifically that I can see but it does say that Microsoft can use your data for advertising purposes and they can share it with third parties. If "data" means my proprietary code that would be good to know.
Customer Data will be used only to provide customer the Online Services including purposes compatible with providing those services. For example, we may use Customer Data to provide a personalized experience, improve service reliability, combat spam or other malware, or improve features and functionality of the Online Services. Microsoft will not use Customer Data or derive information from it for any advertising or similar commercial purposes. “Customer Data” means all data, including all text, sound, video, or image files, and software, that are provided to Microsoft by, or on behalf of, you or your end users through use of the Online Service. Customer Data is not Administrator Data, Payment Data, or Support Data. For more information about the features and functionality that enable you to control Customer Data, please review documentation specific to the Online Service.
No, not merely if they "want to". Microsoft does provide a clause that allows them access if it's required for security or site operation:
From time to time, Microsoft employees need to obtain access to customer data stored within Team Services. As a precaution, all employees who have or may ever have access to customer data must pass a background check, which verifies previous employment and criminal convictions. In addition, we permit access to the production systems only when there’s a live site incident or other approved maintenance activity, which is logged and monitored.
(From the Visual Studio Team Services Data Protection Overview document.
That being said, this is the most liberal interpretation of this access. I worked as a senior software engineer on the VSO version control team and there's no possibility for me to get access to customer data. If you complain about a bug in our git repository handling, I'm going to ask you if you can give me a copy that I can use to reproduce - I can't just go get it. And if you decline, then I will not be able to get your data.
So while yes, we Microsoft engineers do have the theoretical ability to get to your files, there are significant policy and security safeguards against access and abuse.
I am trying to understand exactly an AppFabric in Windows Azure, What is the difference with Worker Role and Web Role and How to create a project of AppFaric in Visual Studio 2010, i mean which kind of project ?
Thx.
Adding a bit to vtortola's answer:
There are three core areas of the Windows Azure platform:
Windows Azure (which provides virtual machines and massively-scalable storage through Blobs, Tables, and Queues
SQL Azure (which is a large subset of SQL Server), offering a full relational database up to 50GB
Windows Azure AppFabric (a set of services that you can opt into, currently comprising access control, connectivity, and caching)
When you construct your Windows Azure application, you can really pick and choose what pieces of the platform you're interested in. For instance, Windows Azure provides Web and Worker roles (both essentially identical virtual machines running Windows Server 2008 or R2, but Web roles have IIS enabled). If you need a relational database, you can very easily set up a database. And, then there's AppFabric:
If you need to connect to a set of web services on premises, for instance, you can use the AppFabric Service Bus (a secure way to connect without having to open up a firewall)
If you need to actually connect to an entire computer on-premise, use Azure Connect (a software VPN).
If you want to cache data (such as asp.net session state) between instances of your virtual machines, enable and use the AppFabric Cache (currently a Community Technology Preview, so no pricing yet).
If you need to add access control to your application, use AppFabric's Access Control Service, which essentially lets you outsource your identity management.
There are quite detailed examples in the Platform Training Kit that vtortola referenced. Additionally, there's a complete Identity Management training kit.
Azure AppFabric is a suite of middleware services and technologies to help you develop and manage services/applications that use Windows Azure. Middleware is typically defined as software that helps connect other pieces of software, and this definition is pretty accurate for the services appFabric provides.
You don't create an App Fabric per say. AppFabric services are used by your other applications as needed, so setup is typically configuring certain items in the Azure Portal, then implementing libraries of config entires in your web/worker roles that leverage the resources.
Essentially AppFabric provides certain resources that you need when composing complex applications as services, vs. you having to implement and maintain these resources yourself.
The basic offerings are:
Service Bus: A message relay that can be consumed by other .NET technologies (and others). SB helps you connect different cloud services as well as "hybrid" services. The hybrid is a big deal, as SB helps you easily connect on-premise web services with services you run in the cloud, w/o having to mess around with VPN, protocols, server setups, certificates, etc etc.
Access Control: An authentication and authorization service, helping you manage user-level access without having to extend/implement Active Directory, LDAP, and custom user authentication modules throughout Azure.
Caching: an in-memory distributed caching layer for your applications. This is typical to memcached or the Windows Server version of AppFabric
Integration: a PaaS service of EDI/transport technology like BizTalk server
Composite App: allows the composition of complex applications using a compistion language versus just putting a bunch of code together. You basically define your application using a designer like you would a EF.Net data model or a Windows Workflow
So basically AppFabric provides you with a lot of services that you likely need, but the typical cloud developer may not want to "mess with" at least at first. This way you have these great building blocks to help you focus on your core logic/needs during development cycles while not limiting what your application can ultimately do. This "focus" is one of the core benefits to cloud computing, especially Platform as a Service, and is one area where Azure really shines compared to other offerings.
Some of these technologies are still in beta. The AppFabric site makes this very clear, but its important to be aware of.
Great place to start is the Azure AppFabric site itself, which breaks a lot of this down, gives you great examples of how to use, and some sample code for you to get your feet wet.
http://www.microsoft.com/windowsazure/AppFabric/Overview/default.aspx#top
Basically:
WebRole : similar to a web
application.
WorkerRole: similar to a Windows
service.
AppFabric: Group of services that
allow you interconnect applications inside and outside Azure.
Download and read/do the Azure training kit, it will solve those questions and tell you how to create that project in Visual Studio step-by-step.
I know there are tools to manage your EC2 environment. I currently use the Eclipse Plugin and the iPhone app iAWSManager. What i'm looking for is a management service that allows you to create multiple users with roles and privileges. I have clients that sign up for EC2 but need help setting up and managing everything. At the very least they should be able to setup multiple logins so they can monitor who is doing what on the account (rather than sharing the single login). Better would be to assign privileges for who could create and launch an instance, create and assign/just assign Elastic IPs/EBS to instances etc.
Since enterprises are supposed to be using EC2 how do they manage this well? How do they create audit trails of activity?
RightScale, YLastic or EnStratus support roles and priviledges. However, they are not for free...
I'll add Scalr to the list, which is a cloud management software like RightScale (disclaimer: I work there). We released our permissions feature last January. It allows you to create different teams and environments and attribute them privileges on a granular basis. It means you can grant different permissions to different people. You can learn more on this blogpost.
Scalr is available as a hosted service which includes support. If you are looking for a free solution, you can download the source code, which is released under the Apache 2 license, and install it your self.
As mentioned earlier, RightScale and enStratus are two other alternatives.