About Tata Trusts

Tata Trusts are amongst India’s oldest, non-sectarian philanthropic organisations. The Trusts own two-third of the stock holding of Tata Sons, the apex company of the Tata group of companies. The wealth that accrues from this asset supports an assortment of causes, institutions and individuals in a wide variety of areas. In this manner, the profits that the Tata companies earn go back many times over to the communities they operate in. These funds have been deployed towards a whole range of community development programmes across the country, for 100 years now.

Problem Statement / Definition

Tata Trusts Mumbai India IT team needs to re-design its infrastructure to provide Single Sign On experience to all its internal and O365 users. Tata Trusts previously used on-premises data centres to host its Active Directory and other services properties, all of which had different technologies and processes. Tata Trusts wanted to deploy the ADFS infrastructure and federated the O365 and other application authentication through ADFS Farm. The IT Team wanted to use the cloud to implement the SSO process.

Challenge

After a comprehensive RFP and review process with various cloud solutions providers Tata Trusts choose the AWS. Tata Trusts priorities in choosing a Cloud platform included Cost effective, flexibility, a global infrastructure, technology, as well as a rich ecosystem of members.

Tata Trusts Mumbai India IT team had two goals for the AWS: Delivering a common technology platform for centralized Authentication for 1200 users including roaming users, and O365 federated authentication with ADFS Server Farm.

Proposed Solution

i2k2 Networks team analyses the existing infrastructure and identify that currently they had only one domain controller which has four UPN and 1200+ users, they also had O365 domain registered with same domain and needed to authenticate the users with on-prem AD domain.

i2k2 Networks Team designed and deployed the solution in AWS Mumbai region with ADFS high availability solution for ADFS farm and connected the on-prem infrastructure to AWS cloud using VPN Gateway with redundant connection. I2k2 Networks team also deployed two additional domain controllers in different AZ’s and synchronized them with on-prem AD on cloud.
Deployed ADFS server farm with ADFS redundancy with ADFS proxy server. ADFS proxy server was under external load balancer and ADFS server was under internal load balancer.

The roaming users needed to be authenticated through AD domain prior to use their File server and other SSO based resources we deployed a RRAS VPN Router which is serving client to site connectivity between roaming users and AWS cloud infra.

i2k2 Networks Team  setup the AD Connect Server to synchronize the Active Directory users to O365 and configured O365 domain for federated authentications.

Tata Trusts Proposed Architecture

Tata-Trusts-Proposed-Architecture

Primary AWS services used :

  • ADFS Server
  • RRAS Router
  • ADFS Web Proxy
  • AD Connect
  • VPN Gateway

Start/End Date of the Project

Start-End-Date-of-the-Project

Outcome of the Project and Success Metrics

For Tata Trusts extending infrastructure to AWS Cloud improves business agility and operational efficiency, with this Hybrid environment deployment Tata Trust user’s will experience seamless single sign on experience with various other applications, the infrastructure is very reliable and horizontally scalable and cost effective, If number of concurrent connections will increase, then the AWS auto scaling will automatically increase and decrease the resources as per use.

Partner Name

i2k2 Networks Pvt. Ltd. – Advanced Consulting Partner to Amazon Web Services.