Security on Microsoft Cloud
Solutions
Haddy El-Haggan
Microsoft Student Partner
Founder of Azure Community in Egypt
Security on Microsoft Cloud
Solutions
• Overview on Windows Azure
• Security Overview
• Data Security on Windows Azure
• N...
Windows Azure
• Cloud Computing is a new Concept of the Best
utilization of the Data Center
• Cloud Computing is based on ...
Windows Azure (cont.)
• Windows Azure is Microsoft Cloud Solutions
• Windows Azure is composed of 3 main Nodes:
– Compute
...
Benefits
• High Availability
• High Scalability
• Pay as you go
• Best utilization of the hardware resources
available
• F...
ONE OF THE BIGGEST CONCERN IS
ALWAYS ABOUT THE SECURITY AND
HOW ARE MY DATA SECURE ON THE
CLOUD?
Platform
(as a Service)
Managedbyvendor
Youmanage
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Ru...
Microsoft Cloud Solution Security
Overview
• Developers and users must know the
responsibilities the share with the Cloud
...
Microsoft Cloud Solution Security
Overview (Cont.)
• The “human” and “Data” layers are the users’
responsibility and how t...
Microsoft Cloud Solution Security
Overview
• “Host” Layer, Windows Azure is hosted on
Windows Server 2008 Hyper-V
• Window...
Microsoft Cloud Solution Security
Overview
• Some Firewall can be configured by the
service owner and some are controlled ...
THERE IS NO ENCRYPTION ON
WINDOWS AZURE
Data Security on Azure
• Windows Azure Compute and Windows Azure Storage are 2
different things each of them is hosted on ...
Data Security on Azure
• Isolation: all your data are isolated from the
others by 2 ways:
– Logically
– Physically
• Each ...
Secure Networking
• Network Architecture:
– In Azure there are mainly 4 types of Nodes:
• Fabric Controller Node (Azure Ke...
Secure Networking
• No communication is possible between the
VLANs without passing through a router for
preventing faking ...
Secure Networking
• Azure has the largest internet connections in the
industry
• It is unlikely that someone can cut azure...
Identity On Azure
• To gain access to your application on the Cloud you
have to pass few steps:
– Authentication
– Authori...
Identity On Azure
• Windows Azure supports 2 types of identity in
the Cloud:
– Role based
– Claim Based
• Role based is us...
Identity On Azure: Role based
authorization
• It can be used by SQL Azure, Azure Connect
andASP.NET membership provider
• ...
Identity on Azure: Azure Connect
• Azure connect support domain join of
windows azure roles to on premises Active
Directory
Identity on Azure : Claim Based
• Claim is a piece of information
• Token is a collection of Claims and are signed
• Secur...
Identity On Azure: AppFabric
Access Control
• Enable the developer of using claim based
authorization from enterprises lik...
Azure Community in Egypt
• Twitter: Azurecomeg
• E-Mail: azureeg@hotmail.com
Contacts
• Twitter: @Hhaggan
• Email: h.haggan@hotmail.com
• Blog: http://hhaggan.wordpress.com/
Security on Windows Azure
Security on Windows Azure
Security on Windows Azure
Security on Windows Azure
Security on Windows Azure
Security on Windows Azure
Upcoming SlideShare
Loading in...5
×

Security on Windows Azure

312

Published on

A brief introduction about the security on Windows Azure, Microsoft public cloud solution for the platform and the infrastructure.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
312
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
23
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Transcript of "Security on Windows Azure"

  1. 1. Security on Microsoft Cloud Solutions Haddy El-Haggan Microsoft Student Partner Founder of Azure Community in Egypt
  2. 2. Security on Microsoft Cloud Solutions • Overview on Windows Azure • Security Overview • Data Security on Windows Azure • Network Security • Identity On Azure
  3. 3. Windows Azure • Cloud Computing is a new Concept of the Best utilization of the Data Center • Cloud Computing is based on Virtualization • Cloud Computing is mainly composed of 3 layers • Infrastructure as a Service (IaaS) • Platform as a Service (Paas) • Software as a Service (SaaS
  4. 4. Windows Azure (cont.) • Windows Azure is Microsoft Cloud Solutions • Windows Azure is composed of 3 main Nodes: – Compute – Storage (Windows Azure Storage, AppFabrics Caching and SQL Azure) – Fabrics (to enable communication between different applications hosted on Azure or even on premises)
  5. 5. Benefits • High Availability • High Scalability • Pay as you go • Best utilization of the hardware resources available • Focus on your business rather than the IT infrastructure • Flexibility to access your data
  6. 6. ONE OF THE BIGGEST CONCERN IS ALWAYS ABOUT THE SECURITY AND HOW ARE MY DATA SECURE ON THE CLOUD?
  7. 7. Platform (as a Service) Managedbyvendor Youmanage Storage Servers Networking O/S Middleware Virtualization Applications Runtime Data
  8. 8. Microsoft Cloud Solution Security Overview • Developers and users must know the responsibilities the share with the Cloud Provider • These are the main layers of security for any Cloud Provider: – Human – Data – Application – Host – Network – Physical
  9. 9. Microsoft Cloud Solution Security Overview (Cont.) • The “human” and “Data” layers are the users’ responsibility and how they manage their data and its permissions (more information about the data n Azure to be followed) • The “Application Layer” depend on the developer and the security used on it • Authentication • Input validation …. • Recommend to develop using SDL (security development lifecycle) designed for windows Vista, Windows 7 and windows Azure
  10. 10. Microsoft Cloud Solution Security Overview • “Host” Layer, Windows Azure is hosted on Windows Server 2008 Hyper-V • Windows Azure doesn’t depend on Windows Server 2008 hypervisor , it has its own hypervisor where the roles and the VM are hosted and isolated • Host has 2 main jobs: – Isolation (every role runs on its own VM) – Hardening (regular Security Updates)
  11. 11. Microsoft Cloud Solution Security Overview • Some Firewall can be configured by the service owner and some are controlled by the fabric controller • “Network” Layer, Windows Azure traffic through several firewall • Guest VM • Host VM • SQL Azure VM
  12. 12. THERE IS NO ENCRYPTION ON WINDOWS AZURE
  13. 13. Data Security on Azure • Windows Azure Compute and Windows Azure Storage are 2 different things each of them is hosted on different hardware resources • In the Storage Architecture the top layer validates, authenticates, and authorizes requests, routing them to the partition layer and data layer where the data exists • Protect against Data Loss, there are always three replicates of your data whatever happens • Isolation: all your data are isolated from the others by 2 ways: – Logically – Physically • Each type of storage has its own way of access depending on the developer • NO DATA ARE ACCESSIBLE BY THE PUBLIC EXCEPT THE PUBLIC BLOB
  14. 14. Data Security on Azure • Isolation: all your data are isolated from the others by 2 ways: – Logically – Physically • Each type of storage has its own way of access depending on the developer • NO DATA ARE ACCESSIBLE BY THE PUBLIC EXCEPT THE PUBLIC BLOB
  15. 15. Secure Networking • Network Architecture: – In Azure there are mainly 4 types of Nodes: • Fabric Controller Node (Azure Kernel) • Storage Node • Compute Node • Other infrastructure Node – In the FC Networking there are 3 types of isolated networks: • Main VLAN (all untrusted customer nodes) • FC VLAN (trusted FC networks) • Device VLAN (contains trusted networks an other infrastructure devices)
  16. 16. Secure Networking • No communication is possible between the VLANs without passing through a router for preventing faking traffic and eavesdropping on other traffic • The communication is permitted from the FC VLAN or the Device VLAN to the main VLAN but not initiated from the main VLAN
  17. 17. Secure Networking • Azure has the largest internet connections in the industry • It is unlikely that someone can cut azure out of public by producing enough malicious traffic • If your application on azure is attacked, azure will create several compute instances to maintain your application until the attack passes • Microsoft is considering ways to identify malicious traffic and block it as it enters the Azure Fabric, but this sort of protection has not yet been deployed.
  18. 18. Identity On Azure • To gain access to your application on the Cloud you have to pass few steps: – Authentication – Authorization – Monitoring and logging (track users and log their operations) • Windows Azure support several identity technology – Active Directory – Open ID – SQL Server – WIF
  19. 19. Identity On Azure • Windows Azure supports 2 types of identity in the Cloud: – Role based – Claim Based • Role based is using Username and password • Claim based is using Token containing a collection of Claims
  20. 20. Identity On Azure: Role based authorization • It can be used by SQL Azure, Azure Connect andASP.NET membership provider • You only use the username and the password and the rest are kept in the identity store • Simple, easy to use and possible to implement Domain join
  21. 21. Identity on Azure: Azure Connect • Azure connect support domain join of windows azure roles to on premises Active Directory
  22. 22. Identity on Azure : Claim Based • Claim is a piece of information • Token is a collection of Claims and are signed • Security Token Service map the credentials to the token • Application is provide with all the identity information needed • The management of the identity is not the application responsibility • Integration between several identity providers • Less infrastructure code
  23. 23. Identity On Azure: AppFabric Access Control • Enable the developer of using claim based authorization from enterprises like active directory, SQL Server • Also enable the usage of the other identity provider like live ID, Facebook, Google and Yahoo.
  24. 24. Azure Community in Egypt • Twitter: Azurecomeg • E-Mail: azureeg@hotmail.com
  25. 25. Contacts • Twitter: @Hhaggan • Email: h.haggan@hotmail.com • Blog: http://hhaggan.wordpress.com/
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×