Your SlideShare is downloading. ×
Security on Windows Azure
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Security on Windows Azure


Published on

A brief introduction about the security on Windows Azure, Microsoft public cloud solution for the platform and the infrastructure.

A brief introduction about the security on Windows Azure, Microsoft public cloud solution for the platform and the infrastructure.

Published in: Technology

  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Security on Microsoft Cloud Solutions Haddy El-Haggan Microsoft Student Partner Founder of Azure Community in Egypt
  • 2. Security on Microsoft Cloud Solutions • Overview on Windows Azure • Security Overview • Data Security on Windows Azure • Network Security • Identity On Azure
  • 3. Windows Azure • Cloud Computing is a new Concept of the Best utilization of the Data Center • Cloud Computing is based on Virtualization • Cloud Computing is mainly composed of 3 layers • Infrastructure as a Service (IaaS) • Platform as a Service (Paas) • Software as a Service (SaaS
  • 4. Windows Azure (cont.) • Windows Azure is Microsoft Cloud Solutions • Windows Azure is composed of 3 main Nodes: – Compute – Storage (Windows Azure Storage, AppFabrics Caching and SQL Azure) – Fabrics (to enable communication between different applications hosted on Azure or even on premises)
  • 5. Benefits • High Availability • High Scalability • Pay as you go • Best utilization of the hardware resources available • Focus on your business rather than the IT infrastructure • Flexibility to access your data
  • 7. Platform (as a Service) Managedbyvendor Youmanage Storage Servers Networking O/S Middleware Virtualization Applications Runtime Data
  • 8. Microsoft Cloud Solution Security Overview • Developers and users must know the responsibilities the share with the Cloud Provider • These are the main layers of security for any Cloud Provider: – Human – Data – Application – Host – Network – Physical
  • 9. Microsoft Cloud Solution Security Overview (Cont.) • The “human” and “Data” layers are the users’ responsibility and how they manage their data and its permissions (more information about the data n Azure to be followed) • The “Application Layer” depend on the developer and the security used on it • Authentication • Input validation …. • Recommend to develop using SDL (security development lifecycle) designed for windows Vista, Windows 7 and windows Azure
  • 10. Microsoft Cloud Solution Security Overview • “Host” Layer, Windows Azure is hosted on Windows Server 2008 Hyper-V • Windows Azure doesn’t depend on Windows Server 2008 hypervisor , it has its own hypervisor where the roles and the VM are hosted and isolated • Host has 2 main jobs: – Isolation (every role runs on its own VM) – Hardening (regular Security Updates)
  • 11. Microsoft Cloud Solution Security Overview • Some Firewall can be configured by the service owner and some are controlled by the fabric controller • “Network” Layer, Windows Azure traffic through several firewall • Guest VM • Host VM • SQL Azure VM
  • 13. Data Security on Azure • Windows Azure Compute and Windows Azure Storage are 2 different things each of them is hosted on different hardware resources • In the Storage Architecture the top layer validates, authenticates, and authorizes requests, routing them to the partition layer and data layer where the data exists • Protect against Data Loss, there are always three replicates of your data whatever happens • Isolation: all your data are isolated from the others by 2 ways: – Logically – Physically • Each type of storage has its own way of access depending on the developer • NO DATA ARE ACCESSIBLE BY THE PUBLIC EXCEPT THE PUBLIC BLOB
  • 14. Data Security on Azure • Isolation: all your data are isolated from the others by 2 ways: – Logically – Physically • Each type of storage has its own way of access depending on the developer • NO DATA ARE ACCESSIBLE BY THE PUBLIC EXCEPT THE PUBLIC BLOB
  • 15. Secure Networking • Network Architecture: – In Azure there are mainly 4 types of Nodes: • Fabric Controller Node (Azure Kernel) • Storage Node • Compute Node • Other infrastructure Node – In the FC Networking there are 3 types of isolated networks: • Main VLAN (all untrusted customer nodes) • FC VLAN (trusted FC networks) • Device VLAN (contains trusted networks an other infrastructure devices)
  • 16. Secure Networking • No communication is possible between the VLANs without passing through a router for preventing faking traffic and eavesdropping on other traffic • The communication is permitted from the FC VLAN or the Device VLAN to the main VLAN but not initiated from the main VLAN
  • 17. Secure Networking • Azure has the largest internet connections in the industry • It is unlikely that someone can cut azure out of public by producing enough malicious traffic • If your application on azure is attacked, azure will create several compute instances to maintain your application until the attack passes • Microsoft is considering ways to identify malicious traffic and block it as it enters the Azure Fabric, but this sort of protection has not yet been deployed.
  • 18. Identity On Azure • To gain access to your application on the Cloud you have to pass few steps: – Authentication – Authorization – Monitoring and logging (track users and log their operations) • Windows Azure support several identity technology – Active Directory – Open ID – SQL Server – WIF
  • 19. Identity On Azure • Windows Azure supports 2 types of identity in the Cloud: – Role based – Claim Based • Role based is using Username and password • Claim based is using Token containing a collection of Claims
  • 20. Identity On Azure: Role based authorization • It can be used by SQL Azure, Azure Connect andASP.NET membership provider • You only use the username and the password and the rest are kept in the identity store • Simple, easy to use and possible to implement Domain join
  • 21. Identity on Azure: Azure Connect • Azure connect support domain join of windows azure roles to on premises Active Directory
  • 22. Identity on Azure : Claim Based • Claim is a piece of information • Token is a collection of Claims and are signed • Security Token Service map the credentials to the token • Application is provide with all the identity information needed • The management of the identity is not the application responsibility • Integration between several identity providers • Less infrastructure code
  • 23. Identity On Azure: AppFabric Access Control • Enable the developer of using claim based authorization from enterprises like active directory, SQL Server • Also enable the usage of the other identity provider like live ID, Facebook, Google and Yahoo.
  • 24. Azure Community in Egypt • Twitter: Azurecomeg • E-Mail:
  • 25. Contacts • Twitter: @Hhaggan • Email: • Blog: