Azure Real World - Joseph Paradi

Loading...

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

0 comments

Post a comment

    Post a comment
    Embed Video
    Edit your comment Cancel

    Notes on slide 1

    Authentication – How to use AD credentials in a cloud app easily?Authorization – How to give enough data to the app to make the right access decisions?Data Synchronization – If you need to store data in the cloud, how to do that wellSecurity of Data – How does your corporate data privacy or legal restrictions influence this?Application Integration – how to model things like Kerberos constrained delegation or calling internal web services?Ops/Mgmt – how to integrate into your operations tools like SCOM; how to do forensics for your security team; audits, etc.

    User can be on corpnet or on the internetNo need to sync AD to the cloud (big win)All authentication is done within the Accenture networkGoal is for the user not to notice that the cloud app is in the cloud

    The OrgChart app is configured to only accept claims signed by the Accenture Geneva server – this is a key security considerationThe OrgChart app uses claims based auth and the internal Lookup app uses ADFS Web Agent with NT Token

    Favorites, Groups & Events

    Azure Real World - Joseph Paradi - Presentation Transcript

    1. To use Azure for a corporate application, what are the areas you need to think about?
      “The Pillars of Concern”
      • Authentication
      • Authorization
      • Data Synchronization
      • Security of Data
      • Application Integration
      • Operations / Management
      Reduce the cost/effort to move to Azure
    2. Microsoft Azure Datacenter
      Demo Infrastructure
      Orgchart App
      Database
      User
      Accenture Datacenter
      Lookup App
      Database
      “Geneva” Server
      AD
    3. Show the Demo!
    4. What did we see?
      • Authentication – “Geneva” server against corporate AD on an internally hosted server
      • Authorization – “Geneva” server created a custom claim that only contained the data elements required for the application to make the authorization decision
      • Data Sync – An SSIS package was used to pull data rows and columns using a view from the internal data table and load to the SQL Azure instance
      • Application Integration – use of “Geneva” server allowed Web SSO model between apps in different locations using different techniques
    5. Where are the gaps?
      • Security of Data – each organization will need to understand how the data is secured in SQL Azure and how to comply with any applicable laws/policies.
      • Operations/Management – today we cannot use our standard model for creating events in the Windows Event Log and then capturing those with SCOM. We are looking at whether we could build a .NET Services layer to handle it.
      • IT Audit – you will need to understand what requirements your internal/external IT audit teams have
    6. What did it take to build?
      • Started with .NET 2.0 web site app – conversion to .NET 3.5 SP1 web app was simple
      • Blog post on how to add geneva claims handling to an app
      • Geneva server already existed for other apps – defined new relying party and claims to be transmitted
      • Used SQL Azure Migration Wizardto create SQL Database objects on SQL Azure
      • Created view on internal SQL data and used SSIS to move it to SQL Azure
      Overall, the initial version of this took about 40 hours of effort from both of us and it has been modified only slightly since then (another 10 hours of effort).
    7. Why is this so cool?
      • You are leveraging the development and ITPro skills that you already have (VS, SSIS)
      • You can get running very quickly without new infrastructure (assuming you already have “Geneva”)
      • You do not have to worry about the plumbing, you just have to build the application
      • Microsoft is providing the tooling and guidance to reduce the barrier to leveraging Azure
    8. Q & A
    SlideShare Zeitgeist 2009

    + Wade WegnerWade Wegner Nominate

    custom

    247 views, 0 favs, 2 embeds more stats

    Joseph Paradi discusses real world uses for Windows more

    More info about this document

    © All Rights Reserved

    Go to text version

    • Total Views 247
      • 191 on SlideShare
      • 56 from embeds
    • Comments 0
    • Favorites 0
    • Downloads 8
    Most viewed embeds
    • 55 views on http://blog.wadewegner.com
    • 1 views on http://www.architectingwith.net

    more

    All embeds
    • 55 views on http://blog.wadewegner.com
    • 1 views on http://www.architectingwith.net

    less

    Flagged as inappropriate Flag as inappropriate
    Flag as inappropriate

    Select your reason for flagging this presentation as inappropriate. If needed, use the feedback form to let us know more details.

    Cancel
    File a copyright complaint
    Having problems? Go to our helpdesk?

    Categories

    Tags

    -->
    What's New

    © 2009 SlideShare Inc. All rights reserved.