Cloud for share point


Published on


1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cloud for share point

  1. 1. Security, Administration, and Architecture from the Ground to the Cloud
  2. 2. About Me… • Rick Taylor, MCSE, MCT – Senior Technical Architect for Perficient based in Arizona – – Former SharePoint Engineer with Microsoft Business Productivity Online Services – (SharePoint Online) – Contributing author on MS Press MOSS 2007 Administrator’s Companion
  3. 3. Agenda • Cloud Computing • What is the Cloud? • Platform As A Service (PAAS) –Overview of Windows ―Azure‖ • Software As A Service (SAAS) –Overview of ―BPOS‖ • Infrastructure As A Service (IAAS) –Overview of ―Amazon Web Services‖ • Security and Architecture Best Practices • Administration And Live Demo
  4. 4. Acknowledgements • Eugenio Pace and Gianpaolo Carraro us/library/dd129910.aspx
  5. 5. It’s Big. ―The Next Big Thing‖
  6. 6. It’s Serious. Big Players, Major Investments.
  7. 7. According to IDC, the Cloud computing market is exploding with much of the growth coming at the infrastructure level…
  8. 8. What is the Cloud? Cloud Computing refers to both the applications delivered as services over the Internet and the hardware and systems software in the datacenters that provide those services. When a Cloud is made available in a pay-as-you-go manner to the public, we call it a Public Cloud; the service being sold is Utility Computing. Current examples of public Utility Computing include Amazon Web Services, Google, App Engine, and Microsoft Azure. The term Private Cloud refers to internal datacenters of a business or other organization that are not made available to the public. Thus, Cloud Computing is the sum of SaaS and Utility Computing, but does not normally include Private Clouds.
  9. 9. Cloud models There are three major cloud models – SAAS - Software As A Service – SalesForce, Microsoft BPOS – PAAS - Platform As A Service – MS Windows Azure – IAAS - Infrastructure As A Service - AWS, Rackspace The service being sold is Utility Computing Utility Computing: pay-as-you-go computing – Infinite resources – No up-front cost – Fine-grained billing (For PAAS and IAAS e.g. hourly)
  10. 10. Benefits of the Cloud? • Pay by use instead of provisioning for peak • No Risk of over-provisioning and underutilization • Experiencing Heavy penalty for under-provisioning
  11. 11. Pay by use instead of provisioning for peak Economics of Cloud 1 Static data center Data center in the cloud Unused resources Demand Capacity Time Resources Demand Capacity TimeResources
  12. 12. Economics of Cloud 2 Risk of over-provisioning: underutilization Demand Capacity Time Resources Static data center Unused resources
  13. 13. Economics of Cloud 3 Heavy penalty for under-provisioning Resources Demand Capacity Time (days) 1 2 3 Resources Demand Capacity Time (days) 1 2 3 Resources Demand Capacity Time (days) 1 2 3 Lost users
  14. 14. Economics of Cloud - continued • Leverages LOtSS • Is not for all businesses –Not a ―Silver Bullet‖ • Is more than ―Off premises‖
  16. 16. Cloud Point 1: • The Cloud is a specialized system with fewer degrees of freedom than On Premise, but offers very high economy of scale
  17. 17. Economies of Scale – part 2
  18. 18. Cloud Point 2: • By adopting a hybrid strategy, it is possible to tap into economy of scale where possible while maintaining flexibility and agility where necessary
  19. 19. Transloading Costs
  20. 20. Cloud Point 3: • Lowering transloading cost in the context of software architecture: localized optimization through selective specialization (LOtSS)
  21. 21. Introduction to LOtSS • Optimization through specialization • Hybrid strategy maximizing economy of scale whee possible while maintaining flexibility and agility where necessary • Lowering transloading cost in the context of software architecture: localized optimization through selective specialization (LOtSS)
  22. 22. Scenario: BIG PHARMA • Clinical Trials and Molecular Research = Bread- n-Butter • Biggest Problems –80% of IT budget belongs to CRM and email –ERP system is highly customized cannot utilize ―Cloud‖ infrastructure efficiently
  23. 23. Cloud Point 4: • Optimization can happen at different levels. Selectively outsourcing capabilities to highly specialized vendors or pieces of an application can assist in lowering TCO
  24. 24. Platform As A Service (PAAS)
  25. 25. Windows Azure • Hosted Platform that provides: – Operating System – Developer Services • Compute Power (procs) • Storage • Cloud Applications – Windows Live – CRM – Online Services • SharePoint • Exchange
  26. 26. Software As A Service (SAAS)
  27. 27. SharePoint Online Standard • Self-service SharePoint site creation with online discussion areas, shared document and meeting workspaces, document libraries with version control, and surveys. • Out-of-the-box content management features for documents, records, and Web contents. • Ability to search SharePoint site content across the entire organization. • E-mail alerts when documents and information have been changed or added to a site. • Secure Internet access using 128 bit SSL encryption and antivirus scanning. • Directory trust with your Microsoft Active Directory®, providing pass-through authentication. • Scalable to thousands of sites within an organization, allowing managers to delegate site creation to others. • Self-service document restore and data recovery. • Dedicated servers, networks, and physical space in Microsoft data centers, providing you with logical and physical security at 99.9% uptime. • Upgrades to the most current version of SharePoint, included at no extra charge.  Dedicated  Use of https helps keep internet access secure.  Forefront anti-virus scanning.  Shared document and meeting workspaces, document libraries with version control, seamless integration with Microsoft Office.  Standard Templates including Wikis, Blogs, and Surveys.  Content management features for documents and Web content.  Site search.  E-mail alerts when documents or other items have been changed or added to a site.  Offline access to documents on the service from Outlook.  Native RSS feeds for SharePoint libraries and lists.  Sign-In tool providing single sign-on capability.  99.9% scheduled uptime with financially backed Service Level Agreements.  Web form and phone based Tier-2 support for IT Administrators—24/7 for general availability.
  28. 28. Standard – In a nutshell Portal RSS Content Syndication; Audience Targeting (by group only) Site Manager; Site and Document Aggregation Office 2007 Integration; SharePoint Designer Collaboration & Social Computing Standard Templates; Wikis; Blogs; Surveys; People and Groups Calendars; Tasks; Issue Tracking E-mail alerts/notifications; Document Collaboration Content Management Three-state Workflow; Document Info Panel & Action Bar WYSIWYG Web Content Authoring; Content Publishing and Deployment Master Pages, Page Layouts, Navigation Controls Site Variations; Retention and Auditing Policies Search Search for documents and other SharePoint content Business Process Forms Forms libraries; Custom non-code workflows Standard Parameters 20 Site collections 250 MB per user, aggregated across the organization Use of https helps keep internet access secure Virus filtering via Forefront Business continuity and disaster recovery Single Sign-on capability via Sign-In Tool Web form and phone based Tier 2 Support for IT Admin; 24/7 for general availability User subscription fee
  29. 29. Standard – In a nutshell cont. Client Support IE6+ and Firefox2.0+ Data Protection Service Self service document restore with a 30 day recycle bin recovery period Business continuity and disaster recovery Security Periodic Security Assessments Continuous Intrusion Monitoring and Detection Service Level Agreements 99.9% scheduled uptime with financially backed SLA Directory Synchronization Tool This tool allows you to keep the on-premise and the online Active Directories in sync Admin Center Centralized, Web-based access for configuration and administration of SharePoint Online. Centralized location for tools download including: Directory Synchronization Tool, Migration Tools, and Sign-In Tools
  30. 30. Dedicated – In a nutshell Core Features Share documents, contacts, calendars, and tasks Brainstorm easily with Wiki sites Share ideas through blogs Create personal sites Utilize presence awareness with Microsoft Office Communication Server Manage item level (folder, document, list, etc.) security Get mobile access over 128-bit SSL encryption session Enable pass-through authentication Be confident that your information is more secure with Microsoft Forefront™ antivirus scanning Get premium service continuity management Standard Parameters Unlimited number of sites with 5 GB per-site quota 250 MB per user, aggregated across the organization Additional storage available as an option Client Support Best integration with Microsoft Office 2007 Limited feature support available with Microsoft Office XP, 2000, and 2003 Data Protection Service Self-service document restore with a 30-day recycle bin recovery period 7 days recovery of items not in the recycle bin Audits and Security Sarbanes-Oxley self assessment and external audit support SAS 70 Type II self assessment and external audit support Security assessments Intrusion monitoring and detection Service Level Agreements 99.9% availability of the service measured at the data center Reported monthly, evaluated quarterly
  31. 31. Optional Features for Dedicated • WAN Acceleration: – Certeon WAN acceleration devices (Perhaps Davis (Cisco) in the future) • Migration: – From SharePoint Portal Server 2003 to MOSS 2007 – Partner Opportunity • Additional Storage: – Priced per each terabyte used • Customization and Applications: – The development work can be done by customer or by a third party (contracted by MS) and will be handled as a separate consulting project.
  32. 32. Overview of ―Amazon Web Services‖ • IAAS - Infrastructure As A Service – Elastic Compute Cloud (EC2) EC2 introduces a new paradigm for web hosting. By allowing clients to scale their number of machines up or down within minutes, it offers the capability to create distributed and scalable applications that run in the cloud. EC2 is flexible, reliable, secure, and most importantly cheap! By only paying for the resources that you actually use, you can bring your multi-server application to market much cheaper than ever before, and maintain an extremely high level of quality and availability.
  33. 33. Amazon Web Services Cloud Infrastructure • Amazon Machine Image An Amazon Machine Image (AMI) is a packaged environment that contains a configured LinuxWindows operating system • Instance Types Amazon provides several different instance types of varying compute power. The small instance runs on a 32-bit system, and both the large and extra- large instances run on a 64-bit system. They each have different levels of computing power and hardware resources
  34. 34. Amazon Web Services Security • Access Key ID Amazon issues two kinds of Access Key IDs to authenticate requests between instances. Your public Access Key identifies you as the originator of a request, but is not encrypted. Your Secret Access Key is used to calculate a specific request signature that authenticates you as the true user for services that require authentication on your instances. As the name suggests, this key should be kept private • X.509 Certificates Amazon also issues two kinds of X.509 Certificates to digitally sign bundled images in AWS. The private certificate is used to verify that the signature could only have come from you. You can request X.509 certificates from the AWS site
  35. 35. Amazon Web Services Security-continued • Security Groups Security groups provide functionality similar to a traditional firewall, but has some additional features. You have the ability to filter traffic based on IP (a specific address or a subnet), packet types (TCP, UDP or ICMP), and ports (or a range of ports). You can also grant access to an entire security group. Public Access Amazon also provides the option of completely removing public access to an instance. This will ensure that you are safe from any outsiders gaining access to your machine and even prevents DoS attacks
  36. 36. Amazon Web Services Storage • Simple Storage Service (S3) Amazon S3 provides a simple web services interface that can be used to store and retrieve any amount of data, at any time, from anywhere on the web. It gives any company access to the same highly scalable, reliable, fast, inexpensive data storage infrastructure that Amazon uses to run its own global network of web sites. The service aims to maximize benefits of scale and to pass those benefits on to customer
  37. 37. Security Best Practices
  38. 38. Configuring firewalls for interdomain farms • Windows Server 2008 and Windows Server 2008 R2, • The new default start port is 49152, and the default end port is 65535. • Therefore, you must increase the RPC port range in your firewalls.
  39. 39. Ports that must be opened…
  40. 40. Thank you for attending! Please be sure to fill out your session evaluation!