Azure Real World - Joseph Paradi


Published on

Joseph Paradi discusses real world uses for Windows Azure, SQL Azure, and Geneva Server.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Authentication – How to use AD credentials in a cloud app easily?Authorization – How to give enough data to the app to make the right access decisions?Data Synchronization – If you need to store data in the cloud, how to do that wellSecurity of Data – How does your corporate data privacy or legal restrictions influence this?Application Integration – how to model things like Kerberos constrained delegation or calling internal web services?Ops/Mgmt – how to integrate into your operations tools like SCOM; how to do forensics for your security team; audits, etc.
  • User can be on corpnet or on the internetNo need to sync AD to the cloud (big win)All authentication is done within the Accenture networkGoal is for the user not to notice that the cloud app is in the cloud
  • The OrgChart app is configured to only accept claims signed by the Accenture Geneva server – this is a key security considerationThe OrgChart app uses claims based auth and the internal Lookup app uses ADFS Web Agent with NT Token
  • Azure Real World - Joseph Paradi

    1. 1. To use Azure for a corporate application, what are the areas you need to think about?<br />“The Pillars of Concern”<br /><ul><li>Authentication
    2. 2. Authorization
    3. 3. Data Synchronization
    4. 4. Security of Data
    5. 5. Application Integration
    6. 6. Operations / Management</li></ul>Reduce the cost/effort to move to Azure<br />
    7. 7. Microsoft Azure Datacenter<br />Demo Infrastructure<br />Orgchart App<br />Database<br />User<br />Accenture Datacenter<br />Lookup App<br />Database<br />“Geneva” Server<br />AD<br />
    8. 8. Show the Demo!<br />
    9. 9. What did we see?<br /><ul><li>Authentication – “Geneva” server against corporate AD on an internally hosted server
    10. 10. Authorization – “Geneva” server created a custom claim that only contained the data elements required for the application to make the authorization decision
    11. 11. Data Sync – An SSIS package was used to pull data rows and columns using a view from the internal data table and load to the SQL Azure instance
    12. 12. Application Integration – use of “Geneva” server allowed Web SSO model between apps in different locations using different techniques</li></li></ul><li>Where are the gaps?<br /><ul><li>Security of Data – each organization will need to understand how the data is secured in SQL Azure and how to comply with any applicable laws/policies.
    13. 13. Operations/Management – today we cannot use our standard model for creating events in the Windows Event Log and then capturing those with SCOM. We are looking at whether we could build a .NET Services layer to handle it.
    14. 14. IT Audit – you will need to understand what requirements your internal/external IT audit teams have</li></li></ul><li>What did it take to build?<br /><ul><li>Started with .NET 2.0 web site app – conversion to .NET 3.5 SP1 web app was simple
    15. 15. Blog post on how to add geneva claims handling to an app
    16. 16. Geneva server already existed for other apps – defined new relying party and claims to be transmitted
    17. 17. Used SQL Azure Migration Wizardto create SQL Database objects on SQL Azure
    18. 18. Created view on internal SQL data and used SSIS to move it to SQL Azure</li></ul>Overall, the initial version of this took about 40 hours of effort from both of us and it has been modified only slightly since then (another 10 hours of effort).<br />
    19. 19. Why is this so cool?<br /><ul><li>You are leveraging the development and ITPro skills that you already have (VS, SSIS)
    20. 20. You can get running very quickly without new infrastructure (assuming you already have “Geneva”)
    21. 21. You do not have to worry about the plumbing, you just have to build the application
    22. 22. Microsoft is providing the tooling and guidance to reduce the barrier to leveraging Azure</li></li></ul><li>Q & A<br />