Slide 1Types of CloudsSlide 3The Microsoft CloudWindows Azure PlatformSecurity and PrivacyAccess ControlThe Microsoft CloudAzure PlatformThis presentation incorporates some content from MicrosofPrivate(On-Premise)Private(On-Premise)Infrastructure(as a Service)Infrastructure(as a Service)Platform(as a Service)Platform(as a Service)Types of CloudsStorageStorageServer HWServer HWNetworkingNetworkingServersServersDatabasesDatabasesVirtualizationVirtualizationRuntimesRuntimesApplicationsApplicationsSecurity & IntegrationSecurity & IntegrationStorageStorageServer HWServer HWNetworkingNetworkingServersServersDatabasesDatabasesVirtualizationVirtualizationRuntimesRuntimesApplicationsApplicationsSecurity & IntegrationSecurity & IntegrationStorageStorageServer HWServer HWNetworkingNetworkingServersServersDatabasesDatabasesVirtualizationVirtualizationRuntimesRuntimesApplicationsApplicationsSecurity & IntegrationSecurity & IntegrationYou manageManaged by vendorManaged by vendorYou manageYou manageCloud Services Continuum (based on Robert Anderson)Platform(PaaS)Platform(PaaS)Infrastructure(IaaS)Infrastructure(IaaS)Sofware(SaaS)Sofware(SaaS)Google DocsGoogle AppEngineAmazon EC2 & S3http://et.cairene.net/2008/07/03/cloud-services-continuum/Windows Azure .net servicesSalesforce.comComplexity & Flexibilitye-Science CentralAmazon-Elastic Map Reduce-Simple DB-Simple Queue ServiceWindows Azure- Sharepoint- SQL ServicesPlatform ServicesThe Microsoft CloudSoftware ServicesApplication Services Infrastructure ServicesCategories of ServicesWindows Azure PlatformInternet-scale, highly available cloud fabricGlobally distributed Microsoft data centers (ISO/IEC 27001:2005 and SAS 70 Type I and Type II certified)Consumption and usage-based pricing; enterprise-class SLA commitmentCompute – auto-provisioning 64-bit application containers in Windows Server VMs; supports a wide range of application modelsStorage – highly available distributed table, blob, queue, & cache storage servicesLanguages – .NET 3.5 (C#, VB.NET, etc.), IronRuby, IronPython, PHP, Java, native Win32 codeData – massively scalable & highly consistent distributed relational database; geo-replication and geo-location of dataProcessing – relational queries, search, reporting, analytics on structured, semi-structured, and unstructured dataIntegration – synchronization and replication with on-premise databases, other data sourcesService Bus – connectivity to on-premises applications; secure, federated fire-wall friendly Web services messaging intermediary; durable & discoverable queuesAccess Control – rules-driven federated identity; AD federation; claims-based authorizationWorkflows – declarative service orchestrations via REST-based activitiesSecurity and Privacy•Encrypts data before it goes to database•Encrypts connection to azure via SSMS (SQL Server Management Studio)•Service Secure channel required (SSL)Denial Of Service trend trackingPacket Inspection•Server IP allow list (Firewall) Idle connection cullingGenerated server names •DatabaseDisallow the most commonly attacked user id’s (SA, Admin, root, guest, etc) Standard SQL Authn/Authz modeAccess Control•ApproachAutomate federation for a wide-range of identity providers and technologiesFactor the access control logic from the application into manageable collection of rulesEasy-to-use framework that ensures correct token processing•Enable security scheme external to application•Multiple security schemes can be enabled•Rules used to map claims to what app expects•Integrate with standards-based identity providers, including enterprise directories and web identity systems such as Windows Live ID•.NET Developers use the Geneva
View Full Document