Presentation is loading. Please wait.

Presentation is loading. Please wait.

Architecting for a Secure Cloud

Published byRoberta Rich Modified over 8 years ago

Similar presentations

Presentation on theme: "Architecting for a Secure Cloud"— Presentation transcript:

1 Architecting for a Secure Cloud
4/26/ :41 AM DPR312 Architecting for a Secure Cloud Michele Leroux Bustamante Chief Architect, IDesign © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Michele Leroux Bustamante
4/26/2017 Michele Leroux Bustamante Chief Architect, IDesign ( Chief Security Architect, BiTKOO ( Microsoft Regional Director, ( MVP Connected Systems Publications and Resources: DevProConnections, MSDN, CoDe Magazine, Microsoft whitepapers Learning WCF (O’Reilly 2007/2009) CodePlex (publications, webcasts, code, utilities) Speaker: Tech Ed, PDC, Dev Connections, NDC, etc. © Michele Leroux Bustamante, IDesign. All rights reserved.

3 Agenda Benefits and concerns moving to the cloud
IT and shared hosting security aspects Application architecture security aspects Architectural scenarios for Windows Azure Platform features Techniques for securing features by scenario

4 What Drives us to the Cloud?
Reduced capital investment Scale out on demand, pay as you go Unbounded scale for bursts or peak loads Better overall IT management strategy Quality of service, zero downtime updates Focus resources on implementation and business logic

5 Typical Concerns Loss of control Reliability of services
Service level commitments and guarantees Ability to change vendors if dissatisfied Security

6 Windows Azure Platform Building Blocks
Windows Azure AppFabric Windows Azure Windows Azure Storage SQL Azure Platform Infrastructure, Equipment, Data Center

7 IT Security Considerations
Security Aspect Provider Business Physical access to provider facility x Administrator access to equipment at provider facility Patch management Virus scanner and other protective measures Denial of Service prevention Packet filtering Administrator access to cloud accounts Backup and recovery

8 Shared Hosting Considerations
Security Aspect Provider Business Isolation of database instances x Partition level packet filters Protection against malicious tenants Prevention of VM jailbreak Network access restrictions to VM Memory access restrictions between VM Remote access to VM Administrator access to host environment

9 Application Architecture Considerations
Security Aspect Provider Business Transfer security x Data and content encryption Key management Identity management Access control DMZ requirements Architecture tiers and boundaries Risk assessment Legislative requirements for compliance and audit

10 Windows Azure Platform Features
Access Control AD FS 2 Cache Web Role Worker Role Cache Service REST AppFabric On Premise Domain Queues Tables Blobs Azure Storage SQL Azure

11 Service Bus Primarily designed to address connectivity issues
Services may be located behind Private IPs, firewalls, load balancers, proxy servers Also enhances reliability and scalability Provides added security On Premise Service

12 Service Bus as DMZ Browser Browser Browser WPF Windows Phone 7 MVC /
JQuery AJAX Silverlight MVC Site Web Forms Site MVC / REST REST REST / Router Router REST DMZ Service Service Service Service Service Corporate Domain

13 Service Bus as DMZ (2) Browser Browser Browser WPF Windows Phone 7
MVC / JQuery AJAX Silverlight MVC Site Web Forms Site MVC / REST REST DMZ AppFabric Service Service Service Service Service Corporate Domain

14 Service Bus to Data On Premise / Migration
Client Web Application AppFabric Windows Azure Service Corporate Domain

15 Service Bus Security Aspects
Provider Business DMZ, DoS prevention Built-in Transfer security TCP or HTTPS, add message security Symmetric key authentication Provided by plumbing Key management Rollover provided Requires process Key protection Provide encryption

16 Service Bus Security + Service Bus Recommendations:
Client Evil Client encrypt message signed request + Encrypt Access Control HTTPS AppFabric TCP / HTTPS Service Bus Recommendations: Require relay credential Encrypt keys at client Try to use TCP relay for performance and cost savings Add message security for highly sensitive data Use negotiation for encryption certificate over HTTP decrypt message Encrypt Service Corporate Domain

17 SQL Azure Relational data store in the cloud (SQL Server 2008 R2)
TDS support (client connections) REST-based Management API Protected by: Firewall Rules SQL Server authentication (not Windows) Certificate authentication

18 Relational Data On Premise / In The Cloud
Client Web / Worker Role AppFabric Windows Azure Service Corporate Domain SQL Azure

19 SQL Azure Security Aspects
Provider Business Data isolation Physical server Database instance Data loss prevention Internal backup Backup/recover process required Data retention policy 90 days Geographic restrictions Choose region for storage only Transfer restrictions may exclude cloud Administrative access control Portal admin Firewall access rules / Windows Azure access Portal or scripted REST-API access Certificate authN Transfer security HTTPS required Data protection Encryption, hashing User access Trusted subsystem model is best

20 SQL Azure Security SQL Azure Recommendations:
Use portal admin to create DB admin accounts and manage firewall rules Use DB admin accounts to configure schema and users Use trusted subsystem users to reduce attack surface Automate with the REST API where possible SQL Azure Security Corporate Domain Windows Azure Administrative Service Web / Worker Role Web Portal SQL Server Management Studio SSRS REST Client SSIS AS IP Address + User Credentials Allow Microsoft Services + User Credentials Portal Admin IP Address + Certificate IP Address + DB Admin IP Address + Service User Firewall Rules Table A Master Table B REST API user login user user SQL Azure

21 SQL Azure Data Protection
SQL Azure Recommendations (2): Limit access to hashing and encryption material Use asymmetric encryption, cert store to protect keys, limited access Protect hashing material by encrypting config user input Windows Azure compute hash A A Application Application compute hash encrypt data Hash decrypt data compare hash Encrypt Encrypt Hash Hash Encrypt Hash SQL Azure

22 Windows Azure & Windows Azure Storage
Compute, Storage and Management services Host web applications and services Applications can leverage non-relational tables, queues or blob storage Replace relational database or use tables to compliment Host large media content Optionally distribute via Content Delivery Network (CDN) Mount drives for migration approach Go all-in or scale out specific features

23 Windows Azure & Windows Azure Storage
Web Role Worker Role REST Queues Tables Blobs Windows Azure Storage

24 Windows Azure Storage Application Application Storage Client REST Uri
Queues Tables Blobs Windows Azure Storage

25 Windows Azure Storage Security Aspects
Provider Business Data isolation Physical server Partitioning Data loss prevention Internal backup Backup/recover process required Data retention policy 90 days Geographic restrictions Choose region for storage only Transfer restrictions may exclude cloud Administrative access control Portal admin Data protection Encryption, hashing, MD5 signatures Transfer security HTTPS Symmetric key authentication Use tools or manual Key management Rollover provided Requires process Key protection Provide encryption Access restrictions Internal containers

26 Windows Azure Storage Security
Corporate Domain Remote Client Administration Web / Worker Role Service Client App Management Tools Web Portal HTTPS HTTPS HTTPS HTTPS HTTPS REST Queues Tables Blobs Symmetric Key Windows Azure Storage

27 Windows Azure Storage Tiers
Remote Client Client App Azure Storage Recommendations: Never ship keys to non-owned clients Avoid shipping keys to remote clients Encrypt keys config Windows Azure Administration Service Web Portal encrypt key roll keys HTTPS HTTPS REST Queues Tables Blobs Symmetric Key Windows Azure Storage

28 Blob Storage Integrity
Windows Azure Service Blob Storage Recommendations: For very large media uploads and/or mission critical data use MD5 validation to ensure integrity validate signature MD5 Hash + Windows Azure Storage Blob Container MD5 Hash +

29 Blob Storage Shared Access Signatures
Blob Storage Recommendations (2): Never allow public access to container Allow public read to blob links if appropriate for the application, try to use SAS for this purpose to limit exposure Browser Client Service Service Service Service read access for limited time with shared key shared access policy list create update delete Shared Access Signature (SAS) >1 hour requires authentication header in request (no browser) create update delete create update delete read list read list read Public Blob Access Public Container Access Private Container Private Container

30 Windows Azure Architecture
Web Role Worker Role AJAX / JQuery Silverlight .NET Code WCF ASP.NET / MVC WCF .NET Code .NET FW 3.5 SP1 / .NET FW 4 CAS Policy NT Security Policy Blobs Tables Queues

31 Application Architecture Tiers
External Endpoint External Endpoint Window Azure Web Role Web Role WCF Service Web Application Internal Endpoint Internal Endpoint Worker Role Worker Role WCF Service WCF Service REST Queues Tables Blobs Azure Storage SQL Azure

32 Added Security with Service Bus
Client Client Service Bus Web Role Web Role Service WCF Service Web Application Internal Endpoint Internal Endpoint Worker Role Worker Role WCF Service WCF Service Corporate Domain Window Azure

33 Scaling Out Compute Cycles
Client Service Bus Web Role Worker Role Service WCF Service WCF Service pull from queue write to queue Window Azure REST Compute Queue Corporate Domain Azure Storage

34 Scaling Out Compute Cycles (2)
Client Web Role Worker Role Service WCF Service WCF Service Worker Role WCF Service Worker Role pull from queue WCF Service write to queue Worker Role WCF Service REST Compute Queue

35 Scaling Out Media Access
Client REST Service Blob Container CDN Cache Blob Container CDN Cache Blob Container CDN Cache Azure Storage Azure Storage Corporate Domain

36 Web Application Security Aspects
Provider Business DNS attack prevention Built-in Transfer security HTTPS Privilege elevation prevention ACLs Partial trust Cross Site Scripting (XSS) prevention ASP.NET features and custom Cross domain call prevention Silverlight configuration SQL injection prevention ASP.NET features and parameterized queries Authentication models Forms, Identity Federation

37 WCF Service Security Aspects
Provider Business DNS attack prevention Built-in Transfer security HTTPS or TCP, add message security Privilege elevation prevention ACLs Partial trust SQL injection prevention Parameterized queries Endpoint privacy Internal endpoints, Service Bus Authentication models UserName, Certificate, Identity Federation

38 Identity Federation Benefits
Identity Federation Benefits Decouple authentication mechanism from applications and services Go claims-based Reduce IT pain and risk related to provisioning and de-provisioning users Extend trust to users across domain, corporate and Internet boundaries Support Single Sign-On (SSO) © Michele Leroux Bustamante, IDesign. All rights reserved.

39 Passive Federation Browser 3 5 1 4 2 Azure Hosted Web Site STS Login
Page 1 5 4 2 Azure Hosted Web Site STS © Michele Leroux Bustamante, IDesign. All rights reserved.

40 Active Federation Windows Client 3 1 2 Azure Hosted STS Service
© Michele Leroux Bustamante, IDesign. All rights reserved.

41 STS On Premise Windows Client Azure Hosted Service DMZ STS
© Michele Leroux Bustamante, IDesign. All rights reserved.

42 Windows Users Behind DMZ
Client Azure Hosted Service DMZ Domain Server AD Users ADFS V2 ADFS V2 © Michele Leroux Bustamante, IDesign. All rights reserved.

43 Access Control and Mainstream Identity Providers
Visual Studio Connections Access Control and Mainstream Identity Providers Browser 3 Google FaceBook 4 1 5 2 Yahoo! Windows Live Access Control Relying Party Web Updates will be available at

44 Access Control and Enterprise Identity Providers
Visual Studio Connections Access Control and Enterprise Identity Providers Browser 3 Google FaceBook 4 1 5 2 Yahoo! Windows Live Access Control Enterprise Identity Provider Relying Party Web Updates will be available at

45 Relying Party STS + Access Control
Visual Studio Connections Relying Party STS + Access Control Google Yahoo! FaceBook Windows Live Access Control Relying Party Web Relying Party STS Policy Enterprise Identity Provider Enterprise Identity Provider AD FS V2 Enterprise Identity Provider Flow of tokens, not direct communication Updates will be available at

46 WHEW!

47 Summary Application architecture must be well defined before you can define your cloud strategy Assess risks related to data, content and other assets Determine which can be moved to the cloud Determine the need for a migration plan as needed from on-premise to the cloud Define the application architecture for the cloud and the security plan for each Windows Azure Platform feature Document the IT, shared hosting and application security concerns and mitigations in your internal SLA

48 ARC Track Resources http://www.microsoft.com/visualstudio

49 Resources Learning http://northamerica.msteched.com
Tech Ed North America 2010 4/26/ :41 AM Resources Connect. Share. Discuss. Learning Sessions On-Demand & Community Microsoft Certification & Training Resources Resources for IT Professionals Resources for Developers © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

50 Complete an evaluation on CommNet and enter to win!
Tech Ed North America 2010 4/26/ :41 AM Complete an evaluation on CommNet and enter to win! © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

51 Tech Ed North America 2010 4/26/2017 10:41 AM
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

52

Download ppt "Architecting for a Secure Cloud"

Similar presentations

DPR311. Traditional IT Infrastructure (as a Service) Platform (as a Service) Storage Servers Networking Operating System Middleware Virtualization.

DPR311. Traditional IT Infrastructure (as a Service) Platform (as a Service) Storage Servers Networking Operating System Middleware Virtualization.
DEV333. Describe each main attack Demo how the attack works Fix our poor vulnerable application! Why Script Kiddies, Why? Click to Hack.

DEV333. Describe each main attack Demo how the attack works Fix our poor vulnerable application! Why Script Kiddies, Why? Click to Hack.
Page 1 Ricardo Villalobos Windows Azure Architect Evangelist Microsoft Corporation Designing, Building, and Deploying Windows Azure applications.

Page 1 Ricardo Villalobos Windows Azure Architect Evangelist Microsoft Corporation Designing, Building, and Deploying Windows Azure applications.
SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.

SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
The Microsoft Cloud Azure Platform This presentation incorporates some content from Microsoft.

The Microsoft Cloud Azure Platform This presentation incorporates some content from Microsoft.
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.

“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
The product strategyThe indirect sales WORTMANN AG serves customers from the European Union, North and Eastern Europe, the Middle East and Africa.

The product strategyThe indirect sales WORTMANN AG serves customers from the European Union, North and Eastern Europe, the Middle East and Africa.
Inside Windows Azure Virtual Machines Vijay Rajagopalan Microsoft Corporation.

Inside Windows Azure Virtual Machines Vijay Rajagopalan Microsoft Corporation.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Cloud Power Application Driven Comprehensive & Open Cloud under Your Control!

Cloud Power Application Driven Comprehensive & Open Cloud under Your Control!
COS302. = Managed for YouStandalone Servers IaaSPaaSSaaS Applications Runtimes Database Operating System Virtualization Server Storage Networking.

COS302. = Managed for YouStandalone Servers IaaSPaaSSaaS Applications Runtimes Database Operating System Virtualization Server Storage Networking.
MID201 Web Server Database Web Server Web Server Auction Web App Auction Service Items and Bids Items and Bids Cache Session State Checkout Service.

MID201 Web Server Database Web Server Web Server Auction Web App Auction Service Items and Bids Items and Bids Cache Session State Checkout Service.
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
Additional SugarCRM details for complete, functional, and portable deployment.

Additional SugarCRM details for complete, functional, and portable deployment.
Building Cross Platform Mobile Apps Powered by Azure Chris J.T. Auld Director - Intergen AZR225.

Building Cross Platform Mobile Apps Powered by Azure Chris J.T. Auld Director - Intergen AZR225.
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.

Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
Components of Windows Azure - more detail. Windows Azure Components Windows Azure PaaS ApplicationsWindows Azure Service Model Runtimes.NET 3.5/4, ASP.NET,

Components of Windows Azure - more detail. Windows Azure Components Windows Azure PaaS ApplicationsWindows Azure Service Model Runtimes.NET 3.5/4, ASP.NET,
Migrating Business Apps to Windows Azure Marc Müller Principal Consultant, 4tecture GmbH

Migrating Business Apps to Windows Azure Marc Müller Principal Consultant, 4tecture GmbH

Similar presentations

Ads by Google