MICROSOFT CONFIDENTIAL Page 1 A Secure Cloud-Computing Platform Azure Partner Architects| 4/11/2011 David McGhee | Windows Azure Platform Technical Specialist.

Slides:



Advertisements
Similar presentations
A Flexible Cloud-Computing Platform Focus on solving business problems
Advertisements

Distributed Data Processing
Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.
The future of Desktops Transform Your Desktop with Virtualization.
1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.
Obstacles Security Culture Cloud Cloud Computing will be the primary delivery model, the big question is how fast is going to get there. The cost is the.
The Microsoft Cloud Azure Platform This presentation incorporates some content from Microsoft.
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
System and Network Security Practices COEN 351 E-Commerce Security.
Chapter 7 HARDENING SERVERS.
BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.
Why Microsoft makes the cloud shine Nigel Watson, Platform Strategy Advisor.
Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers Vendors.
Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.
B UILDING M ULTI - TIER W EB A PPLICATIONS IN V IRTUAL E NVIRONMENTS.
Does "The Cloud" Fit Into Your Organization? Tom Horan Meridian IT Inc. VP, Strategic Markets (847)
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
OSP214. SECURITY PRIVACY RELIABILITY & SERVICE CONTINUITY COMPLIANCE.
Migrating SQL Server database applications to Windows Azure Virtual Machine Guy BowermanEvgeny Krivosheev DBI333.
Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
SharePoint Farm On Azure IAAS Prepared By : Prakhar Rastogi Premier Field engineer Microsoft India.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Effectively Explaining the Cloud to Your Colleagues.
© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+
Cloud Computing Saneel Bidaye uni-slb2181. What is Cloud Computing? Cloud Computing refers to both the applications delivered as services over the Internet.
Cloud Computing Kwangyun Cho v=8AXk25TUSRQ.
Migrating Business Apps to Windows Azure Marc Müller Principal Consultant, 4tecture GmbH
Market reaction to consumerization ““…pressure from users to support non IT-procured, or individual liable devices whilst still providing convenient.
Lets agree that an Optimized Data Center is not yet a Cloud +=
Plan  Introduction  What is Cloud Computing?  Why is it called ‘’Cloud Computing’’?  Characteristics of Cloud Computing  Advantages of Cloud Computing.
Intro to cloud computing and Azure. And in a non-Cloud view, there are inefficiencies in addressing those issues TIME IT CAPACITY Actual Load Allocated.
What is the cloud ? IT as a service Cloud allows access to services without user technical knowledge or control of supporting infrastructure Best described.
PCIT313. Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers.
Introducing Microsoft Azure Government Steve Read Barbara Brucker.
Sudarshan Yadav Sr. Program Manager, Microsoft
Alessandro Cardoso Microsoft MVP | Readify National Manager |
Customers Security in Context Microsoft & Office 365 / Azure Cloud Security Engagement Framework & References Real World application Frameworks.
Microsoft Technology Roadmap Event Helping Your Business Save, Innovate, and Grow Jill Schoolenberg General Manager Corporate Accounts.
Virtual techdays INDIA │ august 2010 Cloud Computing – What and How ? Sandeep J Alur │ Microsoft India.
Windows Azure for IT Pros Kurt CLAEYS (TSP Windows Azure, Microsoft EMEA)
Microsoft Azure RemoteApp Michael Hacker Cloud Solutions Architect
Windows Azure for scalable compute and storage SQL Azure for relational storage for the cloud AppFabric infrastructure to connect the cloud.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Securely Running Applications in the Cloud (and why it is inevitable) OWASP Boston 08-October-2011 Boston Azure User Group
Windows ® Azure ™ Platform. Network Architecture Packet Filtering Built-In Firewalls Connect Service SSL WCF Security Agenda.
Microsoft Windows Server 2012 R2. What’s NEW in Windows Server 2012 R2.
User and Device Management
Mark Gilbert Microsoft Corporation Services Taxonomy Building Block Services Attached Services Finished Services.
noun ; Software Defined Enterprise/SDE/ The enterprise who leverages software to flank their traditional business offerings, or to create entirely new.
Building Cloud Solutions Presenter Name Position or role Microsoft Azure.
PRESENTED BY– IRAM KHAN ISHITA TRIPATHI GAURAV AGRAWAL GAURAV SINGH HIMANSHU AWASTHI JAISWAR VIJAY KUMAR JITENDRA KUMAR VERMA JITENDRA SINGH KAMAL KUMAR.
Windows Azure Boot CampWindowsAzureBootCamp.com. Windows Azure Boot CampWindowsAzureBootCamp.com.
Building web applications with the Windows Azure Platform Ido Flatow | Senior Architect | Sela | This session.
Moving Small Business Server into the Future. STANDARD Workload Optimized DATACENTER Virtualization Optimized Virtualization SKUs ESSENTIALS Small Business,
Private KEEP OFF! Private KEEP OFF! Open! What is a cloud? Cloud computing is a model for enabling convenient, on-demand network access to a shared.
Clouding with Microsoft Azure
Unit 3 Virtualization.
Chapter 6: Securing the Cloud
Stop Those Prying Eyes Getting to Your Data
Outline Virtualization Cloud Computing Microsoft Azure Platform
Increase and Improve your PC management with Windows Intune
Cloud Security AWS as an example.
Windows Azure Hybrid Architectures and Patterns
06 | SQL Server and the Cloud
Cloud Computing for Wireless Networks
Presentation transcript:

MICROSOFT CONFIDENTIAL Page 1 A Secure Cloud-Computing Platform Azure Partner Architects| 4/11/2011 David McGhee | Windows Azure Platform Technical Specialist | Microsoft ANZ |

MICROSOFT CONFIDENTIAL Page 2 Agenda What is Azure? Azure Security Operations & Monitoring Additional Learning /questions

MICROSOFT CONFIDENTIAL Page 3 Generational Shift Centralized compute & storage, thin clients Technology EconomicBusiness Optimized for efficiency due to high cost High upfront costs for hardware and software PCs and servers for distributed compute, storage, etc. Optimized for agility due to low cost Perpetual license for OS and application software Large DCs, commodity HW, scale-out, devices Order of magnitude better efficiency and agility Pay as you go, and only for what you use

MICROSOFT CONFIDENTIAL Page 4 Cloud Impact REDUCED MANAGEMENT NEW ECONOMICS INCREASED PRODUCTIVITY Pay for what you use Lower and predictable costs Shift from capex and opex Accelerate speed to value No patching, maintenance Faster deployment Robust multi-layered security Reliability and fault- tolerance Latest software for users Internet collaboration Anywhere access Instant self-provisioning

MICROSOFT CONFIDENTIAL Page 5 IT as a Service Business Requirements End User Config Application Logic Data Schema Operating System Disaster Recovery Virus Control Database Management Load Balancing Identity/Authorisation Middleware Hardware Network Storage Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS)

MICROSOFT CONFIDENTIAL Page 6 Windows Azure is an internet-scale cloud services platform hosted in Microsoft data centers around the world, proving a simple, reliable and powerful platform for the creation of web applications and services. The Windows Azure Platform

MICROSOFT CONFIDENTIAL Page 7 Customer Security Concerns from Cloud- The Inevitable Questions Privileged User Access Regulatory Compliance Is my Data Centre compliant with all international certifications? Data Location Does my provider obey local privacy requirements on behalf of their customers? How does my cloud service provider support me in the case of data failure? What measures are taken by my cloud provider, if illegal activity is found within the Data Centre? How can I get my data back, if the company who owns the Data Centre is absorbed or collapses?

MICROSOFT CONFIDENTIAL Page 8 Security and Compliance DATA CENTER FOUNDATION ROBUST SECURITY PROGRAMS WINDOWS AZURE "privacy by default"

MICROSOFT CONFIDENTIAL Page 9 North America Europe Asia West Europe South Asia South Central US North Central US East Asia Eastern Europe Data Center Management Security Management Threat & Vulnerability Management, Monitoring & Response Edge Routers, Firewalls, Intrusion Detection, Vulnerability scanning Network perimeter Dual-factor Auth, Intrusion Detection, Vulnerability scanning Internal Network Access Control & Monitoring, Anti-Malware, Patch & Config Mgmt Host Secure Engineering (SDL), Access Control & Monitoring, Anti-Malware Application Access Control & Monitoring, File/Data Integrity Data User Account Mgmt, Training & Awareness, Screening Facility Physical controls, video surveillance, Access Control

MICROSOFT CONFIDENTIAL Page 10 The Microsoft Security Development Lifecycle (SDL) Executive commitment  SDL a mandatory policy at Microsoft since 2004 Technology and Process EducationAccountability Ongoing Process Improvements numberseverity Helping to protect customers by reducing the number and severity of software vulnerabilities prior to Release

MICROSOFT CONFIDENTIAL Page 11 Platform as a Service Security Model Physical Network Host Application Data On Premises Customer Physical Network Host Application Data Platform as a Service Customer Microsoft

MICROSOFT CONFIDENTIAL Page 12 LayerDefences Data Strong storage keys for access control SSL support for data transfers between all parties Application Front-end.NET code running under partial trust Windows account with least privileges Host Stripped down version of Windows Server 2008 OS Host boundaries enforced by external hypervisor Network Host firewall limiting traffic to VMs VLANs and packet filters in routers Physical World-class physical security ISO 27001and SAS 70 Type II certification for data centre processes

MICROSOFT CONFIDENTIAL Page 13 1 Physical – Tailored to run applications

MICROSOFT CONFIDENTIAL Page 14 2 Network - Access Paths

MICROSOFT CONFIDENTIAL Page 15 3 Host – Execution Environment Customer code run on dedicated virtual machines (VMs) VMs isolated by a Hyper-V based hypervisor All access to network and disk is mediated by a “root” virtual machine Network/Disk Hypervisor 1, 2, 4 or 8 CPUs, up to 14GB of memory Stripped down, hardened version of Windows Server 2008 Three virtual hard disks Limited number of device drivers Network connectivity restricted using host firewall Hyper-V based hypervisor

MICROSOFT CONFIDENTIAL Page 16 4 Application - Identity and Access Management Active Directory Other Providers WS-* and SAML On Premises Use of Active Directory identities and groups through federation Enable seamless access experience with other corporate applications tied to AD Integration with 3 rd party systems through WS-* and SAML 2.0 open standards In the next release of AppFabric Access Control Services (ACS 2.0), single sign-on with popular Internet identity providers

MICROSOFT CONFIDENTIAL Page 17 5 Data - Storage Services Security Customer data stored on separate hardware from the Windows Azure Compute VMs, organized into storage accounts Access to data in a specific account is only granted to entities having the secret key for that account – Storage access keys are randomly generated when the storage account is created (or later at the request of the customer) – A storage account may have two active keys at any given time to support key rollover Data access can be protected using SSL encryption

MICROSOFT CONFIDENTIAL Page 18 5 Data - Windows Azure Storage Reliability Data is replicated within Windows Azure to three separate physical nodes for high availability Azure Physical Storage Application X Customer On-premises Storage

MICROSOFT CONFIDENTIAL Page 19 Security Design considerations Practices: – Secure design – Secure coding – Threat management Design patterns – Azure Connect – Service Bus – Access Control

MICROSOFT CONFIDENTIAL Page 20 Service Management Market

MICROSOFT CONFIDENTIAL Page 21 All running roles will be continuously monitored If role is not running, we will detect and initiate corrective action >99.9% Instance monitoring and restart Database is connected to the internet gateway All databases will be continuously monitored >99.9% Database availability >99.9% Service bus and access control endpoints will have external connectivity Message operation requests processed successfully Service bus and access control availability Your service is connected and reachable via web. Internet facing roles will have external connectivity >99.95% Compute connectivity >99.9% Storage service will be available/ reachable (connectivity) Your storage requests will be processed successfully Storage availability Service Level Agreements >99.9% Service will respond to client requests and deliver the requested content without error Content delivery network

MICROSOFT CONFIDENTIAL Page 22 Q&A?

MICROSOFT CONFIDENTIAL Page Overview World-Class Support World-Class Security Carrier-Class Data Centers Operational Best Practices World-Class Architecture Application Specific Hardware We proactively monitor outbound access to detect common cases (port scans, spam)

MICROSOFT CONFIDENTIAL Page 24 Visit Microsoft.com/Azure to view the following whitepapers concerning security and the Windows Azure PlatformMicrosoft.com/Azure Windows Azure Security Overview Security Best Practices For Developing Windows Azure Applications Security Guidelines for SQL Azure Microsoft Security Development Lifecycle Next steps to learn more about Windows Azure Platform Security Get involved in the Windows Azure Platform community Microsoft Essentials Windows Azure Platform Security Essentials: Module 1 - Security Architecture Windows Azure Platform Security Essentials: Module 2 – Identity Access Management Windows Azure Platform Security Essentials: Module 3 – Storage Access Windows Azure Platform Security Essentials: Module 4 – Secure Development

MICROSOFT CONFIDENTIAL Page 25 Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.