Download presentation
Presentation is loading. Please wait.
1
windows azure app fab security steve plank “planky” architectural evangelist, microsoft uk splank@microsoft.com http://blogs.msdn.com/plankytronixx
2
agenda access control service and adfs 2.0 windows azure connect domain-joining a windows azure instance
3
connecting to the outside world ad Username: Password: OKCancel adfs2 acs google yahoo live id facebook appfabriclabs ctp available now
4
tick box ip config
5
security token service service that issues tokens – give it something user-id/password x.509 cert another security token – get a security token back saml swt “cookie” custom “something”security token
6
claims transformation sts title email dept tel no. buyer fred@abc.com engineering 01234 567 890 title email dept tel no. purchaser fred@abc.com engineering +441234 567 890 £limit if title == “buyer” AND department == “engineering”: purchaselimit = “£5m” if title == “buyer” AND department == “stationary”: purchaselimit = “£50” £5m
7
roles claims store: stores claims: – email, firstname, telno, etc… active directory identity provider (ip): authenticate, issues tokens – user-id/pww, x.509, smartcard…. adfs2, acs federation provider (fp): – token in; token out. claims transformation… acs relying party (rp): – app that consumes tokens trust: – links rp-ip, fp-ip etc.
8
windows azure wif plankytronixx.com acs/adfs authentication flow app fab acs web app adfs 2 ad dc ctrl-alt-del federation trust
9
for more info http://blogs.msdn.com/b/plankytronixx/archi ve/2011/01/11/video-how-windows-azure- app-fab-acs-and-adfs-2-0-work-together.aspx http://blogs.msdn.com/b/plankytronixx/archi ve/2011/01/11/video-how-windows-azure- app-fab-acs-and-adfs-2-0-work-together.aspx http://blogs.msdn.com/b/plankytronixx/archi ve/2010/11/05/primer-federated-identity-in- a-nutshell.aspx http://blogs.msdn.com/b/plankytronixx/archi ve/2010/11/05/primer-federated-identity-in- a-nutshell.aspx
10
agenda access control service and adfs 2.0 windows azure connect domain-joining a windows azure instance
11
windows azure what is it? 0 1 on-premise
12
availability ctp – now sign-up http://windows.azure.comhttp://windows.azure.com components: – subscription (portal) – 1.4 sdk (download) – agents (download (from portal)) release in h1 2011 support for vpn devices in future
13
windows azure virtual network 0 on-premise ssl tunnel IPv6, IPsec, point-to-point connection firewall: outbound port 443 (ssl) relay service 1 connect agents
14
group b group c group a grouping role1 role2 role3
15
a quick word about remote desktop portal rdp goes via the internet on-premise to windows azure role goes direct windows azure on-premise windows azure portal
16
for more info http://blogs.msdn.com/b/plankytronixx/archi ve/2010/11/09/azure-connect-connecting- your-on-premise-and-windows-azure- networks-together.aspx http://blogs.msdn.com/b/plankytronixx/archi ve/2010/11/09/azure-connect-connecting- your-on-premise-and-windows-azure- networks-together.aspx http://blogs.msdn.com/b/plankytronixx/archi ve/2011/01/10/video-presentation-windows- azure-connect-from-scratch.aspx http://blogs.msdn.com/b/plankytronixx/archi ve/2011/01/10/video-presentation-windows- azure-connect-from-scratch.aspx
17
agenda access control service and adfs 2.0 windows azure connect domain-joining a windows azure instance
18
corporate AD domain-joining an instance required info: – domain-name – ou – local admin accts – creds with permissions for domain-join web /worker/vm role on-premise domain controller/dns.cscfg
19
agenda access control service and adfs 2.0 windows azure connect domain-joining a windows azure instance blogs.msdn.com/plankytronixx
Similar presentations
