1 / 52

Architecting for a Secure Cloud

DPR312. Architecting for a Secure Cloud. Michele Leroux Bustamante Chief Architect, IDesign mlb@idesign.net. Michele Leroux Bustamante. Chief Architect, IDesign ( www.idesign.net ) Chief Security Architect, BiTKOO ( www.bitkoo.com ).

garran
Télécharger la présentation

Architecting for a Secure Cloud

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. DPR312 Architecting for a Secure Cloud Michele Leroux Bustamante Chief Architect, IDesign mlb@idesign.net

  2. Michele Leroux Bustamante Chief Architect, IDesign(www.idesign.net) Chief Security Architect, BiTKOO(www.bitkoo.com) Microsoft Regional Director,(www.theregion.com) MVP Connected Systems Publications and Resources:DevProConnections, MSDN, CoDe Magazine, Microsoft whitepapers Learning WCF (O’Reilly 2007/2009) CodePlex (publications, webcasts, code, utilities) Speaker:Tech Ed, PDC, Dev Connections, NDC, etc. www.michelelerouxbustamante.com, www.learningwcf.com

  3. Agenda • Benefits and concerns moving to the cloud • IT and shared hosting security aspects • Application architecture security aspects • Architectural scenarios for Windows Azure Platform features • Techniques for securing features by scenario

  4. What Drives us to the Cloud? • Reduced capital investment • Scale out on demand, pay as you go • Unbounded scale for bursts or peak loads • Better overall IT management strategy • Quality of service, zero downtime updates • Focus resources on implementation and business logic

  5. Typical Concerns • Loss of control • Reliability of services • Service level commitments and guarantees • Ability to change vendors if dissatisfied • Security

  6. Windows Azure Platform Building Blocks Windows Azure AppFabric Windows Azure Windows Azure Storage SQL Azure Platform Infrastructure, Equipment, Data Center

  7. IT Security Considerations

  8. Shared Hosting Considerations

  9. Application Architecture Considerations

  10. Windows Azure Platform Features Access Control Windows Azure AD FS 2 Cache Web Role Worker Role Cache Service REST On Premise Domain AppFabric Blobs Tables Queues SQL Azure Azure Storage

  11. Service Bus • Primarily designed to address connectivity issues • Services may be located behind Private IPs, firewalls, load balancers, proxy servers • Also enhances reliability and scalability • Provides added security On Premise Service

  12. Service Bus as DMZ Browser Windows Phone 7 Browser WPF Browser MVC / JQuery AJAX Silverlight MVC Site Web Forms Site REST / Router Router MVC / REST REST REST DMZ Service Service Service Service Service Corporate Domain

  13. Service Bus as DMZ (2) Browser Windows Phone 7 Browser WPF Browser MVC / JQuery AJAX Silverlight MVC Site Web Forms Site MVC / REST REST AppFabric DMZ Service Service Service Service Service Corporate Domain

  14. Service Bus to Data On Premise / Migration Client Web Application AppFabric Windows Azure Service Corporate Domain

  15. Service Bus Security Aspects

  16. Service Bus Security Evil Client Client encrypt message signed request + Encrypt Access Control HTTPS AppFabric TCP / HTTPS Service Bus Recommendations: • Require relay credential • Encrypt keys at client • Try to use TCP relay for performance and cost savings • Add message security for highly sensitive data • Use negotiation for encryption certificate over HTTP decrypt message Encrypt Service Corporate Domain

  17. SQL Azure • Relational data store in the cloud (SQL Server 2008 R2) • TDS support (client connections) • REST-based Management API • Protected by: • Firewall Rules • SQL Server authentication (not Windows) • Certificate authentication

  18. Relational Data On Premise / In The Cloud Client Web / Worker Role AppFabric Windows Azure Service Corporate Domain SQL Azure

  19. SQL Azure Security Aspects

  20. SQL Azure Recommendations: • Use portal admin to create DB admin accounts and manage firewall rules • Use DB admin accounts to configure schema and users • Use trusted subsystem users to reduce attack surface • Automate with the REST API where possible SQL Azure Security Corporate Domain Windows Azure Administrative REST Client SQL Server Management Studio SSRS Web Portal Web / Worker Role Service SSIS AS Allow Microsoft Services + User Credentials IP Address + Certificate IP Address + Service User IP Address + User Credentials Portal Admin IP Address + DB Admin Firewall Rules Table A Master Table B REST API user login user user SQL Azure

  21. SQL Azure Data Protection SQL Azure Recommendations (2): • Limit access to hashing and encryption material • Use asymmetric encryption, cert store to protect keys, limited access • Protect hashing material by encrypting config user input Windows Azure compute hash A A Application Application compute hash Hash encrypt data decrypt data compare hash Hash Hash Encrypt Encrypt Hash Encrypt SQL Azure

  22. Windows Azure & Windows Azure Storage • Compute, Storage and Management services • Host web applications and services • Applications can leverage non-relational tables, queues or blob storage • Replace relational database or use tables to compliment • Host large media content • Optionally distribute via Content Delivery Network (CDN) • Mount drives for migration approach • Go all-in or scale out specific features

  23. Windows Azure & Windows Azure Storage Windows Azure Web Role Worker Role REST Queues Tables Blobs Windows Azure Storage

  24. Windows Azure Storage Windows Azure Application Application REST Uri Storage Client REST Queues Tables Blobs Windows Azure Storage

  25. Windows Azure Storage Security Aspects

  26. Windows Azure Storage Security Corporate Domain Windows Azure Remote Client Administration Service Web / Worker Role Web Portal Client App Management Tools HTTPS HTTPS HTTPS HTTPS HTTPS REST Queues Tables Blobs Symmetric Key Windows Azure Storage

  27. Windows Azure Storage Tiers Remote Client Client App Azure Storage Recommendations: • Never ship keys to non-owned clients • Avoid shipping keys to remote clients • Encrypt keys config Windows Azure Administration Web Portal Service encrypt key roll keys HTTPS HTTPS REST Queues Tables Blobs Symmetric Key Windows Azure Storage

  28. Blob Storage Integrity Windows Azure Service Blob Storage Recommendations: • For very large media uploads and/or mission critical data use MD5 validation to ensure integrity validate signature MD5 Hash + Windows Azure Storage Blob Container MD5 Hash +

  29. Blob Storage Shared Access Signatures Blob Storage Recommendations (2): • Never allow public access to container • Allow public read to blob links if appropriate for the application, try to use SAS for this purpose to limit exposure Browser Client Service Service Service Service read access for limited time with shared access key shared access policy list create update delete Shared Access Signature (SAS) >1 hour requires authentication header in request (no browser) create update delete create update delete read list read list read Public Container Access Private Container Public Blob Access Private Container

  30. Windows Azure Architecture Web Role Worker Role AJAX / JQuery Silverlight .NET Code WCF ASP.NET / MVC WCF .NET Code .NET FW 3.5 SP1 / .NET FW 4 CAS Policy NT Security Policy Blobs Tables Queues

  31. Application Architecture Tiers External Endpoint External Endpoint Window Azure Web Role Web Role WCF Service Web Application Internal Endpoint Internal Endpoint Worker Role Worker Role WCF Service WCF Service REST Blobs Tables Queues SQL Azure Azure Storage

  32. Added Security with Service Bus Client Client Service Bus Web Role Web Role WCF Service Web Application Service Internal Endpoint Internal Endpoint Worker Role Worker Role WCF Service WCF Service Corporate Domain Window Azure

  33. Scaling Out Compute Cycles Client Service Bus Web Role Worker Role WCF Service WCF Service Service pull from queue write to queue Window Azure REST Compute Queue Corporate Domain Azure Storage

  34. Scaling Out Compute Cycles (2) Client Web Role Worker Role WCF Service WCF Service Service Worker Role WCF Service Worker Role WCF Service pull from queue write to queue Worker Role WCF Service REST Compute Queue

  35. Scaling Out Media Access Client REST Service Blob Container CDN Cache Blob Container CDN Cache Blob Container CDN Cache Azure Storage Azure Storage Corporate Domain

  36. Web Application Security Aspects

  37. WCF Service Security Aspects

  38. Identity Federation Benefits • Decouple authentication mechanism from applications and services • Go claims-based • Reduce IT pain and risk related to provisioning and de-provisioning users • Extend trust to users across domain, corporate and Internet boundaries • Support Single Sign-On (SSO)

  39. Passive Federation Browser 3 Login Page 5 1 4 2 Azure Hosted Web Site STS

  40. Active Federation Windows Client 3 1 2 STS Azure Hosted Service

  41. STS On Premise Windows Client Azure Hosted Service DMZ STS

  42. Windows Users Behind DMZ Windows Client Azure Hosted Service DMZ Domain Server AD Users ADFS V2 ADFS V2

  43. Access Control and MainstreamIdentity Providers Browser 3 Google FaceBook 4 1 5 2 Yahoo! Windows Live Access Control Relying Party Web

  44. Access Control and EnterpriseIdentity Providers Browser 3 Google FaceBook 4 1 5 2 Yahoo! Windows Live Access Control Enterprise Identity Provider Relying Party Web

  45. Relying Party STS + Access Control Google Yahoo! FaceBook Windows Live Access Control Relying Party Web Relying Party STS Policy Enterprise Identity Provider Enterprise Identity Provider AD FS V2 Enterprise Identity Provider Flow of tokens, not direct communication

  46. WHEW!

  47. Summary • Application architecture must be well defined before you can define your cloud strategy • Assess risks related to data, content and other assets • Determine which can be moved to the cloud • Determine the need for a migration plan as needed from on-premise to the cloud • Define the application architecture for the cloud and the security plan for each Windows Azure Platform feature • Document the IT, shared hosting and application security concerns and mitigations in your internal SLA

  48. ARC Track Resources • http://www.microsoft.com/visualstudio • http://www.microsoft.com/visualstudio/en-us/lightswitch • http://www.microsoft.com/expression/ • http://blogs.msdn.com/b/somasegar/ • http://blogs.msdn.com/b/bharry/ • http://www.microsoft.com/sqlserver/en/us/default.aspx • http://www.facebook.com/visualstudio

  49. Resources • Connect. Share. Discuss. http://northamerica.msteched.com Learning • Sessions On-Demand & Community • Microsoft Certification & Training Resources www.microsoft.com/teched www.microsoft.com/learning • Resources for IT Professionals • Resources for Developers http://microsoft.com/technet http://microsoft.com/msdn

  50. Complete an evaluation on CommNet and enter to win!

More Related