1 / 18

Azure

Azure. How safe is my data in the cloud ?. Why Azure ?. Azure: Flash in the pan or here to stay ? 2010 6000 installations of Azure in Ireland . The major companies using Azure, AerLingus , Kia Motors, Coca Cola. Microsoft Certification Path.

kyra-chavez
Télécharger la présentation

Azure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Azure How safe is my data in the cloud ?

  2. Why Azure ? • Azure: Flash in the pan or here to stay ? • 2010 6000 installations of Azure in Ireland . • The major companies using Azure, AerLingus, Kia Motors, Coca Cola. • Microsoft Certification Path. • Potentially more flexible than Amazon and other competitors. • Obvious benefits in terms of Licensing, Support Staff and throughput.

  3. Deployment Models • Public Cloud • Private Cloud • Community Cloud • Hybrid Cloud

  4. Public Cloud • Openly Accessible • Homogeneous Infrastructure • Common Policies • Shared Resource and Multi Tenant • Rented Infrastructure • Economies of Scale and Elastic Scalability

  5. Private Cloud • Infrastructure is managed and operated for one organization only. • Customized and tailored policies. • Dedicated resources. • End-to-End control.

  6. Hybrid Cloud • Private Cloud • On-Premise Resources.

  7. Cloud Security Issues

  8. Claims Based Access Control • Claims – A fact about an entity stated by another entity • Trust – One entity is said to trust another if it considers the claims issued by the other entity to be true. • Tokens – An xml construct signed by an authority containing claims and possibly credentials. • Security Token Services – A web service that issues security tokens described by WS-Trust

  9. Claims Based Access Control • Can be used by any form of distributed application regardless of where it is deployed (on-premise, cloud, hybrid) • Supports industry standards-based interoperability. • Unlike standard STS implementations for the cloud STS is implemented as a service

  10. AppFabric Access Control • Access control provides the default security layer for Service Bus, but it can also be used to protect any service implementation. App Fabric Access Control Secure Token Valid Claims Permission Request Service Service Consumer Data

  11. AppFabric Access Control • No need to develop a STS as it is already integrated into Azure. • When a service consumer attempts to connect to a service endpoint on a Service Bus that is protected by the access control, the consumer logic will need to authenticate itself with the Service Bus. • The authentication request comes in the form of a security token that is issued by Access control in order to authenticate the client and subsequently authorize access to the resource.

  12. AppFabric Access Control • Services attempting to attach to the service bus must also apply to the STS for a valid token. • Consumer programs can obtain tokens by supplying credentials that have been granted permissions to access the targeted service endpoints. • These credentials can come in the form of shared secrets (username/password or X.509 Certificates), Simple web tokens or SAML tokens. • The WCF bindings transparently handle the credentials exchange, token acquisition, and token submission.

  13. Usage Scenarios Enterprise Cloud Application 3 6 Trust Certificate 0 ACS Web App 4 5 2 0 Browser Pages Admin Contractor Employee 1 ADFS Live Id Other

  14. Step 0 • Administrator establishes a trust between web application and ACS using a shared key which is refreshed on a periodic basis. • Input and output claims are mapped in the form of rules for employees and contractors

  15. Step 1 - 6 • 1 When a requestor signs into the Web App the requestor acquires the appropriate authentication token from the appropriate provider. • 2 Requestor posts the acquired token to the ACS for claims mapping. • 3 ACS maps claims. • 4 ACS returns an SWT token to the requestor. • 5 Request and payload sent to application • 6 The application processes these claims in a claims processing module and determines the level of access the requestor is entitled to.

  16. Access Control Service V 2 • Allows multiple external identity providers such as Facebook and Google as well as LiveId. • Multiple protocol such as OAuthWrap, and WSAuthentication. • Extended UI for interaction with the service. • Code generator for client applications.

  17. Service

  18. Namespace

More Related