The Microsoft Cloud Azure Platform This presentation incorporates

The Microsoft Cloud Azure Platform This presentation incorporates some content from Microsoft

Types of Clouds Infrastructu re (On-Premise) Runtimes Runtimes Applications Runtimes Security & Integration Security & Integration Databases Databases Servers Servers Servers Virtualization Virtualization Server HW Server HW Storage Storage Networking Networking Databases Managed by vendor You manage Applications (as a Service) Virtualization Server HW Storage Networking Managed by vendor Security & Integration You manage Applications (as a Service) Platform You manage Private

Cloud Services Continuum (based on Robert Anderson) e-Science Central Google Docs Amazon Google AppEngine -Elastic Map Reduce -Simple DB -Simple Queue Service Windows Azure Software (SaaS) Platform (PaaS) - Sharepoint - SQL Services Windows Azure .net services Infrastructure (IaaS) Amazon EC2 & S3 http://et.cairene.net/2008/07/03/cloud-services-continuum/ Complexity & Flexibility Salesforce.com

The Microsoft Cloud Categories of Services Application Services Software Services Platform Services Infrastructure Services

Windows Azure Platform Internet-scale, highly available cloud fabric Globally distributed Microsoft data centers (ISO/IEC 27001:2005 and SAS 70 Type I and Type II certified) Consumption and usage-based pricing; enterprise-class SLA commitment Compute – autoprovisioning 64-bit application containers in Windows Server VMs; supports a wide range of application models Data – massively scalable & highly consistent distributed relational database; georeplication and geolocation of data Storage – highly available distributed table, blob, queue, & cache storage services Processing – relational queries, search, reporting, analytics on structured, semistructured, and unstructured data Languages – .NET 3.5 (C#, VB.NET, etc.), IronRuby, IronPython, PHP, Java, native Win32 code Integration – synchronization and replication with onpremise databases, other Service Bus – connectivity to onpremises applications; secure, federated firewall friendly Web services messaging intermediary; durable & discoverable queues Access Control – rules-driven federated identity; AD federation; claims-based authorization Workflows – declarative service orchestrations

Security and Privacy Encrypts data before it goes to database Encrypts connection to azure via SSMS (SQL Server Management Studio) Service Secure channel required (SSL) Denial Of Service trend tracking Packet Inspection Server IP allow list (Firewall) Idle connection culling Generated server names Database Disallow the most commonly attacked user id’s (SA, Admin, root, guest, etc) Standard SQL Authn/Authz mode

Access Control Approach Automate federation for a wide-range of identity providers and technologies Factor the access control logic from the application into manageable collection of rules Easy-to-use framework that ensures correct token processing Enable security scheme external to application Multiple security schemes can be enabled Rules used to map claims to what app expects Integrate with standards-based identity providers, including enterprise directories and web identity systems such as Windows Live ID .NET Developers use the Geneva Framework