cloud computing & windows azure intro
DESCRIPTION
This presentation is an introduction about Cloud Computing and Microsoft Windows Azure. Microsoft Public Cloud solution for Platform and Infrastructure layers.TRANSCRIPT
![Page 1: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/1.jpg)
Cloud Computing
#LiveinaCloudyWorld
Haddy El-HagganMicrosoft Student PartnerCloud Computing Expert
![Page 2: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/2.jpg)
Overview
• What’s Cloud Computing?• Differences between Cloud Computing and
other concepts• The Power Of Cloud – Cloud Benefits• Security On the Cloud• Cloud Types• File Storage & SQL Azure• Roles
![Page 3: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/3.jpg)
![Page 4: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/4.jpg)
• History Brief– Mainframe– Grid Computing– Client-Server
–Cloud Computing
What’s Cloud Computing?
![Page 5: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/5.jpg)
![Page 6: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/6.jpg)
Cloud Computing
• Cloud Computing is composed of several layers:– Infrastructure– Platform– Software
![Page 7: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/7.jpg)
Packaged Software
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
You m
anag
e
Infrastructure
(as a Service)
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
Man
ag
ed b
y v
en
dor
You m
anag
e
Platform(as a
Service)
Man
ag
ed b
y v
en
dor
You m
anag
e
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
Software(as a
Service)
Man
ag
ed b
y v
en
dor
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
![Page 8: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/8.jpg)
Cloud Computing LayersEach Layer is designed for a special category
![Page 9: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/9.jpg)
CLOUD COMPUTING IS A CONCEPT NOT A TECHNOLOGY
![Page 10: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/10.jpg)
The Power of Cloud
![Page 11: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/11.jpg)
The Power of Cloud
• Availability• Agility• Maintenance• Efficiency• Scalability
![Page 12: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/12.jpg)
The Power Of Cloud
• Cost• Focus
BrowserPC Phone
![Page 13: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/13.jpg)
Agility
![Page 14: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/14.jpg)
ONE OF THE BIGGEST CONCERN IS ALWAYS ABOUT THE SECURITY AND HOW ARE MY DATA SECURE ON THE CLOUD?
![Page 15: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/15.jpg)
Platform(as a Service)
Man
ag
ed b
y v
en
dor
You m
anag
e
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
![Page 16: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/16.jpg)
Microsoft Cloud Solution Security Overview
• Developers and users must know the responsibilities the share with the Cloud Provider
• These are the main layers of security for any Cloud Provider:
– Human– Data– Application– Host– Network– Physical
![Page 17: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/17.jpg)
Microsoft Cloud Solution Security Overview (Cont.)
• The “human” and “Data” layers are the users’ responsibility and how they manage their data and its permissions (more information about the data on Azure to be followed)
• The “Application Layer” depend on the developer and the security used on it
• Authentication• Input validation ….
• Recommend to develop using SDL (security development lifecycle) designed for windows Vista, Windows 7 and windows Azure
![Page 18: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/18.jpg)
![Page 19: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/19.jpg)
![Page 20: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/20.jpg)
Microsoft Cloud Solution Security Overview
• “Host” Layer, Windows Azure is hosted on Windows Server 2008 Hyper-V
• Windows Azure doesn’t depend on Windows Server 2008 hypervisor , it has its own hypervisor where the roles and the VM are hosted and isolated
• Host has 2 main jobs:– Isolation (every role runs on its own VM)– Hardening (regular Security Updates)
![Page 21: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/21.jpg)
Microsoft Cloud Solution Security Overview
• Some Firewall can be configured by the service owner and some are controlled by the fabric controller
• “Network” Layer, Windows Azure traffic through several firewall
• Guest VM• Host VM• SQL Azure VM
![Page 22: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/22.jpg)
![Page 23: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/23.jpg)
THERE IS NO ENCRYPTION ON WINDOWS AZURE
![Page 24: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/24.jpg)
Data Security on Azure
• Windows Azure Compute and Windows Azure Storage are 2 different things each of them is hosted on different hardware resources
• In the Storage Architecture the top layer validates, authenticates, and authorizes requests, routing them to the partition layer and data layer where the data exists
• Protect against Data Loss, there are always three replicates of your data whatever happens
![Page 25: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/25.jpg)
Data Security on Azure
• Isolation: all your data are isolated from the others by 2 ways:– Logically – Physically
• Each type of storage has its own way of access depending on the developer
• NO DATA ARE ACCESSIBLE BY THE PUBLIC EXCEPT THE PUBLIC BLOB
![Page 26: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/26.jpg)
Secure Networking
• Network Architecture: – In Azure there are mainly 4 types of Nodes:
• Fabric Controller Node (Azure Kernel)• Storage Node• Compute Node• Other infrastructure Node
– In the FC Networking there are 3 types of isolated networks:• Main VLAN (all untrusted customer nodes)• FC VLAN (trusted FC networks)• Device VLAN (contains trusted networks an other infrastructure
devices)
![Page 27: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/27.jpg)
Secure Networking
• No communication is possible to be made between the VLANs without passing through several routers for preventing faking traffic and eavesdropping on other traffic
• The communication is permitted from the FC VLAN or the Device VLAN to the main VLAN but not initiated from the main VLAN
![Page 28: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/28.jpg)
Secure Networking
• Azure has the largest internet connections in the industry
• It is unlikely that someone can cut azure out of public by producing enough malicious traffic
• If your application on azure is attacked, azure will create several compute instances to maintain your application until the attack passes
• Microsoft is considering ways to identify malicious traffic and block it as it enters the Azure Fabric, but this sort of protection has not yet been deployed.
![Page 29: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/29.jpg)
Identity On Azure
• To gain access to your application on the Cloud you have to pass few steps:– Authentication– Authorization– Monitoring and logging (track users and log their
operations)• Windows Azure support several identity technology
– Active Directory– Open ID– SQL Server– WIF
![Page 30: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/30.jpg)
Identity On Azure
• Windows Azure supports 2 types of identity in the Cloud:– Role based– Claim Based
• Role based is using Username and password• Claim based is using Token containing a
collection of Claims
![Page 31: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/31.jpg)
Identity On Azure: Role based authorization
• It can be used by SQL Azure, Azure Connect and ASP.NET membership provider
• You only use the username and the password and the rest are kept in the identity store
• Simple, easy to use and possible to implement Domain join
![Page 32: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/32.jpg)
Identity on Azure: Azure Connect
• Azure connect support domain join of windows azure roles to on premises Active Directory
![Page 33: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/33.jpg)
Identity on Azure : Claim Based
• Claim is a piece of information• Token is a collection of Claims and are signed• Security Token Service map the credentials to the
token• Application is provide with all the identity information
needed• The management of the identity is not the application
responsibility• Integration between several identity providers• Less infrastructure code
![Page 34: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/34.jpg)
![Page 35: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/35.jpg)
Identity On Azure: AppFabric Access Control
• Enable the developer of using claim based authorization from enterprises like active directory, SQL Server
• Also enable the usage of the other identity provider like live ID, Facebook, Google and Yahoo.
![Page 36: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/36.jpg)
Types of Cloud
• Private– Between certain users
• Public– Accessible by everyone
• Hybrid– Public/Private
![Page 37: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/37.jpg)
Storage
• BLOB(Binary Large Object)– Container– Blob– Block
• Table Storage– Table– Entities
– Partition Key– Row Key
– Properties
![Page 38: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/38.jpg)
Storage (cont.)
• Queue• Drive– Local resource– String connection
![Page 39: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/39.jpg)
Table Storage Vs. SQL Azure
Table Storage• Is more scalable• Semi Structured• Less Expensive
SQL Azure• Normal SQL running in
Microsoft Cloud Environment
• Completely Structured• Expensive
![Page 40: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/40.jpg)
Roles
Web Role• Run on the client Side• Act as a normal ASP.NET
Worker Role• Background process running
on datacenter• Can run for hours• Can communicate to Web
Role though a queue or WCF
![Page 41: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/41.jpg)
References
• Windows Azure Platform articles from the trenches
• www.microsoft.com/windowsazure• Cloud Cover Videos• Windows Azure Platform V1 3—Chappel
![Page 42: Cloud computing & windows azure intro](https://reader033.vdocuments.us/reader033/viewer/2022061112/545676f2af7959bc078b46ef/html5/thumbnails/42.jpg)
Azure Community in Egypt
• Twitter: Azurecomeg• Facebook:
www.facebook.com/Azure.Community.Egypt• E-Mail: [email protected]