Understanding & Implementing Windows Azure Platform Security

Lai Hoong Fai Microsoft Malaysia hoongfai@microsoft.com

Agenda
Cloud Security Concerns Windows Azure Platform Security Model
Compute Services Storage Identity and Access Networking Management

Data Center Security and Data Location

Services and Server Platforms

Scale-out Apps Massive Scale

Optimized for

We Run it for Prescribed Hardware Cost of You Operations

Any Workload or Application
Security Talk
3

Versatile across

Levels of Scale Build Your Hardware Configurations Own Models Operational

Platform as a Service Security Model

Data Customer Application Microsoft Host Network Physical

Data Application Customer Host Network Physical

On Premises

Platform as a Service
4

Security Talk

Cloud Security Concerns

Where is my data located? Is the Microsoft Cloud secure? Who can see my data? How do you make sure my company data follows the rules? What happens if

Cloudy with a chance of Rain, The Economist, March 5, 2010

5

Security Talk

Windows Azure Security Layers

Layer
Data

Defenses
Strong storage keys for access control SSL support for data transfers between all parties Front-end .NET code running under partial trust Windows account with least privileges Windows Server 2008 R2 OS image Host boundaries enforced by external hypervisor Host firewall limiting traffic to VMs VLANs and packet filters in routers World-class physical security ISO 27001 and SAS 70 Type II certifications for datacenter processes

Application

Host

Physical

Security Talk

Network

Secure by Design
Industry leading software security assurance process
Prescriptive yet practical approach Proactive not just looking for bugs Eliminate security problems early Proven results

Protects Windows Azure Platform customers by

Reducing the number of vulnerabilities Reducing the severity of vulnerabilities

Security Talk

Windows Azure Platform

GENERAL PURPOSE PROGRAMMING LANGUAGES

Windows Azure Platform

The Windows Azure Platform is an internet-scale cloud services platform hosted in Microsoft data centers around the world, proving a simple, reliable and powerful platform for the creation of web applications and services.

Security Talk

Windows Azure Architecture

Service Model Services composed of roles, mix and match in any topology Desired state of service
# of role instances, availability and update domains, config settings

Fabric Controller

Agnostic to programming languages

Role Types

Load-balancers

Switches

Security Talk

Windows Azure Compute Security

Stripped down, hardened version of Windows Server 2008 or R2
Web Role Worker Role VM Role

No persistent storage in the Compute nodes Limited number of device drivers Network connectivity restricted using host firewall

Host VM

Hyper-V based hypervisor

VM isolation

Network/Dis k

Network packet filtering

Security Talk
10

Customer code run on dedicated virtual machines (VMs) VMs isolated by a Hyper-V based hypervisor All access to network and disk is mediated by a host virtual machine

Windows Azure Compute Security

The VM is the security boundary upon which Windows Azure security is based The host OS and Fabric Controller are trusted by the infrastructure The guest agent and customer code are untrusted The Fabric Controller host agent ensures that the VM can only access IP addresses assigned to VMs of the same service Allows access to Internet addresses Fabric Controller uses certificates and network security to authorize access to datacenter resources

11

Security Talk

Windows Azure Compute Reliability

Unit of failure based on data center topology
E.g. top-of-rack switch on a rack of machines

FrontEnd-1

FrontEnd-2

Windows Azure considers fault domains when allocating service roles

2 fault domains per service Will try and spread instances out across more than one fault domain
E.g. wont put all instances in same rack

Middle Tier-1

Middle Tier-2
Security Talk
12

Storage Services in Windows Azure

Windows Azure storage is an application managed by the Fabric Controller Windows Azure applications can use native storage, SQL Azure, or even run MySQL within a VM Application state is kept in storage services, so worker roles can replicate as needed

13

Security Talk

Windows Azure Storage Security

14

Security Talk

SQL Azure
Relational Database as a Service in Azure
Built upon the SQL Server engine One logical server per Azure subscription Abstracts the Logical from the Physical Administration

Server Side Processing of Data

Aggregation, Stored Procedure, Queries, Joins, Sorts, Views, Index, etc. Supports Familiar Relational T-SQL Programming Model

Accessible through existing APIs

ADO .Net, ODBC, etc. Easy to use Schema Migration and Data Migration tools available
Security Talk
15

Multiple front-end servers receiving client connections Data stored in three replicas Reads are completed at the primary Writes are replicated to a quorum of secondaries

Single Logical Database

Multiple Physical Replicas

Replica 1

DB
Replica 2

Replica 3

16

Security Talk

Multiple Secondaries

Identity and Access Management

Active Directory On Premises

Other Providers

Use of Active Directory identities Integration with 3rd and groups through federation Single sign-on with party systems through Enables seamless access popular Internet identity WS-* and SAML 2.0 experience providers with other open standards WS-* and SAML corporate applications tied to AD

17

Security Talk

AppFabric Access Control 2.0

Provides rules-driven, claims-based authorization for:
Web applications REST Web services SOAP Web services

Key features
Broad identity provider support, including AD Federation Services v2 and popular Web identity providers (Live ID, Facebook, Google, Yahoo) WS-Trust and WS-Federation protocol support Full integration with Windows Identity Foundation (WIF) Configurable through new management web portal

18

Security Talk

Demo #1 AppFabric ACS

Windows Azure Management

Public REST interfaces Service Management and Diagnostics APIs Deployment and life cycle management Diagnostics and logging PowerShell Enable building of sophisticated deployment scripts System Center integration Remote Desktop interface

20

Security Talk

Windows Azure Management Security

Customers create Windows Azure subscription using Live ID credentials Hosted services and storage accounts managed through Live ID or a Service Management API over SSL with certificate-based mutual authentication Fabric controllers updates and manages the computer and storage nodes
Fabric controllers run on separate hardware than the compute or storage services Communication between Fabric controllers and managed nodes are authenticated and encrypted using SSL
Security Talk
21

Demo #2 Management Security

Data Center Security

World-Class Physical Security
24x7 secured access Electronically controlled access systems Video camera surveillance Motion sensors Security breach alarms

Industry Certifications
ISO/IEC 27001:2005 SAS 70 Type II

23

Security Talk

North Europe

North America
North Central US South Central US

West Europe

Europe

Asia
East Asia

South Asia

Microsoft complies with all applicable laws regarding cross-border data transfer including EU and US Safe Harbor requirements

24

Security Talk

Call to Action
1. Sign up and deploy your first app on Windows Azure Platform - http://bit.ly/tBavpE 2. Activate your Windows Azure benefit for MSDN Subscribers - http://bit.ly/qT0HW9

How to activate - http://bit.ly/r1ONwn

3. Download Windows Azure SDK and Tools http://bit.ly/odmOEy
Security Talk
25

4. Attend a 1-day Windows Azure Discovery Workshop on Nov 12. Email vincentleong@info-trek.com

Summary
Cloud Security Concerns Windows Azure Platform Security Model
Compute Services Storage Identity and Access Networking Management

Data Center Security and Data Location

Security Talk
26

References
Windows Azure Security Guidance http://bit.ly/uU2w5I ACS Samples and Documentation - http://bit.ly/rTX93K Microsoft Global Foundation Services (GFS) http://bit.ly/sfvoci GFS Infrastructure videos - http://bit.ly/rqhAEA Security Resources for Windows Azure http://bit.ly/rIulDp Real World Windows Azure Security http://bit.ly/uo6Mwo Windows Azure Training courses - http://bit.ly/uC8oYo

Thank You Q&A