1 / 19

windows azure app fab security

windows azure app fab security. steve plank “ planky ” architectural evangelist, microsoft uk splank@microsoft.com http:// blogs.msdn.com / plankytroni xx. agenda. a ccess control service and adfs 2.0 w indows azure connect domain-joining a windows azure instance.

jelani-holloway
Download Presentation

windows azure app fab security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. windows azure app fab security steve plank “planky” architectural evangelist, microsoftuk splank@microsoft.com http://blogs.msdn.com/plankytronixx

  2. agenda • access control service and adfs 2.0 • windows azure connect • domain-joining a windows azure instance

  3. connecting to the outside world google appfabriclabs ctp available now yahoo Username: live id Password: facebook acs OK Cancel adfs2 ad

  4. tick box ipconfig

  5. security token service • service that issues tokens • give it something • user-id/password • x.509 cert • another security token • get a security token back • saml • swt • “cookie” • custom “something” security token

  6. claims transformation email email fred@abc.com fred@abc.com title title buyer purchaser dept dept engineering engineering sts tel no. tel no. 01234 567 890 +441234 567 890 £limit £5m if title == “buyer” AND department == “engineering”: purchaselimit = “£5m” if title == “buyer” AND department == “stationary”: purchaselimit = “£50”

  7. roles • claims store: stores claims: • email, firstname, telno, etc… active directory • identity provider (ip): authenticate, issues tokens • user-id/pww, x.509, smartcard…. adfs2, acs • federation provider (fp): • token in; token out. claims transformation… acs • relying party (rp): • app that consumes tokens • trust: • links rp-ip, fp-ip etc.

  8. acs/adfsauthentication flow plankytronixx.com windows azure ad dc app fab acs adfs 2 federation trust trust ctrl-alt-del wif web app

  9. for more info • http://blogs.msdn.com/b/plankytronixx/archive/2011/01/11/video-how-windows-azure-app-fab-acs-and-adfs-2-0-work-together.aspx • http://blogs.msdn.com/b/plankytronixx/archive/2010/11/05/primer-federated-identity-in-a-nutshell.aspx

  10. agenda • access control service and adfs 2.0 • windows azure connect • domain-joining a windows azure instance

  11. what is it? standard protocols: • SSL, IPSec Example use cases: • azure app & on-premise sql server • domain-joined azure instances • remote admin & troubleshooting simple setup windows azure 0 1 on-premise

  12. availability • ctp – now • sign-up http://windows.azure.com • components: • subscription (portal) • 1.4 sdk (download) • agents (download (from portal)) • release in h1 2011 • support for vpn devices in future

  13. virtual network windows azure firewall: outbound port 443 (ssl) connect agents windows azure 0 ssl tunnel relay service 1 on-premise IPv6, IPsec, point-to-point connection point-to-point connections determined by network policy: windows azure portal

  14. grouping role3 role1 role2 group a group b group c

  15. a quick word about remote desktop windows azure windows azure • portal rdp goes via the internet • on-premise to windows azure role goes direct on-premise portal

  16. for more info • http://blogs.msdn.com/b/plankytronixx/archive/2010/11/09/azure-connect-connecting-your-on-premise-and-windows-azure-networks-together.aspx • http://blogs.msdn.com/b/plankytronixx/archive/2011/01/10/video-presentation-windows-azure-connect-from-scratch.aspx

  17. agenda • access control service and adfs 2.0 • windows azure connect • domain-joining a windows azure instance

  18. domain-joining an instance • required info: • domain-name • ou • local admin accts • creds with permissions for domain-join corporate AD web /worker/vm role .cscfg on-premise domain controller/dns

  19. agenda • access control service and adfs 2.0 • windows azure connect • domain-joining a windows azure instance • blogs.msdn.com/plankytronixx

More Related