This presentation is an introduction about Cloud Computing and Microsoft Windows Azure. Microsoft Public Cloud solution for Platform and Infrastructure layers.

1. Cloud Computing
#LiveinaCloudyWorld
Haddy El-Haggan
Microsoft Student Partner
Cloud Computing Expert

2. Overview
• What’s Cloud Computing?
• Differences between Cloud Computing and
other concepts
• The Power Of Cloud – Cloud Benefits
• Security On the Cloud
• Cloud Types
• File Storage & SQL Azure
• Roles

4. • History Brief
– Mainframe
– Grid Computing
– Client-Server
–Cloud Computing
What’s Cloud Computing?

6. Cloud Computing
• Cloud Computing is composed of several
layers:
– Infrastructure
– Platform
– Software

7. Packaged
Software
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
Youmanage
Infrastructure
(as a Service)
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
Managedbyvendor
Youmanage
Platform
(as a Service)
Managedbyvendor
Youmanage
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
Software
(as a Service)
Managedbyvendor
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data

8. Cloud Computing Layers
Each Layer is designed for a special category

9. CLOUD COMPUTING IS A CONCEPT NOT
A TECHNOLOGY

10. The Power of
Cloud

11. The Power of Cloud
• Availability
• Agility
• Maintenance
• Efficiency
• Scalability

12. The Power Of Cloud
• Cost
• Focus

13. Agility

14. ONE OF THE BIGGEST CONCERN IS
ALWAYS ABOUT THE SECURITY AND
HOW ARE MY DATA SECURE ON THE
CLOUD?

15. Platform
(as a Service)
Managedbyvendor
Youmanage
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data

16. Microsoft Cloud Solution Security
Overview
• Developers and users must know the
responsibilities the share with the Cloud
Provider
• These are the main layers of security for any
Cloud Provider:
– Human
– Data
– Application
– Host
– Network
– Physical

17. Microsoft Cloud Solution Security
Overview (Cont.)
• The “human” and “Data” layers are the users’
responsibility and how they manage their data
and its permissions (more information about the
data on Azure to be followed)
• The “Application Layer” depend on the developer
and the security used on it
• Authentication
• Input validation ….
• Recommend to develop using SDL (security
development lifecycle) designed for windows
Vista, Windows 7 and windows Azure

20. Microsoft Cloud Solution Security
Overview
• “Host” Layer, Windows Azure is hosted on
Windows Server 2008 Hyper-V
• Windows Azure doesn’t depend on Windows
Server 2008 hypervisor , it has its own
hypervisor where the roles and the VM are
hosted and isolated
• Host has 2 main jobs:
– Isolation (every role runs on its own VM)
– Hardening (regular Security Updates)

21. Microsoft Cloud Solution Security
Overview
• Some Firewall can be configured by the
service owner and some are controlled by the
fabric controller
• “Network” Layer, Windows Azure traffic
through several firewall
• Guest VM
• Host VM
• SQL Azure VM

23. THERE IS NO ENCRYPTION ON
WINDOWS AZURE

24. Data Security on Azure
• Windows Azure Compute and Windows Azure
Storage are 2 different things each of them is
hosted on different hardware resources
• In the Storage Architecture the top layer
validates, authenticates, and authorizes requests,
routing them to the partition layer and data layer
where the data exists
• Protect against Data Loss, there are always three
replicates of your data whatever happens

25. Data Security on Azure
• Isolation: all your data are isolated from the
others by 2 ways:
– Logically
– Physically
• Each type of storage has its own way of access
depending on the developer
• NO DATA ARE ACCESSIBLE BY THE PUBLIC
EXCEPT THE PUBLIC BLOB

26. Secure Networking
• Network Architecture:
– In Azure there are mainly 4 types of Nodes:
• Fabric Controller Node (Azure Kernel)
• Storage Node
• Compute Node
• Other infrastructure Node
– In the FC Networking there are 3 types of isolated
networks:
• Main VLAN (all untrusted customer nodes)
• FC VLAN (trusted FC networks)
• Device VLAN (contains trusted networks an other
infrastructure devices)

27. Secure Networking
• No communication is possible to be made
between the VLANs without passing through
several routers for preventing faking traffic
and eavesdropping on other traffic
• The communication is permitted from the FC
VLAN or the Device VLAN to the main VLAN
but not initiated from the main VLAN

28. Secure Networking
• Azure has the largest internet connections in the
industry
• It is unlikely that someone can cut azure out of
public by producing enough malicious traffic
• If your application on azure is attacked, azure will
create several compute instances to maintain
your application until the attack passes
• Microsoft is considering ways to identify
malicious traffic and block it as it enters the Azure
Fabric, but this sort of protection has not yet
been deployed.

29. Identity On Azure
• To gain access to your application on the Cloud you
have to pass few steps:
– Authentication
– Authorization
– Monitoring and logging (track users and log their
operations)
• Windows Azure support several identity technology
– Active Directory
– Open ID
– SQL Server
– WIF

30. Identity On Azure
• Windows Azure supports 2 types of identity in
the Cloud:
– Role based
– Claim Based
• Role based is using Username and password
• Claim based is using Token containing a
collection of Claims

31. Identity On Azure: Role based
authorization
• It can be used by SQL Azure, Azure Connect
and ASP.NET membership provider
• You only use the username and the password
and the rest are kept in the identity store
• Simple, easy to use and possible to implement
Domain join

32. Identity on Azure: Azure Connect
• Azure connect support domain join of
windows azure roles to on premises Active
Directory

33. Identity on Azure : Claim Based
• Claim is a piece of information
• Token is a collection of Claims and are signed
• Security Token Service map the credentials to the
token
• Application is provide with all the identity
information needed
• The management of the identity is not the
application responsibility
• Integration between several identity providers
• Less infrastructure code

35. Identity On Azure: AppFabric
Access Control
• Enable the developer of using claim based
authorization from enterprises like active
directory, SQL Server
• Also enable the usage of the other identity
provider like live ID, Facebook, Google and
Yahoo.

36. Types of Cloud
• Private
– Between certain users
• Public
– Accessible by everyone
• Hybrid
– Public/Private

37. Storage
• BLOB(Binary Large Object)
– Container
– Blob
– Block
• Table Storage
– Table
– Entities
– Partition Key
– Row Key
– Properties

38. Storage (cont.)
• Queue
• Drive
– Local resource
– String connection

39. Table Storage Vs. SQL Azure
Table Storage
• Is more scalable
• Semi Structured
• Less Expensive
SQL Azure
• Normal SQL running in
Microsoft Cloud
Environment
• Completely Structured
• Expensive

40. Roles
Web Role
• Run on the client Side
• Act as a normal ASP.NET
Worker Role
• Background process running
on datacenter
• Can run for hours
• Can communicate to Web
Role though a queue or
WCF

41. References
• Windows Azure Platform articles from the
trenches
• www.microsoft.com/windowsazure
• Cloud Cover Videos
• Windows Azure Platform V1 3—Chappel

42. Azure Community in Egypt
• Twitter: Azurecomeg
• Facebook:
www.facebook.com/Azure.Community.Egypt
• E-Mail: azureeg@hotmail.com

43. Contacts
• Twitter: @Hhaggan
• Email: hhaggan@hotmail.com
• Blog: http://hhaggan.wordpress.com/