Sunilyadav's Blog

Security is one of the biggest concerns in the Windows azure.
There are many ways to secure our data in the cloud azure:

1. Access Control Service for securing access to your Azure solutions through a claims-based identity model.

2. Windows azure applications are deployed in Microsoft Data center which gets all the security benefits provided by Microsoft.

3. Authentication and authorization can be implemented by using the ASP.NET membership and role provider or by Access Control Service (ACS), which is part of .NET Services. All the .net security features are applied to windows azure.

4. Using Claim based authentication (Windows Identity Foundation).

Applications determine whether a user is allowed access based on Security Assertion Markup Language (SAML) tokens that are created by the Security Token Service (STS) and contain information about the user. The STS provides a digital signature for each token. Applications have lists of digital certificates for the STSs it trusts. Trust relationships can be created between a trusted STS and an STS that issues a token to provide for identity federation. The Access Control Service is an STS that runs in the cloud. This STS validates the signature on the SAML token that is sent by the client application (such as a web browser) and creates and signs a new token for the client application to present to the cloud application.

5. Sql Azure Security:

Security in SQL Azure is much like security for an on-site SQL Server, so SQL administrators will find security management at the database level to be a familiar task. Server-level administration is a bit different because the databases may span more than one physical system.
SQL Azure provides same level of security that is applicable to SQL Server. All the SQL Azure related security settings are stored in the master database.
Sql azure also provides firewall mechanism that can be used to allow or deny connections to sql azure. To interact with sql azure we need to specify IP ranges that will be used to connect.
You cannot interact with sql azure without any certificate and encryption method which helps in secure transmission of data.

6. Operating System Versioning in Windows Azure:

Operating system versioning is the new feature included in the windows azure services where in customers can choose when their applications receive new operating system updates and patches by selecting which version of the operating system their applications will run on in Windows Azure. Right now there is only one available operating system version (released on December 17th, 2009), but new builds with the latest updates and patches will be released regularly. This new feature allows developers to test their applications when new patches come out before upgrading their production deployments.
Azure is running on Windows Server 2008 and has a custom very-tightly-locked-down web configuration. The server is behind firewalls and load balancers and is running in a highly automated virtualization environment.

Refrerences:

http://www.windowsecurity.com/articles/Microsoft-Azure-Security-Cloud.html

http://blogs.credera.com/2009/12/30/windows-azure-security/

http://www.microsoft.com/windowsazure/resources/

Windows azure is an operating system in the cloud. It is design for utility computing. It provides same features that a desktop computer provides but on a set of connected server storing data on servers in Microsoft data centers. Windows azure runs your application in scale, reliable, available and fault tolerance manner. Microsoft has awesome datacenter so no need to worry about the following as it will be handled by windows azure.

• Buying, configuring hardware
• Buying, configuring software
• Backup and recovery
• Load balancing
• OS
• Patching
• Server acquisition
• Network
• Routers
• Disk drive failure
• Application Deployment
• Capacity Planning

Also managing the above listed thing will be quite expensive. Windows azure lets you focus on application logic.
In windows azure you have many virtual instances of window running your application known as “Fabric Controller”.
Fabric controller detects failure on an application and automatically starts the new instance of an application. It allows applications to run under zero down time.
When we deploy azure application in the cloud azure the fabric controller automatically manages all the instances of application that are running. Application Fabric automatically provisions web or worker role to the application instances. All configurations that are required to run application in cloud azure are handling by Fabric Controller.

Windows azure has storage which stores data in the cloud. It has the following services which are independently accessible and scalable. The azure storage is managed by Microsoft so you can rely on Microsoft for fault tolerance and high availability.

• Blobs – provide a simple interface for storing large files along with metadata for the file. Windows Azure Blob allows us to store large objects, up to 50GB each in the cloud.
• Tables – provide structured storage for maintaining service state. A table is a set of entities, which contain a set of properties. It supports massively scalable tables in the cloud, which can contain billions of entities and terabytes of data. The system will efficiently scale out by automatically scaling to thousands of servers as traffic grows.
• Queues – provide reliable way for service communication. Windows Azure Queue provides a reliable message delivery mechanism. It provides a simple and asynchronous work dispatch mechanism, which can be used to connect different components of a cloud application. The Windows Azure Queues are highly available, durable and performance efficient.