SlideShare ist ein Scribd-Unternehmen logo
1 von 40
Global Azure Bootcamp 2018 - Azure Network Security
Scott Hoag
Principal Cloud Solutions Architect
Opsgility
@ciphertxt
https://psconfig.com
https://about.me/scotth
Cloud Security
Network Security
Cloud security is a shared responsibility
Securing and managing the cloud foundation
SHARED RESPONSIBILITYMICROSOFT’S COMMITMENT
Physical assets
Datacenter operations
Cloud infrastructure
Securing and managing your cloud resources
Virtual machines, networks
& services
Applications
Data
VARIES ACROSS IAAS, PAAS, SAAS
Protecting cloud workloads includes virtual
machines and more
Effective
workload
protection
strategies target
unique
requirements of
modern, hybrid
cloud
6
Key challenges for protecting workloads
Understand Cloud Data Types
Data at
Rest
Data in
Transit
Data in
Use
Data in
Production
Data not in
Production
information storage
objects, containers,
and types that exist
statically on
physical media, be
it magnetic or
optical disk.
When data is being
transferred between
components, locations or
programs, such as over
the network, across a
service bus (from on-
premises to cloud and
vice-versa
Information being acted
upon in some way by the
host or guest during a
process, such as real-
time database queries
running in active memory
(as opposed to a page file
sent out to disk),
Data in some form of
storage, e.g. Azure
SQL Database, and
compute processes
that need to access
that storage during
production
operations.
Data in some form of
storage, e.g. a Virtual
Hard Disk (VHD), but
that VHD is not in
production use. For
example, it may be
part of an upgrade
operation
Metadata and The Cloud
Cloud metadata as well as
standard file metadata
Tenant metadata may also include
the performance, configuration,
operations, and billing data that is
part of each cloud workload or
tenant account
Information can also include
security, log & performance
information
Network security
Security patterns for applications
& new announcements
Virtual Network integration for Azure
services
VNET Service Endpoints
Service Tags
Application Security Groups
DDoS Protection
Web Application Firewall
NSG Augmented Rules
NSG Data Plane Log Analytics
Virtual Appliances
Azure Networking Hyperscale
One of the largest networks in the world
Geographic Reach and
Internet Ecosystem
50+ Azure Regions
National Clouds
Backbone in 100+ iXP
8000+ sessions with ISPs
ExpressRoute in
48+ locations
Virtual
Networks
Security
Performance
Load
Balancing
Cross-
premises
connectivity
Software-
defined
WAN
Optical
networks
Long-haul
optical
network
Advanced
MPLS
services
Internet Exchange Provider
Moving workloads to Azure
On-Premises
✓ Same controls as on-premises
✓ Virtual Networks: Private isolation boundary
✓ Directly extend on-premises to Azure
Azure Virtual Network
Software-defined networking (SDN)
Physical
Transport
Plane
Control
Plane
App
Plane
Azure
Host (Switch)
Controller
Azure
Resource
Manager
Management
Plane
Control
Plane
Proprietary
Hardware
Appliance
Building secure applications with Scale and Agility
Commodity
Hardware
Tell & Program
Instead of Discover and react
Programmable, dynamic network
controls
Data Plane
Backend
Connectivity
ExpressRoute
VPN Gateways
Point-to-site for dev / test
VPN Gateways for secure site-to-site connectivity
ExpressRoute for private enterprise grade connectivity
Users
Internet
Public IP addresses
DDoS protection
ACLs for security
Load balancing
DNS services
Traffic management
Virtual Network
BackEndMid-tierFrontEnd
Security for Virtual
Network traffic
Security within Virtual Network
• Network Security Groups (NSGs) for Layer 3
and Layer 4 filtering
• Eases IP management for VNet firewall rules
• VIRTUAL_NETWORK tag includes IPs for:
• Virtual network
• All connected, peered networks
• On-premises
Azure Virtual Network
PEER
Global Azure Bootcamp 2018 - Azure Network Security
Security for Internet-
facing
applications
Securing Internet-facing applications
Azure DDoS Protection Standard
Basic Standard
➢ Automatic mitigation for attacks
➢ Advanced protection for your virtual networks
Improved Auditing & Metrics
Network Virtual Appliances
Integrated with Azure Marketplace
Consistency between on premises &
Azure
Audit/filter traffic to/from VNet
Re-direct traffic flow with custom routes
Security for access to Azure
services
Infrastructure Services
Platform Services
Accessing Azure services
Azure service IP addresses are
public IPs
Firewalls open to “Internet”
IPs reachable from anywhere.
Malicious insiders may exploit!
Azure Services
Public IPs
Firewall: Allow
“Internet” outbound
NSG: Allow “Internet” outbound
Access from
Anywhere!
On-premises
Virtual Network
Malicious Insider
Private connectivity for services: Critical for network security
✓ Services in your VNet, managed by
Azure!
✓ Private IPs for service resources
✓ On-premises through Site-to-Site or ER
private peering
Deploy Azure services into VNet
DEPLOY
Azure Portal :
Service workflow
ASE Subnet
Virtual Network
ILB
On-premises
Firewall- Outbound:
Allow Azure VNet
HDI Subnet
NSG
NSG
ILB
Azure
Services
HDInsight App Service Env Batch APIM RedisCache AD DS
VNet Service Endpoints
Directly extends your VNet to the service
Secure your critical Azure resources to only your VNet
Traffic remains on the Microsoft backbone
In Preview : Azure Storage, Azure SQL Database, SQL DW
Allow VNet A
AccountA
Azure Storage
Vnet A
Service Endpoints : Configuration
Simple-click setup on an Azure
subnet
No NAT or GW devices!
Network admins can set
independently
Securing Azure resources to VNets
Service Endpoints: Routes
VNet-to-Service traffic always stays
on the Microsoft network backbone
Effective routes: Shows as a “Default
route”
On-premises
VNet Service Endpoints : Deep-Dive
Private IP: 10.0.0.6
Public IP1
Subnet 1
Azure Storage
Source: VM private IP (10.0.0.6)
Storage Diagnostics
SrcIP: 10.0.0.6,
AcctA:GetBlob
SrcIP: 10.0.0.6,
AcctB:PutBlob
Endpoints:
• Carry VNet identity to the service
• Source IPs switch to private VNet IPs
Service IPs and DNS entries remain as-
is today
Enable service endpoint once. Secure
resources as and when you want.
VNet1
Access from on-premises
On-premises
Allow VNet A
Allow Onprem:
NATIPs
AccountAVNetA
ExpressRoute Public Peering
or the Internet
Internet
Service Tags in NSGs
Restrict network access to just the
Azure services you use.
Maintenance of IP addresses for
each tag provided by Azure
Support for global and regional
tags (varies by service)
Network Security Group (NSG)
Actio
n
Name Source Destination Port
Allow AllowStorage VirtualNetwork Storage Any
Allow AllowSQL VirtualNetwork Sql.EastUS Any
Deny DenyAllOutBound Any Any Any
Azure Services
Internet
Allow only Azure
service traffic
Deny Internet
outbound
Preview: Azure Storage, SQL, TrafficManager
Service Endpoints:
Filter service traffic with appliances
Subnet 1 NVA Subnet
Allow NVA Subnet
SERVICE ENDPOINT
Route: 0/0->NVA
Filter: Allow
myacct*.blob.core.win
dows.net
Stitching Azure services together
SERVICE ENDPOINT
DEPLOY
HDI Subnet
Allow HDI subnet Internet
HDI Service
Allow only
Azure storage
traffic
Services in a Virtual Network
Azure Storage
Azure SQL Database
Azure SQL Data Warehouse
SQL DB Managed Instance
Azure Active Directory Domain Services for ARM
Azure Batch for ARM
Azure App Service V2
Azure API Management
Azure Batch for ASM VNets
HDInsight
Azure App Service V1
RedisCache
Deploy into Virtual Network VNet Service Endpoints
Network Security Takeaways
Azure capabilities enable you to:
Build more secure, dynamic workloads
Better management of security controls
Better integration of your VNets with Azure services
Cloud Security
Network Security
#jaxcloud @jaxcloudug
http://jaxug.cloud https://jaxcloudug.azurewebsites.net

Weitere ähnliche Inhalte

Was ist angesagt?

Azure networking update 201908
Azure networking update 201908 Azure networking update 201908
Azure networking update 201908 Jay Kim
 
Azure Express Route
Azure Express RouteAzure Express Route
Azure Express RouteMustafa
 
Openstack - An introduction/Installation - Presented at Dr Dobb's conference...
 Openstack - An introduction/Installation - Presented at Dr Dobb's conference... Openstack - An introduction/Installation - Presented at Dr Dobb's conference...
Openstack - An introduction/Installation - Presented at Dr Dobb's conference...Rahul Krishna Upadhyaya
 
Digital transformation with Azure & Azure Stack
Digital transformation with Azure & Azure StackDigital transformation with Azure & Azure Stack
Digital transformation with Azure & Azure StackAymen Mami
 
OpenStack Introduction
OpenStack IntroductionOpenStack Introduction
OpenStack IntroductionJimi Chen
 
An Intrudction to OpenStack 2017
An Intrudction to OpenStack 2017An Intrudction to OpenStack 2017
An Intrudction to OpenStack 2017Haim Ateya
 
Introduction to OpenStack
Introduction to OpenStackIntroduction to OpenStack
Introduction to OpenStackEdureka!
 
Implement a disaster recovery solution for your on-prem SQL with Azure? Easy!
Implement a disaster recovery solution for your on-prem SQL with Azure? Easy!Implement a disaster recovery solution for your on-prem SQL with Azure? Easy!
Implement a disaster recovery solution for your on-prem SQL with Azure? Easy!Marco Obinu
 
Architecture of massively scalable, distributed systems - InfoShare 2015
Architecture of massively scalable, distributed systems - InfoShare 2015Architecture of massively scalable, distributed systems - InfoShare 2015
Architecture of massively scalable, distributed systems - InfoShare 2015Tomasz Zen Napierala
 
Azure Networking - The First Technical Challenge
Azure Networking  - The First Technical ChallengeAzure Networking  - The First Technical Challenge
Azure Networking - The First Technical ChallengeAidan Finn
 
Citrix Cloud XL - Running Ctirix in Public Cloud
Citrix Cloud XL - Running Ctirix in Public CloudCitrix Cloud XL - Running Ctirix in Public Cloud
Citrix Cloud XL - Running Ctirix in Public CloudMarius Sandbu
 
OpenStack Cloud Tutorial | What is OpenStack | OpenStack Tutorial | OpenStack...
OpenStack Cloud Tutorial | What is OpenStack | OpenStack Tutorial | OpenStack...OpenStack Cloud Tutorial | What is OpenStack | OpenStack Tutorial | OpenStack...
OpenStack Cloud Tutorial | What is OpenStack | OpenStack Tutorial | OpenStack...Edureka!
 
Upcoming services in OpenStack
Upcoming services in OpenStackUpcoming services in OpenStack
Upcoming services in OpenStackCisco DevNet
 
Cloud Camp: Infrastructure as a service advance workloads
Cloud Camp: Infrastructure as a service advance workloadsCloud Camp: Infrastructure as a service advance workloads
Cloud Camp: Infrastructure as a service advance workloadsAsaf Nakash
 
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...Amazon Web Services
 
Mastering OpenStack - Episode 06 - Controller Nodes
Mastering OpenStack - Episode 06 - Controller NodesMastering OpenStack - Episode 06 - Controller Nodes
Mastering OpenStack - Episode 06 - Controller NodesRoozbeh Shafiee
 
Secure Hadoop clusters on Windows platform
Secure Hadoop clusters on Windows platformSecure Hadoop clusters on Windows platform
Secure Hadoop clusters on Windows platformRemus Rusanu
 
OpenStack- A ringside view of Services and Architecture
OpenStack- A ringside view of Services and ArchitectureOpenStack- A ringside view of Services and Architecture
OpenStack- A ringside view of Services and ArchitectureRitesh Somani
 

Was ist angesagt? (20)

Azure networking update 201908
Azure networking update 201908 Azure networking update 201908
Azure networking update 201908
 
Azure Express Route
Azure Express RouteAzure Express Route
Azure Express Route
 
Openstack - An introduction/Installation - Presented at Dr Dobb's conference...
 Openstack - An introduction/Installation - Presented at Dr Dobb's conference... Openstack - An introduction/Installation - Presented at Dr Dobb's conference...
Openstack - An introduction/Installation - Presented at Dr Dobb's conference...
 
Azure WAF
Azure WAFAzure WAF
Azure WAF
 
Digital transformation with Azure & Azure Stack
Digital transformation with Azure & Azure StackDigital transformation with Azure & Azure Stack
Digital transformation with Azure & Azure Stack
 
OpenStack Introduction
OpenStack IntroductionOpenStack Introduction
OpenStack Introduction
 
An Intrudction to OpenStack 2017
An Intrudction to OpenStack 2017An Intrudction to OpenStack 2017
An Intrudction to OpenStack 2017
 
Introduction to OpenStack
Introduction to OpenStackIntroduction to OpenStack
Introduction to OpenStack
 
SRV408 Deep Dive on AWS IoT
SRV408 Deep Dive on AWS IoTSRV408 Deep Dive on AWS IoT
SRV408 Deep Dive on AWS IoT
 
Implement a disaster recovery solution for your on-prem SQL with Azure? Easy!
Implement a disaster recovery solution for your on-prem SQL with Azure? Easy!Implement a disaster recovery solution for your on-prem SQL with Azure? Easy!
Implement a disaster recovery solution for your on-prem SQL with Azure? Easy!
 
Architecture of massively scalable, distributed systems - InfoShare 2015
Architecture of massively scalable, distributed systems - InfoShare 2015Architecture of massively scalable, distributed systems - InfoShare 2015
Architecture of massively scalable, distributed systems - InfoShare 2015
 
Azure Networking - The First Technical Challenge
Azure Networking  - The First Technical ChallengeAzure Networking  - The First Technical Challenge
Azure Networking - The First Technical Challenge
 
Citrix Cloud XL - Running Ctirix in Public Cloud
Citrix Cloud XL - Running Ctirix in Public CloudCitrix Cloud XL - Running Ctirix in Public Cloud
Citrix Cloud XL - Running Ctirix in Public Cloud
 
OpenStack Cloud Tutorial | What is OpenStack | OpenStack Tutorial | OpenStack...
OpenStack Cloud Tutorial | What is OpenStack | OpenStack Tutorial | OpenStack...OpenStack Cloud Tutorial | What is OpenStack | OpenStack Tutorial | OpenStack...
OpenStack Cloud Tutorial | What is OpenStack | OpenStack Tutorial | OpenStack...
 
Upcoming services in OpenStack
Upcoming services in OpenStackUpcoming services in OpenStack
Upcoming services in OpenStack
 
Cloud Camp: Infrastructure as a service advance workloads
Cloud Camp: Infrastructure as a service advance workloadsCloud Camp: Infrastructure as a service advance workloads
Cloud Camp: Infrastructure as a service advance workloads
 
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
 
Mastering OpenStack - Episode 06 - Controller Nodes
Mastering OpenStack - Episode 06 - Controller NodesMastering OpenStack - Episode 06 - Controller Nodes
Mastering OpenStack - Episode 06 - Controller Nodes
 
Secure Hadoop clusters on Windows platform
Secure Hadoop clusters on Windows platformSecure Hadoop clusters on Windows platform
Secure Hadoop clusters on Windows platform
 
OpenStack- A ringside view of Services and Architecture
OpenStack- A ringside view of Services and ArchitectureOpenStack- A ringside view of Services and Architecture
OpenStack- A ringside view of Services and Architecture
 

Ähnlich wie Global Azure Bootcamp 2018 - Azure Network Security

Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureConnect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureK.Mohamed Faizal
 
Building Intelligent Cloud with Microsoft Azure
Building Intelligent Cloud with Microsoft AzureBuilding Intelligent Cloud with Microsoft Azure
Building Intelligent Cloud with Microsoft AzureWinWire Technologies Inc
 
The Basics of Getting Started With Microsoft Azure
The Basics of Getting Started With Microsoft AzureThe Basics of Getting Started With Microsoft Azure
The Basics of Getting Started With Microsoft AzureMicrosoft Azure
 
Brk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azureBrk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azureAbou CONDE
 
Wisconsin .NET UG - Windows Azure
Wisconsin .NET UG - Windows AzureWisconsin .NET UG - Windows Azure
Wisconsin .NET UG - Windows AzureWade Wegner
 
6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure6 Ways to Get More From Your Azure
6 Ways to Get More From Your AzureHolly Plude
 
Latest Microsoft Azure Solutions and Announcements - Presented by atidan june...
Latest Microsoft Azure Solutions and Announcements - Presented by atidan june...Latest Microsoft Azure Solutions and Announcements - Presented by atidan june...
Latest Microsoft Azure Solutions and Announcements - Presented by atidan june...David J Rosenthal
 
Azure en Nutanix: your journey to the hybrid cloud
Azure en Nutanix: your journey to the hybrid cloudAzure en Nutanix: your journey to the hybrid cloud
Azure en Nutanix: your journey to the hybrid cloudICT-Partners
 
CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best PracticesCCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practiceswalk2talk srl
 
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanO365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanNCCOMMS
 
[OpenStack Days Korea 2016] Track2 - 가상화 네트워크와 클라우드간 협업
[OpenStack Days Korea 2016] Track2 - 가상화 네트워크와 클라우드간 협업[OpenStack Days Korea 2016] Track2 - 가상화 네트워크와 클라우드간 협업
[OpenStack Days Korea 2016] Track2 - 가상화 네트워크와 클라우드간 협업OpenStack Korea Community
 
Secure SDN
Secure SDNSecure SDN
Secure SDNAPNIC
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft CloudEuropean Collaboration Summit
 
Hybridní cloud s F5 v prostředí kontejnerů
Hybridní cloud s F5 v prostředí kontejnerůHybridní cloud s F5 v prostředí kontejnerů
Hybridní cloud s F5 v prostředí kontejnerůMarketingArrowECS_CZ
 

Ähnlich wie Global Azure Bootcamp 2018 - Azure Network Security (20)

Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureConnect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft Azure
 
Building Intelligent Cloud with Microsoft Azure
Building Intelligent Cloud with Microsoft AzureBuilding Intelligent Cloud with Microsoft Azure
Building Intelligent Cloud with Microsoft Azure
 
The Basics of Getting Started With Microsoft Azure
The Basics of Getting Started With Microsoft AzureThe Basics of Getting Started With Microsoft Azure
The Basics of Getting Started With Microsoft Azure
 
Brk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azureBrk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azure
 
Wisconsin .NET UG - Windows Azure
Wisconsin .NET UG - Windows AzureWisconsin .NET UG - Windows Azure
Wisconsin .NET UG - Windows Azure
 
6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure
 
6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure
 
6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure6 Ways to Get More From Your Azure
6 Ways to Get More From Your Azure
 
Latest Microsoft Azure Solutions and Announcements - Presented by atidan june...
Latest Microsoft Azure Solutions and Announcements - Presented by atidan june...Latest Microsoft Azure Solutions and Announcements - Presented by atidan june...
Latest Microsoft Azure Solutions and Announcements - Presented by atidan june...
 
Azure bootcamp (1)
Azure bootcamp (1)Azure bootcamp (1)
Azure bootcamp (1)
 
cc.pptx
cc.pptxcc.pptx
cc.pptx
 
Azure en Nutanix: your journey to the hybrid cloud
Azure en Nutanix: your journey to the hybrid cloudAzure en Nutanix: your journey to the hybrid cloud
Azure en Nutanix: your journey to the hybrid cloud
 
CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best PracticesCCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practices
 
10052016115136.pptx
10052016115136.pptx10052016115136.pptx
10052016115136.pptx
 
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanO365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
 
[OpenStack Days Korea 2016] Track2 - 가상화 네트워크와 클라우드간 협업
[OpenStack Days Korea 2016] Track2 - 가상화 네트워크와 클라우드간 협업[OpenStack Days Korea 2016] Track2 - 가상화 네트워크와 클라우드간 협업
[OpenStack Days Korea 2016] Track2 - 가상화 네트워크와 클라우드간 협업
 
AWS Lunch and Learn - Security
AWS Lunch and Learn - SecurityAWS Lunch and Learn - Security
AWS Lunch and Learn - Security
 
Secure SDN
Secure SDNSecure SDN
Secure SDN
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
 
Hybridní cloud s F5 v prostředí kontejnerů
Hybridní cloud s F5 v prostředí kontejnerůHybridní cloud s F5 v prostředí kontejnerů
Hybridní cloud s F5 v prostředí kontejnerů
 

Mehr von Scott Hoag

SharePoint Conference 2018 - Understanding Office 365 Usage Reporting
SharePoint Conference 2018 - Understanding Office 365 Usage ReportingSharePoint Conference 2018 - Understanding Office 365 Usage Reporting
SharePoint Conference 2018 - Understanding Office 365 Usage ReportingScott Hoag
 
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...Scott Hoag
 
Global Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterGlobal Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterScott Hoag
 
SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...
SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...
SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...Scott Hoag
 
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365Scott Hoag
 
JAXSPUG April 2016 - Staying in the Know with Office 365
JAXSPUG April 2016 - Staying in the Know with Office 365JAXSPUG April 2016 - Staying in the Know with Office 365
JAXSPUG April 2016 - Staying in the Know with Office 365Scott Hoag
 
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365Scott Hoag
 
SPSDC - To the Cloud! Using IaaS as a Hosting Provider for SharePoint
SPSDC - To the Cloud! Using IaaS as a Hosting Provider for SharePointSPSDC - To the Cloud! Using IaaS as a Hosting Provider for SharePoint
SPSDC - To the Cloud! Using IaaS as a Hosting Provider for SharePointScott Hoag
 
SPSNYC SharePoint Worst Practices
SPSNYC SharePoint Worst PracticesSPSNYC SharePoint Worst Practices
SPSNYC SharePoint Worst PracticesScott Hoag
 
March Sydney Office 365 Meetup - Office 365 and Hybrid Solutions... what work...
March Sydney Office 365 Meetup - Office 365 and Hybrid Solutions... what work...March Sydney Office 365 Meetup - Office 365 and Hybrid Solutions... what work...
March Sydney Office 365 Meetup - Office 365 and Hybrid Solutions... what work...Scott Hoag
 
SYDSP - Office 365 and Cloud Identity - What does it mean for me?
SYDSP  - Office 365 and Cloud Identity - What does it mean for me?SYDSP  - Office 365 and Cloud Identity - What does it mean for me?
SYDSP - Office 365 and Cloud Identity - What does it mean for me?Scott Hoag
 
SPSVB - Office 365 and Hybrid Solutions... what works for my organization?
SPSVB - Office 365 and Hybrid Solutions... what works for my organization?SPSVB - Office 365 and Hybrid Solutions... what works for my organization?
SPSVB - Office 365 and Hybrid Solutions... what works for my organization?Scott Hoag
 
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?Scott Hoag
 
SPSVB - To the Cloud! Using IaaS as a Hosting Provider for SharePoint
SPSVB - To the Cloud! Using IaaS as a Hosting Provider for SharePointSPSVB - To the Cloud! Using IaaS as a Hosting Provider for SharePoint
SPSVB - To the Cloud! Using IaaS as a Hosting Provider for SharePointScott Hoag
 
SPS Sydney - To the Cloud! Utilising Azure as a Cloud Hosting Provider for Sh...
SPS Sydney - To the Cloud! Utilising Azure as a Cloud Hosting Provider for Sh...SPS Sydney - To the Cloud! Utilising Azure as a Cloud Hosting Provider for Sh...
SPS Sydney - To the Cloud! Utilising Azure as a Cloud Hosting Provider for Sh...Scott Hoag
 
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?Scott Hoag
 
SPSCBR - Pitfalls of Migrating to SharePoint 2013
SPSCBR - Pitfalls of Migrating to SharePoint 2013SPSCBR - Pitfalls of Migrating to SharePoint 2013
SPSCBR - Pitfalls of Migrating to SharePoint 2013Scott Hoag
 
Office 365 and Cloud Identity – What Does It Mean For Me?
Office 365 and Cloud Identity – What Does It Mean For Me?Office 365 and Cloud Identity – What Does It Mean For Me?
Office 365 and Cloud Identity – What Does It Mean For Me?Scott Hoag
 
Canberra SPUG - February 2014 - Pitfalls of Migrating to SharePoint 2013
Canberra SPUG - February 2014 - Pitfalls of Migrating to SharePoint 2013Canberra SPUG - February 2014 - Pitfalls of Migrating to SharePoint 2013
Canberra SPUG - February 2014 - Pitfalls of Migrating to SharePoint 2013Scott Hoag
 
Sydney SPUG - February 2014 - Pitfalls of Migrating to SharePoint 2013
Sydney SPUG - February 2014 - Pitfalls of Migrating to SharePoint 2013 Sydney SPUG - February 2014 - Pitfalls of Migrating to SharePoint 2013
Sydney SPUG - February 2014 - Pitfalls of Migrating to SharePoint 2013 Scott Hoag
 

Mehr von Scott Hoag (20)

SharePoint Conference 2018 - Understanding Office 365 Usage Reporting
SharePoint Conference 2018 - Understanding Office 365 Usage ReportingSharePoint Conference 2018 - Understanding Office 365 Usage Reporting
SharePoint Conference 2018 - Understanding Office 365 Usage Reporting
 
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
 
Global Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterGlobal Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security Center
 
SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...
SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...
SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...
 
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
 
JAXSPUG April 2016 - Staying in the Know with Office 365
JAXSPUG April 2016 - Staying in the Know with Office 365JAXSPUG April 2016 - Staying in the Know with Office 365
JAXSPUG April 2016 - Staying in the Know with Office 365
 
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
 
SPSDC - To the Cloud! Using IaaS as a Hosting Provider for SharePoint
SPSDC - To the Cloud! Using IaaS as a Hosting Provider for SharePointSPSDC - To the Cloud! Using IaaS as a Hosting Provider for SharePoint
SPSDC - To the Cloud! Using IaaS as a Hosting Provider for SharePoint
 
SPSNYC SharePoint Worst Practices
SPSNYC SharePoint Worst PracticesSPSNYC SharePoint Worst Practices
SPSNYC SharePoint Worst Practices
 
March Sydney Office 365 Meetup - Office 365 and Hybrid Solutions... what work...
March Sydney Office 365 Meetup - Office 365 and Hybrid Solutions... what work...March Sydney Office 365 Meetup - Office 365 and Hybrid Solutions... what work...
March Sydney Office 365 Meetup - Office 365 and Hybrid Solutions... what work...
 
SYDSP - Office 365 and Cloud Identity - What does it mean for me?
SYDSP  - Office 365 and Cloud Identity - What does it mean for me?SYDSP  - Office 365 and Cloud Identity - What does it mean for me?
SYDSP - Office 365 and Cloud Identity - What does it mean for me?
 
SPSVB - Office 365 and Hybrid Solutions... what works for my organization?
SPSVB - Office 365 and Hybrid Solutions... what works for my organization?SPSVB - Office 365 and Hybrid Solutions... what works for my organization?
SPSVB - Office 365 and Hybrid Solutions... what works for my organization?
 
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
 
SPSVB - To the Cloud! Using IaaS as a Hosting Provider for SharePoint
SPSVB - To the Cloud! Using IaaS as a Hosting Provider for SharePointSPSVB - To the Cloud! Using IaaS as a Hosting Provider for SharePoint
SPSVB - To the Cloud! Using IaaS as a Hosting Provider for SharePoint
 
SPS Sydney - To the Cloud! Utilising Azure as a Cloud Hosting Provider for Sh...
SPS Sydney - To the Cloud! Utilising Azure as a Cloud Hosting Provider for Sh...SPS Sydney - To the Cloud! Utilising Azure as a Cloud Hosting Provider for Sh...
SPS Sydney - To the Cloud! Utilising Azure as a Cloud Hosting Provider for Sh...
 
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
 
SPSCBR - Pitfalls of Migrating to SharePoint 2013
SPSCBR - Pitfalls of Migrating to SharePoint 2013SPSCBR - Pitfalls of Migrating to SharePoint 2013
SPSCBR - Pitfalls of Migrating to SharePoint 2013
 
Office 365 and Cloud Identity – What Does It Mean For Me?
Office 365 and Cloud Identity – What Does It Mean For Me?Office 365 and Cloud Identity – What Does It Mean For Me?
Office 365 and Cloud Identity – What Does It Mean For Me?
 
Canberra SPUG - February 2014 - Pitfalls of Migrating to SharePoint 2013
Canberra SPUG - February 2014 - Pitfalls of Migrating to SharePoint 2013Canberra SPUG - February 2014 - Pitfalls of Migrating to SharePoint 2013
Canberra SPUG - February 2014 - Pitfalls of Migrating to SharePoint 2013
 
Sydney SPUG - February 2014 - Pitfalls of Migrating to SharePoint 2013
Sydney SPUG - February 2014 - Pitfalls of Migrating to SharePoint 2013 Sydney SPUG - February 2014 - Pitfalls of Migrating to SharePoint 2013
Sydney SPUG - February 2014 - Pitfalls of Migrating to SharePoint 2013
 

Kürzlich hochgeladen

9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 

Kürzlich hochgeladen (20)

9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 

Global Azure Bootcamp 2018 - Azure Network Security

  • 2. Scott Hoag Principal Cloud Solutions Architect Opsgility @ciphertxt https://psconfig.com https://about.me/scotth
  • 4. Cloud security is a shared responsibility Securing and managing the cloud foundation SHARED RESPONSIBILITYMICROSOFT’S COMMITMENT Physical assets Datacenter operations Cloud infrastructure Securing and managing your cloud resources Virtual machines, networks & services Applications Data VARIES ACROSS IAAS, PAAS, SAAS
  • 5. Protecting cloud workloads includes virtual machines and more
  • 7. Key challenges for protecting workloads
  • 8. Understand Cloud Data Types Data at Rest Data in Transit Data in Use Data in Production Data not in Production information storage objects, containers, and types that exist statically on physical media, be it magnetic or optical disk. When data is being transferred between components, locations or programs, such as over the network, across a service bus (from on- premises to cloud and vice-versa Information being acted upon in some way by the host or guest during a process, such as real- time database queries running in active memory (as opposed to a page file sent out to disk), Data in some form of storage, e.g. Azure SQL Database, and compute processes that need to access that storage during production operations. Data in some form of storage, e.g. a Virtual Hard Disk (VHD), but that VHD is not in production use. For example, it may be part of an upgrade operation
  • 9. Metadata and The Cloud Cloud metadata as well as standard file metadata Tenant metadata may also include the performance, configuration, operations, and billing data that is part of each cloud workload or tenant account Information can also include security, log & performance information
  • 11. Security patterns for applications & new announcements Virtual Network integration for Azure services VNET Service Endpoints Service Tags Application Security Groups DDoS Protection Web Application Firewall NSG Augmented Rules NSG Data Plane Log Analytics Virtual Appliances
  • 12. Azure Networking Hyperscale One of the largest networks in the world Geographic Reach and Internet Ecosystem 50+ Azure Regions National Clouds Backbone in 100+ iXP 8000+ sessions with ISPs ExpressRoute in 48+ locations Virtual Networks Security Performance Load Balancing Cross- premises connectivity Software- defined WAN Optical networks Long-haul optical network Advanced MPLS services Internet Exchange Provider
  • 13. Moving workloads to Azure On-Premises ✓ Same controls as on-premises ✓ Virtual Networks: Private isolation boundary ✓ Directly extend on-premises to Azure Azure Virtual Network
  • 14. Software-defined networking (SDN) Physical Transport Plane Control Plane App Plane Azure Host (Switch) Controller Azure Resource Manager Management Plane Control Plane Proprietary Hardware Appliance Building secure applications with Scale and Agility Commodity Hardware Tell & Program Instead of Discover and react Programmable, dynamic network controls Data Plane
  • 15. Backend Connectivity ExpressRoute VPN Gateways Point-to-site for dev / test VPN Gateways for secure site-to-site connectivity ExpressRoute for private enterprise grade connectivity Users Internet Public IP addresses DDoS protection ACLs for security Load balancing DNS services Traffic management Virtual Network BackEndMid-tierFrontEnd
  • 17. Security within Virtual Network • Network Security Groups (NSGs) for Layer 3 and Layer 4 filtering • Eases IP management for VNet firewall rules • VIRTUAL_NETWORK tag includes IPs for: • Virtual network • All connected, peered networks • On-premises Azure Virtual Network PEER
  • 21. Azure DDoS Protection Standard Basic Standard ➢ Automatic mitigation for attacks ➢ Advanced protection for your virtual networks
  • 23. Network Virtual Appliances Integrated with Azure Marketplace Consistency between on premises & Azure Audit/filter traffic to/from VNet Re-direct traffic flow with custom routes
  • 24. Security for access to Azure services
  • 26. Accessing Azure services Azure service IP addresses are public IPs Firewalls open to “Internet” IPs reachable from anywhere. Malicious insiders may exploit! Azure Services Public IPs Firewall: Allow “Internet” outbound NSG: Allow “Internet” outbound Access from Anywhere! On-premises Virtual Network Malicious Insider Private connectivity for services: Critical for network security
  • 27. ✓ Services in your VNet, managed by Azure! ✓ Private IPs for service resources ✓ On-premises through Site-to-Site or ER private peering Deploy Azure services into VNet DEPLOY Azure Portal : Service workflow ASE Subnet Virtual Network ILB On-premises Firewall- Outbound: Allow Azure VNet HDI Subnet NSG NSG ILB Azure Services HDInsight App Service Env Batch APIM RedisCache AD DS
  • 28. VNet Service Endpoints Directly extends your VNet to the service Secure your critical Azure resources to only your VNet Traffic remains on the Microsoft backbone In Preview : Azure Storage, Azure SQL Database, SQL DW Allow VNet A AccountA Azure Storage Vnet A
  • 29. Service Endpoints : Configuration Simple-click setup on an Azure subnet No NAT or GW devices! Network admins can set independently
  • 31. Service Endpoints: Routes VNet-to-Service traffic always stays on the Microsoft network backbone Effective routes: Shows as a “Default route” On-premises
  • 32. VNet Service Endpoints : Deep-Dive Private IP: 10.0.0.6 Public IP1 Subnet 1 Azure Storage Source: VM private IP (10.0.0.6) Storage Diagnostics SrcIP: 10.0.0.6, AcctA:GetBlob SrcIP: 10.0.0.6, AcctB:PutBlob Endpoints: • Carry VNet identity to the service • Source IPs switch to private VNet IPs Service IPs and DNS entries remain as- is today Enable service endpoint once. Secure resources as and when you want. VNet1
  • 33. Access from on-premises On-premises Allow VNet A Allow Onprem: NATIPs AccountAVNetA ExpressRoute Public Peering or the Internet Internet
  • 34. Service Tags in NSGs Restrict network access to just the Azure services you use. Maintenance of IP addresses for each tag provided by Azure Support for global and regional tags (varies by service) Network Security Group (NSG) Actio n Name Source Destination Port Allow AllowStorage VirtualNetwork Storage Any Allow AllowSQL VirtualNetwork Sql.EastUS Any Deny DenyAllOutBound Any Any Any Azure Services Internet Allow only Azure service traffic Deny Internet outbound Preview: Azure Storage, SQL, TrafficManager
  • 35. Service Endpoints: Filter service traffic with appliances Subnet 1 NVA Subnet Allow NVA Subnet SERVICE ENDPOINT Route: 0/0->NVA Filter: Allow myacct*.blob.core.win dows.net
  • 36. Stitching Azure services together SERVICE ENDPOINT DEPLOY HDI Subnet Allow HDI subnet Internet HDI Service Allow only Azure storage traffic
  • 37. Services in a Virtual Network Azure Storage Azure SQL Database Azure SQL Data Warehouse SQL DB Managed Instance Azure Active Directory Domain Services for ARM Azure Batch for ARM Azure App Service V2 Azure API Management Azure Batch for ASM VNets HDInsight Azure App Service V1 RedisCache Deploy into Virtual Network VNet Service Endpoints
  • 38. Network Security Takeaways Azure capabilities enable you to: Build more secure, dynamic workloads Better management of security controls Better integration of your VNets with Azure services