1 / 27

Microsoft Private Cloud Security

BETA!. SEC305. Principal Knowledge Engineer/Principal Writer. Microsoft – SCD iX Solutions Group Private Cloud Architecture - Security. Microsoft Private Cloud Security . Dr. Thomas W Shinder. Agenda. Building a secure private cloud on Microsoft technologies

lihua
Download Presentation

Microsoft Private Cloud Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. BETA! SEC305 Principal Knowledge Engineer/Principal Writer Microsoft – SCD iX Solutions GroupPrivate Cloud Architecture - Security Microsoft Private Cloud Security Dr. Thomas W Shinder

  2. Agenda • Building a secure private cloud on Microsoft technologies • Private cloud security concerns • Security & compliance in a Microsoft private cloud

  3. NIST Cloud Definition Deployment Models Hybrid Clouds Service Models Private Cloud Community Cloud Public Cloud Essential Characteristics Infrastructure as a Service (IaaS) Platform as a Service (PaaS) Software as a Service (SaaS) Massive Scale Resilient Computing On Demand Self-Service Homogeneity Geographic Distribution Common Characteristics Broad Network Access Rapid Elasticity Virtualization Service Orientation Resource Pooling Measured Service Low Cost Software Advanced Security

  4. Microsoft’s View of Private Cloud Characteristics: • “Tenant” self-service on-demand • Charge for resources consumed • Orchestrated management and monitoring • Tenant monitoring & reporting interfaces A Private Cloud presents the OS and virtualization resources as a pool of shared resources Your focus now shifts to the applications, where you rely on the pool of resources to supply the right capacity and capabilities Operating System Virtualization Management The resource pool is created through management, based on business rules and executed through automation. You no longer think about numbers of VMs, server ratios, memory or storage but instead on how much compute resources you have access to

  5. Implementing a Microsoft Private Cloud • Clustered “Scale units” of 16 physical servers • Virtualized using Hyper-V to create platform for 1,000 VMs • Discrete management layer using System Center suite • Orchestration of complex workflows using SCORCH • Active Directory provides common security model for hosting and hosted assets • AuthN, AuthZ & Auditing Admin / Tenant Interfaces Orchestration Layer Management Layer Hyper-V based Hypervisor Compute / Network / Storage

  6. Private Cloud Security Concerns • Security is the number 1 concern for cloud adoption • 75% responded 4 or 5 (on 1 to 5 scale) * • Key security issues: • Isolation of tenants from each other & hosting infrastructure • Compute and network layers • Authentication / Authorization / Auditing of access to cloud services • Impact to CIA via exploitation of software vulnerabilities • Unauthorized access / DoS due to weak (or mis)configuration • Impact to CIA of services by malicious code • Impact to CIA of data • Compliance * Source: IDC Enterprise Panel, August 2008 # CIA = Confidentiality, Integrity & Availability

  7. Security & Compliance in a Microsoft Private Cloud • Secure virtualization platform • Secure development lifecycle • Highly automated management, monitoring & reporting • Comprehensive security model for authN, authZ & auditing • Multi-layered security controls

  8. Virtualization Stack WindowsKernel OSKernel DeviceDrivers Windows hypervisor VMBus Secure Virtualization PlatformA secure platform to enforce VM isolation • Microkernel Hypervisor • Isolation boundary between partitions • Minimal TCB with no third-party drivers • Root partition • Mediates all access to hypervisor • Server core minimizes attack surface • ~50% less patching required • Guests cannot interfere with each other • Dedicated workers processes • Dedicated VMBus channel • Certified to Common Criteria EAL4+ Root Partition Guest Partitions Ring 3 Ring 3 GuestApplications VM WorkerProcesses Server Core Ring 0 Ring 0 Storage NIC “Ring “-1” CPU

  9. Drivers Drivers Secure Virtualization PlatformMicrokernel vs. Monolithic Hypervisor • Monolithic Hypervisor hosts: • Virtualization stack • 3rd party device drivers • Larger code base • Harder to test security • Increased attack surface VM 1 (Admin) VM 2 VM 3 VM 1 VM 2 RootPartition GuestPartition GuestPartition Virtual- ization Stack Hypervisor Virtualization Stack Hypervisor Hardware Hardware “The fact is, the absolute last place you want to see drivers is in the hypervisor, not only because the added abstraction layer is inevitably a big performance problem, but because hardware and drivers are by definition buggier than "generic" code that can be tested.” Linus Torvalds, https://lists.linux-foundation.org/pipermail/desktop_architects/2007-August/002446.html

  10. Security Development Lifecycle • Industry leading software security assurance process • Prescriptive yet practical approach • Proactive – not just “looking for bugs” • Detect security problems early • Proven results • Protects Microsoft customers by: • Reducing the number of vulnerabilities • Reducing the severity of vulnerabilities Microsoft SecurityResponse Center Conception Best Practicesand Learning ProductDevelopment Incident Response Secure Design Final Security Review Secure Implementation Release Internal Testing Beta Testing Verification

  11. Highly Automated Management, Monitoring & ReportingThe Problem • Operational complexity does not promote security • Complex manual tasks across multiple systems… • Performed by multiple admins… • Invites omissions and errors… • And lacks traceability and auditing… • If you don’t know what you have – you can’t secure it!

  12. Highly Automated Management, Monitoring & Reporting Portals &Reporting • Integration: • Virtual resource management • Configuration management • Operations management • Data protection management • Incident / change management • Automation & Orchestration: • Simplify complex workflows • Automate responses • Enable self-service • Oversight & auditing 3rd PartySolutions

  13. Highly Automated Management, Monitoring & Reporting IT Silos VM Provisioning Process • Stop old VM, release resources & retire asset • Create / configure new VM, & log ticket • Test VM & update ticket • Deploy apps, verify & update ticket • Register asset in CMDB & add to monitoring Event Mgmt Remove from Ops Manager Add to Ops Manager Service Desk Monitor Service request Update request Update request Update & close request Create incident Asset/CMDB CreateCI Retire CI Configuration Test VM Deploy Applications Verify Application Virtual Stop VM Clone new VM Update properties 1 5 3 2 4 Security Storage Detach Storage Server Network Detach Network Adapter

  14. Comprehensive Security Model for authN, authZ & auditing - Active Directory Services • Authentication Services • AD provides overarching authentication service for all users and resources • Windows security model common across all hosts & guests • Simplifies authorization of users to resources • Provides detailed auditing of all access attempts • AzMan provides role-based authorization for granular task delegation • Centralized policy storage and enforcement • Extensible security model • Certificate services • Federation services

  15. Multi-layered Security ControlsA Defense in Depth Approach • Layer • Defenses • Data • Windows security model for access control and auditing • System Center Data Protection Manager for data availability • User identification & authorization • Application-layer malware protection • Application • Patch Management • Application / Host hardening • Host boundaries enforced by external hypervisor • Host malware protection • Host • VLANs and packet filters in network fabric • Host firewall to supplement & integrate IPSec isolation • Network • Perimeter / Access • Controlled access to portals / services using UAG • Controlled outbound access using TMG

  16. Security Update ManagementTimely and effective protection against software vulnerabilities • Industry-leader in update management: • Predictable release process • Timely & detailed communications channels • Update assurance testing for high quality updates • CC EAL4+ALC_FLR.3 (systematic flaw remediation) • Highly automated deployment & verification • Hosts / guests report required updates • Update process initiated • Requests authenticated and approved • Hyper-V hosts patched with zero downtime

  17. Patch Orchestration using System Center and Opalis 1 2 3 5 6 7 8 4

  18. Application / Host HardeningMicrosoft Security Compliance Manager • Modify & manage security baselinespublished by Microsoft • Domain Member, Hyper-V Host, Domain Controller etc. • Enterprise Client / Specialized Security Limited Functionality • Baseline enforcement • Export from baseline library to Group Policy • Measure baseline compliance • Export from baseline library to DCM pack • Report on compliance with DCM pack using Configuration Manager

  19. Host Malware ProtectionProtecting Hosts / Guests from malicious code • Highly-effective protection against malware • Effective reactive / proactive remediation with very low false positives • Behavior monitoring backed by Dynamic Signature Service • Block network-based vulnerabilities with NIS • Backed by Microsoft Malware Protection Center • Role-specific exclusions minimize performance impact • No additional infrastructure for management, monitoring or reporting

  20. Network Traffic IsolationIsolating traffic using VLANs • Hosts and VMs support 802.1Q (VLAN tagging) • Each assigned VLAN ID • Enforced across network fabric • Firewalls permit inter-VLAN traffic as per policy • Isolates: • Host from guests • Mgmt. traffic from guest traffic

  21. Filtering Network Connections to HostsWindows Firewall with IPSec • Block all inbound connections to non-essential services • Deny guest to host / management systems • Centrally managed firewall policy • Server and Domain Isolation using IPSec • Non-domain hosts cannot connect • Trusted hosts within domain mustauthenticate to connect Data Center’s Physical Servers Guest OS Data-Center Network

  22. Summary • Secure virtualization platform providing isolation and non-interference • Secure development lifecycle and update management lifecycle • Highly automated management, monitoring & reporting • Comprehensive security model for authN, authZ & auditing • Multi-layered security controls

  23. Private Cloud Architecture Goes Social! • The Microsoft Private Cloud Architecture blog • The Microsoft Private Cloud Architecture Facebook page • The Microsoft Private Cloud Architecture Twitter account • The Microsoft Private Cloud Architecture LinkedIn Group • The Microsoft Private Cloud TechNet forums • The Microsoft Private Cloud Dojo on the TechNet Wiki

  24. Additional Resources • Private Cloud Solution Hub • www.technet.com/cloud/private-cloud • Private Cloud IaaS Page • www. microsoft.com/privatecloud

  25. Questions? • Session Code • Dr. Thomas W Shinder • Principal Knowledge Engineer/Principal Writer • tomsh@microsoft.com • Blog – Private Cloud Architecture Blog http://blogs.technet.com/b/privatecloud/ • You can ask your questions at “Ask the expert” zone within an hour after end of this session

More Related