microsoft private cloud security
DESCRIPTION
BETA!. SEC305. Principal Knowledge Engineer/Principal Writer. Microsoft – SCD iX Solutions Group Private Cloud Architecture - Security. Microsoft Private Cloud Security. Dr. Thomas W Shinder. Agenda. Building a secure private cloud on Microsoft technologies - PowerPoint PPT PresentationTRANSCRIPT
SEC305
Microsoft Private Cloud Security
Dr. Thomas W ShinderPrincipal Knowledge Engineer/Principal WriterMicrosoft – SCD iX Solutions GroupPrivate Cloud Architecture - Security
BETA!
Agenda
Building a secure private cloud on Microsoft technologies
Private cloud security concerns
Security & compliance in a Microsoft private cloud
NIST Cloud Definition
CommunityCloud
Private Cloud
Public Cloud
Hybrid CloudsDeploymentModels
ServiceModels
EssentialCharacteristics
Common Characteristics
Infrastructure as a Service (IaaS)
Platform as a Service (PaaS)
Software as a Service (SaaS)
Resource Pooling
Broad Network Access Rapid Elasticity
Measured Service
On Demand Self-Service
Low Cost Software
Virtualization Service Orientation
Advanced Security
Homogeneity
Massive Scale Resilient Computing
Geographic Distribution
Microsoft’s View of Private Cloud
Operating SystemVirtualization
A Private Cloud presents the OS and virtualization resources
as a pool of shared resources
The resource pool is created through management, based
on business rules and executed through automation.
ManagementYou no longer think about numbers of VMs, server
ratios, memory or storage but instead on how much compute resources you have access to
Your focus now shifts to the applications, where you rely on the pool of resources to supply
the right capacity and capabilities
Characteristics:“Tenant” self-service on-demandCharge for resources consumedOrchestrated management and monitoringTenant monitoring & reporting interfaces
Implementing a Microsoft Private CloudClustered “Scale units” of 16 physical serversVirtualized using Hyper-V to create platform for 1,000 VMsDiscrete management layer using System Center suiteOrchestration of complex workflows using SCORCHActive Directory provides common security model for hosting and hosted assets
Compute / Network / Storage
Management Layer
Hyper-V based Hypervisor
Orchestration Layer
Admin / Tenant Interfaces
Au
thN
, A
uth
Z &
Au
dit
ing
Private Cloud Security ConcernsSecurity is the number 1 concern for cloud adoption
75% responded 4 or 5 (on 1 to 5 scale) *Key security issues:
Isolation of tenants from each other & hosting infrastructureCompute and network layers
Authentication / Authorization / Auditing of access to cloud servicesImpact to CIA via exploitation of software vulnerabilitiesUnauthorized access / DoS due to weak (or mis)configurationImpact to CIA of services by malicious codeImpact to CIA of dataCompliance
* Source: IDC Enterprise Panel, August 2008
# CIA = Confidentiality, Integrity & Availability
Security & Compliance in a Microsoft Private Cloud
Secure virtualization platformSecure development lifecycleHighly automated management, monitoring & reportingComprehensive security model for authN, authZ & auditingMulti-layered security controls
Secure Virtualization PlatformA secure platform to enforce VM isolation
WindowsKernel
Server Core
Virtualization Stack
DeviceDrivers
Windows hypervisor
VM WorkerProcesses
Guest Partitions
Ring 0
Ring 3
OSKernel
VMBus
GuestApplications
Root Partition
CPUStorage NIC
Ring 0
Ring 3
“Ring “-1”
Microkernel HypervisorIsolation boundary between partitionsMinimal TCB with no third-party drivers
Root partitionMediates all access to hypervisorServer core minimizes attack surface
~50% less patching requiredGuests cannot interfere with each other
Dedicated workers processesDedicated VMBus channel
Certified to Common Criteria EAL4+
Secure Virtualization Platform Microkernel vs. Monolithic Hypervisor
Monolithic Hypervisor hosts:Virtualization stack3rd party device drivers
Larger code baseHarder to test securityIncreased attack surface
Hardware
Hypervisor
VM 1 VM 2Virtual-ization Stack
RootPartition
Drivers
GuestPartition
GuestPartition
Hypervisor
VM 1(Admin)
VM 2 VM 3
Hardware
Drivers
Virtualization Stack
“The fact is, the absolute last place you want to see drivers is in the hypervisor, not only because the added abstraction layer is inevitably a big performance problem, but because hardware and drivers are by definition buggier than "generic" code that can be tested.”Linus Torvalds, https://lists.linux-foundation.org/pipermail/desktop_architects/2007-August/002446.html
Security Development Lifecycle
Industry leading software security assurance process
Prescriptive yet practical approachProactive – not just “looking for bugs”Detect security problems earlyProven results
Protects Microsoft customers by:Reducing the number of vulnerabilitiesReducing the severity of vulnerabilities
Conception
Release
Highly Automated Management, Monitoring & ReportingThe Problem
Operational complexity does not promote securityComplex manual tasks across multiple systems…
Performed by multiple admins…Invites omissions and errors…
And lacks traceability and auditing…
If you don’t know what you have – you can’t secure it!
Highly Automated Management, Monitoring & Reporting
Portals &Reporting
3rd PartySolutions
Integration:Virtual resource managementConfiguration managementOperations managementData protection managementIncident / change management
Automation & Orchestration:Simplify complex workflowsAutomate responsesEnable self-service
Oversight & auditing
Highly Automated Management, Monitoring & Reporting
Event Mgmt
Service Desk
Asset/CMDB
Configuration
Virtual
Security
Storage
Server
Network
IT Silos VM Provisioning Process
Monitor Servicerequest
Stop VM
Updaterequest
Updaterequest
Update & closerequest
Clone newVM
Updateproperties
Remove from Ops Manager
Test VM DeployApplications
VerifyApplication
Add to Ops Manager
Create CIRetire CI
Createincident
Detach Storage
Detach Network Adapter
1. Stop old VM, release resources & retire asset
2. Create / configure new VM, & log ticket
3. Test VM & update ticket4. Deploy apps, verify &
update ticket5. Register asset in CMDB
& add to monitoring
1 2
3
4
5
Authentication ServicesAD provides overarching authentication service for all users and resources
Windows security model common across all hosts & guestsSimplifies authorization of users to resourcesProvides detailed auditing of all access attemptsAzMan provides role-based authorization for granular task delegation
Centralized policy storage and enforcementExtensible security model
Certificate servicesFederation services
Comprehensive Security Model for authN, authZ & auditing - Active Directory Services
Multi-layered Security ControlsA Defense in Depth Approach
Data
Perimeter / Access
Application
Host
Network
Windows security model for access control and auditing System Center Data Protection Manager for data availability
User identification & authorization Application-layer malware protection
Host boundaries enforced by external hypervisor Host malware protection
VLANs and packet filters in network fabric Host firewall to supplement & integrate IPSec isolation
Controlled access to portals / services using UAG Controlled outbound access using TMG
Layer Defenses
Patch Management Application / Host
hardening
Security Update ManagementTimely and effective protection against software vulnerabilities
Industry-leader in update management:Predictable release processTimely & detailed communications channelsUpdate assurance testing for high quality updatesCC EAL4+ALC_FLR.3 (systematic flaw remediation)
Highly automated deployment & verificationHosts / guests report required updatesUpdate process initiated
Requests authenticated and approved
Hyper-V hosts patched with zero downtime
Patch Orchestration using System Center and Opalis
Security
Orchestration
Management
Automation
Virtualization
Servers
Network
Storage
Service Management Approve Service
Request
Security UpdatesReceived
Initiate UpdateWorkflow
Initiate Maint.Mode on Host
Migrate VMs off Host
VM Live Migration
Patch PhysicalHost
Patch MasterImage
Patch Installation
Patch Installation
Migrate VMsEnsure Separation
Report Workflow Results
End Maint.Mode on Host
Verify HostAvailability
Run HostHealth Check
Investigate AnyIssues
Migrate VMsBack
VM Live Migration
Verify Hyper-V Health
Verify ServerHealth
Verify Network Connectivity
Verify Storage Connectivity
Verify Patch Installation
Report Workflow Results
Investigate AnyIssues
ContinueWorkflow
ContinueWorkflow
Migrate VMs off Host
1
2
3
4
5
6
7
8
Application / Host HardeningMicrosoft Security Compliance Manager
Modify & manage security baselinespublished by Microsoft
Domain Member, Hyper-V Host, Domain Controller etc.Enterprise Client / Specialized Security Limited Functionality
Baseline enforcementExport from baseline library to Group Policy
Measure baseline complianceExport from baseline library to DCM packReport on compliance with DCM pack using Configuration Manager
Host Malware ProtectionProtecting Hosts / Guests from malicious code
Highly-effective protection against malwareEffective reactive / proactive remediation with very low false positivesBehavior monitoring backed by Dynamic Signature ServiceBlock network-based vulnerabilities with NISBacked by Microsoft Malware Protection Center
Role-specific exclusions minimize performance impactNo additional infrastructure for management, monitoring or reporting
Network Traffic IsolationIsolating traffic using VLANs
Hosts and VMs support 802.1Q (VLAN tagging)
Each assigned VLAN IDEnforced across network fabricFirewalls permit inter-VLAN traffic as per policy
Isolates:Host from guestsMgmt. traffic from guest traffic
Filtering Network Connections to HostsWindows Firewall with IPSec
Block all inbound connections to non-essential servicesDeny guest to host / management systemsCentrally managed firewall policy
Server and Domain Isolation using IPSecNon-domain hosts cannot connectTrusted hosts within domain mustauthenticate to connect
Data Center’sPhysical Servers
Guest OS
Data-Center Network
SummarySecure virtualization platform providing isolation and non-interference
Secure development lifecycle and update management lifecycle
Highly automated management, monitoring & reporting
Comprehensive security model for authN, authZ & auditing
Multi-layered security controls
Private Cloud Architecture Goes Social!
The Microsoft Private Cloud Architecture blogThe Microsoft Private Cloud Architecture Facebook page The Microsoft Private Cloud Architecture Twitter account The Microsoft Private Cloud Architecture LinkedIn Group The Microsoft Private Cloud TechNet forums The Microsoft Private Cloud Dojo on the TechNet Wiki
Additional Resources
Private Cloud Solution Hubwww.technet.com/cloud/private-cloud
Private Cloud IaaS Pagewww. microsoft.com/privatecloud
Questions?
Session Code Dr. Thomas W Shinder
Principal Knowledge Engineer/Principal [email protected] Blog – Private Cloud Architecture Blog http://blogs.technet.com/b/privatecloud/
You can ask your questions at “Ask the expert” zone within an hour after end of this session