Identity management for cloud deployed applications can be a challenge. Often users will want to leverage an existing social network or corporate identity. Now we have to worry about dealing with multiple APIs, any updates to those APIs, or the addition of new identity providers. Windows Azure Access Control Services offers a better way! ACS allows for federated user authentication via popular social networks and Active Directory. In this session we’ll provide a crash course in claims as they relate to identity management. We’ll discuss why claims are important and how to add additional claims beyond what is provided by the identity providers. We'll also take a look at Windows Azure Active Directory and see how to manage corporate identities in the cloud.
Most conference presentations will share “best practices”. That’s not this presentation. In this session we'll discuss what NOT to do. These surefire fail activities are inspired from real customer engagements (names changed to protect the innocent). Looking at the unsuccessful architecture and development patterns of others can help us not repeat the same mistakes in future cloud projects.
-- This was originally presented at StirTrek 2014. --
Identity and Access (AD), Azure and Office 365: Building a Single Page Application (SPA) with ASP.NET Web API and Angular.js using Azure Active Directory to Log in Users
Agenda:
What is AAD Connect?
Features provided with AAD Connect
Syncing your on-premises identities using AAD Connect
Setting up AAD Connect
Conclusion
Windows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services allows developers to build scalable mobile backends in the cloud with no backend code to write. Mobile Services provides features like user authentication, data storage, push notifications, and integration with social networking services. Developers can access Mobile Services features through SDKs for major mobile platforms or via a REST API. The service aims to simplify common mobile app tasks and allows apps to scale easily in the cloud without backend maintenance.
The document provides tips and lessons for using various Windows Azure services, including:
- Windows Azure Table Storage and how to model data for storage in tables
- Access Control Service (ACS) for claims-based authentication and common issues to address
- Windows Azure Diagnostics for collecting logging data across roles and storing in tables or blobs
- Best practices for deployment, environments, tools, and selling Azure's capabilities to customers
Unlock new and powerful ways to manage your Azure resources.
Keeping track of all the various resources used by a solution is a daunting task. There needs to be an easier way to combine various resources into logical groups. The Azure Resource Manager enables you to group and manage multiple resources as a single logical group. With the ability to create reusable templates, it becomes much easier to consistently deploy solutions. In this session we will explore how the Azure Resource Manager can be used to better manage our Azure solutions. We will dive deep into creating resources and manipulating the Resource Manager templates. In the end, you'll be able to unlock new and powerful ways to manage your Azure resources.
You will learn:
- How to create and manage Resource Groups from PowerShell and the Cross-Platform Command-Line Interface
- How to create custom Azure Resource Manager templates
- How to manage security for resources using Azure Resource Manager and Azure Active Directory
This document discusses hybrid applications that utilize both on-premises and cloud-based resources. It outlines some common scenarios for hybrid applications, such as using the cloud for data storage and archival while keeping computing resources on-premises. It also discusses concerns around security, regulatory compliance, and only moving parts of an application to the cloud that provide clear benefits. The document introduces Windows Azure services like Service Bus that can help enable hybrid applications by allowing communication between on- and off-premises components.
Windows Phone 7 and Windows Azure – A Match Made in the Cloud
Windows Phone 7 and Windows Azure are a good match because they both provide easy and familiar development environments, connectivity through the cloud, and scalability. They are compatible in these areas. The document discusses how Windows Phone 7 and Windows Azure can be used together through features like data storage in Windows Azure tables and blobs, push notifications, and identity management with Access Control Services. It provides examples of how to integrate the platforms for storing, retrieving, and displaying data stored in the cloud.
Stephane Lapointe, Frank Boucher & Alexandre Brisebois: Les micro-services et...
16 Avril 2016
Groupe Azure
Sujet: Les micro-services et Azure Service Fabric
Conférenciers: Alexandre Brisebois, Microsoft, Stéphane Lapointe, Orckestra et Frank Boucher, Lixar IT
Nous vous proposons une journée complète sur les micro-services et Azure Service Fabric, le but étant d'appendre la théorie avec une série de présentations pour ensuite concrétiser le tout avec une partie pratique "hands-on" et des labs.
Pour participer, vous devrez obligatoirement apporter votre ordinateur portable, avoir installé Visual Studio 2015 Update 2 et Service Fabric SDK 2.0.135.
This document summarizes Microsoft Azure Active Directory (Azure AD) and how it compares to on-premises Active Directory Domain Services (AD DS). Azure AD provides identity and access management in the cloud, while AD DS is installed on-premises. Key differences include Azure AD being multi-tenant, lacking group policy support, and using REST APIs instead of LDAP. The document also outlines integrating Azure AD and AD DS through synchronization and federation for single sign-on capabilities across cloud and on-premises applications and services.
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Mustafa Toroman, Saša Kranjac] More and more services we use every day are moving to cloud. This creates many challenges, especially if we look at things from security point of view. Taking services out of our datacenter, opens our data and services to new kind of threats but fortunately new tools are available to protect us. See from both perspectives how attackers can try to exploit our journey to cloud and how can we detect threats and stop attacks before they occur. We will show examples how Red Team attacks our Cloud and how Blue Team can detect and stop Red Team.
The document discusses the Windows Azure platform, which provides an internet-scale, highly available cloud fabric hosted in Microsoft's globally distributed data centers. It offers compute, storage, data, integration, access control, and other services to build applications that can automatically scale out and integrate on-premises systems. The document outlines different application models, architectural patterns, and benefits of building on the Windows Azure platform.
Windows Azure Active Directory provides identity and access management in the cloud. It acts as an identity provider and security token service, supporting protocols like WS-Federation, OAuth 2.0 and SAML 2.0. It offers single sign-on for Azure applications, manages users and groups, and can integrate with on-premises Active Directory. Benefits include not needing to implement your own authorization and avoiding single points of failure compared to Active Directory Federation Services.
Azure AD Connect allows syncing of local Active Directory accounts to Azure Active Directory. It requires an Azure AD global administrator account, an enterprise administrator account for the local AD, a SQL Server database, and meeting server and hardware requirements. The setup process involves creating a global administrator account, installing Azure AD Connect, and configuring it for initial or subsequent synchronization of users and groups between the local and cloud directories.
This talk is mainly on the security aspects of Azure, in any context. you’ll get an overview on where security is handled, some practices and how to monitor and act accordingly to certain threats and issues. It will focus on IaaS, PaaS and SaaS. As security is an integral part of an environment, the integration aspect is not far away. Focus products include Azure and all related services.
This document provides an overview of the Windows Azure platform. It discusses how Windows Azure is designed from the ground up for massive scale across global data centers. It also describes how Windows Azure allows applications to scale individual parts up and down as needed. Finally, it outlines the core building blocks of Windows Azure including compute, storage (blobs, tables, queues), and networking.
Azure Active Directory (AD) is a directory as a service on Microsoft Azure. More than the cloud identity Azure AD provides a platform to build cloud applications with multi tenancy support. A flexible authentication systems which enables developers to leverage the cloud identity model and develop applications at ease. The session will walk you through on the basics of Azure AD and how to develop .NET applications using Azure AD.
The document discusses Azure diagnostics and monitoring application health. It covers the types of diagnostic data that can be monitored like performance counters, logs, and events. It explains how to use the Azure Diagnostic Agent to collect and transfer diagnostic data to storage. It also provides examples of imperative and declarative configuration of diagnostics and querying diagnostic data from storage.
The document discusses identity management in the cloud using ADFS 2.0, Azure, and Office 365. It introduces federation and single sign-on capabilities that allow users to access both on-premises and cloud-based applications using one set of credentials. Multifactor authentication is also covered as an option for increasing security. Specific configurations are presented, including typical server requirements and costs for a small company to implement a cloud-ready identity management solution.
Information security in office 365 a shared responsibility - antonio maio
There is no denying that Office 365 can make us highly productive, sharing and collaborating with coworkers, partners and clients. But, does it take care of our security and compliance issues? Is our data secure in Office 365? Yes, and no. The security of our information in Office 365 is a shared responsibility between Microsoft (the cloud provider) and us (the customers). Office 365 is a secure platform, but to truly secure our data we must make effective use of the security capabilities and features provided within the platform. We must also have strong information governance structures in place to control how information is shared and accessed through the platform. This session will provide a detailed review of the Office 365 Security and Compliance Center, including how to use the built in capabilities for alerts, data loss prevention policies, activity audit logs, advanced security management and customer lockbox. We'll also review recommended information governance and security practices based on customer experiences to help you effectively secure your information in Office 365 and uphold your end of the shared responsibility.
This document discusses using federated identity management with Azure AppFabric Access Control Service (ACS) and Windows Identity Foundation (WIF) for single sign-on in software as a service applications. The solution allows leveraging popular identity providers like Google and Yahoo for authentication while avoiding the need to manage user accounts. ACS acts as an aggregator between identity providers and relying parties. WIF is used to integrate applications with ACS and manage claims. The approach favors proven security standards over custom code and avoids storing sensitive user data.
This document provides an overview of Windows Azure AppFabric. It discusses the identity and access control, service bus, and caching services that AppFabric provides. The identity service implements claims-based authentication and uses the Access Control service to integrate single sign-on with multiple identity providers. The service bus enables hybrid cloud applications through a relay that provides secure messaging. Caching improves performance by storing data in memory for low-latency access.
Claim Based Authentication in SharePoint 2010 for Community Day 2011
This document provides an overview of claim based authentication in SharePoint 2010 from a developer's perspective. It discusses key claim based terminology, how claims work in SharePoint 2010 including normalizing identities and configuring claims providers. It also covers development tasks with claims such as augmenting claims and resolving claims in the people picker. Finally, it discusses trusted identity providers such as Active Directory Federation Services, Windows Live ID, and OpenID.
Expandindo seu Data Center com uma infraestrutura hibrida
This document discusses hybrid cloud architectures using AWS and on-premises infrastructure. It covers various layers including data centers, networks, hypervisors, operating systems, management services, applications, and data. It provides examples of splitting application tiers across different environments. It also discusses considerations for networking, storage, operations, and automation when building hybrid architectures. Key services mentioned include AWS Direct Connect, Storage Gateway, OpsWorks, and CodeDeploy. The presentation aims to help customers expand their data centers with hybrid infrastructure.
This document discusses the evolution of service-oriented architectures (SOAs) and how identity management plays a key role. Early SOAs like CORBA and DCOM struggled with security. Web services improved on this with standards like WS-Security and SAML tokens. More recent approaches like OpenID, OAuth, and federated identity management improved user-centric security and access control. Future SOAs may utilize attribute-based access control at large scales across organizations. Overall, the document traces how security for SOAs transitioned from platform-specific to user-centric and interoperable across the Internet.
“Secure Portal” or WebSphere Portal – Security with Everything
This document discusses various methods for implementing security and single sign-on capabilities in WebSphere Portal, including authenticating against corporate directories, using LDAP for authorization and personalization, desktop single sign-on in Microsoft environments using Kerberos and SPNEGO, backend single sign-on within IBM products using LTPA tokens, and asserting identity in open environments using standards like SAML and Shibboleth. It provides high-level overviews and considerations for different security integration approaches.
Build and Deploy LightSwitch Application on Windows Azure
Visual Studio LightSwitch is the simplest way to build business applications for the desktop and cloud. LightSwitch simplifies the development process by letting you concentrate on the business logic, while LightSwitch handles the common tasks for you.
In this session you see the demo, Which shows you end-to-end, how to build and deploy a data-centric business application using LightSwitch and deploy to Windows Azure
Inspired by one of the Windows Azure gods (Wade Wegner), Maarten decided to order a homebrewing starter kit. Being a total cloud fanboy, he decided to hook those delicious creations to the cloud. Join Maarten and discover how you can connect a variety of devices (like *duino) and USB temperature sensors to Windows Azure to monitor brewing and fermentation temperatures. He'll show you how to do distributed brewing in this fun yet practical session on an interesting use case for the cloud: beer.
This document provides an overview of Office 365 for IT professionals presented by Andy Malone. It begins with an introduction of Andy Malone and his background. The bulk of the document then explores various components and capabilities of Office 365 including exploring Office 365, understanding data storage locations, identity management with Azure Active Directory, provisioning accounts, and Exchange Online. It provides summaries of key Office 365 services and components. The document concludes with some final tips and thoughts on Office 365 and links to additional tools and resources.
1. The document provides an introduction to modern authentication methods for cloud applications, focusing on claims-based identity.
2. Claims-based identity uses an abstraction layer where claims about a subject are issued in security tokens by an identity provider and can be verified by a relying party.
3. The document discusses examples of implementing claims-based identity on-premises using Active Directory Federation Services (ADFS) and in the cloud using Azure Active Directory (WAAD) as identity providers.
Windows Azure for Developers - Building Block ServicesMichael Collier
Learn about the next generation building block services available in Windows Azure that help to create connected, secure, and reliable services.
With services such as Caching, Service Bus (relay, queues, and topics), and Access Control Services (ACS) developers can focus more on building great solutions and less on plumbing services necessary to do so. In this webcast, we will take a look at many of the additional services offered as part of Windows Azure. We'll see just how easy it can be to add scalable caching with Windows Azure Caching, create robust connected solutions with the Service Bus, and secure applications with ACS.
10 Ways to Gaurantee Your Azure Project will FailMichael Collier
Most conference presentations will share “best practices”. That’s not this presentation. In this session we'll discuss what NOT to do. These surefire fail activities are inspired from real customer engagements (names changed to protect the innocent). Looking at the unsuccessful architecture and development patterns of others can help us not repeat the same mistakes in future cloud projects.
-- This was originally presented at StirTrek 2014. --
Identity and Access (AD), Azure and Office 365: Building a Single Page Application (SPA) with ASP.NET Web API and Angular.js using Azure Active Directory to Log in Users
Agenda:
What is AAD Connect?
Features provided with AAD Connect
Syncing your on-premises identities using AAD Connect
Setting up AAD Connect
Conclusion
Windows Azure Mobile Services - The Perfect PartnerMichael Collier
Windows Azure Mobile Services allows developers to build scalable mobile backends in the cloud with no backend code to write. Mobile Services provides features like user authentication, data storage, push notifications, and integration with social networking services. Developers can access Mobile Services features through SDKs for major mobile platforms or via a REST API. The service aims to simplify common mobile app tasks and allows apps to scale easily in the cloud without backend maintenance.
The document provides tips and lessons for using various Windows Azure services, including:
- Windows Azure Table Storage and how to model data for storage in tables
- Access Control Service (ACS) for claims-based authentication and common issues to address
- Windows Azure Diagnostics for collecting logging data across roles and storing in tables or blobs
- Best practices for deployment, environments, tools, and selling Azure's capabilities to customers
Unlock new and powerful ways to manage your Azure resources.
Keeping track of all the various resources used by a solution is a daunting task. There needs to be an easier way to combine various resources into logical groups. The Azure Resource Manager enables you to group and manage multiple resources as a single logical group. With the ability to create reusable templates, it becomes much easier to consistently deploy solutions. In this session we will explore how the Azure Resource Manager can be used to better manage our Azure solutions. We will dive deep into creating resources and manipulating the Resource Manager templates. In the end, you'll be able to unlock new and powerful ways to manage your Azure resources.
You will learn:
- How to create and manage Resource Groups from PowerShell and the Cross-Platform Command-Line Interface
- How to create custom Azure Resource Manager templates
- How to manage security for resources using Azure Resource Manager and Azure Active Directory
This document discusses hybrid applications that utilize both on-premises and cloud-based resources. It outlines some common scenarios for hybrid applications, such as using the cloud for data storage and archival while keeping computing resources on-premises. It also discusses concerns around security, regulatory compliance, and only moving parts of an application to the cloud that provide clear benefits. The document introduces Windows Azure services like Service Bus that can help enable hybrid applications by allowing communication between on- and off-premises components.
Windows Phone 7 and Windows Azure – A Match Made in the CloudMichael Collier
Windows Phone 7 and Windows Azure are a good match because they both provide easy and familiar development environments, connectivity through the cloud, and scalability. They are compatible in these areas. The document discusses how Windows Phone 7 and Windows Azure can be used together through features like data storage in Windows Azure tables and blobs, push notifications, and identity management with Access Control Services. It provides examples of how to integrate the platforms for storing, retrieving, and displaying data stored in the cloud.
Stephane Lapointe, Frank Boucher & Alexandre Brisebois: Les micro-services et...MSDEVMTL
16 Avril 2016
Groupe Azure
Sujet: Les micro-services et Azure Service Fabric
Conférenciers: Alexandre Brisebois, Microsoft, Stéphane Lapointe, Orckestra et Frank Boucher, Lixar IT
Nous vous proposons une journée complète sur les micro-services et Azure Service Fabric, le but étant d'appendre la théorie avec une série de présentations pour ensuite concrétiser le tout avec une partie pratique "hands-on" et des labs.
Pour participer, vous devrez obligatoirement apporter votre ordinateur portable, avoir installé Visual Studio 2015 Update 2 et Service Fabric SDK 2.0.135.
This document summarizes Microsoft Azure Active Directory (Azure AD) and how it compares to on-premises Active Directory Domain Services (AD DS). Azure AD provides identity and access management in the cloud, while AD DS is installed on-premises. Key differences include Azure AD being multi-tenant, lacking group policy support, and using REST APIs instead of LDAP. The document also outlines integrating Azure AD and AD DS through synchronization and federation for single sign-on capabilities across cloud and on-premises applications and services.
[Mustafa Toroman, Saša Kranjac] More and more services we use every day are moving to cloud. This creates many challenges, especially if we look at things from security point of view. Taking services out of our datacenter, opens our data and services to new kind of threats but fortunately new tools are available to protect us. See from both perspectives how attackers can try to exploit our journey to cloud and how can we detect threats and stop attacks before they occur. We will show examples how Red Team attacks our Cloud and how Blue Team can detect and stop Red Team.
The document discusses the Windows Azure platform, which provides an internet-scale, highly available cloud fabric hosted in Microsoft's globally distributed data centers. It offers compute, storage, data, integration, access control, and other services to build applications that can automatically scale out and integrate on-premises systems. The document outlines different application models, architectural patterns, and benefits of building on the Windows Azure platform.
Windows Azure Active Directory provides identity and access management in the cloud. It acts as an identity provider and security token service, supporting protocols like WS-Federation, OAuth 2.0 and SAML 2.0. It offers single sign-on for Azure applications, manages users and groups, and can integrate with on-premises Active Directory. Benefits include not needing to implement your own authorization and avoiding single points of failure compared to Active Directory Federation Services.
Azure AD Connect allows syncing of local Active Directory accounts to Azure Active Directory. It requires an Azure AD global administrator account, an enterprise administrator account for the local AD, a SQL Server database, and meeting server and hardware requirements. The setup process involves creating a global administrator account, installing Azure AD Connect, and configuring it for initial or subsequent synchronization of users and groups between the local and cloud directories.
Enter The Matrix Securing Azure’s AssetsBizTalk360
This talk is mainly on the security aspects of Azure, in any context. you’ll get an overview on where security is handled, some practices and how to monitor and act accordingly to certain threats and issues. It will focus on IaaS, PaaS and SaaS. As security is an integral part of an environment, the integration aspect is not far away. Focus products include Azure and all related services.
Understanding the Windows Azure platform - juneDavidGristwood
This document provides an overview of the Windows Azure platform. It discusses how Windows Azure is designed from the ground up for massive scale across global data centers. It also describes how Windows Azure allows applications to scale individual parts up and down as needed. Finally, it outlines the core building blocks of Windows Azure including compute, storage (blobs, tables, queues), and networking.
Azure Active Directory (AD) is a directory as a service on Microsoft Azure. More than the cloud identity Azure AD provides a platform to build cloud applications with multi tenancy support. A flexible authentication systems which enables developers to leverage the cloud identity model and develop applications at ease. The session will walk you through on the basics of Azure AD and how to develop .NET applications using Azure AD.
The document discusses Azure diagnostics and monitoring application health. It covers the types of diagnostic data that can be monitored like performance counters, logs, and events. It explains how to use the Azure Diagnostic Agent to collect and transfer diagnostic data to storage. It also provides examples of imperative and declarative configuration of diagnostics and querying diagnostic data from storage.
The document discusses identity management in the cloud using ADFS 2.0, Azure, and Office 365. It introduces federation and single sign-on capabilities that allow users to access both on-premises and cloud-based applications using one set of credentials. Multifactor authentication is also covered as an option for increasing security. Specific configurations are presented, including typical server requirements and costs for a small company to implement a cloud-ready identity management solution.
Information security in office 365 a shared responsibility - antonio maioAntonioMaio2
There is no denying that Office 365 can make us highly productive, sharing and collaborating with coworkers, partners and clients. But, does it take care of our security and compliance issues? Is our data secure in Office 365? Yes, and no. The security of our information in Office 365 is a shared responsibility between Microsoft (the cloud provider) and us (the customers). Office 365 is a secure platform, but to truly secure our data we must make effective use of the security capabilities and features provided within the platform. We must also have strong information governance structures in place to control how information is shared and accessed through the platform. This session will provide a detailed review of the Office 365 Security and Compliance Center, including how to use the built in capabilities for alerts, data loss prevention policies, activity audit logs, advanced security management and customer lockbox. We'll also review recommended information governance and security practices based on customer experiences to help you effectively secure your information in Office 365 and uphold your end of the shared responsibility.
This document discusses using federated identity management with Azure AppFabric Access Control Service (ACS) and Windows Identity Foundation (WIF) for single sign-on in software as a service applications. The solution allows leveraging popular identity providers like Google and Yahoo for authentication while avoiding the need to manage user accounts. ACS acts as an aggregator between identity providers and relying parties. WIF is used to integrate applications with ACS and manage claims. The approach favors proven security standards over custom code and avoids storing sensitive user data.
This document provides an overview of Windows Azure AppFabric. It discusses the identity and access control, service bus, and caching services that AppFabric provides. The identity service implements claims-based authentication and uses the Access Control service to integrate single sign-on with multiple identity providers. The service bus enables hybrid cloud applications through a relay that provides secure messaging. Caching improves performance by storing data in memory for low-latency access.
Claim Based Authentication in SharePoint 2010 for Community Day 2011Joris Poelmans
This document provides an overview of claim based authentication in SharePoint 2010 from a developer's perspective. It discusses key claim based terminology, how claims work in SharePoint 2010 including normalizing identities and configuring claims providers. It also covers development tasks with claims such as augmenting claims and resolving claims in the people picker. Finally, it discusses trusted identity providers such as Active Directory Federation Services, Windows Live ID, and OpenID.
Expandindo seu Data Center com uma infraestrutura hibridaAlexandre Santos
This document discusses hybrid cloud architectures using AWS and on-premises infrastructure. It covers various layers including data centers, networks, hypervisors, operating systems, management services, applications, and data. It provides examples of splitting application tiers across different environments. It also discusses considerations for networking, storage, operations, and automation when building hybrid architectures. Key services mentioned include AWS Direct Connect, Storage Gateway, OpsWorks, and CodeDeploy. The presentation aims to help customers expand their data centers with hybrid infrastructure.
This document discusses the evolution of service-oriented architectures (SOAs) and how identity management plays a key role. Early SOAs like CORBA and DCOM struggled with security. Web services improved on this with standards like WS-Security and SAML tokens. More recent approaches like OpenID, OAuth, and federated identity management improved user-centric security and access control. Future SOAs may utilize attribute-based access control at large scales across organizations. Overall, the document traces how security for SOAs transitioned from platform-specific to user-centric and interoperable across the Internet.
“Secure Portal” or WebSphere Portal – Security with EverythingDave Hay
This document discusses various methods for implementing security and single sign-on capabilities in WebSphere Portal, including authenticating against corporate directories, using LDAP for authorization and personalization, desktop single sign-on in Microsoft environments using Kerberos and SPNEGO, backend single sign-on within IBM products using LTPA tokens, and asserting identity in open environments using standards like SAML and Shibboleth. It provides high-level overviews and considerations for different security integration approaches.
Build and Deploy LightSwitch Application on Windows AzureK.Mohamed Faizal
Visual Studio LightSwitch is the simplest way to build business applications for the desktop and cloud. LightSwitch simplifies the development process by letting you concentrate on the business logic, while LightSwitch handles the common tasks for you.
In this session you see the demo, Which shows you end-to-end, how to build and deploy a data-centric business application using LightSwitch and deploy to Windows Azure
Inspired by one of the Windows Azure gods (Wade Wegner), Maarten decided to order a homebrewing starter kit. Being a total cloud fanboy, he decided to hook those delicious creations to the cloud. Join Maarten and discover how you can connect a variety of devices (like *duino) and USB temperature sensors to Windows Azure to monitor brewing and fermentation temperatures. He'll show you how to do distributed brewing in this fun yet practical session on an interesting use case for the cloud: beer.
This document provides an overview of Office 365 for IT professionals presented by Andy Malone. It begins with an introduction of Andy Malone and his background. The bulk of the document then explores various components and capabilities of Office 365 including exploring Office 365, understanding data storage locations, identity management with Azure Active Directory, provisioning accounts, and Exchange Online. It provides summaries of key Office 365 services and components. The document concludes with some final tips and thoughts on Office 365 and links to additional tools and resources.
NIC 2014 Modern Authentication for the Cloud EraMorgan Simonsen
1. The document provides an introduction to modern authentication methods for cloud applications, focusing on claims-based identity.
2. Claims-based identity uses an abstraction layer where claims about a subject are issued in security tokens by an identity provider and can be verified by a relying party.
3. The document discusses examples of implementing claims-based identity on-premises using Active Directory Federation Services (ADFS) and in the cloud using Azure Active Directory (WAAD) as identity providers.
Janakiram MSV introduced .NET services including Service Bus, Access Control Service, and Workflow Services. Service Bus provides connectivity for applications over the cloud. Access Control Service enables claims-based access control in the cloud. Workflow Services provides infrastructure for hosting and managing workflows on the cloud. The presentation discussed how these services address challenges of distributed computing and provide key building blocks for cloud applications.
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...Amazon Web Services
Windows workloads are often the backbone of the data center and AWS Consulting Partners are responsible for the design, deployment, maintenance, and operation of these infrastructures. Deploying and operating a common set of management tooling is challenging and becomes even harder as you try to onboard new customers at scale. In this session, we discuss patterns for deploying a common shared infrastructure to host your management and backend assets. We dive deep on various components of the windows toolkit like core VPC, Active Directory, management tools, and finally a development pipeline. You walk away knowing how to design and deliver a common toolset so that you scale out instantly to any new customer workload.
In this session, learn how you evaluate, design, build, and manage distributed applications over hybrid infrastructures using Amazon Web Services. This session follows the evolution of a simple legacy data center expansion with basic connectivity into managing complex hybrid applications. Along the way, we investigate best practice designs in use by AWS customers. Topics covered include interconnectivity, availability, security, and hybrid networks with Amazon VPC and AWS Direct Connect, as well as automated provisioning with AWS CloudFormation and configuration management with AWS OpsWorks.
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
This session will teach you everything that you need to know in order to understand SharePoint Apps, authentication and authorization. Learn about the different type of Apps, the underlying Apps architecture and how to configure an on-premises environment to support Apps. Also you will learn about the different authentications options available for integrating apps, devices, and applications for on-prem scenarios, in the cloud and hybrid.
This document discusses federated access to AWS resources using temporary security credentials. It describes how users from other identity stores can be provided access to AWS resources without needing AWS credentials. Common use cases include delegating access to other AWS accounts or federating with corporate directories. Sessions are generated by AWS Security Token Service and include temporary credentials. Multiple methods are covered, including getting sessions via GetSessionToken or GetFederationToken APIs or by assuming roles. Demos show federating access to the AWS console and CLI using Active Directory credentials.
This document provides an overview and agenda for a presentation on single sign-on with Active Directory Federation in Office 365 and SharePoint Online. The presentation covers Office 365 identity management, different identity scenarios including directory sync and ADFS, preparing the Active Directory environment, deploying and configuring ADFS, and best practices. It includes diagrams of common identity architectures and an ADFS farm architecture comparison. The goal is to explain how to implement single sign-on for Office 365 using ADFS federation.
The Skype for Business (Lync) apps are one of the ubiquitous aspect of the product. Mobility is cross platform (Android, IOS and Windows are supported), has specific requirements and (in Skype for Business) adds some specific limits for clients on authentication, security and features. As part of the default server features, mobility is now both easier and more critical to understand. In this session, we will see what has been made available for the mobile users and what will be released. Configurations, requirements and deployment suggestions will be explained for on-premises, Cloud and hybrid deployments
This document discusses federated access to AWS resources using temporary security credentials. It describes how federation works by allowing users in other AWS accounts or identity stores to access resources in your AWS account through the use of sessions. Common use cases for federation include delegating access to other AWS accounts or teams and federating with corporate directories. The document then demonstrates how to request and use sessions to access AWS through the console and CLI using SAML and web identity federation.
Similar to Using Windows Azure for Solving Identity Management Challenges (Visual Studio Live, Las Vegas 2013) (20)
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfNeo4j
Presented at Gartner Data & Analytics, London Maty 2024. BT Group has used the Neo4j Graph Database to enable impressive digital transformation programs over the last 6 years. By re-imagining their operational support systems to adopt self-serve and data lead principles they have substantially reduced the number of applications and complexity of their operations. The result has been a substantial reduction in risk and costs while improving time to value, innovation, and process automation. Join this session to hear their story, the lessons they learned along the way and how their future innovation plans include the exploration of uses of EKG + Generative AI.
INDIAN AIR FORCE FIGHTER PLANES LIST.pdfjackson110191
These fighter aircraft have uses outside of traditional combat situations. They are essential in defending India's territorial integrity, averting dangers, and delivering aid to those in need during natural calamities. Additionally, the IAF improves its interoperability and fortifies international military alliances by working together and conducting joint exercises with other air forces.
7 Most Powerful Solar Storms in the History of Earth.pdfEnterprise Wired
Solar Storms (Geo Magnetic Storms) are the motion of accelerated charged particles in the solar environment with high velocities due to the coronal mass ejection (CME).
Kief Morris rethinks the infrastructure code delivery lifecycle, advocating for a shift towards composable infrastructure systems. We should shift to designing around deployable components rather than code modules, use more useful levels of abstraction, and drive design and deployment from applications rather than bottom-up, monolithic architecture and delivery.
Measuring the Impact of Network Latency at TwitterScyllaDB
Widya Salim and Victor Ma will outline the causal impact analysis, framework, and key learnings used to quantify the impact of reducing Twitter's network latency.
Best Programming Language for Civil EngineersAwais Yaseen
The integration of programming into civil engineering is transforming the industry. We can design complex infrastructure projects and analyse large datasets. Imagine revolutionizing the way we build our cities and infrastructure, all by the power of coding. Programming skills are no longer just a bonus—they’re a game changer in this era.
Technology is revolutionizing civil engineering by integrating advanced tools and techniques. Programming allows for the automation of repetitive tasks, enhancing the accuracy of designs, simulations, and analyses. With the advent of artificial intelligence and machine learning, engineers can now predict structural behaviors under various conditions, optimize material usage, and improve project planning.
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsMydbops
This presentation, delivered at the Postgres Bangalore (PGBLR) Meetup-2 on June 29th, 2024, dives deep into connection pooling for PostgreSQL databases. Aakash M, a PostgreSQL Tech Lead at Mydbops, explores the challenges of managing numerous connections and explains how connection pooling optimizes performance and resource utilization.
Key Takeaways:
* Understand why connection pooling is essential for high-traffic applications
* Explore various connection poolers available for PostgreSQL, including pgbouncer
* Learn the configuration options and functionalities of pgbouncer
* Discover best practices for monitoring and troubleshooting connection pooling setups
* Gain insights into real-world use cases and considerations for production environments
This presentation is ideal for:
* Database administrators (DBAs)
* Developers working with PostgreSQL
* DevOps engineers
* Anyone interested in optimizing PostgreSQL performance
Contact info@mydbops.com for PostgreSQL Managed, Consulting and Remote DBA Services
Blockchain technology is transforming industries and reshaping the way we conduct business, manage data, and secure transactions. Whether you're new to blockchain or looking to deepen your knowledge, our guidebook, "Blockchain for Dummies", is your ultimate resource.
The DealBook is our annual overview of the Ukrainian tech investment industry. This edition comprehensively covers the full year 2023 and the first deals of 2024.
Implementations of Fused Deposition Modeling in real worldEmerging Tech
The presentation showcases the diverse real-world applications of Fused Deposition Modeling (FDM) across multiple industries:
1. **Manufacturing**: FDM is utilized in manufacturing for rapid prototyping, creating custom tools and fixtures, and producing functional end-use parts. Companies leverage its cost-effectiveness and flexibility to streamline production processes.
2. **Medical**: In the medical field, FDM is used to create patient-specific anatomical models, surgical guides, and prosthetics. Its ability to produce precise and biocompatible parts supports advancements in personalized healthcare solutions.
3. **Education**: FDM plays a crucial role in education by enabling students to learn about design and engineering through hands-on 3D printing projects. It promotes innovation and practical skill development in STEM disciplines.
4. **Science**: Researchers use FDM to prototype equipment for scientific experiments, build custom laboratory tools, and create models for visualization and testing purposes. It facilitates rapid iteration and customization in scientific endeavors.
5. **Automotive**: Automotive manufacturers employ FDM for prototyping vehicle components, tooling for assembly lines, and customized parts. It speeds up the design validation process and enhances efficiency in automotive engineering.
6. **Consumer Electronics**: FDM is utilized in consumer electronics for designing and prototyping product enclosures, casings, and internal components. It enables rapid iteration and customization to meet evolving consumer demands.
7. **Robotics**: Robotics engineers leverage FDM to prototype robot parts, create lightweight and durable components, and customize robot designs for specific applications. It supports innovation and optimization in robotic systems.
8. **Aerospace**: In aerospace, FDM is used to manufacture lightweight parts, complex geometries, and prototypes of aircraft components. It contributes to cost reduction, faster production cycles, and weight savings in aerospace engineering.
9. **Architecture**: Architects utilize FDM for creating detailed architectural models, prototypes of building components, and intricate designs. It aids in visualizing concepts, testing structural integrity, and communicating design ideas effectively.
Each industry example demonstrates how FDM enhances innovation, accelerates product development, and addresses specific challenges through advanced manufacturing capabilities.
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...Toru Tamaki
Jindong Gu, Zhen Han, Shuo Chen, Ahmad Beirami, Bailan He, Gengyuan Zhang, Ruotong Liao, Yao Qin, Volker Tresp, Philip Torr "A Systematic Survey of Prompt Engineering on Vision-Language Foundation Models" arXiv2023
https://arxiv.org/abs/2307.12980
Advanced Techniques for Cyber Security Analysis and Anomaly DetectionBert Blevins
Cybersecurity is a major concern in today's connected digital world. Threats to organizations are constantly evolving and have the potential to compromise sensitive information, disrupt operations, and lead to significant financial losses. Traditional cybersecurity techniques often fall short against modern attackers. Therefore, advanced techniques for cyber security analysis and anomaly detection are essential for protecting digital assets. This blog explores these cutting-edge methods, providing a comprehensive overview of their application and importance.
Comparison Table of DiskWarrior Alternatives.pdfAndrey Yasko
To help you choose the best DiskWarrior alternative, we've compiled a comparison table summarizing the features, pros, cons, and pricing of six alternatives.
Mitigating the Impact of State Management in Cloud Stream Processing SystemsScyllaDB
Stream processing is a crucial component of modern data infrastructure, but constructing an efficient and scalable stream processing system can be challenging. Decoupling compute and storage architecture has emerged as an effective solution to these challenges, but it can introduce high latency issues, especially when dealing with complex continuous queries that necessitate managing extra-large internal states.
In this talk, we focus on addressing the high latency issues associated with S3 storage in stream processing systems that employ a decoupled compute and storage architecture. We delve into the root causes of latency in this context and explore various techniques to minimize the impact of S3 latency on stream processing performance. Our proposed approach is to implement a tiered storage mechanism that leverages a blend of high-performance and low-cost storage tiers to reduce data movement between the compute and storage layers while maintaining efficient processing.
Throughout the talk, we will present experimental results that demonstrate the effectiveness of our approach in mitigating the impact of S3 latency on stream processing. By the end of the talk, attendees will have gained insights into how to optimize their stream processing systems for reduced latency and improved cost-efficiency.
Mitigating the Impact of State Management in Cloud Stream Processing Systems
Using Windows Azure for Solving Identity Management Challenges (Visual Studio Live, Las Vegas 2013)
1. Using Windows Azure for
Solving Identity Management
Challenges
Michael S. Collier
National Architect, Cloud
Level: Intermediate
2. About Me
Michael S. Collier
National Architect, Cloud
michael.collier@neudesic.com
@MichaelCollier
www.MichaelSCollier.com
http://www.slideshare.net/buckeye01
3. Agenda
• Identity Management Challenges
• Access Control Services
– Claims
– Setup tips
– Gotcha’s
• Windows Azure Mobile Services
– Quickly leverage social identities
• Windows Azure Active Directory
– What it is
– Quick setup
– Exploring the directory graph
4. Who Are You?
• Personalization
• Business Rules
• Functionality / Features
5. Traditional Identity Management
• Windows Integrated Authentication
(Active Directory)
• Membership Provider
• Proven Approach
• Leverage WIF?
SQL
AD
My Enterprise
6. Cloud? We Have a Problem
• Multiple islands of identity
• Environment not under our physical control
• Disconnected from the enterprise (potentially)
7. Options
• Social Networks • Membership Provider
– They change . . . Often – SQL Database
– The right one? – Table Storage
– Another? – Pros
– More work! Mostly known entity
Migrate existing data
– Cons
Microsoft Account User management
Security leak
New
8. Windows Azure Access Control
Service
• No need to build your own identity management
solution.
• Authenticate (WIF – OAuth and WS-Federation)
• Claims-based authorization
• Multiple Identity Providers (ADFSv2, Google, Live
ID, etc.)
• Ability to bring your own via membership
• One to rule them all!
• Easy for your users
Windows Azure icons courtesy of David Pallmann.
9. Key ACS Concepts
• Relying Party (RP): Web application that outsources
authentication. The RP trusts that authority. The RP is
your app.
• Identity Provider (IP): Authenticates users and
issues tokens
• Token: Digitally signed security data issued after user
authenticated. Used to gain access to the RP (your
app).
• Claim: Attributes about the authenticated user (age,
birthdate, email address, name, etc.)
• Federation Provider: Intermediary between the RP
and IP. ACS is a Federation Provider.
• STS: Simple Token Service – issues tokens
containing claims. ACS is an STS
10. Authentication Workflow
Identity Access
Browser Application
Provider Control
1. Request Resource
2. Redirect to Identity Provider
4. Authenticate &
3. Login
Issue Token
5. Redirect to AC service
7. Validate Token,
Run Rules Engine,
6. Send Token to ACS Issue Token
8. Redirect to RP with ACS Token 10. Validate
Token
9. Send ACS Token to Relying Party
11. Return resource representation
Courtesy Windows Azure Boot Camp
11. Claims Enrichment
• Identity Providers only provide a few claims
– Microsoft Account / Live ID provides just one (Name
Identifier)
– Facebook, Google and Yahoo! Provide at least three (email,
name, named identifier)
– ADFSv2
– http://msdn.microsoft.com/en-
us/library/windowsazure/gg185971.aspx
• Add more claims that are known to your
application
– ClaimsAuthenticationManager
13. Recap
1. Create a new ASP.NET 4.5 Web Site
a) Capture User.Identity.Name
2. Create a ACS namespace
a) Portal
b) Visual Studio tooling
3. Configure site using ‘Identity and Access’
tool in Visual Studio
a) Provide ACS namespace and management password
b) Enable desired Identity Providers (i.e. Google)
c) Configure realm, reply to address, etc.
4. Optional: Add ClaimsAuthenticationManager
5. Run it
14. Tips & Tricks
• WIF relies on the web.config file
• Problematic for staging deployments – don’t know the
URL until deployed
• Add logic to WebRole’s OnStart() to update the WIF
settings in web.config
– Read in configuration settings from .cscfg
– Update and save the web.config
– Changing .cscfg settings can cause a role recycle . . . causing
web.confg to update
15. Tips & Tricks
• Staging vs. Production
– WIF configuration in web.config
– Staging URL unknown until deployment
– Change WIF configuration in web.config during role startup
See Vittorio Bertocci’s blog post at http://blogs.msdn.com/b/vbertocci/archive/2011/05/31/edit-
and-apply-new-wif-s-config-settings-in-your-windows-azure-webrole-without-redeploying.aspx
16. Tips & Tricks
• Cookie Encryption
– DPAPI used to protect cookies sent to the client.
– DPAPI not supported in Windows Azure
– Use RsaEncryptionCookieTransform to encrypt with
same cert used for SSL.
20. Gotchas
• Single sign-out not currently supported
– Provide a sign-out link for the specific Identity Provider
• Windows Azure co-admin cannot administer
an ACS namespace
– Add Live ID, WAAD, Google, etc.
• WIF not installed on Windows Azure roles
(.NET 3.5)
– Microsoft.IdentityModel CopyLocal = true
– Install WIF via a startup task (recommended)
21. The Impact for Mobile Apps
• Social Networks – Important
– Users likely already have at least one
– Quick and easy signup
– Potential for rapid user base expansion
• Multiple identity provider choices via Windows
Azure Mobile Services
23. Recap
• Windows Azure Mobile Services app
• Developer accounts for social networks
– Microsoft Account
– Facebook
– Twitter
– Google
• Add key/secret to WAMS app
• Prompt for user authentication
await App.MobileService.LoginAsync
(MobileServiceAuthenticationProvider.Twitter);
• Optional
– Live SDK to use SSO in Windows Store apps
24. Windows Azure Active Directory
• Extends AD into the cloud
• Started as directory for Office365
• Provides single sign-on for cloud applications
• Query-able social graph (native apps too)
• Connect from any device and platform
– RESTful access to the directory
– XML/JSON request/response
• Can sync or federate on-premises AD to cloud
WAAD is in a Developer Preview status. ☺
26. The Directory
Windows Azure Active Directory
Multi-tenant directory
27. The Directory
WAAD Tenant
DirSync
On-Premises Active Directory
28. Getting Started
• Organization ID
– Office365
– Dev/Test Tenant
http://aka.ms/WAADSignup
<tenant>.onmicrosoft.com
• Windows Azure Subscription
• Microsoft ASP.NET Tools for Windows Azure
Active Directory – Visual Studio 2012
– http://go.microsoft.com/fwlink/?LinkID=282306
• Office365 / Windows Azure Active Directory
Management Cmdlets
– http://aka.ms/aadposh
30. Recap
1. Pre-reqs
a) Windows Azure AD Powershell cmdlets
b) Windows Azure AD tenant
c) Visual Studio tools
2. Create new ASP.NET 4.5 web site
3. ‘Enable Windows Azure Authentication’
a) Under ‘Project’ menu in Visual Studio
b) Authenticate with WAAD administrative account
4. Run
31. Graph API
• RESTful interface for Windows Azure AD
– Compatible with OData V3
– Use latest WCF 5.3 update (API v0.9)
– OAuth 2.0 for authentication
• Programmatic access to the directory
– DirectoryObject – User, Group, Role, Licenses,
Tenant, etc.
– Links – memberOf, directReports
• Standard HTTP methods
– GET, POST, PATCH, DELETE for directory objects
– HTTP status codes
32. Directory Permissions
• The application has rights to the directory,
not the authenticated user
• Your application == service principal
• Application Roles
– Partner Tier1 Support
– Partner Tier2 Support
– Company Administrator
– Helpdesk Administrator
– Directory Readers
– Directory Writers
– Billing Administrator
– Service Support Administrator
– User Account Administrator
36. Windows Azure Authentication
Library (WAAL)
• Simplifies authentication
• Client-side only
– Used to obtain an authentication token only; no token
validation
– Web apps/services or rich clients
• Server-side token authentication
– JSON Web Token Handler (JWT Handler)
– Samples
http://code.msdn.com
Search “aal”
Filter – Technology = Windows Azure
Visual Studio Version = VS2012
(AAL > Windows Azure > Visual Studio 2012)
37. Registering You App with WAAD
• AppPrincipalId (ServicePrincipal)
– identityConfiguration/audienceUris
– system.identityModel.services/federationConfiguration
/wsFederation
• Read this blog post by Vittorio Bertocci
– http://www.cloudidentity.com/blog/2013/01/22/group-
amp-role-claims-use-the-graph-api-to-get-back-
isinrole-and-authorize-in-windows-azure-ad-apps/
38. Registering You App with WAAD
Import-Module MSOnlineExtended -force
# Connect to the WAAD tenant. Use tenant admin credentials (same used in the MVC VS2012 tools).
<user>@<tenant>.onmicrosoft.com
Connect-MsolService
# The AppPrincipalId from the web.config
$AppPrincipalId = '9a90ed83-acff-44d7-813f-d7e724fef1aa'
# Get the Service Principal object
$servicePrincipalId = (Get-MsolServicePrincipal -AppPrincipalId $AppPrincipalId)
# Add the service principal to the appropriate role in WAAD.
Add-MsolRoleMember -RoleMemberType "ServicePrincipal" -RoleName "User Account Administrator" -
RoleMemberObjectId $servicePrincipalId.ObjectId
# Dates for which the credential is valid (1 year)
$timeNow = Get-Date
$expiryTime = $timeNow.AddYears(1)
#Generating the symmetric key
$cryptoProvider = new-object System.Security.Cryptography.RNGCryptoServiceProvider
$byteArr = new-object byte[] 32
$cryptoProvider.GetBytes($byteArr)
$signingKey = [Convert]::ToBase64String($byteArr)
Write-Output $signingKey | Out-File signingKey.txt
# Create a new service principal credential, with the created key, and assign to the service principal.
New-MsolServicePrincipalCredential -AppPrincipalId $AppPrincipalId -Type symmetric -StartDate $timeNow
-EndDate $expiryTime -Usage Verify -Value $signingKey
40. Going Further
• Multitenant applications
– Leverage identity from other WAAD tenants
– http://www.windowsazure.com/en-
us/develop/net/tutorials/multitenant-apps-for-active-
directory/
• Phone 2FA
– Additional administrative users
– Username/pwd + text message code
– ONLY for WAAD users and applications now
• Configure as an Identity Provider in ACS
41. Windows Azure Virtual Network
Windows Azure
Site-to-Site
VPN Tunnel
Currently in Preview Image courtesy of the Windows Azure Training Kit
42. Summary
• Traditional identity management in the cloud is hard
– Many external islands of identity
– Current technology hard or not interoperable
• ACS provides standards-based approach
– Integrates with Windows Identity Foundation
– Claims-based authorization
– Built-in support for ADFSv2, Google, Live ID, Yahoo!, & Facebook
• Enrich functionality using WIF
• Leverage Windows Azure Mobile Services for mobile apps
• Windows Azure Active Directory shows the future direction
43. Resources
• Windows Azure ACS Guide
– http://www.windowsazure.com/en-us/develop/net/how-to-guides/access-
control/#config-trust
• Programming Windows Identity Foundation, Vittorio Bertocci
• CloudIdentity.com, Vittorio Bertocci’s blog
• “Claims-Based Authorization with WIF”, Michele Bustamante
– http://msdn.microsoft.com/en-us/magazine/ee335707.aspx
• ACS Cheat Sheet - http://bit.ly/ACSCheatSheet
• ACS How To’s - http://bit.ly/ACSHowTo
• ACS Tips - http://bit.ly/HYhxjY
• Publishing a ACS v2 Federated Identity Web Role -
http://bit.ly/HPT6rk
• MVC Sample App for Windows Azure Active Directory Graph
– http://code.msdn.microsoft.com/Write-Sample-App-for-79e55502
• Windows Azure Active Directory Graph Team
– http://blogs.msdn.com/b/aadgraphteam/
45. Thank You!!
Michael S. Collier
National Architect, Cloud
michael.collier@neudesic.com
@MichaelCollier
www.MichaelSCollier.com
http://www.slideshare.net/buckeye01
Please fill out your session evals!