41
Security, Administration, and Architecture from the Ground to the Cloud

Cloud for share point

Embed Size (px)

DESCRIPTION

Cloud

Citation preview

Page 1: Cloud for share point

Security, Administration, and Architecture

from the Ground to the Cloud

Page 2: Cloud for share point

About Me…

• Rick Taylor, MCSE, MCT

– Senior Technical Architect for Perficient based in Arizona

[email protected]

– Former SharePoint Engineer with Microsoft Business Productivity Online Services – (SharePoint Online)

– Contributing author on MS Press MOSS 2007 Administrator’s Companion

Page 3: Cloud for share point

Agenda • Cloud Computing

• What is the Cloud?

• Platform As A Service (PAAS)

–Overview of Windows ―Azure‖

• Software As A Service (SAAS)

–Overview of ―BPOS‖

• Infrastructure As A Service (IAAS)

–Overview of ―Amazon Web Services‖

• Security and Architecture Best Practices

• Administration And Live Demo

Page 5: Cloud for share point

It’s Big. ―The Next Big Thing‖

Page 6: Cloud for share point

It’s Serious. Big Players, Major Investments.

Page 7: Cloud for share point

According to IDC, the Cloud computing market is exploding

with much of the growth coming at the infrastructure level…

Page 8: Cloud for share point

What is the Cloud? Cloud Computing refers to both the applications delivered as

services over the Internet and the hardware and systems

software in the datacenters that provide those services.

When a Cloud is made available in a pay-as-you-go manner to

the public, we call it a Public Cloud; the service being sold is

Utility Computing. Current examples of public Utility Computing

include Amazon Web Services, Google, App Engine, and

Microsoft Azure.

The term Private Cloud refers to internal datacenters of a

business or other organization that are not made available to the

public. Thus, Cloud Computing is the sum of SaaS and Utility

Computing, but does not normally include Private Clouds.

Page 9: Cloud for share point

Cloud models There are three major cloud models

– SAAS - Software As A Service – SalesForce, Microsoft BPOS

– PAAS - Platform As A Service – MS Windows Azure

– IAAS - Infrastructure As A Service - AWS, Rackspace

The service being sold is Utility Computing

Utility Computing: pay-as-you-go computing – Infinite resources

– No up-front cost

– Fine-grained billing (For PAAS and IAAS e.g. hourly)

Page 10: Cloud for share point

Benefits of the Cloud? • Pay by use instead of provisioning for peak

• No Risk of over-provisioning and underutilization

• Experiencing Heavy penalty for under-provisioning

Page 11: Cloud for share point

Pay by use instead of provisioning for peak Economics of Cloud

1

Static data center Data center in the cloud

Unused resources

Demand

Capacity

Time

Re

so

urc

es

Demand

Capacity

Time R

esou

rces

Page 12: Cloud for share point

Economics of Cloud

2 Risk of over-provisioning: underutilization

Demand

Capacity

Time

Resourc

es

Static data center

Unused resources

Page 13: Cloud for share point

Economics of Cloud

3

Heavy penalty for under-provisioning

Re

so

urc

es

Demand

Capacity

Time (days) 1 2 3

Resourc

es

Demand

Capacity

Time (days) 1 2 3

Resourc

es

Demand

Capacity

Time (days) 1 2 3

Lost users

Page 14: Cloud for share point

Economics of Cloud - continued • Leverages LOtSS

• Is not for all businesses

–Not a ―Silver Bullet‖

• Is more than ―Off premises‖

Page 15: Cloud for share point

BENEFITS

CONTROL

DISADVANTAGES

EXPENSIVE

MAINTENANCE

BENEFITS

CHEAP

DISADVANTAGES

LOSS OF

CONTROL

SLOW

Economies of Scale

Page 16: Cloud for share point

Cloud Point 1:

• The Cloud is a specialized system with fewer

degrees of freedom than On Premise, but offers

very high economy of scale

Page 17: Cloud for share point

Economies of Scale –

part 2

Page 18: Cloud for share point

Cloud Point 2: • By adopting a hybrid strategy, it is possible to tap

into economy of scale where possible while

maintaining flexibility and agility where necessary

Page 19: Cloud for share point

Transloading Costs

Page 20: Cloud for share point

Cloud Point 3: • Lowering transloading cost in the context of

software architecture: localized optimization

through selective specialization (LOtSS)

Page 21: Cloud for share point

Introduction to LOtSS

• Optimization through specialization

• Hybrid strategy maximizing economy of scale

whee possible while maintaining flexibility and

agility where necessary

• Lowering transloading cost in the context of

software architecture: localized optimization

through selective specialization (LOtSS)

Page 22: Cloud for share point

Scenario:

BIG PHARMA

• Clinical Trials and Molecular Research = Bread-

n-Butter

• Biggest Problems

–80% of IT budget belongs to CRM and email

–ERP system is highly customized cannot utilize

―Cloud‖ infrastructure efficiently

Page 23: Cloud for share point
Page 24: Cloud for share point

Cloud Point 4:

• Optimization can happen at different levels.

Selectively outsourcing capabilities to highly

specialized vendors or pieces of an application

can assist in lowering TCO

Page 25: Cloud for share point

Platform As A

Service (PAAS)

Page 26: Cloud for share point

Windows Azure • Hosted Platform that provides:

– Operating System

– Developer Services • Compute Power (procs)

• Storage

• Cloud Applications – Windows Live

– CRM

– Online Services • SharePoint

• Exchange

Page 27: Cloud for share point

Software As A

Service (SAAS)

Page 28: Cloud for share point

SharePoint Online Standard

• Self-service SharePoint site creation with online

discussion areas, shared document and meeting

workspaces, document libraries with version control,

and surveys.

• Out-of-the-box content management features for

documents, records, and Web contents.

• Ability to search SharePoint site content across the

entire organization.

• E-mail alerts when documents and information have

been changed or added to a site.

• Secure Internet access using 128 bit SSL encryption

and antivirus scanning.

• Directory trust with your Microsoft Active Directory®,

providing pass-through authentication.

• Scalable to thousands of sites within an organization,

allowing managers to delegate site creation to others.

• Self-service document restore and data recovery.

• Dedicated servers, networks, and physical space in

Microsoft data centers, providing you with logical and

physical security at 99.9% uptime.

• Upgrades to the most current version of SharePoint,

included at no extra charge.

Dedicated

Use of https helps keep internet access secure.

Forefront anti-virus scanning.

Shared document and meeting workspaces,

document libraries with version control, seamless

integration with Microsoft Office.

Standard Templates including Wikis, Blogs, and

Surveys.

Content management features for documents and

Web content.

Site search.

E-mail alerts when documents or other items have

been changed or added to a site.

Offline access to documents on the service from

Outlook.

Native RSS feeds for SharePoint libraries and

lists.

Sign-In tool providing single sign-on capability.

99.9% scheduled uptime with financially backed

Service Level Agreements.

Web form and phone based Tier-2 support for IT

Administrators—24/7 for general availability.

Page 29: Cloud for share point

Standard – In a nutshell Portal

RSS Content Syndication; Audience Targeting (by group only)

Site Manager; Site and Document Aggregation

Office 2007 Integration; SharePoint Designer

Collaboration & Social Computing

Standard Templates; Wikis; Blogs; Surveys; People and Groups

Calendars; Tasks; Issue Tracking

E-mail alerts/notifications; Document Collaboration

Content Management

Three-state Workflow; Document Info Panel & Action Bar

WYSIWYG Web Content Authoring; Content Publishing and Deployment

Master Pages, Page Layouts, Navigation Controls

Site Variations; Retention and Auditing Policies

Search Search for documents and other SharePoint content

Business Process Forms Forms libraries; Custom non-code workflows

Standard Parameters

20 Site collections

250 MB per user, aggregated across the organization

Use of https helps keep internet access secure

Virus filtering via Forefront

Business continuity and disaster recovery

Single Sign-on capability via Sign-In Tool

Web form and phone based Tier 2 Support for IT Admin; 24/7 for general availability

User subscription fee

Page 30: Cloud for share point

Standard – In a nutshell cont.

Client Support

IE6+ and Firefox2.0+

Data Protection Service

Self service document restore with a 30 day recycle bin recovery period

Business continuity and disaster recovery

Security

Periodic Security Assessments

Continuous Intrusion Monitoring and Detection

Service Level Agreements

99.9% scheduled uptime with financially backed SLA

Directory Synchronization Tool

This tool allows you to keep the on-premise and the online Active Directories in sync

Admin Center

Centralized, Web-based access for configuration and administration of SharePoint Online. Centralized location for tools download including: Directory Synchronization Tool, Migration Tools, and Sign-In Tools

Page 31: Cloud for share point

Dedicated – In a

nutshell

Core Features

Share documents, contacts, calendars, and tasks

Brainstorm easily with Wiki sites

Share ideas through blogs

Create personal sites

Utilize presence awareness with Microsoft Office Communication Server

Manage item level (folder, document, list, etc.) security

Get mobile access over 128-bit SSL encryption session

Enable pass-through authentication

Be confident that your information is more secure with Microsoft Forefront™ antivirus scanning

Get premium service continuity management

Standard Parameters Unlimited number of sites with 5 GB per-site quota

250 MB per user, aggregated across the organization

Additional storage available as an option

Client Support Best integration with Microsoft Office 2007

Limited feature support available with Microsoft Office XP, 2000, and 2003

Data Protection Service Self-service document restore with a 30-day recycle bin recovery period

7 days recovery of items not in the recycle bin

Audits and Security

Sarbanes-Oxley self assessment and external audit support

SAS 70 Type II self assessment and external audit support

Security assessments

Intrusion monitoring and detection

Service Level Agreements 99.9% availability of the service measured at the data center

Reported monthly, evaluated quarterly

Page 32: Cloud for share point

Optional Features for Dedicated

• WAN Acceleration:

– Certeon WAN acceleration devices (Perhaps Davis (Cisco) in the

future) • Migration:

– From SharePoint Portal Server 2003 to MOSS 2007

– Partner Opportunity • Additional Storage:

– Priced per each terabyte used • Customization and Applications:

– The development work can be done by customer or by a third party

(contracted by MS) and will be handled as a separate consulting

project.

Page 33: Cloud for share point

Overview of ―Amazon Web

Services‖ • IAAS - Infrastructure As A Service

– Elastic Compute Cloud (EC2) EC2 introduces a new paradigm for web hosting. By allowing clients to scale their number of

machines up or down within minutes, it offers the capability to create distributed and scalable

applications that run in the cloud.

EC2 is flexible, reliable, secure, and most importantly cheap! By only paying for the resources

that you actually use, you can bring your multi-server application to market much cheaper than

ever before, and maintain an extremely high level of quality and availability.

Page 34: Cloud for share point

Amazon Web Services Cloud Infrastructure

• Amazon Machine Image An Amazon Machine Image (AMI) is a packaged environment that contains a

configured Linux\Windows operating system

• Instance Types Amazon provides several different instance types of varying compute power.

The small instance runs on a 32-bit system, and both the large and extra-

large instances run on a 64-bit system. They each have different levels of

computing power and hardware resources

Page 35: Cloud for share point

Amazon Web Services Security

• Access Key ID Amazon issues two kinds of Access Key IDs to authenticate requests between instances. Your

public Access Key identifies you as the originator of a request, but is not encrypted. Your Secret

Access Key is used to calculate a specific request signature that authenticates you as the true

user for services that require authentication on your instances. As the name suggests, this key

should be kept private

• X.509 Certificates Amazon also issues two kinds of X.509 Certificates to digitally sign bundled images in

AWS. The private certificate is used to verify that the signature could only have come from

you. You can request X.509 certificates from the AWS site

Page 36: Cloud for share point

Amazon Web Services Security-continued

• Security Groups Security groups provide functionality similar to a traditional firewall, but

has some additional features. You have the ability to filter traffic based on

IP (a specific address or a subnet), packet types (TCP, UDP or ICMP),

and ports (or a range of ports). You can also grant access to an entire

security group.

Public Access Amazon also provides the option of completely removing public access to

an instance. This will ensure that you are safe from any outsiders gaining

access to your machine and even prevents DoS attacks

Page 37: Cloud for share point

Amazon Web Services Storage

• Simple Storage Service (S3) Amazon S3 provides a simple web services interface that can be used to

store and retrieve any amount of data, at any time, from anywhere on the

web. It gives any company access to the same highly scalable, reliable, fast,

inexpensive data storage infrastructure that Amazon uses to run its own

global network of web sites. The service aims to maximize benefits of scale

and to pass those benefits on to customer

Page 38: Cloud for share point

Security Best Practices

Page 39: Cloud for share point

Configuring firewalls for

interdomain farms

• Windows Server 2008 and Windows Server

2008 R2,

• The new default start port is 49152, and the

default end port is 65535.

• Therefore, you must increase the RPC port

range in your firewalls.

Page 40: Cloud for share point

Ports that must be opened…

Page 41: Cloud for share point

Thank you for

attending!

Please be sure to fill out your session

evaluation!