This article tells you how Azure steps in by giving us the ability to gain visibility and centralized control over all the identity management needs of an organisation.
Cloud computing, in addition to bringing in new exciting opportunities, has also brought in new challenges. On traditional local servers, domains are usually isolated from the outside world, and thus active directory management “within” the firewall was a far easier job to do. However, managing user credentials and application access is becoming increasingly difficult when it comes to cloud computing. Apart from managing access to on-premises applications, administrators also need to manage access to various 3rd party cloud applications. And securing all these with passwords alone is getting outdated, as the number of sophisticated password attacks are increasing by the day.
That’s where Azure steps in by giving us the ability to gain visibility and centralized control over all the identity management needs of an organization. Azure has several services that help extend the application security into the cloud. These services provide identity mapping between various service providers, allow for sending messages to each other, protect sensitive information from unauthorized access, and allow for connections between on premises data centers and the cloud.
The following services ensure that Windows Azure extends your app security on the cloud:
1) Windows Azure Active Directory (AD)
2) Azure Right Management System (RMS)
3) Access Control Services (ACS)
4) Azure Service Bus
5) Azure Connect
Now we’ll take a brief look at what each of these services have to offer, and how in combination, some of these, or all of these, ensure that app management and security on the cloud is a breeze.
Now we’ll take a brief look at what each of these services have to offer, and how in combination, some of these, or all of these, ensure that app management and security on the cloud is a breeze.
Windows Azure Active Directory (AD)
Azure AD is a service that provides identity and access management capabilities in the cloud. Similar to how the Active Directory services are made available for on-premises identity management through the Windows Server OS, Azure AD is made available for cloud-based identity management through Azure. It combines directory and identity services and governance, auditing and reporting, multi factor authentication etc. It builds on the proven capabilities of Active Directory, and has a lot of additional features that enable bringing your applications to the cloud easily. Azure AD can be used as a standalone cloud directory, but also lets you integrate with your on-premises Active Directory to further extend the reach of your on-premises identities into the cloud. It also can be integrated with the applications to provide single sign-on functionalities to easily authenticate users with their credentials. And the organization doesn’t need to both about scale, availability, and disaster recovery, all of that is taken care of by Microsoft.
Access Control Service (ACS)
ACS is a feature of AD that provides an easy way of authenticating and authorizing users to gain access to web application and services, while allowing for the features of authentication and authorization to be factored out of the code. This essentially means that ACS takes care of the authentication and authorization of users without the user needing to implement a system specific to the application. ACS integrates with identity providers such as Windows Live ID, Google, Yahoo, Facebook, Active Directory etc. Therefore, when a browser is trying to access the application, the user will be able to log into the application via these various identity providers. Once ACS gets the token from the identity provider, it transforms the token using admin-defined rules. These rules are defined by simple programming models, and can be declarative in the sense that they can transform incoming security claims into claims that the application can understand. ACS also lets the user manage client permissions.
Azure Right Management Service (RMS)
Traditional security measures such as firewalls or NTFS permissions aren’t very effective when it comes to protecting company data on the cloud while still allowing for work flexibility. RMS allows for just that by using encryption, identity, and authorization policies to help secure files and emails across multiple devices – both within and outside organizational boundaries. RMS not only helps secure company data, but the protection that it offers can be legally mandated for compliance, legal discovery requirements, or good information management practices. Most importantly however, authorized people can continue to read and inspect the data that RMS protects – a feat not easily accomplished through other peer-to-peer encryption. Another remarkable feature is that RMS allows unprecedented ease in collaboration. By using AD, RMS lets an organization share their documents and files securely with any other organization thus allowing for easy collaboration between businesses, and between individuals of course.
Azure Connect
Another issue that pops up with cloud computing is being able to manage both the on-premises and the cloud servers simultaneously while allowing for interaction between them. Azure Connect provides an easy way to setup this connectivity allowing each access to the other as if they were on the same network. Unlike traditional VPNs which establish secure connectivity only at a gateway level, Azure connect offers more granular control by providing secure connectivity at a machine and role level. Azure connect is perfect for cloud applications hosted in a hybrid environment, where it can maintain secure connections with the on-premises infrastructure without the creation of custom codes. The direct connection between your on-premises and the cloud also means that remote debugging is that much easier.
Service Bus Queues
One of the major benefits of cloud computing is the ability to scale an application depending on the workload. To take advantage of this feature however, software solutions need to provide in a way that different components are independent and solely responsible for the tasks assigned to them – thus slowing down unnecessary bottlenecks. A common way of doing this is using messaging queues – a message queue provides a decoupled, asynchronous, independent form of message communication between two or more bits of code. The advantage of this is that the sender and receiver of the message do not need to interact with the queue at the same time – asynchronous, as we mentioned. Messages are stored until the recipient is able to retrieve and act upon them. This means that if the processing system of an organization is ever down, the queue ensures that requests coming in are still in order when the system is back up. Also, sudden spikes in the number of requests are easily handled as the time it takes to process the order is decoupled from the user, meaning the backend has more time. These are just a couple of advantages of having message queues.
Thus, Azure takes care of all your identity, access management, and messaging needs, while shifting from on-premises to the cloud, and makes it extremely easy while doing so.
Follow Us
