10. Authorization – “Geneva” server created a custom claim that only contained the data elements required for the application to make the authorization decision
11. Data Sync – An SSIS package was used to pull data rows and columns using a view from the internal data table and load to the SQL Azure instance
12.
13. Operations/Management – today we cannot use our standard model for creating events in the Windows Event Log and then capturing those with SCOM. We are looking at whether we could build a .NET Services layer to handle it.
14.
15. Blog post on how to add geneva claims handling to an app
16. Geneva server already existed for other apps – defined new relying party and claims to be transmitted
17. Used SQL Azure Migration Wizardto create SQL Database objects on SQL Azure
18. Created view on internal SQL data and used SSIS to move it to SQL AzureOverall, the initial version of this took about 40 hours of effort from both of us and it has been modified only slightly since then (another 10 hours of effort).
19.
20. You can get running very quickly without new infrastructure (assuming you already have “Geneva”)
21. You do not have to worry about the plumbing, you just have to build the application
22.
Notas do Editor
Authentication – How to use AD credentials in a cloud app easily?Authorization – How to give enough data to the app to make the right access decisions?Data Synchronization – If you need to store data in the cloud, how to do that wellSecurity of Data – How does your corporate data privacy or legal restrictions influence this?Application Integration – how to model things like Kerberos constrained delegation or calling internal web services?Ops/Mgmt – how to integrate into your operations tools like SCOM; how to do forensics for your security team; audits, etc.
User can be on corpnet or on the internetNo need to sync AD to the cloud (big win)All authentication is done within the Accenture networkGoal is for the user not to notice that the cloud app is in the cloud
The OrgChart app is configured to only accept claims signed by the Accenture Geneva server – this is a key security considerationThe OrgChart app uses claims based auth and the internal Lookup app uses ADFS Web Agent with NT Token