- Azure data centers are secured by using different technical isoalations.
- Based on following components:
- Kernel of the Azure platform, managing resources as needed.
- Provisions, stores, delivers, monitors and commands the VMs and physical servers that make up the Azure customer environment and infrastructure.
- Deploys & manages health of compute services.
- Manages data center infrastructure (hardware & software), recovers from failures
- Drives infrastructure updates.
- The Host OS is a configuration-hardened version of Windows Server.
- The Hypervisor is Hyper-V from Windows Server 2012 R2, which has been battle-tested and proven in enterprise environments worldwide.
- Two types of a hypervisor:
- Type 1 Hypervisor (e.g. VMware, HyperV) runs the OS.
- Type 2 Hypervisor (e.g. VMware Workstation, VirtualBox) runs on OS.
- Two types of a hypervisor:
- The Guest VM OS can be either Windows Server, several distributions of Linux, or an OS image supplied by the customer (much be supported Operating Systems, or starting from the Azure Marketplace images.
- Segregates each customer's data & application from that of others.
- Storage isolation
- Storage Access Key (SAK): Data is accessible only through claims-based Identity Management & access control with a Storage Access Key.
- Shared Access Signature (SAS)
- Recommended as it does not reveal account key and is more granular & restricted access.
- Can be reset via the Microsoft Azure Portal or the Storage Management API.
- Storage blocks are hashed by the hypervisor to separate accounts.
- SQL isolation: SQL Azure isolates separate account databases.
- Network isolation: VM switch at the host level blocks inter-tenant communication.