You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/security/fundamentals/infrastructure-integrity.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -20,15 +20,15 @@ ms.author: terrylan
20
20
# Azure infrastructure integrity
21
21
22
22
## Software installation
23
-
All components in the software stack that are installed in the Azure environment are custom built following the Microsoft Security Development Lifecycle (SDL) process. All software components, including operating system (OS) images and SQL Database, are deployed as part of the change management and release management process. The OS that runs on all nodes is a customized version. The exact version is chosen by the fabric controller (FC) according to the role it intends for the OS to play. In addition, the host OS does not allow installation of any unauthorized software components.
23
+
All components in the software stack that are installed in the Azure environment are custom built following the Microsoft Security Development Lifecycle (SDL) process. All software components, including operating system (OS) images and SQL Database, are deployed as part of the change management and release management process. The OS that runs on all nodes is a customized version. The exact version is chosen by the fabric controller (FC) according to the role it intends for the OS to play. In addition, the host OS doesn't allow installation of any unauthorized software components.
24
24
25
25
Some Azure components are deployed as Azure customers on a guest VM running on a guest OS.
26
26
27
27
## Virus scans on builds
28
-
Azure software component (including OS) builds have to undergo a virus scan that uses the Endpoint Protection anti-virus tool. Each virus scan creates a log within the associated build directory, detailing what was scanned and the results of the scan. The virus scan is part of the build source code for every component within Azure. Code is not moved to production without having a clean and successful virus scan. If any issues are noted, the build is frozen and then goes to the security teams within Microsoft Security to identify where the "rogue" code entered the build.
28
+
Azure software component (including OS) builds have to undergo a virus scan that uses the Endpoint Protection anti-virus tool. Each virus scan creates a log within the associated build directory, detailing what was scanned and the results of the scan. The virus scan is part of the build source code for every component within Azure. Code isn't moved to production without having a clean and successful virus scan. If issues are noted, the build is frozen. The build goes to the security teams within Microsoft Security to identify where the "rogue" code entered the build.
29
29
30
30
## Closed and locked environment
31
-
By default, Azure infrastructure nodes and guest VMs do not have user accounts created on them. In addition, default Windows administrator accounts are also disabled. Administrators from Azure live support can, with proper authentication, log into these machines and administer the Azure production network for emergency repairs.
31
+
By default, Azure infrastructure nodes and guest VMs don't have user accounts created on them. In addition, default Windows administrator accounts are also disabled. Administrators from Azure live support can, with proper authentication, log in to these machines and administer the Azure production network for emergency repairs.
32
32
33
33
## Azure SQL Database authentication
34
34
As with any implementation of SQL Server, user account management must be tightly controlled. Azure SQL Database supports only SQL Server authentication. To complement a customer's data security model, user accounts with strong passwords and configured with specific rights should be used as well.
@@ -37,18 +37,18 @@ As with any implementation of SQL Server, user account management must be tightl
37
37
Access-control lists (ACLs) and firewalls between the service platform and the Microsoft corporate network protect SQL Database instances from unauthorized insider access. Further, only users from IP address ranges from the Microsoft corporate network can access the Windows Fabric platform-management endpoint.
38
38
39
39
## ACLs and firewalls between nodes in a SQL Database cluster
40
-
As an additional protection, as part of the defense-in depth-strategy, ACLs and a firewall have been implemented between nodes in a SQL Database cluster. All communication inside the Windows Fabric platform cluster as well as all running code is trusted.
40
+
As part of the defense-in depth-strategy, ACLs and a firewall have been implemented between nodes in a SQL Database cluster. All communication inside the Windows Fabric platform cluster and all running code is trusted.
41
41
42
42
## Custom monitoring agents
43
43
SQL Database employs custom monitoring agents (MAs), also called watchdogs, to monitor the health of the SQL Database cluster.
44
44
45
45
## Web protocols
46
46
47
47
### Role instance monitoring and restart
48
-
Azure ensures that all deployed, running roles (internet-facing web, or back-end processing worker roles) are subject to sustained health monitoring to ensure that they effectively and efficiently deliver the services for which they’ve been provisioned. If a role becomes unhealthy, by either a critical fault in the application that's being hosted or an underlying configuration problem within the role instance itself, the FC detects the problem within the role instance and initiates a corrective state.
48
+
Azure ensures that all deployed, running roles (internet-facing web, or back-end processing worker roles) are subject to sustained health monitoring. Health monitoring ensures that they effectively and efficiently deliver the services for which they've been provisioned. If a role becomes unhealthy, by either a critical fault in the application that's being hosted or an underlying configuration problem within the role instance itself, the FC detects the problem within the role instance and initiates a corrective state.
49
49
50
50
### Compute connectivity
51
-
Azure ensures that the deployed application or service is reachable via standard web-based protocols. Virtual instances of internet-facing web roles have external internet connectivity and are reachable directly by web users. To protect the sensitivity and integrity of the operations that worker roles perform on behalf of the publicly-accessible web role virtual instances, virtual instances of back-end processing worker roles have external internet connectivity but cannot be accessed directly by external web users.
51
+
Azure ensures that the deployed application or service is reachable via standard web-based protocols. Virtual instances of internet-facing web roles have external internet connectivity and are reachable directly by web users. To protect the sensitivity and integrity of the operations that worker roles perform on behalf of the publiclyaccessible web role virtual instances, virtual instances of back-end processing worker roles have external internet connectivity but can't be accessed directly by external web users.
52
52
53
53
## Next steps
54
54
To learn more about what Microsoft does to secure the Azure infrastructure, see:
0 commit comments