SALMON SOFTWARE CLOUD INFRASTRUCTURE Detailed Description Abstract Salmon software deploys their cloud solutions using Windows Azure. This document outlines the infrastructure configuration deployed for the delivery their cloud service. ispn Table of Contents 1. Introduction .................................................................................................................................... 2 2. Background Information Reference ................................................................................................ 3 2.1. Microsoft Azure........................................................................................................................... 3 2.1.1. Virtual Machines ..................................................................................................................... 3 2.1.2. Virtual Networks ..................................................................................................................... 3 2.1.3. Network Endpoints and Access Control Lists .......................................................................... 4 2.1.4. Blob Storage ............................................................................................................................ 4 2.2. Microsoft Windows Server 2012 Service Roles .......................................................................... 4 2.2.1. Remote Desktop Services ....................................................................................................... 4 2.2.2. Remote App ............................................................................................................................ 4 3. Salmon Software | Azure Architecture ........................................................................................... 5 3.1. Diagram ....................................................................................................................................... 5 3.2. Architecture Overview ................................................................................................................ 5 3.3. Servers......................................................................................................................................... 6 3.4. Communications ......................................................................................................................... 6 3.5. Backup ......................................................................................................................................... 6 3.6. Integration with External Systems .............................................................................................. 6 4. Additional Information/Frequently Asked Questions..................................................................... 9 4.1. Privacy ......................................................................................................................................... 9 4.1.1. Location of Customer Data ..................................................................................................... 9 4.1.2. E.U. Data Protection Directive .............................................................................................. 10 4.1.3. Customer Data and Other Data Types .................................................................................. 11 4.2. Compliance ............................................................................................................................... 11 4.3. Frequently Asked Questions (FAQ) ........................................................................................... 15 1. Introduction This document describes Salmon software’s infrastructure architecture in Windows Azure. It outlines the specific services used both in Windows Azure and the Windows Service roles required to deliver the overall solution. It also contains additional, relevant security information and frequently asked questions (FAQs). 2. Background Information Reference 2.1. Microsoft Azure Microsoft Azure is a cloud computing platform and infrastructure, created by Microsoft, for building, deploying and managing applications and services through a global network of Microsoft-managed datacentres. It provides both PaaS and IaaS services and supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party software and systems. Salmon Software utilise Virtual Machines, Virtual Networks and Blob Storage in the delivery of their service. 2.1.1. Virtual Machines A virtual machine (VM) is a software implementation of a computing environment in which an operating system (OS) or program can be installed and run. The virtual machine typically emulates a physical computing environment, but requests for CPU, memory, hard disk, network and other hardware resources are managed by a virtualization layer which translates these requests to the underlying physical hardware. Azure Virtual Machines deliver on-demand, scalable compute infrastructure. These Windows Server Virtual Machines run on top of the trustworthy Azure foundation. 2.1.2. Virtual Networks Windows Azure Virtual Network provides you with the capability to extend your network into Windows Azure and treat deployments in Windows as a natural extension to your on-premises network. Virtual Network enables you to accomplish the following: Create a virtual private network in Windows Azure: You can bring your preferred private IPv4 space (10.x, 172.x, 192.x) to Windows Azure. Configure cross-premises connectivity over site-to-site IPsec VPNs: You can extend your onpremises network to Windows Azure and treat virtual machines and services deployed in your virtual networks as though they were on your local premises. Configure custom DNS servers for all services within a virtual network: You can point all virtual machines and services to a DNS server on-premises or a DNS server running in a virtual network. This capability enables you to use your domain controllers in Windows Azure. Please see the following link for a list of supported hardware for VPN devices and virtual networks. Site-to-site connections require a public-facing IPv4 IP address, and a compatible VPN device or RRAS running on Windows Server 2012. http://msdn.microsoft.com/en-us/library/azure/jj156075.aspx 2.1.3. Network Endpoints and Access Control Lists All virtual machines that you create in Azure can automatically communicate using a private network channel with other virtual machines in the same cloud service or virtual network. However, other resources on the Internet or other virtual networks require endpoints to handle the inbound network traffic to the virtual machine. Each endpoint has a public port and a private port: The private port is used internally by the virtual machine to listen for traffic on that endpoint. The public port is used by the Azure load balancer to communicate with the virtual machine from external resources. After an endpoint is created, it is possible to use the network access control list (ACL) to define rules that help isolate and control the incoming traffic on the public port. A Network Access Control List (ACL) is a security enhancement available for a Windows Azure deployment. An ACL provides the ability to selectively permit or deny traffic for a virtual machine endpoint. This packet filtering capability provides an additional layer of security. Using Network ACLs, you can do the following: Selectively permit or deny incoming traffic based on remote subnet IPv4 address range to a virtual machine input endpoint. Blacklist IP addresses Create multiple rules per virtual machine endpoint Specify up to 50 ACL rules per virtual machine endpoint Use rule ordering to ensure the correct set of rules are applied on a given virtual machine endpoint (lowest to highest) Specify an ACL for a specific remote subnet IPv4 address. 2.1.4. Blob Storage Blob storage stores file data. A blob can be any type of text or binary data, such as a document, media file, or application installer. 2.2. 2.2.1. Microsoft Windows Server 2012 Service Roles Remote Desktop Services Remote Desktop Services accelerates and extends desktop and application deployments to any device, improving remote worker efficiency, while helping to keep critical intellectual property secure and simplify regulatory compliance. Remote Desktop Services enables virtual desktop infrastructure (VDI), session-based desktops, and applications, allowing users to work anywhere. 2.2.2. Remote App RemoteApp enables you to make programs that are accessed remotely through Remote Desktop Services appear as if they are running on the end user's local computer. These programs are referred to as RemoteApp programs. Instead of being presented to the user in the desktop of the Remote Desktop Session Host (RD Session Host) server, the RemoteApp program is integrated with the client's desktop. The RemoteApp program runs in its own resizable window, can be dragged between multiple monitors, and has its own entry in the taskbar. If a user is running more than one RemoteApp program on the same RD Session Host server, the RemoteApp program will share the same Remote Desktop Services session 3. Salmon Software | Azure Architecture 3.1. Diagram Windows Azure RDS Server IIS Server Software SQL Server Data Storage External Network Virtual Network Web Browser HTTPS Tunnel End Point & ACL Control 3.2. Architecture Overview Each customer using Salmon Software hosted in Azure use an individual subscription that ring fences their resources Salmon software deploy their software using two Microsoft Windows Server 2012 virtual servers. One of the Servers runs Remote Desktop Services and manages the connections to the desktop sessions in order to allow remote users to connect. The connection uses RempteApp, a component of Remote Desktop Services to present the application to end users’ desktops via their start menu. This presentation virtualisation allows users to run the application as if it’s running on their local machine. This is known as the RDS Server. The second server houses the application software, associated SQL databases and utilities required for the application run on the second server. This is known as the Application Server. Connections to the servers are controlled using endpoints and Access control lists ACLs. Backups and any additional files required for the operation of the service are held in Blob storage. 3.3. Servers Both Servers are running Windows Server 2012 and are up to date with the latest service packs and windows updates. The hardware specification will depend on the customers’ requirements and can be changed as needed. 3.4. Communications The RDS Server allows external communication on port 443 endpoint for SSL communications to the RemoteApp service that is running in IIS. The Application Server has no endpoint connections open externally. Internally communications between the servers is controlled using the Server Firewall. Optionally, using the ACL, the external endpoint communications can be locked down to specific IP addresses or addresses ranges. All external communication is encrypted using a third party SSL cert. No unencrypted traffic is allowed. 3.5. Backup The backups will be run nightly for the SQL and application data. This data will be stored in Blob storage and configured as per the client’s requirements. The servers will also be backed up on a regular basis and saved to blob storage. 3.6. Integration with External Systems Using SFTP or VPN connections files from external systems can be retrieved or received using monitor and scheduled tasks. Files both from and going to external systems can reside on the Azure platform, the client’s internal network, or an external location depending on the system and requirements. Example Integration Schema Connectivity Overview EMIR Trading Platforms Funds Platforms (DTCC/Regis – TR...) (360T/FXALL…) (ICD/MyTreasury…) Microsoft Azure Environment Rates Providers (Bloomberg/ Reuters…) MYSIS SWIFT Internet Client Internal Network AZURE ENVIRONMENT VPN/Virtual Network or SFTP ERP (SAP, Oracle, MS Dynamics, Sun...) Example Integration Schema Import and Export Essentials Import Schema VPN/SFTP External system output file Directory location (can be on Azure environment, client local environment or external environment) Salmon Import Process Monitor/Scheduled Task Export Schema VPN/SFTP Salmon Export Process Salmon Output file (in format required by external system) Directory location (can be on Azure environment, client local environment or external environment) 4. Additional Information/Frequently Asked Questions 4.1. Privacy Privacy is one of the foundations of Microsoft’s Trustworthy Computing. Microsoft has a longstanding commitment to privacy, which is an integral part of our product and service lifecycle. We work to be transparent in our privacy practices, offer customers meaningful privacy choices, and manage responsibly the data we store. The Microsoft Privacy Principles, our specific privacy statements, and our internal privacy standards guide how we collect, use, and protect Customer Data. General information about cloud privacy is available from the Microsoft Privacy Web site. We also published a white paper Privacy in the Cloud to explain how Microsoft is addressing privacy in the realm of cloud computing. The Azure Privacy Statement describes the specific privacy policy and practices that govern customers’ use of Azure. 4.1.1. Location of Customer Data Microsoft currently operates Azure in data centers around the world. In this section, we address common customer inquiries about access and location of Customer Data. Customers may specify the geographic area(s) ("geos" and "regions") of the Microsoft data centers in which Customer Data will be stored. Available geos and regions are shown below. Please see service availability by region. GEO REGION (PREVIOUSLY MAJOR REGION) (PREVIOUSLY SUB-REGION) US East (Virginia) United States US West (California) US North Central (Illinois) US South Central (Texas) Europe Asia Pacific Japan Europe North (Ireland) Europe West (Netherlands) Asia Pacific East (Hong Kong) Asia Pacific Southeast (Singapore) Japan East (Saitama Prefecture) Japan West (Osaka Prefecture) Microsoft may transfer Customer Data within a geo (e.g., within Europe) for data redundancy or other purposes. For example, Azure replicates Blob and Table data between two regions within the same geo for enhanced data durability in case of a major data center disaster. Microsoft will not transfer Customer Data outside the geo(s) customer specifies (for example, from Europe to U.S. or from U.S. to Asia) except where necessary for Microsoft to provide customer support, troubleshoot the service, or comply with legal requirements; or where customer configures the account to enable such transfer of Customer Data, including through the use of: Features that do not enable geo selection such as Content Delivery Network (CDN) that provides a global caching service; Web and Worker Roles, which backup software deployment packages to the United States regardless of deployment geo; Preview, beta, or other pre-release features that may store or transfer Customer Data to the United States regardless of deployment geo; Azure Active Directory (except for Access Control), which for Europe may transfer Active Directory Data to the United States, and for Asia and Japan may store Active Directory Data globally; Azure Multi-Factor Authentication, which stores authentication data in the United States; Microsoft does not control or limit the geos from which customers or their end users may access Customer Data. See the E.U. Data Protection Directive section below for information on the regulatory framework under which Microsoft transfers data. 4.1.2. E.U. Data Protection Directive The E.U. Data Protection Directive (95/46/EC) sets a baseline for handling personal data in the European Union. The E.U. has stricter privacy rules than the U.S. and most other countries. To allow for the continuous flow of information required by international business (including cross border transfer of personal data), the European Commission reached an agreement with the U.S. Department of Commerce whereby U.S. organizations can self-certify as complying with the Safe Harbor Framework. Microsoft (including, for this purpose, all of our U.S. subsidiaries) is Safe Harbor certified under the U.S. Department of Commerce. In addition to the E.U. Member States, members of the European Economic Area (Iceland, Liechtenstein, and Norway) also recognize organizations certified under the Safe Harbor program as providing adequate privacy protection to justify transborder transfers from their countries to the U.S. Switzerland has a nearly identical agreement (“Swiss-U.S. Safe Harbor”) with the U.S. Department of Commerce to legitimize transfers from Switzerland to the U.S., to which Microsoft has also certified. The Safe Harbor certification allows for the legal transfer of E.U. personal data outside E.U. to Microsoft for processing. Under the E.U. Data Protection Directive and our contractual agreement, Microsoft acts as the data processor, whereas the customer is the data controller with the final ownership of the data and responsibility under the law for making sure that data can be legally transferred to Microsoft. It is important to note that Microsoft will transfer E.U. Customer Data outside the E.U. only under very limited circumstances. See the Location of Data section for details. Microsoft also offers additional contractual commitments to its volume licensing customers: A Data Processing Agreement that details our compliance with the E.U. Data Protection Directive and related security requirements for Azure core features within ISO/IEC 27001:2005 scope. E.U. Model Contractual Clauses that provide additional contractual guarantees around transfers of personal data for Azure core features within ISO/IEC 27001:2005 scope. Please contact your Microsoft account manager or Microsoft Volume Licensing for details. 4.1.3. Customer Data and Other Data Types Customer Data is all the data, including all text, sound, software or image files that you provide, or are provided on your behalf, to us through your use of the Services. For example, Customer Data includes data that you upload for storage or processing in the Services and applications that you or your end users upload for hosting in the Services. It does not include configuration or technical settings and information. Administrator Data is the information about administrators (including account contact and subscription administrators) provided during sign-up, purchase, or administration of the Services, such as name, address, phone number, and e-mail address. Metadata includes configuration and technical settings and information. For example, it includes the disk configuration settings for an Azure Virtual Machine or database design for an Azure SQL Database. Access Control Data is used to manage access to other types of data or functions within Azure. It includes passwords, security certificates, and other authentication-related data. 4.2. Compliance Microsoft partners with customers to help them address a wide range of international, country, and industry-specific regulatory requirements. By providing customers with compliant, independently verified cloud services, Microsoft makes it easier for customers to achieve compliance for the infrastructure and applications they run in Azure. Microsoft provides Azure customers with detailed information about our security and compliance programs, including audit reports and compliance packages, to help customers assess our services against their own legal and regulatory requirements. In addition, Microsoft has developed an extensible compliance framework that enables it to design and build services using a single set of controls to speed up and simplify compliance across a diverse set of regulations and rapidly adapt to changes in the regulatory landscape. ISO/IEC 27001:2005 Audit and Certification Azure is committed to annual certification against the ISO/IEC 27001:2005, a broad international information security standard. The ISO/IEC 27001:2005 certificate validates that Microsoft has implemented the internationally recognized information security controls defined in this standard, including guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization. ISO Scope: The following Azure features are in scope for the current ISO audit: Cloud Services (including Fabric and RDFE), Storage (Tables, Blobs, Queues), Virtual Machines (including with SQL Server), Virtual Network, Traffic Manager, Web Sites, BizTalk Services, Media Services, Mobile Services, Service Bus, Workflow, Multi-Factor Authentication, Active Directory, Right Management Service, SQL Database, (version 11.0.9164.000 and higher), and HDInsight. This includes the Information Security Management System (ISMS) for Azure, encompassing infrastructure, development, operations, and support for these features. Also included are Power BI for Office 365 and Power Query Service. The certificate issued by the British Standards Institution (BSI) is publically available. SOC 1 and SOC 2 SSAE 16/ISAE 3402 Attestations Azure has been audited against the Service Organization Control (SOC) reporting framework for both SOC 1 Type 2 and SOC 2 Type 2. Both reports are available to customers to meet a wide range of US and international auditing requirements. The SOC 1 Type 2 audit report attests to the design and operating effectiveness of Azure controls. The SOC 2 Type 2 audit included a further examination of Azure controls related to security, availability, and confidentiality. Azure is audited annually to ensure that security controls are maintained. Audits are conducted in accordance with the Statement on Standards for Attestation Engagements (SSAE) No. 16 put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) and International Standard on Assurance Engagements (ISAE) 3402 put forth by the International Auditing and Assurance Standards Board (IAASB). In addition, the SOC 2 Type 2 audit included an examination of the Cloud Controls Matrix (CCM) from the Cloud Security Alliance (CSA). Scope: The following Azure features are in scope for the current SOC 1 Type 2 and SOC 2 Type 2 attestations: Cloud Services (includes stateless Web, and Worker roles), Storage (Tables, Blobs, Queues), Virtual Machines (includes persistent virtual machines for use with supported operating systems) and Virtual Network (includes Traffic Manager). Cloud Security Alliance Cloud Controls Matrix Azure has been audited against the Cloud Controls Matrix (CCM) established by the Cloud Security Alliance (CSA). The audit was completed as part of the SOC 2 Type 2 assessment, the details of which are included in that report. This combined approach is recommended by the American Institute of Certified Public Accountants (AICPA) and CSA as a means of meeting the assurance and reporting needs of the majority cloud services users. The CSA CCM is designed to provide fundamental security principles to guide cloud vendors and to assist prospective customers in assessing the overall security risk of a cloud provider. By having completed an assessment against the CCM, Azure offers transparency into how its security controls are designed and managed with verification by an expert, independent audit firm. Detailed information about how Azure fulfills the security, privacy, compliance, and risk management requirements defined in the CCM is also published in the CSA’s Security Trust and Assurance Registry (STAR). In addition, the Microsoft Approach to Cloud Transparency paper provides an overview of how it addresses various risk, governance, and information security frameworks and standards, including the CSA CCM. Federal Risk and Authorization Management Program (FedRAMP) fedramp Azure has been granted a Provisional Authorities to Operate (P-ATO) from the Federal Risk and Authorization Management Program (FedRAMP) Joint Authorization Board (JAB). Following a rigorous security review, the JAB approved a provisional authorization that an executive department or agency can leverage to issue a security authorization and an accompanying Authority to Operate (ATO). This will allow US federal, state, and local governments to more rapidly realize the benefits of the cloud using Azure. FedRAMP is a mandatory U.S. government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that will save cost, time, and staff required to conduct redundant agency security assessments. Scope: The following Azure features are in scope for the FedRAMP JAB P-ATO: Cloud Services (Web and Worker roles), Storage (Tables, Blobs, Queues, Drives), Virtual Machines (includes persistent virtual machines), SQL Databases and Virtual Network (includes Traffic Manager). Payment Card Industry (PCI) Data Security Standards (DSS) Level 1 Payment Card Industry Azure is Level 1 compliant under the Payment Card Industry (PCI) Data Security Standards (DSS) as verified by an independent Qualified Security Assessor (QSA), allowing merchants to establish a secure cardholder environment and to achieve their own certification. The PCI DSS is an information security standard designed to prevent fraud through increased controls around credit card data. PCI certification is required for all organizations that store, process or transmit payment cardholder data. Customers can reduce the complexity of their PCI DSS certification by using compliant Azure services. Scope: The Information Security Management System (ISMS) for Azure, including infrastructure, development, operations and support for Compute, Data Services, App Services and Network Services are in scope for the PCI DSS Attestation of Compliance. United Kingdom G-Cloud Impact Level 2 Accreditation G-Cloud Impact Level 2 Accreditation In the United Kingdom, Azure has been awarded Impact Level 2 (IL2) accreditation, further enhancing Microsoft and its partner offerings on the current G-Cloud procurement Framework and CloudStore. The IL2 rating will benefit a broad range of UK public sector organizations, including local and regional government, National Health Service (NHS) trusts and some central government bodies, who require 'protect' level of security for data processing, storage and transmission. Scope: The following Azure features are in scope for the IL2 accreditation: Virtual Machines, Cloud Services, Storage (Tables, Blobs, Queues, Drives), and Virtual Network. 4.3. Frequently Asked Questions (FAQ) Is Azure compliant with my regulatory requirements? Please note that it is ultimately your obligation to comply with your regulatory requirements. We provide you with information to help you do so. We commit to compliance with data protection and privacy laws generally applicable to IT service providers. If you are subject to industry or jurisdictional requirements, you will need to make your own assessment of your ability to comply. Customers in many industries and geographies have found they can use Azure in a manner that complies with applicable regulations, provided they utilize the services in a manner appropriate to their particular circumstances. For instance, organizations covered by the E.U. Data Protection Directive should have their own policies, security, and training program in place to ensure their personnel do not use Azure in a way that violates the Directive. We will do our part by abiding by the promises we have made, thereby helping you remain compliant. How will Microsoft use the information I store in Azure? Microsoft will use the Customer Data you store in Azure only to provide you with the Azure service. This may include troubleshooting aimed at preventing, detecting or repairing problems affecting the operation of Azure and the improvement of features that involve the detection of, and protection against, emerging and evolving threats to the user (such as malware or spam). We may use statistical data, trends and usage information derived from your use of Azure for the purpose of providing, operating, maintaining or improving Azure as well as any Microsoft products and services used to deliver Azure. Does Microsoft share data between its advertiser-supported services and Azure? Does Azure data-mine my data for advertising? No. Azure does not share data with its advertiser-supported services. Azure does not mine Customer Data for advertising. What happens if law enforcement or another third party asks Microsoft for my Customer Data? What does Microsoft do when subpoenaed for Customer Data? Microsoft believes that its customers should control their own information whether stored on their premises or in a cloud service. Accordingly, we will not disclose Customer Data to a third party (including law enforcement, other government entity or civil litigant) except as you direct or required by law. Should a third party contact us with a demand for Customer Data, we will attempt to redirect the third party to request it directly from you. As part of that, we may provide your basic contact information to the third party. If compelled to disclose Customer Data to a third party, we will promptly notify you and provide a copy of the demand, unless legally prohibited from doing so. Microsoft also publishes a Law Enforcement Requests Report that provides insight into the scope of requests, as well as information from Microsoft's General Counsel about how the company responds to national security requests. In what circumstances is Customer Data disclosed to subcontractors, and how do they use it? Microsoft may hire other companies to provide limited services on its behalf, such as providing customer support. Microsoft will only disclose Customer Data to subcontractors so they can deliver the services we have retained them to provide. Subcontractors are prohibited from using Customer Data for any other purpose, and they are required to maintain the confidentiality of your information. Subcontractors that work in facilities or on equipment controlled by Microsoft must follow our privacy standards. All other subcontractors must follow privacy standards equivalent to our own. You can download the list of subcontractors authorized to process Customer Data in Azure. How does Azure ensure subcontractors comply with Microsoft’s privacy requirements? We require subcontractors to join Microsoft's Vendor Privacy Assurance Program, to meet our privacy requirements by contract, and to undergo regular privacy training. We contractually obligate subcontractors that work in facilities or on equipment controlled by Microsoft to follow our privacy standards. All other subcontractors are contractually obligated to follow privacy standards equivalent to our own. Does Microsoft allow customers to audit Azure operations or its data centers? No. Our independent audits and certifications are shared with customers in lieu of individual customer audits. These certifications and attestations accurately represent how we obtain and meet our security and compliance objectives, and serve as a practical mechanism to validate our promises for all customers. Allowing potentially thousands of customers to audit our services would not be a scalable practice and might compromise security and privacy. Our independent third-party validation program includes audits that are conducted on an annual basis to provide verification of Azure security controls. Can Microsoft customize its audit for me? No. Microsoft is not able to agree to custom audit obligations for individual customers. The costs and potential conflicts between varying obligations make it impractical to customize audits. For more information on the Azure Security please visit the Microsoft Trust Centre. Microsoft Azure Trust Centre. http://azure.microsoft.com/en-us/support/trust-center/