SAML Authentication

 SAML is an XML based framework that stands for Security Assertion Markup Language. Let us see how SAML is used to enable SSO (Single-Sign-On). SSO is a term used for a type of login method where a company configures all of its web apps in such a way that the user can log in to all of these apps by just signing in once.

Example – When one logs in on gmail.com, they can visit YouTube, Google Drive, and other Google services without having to sign in to each service separately.

The SAML authentication flow is based on two entities –

1. Service Providers (SP) – The SP receives the authentication from the IdP and grants the authorisation to the user.
2. Identity Providers (IdP) – The IdP authenticates a user and sends their credentials along with their access rights for the service to the SP.

In the example given above, SP will be Gmail and IdP will be Google. SAML enables SSO, and as it is explained above, a user can log in once and the same credentials will be used to log into other SPs.


SAML Authentication Workflow –

1. A user tries to log in to Gmail.
2. Gmail generates a SAML request.
3. The SAML request is sent to Google by the browser, which parses this request, authenticates the user and creates a SAML response. This SAML response is encoded and sent back to the browser.
4. The browser sends this SAML response back to Gmail for verification.
5. If the user is successfully verified, they are logged in to Gmail.

SAML Request –

Some of the important terms in the SAML request are defined below –

1. ID – Identifier for a particular SAML request.
2. Issuer – The name of the service provider (SP).
3. NameID – The username/email address or phone number which is used to identify a user.
4. AssertionConsumerServiceURL – The SAML URL interface of the SP where the IP sends the auth token.

SAML Response –

A SAML response consists of two parts –

1. Assertion –
   It is an XML document that has the details of the user. This contains the timestamp of the user login event and the method of authentication used (eg. 2 Factor Authentication, Kerberos, etc.)
2. Signature –
   It is a Base64 encoded string which protects the integrity of the assertion. (If an attacker tries to change the username in the assertion to the victim’s username, the signature will prevent the hacker from logging in as the user).

Key Generation –

The Identity Provider (IdP) generates a private key and a public key. It signs the assertion with the private key. The public key is shared with the Service Provider (SP) which uses it to verify the SAML response and then log the user in.


SAML Vulnerabilities Exploited by Hackers –

1. Signature not checked –
   If someone is able to change the name id (username) in the SAML response and log in as someone else due to the lack of a signature checking process.
2. Signature only checked when it exists –
   If someone changes the name id value and removes the signature before the response is received by the browser and is still able to log in as the victim.
3. Comment Injection –
   A user can be registered with an XML comment in the username as follows –

   email: prerit<!--notprerit-->@test.com

   While processing the SAML response, the SP will ignore the comment and log us in as the victim. The entire SAML response can be intercepted by using a proxy like a burp suite. Note that it has to be decoded first by the URL format and then by the Base64 format in order to be viewed.

4. SAML Replay –
   The attacker captures the SAML response and uses it multiple times to log in as the victim.

Introduction to Amazon Web Services

 Amazon Web Services (AWS), a subsidiary of Amazon.com, has invested billions of dollars in IT resources distributed across the globe. These resources are shared among all the AWS account holders across the globe. These account themselves are entirely isolated from each other. AWS provides on-demand IT resources to its account holders on a pay-as-you-go pricing model with no upfront cost.  Amazon Web services offers flexibility because you can only pay for services you use or you need. Enterprises use AWS to reduce capital expenditure of building their own private IT infrastructure (which can be expensive depending upon the enterprise’s size and nature). AWS has its own Physical fiber network that connects with Availability zones, regions and Edge locations. All the maintenance cost is also bared by the AWS that saves a fortune for the enterprises.

Security of cloud is the responsibility of AWS but Security in the cloud is Customer’s Responsibility. The Performance efficiency in the cloud has four main areas:-

• Selection
• Review
• Monitoring
• Tradeoff

Advantages of Amazon Web Services

•  AWS allows you to easily scale your resources up or down as your needs change, helping you to save money and ensure that your application always has the resources it needs.
• AWS provides a highly reliable and secure infrastructure, with multiple data centers and a commitment to 99.99% availability for many of its services.
• AWS offers a wide range of services and tools that can be easily combined to build and deploy a variety of applications, making it highly flexible.
•  AWS offers a pay-as-you-go pricing model, allowing you to only pay for the resources you actually use and avoid upfront costs and long-term commitments.

Disadvantages of Amazon Web Services

•  AWS can be complex, with a wide range of services and features that may be difficult to understand and use, especially for new users.
• AWS can be expensive, especially if you have a high-traffic application or need to run multiple services. Additionally, the cost of services can increase over time, so you need to regularly monitor your spending.
• While AWS provides many security features and tools, securing your resources on AWS can still be challenging, and you may need to implement additional security measures to meet your specific requirements.
•  AWS manages many aspects of the infrastructure, which can limit your control over certain parts of your application and environment.

AWS Global Infrastructure

The AWS global infrastructure is massive and is divided into geographical regions. The geographical regions are then divided into separate availability zones. While selecting the geographical regions for AWS, three factors come into play

• Optimizing Latency
• Reducing cost
• Government regulations (Some services are not available for some regions)

Each region is divided into at least two availability zones that are physically isolated from each other, which provides business continuity for the infrastructure as in a distributed system. If one zone fails to function, the infrastructure in other availability zones remains operational. The largest region North Virginia (US-East), has six availability zones. These availability zones are connected by high-speed fiber-optic networking.

There are over 100 edge locations distributed all over the globe that are used for the CloudFront (content delivery network). Cloudfront can cache frequently used content such as images and videos(live streaming  videos also) at edge locations and distribute it to edge locations across the globe for high-speed delivery and low latency  for end-users. It also protects from DDOS attacks.

AWS Management Console

The AWS management console is a web-based interface to access AWS. It requires an AWS account and also has a smartphone application for the same purpose. So When you  sign in for first time, you see the console home page  where you see all the services provided by AWS. Cost monitoring is also done through the console.

AWS resources can also be accessed through various Software Development Kits (SDKs), which allows the developers to create applications as AWS as its backend. There are SDKs for all the major languages(e.g., JavaScript, Python, Node.js, .Net, PHP, Ruby, Go, C++). There are mobile SDKs for Android, iOS, React Native, Unity, and Xamarin. AWS can also be accessed by making HTTP calls using the AWS-API. AWS also provides a Command Line Interface (CLI) for remotely accessing the AWS and can implement scripts to automate many processes. This Console is also available as an app for Android and iOS. For mobile apps, you can simply download AWS console app. 

AWS Cloud Computing Models

There are three cloud computing models available on AWS.

1. Infrastructure as a Service (IaaS): It is the basic building block of cloud IT. It generally provides access to data storage space, networking features, and computer hardware(virtual or dedicated hardware). It is highly flexible and gives management controls over the IT resources to the developer. For example, VPC, EC2, EBS.
2. Platform as a Service (PaaS): This is a type of service where AWS manages the underlying infrastructure (usually operating system and hardware). This helps the developer to be more efficient as they do not have to worry about undifferentiated heavy lifting required for running the applications such as capacity planning, software maintenance, resource procurement, patching, etc., and focus more on deployment and management of the applications. For example, RDS, EMR, ElasticSearch.
3. Software as a Service(SaaS): It is a complete product that usually runs on a browser. It primarily refers to end-user applications. It is run and managed by the service provider. The end-user only has to worry about the application of the software suitable to its needs. For example, Saleforce.com, Web-based email, Office 365 .

Amazon Web Services (AWS) – Free Tier Account Set up

 Amazon Web Service(AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. Millions of customers including the fastest-growing startups, largest enterprises, and leading government agencies are using AWS to lower costs, become more agile, and innovate faster. AWS offers new subscribers a 12-month free tier to get hands-on experience with all AWS cloud services.

Steps to Creating a Free Tier AWS Account:

Step 1: Open https://portal.aws.amazon.com/billing/signup#/start/email in any browser, then enter your mail address and AWS account name. Click on “Verify Email Address”.

 

Step 2: Enter the verification code received in the email address entered and click on ‘Verify’.

Step 3: Enter the Root user Password and Confirm the Root user Password, then click on ‘Continue (step 1 of 5)’.

 

Step 4: Select ‘Personal – for your own projects’ and fill in the details including the full name, contact number, country or region, and address for communication, and then click on ‘Continue (Step 2 of 5)’.
 

 

Step 5: Now in this step enter the Billing Information, and then click on ‘Verify and Continue.

Step 6: Confirm your identity by entering your mobile number or email address. You will receive a verification code which you have to enter to confirm your identity.

Step 7: Select the support plan. For Free Tier, we have to select ‘Basic Support: Free’. Finally, the AWS account has been created and is ready for implementation.

Amazon Web Services – Setting Up an AWS Account

 Amazon web services is a cloud service platform that provides on-demand computational services, databases, storage space, and many more services. AWS allows its user to choose products from its wide variety of services and use them on-demand with no upfront payment for most of the services. Individually an AWS service may lack some functionality but, given the right AWS architecture, AWS services can be easily integrated to make highly complex and robust applications. 

In this article, we will look into the process of creating & setting up an AWS Free Tier Account. Amazon is providing a number of various services in this AWS Free Tier account with some restrictions so that users can gain practical experience and a deeper understanding of AWS Cloud services. The AWS Free Tier’s main objective is to give users a year(12 months) of free access to AWS Cloud Services so they may get experience in how to use the services. There is a limit on how much we may utilize of each service included in the AWS Free Tier account before being charged.

Note: You’re not charged for any AWS services that you sign up for unless you’re exceeding the free Tier limit. (Turn off or Delete the services once you have done with your practice)

Set Up A AWS Free Tier Account

Step 1: First Open your web browser and search for AWS Login Console and click on the first link. As shown in the picture below 

 

Step 2: An AWS Login Console page will open now click on  Create an AWS Account.

 

Step 3: A new AWS sign-in page will now open after selecting Create an AWS Account. Choose to Create a new AWS account. As shown in the image below

 

Step 4: In order to use the feature to log into an AWS Free Tire Account, we must validate the email address and have to provide the AWS account name in this stage. After clicking on “Verify Email Address,” you will receive a verification code at the address you provided. Next, you must create a password for this account. Finally, click “Continue” to move on to the next stage. The pictures below show every step of the process.

 

After clicking on “Verify Email Address,” you will receive a verification code at the address you provided.

 

Next, you must create a password for this account. Finally, click “Continue” to move on to the next stage.

 

Step 5: We must include all of our contact information in this phase to make it easier for Amazon support personnel to get in touch with us about our AWS Account and any feature references. As shown in the image below.

 

Step 6: We must provide the credit/debit card information in this step. There is no reason to panic at this time. AWS won’t deduct any amount unless you pay it on your own. AWS may temporarily keep your identification that they will charge you only  2 Indian rupees.

 

Step 7: We have to verify our phone number in this phase. As seen in the image below, select “TEXT or Voice call” as the method for receiving your verification number, then complete the captcha by clicking on “Send SMS.”You will be sent to a screen where you must confirm the verification code you have received and click continue to proceed to the following stage. As seen in the pictures below.

 

Step 8: Enter the verification code you received on your mobile device, validate it, and then click Continue to move on to the following stage.

 

Step 9: Choose the support strategy you want to use. We are setting up an AWS Free Tier Account so select the Basic Support option, which is cost-free and which AWS also suggests for new customers. The Basic Support Plan includes following

• 24*7 self-service access to AWS resources 
• Can access personal health dashboard 
• It is free of cost

 

After selecting a plan, click “Complete the sign up” as shown in the image.

Step 10: “Congratulation” Upon the creation of your AWS account, you can sign in by clicking Click Sign into the console once more, input the email address that you provided, your password, and then click Sign in as shown in the accompanying image, where you can see AWS Management Console’s home page for certain of its offering services.

 

 

Enter your email address and previously-configured password.

 

And this is the Amazon Console Home page, where you may access some of the most popular AWS services, including EC2, VPC, AUTOSCALING, etc.

 

After setting up our AWS Free Tier account, we are now ready to begin using the services that AWS offers.

INTRODUCTION TO AMAZON WEB SERVICES

 Amazon Web Services (AWS), a subsidiary of Amazon.com, has invested billions of dollars in IT resources distributed across the globe. These resources are shared among all the AWS account holders across the globe. These account themselves are entirely isolated from each other. AWS provides on-demand IT resources to its account holders on a pay-as-you-go pricing model with no upfront cost.  Amazon Web services offers flexibility because you can only pay for services you use or you need. Enterprises use AWS to reduce capital expenditure of building their own private IT infrastructure (which can be expensive depending upon the enterprise’s size and nature). AWS has its own Physical fiber network that connects with Availability zones, regions and Edge locations. All the maintenance cost is also bared by the AWS that saves a fortune for the enterprises.

Security of cloud is the responsibility of AWS but Security in the cloud is Customer’s Responsibility. The Performance efficiency in the cloud has four main areas:-

• Selection
• Review
• Monitoring
• Tradeoff

Advantages of Amazon Web Services

•  AWS allows you to easily scale your resources up or down as your needs change, helping you to save money and ensure that your application always has the resources it needs.
• AWS provides a highly reliable and secure infrastructure, with multiple data centers and a commitment to 99.99% availability for many of its services.
• AWS offers a wide range of services and tools that can be easily combined to build and deploy a variety of applications, making it highly flexible.
•  AWS offers a pay-as-you-go pricing model, allowing you to only pay for the resources you actually use and avoid upfront costs and long-term commitments.

Disadvantages of Amazon Web Services

•  AWS can be complex, with a wide range of services and features that may be difficult to understand and use, especially for new users.
• AWS can be expensive, especially if you have a high-traffic application or need to run multiple services. Additionally, the cost of services can increase over time, so you need to regularly monitor your spending.
• While AWS provides many security features and tools, securing your resources on AWS can still be challenging, and you may need to implement additional security measures to meet your specific requirements.
•  AWS manages many aspects of the infrastructure, which can limit your control over certain parts of your application and environment.

AWS Global Infrastructure

The AWS global infrastructure is massive and is divided into geographical regions. The geographical regions are then divided into separate availability zones. While selecting the geographical regions for AWS, three factors come into play

• Optimizing Latency
• Reducing cost
• Government regulations (Some services are not available for some regions)

Each region is divided into at least two availability zones that are physically isolated from each other, which provides business continuity for the infrastructure as in a distributed system. If one zone fails to function, the infrastructure in other availability zones remains operational. The largest region North Virginia (US-East), has six availability zones. These availability zones are connected by high-speed fiber-optic networking.

There are over 100 edge locations distributed all over the globe that are used for the CloudFront (content delivery network). Cloudfront can cache frequently used content such as images and videos(live streaming  videos also) at edge locations and distribute it to edge locations across the globe for high-speed delivery and low latency  for end-users. It also protects from DDOS attacks.

AWS Management Console

The AWS management console is a web-based interface to access AWS. It requires an AWS account and also has a smartphone application for the same purpose. So When you  sign in for first time, you see the console home page  where you see all the services provided by AWS. Cost monitoring is also done through the console.

AWS resources can also be accessed through various Software Development Kits (SDKs), which allows the developers to create applications as AWS as its backend. There are SDKs for all the major languages(e.g., JavaScript, Python, Node.js, .Net, PHP, Ruby, Go, C++). There are mobile SDKs for Android, iOS, React Native, Unity, and Xamarin. AWS can also be accessed by making HTTP calls using the AWS-API. AWS also provides a Command Line Interface (CLI) for remotely accessing the AWS and can implement scripts to automate many processes. This Console is also available as an app for Android and iOS. For mobile apps, you can simply download AWS console app. 

AWS Cloud Computing Models

There are three cloud computing models available on AWS.

1. Infrastructure as a Service (IaaS): It is the basic building block of cloud IT. It generally provides access to data storage space, networking features, and computer hardware(virtual or dedicated hardware). It is highly flexible and gives management controls over the IT resources to the developer. For example, VPC, EC2, EBS.
2. Platform as a Service (PaaS): This is a type of service where AWS manages the underlying infrastructure (usually operating system and hardware). This helps the developer to be more efficient as they do not have to worry about undifferentiated heavy lifting required for running the applications such as capacity planning, software maintenance, resource procurement, patching, etc., and focus more on deployment and management of the applications. For example, RDS, EMR, ElasticSearch.

1. Software as a Service(SaaS): It is a complete product that usually runs on a browser. It primarily refers to end-user applications. It is run and managed by the service provider. The end-user only has to worry about the application of the software suitable to its needs. For example, Saleforce.com, Web-based email, Office 365 .

Azure HPC Cache

 Azure HPC Cache speeds access to your data for high-performance computing (HPC) tasks. By caching files in Azure, Azure HPC Cache brings the scalability of cloud computing to your existing workflow. This service can be used even for workflows where your data is stored across WAN links, such as in your local datacenter network-attached storage (NAS) environment.

Azure HPC Cache is easy to launch and monitor from the Azure portal. Existing NFS storage or new Blob containers can become part of its aggregated namespace, which makes client access simple even if you change the back-end storage target.

Use cases

Azure HPC Cache enhances productivity best for workflows like these:

• Read-heavy file access workflow
• Data stored in NFS-accessible storage, Azure Blob, or both
• Compute farms of up to 75,000 CPU cores

Azure HPC Cache can be added to a wide variety of workflows across many industries. Any system where a large number of machines need to access a set of files at scale and with low latency will benefit from this service. The sections below give specific examples.

Visual effects (VFX) rendering

In media and entertainment, Azure HPC Cache can speed up data access for time-critical rendering projects. VFX rendering workflows often require last-minute processing by large numbers of compute nodes. Data for these workflows are typically located in an on-premises NAS environment. Azure HPC Cache can cache that file data in the cloud to reduce latency and enhance flexibility for on-demand rendering.

Learn more about High-performance computing for rendering.

Life sciences

Many life sciences workflows can benefit from scale-out file caching.

A research institute that wants to port its genomic analysis workflows into Azure can easily shift them by using Azure HPC Cache. Because the cache provides POSIX file access, no client-side changes are needed to run their existing client workflow in the cloud.

Azure HPC Cache also can be leveraged to improve efficiency in tasks like secondary analysis, pharmacological simulation, or AI-driven image analysis.

Learn more about High-performance computing for health and life sciences.

Silicon design verification

The silicon design industry’s design verification workloads, known as “electronic design automation (EDA) tools” are compute-intensive tools that can be run on large-scale virtual machine compute grids.

Azure HPC Cache can provide on-cloud caching of design data, libraries, binaries, and rule database files from on-premises storage systems. This provides local-like response times for directory listings, metadata, and data reads, and eliminates the need for complex data migration, syncing, and copying operations.

Azure HPC Cache also can be set up to cache output files being written by the compute jobs. This configuration gives immediate acknowledgement to the compute workflow and subsequently writes the changes back to the on-premises NAS.

HPC Cache allows chip designers to scale EDA verification jobs to tens of thousands of cores with ease, and pay minimal attention to storage performance.

Learn more about High-performance computing for silicon.

Financial services analytics

An Azure HPC Cache deployment can help speed up quantitative analysis calculations, risk analysis workloads, and Monte Carlo simulations to give financial services companies better insight to make strategic decisions.

Learn more about High-performance computing for financial services.

Region availability

Visit the Azure Global Infrastructure products by region page to learn where Azure HPC Cache is available.

Azure HPC Cache resides in a single region. It can access data stored in other regions if you connect it to Blob containers located there. The cache does not permanently store customer data.