Book Image

Microsoft Azure Infrastructure Services for Architects

By : John Savill
Book Image

Microsoft Azure Infrastructure Services for Architects

By: John Savill

Overview of this book

With Microsoft Azure challenging Amazon Web Services (AWS) for market share, there has been no better time for IT professionals to broaden and expand their knowledge of Microsoft’s flagship virtualization and cloud computing service. Microsoft Azure Infrastructure Services for Architects: Designing Cloud Solutions helps readers develop the skills required to understand the capabilities of Microsoft Azure for Infrastructure Services and implement a public cloud to achieve full virtualization of data, both on and off premise. Microsoft Azure provides granular control in choosing core infrastructure components, enabling IT administrators to deploy new Windows Server and Linux virtual machines, adjust usage as requirements change, and scale to meet the infrastructure needs of their entire organization. This accurate, authoritative book covers topics including IaaS cost and options, customizing VM storage, enabling external connectivity to Azure virtual machines, extending Azure Active Directory, replicating and backing up to Azure, disaster recovery, and much more
Table of Contents (18 chapters)
Free Chapter
1
Cover
2
Acknowledgments
3
About the Author
4
Introduction
17
Index
18
End User License Agreement

Role-Based Access Control

It was a dark and hostile time as little as five years ago in the Azure cloud when it came to granular access control. Azure Service Manager ruled, and there were essentially two types of people in a subscription: those that could do management actions (i.e., the service administrator and co-administrators) and those that could not (i.e., everyone who was not in the previously mentioned roles). These were subscription-level assignments, which meant it was common to have to separate resources and projects into separate subscriptions to enable separate security containers. Even then, however, often groups of people would have to be given permissions above what they actually needed, which breaks a fundamental security principal, least privilege—to only give what is required. This should guide you as you look at your RBAC design.

Introduced in 2014 and really becoming mainstream late 2015 was the Azure Resource Manager (ARM), which is what everything we know...