Azure Stack authorization leverages the Azure authorization management service. For general availability, there are three different authentication designs. There's a good chance there's an authentication design available that works for most companies.

The Azure authorization management service works based on Azure Active Directory (Azure AD), which is a multi-tenant, cloud-based identity-management service.

This means that each Azure Stack environment needs to have proper internet connectivity; otherwise, no authentication is possible. This makes life quite easy, but service providers or hosters (and even some medium and larger companies) especially do not allow communications from their internal infrastructure-management environment to the internet (public Azure) for authentication. This security requirement makes the creation of a Proof of Concept (POC) not as easy as before.

Starting with TP3 there is support for Active Directory Federation Services. This service provides single sign-on (SSO) and secure remote access for web applications hosted on premises. In addition, it ensures that authentication is possible even if the connection to Azure AD is not available for a certain amount of time.

Another concept you may already know from Azure and even from Azure Pack is the concept of subscriptions, plans, and offers. This makes it quite easy for administrators to provide access to cloud services:

The event service is an essential service for Azure Stack and provides information about a deployment-whether it is running properly or whether there are issues. So in general, it is a kind of event log of an Azure Stack resource. Like all Azure Stack services it has its own API, so you may collect data in another way than the portal (using PowerShell or other programming languages).

If a resource is up and running in Azure Stack, this is where the monitoring service opts in and provides general vital information. This is not the option to disable all your monitoring features for your environments. Your monitoring solutions provide an overall status of the resource itself and all services that are being provided by that service (for example, a VM providing email or database services). It is more than worth it to have it up and running too. The monitoring features of Azure Stack itself will be described later in this book.

Finally, everybody needs to make money and be profitable with a cloud solution. This is why we need a billing model. The basis for a billing model in general is the usage data that provides information about how long which resource is running and being used. This data is saved in SQL and builds the basis for your billing. The best way to report usage data is PowerBI. PowerBI is a SQL big data solution by Azure that gives you a nice overview of data. The billing possibilities will be described later in this book too:

In addition to the possibilities of rich reporting, this data can be exported to CSV and reused in the customer's billing tool for charging its customers on a more or less easy and half-automated way.

If you need more features and functionality, there are third-party resource providers available to provide a more comprehensive but easy-to-use usage reporting feature that could fit better with customer needs, but this also means investing money and resources in these resource providers, because in general, you need a dedicated server to provide the business logic of this tool.