Book Image

Azure Strategy and Implementation Guide, Fourth Edition - Fourth Edition

By : Aaditya Pokkunuri, Jack Lee, Greg Leonardo, Jason Milgram, David Rendón
Book Image

Azure Strategy and Implementation Guide, Fourth Edition - Fourth Edition

By: Aaditya Pokkunuri, Jack Lee, Greg Leonardo, Jason Milgram, David Rendón

Overview of this book

Microsoft Azure is a powerful cloud computing platform that offers a multitude of services and capabilities for organizations of any size moving to a cloud strategy. This fourth edition comes with the latest updates on cloud security fundamentals, hybrid cloud, cloud migration, Microsoft Azure Active Directory, and Windows Virtual Desktop. It encapsulates the entire spectrum of measures involved in Azure deployment that includes understanding Azure fundamentals, choosing a suitable cloud architecture, building on design principles, becoming familiar with Azure DevOps, and learning best practices for optimization and management. The book begins by introducing you to the Azure cloud platform and demonstrating the substantial scope of digital transformation and innovation that can be achieved with Azure's capabilities. The guide also acquaints you with practical insights into application modernization, Azure Infrastructure as a Service (IaaS) deployment, infrastructure management, key application architectures, best practices of Azure DevOps, and Azure automation. By the end of this book, you will have acquired the skills required to drive Azure operations from the planning and cloud migration stage to cost management and troubleshooting.

Related Content you might be interested in

Current Title:

Small book image
Azure Strategy and Implementation Guide, Fourth Edition - Fourth Edition
Aaditya Pokkunuri | Jack Lee | Greg Leonardo | Jason Milgram | David Rendón
May, 2021 | 228 pages
Small book image
Azure for Decision Makers
Jack Lee | David Rendoacuten | Jason Milgram
Sep, 2023 | 146 pages
Small book image
Implementing Hybrid Cloud with Azure Arc
Amit Malik | Damanpreet Kaur
Jul, 2021 | 242 pages
Small book image
Azure Strategy and Implementation Guide,
Greg Leonardo | Jason Milgram | Peter De Tender
Jun, 2020 | 162 pages
Table of Contents (10 chapters)
Preface
Preface
About Azure Strategy and Implementation Guide, Fourth Edition
About the authors
About the reviewers
Learning objectives
Audience
Approach
Hardware requirements
Software requirements
Conventions
1
1. Introduction
1. Introduction
What is Microsoft Azure?
Approaches for Azure adoption
Azure migration strategies
Business benefits of Azure infrastructure
Helpful links
Free Chapter
2
2. Automation and governance in Azure
2. Automation and governance in Azure
Azure DevOps
Deploying Azure IaC
Benefits of Azure IaC
Best practices
Identity and access control
Azure governance
Summary
Important links
3
3. Modernizing with hybrid cloud and multicloud
3. Modernizing with hybrid cloud and multicloud
What is hybrid cloud, multicloud, and edge computing?
What makes a hybrid and multicloud strategy successful?
Azure Arc overview
Modernizing your datacenter with Azure Stack
Azure Stack HCI solution overview
Getting started with Azure Stack HCI and Windows Admin Center
Comparing Azure Stack Hub and Azure Stack HCI
Summary
4
4. Cloud migration: Planning, implementation, and best practices
4. Cloud migration: Planning, implementation, and best practices
Microsoft Azure Well-Architected Framework
Choosing your underlying infrastructure
Workload migration scenarios
Achieving cloud scale and maximizing performance
Enterprise-grade backup and disaster recovery
Azure migration best practices and support
Summary
5
5. Enabling secure, remote work with Microsoft Azure AD and WVD
5. Enabling secure, remote work with Microsoft Azure AD and WVD
The fundamentals of deploying remote work infrastructure
Azure Active Directory
Enabling remote connectivity
Securing and managing traffic to your workloads
Enabling remote work with Windows Virtual Desktop
Summary
6
6. Security fundamentals to help protect against cybercrime
6. Security fundamentals to help protect against cybercrime
Enabling security for remote workers
Gain visibility into your entire infrastructure with Azure Security Center
Best practices for securing your network
Modernize your security operations with Azure Sentinel, a cloud-native SIEM
A unified SecOps experience
Summary
7
7. Offers, support, resources, and tips to optimize cost in Azure
7. Offers, support, resources, and tips to optimize cost in Azure
Understanding and forecasting your costs
Optimizing your costs
Summary
8
8. Conclusion
8. Conclusion
Resources
Glossary
9
Index
Index

Azure governance

Azure governance is defined as the processes and mechanisms that are used to maintain control of your applications and resources in Azure. They are the strategic priorities involved in planning your initiatives within your organization. Azure governance is provided in two services: Azure Policy and, as we will discuss in Chapter 7, Offers, support, resources, and tips to optimize cost in Azure, Azure Cost Management.

The purpose of Azure Policy is to organize your operational standards and to assess your compliance. Azure Policy regulates compliance, security, costs, and management while implementing governance for consistency of your resources. Everything that we see in Azure is governed by these policies, which contain business rules in JSON format and policy definitions. The schema for these policy definitions can be found at https://schema.management.azure.com/schemas/2019-09-01/policyDefinition.json.

What are the benefits?

Azure governance and Azure Policy help with building and scaling your applications while maintaining a level of control. This helps create guardrails and assists with deploying entirely governed environments throughout your organization's subscription using Azure Blueprints. As we will discuss in Chapter 7, Offers, support, resources, and tips to optimize cost in Azure, it also assists in managing costs by providing insights into your spending to maximize your cloud investment. In addition, Azure governance offers the following benefits:

  • Helps with audit and enforcement of your policies for any Azure service
  • Helps encourage accountability throughout the organization while monitoring spending
  • Creates compliant environments, including resources, policies, and access control
  • Helps ensure compliance with external regulations via built-in compliance controls

In the following sections, we'll look in detail at some of the features and services available via Azure governance, namely Azure management groups, Azure Policy, Azure Blueprints, Azure Graph, and Azure Cost Management and Billing.

Azure management groups

Azure management groups help manage your Azure subscriptions by grouping them and taking actions against those groups. They allow you to define security, policies, and typical deployments via blueprints. They help create a hierarchical view of your organization so that you can efficiently manage your subscriptions and resources:

Hierarchical representation of Azure management groups

Figure 2.5: Azure management groups

As you can see in Figure 2.5, there is a simple separation between production and non-production. We should understand from this illustration that each management group has a root or parent that every hierarchical structure inherits from. You can create a global structure at the root, or you can create a production or non-production policy in either one of the branches.

Azure Policy

Azure Policy was put in place to help enforce asset compliance in organizational standards within Azure. Common uses of Azure Policy are implementing governance for resources consistency, security, costs, and management. Like everything in Azure, Azure policies are in JSON format, and you add business rules for policy definitions to help simplify the management of these rules.

Azure policies can be applied to Azure resources in different life cycles or during an ongoing compliance evaluation. These can be used as a control mechanism to deny changes or to log them. The difference between Azure Policy and Azure rule-based access control (RBAC) is that your policy does not restrict Azure actions. This means a combination of Azure RBAC and Azure policy provides the full scope of security in Azure.

The following best practices are recommended by Microsoft:

  • When you use Azure policies, it's always good to start with an audit policy rather than a denial policy, as setting a denial policy may hinder automation tasks when creating the resources.
  • When creating your definitions, consider your organizational hierarchies. Creating higher-level definitions such as at the management group or subscription level is recommended.
  • Create and assign initiative definitions or policy sets even for the smallest policy definitions.
  • It is good to remember that once an initial assignment is evaluated, all policies within that initiative are evaluated as well.
  • You should think about using policies to help control your infrastructure, like requiring antivirus to be installed on all virtual machines or not allowing specific sizes of virtual machines to be created in a non-production environment. To gain a better understanding of Azure policy definition structure, you can learn more at https://docs.microsoft.com/azure/governance/policy/concepts/definition-structure.

Azure Blueprints

Azure Blueprints enables technology groups to develop a repeatable set of Azure resources that support an organization's patterns, requirements, and standards. Blueprints are a great way to orchestrate the deployment of various resources, such as role assignments, policies, ARM templates, and resource groups. Azure Blueprints is an extension of ARM templates, which are designed to help with environment setup, and Azure Blueprints uses templates to accomplish this goal.

Azure Resource Graph

Azure Resource Graph was created to extend ARM templates' capabilities to help explore resources even across subscriptions. Azure Resource Graph queries allow you to search for complex results from resources that have been deployed in Azure. Azure Resource Graph is the query system that supports the search in Azure. The query language is based on the Kusto Query Language, which is also used by Azure Data Explorer, so it may be new to you and take a little bit of getting used to.

You need the appropriate rights in Azure RBAC to see the resources—this is the read permission. If you don't get any results returned in Azure when you use Azure Resource Graph, check your read permission first.

Azure Resource Graph is free to use, but it's throttled to ensure the best experience for everyone.

Azure Cost Management and Billing

Azure Cost Management and Billing was created to help analyze, manage, and optimize the costs of your workloads in Azure. It was introduced to help businesses reduce their risk of potential waste and inefficiencies as they migrate to the cloud. Azure Cost Management and Billing does the following:

  • Assists in paying your bills
  • Generates monthly invoices containing cost and usage data that can be downloaded
  • Sets spending thresholds
  • Analyzes your costs proactively
  • Identifies opportunities to optimize spending for your workloads in Azure

We will cover this in more depth in Chapter 7, Offers, support, resources, and tips to optimize cost in Azure, since individuals and organizations manage cost streams differently in Azure.

Previous Section
End of Section 7
Next Section