Global Azure Live Session – “Enterprise Cloud Readiness – Was ist zu tun?”

Eine Cloud Plattform kann schnell, einfach und mit wenig Wissen über die betroffenen Bereiche eingeführt werden. So stehen die Vorteile von Cloud-Computing für die angefragten Fachbereich sofort zur Verfügung. Doch das spricht sich schnell herum und auch andere Fachbereiche entdecken die Vorteile von Cloud-Computing für sich und möchten diese nutzen. War eine Cloud-Plattform noch einfach einzuführen, bergen mehrere die Gefahr eines Ressourcen Chaos. Dieses kann zu Sicherheitslücken, Ausfällen von produktiven Applikationen und Systemen oder sogar zu unkontrolliertem Kostenzuwachs führen.

Video (coming soon)

Azure Governance Series – Part 2, use Azure Policies to be compliant to the organization’s regulations

how to identify the right Azure policies to fulfill the regulatory requirements of the organization and still keep the life of the cloud developers as easy as possible.

In this article, I would like to show you the possibilities of Azure policies and how they can be structured.

first of all, what is Azure Policy and which goals can you reach with using of these Policies:

Governance validates that your organization can achieve its goals through effective and efficient use of IT. It meets this need by creating clarity between business goals and IT projects.

Does your company experience a significant number of IT issues that never seem to get resolved? Good IT governance involves planning your initiatives and setting priorities on a strategic level to help manage and prevent issues. This strategic need is where Azure Policy comes in.
Azure Policy is a service in Azure that you use to create, assign and, manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. Azure Policy meets this need by evaluating your resources for non-compliance with assigned policies. For example, you can have the policy to allow only a certain SKU size of virtual machines in your environment. Once this policy is implemented, new and existing resources are evaluated for compliance. With the right type of policy, existing resources can be brought into compliance. Later in this documentation, we’ll go over more details on how to create and implement policies with Azure Policy.

Source https://docs.microsoft.com/en-us/azure/governance/policy/overview

my approach to structuring the Azure policies:

  • verify your Governance, Compliance, and Security requirements from the first part of this series
  • identify which type of effects (auditing or enforcing) make sense four your organization
  • group similar policies to Initiative even it’s only one, use the initiatives
  • start with auditing from top-down and enforcing from bottom-up
  • verify which initiatives/policies should be assigned over the governance structure within the entire Azure Tenant and which one should be placed as part of a Blueprint. Azure Blueprints can also contain additional Initiatives/policies assignment.

Here is one of the possible approach to structure the azure policies:

Initiative NameDescriptionStored location
locationThis initiative contains Azure Policies to set up which Azure Regions are for resource provisioning allowed or not.Root management group
taggingThis initiative contains Azure Policies for tagging the resources and resource groupsRoot management group
monitoringThis initiative contains Azure policies to monitor the entire Azure AD tenant in different levels like tenant, subscription and resourcesRoot management group
Network SecurityThis initiative contains Azure policies to ensure security on network levelRoot management group
IaaSThis initiative contains Azure policies for IaaS workload like Virtual MachinesRoot management group

Policy Initiative – Location

PolicyDescriptionTypeParameter
Allowed locationsName of LocationDenyWest Europe, North Europe
Allowed locations for resource groupName of LocationDenyWest Europe, North Europe

Policy Initiative – Tagging

PolicyDescriptionTypeParameter
Apply tag and default valueAppend a tag and its value to resource groupsAppendEnvironment from Parameter
Owner tbd
CostCenter tbd
EndDate tbd
Service tbd
DataClassification tbd.
ProtectionLevel Low
Require tagInherit a tag from the resource group if missingModifyEnvironment
Owner
CostCenter
EndDate
Service
DataClassification ProtectionLevel

Policy Initiative – Monitoring

PolicyDescriptionTypeParameter
Deploy Log Analytics agent for Linux VMsDeploy Log Analytics agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.DeployIfNotExisitsLog Analytics Workspace
Deploy Log Analytics agent for Windows VMsDeploy Log Analytics agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated.DeployIfNotExisitsLog Analytics Workspace
Deploy Log Analytics agent for Windows virtual machine scale setsDeploy Log Analytics agent for Windows virtual machine scale sets if the VM Image (OS) is in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.DeployIfNotExisitsLog Analytics Workspace
Deploy Log Analytics agent for Linux virtual machine scale setsDeploy Log Analytics agent for Linux virtual machine scale sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.DeployIfNotExisitsLog Analytics Workspace
Deploy Dependency agent for Windows VMsDeploy Dependency agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated.DeployIfNotExisits
Deploy Dependency agent for Windows virtual machine scale setsDeploy Dependency agent for Windows virtual machine scale sets if the VM Image (OS) is in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.DeployIfNotExisits
Deploy Dependency agent for Linux virtual machine scale setsDeploy Dependency agent for Linux virtual machine scale sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.DeployIfNotExisits
Deploy Dependency agent for Linux VMsDeploy Dependency agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.DeployIfNotExisits
The Log Analytics agent should be installed on virtual machinesThis policy audits any Windows/Linux virtual machines if the Log Analytics agent is not installed.DeployIfNotExisits
Show audit results from Windows VMs on which the Log Analytics agent is not connected as expectedThis policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines on which the Log Analytics agent is not connected to the specified workspaces. For more information on Guest Configuration policies, please visit https://aka.ms/gcpolDeployIfNotExisits
Deploy default Microsoft IaaSAntimalware extension for Windows ServerThis policy deploys a Microsoft IaaSAntimalware extension with a default configuration when a VM is not configured with the antimalware extension.AuditIfNotExisits
[Preview]: Audit Windows VMs on which Windows Defender Exploit Guard is not enabledWindows Defender Exploit Guard helps protect against malware that uses exploits to infect devices and spread. Exploit Guard protection consists of a number of mitigations that can be applied to either the operating system or individual apps. This policy requires the Azure Policy for Windows extension. For details, visit https://aka.ms/gcpol.AuditIfNotExisits

Policy Initiative – Network Security

PolicyDescriptionTypeParameter
Subnets should be associated with a Network Security GroupProtect your subnet from potential threats by restricting access to it with a Network Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules that allow or deny network traffic to your subnet.AuditIfNotExisits 
Network Watcher should be enabled  Network Watcher is a regional service that enables you to monitor and diagnose conditions at a network scenario level in, to, and from Azure. Scenario level monitoring enables you to diagnose problems at an end to end network level view. Network diagnostic and visualization tools available with Network Watcher help you understand, diagnose, and gain insights to your network in Azure.AuditIfNotExisits 
Network interfaces should not have public IPs  This policy denies the network interfaces which are configured with any public IP. Public IP addresses allow internet resources to communicate inbound to Azure resources, and Azure resources to communicate outbound to the internet. This should be reviewed by the network security team.Deny               
Deploy network watcher when virtual networks are created  This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.  AuditIfNotExisits 

Policy Initiative – IaaS

PolicyDescriptionEffectParameter
Deploy prerequisites to audit Windows VMs that do not have the password complexity setting enabledThis policy creates a Guest Configuration assignment to audit Windows virtual machines that do not have the password complexity setting enabled. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpolDeployIfNotExists
Show audit results from Windows VMs that do not have the password complexity setting enabledThis policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that do not have the password complexity setting enabled. For more information on Guest Configuration policies, please visit https://aka.ms/gcpolAuditIfNotExisits
Deploy prerequisites to audit Linux VMs that have accounts without passwordsThis policy creates a Guest Configuration assignment to audit Linux virtual machines that have accounts without passwords. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpolDeployIfNotExists
Deploy prerequisites to audit Linux VMs that allow remote connections from accounts without passwordsThis policy creates a Guest Configuration assignment to audit Linux virtual machines that allow remote connections from accounts without passwords. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpolDeployIfNotExists
Deploy prerequisites to audit Linux VMs that do not have the passwd file permissions set to 0644This policy creates a Guest Configuration assignment to audit Linux virtual machines that do not have the passwd file permissions set to 0644. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpolDeployIfNotExists
Show audit results from Linux VMs that do not have the passwd file permissions set to 0644This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Linux virtual machines that do not have the passwd file permissions set to 0644. For more information on Guest Configuration policies, please visit https://aka.ms/gcpolAuditIfNotExisits
Show audit results from Linux VMs that have accounts without passwordsThis policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Linux virtual machines that have accounts without passwords. For more information on Guest Configuration policies, please visit https://aka.ms/gcpolAuditIfNotExisits
Show audit results from Linux VMs that allow remote connections from accounts without passwordsThis policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Linux virtual machines that allow remote connections from accounts without passwords. For more information on Guest Configuration policies, please visit https://aka.ms/gcpolAuditIfNotExisits
Azure Backup should be enabled for Virtual MachinesThis policy helps audit if Azure Backup service is enabled for all Virtual machines. Azure Backup is a cost-effective, one-click backup solution simplifies data recovery and is easier to enable than other cloud backup services.AuditIfNotExisits
Audit VMs that do not use managed disksThis policy audits VMs that do not use managed disksAudit

Share you experiences with Azure Policies and the assignment structure you used.

Trivadis Azure Days 2019, Azure Foundation

Vorstellung von Azure Foundation bei der Trivadis Azure Days 2019.

Trivadis Azure Foundation – Das Fundament für den erfolgreichen Einsatz der Azure Cloud

Die Azure Cloud steuert auf ihr 10-jähriges Jubiläum zu und ist in der Schweiz angekommen. Im Vergleich zum Betrieb von On-Premise Lösungen bietet die Cloud eine Vielzahl von Vorteilen. Viele Aufgaben aus der On-Premise Welt werden im Cloud Computing vom Anbieter übernommen.

Aber die Freiheiten, welche Cloud Computing bietet, sind sehr mächtig und das beste Rezept für Wildwuchs und Chaos. Viele unserer Kunden werden sich erst jetzt bewusst, um welche Aufgaben sie sich bereits vor 5 Jahren hätten kümmern sollen. Die Trivadis Azure Foundation ist unser in der Praxis erprobtes Vorgehen, um alle Vorteile der Cloud optimal Nutzen zu können, ohne die Kontrolle zu verlieren. In dieser Session bekommen Sie einen Einblick in unsere Azure Foundation Methodik, zusätzlich berichten wir von den Azure-Erfahrungen unserer Kunden.

https://speakerdeck.com/nrajah04/mun-azure-foundation-azureday2019-public

Azure Governance Series – Part 1, how to structure Azure Management Groups

Azure Governance Series – Governance Overview

First steps to do before starting with Management Groups:

  • group your Governance, Compliance, and Security requirements top-down and divide it in max. 6 hierarchical levels
  • gather the requirements about the organizational and operational responsibilities

 

Now some more details about these first steps and using the Management Groups to build your Governance in Azure.

As mentioned in the Governance Overview article you had to identify the governance, security and compliance requirements in the organization.

Hints for Requirements Engineering:

  • Internal cost management
  • Distributed responsibilities over companies/departments/teams
  • Separation of environments like dev/test and prod.
  • Multiple operation teams like global IT and company or department IT

discuss that with the CIO, CISO, Enterprise Architects and other key persons. Provide them the possibilities to build a secure and controlled environment in Azure and also all the possibilities how easily they can check if the environment is compliant to the requirements.

Possibilities in Azure:

  • Role-based Access Control
  • Azure Policies
  • Azure Blueprints
  • Azure Privilege Identity Management
  • Security Center
  • Azure Sentinal
  • Azure Advisor
  • Access Review with PIM

You need also to know who will take the organizational responsibility and who the operational responsibility for all the environment parts in Azure.

Responsibilities like:

  • Cost Management
  • Subscription Management
  • New cloud Services/Application onboarding
  • Service Lifecycle Management
  • Core Infrastructure like IAM, Connectivity, Network
  • Service Management Processes

It’s also important to clarify how the operation of the cloud environment will be organized, the environment in the cloud also need operational tasks, but not the same as On-premise but still needed.

Operational Tasks:

  • Core Infrastructure System Management (IAM, Connectivity, Network)
  • General System Management for IaaS (Monitoring, Backup, Disaster Recovery, optimization,
  • Security Management
  • Initial Deployment, Continuous Deployment

This information is needed to design the structure of the Management Groups. The structure of the management groups should be used to show the organizational and operational responsibilities.

Example structure:

The management groups are really useful when there are more than 1 Azure Subscriptions and the responsibilities are distributed over multiple departments or teams. In the case of distributing responsibilities, you can divide that into max. 6 hierarchical levels

Summary about the Management Groups:

  • 6 hierarchical level available, without root management group
  • Management groups are mandatory for using Azure Blueprints

High level to do’s for the Implementation of the Management Groups and using that to ensure Governance in Azure:

  1. Activate Management Groups over the Azure Portal
  2. Create your structure as designed before
  3. Assign the existing subscriptions to the right Management group
  4. Use RBAC to build up the resource security
  5. Create your Azure policies with the requirements you collected before and assign it to the right Management Group level. More about grouping the policies coming in following articles
  6. Create your Blueprints with the defined environment pattern and store it on the right level. That means when you store a Blueprint in a Management Group, it’ll be available for that Management group and all below. More about structuring the Blueprints and design coming in the following articles

Next steps after implementation of the initial structure for Management Groups:

  • Automated provisioning of Management Groups and subscriptions

Do not hesitate to share your feedback and experience here about structuring management groups.

Azure Day @ Trivadis – Where Cloud Enthusiasts meet

Lernen Sie von ausgewiesenen Azure Experten und verbessern Sie Ihre Skills

Die Microsoft Azure Cloud Plattform feiert demnächst ihr 10-jähriges Jubiläum und startet in der Schweiz durch. Cloud Computing ist für unsere Enterprisekunden wichtiger denn je und steht auf der Agenda an erster Stelle. Am Trivadis Azure Day berichten wir von spannenden Best Practice Szenarios und durchdachten Use Cases. Kommen Sie mit uns auf eine Reise durch die Azure Cloud und nehmen Sie unsere Learnings und Best Practices mit nach Hause. Die Konferenz wird in deutscher Sprache gehalten.

Welche wertvollen Insights werden Sie erhalten?

Am Trivadis Azure Day erwarten Sie 2 volle Tracks mit spannenden Sessions zu diversen Themen rund um die Azure Cloud. Die Sprecher sind zum grossen Teil Trivadis Consultants, welche aus Ihren Kundenprojekten aus dem DACH-Raum erzählen. Ergänzt wird die Agenda mit 2 Speakern von unserem Partner Microsoft. Nutzen Sie diese einmalige Gelegenheit, um von unseren Herausforderungen und der Projekterfahrung zu profitieren. Der Trivadis Azure Day ist eine Gelegenheit, die es sonst nirgendwo gibt!
  • Wie starte ich meine Reise in die Cloud?
  • Bots und AI, brauche ich das?
  • Infrastruktur als Code
  • Azure@Helsana
  • Die Azure Foundation – Wie lege ich eine erfolgreiche Basis?
  • Business Intelligence in der Cloud

Die Einführung einer Cloud Plattform in einer Organisation erfordert es, die strategischen, organisatorischen sowie auch die technischen Herausforderungen zu identifizieren und zu meistern.

Bei der Einführung der Azure Cloud Plattform unterscheiden wir zwischen der Azure Foundation und den Azure Solutions. Die Azure Foundation besteht aus drei Säulen, welche die gesamte Azure Cloud Plattform unserer Kunden tragen. Hierzu gehören Azure Governance, Azure Core Infrastruktur und Azure Operations. In dieser Session stellen wir die Azure Foundations vor und erzählen von den Erfahrungen, welche wir in unseren Kundenprojekten gemacht haben.

Für mehr Infos: https://m.trivadis.com/azure-days

Azure Governance with Management Groups, Blueprints and Policies – First steps before the implementation

To adopt Azure as your Enterprise cloud platform, you should start with Cloud Governance to starting work in a controlled and secure Environment. Azure provides several Services to do that, but you still have get your organizations requirements for governance, security and compliance, and configure this Services for your requirements.

Below you can find the main three Azure Services which Azure provides to build Governance in Azure and first steps from my experience to start with this Services before the implementation.

Azure Resource Organization with Management Groups

What is Azure Management Group and which goals can you reach with using of Management Groups:

If your organization has many subscriptions, you may need a way to efficiently manage access, policies, and compliance for those subscriptions. Azure management groups provide a level of scope above subscriptions. You organize subscriptions into containers called “management groups” and apply your governance conditions to the management groups. All subscriptions within a management group automatically inherit the conditions applied to the management group. Management groups give you enterprise-grade management at a large scale no matter what type of subscriptions you might have.

For example, you can apply policies to a management group that limits the regions available for virtual machine (VM) creation. This policy would be applied to all management groups, subscriptions, and resources under that management group by only allowing VMs to be created in that region.

Source https://docs.microsoft.com/de-de/azure/governance/management-groups/index

 

First steps:

  • group your Governance, Compliance, and Security requirements top-down and divide it in max. 6 hierarchical levels
  • separate the organizational and operational responsibilities

 

Azure Policy structure with Initiatives and Effect Types

What is Azure Policy and which goals can you reach with using of these Policies:

Governance validates that your organization can achieve its goals through effective and efficient use of IT. It meets this need by creating clarity between business goals and IT projects.

Does your company experience a significant number of IT issues that never seem to get resolved? Good IT governance involves planning your initiatives and setting priorities on a strategic level to help manage and prevent issues. This strategic need is where Azure Policy comes in.

Azure Policy is a service in Azure that you use to create, assign and, manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. Azure Policy meets this need by evaluating your resources for non-compliance with assigned policies. For example, you can have the policy to allow only a certain SKU size of virtual machines in your environment. Once this policy is implemented, new and existing resources are evaluated for compliance. With the right type of policy, existing resources can be brought into compliance. Later in this documentation, we’ll go over more details on how to create and implement policies with Azure Policy.

Source https://docs.microsoft.com/en-us/azure/governance/policy/overview

 

First steps:

  • verify your Governance, Compliance, and Security requirements from the first part
  • identify which type of effects (auditing or enforcing) make sense four your organization
  • group similar policies to Initiative even it’s only one, use the initiatives
  • start with auditing from top-down and enforcing from bottom-up
  • verify which initiatives/policies should be assigned over the management groups and which one over the Blueprints

 

Azure Blueprint structure for an initial and additional setup

What is Azure Policy and which goals can you reach with using of these Policies:

just as a blueprint allows an engineer or an architect to sketch a project’s design parameters, Azure Blueprints enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization’s standards, patterns, and requirements. Azure Blueprints makes it possible for development teams to rapidly build and stand up new environments with the trust they’re building within organizational compliance with a set of built-in components — such as networking — to speed up development and delivery.

Blueprints are a declarative way to orchestrate the deployment of various resource templates and other artifacts such as:

    • Role Assignments

    • Policy Assignments

    • Azure Resource Manager templates

    • Resource Groups

Source https://docs.microsoft.com/en-us/azure/governance/blueprints/overview

First steps:

  • Sketch your own Azure Environment Templates with organization’s standards, patterns, and requirements to reuse it in multiple Azure Subscriptions.
  • identify the initial Blueprints which contains the basic settings of each Azure subscription in your organization and then create additional blueprints for individual Services like ISO certified SQL Instance and etc.

Cloud Transition, Azure Adoption and Azure Foundation

The Adoption of a cloud platform in an organization requires identifying and mastering the strategic, organizational and technical challenges.

The Adoption of Azure Cloud Plattform can be divided into two steps. The first one is to build up the Azure Foundation and the second one is to build up new Solutions with Azure Services.

The Azure Foundation consists of three pillars that support the entire Azure Cloud platform of customers, including Azure Governance, Azure Core Infrastructure and Azure Operations.

The first pillar “Azure Governance” includes resource Organization, resource Security, auditing and cost Controls.

The second pillar “Azure Core Infrastruktur” includes identity & access management, connectivity, Azure network, Security Management and System Management.

The third pillar “Azure Operations” includes Cloud Service Management and infrastructure Automation.

These three pillars build the Foundation for customers Azure Environment and are ready to carry the new Azure Solutions

As an Azure Solution, a modern environment can be designed and implemented according to business or IT requirements in Azure or Hybrid with OnPremises. e.g. the extension of the OnPrem Datacenter in Azure, compute workloads with VM’s or system/service/application deployment using IaaS as well as PaaS components. The Azure Solutions are offered as Managed Services according to business requests or partly also by the internal IT organization for the business.

 

Einführung von Azure Cloud Plattform in einer zentralen IT Organisation – Teil 3

Die Einführung einer Cloud Plattform in einer Organisation bedingt die strategische, organisatorische sowie auch die technische Herausforderungen zu identifizieren und diese zu meistern.

Die Einführung von Azure Cloud Plattform kann in zwei groben Schritten aufgeteilt werden. Diese zwei Schritte sind die Einführung von der Azure Foundation und der Aufbau von Azure Solutions.

Die Azure Foundation besteht aus drei Säulen welche die gesamte Azure Cloud Plattform der Kunden tragen, dazu gehört das Azure Governance, Azure Core Infrastruktur und Azure Operations.

Die erste Säule “Azure Governance” beinhaltet die Ressourcen Verwaltung, die Ressourcen Sicherung, die Ressourcen Auditierung und die Kostenkontrolle.

Die zweite Säule “Azure Core Infrastruktur” beinhaltet das Identity & Access Management, Konnektivität, Netzwerk, Sicherheit- und System Management.

Die dritte und letzte Säule “Azure Operations” beinhaltet den Cloud Service Management und die Automatisierung der Infrastruktur.

Die drei Säulen bilden das Fundament des Azure Umgebung vom Kunden und stehen bereit die neuen Azure Solutions zu tragen.

Als Azure Solution können eine nach Business oder IT Anforderungen konzipierte und implementierte moderne Umgebungen in Azure oder Hybrid mit OnPremises. z.B. die erweiterung des OnPrem Datacenter in Azure, Compute workloades mit VM’s oder System/Service/Applikation Bereitstellung unter Verwendung von IaaS sowie PaaS Komponenten . Die Azure Solutions werden nach Business Anfragen oder teils auch durch die interne IT Organisation für das Business als Managed Service angeboten.

Vorbereitung auf Microsoft Exam AZ-302 – Azure Solutions Architecture Expert

Ich bereite mich mit den folgenden Lernmaterial für diesen Prüfung vor und möchte denen die das auch geplant haben meine gesammelten Informationen zu Verfügung stellen. Ich wünsche allen viel Erfolg und hoffe das meine Inputs etwas dazu beitragen kann.

 

Prüfungsinhalt:

Determine Workload Requirements (15-20%)

Design for Identity and Security (5-10%)

Design a Business Continuity Strategy (15-20%)

Implement Workload and Security (5-10%)

Implement Authentication and Secure Data (5-10%)

Develop for the Cloud (50%)

Link Sammlung:

eLearning

https://www.udemy.com/az302-azure/

https://app.pluralsight.com/channels/details/acdf22f8-4ab6-4ec9-bbe4-acca6e48bc31

Microsoft Learn Portal

https://docs.microsoft.com/de-de/learn/

Microsoft Hands-on Lab

https://www.microsoft.com/handsonlabs

Azure Doc

https://docs.microsoft.com/de-de/azure/

Dokumente

https://www.microsoft.com/en-ca/learning/certification-exams.aspx?types=true

https://www.microsoft.com/en-ca/learning/online-proctored-exams.aspx

Allgemein

https://www.microsoft.com/en-us/learning/azure-solutions-architect.aspx#skillsandknowledge

https://www.microsoft.com/en-us/learning/exam-AZ-302.aspx

 

Einführung von Azure Cloud Plattform in einer zentralen IT Organisation – Teil 2

Bevor die Einführung einer Cloud Plattform gestartet werden kann, sind einige strategische sowie auch organisatorische Überlegungen evtl. auch Anpassungen notwendig. Die Allgemeine Überlegungen bei einer Cloud Einführung werde ich in einer seperaten Blog Eintrag verfassen.

Die Einführung von Azure Cloud Plattform in einer Organisation beinhaltet verschiedene Schritte, mit dem Bild unten möchte ich gerne einer der möglichen Vorgehenweise bei der Einführung aufzeigen. Diese Vorgehensweise kann ebenfalls auch bei der Einführung von anderen Cloud Plattformen adaptiert werden (die Farbigen blöcke werden evtl. anders benannt).

Die Liste der einzelne Themen ist nicht abschliessend.

kurze Erklärung zum Bild:

  • Weise Blöcke – Konzeptionelle Vorgehensweise und Gruppierung der farbigen Blöcke.
  • Farbigen Blöcke – Organisatorische und Technische Komponenten die bei der Einführung beachtet bzw. implementiert werden können