Schlagwort: Consulting

Azure Governance with Management Groups, Blueprints and Policies – First steps before the implementation

Published on by Nisanth RajahLeave a comment

To adopt Azure as your Enterprise cloud platform, you should start with Cloud Governance to starting work in a controlled and secure Environment. Azure provides several Services to do that, but you still have get your organizations requirements for governance, security and compliance, and configure this Services for your requirements.

Below you can find the main three Azure Services which Azure provides to build Governance in Azure and first steps from my experience to start with this Services before the implementation.

Azure Resource Organization with Management Groups

What is Azure Management Group and which goals can you reach with using of Management Groups:

If your organization has many subscriptions, you may need a way to efficiently manage access, policies, and compliance for those subscriptions. Azure management groups provide a level of scope above subscriptions. You organize subscriptions into containers called “management groups” and apply your governance conditions to the management groups. All subscriptions within a management group automatically inherit the conditions applied to the management group. Management groups give you enterprise-grade management at a large scale no matter what type of subscriptions you might have.

For example, you can apply policies to a management group that limits the regions available for virtual machine (VM) creation. This policy would be applied to all management groups, subscriptions, and resources under that management group by only allowing VMs to be created in that region.

Source https://docs.microsoft.com/de-de/azure/governance/management-groups/index

 

First steps:

  • group your Governance, Compliance, and Security requirements top-down and divide it in max. 6 hierarchical levels
  • separate the organizational and operational responsibilities

 

Azure Policy structure with Initiatives and Effect Types

What is Azure Policy and which goals can you reach with using of these Policies:

Governance validates that your organization can achieve its goals through effective and efficient use of IT. It meets this need by creating clarity between business goals and IT projects.

Does your company experience a significant number of IT issues that never seem to get resolved? Good IT governance involves planning your initiatives and setting priorities on a strategic level to help manage and prevent issues. This strategic need is where Azure Policy comes in.

Azure Policy is a service in Azure that you use to create, assign and, manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. Azure Policy meets this need by evaluating your resources for non-compliance with assigned policies. For example, you can have the policy to allow only a certain SKU size of virtual machines in your environment. Once this policy is implemented, new and existing resources are evaluated for compliance. With the right type of policy, existing resources can be brought into compliance. Later in this documentation, we’ll go over more details on how to create and implement policies with Azure Policy.

Source https://docs.microsoft.com/en-us/azure/governance/policy/overview

 

First steps:

  • verify your Governance, Compliance, and Security requirements from the first part
  • identify which type of effects (auditing or enforcing) make sense four your organization
  • group similar policies to Initiative even it’s only one, use the initiatives
  • start with auditing from top-down and enforcing from bottom-up
  • verify which initiatives/policies should be assigned over the management groups and which one over the Blueprints

 

Azure Blueprint structure for an initial and additional setup

What is Azure Policy and which goals can you reach with using of these Policies:

just as a blueprint allows an engineer or an architect to sketch a project’s design parameters, Azure Blueprints enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization’s standards, patterns, and requirements. Azure Blueprints makes it possible for development teams to rapidly build and stand up new environments with the trust they’re building within organizational compliance with a set of built-in components — such as networking — to speed up development and delivery.

Blueprints are a declarative way to orchestrate the deployment of various resource templates and other artifacts such as:

    • Role Assignments

    • Policy Assignments

    • Azure Resource Manager templates

    • Resource Groups

Source https://docs.microsoft.com/en-us/azure/governance/blueprints/overview

First steps:

  • Sketch your own Azure Environment Templates with organization’s standards, patterns, and requirements to reuse it in multiple Azure Subscriptions.
  • identify the initial Blueprints which contains the basic settings of each Azure subscription in your organization and then create additional blueprints for individual Services like ISO certified SQL Instance and etc.

Cloud Transition, Azure Adoption and Azure Foundation

Published on by Nisanth RajahLeave a comment

The Adoption of a cloud platform in an organization requires identifying and mastering the strategic, organizational and technical challenges.

The Adoption of Azure Cloud Plattform can be divided into two steps. The first one is to build up the Azure Foundation and the second one is to build up new Solutions with Azure Services.

The Azure Foundation consists of three pillars that support the entire Azure Cloud platform of customers, including Azure Governance, Azure Core Infrastructure and Azure Operations.

The first pillar “Azure Governance” includes resource Organization, resource Security, auditing and cost Controls.

The second pillar “Azure Core Infrastruktur” includes identity & access management, connectivity, Azure network, Security Management and System Management.

The third pillar “Azure Operations” includes Cloud Service Management and infrastructure Automation.

These three pillars build the Foundation for customers Azure Environment and are ready to carry the new Azure Solutions

As an Azure Solution, a modern environment can be designed and implemented according to business or IT requirements in Azure or Hybrid with OnPremises. e.g. the extension of the OnPrem Datacenter in Azure, compute workloads with VM’s or system/service/application deployment using IaaS as well as PaaS components. The Azure Solutions are offered as Managed Services according to business requests or partly also by the internal IT organization for the business.

 

Einführung von Azure Cloud Plattform in einer zentralen IT Organisation – Teil 2

Published on by Nisanth RajahLeave a comment

Bevor die Einführung einer Cloud Plattform gestartet werden kann, sind einige strategische sowie auch organisatorische Überlegungen evtl. auch Anpassungen notwendig. Die Allgemeine Überlegungen bei einer Cloud Einführung werde ich in einer seperaten Blog Eintrag verfassen.

Die Einführung von Azure Cloud Plattform in einer Organisation beinhaltet verschiedene Schritte, mit dem Bild unten möchte ich gerne einer der möglichen Vorgehenweise bei der Einführung aufzeigen. Diese Vorgehensweise kann ebenfalls auch bei der Einführung von anderen Cloud Plattformen adaptiert werden (die Farbigen blöcke werden evtl. anders benannt).

Die Liste der einzelne Themen ist nicht abschliessend.

kurze Erklärung zum Bild:

  • Weise Blöcke – Konzeptionelle Vorgehensweise und Gruppierung der farbigen Blöcke.
  • Farbigen Blöcke – Organisatorische und Technische Komponenten die bei der Einführung beachtet bzw. implementiert werden können

 

Einführung von Azure Cloud Plattform in einer zentralen IT Organisation – Teil 1

Published on by Nisanth Rajah1 Comment

  • Ohh cool, im Azure kann ich die Servern für meine neue Applikation selber ausrollen und muss nicht auf die langsame zentrale IT warten

  • Wir brauchen die nächste Woche 10 Virtuelle Maschinen mit je 128CPU’s und 1024GB Memory

  • Die neue Servern laufen schon bei AWS, jetzt brauchen wir die Stammdaten aus der Organisation

wie viele von derartigen Anfragen kommen heutzutage zu der interne Zentrale IT?

Auch wenn diese Anfragen teils sehr mühsam klingen, ist all das heutzutage mit den Cloud Providern wie Microsoft, Amazon oder Google für jeder zugänglich.

Die Business Anforderungen haben sich an der Entwicklung der Technologie angepasst, aber für eine IT Organisation ist dies nicht ganz ohne. Die Hauptaufgabe einer IT Organisation besteht darin, den Betrieb von Business kritischen Systemen stabil zu halten und die verfügbaren Ressourcen effizient zu nutzen. Die Anforderungen aus der Business dürfen aber trotzdem nicht unbeachtet bleiben, da ja jeder der eine Kreditkarte besitzt, die Ressourcen mit ein paar Klicks beziehen kann 🙂

Gerne möchte ich mit euch meine Erfahrung in einer zentralen IT, welche sich entschieden hat, neben der stabilen Betrieb auch die Business Anforderungen gerecht zu werden, die Einführung von Azure Cloud Plattform initiiert hat.

 

Willkommen auf meiner Blog Seite

Published on by Nisanth RajahLeave a comment

Gerne möchte ich mit euch meine Erfahrungen in Identity Management und Cloud Themen mit euch austauschen.

Ich arbeite schon über 10 Jahren in der IT, angefangen als System Engineer für Windows Server Systeme und VMware Virtualisierung, jetzt als Senior Consultant und Cloud Solution Architekt für Microsoft Azure Plattform. Schon mehr als 3 Jahren beschäftige ich mich vertieft mit Identity Management Lösungen und Cloud Architektur.

Weitere Informationen zu meinem Werdegang und über mich findest du auf der About Me Seite.

Viele Grüsse
Nisanth Rajah