Read on:
Microsoft Azure for Beginners : Understanding Azure Terminologies – Part 1
Microsoft Azure for Beginners : How to Create an Azure Virtual Machine – Part 2
Welcome to yet another article in the “Azure for beginners” series. In the 1st article, we looked at the Azure Terminologies and what exactly the term Cloud means. In the 2nd article, we looked at the differences between IaaS, PaaS, and SaaS and then went straight into deploying the most common IaaS service, a Virtual Machine in Azure.
Azure Governance?
In this article, we are going to look at Azure Governance. Azure Governance is a Cloud (security) framework that provides guidelines for adequately setting up the Azure environment. It goes too far to cover everything so I will cover the most important topics in this article.
Subscription Management
The use of Azure is through subscriptions. Microsoft’s Cloud Adoption Framework (a framework describing the best practices for moving to and from the Cloud) recommends using a subscription per type of workload. This way, the environment becomes scalable and manageable. Microsoft recommends the use of management groups. Here you can make specific settings based on subscriptions.
Cost Management
By using subscriptions, costs are automatically generated. To avoid being surprised by the costs, cost management (part of Cloud governance) is essential. By having insight into the costs of the Cloud, you can manage them better and will not be surprised by them.
There are several ways to gain insight into costs. For example, this can be done using multiple subscriptions (see above) and tags. With tags, it is possible to identify resources within Azure. Based on these Tags, actions can be linked, or resources (and thus costs) can be identified.
Security
Because a growing number of resources are now in the Cloud, the role of security in the Cloud has become increasingly important. Microsoft invests a lot of resources and money in security and continuously advises customers and partners with best practices (baselines), tooling, and tips. Also, especially in the case of PaaS and SaaS services, Microsoft is doing more and more. However, in the case of IaaS, much of the responsibility remains with the customer.
Azure provides a broad set of services and capabilities to take control.
For example, Azure policy allows you to enforce a comprehensive set of rules.
For example, with Azure Policy, you can:
- Only allow resources to be deployed only to the nearest data center (think government rules like AVG)
- Not allow specific (expensive!) resources to be deployed
- Enforce the use of Tags so that resources are always identifiable and specific tasks can be performed based on these Tags
The security steps in the framework provide guidelines on what to take into account and what the possible impact on the organization may be.
Resource Consistency
Resource Consistency focuses on the ways to establish policies related to the operational management of an environment, application or workload. The IT department often provides monitoring of applications, workload and asset performance. They also (often) perform the tasks necessary to meet scaling requirements, repair failures and try to prevent them by proactively implementing improvements. Resource Consistency helps define the policies to which the above work must conform.
Resource Consistency ensures that resources are configured consistently that they can be monitored by IT operations, recovered if there is a disaster, and incorporated into repeatable operational processes. Think monitoring, dashboards and (automated) recovery operations and procedures.
Identity and Security Baselines
As an increasing number of workloads move towards the Cloud, identity as the primary security perimeter in the Cloud becomes increasingly important, which is a big difference from traditional environments. To accomplish this, a security baseline should be in place and should be consistently applied when migrating to and using the Cloud.
Security is a part of any IT project and the Cloud brings unique security issues. Many companies are subject to regulatory requirements such as the AVG that make protecting sensitive data a key organizational priority. Identifying potential security risks and establishing processes and procedures to address them should be a priority for any IT security or cybersecurity team.
The Security Baseline ensures that technical requirements and security constraints are consistently applied to Cloud environments.
Deployment Acceleration
Deployment Acceleration describes the deployment, configuration and reusability of automation and the use of Infrastructure As Code. Through templates, the environment is deployed according to agreed standards and kept up-to-date. This also prevents errors (due to typos, for example) and prevents forgetting things.
This can be fully automated by using Azure Devops, for example, or still partially manual by deploying template files with Powershell. These scripts are reusable and can be updated to the latest standard each time.
The advantage for the management team is that once the scripts are ready for use, an enormous amount of time can be saved in the deployment of resources while no concessions are made on security and/or governance.
Conclusion
In this article I have covered the main pillars of Cloud Governance. It is going too far to cover all the details but what is important to know is that Microsoft offers a huge set of guidelines and services to help this. Also, I hope the importance of Cloud Governance has now become clear(er) .
One can find more information on Cloud Governance here
My next Azure for Beginners article will be about PaaS services!
Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.
