Archive
Microsoft Azure IaaS Operations Guidance – #AAD, #RBAC, #ARM, #Microsoft, #Azure
Here you can find a ton of great guidance material for Azure operations by mzbowe! Really good summary!
This is a collection of Azure Infrastructure installation and operational guidance resources I provide to my customers. By keeping these links up to date with each engagement, all of my customers may benefit. Hopefully you can too! The latest Azure updates will always be at Azure service updates. Make it part of your operational procedure to review that monthly, if not weekly! In 2015, there were over 500 updates. Wow!
The goal of this guide to highlight core installation and operational procedures for an Azure IaaS deployment which predominantly will consist of Compute, Network and Storage resources. This article Azure Infrastructure Services Implementation Guidelines, gives a pretty good run down of what needs to be created and in what order. The resources I will keep updated below pretty much follow most of those resources in the last link. But for now, there is a very important piece of that puzzle missing. For the newer Azure Resource Manager (ARM) model of deployment, we need to plan, design and create Azure Resource Groups. Once we have Resource Groups, we can delegate administration with Role Based Access Control (RBAC).
Besides all this, if you just need to ramp up and learn more on Azure, go to the Azure Learning Paths page. Check it out and learn something new! I also have my Azure Certification resources (Slides and Videos) from MS Ignite 2015, to get you certified and ready to go!
- aka.ma/Certification/70-533 | Microsoft Azure Infrastructure Certification Prep
- aka.ma/Certification/70-534 | Microsoft Azure Architecture Certification Prep
Azure Active Directory
- How Azure subscriptions are associated with Azure Active Directory
- This is an important link to read and understand. Microsoft Azure does not equal Azure Active Directory. If you create a brand new Azure subscription, you will have an Azure Active Directory tenant by default. But, sometimes companies have Office 365 first, without an Azure Subscription. With Office 365, you get an Azure Active Directory tenant for free. That is your cloud directory. It can be standalone. Or many companies will synchronize or federate with their on-premises identities. But, an Azure AD tenant for Office 265 is not necessarily tied to an Azure Subscription. An Azure subscription is just another service like Office 365. If your company is going to have both, then the KEY goal is that both of those connect to the same Azure Active Directory tenant. So if you started Office 365 and made the primary domain name contoso.com, then when you login to create an Azure subscription, make sure to do so with a Global Admin account in the contoso.com Azure AD tenant that you use to administer Office 365. See Manage the directory for your Office 365 subscription in Azure.
- Azure Active Directory editions
- Before you get too excited about everything you discover on the azure website, make sure you know what version you have. There are many flavors and enterprise agreements. Depending on the version you have, you may have more or less services available to you. Azure Active Directory Premium will get you the whole kitchen sink. But there are different ways to get that as well e.g. an Enterprise Mobility Suite license.
- Hybrid Identity Design Considerations
- The Four Pillars of Identity – Identity Management in the Age of Hybrid IT
- Azure Active Directory Authentication Protocols
- Authentication Scenarios for Azure AD
- Azure Active Directory federation compatibility list: third-party identity providers that can be used to implement single sign-on
- Azure AD terminology
- Getting started with Azure Multi-Factor Authentication in the cloud
- Azure AD Privileged Identity Management
Azure AD Operational Guidance
- Administer your Azure AD directory
- Assigning administrator roles in Azure Active Directory (Azure AD)
- Create or edit users in Azure Active Directory
- Azure AD Password Reset for Users and Admins
- Managing access to resources with Azure Active Directory groups
- View your access and usage reports which is part of
Microsoft and AzureCon delivers! Love it! – #Azure, #AzureCon, #EnvokeIT, #IoT, #SaaS, #PaaS
I really love the way that Microsoft and Azure delivers! It’s so amazing with all the PaaS and SaaS offerings they now have on top of the traditional IaaS delivery. There is no other cloud provider out there that delivers anything near it! I’m amazed and so happy to be a part of this journey!
If you didn’t have the time to look at AzureCon you have a lot of great videos and topics to go through!!
Here is a short overview of the many great things released and presented:
- General Availability of 3 new Azure regions in India
- Announcing new N-series of Virtual Machines with GPU capabilities
- Announcing Azure IoT Suite available to purchase
- Announcing Azure Container Service
- Announcing Azure Security Center
Watching the Videos
All of the talks presented at AzureCon (including the 60 breakout talks) are now available to watch online. You can browse and watch all of the sessions here.
Announcing General Availability of 3 new Azure regions in India
Yesterday we announced the general availability of our new India regions: Mumbai (West), Chennai (South) and Pune (Central). They are now available for you to deploy solutions into.
This brings our worldwide presence of Azure regions up to 24 regions, more than AWS and Google combined. Over 125 customers and partners have been participating in the private preview of our new India regions. We are seeing tremendous interest from industry sectors like Public Sector, Banking Financial Services, Insurance and Healthcare whose cloud adoption has been restricted by data residency requirements. You can all now deploy your solutions too.
Announcing N-series of Virtual Machines with GPU Support
This week we announced our new N-series family of Azure Virtual Machines that enable GPU capabilities. Featuring NVidia’s best of breed Tesla GPUs, these Virtual Machines will help you run a variety of workloads ranging from remote visualization to machine learning to analytics.
The N-series VMs feature NVidia’s flagship GPU, the K80 which is well supported by NVidia’s CUDA development community. N-series will also have VM configurations featuring the latest M60 which was recently announced by NVidia. With support for M60, Azure becomes the first hyperscale cloud provider to bring the capabilities of NVidia’s Quadro High End Graphics Support to the cloud. In addition, N-series combines GPU capabilities with the superfast RDMA interconnect so you can run multi-machine, multi-GPU workloads such as Deep Learning and Skype Translator Training.
Announcing Azure Security Center
This week we announced the new Azure Security Center—a new Azure service that gives you visibility and control of the security of your Azure resources, and helps you stay ahead of threats and attacks. Azure is the first cloud platform to provide unified security management with capabilities that help you prevent, detect, and respond to threats.
The Azure Security Center provides a unified view of your security state, so your team and/or your organization’s security specialists can get the information they need to evaluate risk across the workloads they run in the cloud. Based on customizable policy, the service can provide recommendations. For example, the policy might be that all web applications should be protected by a web application firewall. If so, the Azure Security Center will automatically detect when web apps you host in Azure don’t have a web application firewall configured, and provide a quick and direct workflow to get a firewall from one of our partners deployed and configured: Read more…
Converged Microsoft Account and Azure Active Directory Programming Model – #Microsoft, #Azure
Wow, finally Microsoft is doing something about the Microsoft Account and Azure AD identity “mess”! 🙂
Until now, building an application that worked with both personal and business accounts from Microsoft required integrating with two different technology stacks. Not only that, you had to have separate buttons in your app where your user needed to choose, up front, to sign-in with a personal account or a work or school account.
With the v2 app model preview, it is possible to sign-in both personal and work users with a single button. Let’s take a quick look at the end user’s experience. We begin with your application, with the addition of a “Sign-in with Microsoft” button.
We’re using the Microsoft brand because end users don’t know about Azure or Azure Active Directory. But they do know that Windows, Outlook, OneDrive, Xbox, and Office 365 are services from Microsoft and they need an account from Microsoft to sign-in there.
When the user clicks the button, they come to a consolidated sign-in page:
The user enters their username. Under the covers we figure out if the username corresponds to a personal account or a work account. Then we take the user to the right page to enter their password. Today this may involve a redirect – in the future we’ll optimize this out.
Read more here!
//Richard
Azure AD Premium a visionary in Gartner IDaaS Magic Quadrant! I love it! – #Azure, #AzureAD, #IDaaS
This is awesome! I just love what Microsoft is doing with all the cool Azure offerings! That’s also why I’ve been digging deeper into this area lately and also took the Microsoft Specialist – Architecting Microsoft Azure Solutions exam and been playing around with Azure AD, DirSync and ADFS a lot.
Now with the whole release of Windows 10, Azure AD, Intune, ADFS and System Center we’re going to have a lovely story going forward with how to do client management going forward, just take a Windows 1o device, join it through Azure AD, Intune and federation and then sign in using your on-premise AD credentials. On top of that you can also then leverage Azure AD or federation with it for your SaaS apps as well and with SSO, and why not use the Azure connector to make your on-premise web apps available on the Internet with authentication as well!
Microsoft and Azure rocks!
Now also with the magic quadrant from Gartner that shows how well Microsoft is doing! It look very promissing, and just think about combingin all this also with Citrix Workspace cloud going forward! So great! 🙂
Gartner just released their Magic Quadrant for Identity Management as a Service (IDaaS) and after only ~10 months in market, Azure AD premium was placed in the “Visionary” quadrant, far to the right of our competitors for our completeness of vision and our ability to execute, only slightly below companies with established, multi-year track records.
If you are a Gartner client, you can find the report here. We will have a complimentary copy to share soon, so please check back.
We’re really pleased with this result. We believe it validates our vision of providing of a complete solution for hybrid identity management, a solution that includes not just a directory and employee identity management, but full suite of identity capabilities, an integrated device management offering (Microsoft Intune), leading edge information protection (Azure RMS) and a robust set monitoring and security capabilities.
I am especially delighted by this validation because it says a lot about our customers, implementation partners and ISV partners who have worked together with us. They have been awesome about sharing their time and energy every day, to make sure that the products and services we build meet their needs and are helping them position their companies to thrive in the emerging world of cloud and devices.
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft.
Gartner does not endorse any vendor, product…
Continue reading here!
//Richard
#Microsoft – On the right track! – #Windows, #BYOD, #Citrix
I don’t know if you all agree but I find that Microsoft is making some really good strategic decisions to align themselves and be ready for the “next generation” workplace and client services. Everyone has been talking about BYOx and that everyone will bring their own device and consume business services and functions on that device in parallel to doing personal stuff.
But has BYOD taken off yet?
I personally think that it hasn’t to the extent that many thought it would, there are some companies in some countries that have adopted it for some use cases and user categories, but the majority is still struggling with it though their business apps and functions aren’t really there to support this way of working yet.
Even if they have a NetScaler or similar remote access capabilities with some sort of Desktop and App virtualization (like Citrix XenDesktop) to run the apps it’s still not enough. How do you solve the offline working scenario? And isn’t hosted apps and desktops just a legacy workaround until those business processes have been SaaS’ified? And what about “dropbox” alternatives, H: drives and G: drives, Sharepoint data etc. There is still a user data mess (read my earlier post on this) that needs to be solved and especially a “mega aggregator” tool for getting data/content and synch across devices in a secure manner (data also encrypted at rest on ALL devices and not just mobiles)…
Microsoft is kind of stepping up here I must say from a strategy point of view that makes me believe in them, even though I’ve said that no one ever will take my MacBook Air from me! Have a look at the features that are coming with Windows 8.1 to support a more “semi-controlled” or “semi-trusted” device, and the new cloud services like Azure AD, Windows Intunes offerings in combination with the online messaging and collaboration Office 365 services. And they are apparently also working on a “legacy” cloud service to offer desktops as a service (DaaS) as I wrote in a previous blog post as well.
I think that Microsoft is moving in the right direction towards offering the next generation enterprise IT services and to support the new way of working, and fast!
Have a look at these posts/articles on the news in Windows 8.1:
Everything you need, right from (the) Start
Microsoft is focused on delivering one experience across all the devices in your life. The centerpiece of that strategy and experience are the Microsoft services and apps that come right from (the) Start on your new Windows device.
This is the first blog post in a series that will highlight the apps and services driving toward this “one experience” vision. This experience comes to life through more than 20 new and improved Microsoft apps and services that come as part of Windows 8.1, including a new one that we are announcing today – Skype, right from (the) Start!
It’s where you want to go today….
#Windows #Azure Active Directory steps out of the shadows
I’ve blogged about this release before with some info but here is another good article about how it can assist you in managing user authentication in the cloud.
Microsoft recently announced the general availability of Windows Azure Active Directory, a cloud-based service that lets admins manage multiple user identities and access. Although it’s been lurking in the background of other Microsoft products for some time — and still requires work to make it a fully useful tool — it’s a step in the right direction.
At its core, Windows Azure Active Directory is essentially a copy of Active Directory held in the cloud that provides basic authorization and authentication when users access cloud services. Ideally, admins use it to centralize the database of authorized users for cloud services, which then lets them authorize employees and contractors to work in certain applications. This allowance includes both Microsoft and third-party applications that accept authentication through common industry standards.
Through synchronization with an on-premises Active Directory deployment, you can also deploy single sign-on, so users don’t have to remember multiple passwords or enter them more than once to access cloud applications. More importantly, it provides a better way to remove access to cloud services for users who have left the company — a previous weak link in the cloud identity management story.
Windows Azure Active Directory: Not exactly new
True to Microsoft’s history of dogfooding its own products, Windows Azure Active Directory had been in use for nearly a year before its current general release. Few actually knew that all Office 365 accounts have been using a preview release of Windows Azure Active Directory for some time. Users of the general Windows Azure service, Dynamics CRM andWindows Intune also have their details stored in private Windows Azure Active Directory accounts.
According to Microsoft, since just after the beginning of the 2013 calendar year, “Windows Azure AD has processed over 65 billion authentication requests while maintaining 99.97% or better monthly availability.” Windows Azure Active Directory is a distributed service running across 14 of Microsoft’s data centers all over the globe.
User interface improvements
One improvement that happened between the preview release of Windows Azure Active Directory and the Web version release is the user interface, which was basically nonexistent before. Now you can access a clean section of the modern-looking Windows Azure control panel to create and manage instances of Windows Azure Active Directory (Figure 1).
You can add these instances to your Windows Azure subscription by logging into your Microsoft account, which…
Continue reading here!
//Richard
Windows Azure Active Directory (AD) has reached General Availability!
This is cool! And I think that it’s a great step in the right direction for many companies! 🙂
Windows Azure Active Directory
Windows Azure Active Directory (Windows Azure AD) is a modern, REST-based service that provides identity management and access control capabilities for your cloud applications. Now you have one identity service across Windows Azure, Microsoft Office 365, Dynamics CRM Online, Windows Intune and other 3rd party cloud services. Windows Azure Active Directory provides a cloud-based identity provider that easily integrates with your on-premises AD deployments and full support of third party identity providers.
Use Windows Azure AD to:
Integrate with your on-premises active directory
Quickly extend your existing on-premises Active Directory to apply policy and control and authenticate users with their existing corporate credentials to Windows Azure and other cloud services.
Offer access control for you applications
Easily manage access to your applications based on centralized policy and rules. Ensure consistent and appropriate access to your organizations applications is maintained to meet critical internal security and compliance needs. Windows Azure AD Access Control provides developers centralized authentication and authorization for applications in Windows Azure using either consumer identity providers or your on-premises Windows Server Active Directory
Build social connections across the enterprise
Windows Azure AD Graph is an innovative social enterprise graph providing an easy RESTful interface for accessing objects such as Users, Groups, and Roles with an explorer view for easily discovering information and relationships.
Provide single sign-on across your cloud applications
Provide your users with a seamless, single sign-on experience across Microsoft Online Services, third party cloud services and applications built on Windows Azure with popular web identity providers like Microsoft Account, Google, Yahoo!, and Facebook.
Read more about the service here!
Pricing
Access Control
Access Control is available at no charge. Historically, we have charged for Access Control based on the number of transactions. We are now making it a free benefit of using Windows Azure.
Directory
The base directory, Tenant, User & Group Management, Single Sign On, Graph API, Cloud application provisioning, Directory Synchronization and Directory Federation, is available at no charge. Certain additional capabilities such as Azure AD Rights Management will be available as a separately priced option.
Read more about pricing here!
//Richard
The IT Melting Pot! 