Microsoft Azure offers a wide range of services to deploy your applications. To keep control of your environment and to make deployments easier, it also offers a wide array of management tools and services.
AI Services
AI is a broad classification of computing that allows a software system to perceive its environment and take actions that maximizes its chance of successfully achieving its goals. A goal of AI is to create a software system that’s able to adapt or learn something on its own without being explicitly programmed to do it. At a high level, there are three primary product offerings from Microsoft:
Azure Machine Learning | A platform to create a process to connect data, train and test models, deploy and use models in real time via API endpoints. Complete control over the design and training of an algorithm using your own data. |
Azure Cognitive Services | Provide pre-built machine learning models that enable applications to see, hear, speak, understand, and even begin to reason. Access these services easily in just a few lines of code, without special machine learning or data science knowledge. |
Azure Bot Service and Bot Framework | Platforms for creating virtual agents that understand and reply to questions just like a human. |
Software Development Tools and Services
Modern software development practices are supported by tools that encompass virtually every aspect of the software development lifecycle. DevOps is a new approach that helps to align technical teams as they work towards common goals. There are three primary offerings:
Azure DevOps Services | A suite of services that address every stage of the software development life cycle. Azure Boards – agile project management Azure Repos – a centralized source code repository Azure Pipelines – continuous integration and delivery Azure Test Plans – an automated test tool Azure Artifacts – hosting artifacts |
GitHub and GitHub Actions | GitHub is the world’s leading developer platform seamlessly integrated with Azure. GitHub Actions enables workflow automation with triggers for many lifecycle events. |
Azure DevTest Labs | An automated means of managing the process of building, setting up, and tearing down virtual machines and more that contain builds of your software projects. |
Azure DevOps vs GitHub
Although both Azure DevOps and GitHub allow public and private cold repositories, GitHub has a long history with public repositories and is trusted by tens of thousands of open source project owners. Azure DevOps has a much more granular set of permissions that allow organizations to refine who is able to perform most operations across the entire toolset.
GitHub is a lighter-weight tool than Azure DevOps with the focus on individual developers contributing to the open-source code. Azure DevOps, on the other hand, is more focused on enterprise development with heavier project management and planning tools and fine-grained access control. In practice, you can mix and match these services as needed.
It’s important for you to understand your organization’s existing investments in tools and services. To evaluate how these dependencies might affect your choice.
Monitoring Services
There are several solutions that can help you react quickly to outages, research intermittent issues, optimize your usage and be proactive in handling future planned downtime. At a high level, there are three primary Azure monitoring offerings:
Azure Advisor | Evaluate resources and make recommendations to help improve reliability, security and performance, to achieve operational excellence and reduce costs. |
Azure Monitor | A platform for collecting, analyzing, visualizing, and potentially taking action based on the metric and logging data from your entire Azure and on-premises environment. |
Azure Service Health | Notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime. |
Managing and Configuring Azure Environment
Microsoft Azure provides a collection of management tooling options to choose from, depending on the situation:
- Visual tools: visual friendly access to Azure functionality
- Code-based tools: quickly setup and configure resources (infrastructure as code)
- Imperative code: each individual step that should be performed to achieve a desired outcome.
- Declarative code: detail only a desired outcome, provide a more robust approach to deploying dozens or hundreds simultaneously and reliably.
Azure Portal | A web-based user interface to access virtually every feature of Azure. |
Azure mobile app | Access your Azure resource when you are away from your computer. |
Azure PowerShell | A shell with which developers and DevOps and IT pros can execute commands called commandlets, which called the Azure REST API to perform every possible management task in Azure. |
Azure CLI | An executable program with which a developer, DevOps or IT pros can execute commands in Bash. |
Azure Resource Manager template | Describe the resources you want to use in a declarative JSON format. The template then orchestrates the creation of those resources in parallel. |
In many respects, the Azure CLI is almost identical to Azure PowerShell in what you can do with it. Both run on Windows, Linux, and Mac, and can be accessed in a web browser via Cloud Shell. The primary difference is the syntax you use.
Azure Serverless Technology
Serverless computing as a term used to describe an execution environment that’s set up and managed for you. It is a cloud-hosted execution environment that runs your code, and you merely specify:
- What you want to happen by writing code or connecting and configuring components in a visual editor.
- The actions that trigger your functionality.
The core Azure services for serverless are
Both Azure Functions and Azure Logic Apps help developers to build robust cloud apps with minimal code. Azure Functions is a serverless compute service and Azure Logic Apps is intended to be a serverless orchestration service.
Azure Functions
Host a single method or function by using a popular programming language in the cloud that runs in response to an event. An event might be an HTTP request, a new message on a queue, or a message on a timer. Azure Function scales automatically and changes accrue only when a function is triggered. It is stateless environment, if state is required, it can be connected to an Azure storage account.
Azure Functions can perform orchestration tasks by using an extension called durable functions, which allows developers to chain functions together while maintaining state. Azure Functions is best suited for software developers and those with expertise in an imperative programming language.
Azure Logic Apps
Logic Apps is a low-code development platform hosted as a cloud service. This service helps you automate and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. Logic Apps simplifies how you design and build scalable solutions, whether in the cloud, on-premises, or both.
This solution covers:
- app integration
- data integration
- system integration
- enterprise application integration
- business-to-business integration
Azure Logic Apps is designed in a web-based designer and can execute a logic that’s triggered by Azure services without your having to write any code, you build an app by linking triggers to actions with connectors.
A trigger is an event such as a timer. An action is a task or step that can execute. Examples of action include working with variables, decision statements, loops, parsing and modifying data. There are over 200 connectors you can choose from, you can build your own connectors by using custom code. Azure Logic Apps is best suited for users who are more comfortable in a visual environment that allows them to automate their business processes.
Azure IoT Services
IoT bridges the physical and digital worlds by enabling devices with sensors and an internet connection to communicate with cloud-based systems via the Internet. Devices that are equipped with sensors could send their sensor readings to a specific endpoint in Azure via a message. The messages’ data is then collected and aggregated and it can be converted into reports and alerts.
Alternately, all devices could be updated with new firmware to fix issues or add new functionality by sending software updates from Azure IoT services to each device. Many services can assist in drive end-to-end solutions for IoT on Azure:
Azure IoT Hub | A managed service that’s hosted in the cloud and that acts as a central message hub for bidirectional communication between your IoT application and the devices it manages. After an IoT Hub receives messages from a device, it can route that message to other Azure services. |
Azure IoT Central | On top of IoT Hub, Azure IoT Central adds a dashboard that allows you to connect, monitor, and manage your IoT devices. You can watch the overall performance across all devices in aggregate. |
Azure Sphere | An end-to-end, highly secure IoT solution for customers that encompasses everything from the hardware and operating system on the device to the secure method of sending messages from the device to the message hub. |
Azure Sphere comes in three parts:
- Micro-controller units. It processes the operating system and signals from attached sensors.
- A customized Linux operating system that handles communication with the security services and can run the vendor’s software.
- Azure Sphere Security Service (AS3). It makes sure that the device has not been maliciously compromised.
Protect Against Security Threats
There are so many factors to consider in order to protect your applications and your data.
Azure Security Center
Azure Security Center is a monitoring service that provides visibility of your security posture across all of your services, both on Azure and on-premises. The term security posture refers to cybersecurity policies and controls, as well as how well you can predict, prevent, and respond to security threats. Security Center can:
- Monitor security settings across on-premises and cloud workloads.
- Automatically apply required security settings to new resources.
- Provide security recommendations.
- Continuous monitoring and automatic security assessments.
- Use machine learning to detect and block malware from being installed on your virtual machines and other resources.
- Detect, and analyze potential inbound attacks and investigate threats and any post-breach activity.
- Provide just-in-time access control for network ports.
Azure Sentinel
Security Information and Event Management (SIEM) systems aggregate security data from many different sources as long as those sources support an open standard logging format. They also provide capabilities for threat detection and response.
Azure Sentinel is Microsoft’s cloud based SIEM system, which uses intelligence security analytics and threat analysis. Azure Sentinel:
- Enables you to collect cloud data at scale across all users, devices, applications and infrastructure both on-premises and from multiple clouds.
- Detect previously undetected threats while minimizing false positives by using Microsoft’s Comprehensive Analytics and Threat Intelligence.
- Investigate threats with artificial intelligence and examined suspicious activities at scale, tapping into years of cybersecurity experience from Microsoft.
- Respond to incidents rapidly by utilizing, built in orchestration and automation of common tasks.
Azure Key Vault
The information such as passwords, encryption keys, and certificates are needed for an application to function, but it might allow an unauthorized person access to application data. Azure Key Vault is a centralized cloud service for storing an application secrets in a single central location. It provides secure access to sensitive information by providing access control and logging capabilities.
Azure Key Vault can help you:
- Manage secrets. For example tokens, passwords, certificates, API keys, and other secrets.
- Manage encryption keys.
- Manage SSL/TLS certificates.
- Store secrets backed by hardware security modules or HSMs.
Azure Dedicated Host
VMs run on shared hardware that Microsoft manages. However, some organizations must follow regulatory compliance that requires them to be the only customer using the physical machine that hosts their virtual machines. Azure Dedicated Host provides dedicated physical servers that will host your Azure VMs for Windows and Linux. It gives you visibility into and control over the server infrastructure that’s running your Azure VMs.
Secure Network Connectivity
The objective of Defense in Depth is to protect information and prevent it from being stolen by those who aren’t authorized to access it. A Defense in Depth strategy uses a series of mechanisms to slow the advance of an attack that aims at acquiring unauthorized access to data. Each layer provides protection, so that if one layer is breached, a subsequent layer is already in place to prevent further exposure.
These layers provide a guideline for you to help make security configuration decisions in all of the layers of your applications. Azure provides security tools and features at every level of the Defense in Depth concept.
Layer | Description |
Physical Security | The first line of defense to protect computing hardware in the data center. |
Identity and Access | Control access to infrastructure and change control. |
Perimeter | Use distributed denial of service protection to filter large scale attacks before they can cause a denial of service for users. |
Network | Limit communication between resources through segmentation and access controls. |
Compute | Secure access to virtual machines. |
Application | Ensure that applications are secure and free of security vulnerabilities |
Data | Control access to business and customer data that you need to protect. |
Your security posture is your organization’s ability to protect from and respond to security threats. The common principles used to define a security posture are:
- Confidentiality
- Principle of least privilege.
- Integrity
- Prevents unauthorized changes to information at rest and in transit.
- Availability
- Ensures that services are functioning and can be accessed only by authorized users.
Azure Firewall
A Firewall is a network security device that
- monitors incoming and outgoing network traffic
- decides whether to allow or block specific traffic based on a defined set of security rules.
Azure Firewall is a managed cloud-based network security service that helps protect resources in your Azure virtual networks. A virtual network is similar to a traditional network that you’d operate in your own data center. It’s a fundamental building block for your private network that enables virtual machines and other compute resources to securely communicate with each other, the internet and on-premises networks.
Azure Firewall is a Stateful Firewall. A Stateful Firewall analyzes the complete context of a network connection, not just an individual package of network traffic.
Azure DDoS Protection
DDoS attack attempts to overwhelm and exhaust an application’s resources, making the application slow or unresponsive to legitimate users. Azure DDoS Protection helps protect your Azure resources from DDoS attacks.
DDoS Protection uses the scale and elasticity of Microsoft’s global network to bring DDoS mitigation capacity to every Azure region. The DDoS Protection Service helps protect your azure applications by analyzing and discarding DDoS traffic at the Azure network edge before it can affect your services availability.
Network Security Groups (NSGs)
A network security group enables you to filter network traffic to and from Azure resources within an Azure virtual network. You can think of an NSG like an internal firewall. An NSG can contain multiple inbound and outbound security rules that enable you to filter traffic to and from resources by source and destination IP address, port and protocol.
My Certificate
For more on Azure Management Tools and Security Solutions, please refer to the wonderful course here https://www.coursera.org/learn/microsoft-azure-management-security
Related Quick Recap
I am Kesler Zhu, thank you for visiting my website. Check out more course reviews at https://KZHU.ai