Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management


Leave a comment

Whitepaper Achieving Compliant Data Residency and Security with #Azure #Cloud

Introduction

Security and compliance–basic elements of the trusted cloud–are top priorities for organizations today. This paper is designed to help customers ensure that their data is handled in a manner that meets their data protection, regulatory, and sovereignty requirements on the global cloud architecture of Microsoft Azure. Transparency and control are also essential to establishing and maintaining trust in cloud technology. Microsoft recognizes that restricted and regulated industries require additional details for their risk management and to ensure compliance at all times. Microsoft provides an industry-leading security and compliance portfolio. Security is built into the Azure platform, beginning with the development process, which is conducted in accordance with the Security Development Lifecycle (SDL), and includes technologies, controls and tools that address data management and governance, Active Directory identity and access controls, network and infrastructure security technologies and tools, threat protection, and encryption to protect data in transit and at rest. Microsoft also provides customers with choices to select and limit the types and locations of data storage on Azure. With the innovation of the security and compliance frameworks, customers in regulated industries can successfully run mission-critical workloads in the cloud and leverage all the advantages of the Microsoft hyperscale cloud. This simple approach can assist customers in meeting the data protection requirements of government regulations or company policies by helping them to:

Understand data protection obligations.

Understand the services and controls that Azure provides to help its customers meet those obligations.

Understand the evidence that customers need to assert compliance.

The paper is structured into these three sections, with each diving deeper into the security and technologies that help Microsoft customers to meet data protection requirements. The final section discusses specific requirements to which industries and organizations in selected European markets are subject.

Download this Awesome whitepaper, “Achieving compliant data residency and security with Azure.”

Learn here more on Compliance, Trust, Security and Responsibilities


Leave a comment

Bye Bye 2018 vs Hello 2019 #MVPbuzz #Azure #Cloud #AzureDevOps #Education #Code #Analytics

Happy New Year !

First of all Thank you for following me and Sharing Microsoft Cloud and Datacenter Management content on Social Media 🙂 Sharing & Learning Together is Better. 

Here some work I did for the Community in 2018 :

  •  I wrote 62 Blogposts in 2018 on https://mountainss.wordpress.com and shared them on LinkedIn,
    Twitter, Facebook and Microsoft Tech Community
  • Made a Blogpost Serie about :
    It’s all about your Datacenter transition to the Cloud by Design and by Security.
    Microsoft Azure Hub-Spoke model by Enterprise Design

  • Started Azure DevOps Community Group on LinkedIn
  • Together with Community Groups :  Microsoft Azure Monitor and Security for Hybrid IT and
    Containers in the Cloud

    @Jamesvandenberg
  • Welcome 577 New Followers on Twitter of the 5904 Followers 🙂
    More then 2.807.000 Tweet impressions in One year !
  • Started with Friday is MVPbuzz Day for Education to get Azure Cloud in the Classroom, working together with Teachers and Students in my Free time.
  • Working with Microsoft Learn in Teams for the Students.
  • Meetings and Speaking for Education, all about Azure and AzureStack Technologies.
  • Conferences, like the Global MVP Summit 2018, DevOps Amsterdam, Community Group meetings.
    Microsoft Ignite, Microsoft Build, Microsoft Connect events.
  • Almost every week Microsoft Product Group Intervention (PGI) sessions Online.
  • Sharing the News every Day via Twitter, Facebook, LinkedIn, Microsoft Tech Community, Blog

But what is coming in 2019 ?

Rocking with Azure in the Classroom !

I will continue every day sharing knowledge with the Community and continue my Free work on MVPbuzz Friday for Education to get Azure Cloud Technology in the Classroom for Teachers and Students.
The trend I see for 2019 is more Infrastructure and Security by Code with Microsoft Azure DevOps
and of course you have to be in Control with Microsoft Azure Monitor

I will write a blogpost in January 2019 about Microsoft Azure Hub-Spoke model by Enterprise Design 4 of 4 : Optimize your Azure Workload.

More Items in 2019 to come :

  • Microsoft Azure Security Center for Hybrid IT
  • Windows Server 2019 in combination with Azure Cloud Services.
  • More on Containers in the Cloud
  • Azure Stack and ASDK
  • Integration with Azure Cloud.
  • API Management
  • Azure DevOps Pipelines and Collabration
  • Azure IoT for Smart Cities and Buildings combined with AI Technology

2019 will be a Great year again with New Microsoft Technologies and Features for your business.


Leave a comment

#Microsoft Azure virtual datacenter HUB-Spoke Model: A network perspective #Cloud #Azure #Security

Microsoft Azure HUB-Spoke Model

When you have your Microsoft Azure Architectural Design in place like a HUB-Spoke model this Microsoft documentation can help you with the Security and networking design in Microsoft Azure Cloud services.

The Virtual Data Center (VDC) isn’t just the application workloads in the cloud. It’s also the network, security, management, and infrastructure. Examples are DNS and directory services. It usually provides a private connection back to an on-premises network or datacenter. As more and more workloads move to Azure, it’s important to think about the supporting infrastructure and objects that these workloads are placed in. Think carefully about how resources are structured to avoid the proliferation of hundreds of workload islands that must be managed separately with independent data flow, security models, and compliance challenges.

Read this Awesome Microsoft Azure Virtual Data Center documentation from a Network perspective here

Conclusion :

When you have your Microsoft Azure High Level Design, get your security and network in Azure in place in a manageable way for your Cloud Administrators and your Business. Here are some tips:

  • Understand the data workflows in your Azure Virtual Data Center.
  • Make a Detailed network and security design (Low level)
  • Keep it Simple but Secure.
  • Before you go into production, do a Security assessment (Pentest) by 3rd party Professionals
    ( For example via Company CQURE )

 


Leave a comment

#Microsoft Azure Hub-Spoke model by Enterprise Design 3 of 4 Data Migration #Azure #SQL

Hyper-V Clusters front tier with SQL Clusters in the Backend

SQL assessment and Data Migration to Azure

This blogpost is about SQL assessment and Data Migration to your Azure design in the Cloud in a secure way.
Before you begin with your Data assessment and getting your workloads together with Microsoft Azure ServiceMaps, I wrote these blogposts about Microsoft Azure HUB – Spoke model by Enterprise Design :

  1. Microsoft Azure Hub-Spoke model by Enterprise Design 1 of 4
  2. Microsoft Azure Policy and BluePrints Overview (Extra Blogpost)
  3. Microsoft Azure Hub-Spoke model by Enterprise Design 2 of 4 “Lift and Shift”

For Microsoft SQL databases there are different Azure Solutions in the Cloud possible, but first you need to know which versions of SQL do you have and how are they running now in your Datacenter?

SQL 2014 Virtual Guest Cluster with Shared VHDX

Here you can see a totally different SQL Cluster configuration, running on Hyper-V instead of physical Server nodes like you can see in the first picture with SQL 2008 R2 Clusters.
When you have a CMDB of your SQL versions running in your Datacenter, you can compare it with these SQL versions on this Great website.

What is also important to know, in which compatibility mode is your SQL Server running? Because you can have a recent SQL version but it’s running in a old compatibility version for the application.

SQL versions with Compatibility matrix

When you have all the insights of your SQL workload on-premises like :

Then you want to know to which Microsoft Azure SQL solution will I migrate my data ?

When you do a “Lift and Shift” first to the Azure-HUB subscription for the complete workload (Virtual Machines + SQL Databases) then you can implement SQL Always-On in Azure.

SQL Always-ON Availability Group

More information about SQL Always-On in Availability Groups in Azure

Or you can migrate to Azure SQL (PaaS) directly.
Later in this blogpost you see the Options with Microsoft Azure Data Migration Assistant (DMA)

Test & Acceptance and Production Azure Spoke

When you have “Lift and Shift” your workload to the Azure-HUB landing zone, then you can do the Optimize of your solutions included SQL to the Test & Acceptance and Production Spoke. For this it’s important where and how your SQL Backend is landing in Microsoft Azure by Design.

Microsoft Azure Data Migration Assistant (DMA)

Data Migration Assistant (DMA) enables you to upgrade to a modern data platform by detecting compatibility issues that can impact database functionality on your new version of SQL Server. It recommends performance and reliability improvements for your target environment. It allows you to not only move your schema and data, but also uncontained objects from your source server to your target server.

Azure SQL Data Migration Assistant

In the following Step-by-Step Guide we will Migrate a SQL 2016 SP2 Database to a Microsoft Azure SQL Database (PaaS):

first you have to download Microsoft Azure SQL Data Migration Assistant here

Click Next.

Click Next

Click Install

Ready for Assessments and Migrations.

  1. Here you can choose between the Assessment or the Migration.
  2. Here you can Choose for your Azure Target SQL Solution :
    – Azure SQL Database
    – Azure SQL Database Managed Instance
    – SQL Server on Azure Virtual Machines
    – SQL Server

Select the options for the Assessment.

In the following steps we will migrate the SQL 2016 SP2 database to Azure SQL :

Connect to the local SQL Instance and Select your Database

Connect and select your Azure SQL Database.

Select the Schema objects to migrate into Azure SQL

Here you see the Script to Deploy Schema.

Schema migration in progress

Schema Migration is Done, now you Click on Migrate Data

Select the Tables to Migrate and click on Start data Migration

Data Migration in progress

The SQL 2016 SP2 Migration from On-premisses to Azure SQL is Successful Completed 🙂

Connected to Azure SQL Database with my Data.

The SQL Query editor is a browser query tool that provides an efficient and lightweight way to execute SQL queries on your Azure SQL Database or Azure SQL Data Warehouse without leaving the Azure portal. This quickstart demonstrates how to use the Query editor to connect to a SQL database, and then use Transact-SQL statements to query, insert, update, and delete data in the database.

Here is my Data in Azure SQL with Query Editor of the Azure Portal.

This is just one Scenario with Azure SQL Data Migration Assistant. What you have learned is that you must have your Azure SQL Solution in place by Architectural Design before you do the SQL Data Migration.

Here you find more information about Data Migration to Microsoft Azure :

Microsoft Azure Data Migration Guide

 

Here you find Microsoft Azure Migration Center

Conclusion :

Microsoft Azure Architecture design like a Hub-Spoke model for example is important to have in place before you do your Data Migration to the Azure Cloud. You got different SQL Solutions in Microsoft Azure, like SQL Always-On in availability Groups and Microsoft Azure SQL Database with or without Managed Instances. Choose for the best scenario in your own Design. My next blogpost in this Serie will be on Optimize your Azure workloads
How can you make your solution smarter, more intelligent for your business and in Azure costs cheaper with Great benefits! Here we can think out of the box to get the best 😉


Leave a comment

Getting started with #Microsoft Azure Cognitive Services in #Containers #Azure #AI #AKS #Docker

Microsoft Visual Studio Code Tools for AI

With container support, customers can use Azure’s intelligent Cognitive Services capabilities, wherever the data resides. This means customers can perform facial recognition, OCR, or text analytics operations without sending their content to the cloud. Their intelligent apps are portable and scale with greater consistency whether they run on the edge or in Azure.

Bringing AI to the Edge via  Corporate Vice President, Azure AI Eric Boyd

Get started with these Azure Cognitive Services Containers

Building solutions with machine learning often requires a data scientist. Azure Cognitive Services enable organizations to take advantage of AI with developers, without requiring a data scientist. We do this by taking the machine learning models and the pipelines and the infrastructure needed to build a model and packaging it up into a Cognitive Service for vision, speech, search, text processing, language understanding, and more. This makes it possible for anyone who can write a program, to now use machine learning to improve an application. However, many enterprises still face challenges building large-scale AI systems. Today Microsoft announced container support for Cognitive Services, making it significantly easier for developers to build ML-driven solutions.

Microsoft got the following Containers :

  • Text Analytics Containers
  • Face Container
  • Recognize Text Container

More information from Director of Program Management Applied AI Lance Olson here

Start with Installing and running Containers

Request access to the private container registry

You must first complete and submit the Cognitive Services Vision Containers Request form to request access to the Face container. The form requests information about you, your company, and the user scenario for which you’ll use the container. Once submitted, the Azure Cognitive Services team reviews the form to ensure that you meet the criteria for access to the private container registry.

Important !

You must use an email address associated with either a Microsoft Account (MSA) or Azure Active Directory (Azure AD) account in the form. If your request is approved, you then receive an email with instructions describing how to obtain your credentials and access the private container registry.

Read more about installing the Containers here

The Face container uses a common configuration framework, so that you can easily configure and manage storage, logging and telemetry, and security settings for your containers.
Configuration settings
Configuration settings in the Face container are hierarchical, and all containers use a shared hierarchy, based on the following top-level structure:

  • ApiKey
  • ApplicationInsights
  • Authentication
  • Billing
  • CloudAI
  • Eula
  • Fluentd
  • Logging
  • Mounts

Read more here about Configuring the Containers

Follow Containers in the Cloud Community Group

 


Leave a comment

via @MSAzureCAT Enterprise #Cloud Control Plane Planning #AzureDevOps #Pipelines

End-to-end Pipelines for Automating Microsoft Azure Deployments

 

Overview :

Imagine a fully automated, end-to-end pipeline for your cloud deployments—one that encompasses and automates everything:

• Source code repos.
• The build and release iterations.
• Agile processes supported by continuous integration and continuous deployment (CI/CD)
• Security and governance.
• Business unit chargebacks.
• Support and maintenance.

Azure services and infrastructure-as-code (IaC) make control plane automation very achievable. Many enterprise IT groups dream of creating or unifying their disparate automation processes and supporting a common, enterprise-wide datacenter control plane in the cloud that is integrated with their existing or new DevOps workflows. Their development environments may use Jenkins, Azure DevOps Services (formerly Visual Studio Team Services), Visual Studio Team Foundation Server (TFS), Atlassian, or other services. The challenge is to automate beyond the CI/CD pipeline to the management and policy layers. From a planning and architecture standpoint, it can seem like an overwhelming program of interdependent systems and processes. This guide outlines a planning process that you can use for automated support of your cloud deployments and DevOps workflows beyond the CI/CD pipeline. The Azure platform provides services you can use, or you can choose to work with third-party or open source options. The process is based on real-world examples that we have deployed with enterprise customers on Azure.

This whitepaper was authored by Tim Ehlen. It was edited by Nanette Ray. It was reviewed by AzureCAT.

Download the Awesome eBook here on the AzureCAT Team Blog

Follow AzureCAT and SQLCAT on Twitter


Leave a comment

Watch the Live Stream Today of #Microsoft Ignite 2018 in Orlando 24 – 28 September #MSIgnite #Azure #Cloud #DevOps and More


Don’t miss the Live Stream of Microsoft Ignite 2018

Get the latest insights and skills from technology leaders and practitioners shaping the future of cloud, data, business intelligence, teamwork, and productivity. Immerse yourself with the latest tools, tech, and experiences that matter, and hear the latest updates and ideas directly from the experts.

Watch live https://www.microsoft.com/en-us/ignite as Microsoft CEO Satya Nadella lays out his vision for the future of tech, then watch other Microsoft leaders explore the most important tools and technologies coming in the next year. After the keynotes, select Microsoft Ignite sessions will stream live—take a deep dive into the future of your profession.


More then 700+ Sessions and 100+ Expert-led and self-paced workshops


#MSIgnite