Governance & Manageability (part 2)

By Ashwin Venugopal -

 



Azure Resource Manager Templates

Templates are known for providing unique benefits comparing to the traditional deployment methods that rely on the GUI or scripting and programming languages. Similar to the scripts, they can facilitate the deployment of the multicomponent solutions in an automated manner but don't specify the individual steps required to provision these solutions by simply defining their intended end state. All this results in the minimized deployment deployment time and reduces the potential for errors. 

You can easily deploy the templates multiple times to the same resource group with the same outcome which is useful when you want to recreate an original deployment or remediate any issues resulting from post-deployment changes.

Templates also supports VM extensions, allowing you to configure operating systems within Azure VMs as a part of their deployment. These extensions includes configuration management services, such as Power-Shell Desired State Configuration, Chef, or Puppet.

Security & Compliance Services

As the Security Center is natively a part of Azure, all PaaS services within Azure are monitored as well as protected by the Security Center without necessitating any deployment. It also provides the protection of physical and virtual machines running Windows and Linux operating system, regardless of their location, if they have the Microsoft Monitoring Agent installed which can be easily performed directly from the Azure Security Center interface for Azure VMs in the Azure portal. 

Azure Security Center can help you to streamline the process for meeting the regulatory compliance requirements, using the Regulatory compliance dashboard where the Security Center provides insights into your compliance posture based on continuous assessments of your Azure environment. These assessments analyzes the risk factors in your hybrid cloud environment in accordance with security best practices and are mapped to compliance controls from a supported set of standards. In the Regulatory compliance dashboard, you can have a clear view of the status of all these assessments within your environment in accordance with security best practices.

Monitoring, Logging, & Alerting services

Azure Monitor consists of one of the core components of the Microsoft strategy to provide comprehensive cloud-based monitoring functionality. Other Azure manageability features are:

  • Azure Advisor- Uses resource usage telemetry to provide the recommendations regarding optimizing resource configuration from the standpoint of performance, security, and availability.
  • Azure Service Health- Reports platform related issues that might affect your resources,
  • Azure Active Log- Tracks events representing operations that alters the state of your resources, such as configuration changes, service health incidents, and auto-scale operations.       

All of the above services also complements several other services that delivers more focused, in-depth monitoring capabilities:

  • Deep Infrastructure Monitoring- Besides detailed monitoring, these services also provides analytics capabilities targeting Azure infrastructure. Some of the prime examples includes Log Analytics combined with such management solutions as Container Monitoring, or Service Map, as well as a number of network monitoring tools, such as Network Watcher, Network Performance Monitor, ExpressRoute Monitor, DNS Analytics, and Service Endpoint Monitor.

  • Deep Application Monitoring- This category includes Azure Application Insights, which facilitates the monitoring of performance, availability, and usage of web-based applications, regardless of their locations.  

All these capabilities allows you to configure and view performance related settings, such as monitoring, diagnostics, and auto-scaling for a wide range Azure resources in the same, consistent manner. 

Azure Monitor Support for Alerting

Azure Monitor also provides a comprehensive support for alerting by allowing you to configure four types of alerts: 
  • Classic merit alerts with minimum frequency of 5 minutes.

  • Near real time metric alerts with the minimum frequency of 1 minute allowing you to trigger a metric-based alert within 1 minute following a change in the metrics that satisfies the alert condition, making the Azure Monitor-based approach suitable for time critical scenarios. It also offers other advantages like:
  1. Support for action groups, which are the collections of settings that designate recipients of alerts notifications and the corresponding notification actions. The action types includes initiating a voice call or a text, sending an email, calling a webhook, forwarding data to an IT Service Management tool such as ServiceNow, calling an Azure App Service app, or invoking an Automation runbook. Creating such action groups allows you to reuse the same notification settings for multiple alerts.
  2. Alerts that consider conditions of two or more metrics. 
  3. Multi-dimensional metric-based alerts that allows you to generate alerts based on one or more dimensions of a metric. 
  4. Alerts that supports such conditions as average and total, in addition to minimum and maximum values available with classic metric alerts. 
  • Classic activity log alerts- parsing streaming log data, responding to the events such as Service Health incident or deletion of an Azure VM.

  • Activity log alerts, which functions similarly to classic activity log alerts but supports configuration by using Azure Resource Manager templates. 








Comments

Post a Comment

Popular posts from this blog

Deployment (Part 3)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 2, please click  here Microsoft Monitoring Agent (MMA) MMA is used across multiple Microsoft solutions and has undergone a few name changes as its features and functionality have evolved. If it is being considered to be used, then following areas should be covered during a Microsoft Sentinel deployment project: Consider the timelines and the strategy for a migration to AMA (Azure Monitor Agent) before the MMA end-of-life.  Consider the central deployment and management methodology for MMA. Determine which endpoints are in scope for deployment as these affect the log ingestion volume significantly.  Azure Monitor Agent (AMA) Organizations with MMA as the main Microsoft Sentinel agent should start planning the migration to AMA as soon as possible to avoid a rushed migration. One of the main advantages of AMA is the ability to control the log collection policy centrally and apply different policies against different...
Read more

Deployment (Part 1)

By Ashwin Venugopal -
Image
  To read part 2, please click  here To read part 3, please click  here Azure Resources Microsoft Sentinel needs following resources to be created: Subscription (if a dedicated subscription(s) will be used) Resource group(s) Log Analytics workspace(s) Automation rules/playbook Alert rules Workbooks Microsoft Sentinel offers hundreds of alert rules, workbooks, and automation playbook templates along with hunting scripts. The templates can be used to activate/deploy schedule alerts, create customized dashboards, create automation playbooks and perform threat-hunting activities. Generally, once deployed, the resources created have to be adjusted to match the existing environment, configure local credentials, etc. Methods of deployment: Manual- Administrator can manually configures the Microsoft Sentinel resources with the help of Azure portal. Any manual process has the inherent risks of human operator error, lack of compliance with potential change control procedures, and u...
Read more

Project Resourcing (Part 2)

By Ashwin Venugopal -
Image
  To read part 1, please click  here Engineering - SIEM The SIEM engineers configures Microsoft Sentinel, including Log Analytics, Logic Apps, workbooks, and playbooks. They are also responsible for the following high-level tasks: Initial configuration of Azure tenant, including provisioning required resources, assigning access roles, and configuring workspace parameters like log retention, resource tagging, and blueprints.  Deployment and configuration of syslog/CEF log collection agents in appropriate locations to collect logs from on-premises devices. Generally, it will be joint effort of both system engineer and SIEM engineer, involving configuration and potential troubleshooting.  Working with system owners to enable log forwarding and configuring any required parsing of log data in Log Analytics.  Working with security operations to create and deploy KQL analytic rules to offer detections for SOC/Computer Security Incident Response Team (CSRIT) use. Tuning...
Read more