seven steps to get started with microsoft azure

seven steps to get started with microsoft azure
SE VEN S TEP S TO
G E T S TARTED WITH
MICROSO F T A ZURE
TAB LE O F CO NTENT S
INTRODUCTION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
STEP 1: DON’T START WITH A PRODUCTION WORKLOAD . . . . . . . . . . . 3
STEP 2: CONSIDER ANY CORPORATE POLICIES AND COMPLIANCE
ISSUES. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
STEP 3: DEFINE YOUR GOALS FOR THE CLOUD. . . . . . . . . . . . . . . . . . . . . . 4
STEP 4: CALCULATE YOUR FINANCIAL RETURN ON AZURE . . . . . . . . . 5
STEP 5: DETERMINE YOUR CLOUD IDENTITY STRATEGY . . . . . . . . . . . . 5
STEP 6: CONSIDER HOW TO SECURE YOUR CLOUD
ENVIRONMENT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
STEP 7: REALIZE IT’S NOT AS EASY AS IT LOOKS . . . . . . . . . . . . . . . . . . . . 7
CONCLUSION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2
WHITE PAPER :: SEVEN STEPS TO GET STARTED WITH MICROSOFT AZURE
INTRODUC TION
Ready to start using Microsoft® Azure®, but not sure how to get started?
He defines this approach as “making rapid, iterative adjustments that
uncover tiny failures and then correcting them more quickly than one’s
competitors.” 1
Have teams within your organization opened Azure accounts that
you need to consolidate? Maybe you inherited some Azure workloads
through a merger or acquisition? Or perhaps you’ve concluded that
working with Microsoft’s offering is the best way to move to the cloud?
The same mantra applies to getting familiar with Azure. Small failures are
Ok, as long as they lead to ultimate success. So, use workloads that can
fail without any devastating results.
Good news: Getting started with Microsoft Azure can be easier than
you imagine. And moving to the cloud with Azure creates the potential
for some serious rewards, including lower costs, more strategic use
of IT resources and a competitive edge. This white paper describes
seven proven steps to help you gain those rewards. These steps cover
everything from planning and budgeting to choosing the best strategy
to secure your cloud environment.
Rank your apps
What is Microsoft Azure?
Azure is Microsoft’s cloud computing platform for building, deploying
and managing applications and services through a global network
of Microsoft data centers. Azure consists of a growing collection
of integrated services, including identify management, analytics,
computing, database, mobile, networking, storage and web.
STEP 1: DON’ T START WITH A
PRODUC TION WORKLOAD
Here’s the first tip: Don’t jump in too fast with Azure. Instead, slow down
and make an effective plan, following these steps.
If you haven’t done this exercise before, it’s time to rank all your
applications by how much they impact your core mission.
For example, you can use the grid shown in Table 1:
•• In the top half of this table, list your mission-critical, always-on
applications used by many employees or customers.
•• In the bottom half, list applications that are less critical, not customerfacing, used by fewer people, or not yet in production.
•• In the left half, list applications that are relatively easy to move to
the cloud, since they are already “cloud-aware” or don’t require any
refactoring.
•• In the right half, list applications that would be harder to move,
because they were never architected for the cloud and probably
require some refactoring.
Table 1: Grid for rating your apps for cloud readiness
More Critical
Start by choosing to move a workload that you can afford to have fail a
little as you learn.
“The most successful companies today will be those that are able to
embrace failure in all of its forms: They must fail fast, fail early and fail
often,” writes digital thinker Dominic Basulto in The Washington Post.
3
WHITE PAPER :: SEVEN STEPS TO GET STARTED WITH MICROSOFT AZURE
For your first field test of the Azure cloud, pick a workload in the lowerleft quadrant. For most enterprises, the best place to start is with a dev/
test workload. That way, as you learn and experiment, there will only be
minor consequences for any failures.
Less Critical
Medium priority
Includes all mission-critical,
production applications
that are easier to move to
the cloud.
Low priority
Includes all mission-critical,
production applications
harder to move to the
cloud.
Top priority
Includes all applications
that are not mission-critical
or in production and are
easier to move to the cloud
Medium priority
Includes all applications
that are not missioncritical, but harder to move
to the cloud.
STEP 2: CONSIDER ANY
CORPOR ATE POLICIES AND
COMPLIANCE ISSUES
Next, research any internal policies or compliance regulations that touch
on moving data or apps to the cloud.
Sectors such as finance, government, healthcare and retail all have
special rules defined for data security, handling personally identifiable
information (PII) and so on. For instance, HIPAA requires any documents
containing PII to be encrypted prior to migration to the cloud.
Regulations in other sectors may vary, so make sure you understand the
data security requirements that apply to your market space.
If you’re a publicly traded company, there are certain regulations you
must follow. And these rules vary by country, so also check up on any
divisions and subsidiaries of your enterprise around the world.
The best way to get started is to ask your corporate compliance team or
legal counsel for clarification. But don’t worry. Most IT leaders now find
they can do everything they need to in the cloud — without breaking any
rules.
Third-party certifications pave the way
“If you’re like most organizations, you’ll probably find that you can do
more than you thought you could in the cloud, while still complying with
the necessary regulations,” notes David Chappell, an industry expert on
Azure and cloud computing. 2
More specifically, are you seeking to:
•• Save money on IT overall?
•• Shift costs from capital expenses (capex) to operating expenses (opex)
for a better bottom line?
•• Gain from a faster, more flexible model for provisioning IT?
•• Shift computing to another region to speed up response rates for
employees or customers in that part of the world?
•• Learn about the cloud for yourself, or get access to more knowledge
about it?
•• Launch custom apps faster to give your enterprise a competitive edge?
The laws are being modernized, and the situation is getting clearer, he
says. And Azure has now gained many third-party certifications that
make compliance even easier.
Source: Rackspace website
https://support.rackspace.com/
white-paper/understanding-thecloud-computing-stack-saaspaas-iaas/
“Azure meets a broad set of international and industry-specific
compliance standards,” states the Azure website, “such as ISO 27001,
HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific
standards like Australia IRAP, UK G-Cloud and Singapore MTCS.”3
For more details, visit the Azure Trust Center at https://azure.microsoft.
com/en-us/support/trust-center/
STEP 3: DEFINE YOUR GOALS FOR
THE CLOUD
Now that you have a handle on what’s allowed, think hard about what
you’re really trying to achieve in the cloud.
Your goals determine how much you will need of each type of cloud
resource:
•• Infrastructure-as-a-Service (Iaas)
•• Platform-as-a-Service (PaaS)
•• Software-as-a-Service (SaaS)
In general, the most likely business benefits you can gain will be lower
costs and higher reliability for infrastructure, and better support for
mobile app users.
4
WHITE PAPER :: SEVEN STEPS TO GET STARTED WITH MICROSOFT AZURE
A simpler explanation
•• Data storage and archiving
If you need to explain these concepts to a non-technical colleague, here’s
a simple metaphor you can try.
•• Dev/test
IaaS is the fundamental layer that enables everything else to happen. So,
in transportation, IaaS is like the highways, city streets, road signs and
traffic lights.
•• Email
•• Marketing content
And SaaS is something a user can see and use, like a package that the
PaaS truck delivers to a consumer.
Like any analogy, this isn’t perfect. But it gets across some of the main
points about the three different service levels — without talking about
servers, operating systems or networking.
STEP 4: C ALCUL ATE YOUR
FINANCIAL RETURN ON A ZURE
Now that you’ve defined the benefits you’re seeking, it’s time to give
your plans a financial reality check.
Start with your current IT budgets and your existing roadmaps to project
IT spending. Then consider some fresh scenarios.
What would it cost, and what could you save, by moving these workloads
to the cloud:
•• Backup, restoration and disaster recovery
•• Calendaring
•• CRM and sales force automation
5
WHITE PAPER :: SEVEN STEPS TO GET STARTED WITH MICROSOFT AZURE
What if you could develop a more cloud-aware app that required 20%
fewer calls to tech support? What savings would you see? How many
added sales would result?
•• Office apps for creating and sharing documents
•• Training apps and content
•• User-generated content
PaaS uses that IaaS layer to actually do something, similar to a truck on
the road loaded with packages.
better revenue and customer service?
•• Various websites and portals
In many scenarios, Azure will cost dramatically less, offering pay-peruse for compute, pay-per-gig-per-hour for storage and inexpensive
bandwidth, including free data uploads to the cloud.
For example, if you continue to add more workloads to your existing data
center, you will simply extend all of your current capex for hardware and
infrastructure, payroll for IT labor and ongoing monthly costs for power,
HVAC and other operating expenses.
But if you add new workloads to the cloud instead of your data center,
and begin to transfer workloads to the cloud, you will benefit from a
pay-as-you-go model. Those costs come out of your operating budgets
(opex), and you should see a clear reduction in payroll and other ongoing
costs.
For IT leaders approaching the physical limits of their hardware facilities,
Azure offers a compelling alternative. By migrating compute resources to
a private cloud running Azure, firms can avoid tying up precious capital in
bigger buildings and more server rooms.
Consider what it would cost you NOT to move to the
cloud
Then look at it another way. What if you could develop, test and roll out
a new mobile app 20% faster by using Azure? What would you gain in
And by using the cloud, what if you could reallocate IT personnel to more
strategic tasks than simply “keeping the lights on?” How many people
could you reassign? What could that team achieve? How much could ROI
increase?
Running these calculations for the first time can seem daunting. As
companies move to the cloud, the benefits fall into some typical industry
categories. A seasoned partner can help you identify these categories
and figure out your likely bottom line.
STEP 5: DETERMINE YOUR CLOUD
IDENTIT Y STR ATEGY
After you know your projected bottom line, there’s a technical issue you’ll
have to deal with: how to handle your authentication in the cloud.
Once upon a time, when everyone used desktop PCs behind the
enterprise firewall, everyone used Active Directory® (AD) for all
authentication. It was rock-solid and slow-changing. But it was designed
in an era before the cloud and today’s vast array of mobile devices.
More recently, Microsoft created Azure Active Directory (AAD), an
updated approach designed for the cloud and today’s mobile devices.
Table 2 sums up the key differences between these two technologies.
Table 2: Microsoft Active Directory and Azure Active
Directory
Active Directory
Azure Active Directory
Designed for on-premises devices and
software
Designed for the cloud
Works best with single-platform
Windows
Works cross-platform with any
browser
Mainly used for directory services via
DNS
Mainly used for identity services via
HTTP and HTTPS
Queried with LDAP
Queried with APIs
Hierarchical structure: forests, trees,
organizational units (OUs) and group
policy objects (GPOs)
Flat structure: no forests, no trees, no
OUs, no GPOs; does have domains,
users and groups
Authentication mainly through
Kerberos
Authentication through various
protocols
states into a larger whole — while each state retains much of its own
authority — Azure identity federation does the same with various SaaS
providers.
Azure operates as a federation hub that’s already connected to most
SaaS services, such as Citrix® GoToMeeting®, Dropbox, Salesforce®,
WebEx® and hundreds more. Using federation with AAD gives your users
convenient and secure access to a vast range of SaaS services, while
saving your IT team the effort of manually linking to dozens of different
cloud services.
Profound implications for your business
Your cloud identity strategy has some profound implications for your
business.
Consider your full range of users:
•• On-premises
•• Mobile BYOD users
•• IT admins
You likely want to use a hybrid approach: integrating your existing AD
and Office 365® users with AAD to create one big pool of users.
•• Trusted B2B partners
At this point, you’ll need to choose between synchronization and
federation. If you’re moving slowly to the cloud, you can start by
authenticating through synchronization, which enables users to log in to
your cloud with their existing credentials. In effect, you gain single signon (SSO) functionality for both on-premises applications and your unique
enterprise applications.
AAD enables your enterprise to do more for each type of user. With AAD,
you gain flexibility in how each type of user can access any SaaS apps,
Azure cloud-based apps or on-premises applications. For example, you
can:
Eventually, you may need more reach and flexibility, such as controlling
individual access to many SaaS apps from any device. At that point,
you can add on federation. Just as a federation brings several different
6
WHITE PAPER :: SEVEN STEPS TO GET STARTED WITH MICROSOFT AZURE
•• B2C customers
•• Enable BYOD access for your mobile workforce
•• Allow trusted B2B partners to log in to supply chain applications to
update shipments or invoice
•• Enable B2C customers to sign on to your website using Facebook
credentials
But you have to get it right. If your cloud identity strategy is too strong,
you risk frustrating users by blocking their access when they need it.
On the other hand, if it’s too weak, you risk making it too easy for an
experienced cybercriminal to break in and steal sensitive data.
Authentication in the cloud is far too complicated to leave to anyone
without training and experience in AAD. Because when authentication
fails, everything fails.
A seasoned partner can help you do the AD analysis, remediation and
integration work required to implement your chosen cloud identity
strategy.
STEP 6: CONSIDER HOW
TO SECURE YOUR CLOUD
ENVIRONMENT
As an IT leader, security is always on your mind, whether you’re thinking
about the cloud or not.
As you get started with Azure, you’ll want to consider these three levels
of security:
1. Authentication: As touched on earlier, how do you determine that
someone really is who they say they are — an authorized user, sys
admin, B2B business partner or B2C consumer?
2. Role-based access controls: How do you make sure that authorized
users can only access the apps they need and the data they’re
supposed to see?
3. Network-level threat detection and removal: What if an
unauthorized or malicious user does manage to penetrate a cloud
app, or exploit a hole inadvertently left open in your firewall? How can
you detect and remove that threat?
The reality is that every IT manager must now address this third
possibility, whether for workloads in the cloud or behind your own
firewall.
“No locale, industry, or organization is bulletproof,” says the 2016 annual
report on data breaches from Verizon, which summed up 64,199 welldocumented attacks from 2015.4
As usual, incidents were reported in every sector, from accommodation
to utilities. And while most attacks were from outside, about one in five
came from an employee or partner with permission to pass through the
firewall.5 And these insider breaches take the most time and effort to
detect.6
Running a secure data center
Fortunately, Azure can take care of the most common intrusion
attempts, like spoofing or DDoS attacks. Outside of those scenarios, you
need a security plan. For example, what if a guest OS gets through the
firewall on a VPN? Do you automatically send an alert and shut them
down? Or do you monitor them until they do something suspicious?
Microsoft Azure imposes and enforces strict operational best practices,
including disciplined patch and configuration management. As you know,
many attacks that use known vulnerabilities can be blocked through
diligent patch management.
security technologies, to carefully vet the people who work in its data
centers and more.” 7
STEP 7: RE ALIZE IT’S NOT AS E ASY
AS IT LOOKS
Some people think Azure is “just Windows in the cloud” or that “it’s all
Microsoft, so it all works together.” They need to think again. The cloud
doesn’t run itself.
It’s true that AD, Azure and AAD all come from Microsoft. But they don’t
all automagically work together. You have to decide how you want them
to interoperate, then set them up correctly.
The first time you do that, it’s not simple. There are tricks and traps that
people only learn from experience working with Azure.
Although the cloud changes the game, it still requires rigor and
understanding. And you’ll still need “cloud operations” people, although
they may need different skill sets.
Tedious, error-prone administration
Azure has many features to learn and configurations to adjust. For
example, here are some of the many tasks that Azure still requires:8
•• Architecture design
•• Backup configuration and monitoring
“If you think your data center is more secure than an Azure data center,
you’re probably mistaken,” notes David Chappell. “Microsoft very likely
has more resources than you do to build and operate state-of-the-art
•• Load balancer configuration and monitoring
WHITE PAPER :: SEVEN STEPS TO GET STARTED WITH MICROSOFT AZURE
•• Security
•• Troubleshooting
And if you still feel unsure about trusting workloads and data to anyone
outside your firewall, ask yourself this: Who can manage a data center
better — your team, or the Microsoft team?
7
•• Operating system configuration and patching
•• Database administration
•• Virtual machine monitoring
Do you have the in-house resources to handle all those tasks?
One of the biggest reasons CIOs outsource workloads to the cloud
is to save on tedious, error-prone administration. Configuration and
optimization are better left for certified experts who do these tasks
every day.
If this is your first time working with Azure or moving any workloads to
the cloud, you would be prudent to seek out a knowledgeable partner
who can help manage this for you.
CONCLUSION
Microsoft Azure provides a vast suite of features and capabilities. The
complexity and ongoing evolution of Azure can make it a challenge to
adopt, operate and manage.
This white paper describes seven steps to get started with Microsoft
Azure. At every step, you can benefit from the help of an experienced
guide who’s been there before.
By outsourcing management to a seasoned partner, you can reduce your
risk and shorten your time to value while getting more value from Azure
faster, with less risk of mistakes.
•• Firewall rules management
•• Network management
To find out more about how Rackspace can help you get started with
Microsoft Azure, visit our Azure website at https://www.rackspace.com/
azure
FOOTNOTES
1. The Washington Post, “The new #Fail: Fail fast, fail early and fail
often,” May 30, 2012, retrieved July 22, 2016 from https://www.
washingtonpost.com/blogs/innovations/post/the-new-fail-fail-fastfail-early-and-fail-often/2012/05/30/gJQAKA891U_blog.html?utm_
term=.c8cc12afcebc
2. David Chappell & Associates, “Adopting Microsoft Azure: A Guide for
IT Leaders”, 2014, page 4, retrieved July 22, 2016 from http://www.
davidchappell.com/writing/white_papers/Microsoft-Azure--A-Guidefor-IT-Leaders--Chappell-v1.0.pdf
3. Microsoft Azure Trust Center, “Compliance: We conform to global
standards”, retrieved July 22, 2016 from https://azure.microsoft.com/
en-us/support/trust-center/
4. Verizon, “2016 Data Breach Investigation Report”, 2016, pages 3-4,
retrieved July 22, 2016 from http://www.verizonenterprise.com/
verizon-insights-lab/dbir/2016/
5. Verizon, page 7
6. Verizon, page 35
7. Chappell, pages 3-4
8. Rackspace, “Overcoming the Challenges of Microsoft Azure”
infographic, retrieved July 22, 2016 from https://blog.rackspace.com/
overcoming-the-challenges-of-microsoft-azure-infographic/
8
WHITE PAPER :: SEVEN STEPS TO GET STARTED WITH MICROSOFT AZURE
ABOUT R ACKSPACE
Rackspace, the #1 managed cloud company, helps businesses tap the
power of cloud computing without the complexity and cost of managing
it on their own. Rackspace engineers deliver specialized expertise, easyto-use tools, and Fanatical Support® for leading technologies developed
by AWS, Google, Microsoft, OpenStack, VMware and others. The
company serves customers in 120 countries, including more than half of
the FORTUNE 100. Rackspace was named a leader in the 2015 Gartner
Magic Quadrant for Cloud-Enabled Managed Hosting, and has been
honored by Fortune, Forbes, and others as one of the best companies to
work for.
Learn more at www.rackspace.com or call us at 1-800-961-2888.
© 2016 Rackspace US, Inc.
This white paper is provided “AS IS” and is a general introduction to the service described. You should not rely solely
on this white paper to decide whether to purchase the service. Features, benefits and/or pricing presented depend
on system configuration and are subject to change without notice. Rackspace disclaims any representation, express
or implied warranties, including any implied warranty of merchantability, fitness for a particular purpose, and noninfringement, or other commitment regarding its services except for those expressly stated in a Rackspace services
agreement. This document is a general guide and is not legal advice, or an instruction manual. Your implementation
of the measures described may not result in your compliance with law or other standard. This document may
include examples of solutions that include non-Rackspace products or services. Except as expressly stated in its
services agreements, Rackspace does not support, and disclaims all legal responsibility for, third party products
and services. Unless otherwise agreed in a Rackspace service agreement, you must work directly with third parties
to obtain their products and services and related support under separate legal terms between you and the third
party.
Rackspace cannot guarantee the accuracy of any information presented after the date of publication.
Rackspace ®, Fanatical Support ® and other Rackspace marks are service marks or registered services of Rackspace
US, Inc. and are registered in the United States and other countries. Other Rackspace or third party trademarks,
service marks, images, products and brands remain the sole property of their respective holders and do not imply
endorsement or sponsorship.
January 12, 2017 |
AZU-CWP-7_Steps_to_Get_Started_with_Microsoft_Azure-4677-v01
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement