Azure Security and Management

Editor's Notes

• #5: 25% of VMs on Azure are already using Azure Backup. Only 10% are secure! Only 10% are monitored
• #6: Azure can help by reducing the challenges of cost and complexity, while helping add coverage and compliance. Let’s drill into more details. Microsoft Azure provides customers peace of mind knowing their workloads are protected from any disaster without having to build and maintain a secondary datacenter or relying on backup. Azure delivers cloud services that extend to your datacenter to protect your infrastructure, transforming your business with a true hybrid solution. Reducing costs Customers do not have to pay for infrastructure, the power to run and cool machines, or IT personnel to manage machines, saving customers from paying to maintain a secondary data center Managing complexity Customers can leverage automation to enable the true power of recovery plans and allow you to failover your workloads with a click of a button, removing the guest work and stress involved in a disaster Ensuring compliance Disaster recovery is no longer constrained by geographical barriers. The disaster recovery site can be from any one of our Azure regions around the world. (Or asking for something like the quick restoration of workloads allows customers to gather necessary information to meet compliance deadlines) Scaling protection ASR provides rich capabilities to quickly replicate virtual and physical machines a customer’s own secondary on-premises site or Azure
• #7: Azure can help by reducing the challenges of cost and complexity, while helping add coverage and compliance. Let’s drill into more details. Microsoft Azure provides customers peace of mind knowing their workloads are protected from any disaster without having to build and maintain a secondary datacenter or relying on backup. Azure delivers cloud services that extend to your datacenter to protect your infrastructure, transforming your business with a true hybrid solution. Reducing costs Customers do not have to pay for infrastructure, the power to run and cool machines, or IT personnel to manage machines, saving customers from paying to maintain a secondary data center Managing complexity Customers can leverage automation to enable the true power of recovery plans and allow you to failover your workloads with a click of a button, removing the guest work and stress involved in a disaster Ensuring compliance Disaster recovery is no longer constrained by geographical barriers. The disaster recovery site can be from any one of our Azure regions around the world. (Or asking for something like the quick restoration of workloads allows customers to gather necessary information to meet compliance deadlines) Scaling protection ASR provides rich capabilities to quickly replicate virtual and physical machines a customer’s own secondary on-premises site or Azure
• #8: Gain visibility into health, performance and utilization of your platform, apps, and workloads, no matter where they reside and get time back to focus on the initiatives that matter the most to you and your organization. Azure provides monitoring and analytics as a SaaS offering, so you can get started quickly without any infrastructure overhead. It is designed to manage your development and IT operations workflows through a unified experience. It can connect to any data source and leverage your existing management tools, both on-premises and in the cloud. You will bridge the gap between app and infrastructure with the automated discovery and mapping of the dependencies across servers, processes, and 3rd party services. You can query at cloud scale and gain immediate insight by correlating and analyzing petabytes of machine data. With built-in solutions and machine learning algorithms baked into the service, you can detect and fix issues, before it impacts users - no matter what type of platform, or which public cloud service you use. Key benefits Collect and correlate data from multiple sources, enabling integrated monitoring and diagnostics of the cloud and on-premises environment, across multi-vendor solutions Discover application components and map their connections across servers, processes, and ports, for complete visibility of multi-tier services Visualize and alert on the health, performance and utilization of your resources, no matter where they reside and accelerate troubleshooting of issues Detect and respond to issues before they impact your users, with continuous monitoring across development and IT operations workflows. Learn, iterate, and improve the performance and usability of your apps and services using real-time insights with machine learning and ad-hoc analytics
• #9: Talk through the investments of what MSFT/Azure sees as important for enterprise cloud management platform The combination together is powerful. Truly integrated capabilities SaaS management and security. To be successful in the Cloud era, enterprises must have visibility/metrics and controls on every component to pinpoint issues efficiently, optimize and scale effectively, while having the assurance the security, compliance and polices are in place to ensure the velocity. Native Security and Management in Azure Enterprise grade capabilities natively from the cloud provider Azure Integrated and interconnected across data and experiences Management capabilities included with the flexibility to increase or choose 3rd party Can make the point that for those familiar with OMS these were the foundation for what we now have natively within Azure. 5 main areas: Secure: While Azure is trusted and secure platform, you as a customer have your own security settings you need to manage. You also need to be able to protect your individual machines against threats and monitor the security posture of your system. Protect: Your VMs and applications in the cloud need to be backed up and protected in the event of data loss. With disaster recovery from on-prem to the cloud, or from one cloud to another, you can avoid downtime and keep your applications up and running. Monitor: Every operations manager and every developer needs to be able to see the health and performance of their applications, infrastructure, and network. And seeing insights across all three together in a single dashboard can save time and resources in troubleshooting and preventing issues in the future. Configure: For managing Azure and hybrid workloads at scale, automation and configuration capabilities help you create runbooks to automate tasks, manage the configuration settings and track changes, and monitor and deploy missing updates. Additionally in Azure you can use PowerShell and Cloud Shell for command line scripting. Govern: Many customers need a way to look across cloud resources to assess and enforce enterprise-wide standards and policy compliance for security and management. In addition, they need to manage and monitor costs for the cloud. We recently acquired Cloudyn, a multi-cloud cost management solution to help our customers with this challenge.
• #14: Key investment themes
• #18: Site Recovery Benefits: Automated VM level Replication RPO of seconds and RTO of minutes No impact DR Drills with Test Failover Planned and unplanned failover Orchestrated Recovery Plans for Disaster Recovery Failback support Migrate to Azure from anywhere Create on-demand test copies in Azure
• #40: 39
• #41: There are a bunch of interesting new capabilities so lets get started with the first area: Intelligent APM As modern app developers, we all know how crucial it is to detect, triage and diagnose problems before they start affecting our customers. With Application Insights you get all the tools to make your diagnostics experience smarter and find and fix problems before your customers know it! Detect: One of the most crucial things is to be able to detect issues as soon as they happen, and be alerted instantaneously. However, the issue with alerts is that it requires you to have a threshold and more often than not, you don’t have any idea. Moreover, in the complexity of modern app architecture, even an army of analysts sitting in front of a dashboard cannot detect all the different things that can go wrong. That is where proactive diagnostics come into play. With our Machine Learning based technology, you can be alerted on real time service disruptions and anomalous patterns in your app performance and behavior, with thresholds constantly evolving based on your app architecture and performance patterns. With dashboards you can pin all the charts and KPIs across your Azure resources at a single place and share with your colleagues. You can also take advantage of the new live stream metrics to see what is going on with your application metrics at this right very moment. Triage: Once you detect an issue, the next thing is to figure out its impact and whether it is priority enough to solve right now. With Application insights you can find out the real user impact of any exception and take decisions accordingly. With the new Application Map you can automatically detect your application topology across dependencies and client & server side components. You can find the impact assessment and click through to underlying Azure resources to find the right information. Diagnose: Once you decide to fix an issue, you need all the context to solve it, and with our out-of-the box telemetry collection, you will have all the data you need. What’s more, if you are developing Azure Cloud Services or App Services, you can get much deeper diagnostics information, covering some of the role lifecycle issues and other performance problems.Operationalize: Once you have been through the Detect, Triage & Diagnose cycle, you can set up your own custom alerts based on the thresholds you discovered and keep being on top of things!
• #42: OK! So, lets get to our next area: Analytics As we mentioned in the beginning, Analytics is a new capability in Application Insights we just announced at Build. And, I should say it is one of my most favorites. In a modern app architecture with various tiers and components, it is often very difficult to diagnose problems or gaps across the entire app stack unless you can connect the various perspectives. With our new big data query engine, you can do that very easily and find all the answers to do the root-cause analyses. You can ask ad-hoc queries across your entire app telemetry and even do full text search to discover the right data sets.
• #43: What powers the Analytics experience is a powerful query language we launched as well. Read through the points… And the best thing with Application Insights is that since we collect telemetry across your application stack, you can correlate data across your Service Performance, Business Metrics and Customer Experience and generate unique insights helping you answer tough questions almost instantly. To put it in perspective, some very high scale Microsoft services are using it today sending us Terabytes of data over which they can get answers to their queries in as little as a few seconds. E.g. internally the service ingests over 1 trillion events and 600TB a day of log data across hundreds of Microsoft cloud services.  Yes, 600TB a day – that’s many petabytes of retained log storage in just one month.
• #44: Lets switch gears to our 3rd area: DevOps. As developers we would be using one or the other dev environment and have some DevOps workflows that we would be using! Having the diagnostics experience integrated with our existing practices makes it so very easy and useful! If you use Visual Studio or Visual Studio Team Services, there are a bunch of integration points that you can take advantage of.
• #45: What also makes Application Insights powerful is how it is designed to be flexible and extensible to help you get insights suited to your particular needs.