da Agency

Azure Backup for virtual machines behind an Azure Firewall

This blog post primarily talks about how Azure Firewall and Azure Backup can be leveraged to provide comprehensive protection to your data. The former protects your network, while the latter backs up your data to the cloud. Azure Firewall, now generally available, is a cloud-based network security service that protects your Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. With Azure Firewall you can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks. It uses a static public IP address for your virtual network resources, allowing outside firewalls to identify traffic originating from your virtual network.

Backup of Azure Virtual Machines

In a typical scenario, you may have Azure Virtual Machines (VMs) running business-critical workloads behind an Azure Firewall. While this is an effective means of shielding your VMs against network threats, you would also want to protect your data in the VMs using Azure VM Backup. This further reduces the odds of being exposed to several risks. Azure Backup protects the data in your VMs by safely storing it in your Recovery Services Vault. This involves moving data from your virtual machine storage to the vault and requires a network. However, all of this communication is performed over the secure Azure backbone network, with no need for accessing your virtual networks. You don’t need to open any ports, shortlist any IPs, or grant any accesses to Azure Backup in your Azure Firewall. Hence, your backups will work under the enhanced security of Azure Firewall without having you perform any actions from your end.

It is worth noting that this capability extends to other security measures that can lock a VM down under network restrictions, for example, NSGs. Hence, backup of Azure VMs will work seamlessly irrespective of network restrictions applied at your end to help keep your data within selected networks and without having to perform any additional actions.

Backup of SQL Server running inside an Azure VM (in preview)

Backup of SQL Servers running inside an Azure VM requires the backup extension to communicate with the Azure Backup service in order to upload backup and emit monitoring information. This extension resides inside the virtual machine and requires network access. Hence, when backing up SQL Servers running inside Azure VMs, you would need to permit the Azure Backup service to access the workload. This is a simple process that makes sure the data is restricted to Azure Backup and maintains your desired level of security.

All you need to do is complete the following steps:

1. Navigate to your Azure Firewall.

2. Go to Rules and select the Application rule collection tab. Here you can create a new application rule collection, or edit existing ones in case you have created application rule collections before.

3. Create a rule with the following details in an existing or new Application Rule Collection, under the FQDN tags section.

Field

Value

Priority

Enter an appropriate priority for the rule.

Action

Select Allow from the dropdown.

Name

Type a name for the rule.

Source Addresses

Enter * in the text box if you want this rule to be applicable to VMs in all subnets within the scope of the Firewall. Else, specify the desired IP or IP ranges.

FQDN Tags

Select AzureBackup from the dropdown

The following is a sample rule for allowing Azure Backup to protect your SQL Servers in Azure VMs.

4. Select Add to create the aforementioned rule.

Once the rule is created, you can back up your databases inside the Azure Virtual Machine without any interruptions. All while making sure it is protected by Azure Firewall from any external threats. For more on backing up your SQL Servers in Azure virtual machines, please read the blog, “Azure Backup for SQL Server on Azure now in public preview.”

Azure Backup and Azure Firewall complement each other well to provide a complete protection to your resources and data in Azure. You do not need any special configurations or infrastructure to reap benefits of using both services together. Read about backing up Azure Virtual Machines and backing up SQL servers inside Azure Virtual Machines for more details.
Quelle: Azure

da Agency

Eight Application Design Principles to Cope with OpenShift Maintenance Operations

Most Red Hat OpenShift maintenance operations follow the same pattern: one or more nodes are temporarily taken off the cluster to perform the required maintenance and then they are re-added to the cluster when complete. This cycle repeats until the maintenance operation has been performed on all nodes..   In order to gracefully remote a […]
The post Eight Application Design Principles to Cope with OpenShift Maintenance Operations appeared first on Red Hat OpenShift Blog.
Quelle: OpenShift

da Agency

From the Enterprisers Project: 6 CI/CD Pitfalls to avoid

One of the great benefits of building out your container native infrastructure is enabling continuous integration and continuous deployment. As teams struggle to push out more features faster, having a reliable, quick-provisioned environment for build and test activities is table stakes. You cannot perform 20 builds in an eight hour work day if each build […]
The post From the Enterprisers Project: 6 CI/CD Pitfalls to avoid appeared first on Red Hat OpenShift Blog.
Quelle: OpenShift

da Agency

What Is cloud integration?

On the surface, “What is cloud integration?” may sound like a simple question. At its most basic level, cloud integration means bringing multiple cloud environments together, either in a hybrid deployment or as multiple public clouds, so that they can operate as a single, cohesive IT infrastructure for an enterprise.
A deeper dive into this concept, however, reveals that it is anything but basic. Not only are there myriad technical challenges to overcome, but IT executives must also grapple with a number of functionality issues, namely, why do you want to integrate cloud architectures, and what sort of workflows do you want them to support?
The rising demand for cloud integration
The market for hybrid cloud integration platforms is expected to see a 14 percent compound annual growth rate by 2023, according to a Research and Markets report. The drivers of this activity are many and varied. Some organizations are looking to use integrated resources to support real-time applications and services, while others are eyeing the increased automation capabilities for back-office and customer-facing platforms. Integrated clouds also provide better support for mobile applications and offer easier deployment and scalability options across the board.
Small wonder, then, that cloud integration platforms are gaining popularity. But what should CIOs look for in this new branch of IT technology? For one thing, their platform should provide ample protection for data both at rest and in transit. In some areas of the world, primarily Europe, this is not merely smart thinking but a regulatory requirement. Another key capability is the establishment of proper authentication between data controllers and processors, since this is the area that today’s hackers are most likely to target.
Additionally, integration should be comprehensive for all use cases involving the transfer of batch data to enterprise applications. This is particularly important for extremely heavy loads, as when data scientists pull new digital assets into their workflows or marketing teams track real-time events to gain new insights or launch new channels.
Navigating the transition
Ideally, the transition from traditional infrastructure to an integrated cloud should be seamless, with no disruption or downtime, but achieving this requires a number of preparatory steps. These may include establishing high-speed, highly available connectivity and implementing a real-time replication strategy that can mirror services during the migration, even as new data is added to the environment.
One key piece of technology in an integrated cloud architecture is the virtual private network (VPN). Not only can it provide both the speed and flexibility required to move data and applications across distributed architectures, but it can also be implemented with built-in encryption to better secure data in motion.
Enabling sharing and collaboration
Ultimately, however, the purpose of cloud integration is not just to streamline infrastructure or scale up resources, but also to enhance collaboration between knowledge workers. As Mario Moura and Christine Ouyang of IBM point out in a white paper for the Cloud Standards Customer Council, the hybrid cloud’s many hosting and storage options are ideal for sharing data and analytics tools between multiple workers, even those separated by great distances.
Determining exactly how these architectures should be designed is difficult, as each enterprise will have its own requirements and operational goals. Sensitive data should likely be kept in on-premises clouds, as will data that must be rapidly accessed by key employees. High-volume workloads, on the other hand, will mostly go to public clouds, as long as there are policies and systems to ensure proper security.
By just about any measure, an integrated cloud environment is a far more workable solution than multiple disparate clouds. The deeper answer to the question “What is cloud integration?” is that it is the process of preventing the kind of silo-based infrastructure that plagues data centers from being repeated in the cloud.
Cloud integration requires careful planning, and if you lack the skills in-house, working with a trusted partner can help you quickly get your cloud environment fully functional, without costly mistakes along the way. Learn more about finding a non-disruptive path to the cloud for your enterprise.
The post What Is cloud integration? appeared first on Cloud computing news.
Quelle: Thoughts on Cloud