Kategorie: Microsoft Azure

Introducing the Microsoft Azure Well-Architected Framework

As the technology requirements of your business or practice grow and change over time, deploying business-critical applications can increase complexity and overhead substantially. To help manage this ever-growing complexity, we are pleased to announce the introduction of the Microsoft Azure Well-Architected Framework. Following industry standards and terms, the Azure Well-Architected Framework provides a set of Azure architecture best practices to help you build and deliver great solutions.

The Azure Well-Architected Framework is divided into five pillars of architectural best practices: cost management, operational excellence, performance efficiency, reliability, and security. These pillars help you effectively and consistently optimize your workloads against Azure best practices and the specific business priorities that are relevant to you or your customers' cloud journey.

Get started with the Azure Well-Architected Framework:

Read the framework content, reference material, and samples available in the Azure Architecture Center.
Take the Azure Well-Architected Review on Microsoft Assessments.
Learn how to Build great solutions with the Microsoft Azure Well-Architected Framework on MS Learn.

Here is how each of these modalities can help you improve your workloads and grow your business.

Get started

Designing and deploying a successful workload in any environment can be challenging. This is especially true as agile development and DevOps/SRE practices begin to shift responsibility for security, operations, and cost management from centralized teams to the workload owner. This transition empowers workload owners to innovate at a much higher velocity than they could achieve in a traditional data center, but it creates a broader surface area of topics that they need to understand to produce a secure, reliable, performant, and cost-effective solution.

As an example, consider a Dev/Test workload that you’ve deployed as a simple proof of concept to measure the feasibility of Azure. If you’ve never had to manage the security, cost, performance, and reliability constraints for a workload, how do you ensure that your proof of concept is valid? How do you know you’re even asking the right questions or reviewing the metrics that you have available? The Azure Well-Architected Framework helps you make all the appropriate considerations for your workload.

For existing workloads, an additional tool that aligns with the Azure Well-Architected Framework is Azure Advisor. The guidance provided by Azure Advisor helps you pinpoint specific resources in your application that can be improved across the five pillars. Additionally, recommendations are prioritized according to our best estimate of significance to your environment, and you can share them with your team or stakeholders.

Review your workloads consistently

The Azure Well-Architected Review is designed to help you evaluate your workloads against the latest set of Azure best practices. It provides you with a suite of actionable guidance that you can use to improve your workloads in the areas that matter most to your business. Every customer is on a unique cloud journey, so we designed the Azure Well-Architected Review to be tailored to an individual company’s needs. You can evaluate each workload against only the pillars that matter for that workload, so when evaluating one of your mission-critical workloads, you might examine reliability, performance efficiency, and security first and then later come back and look at the other pillars to improve your operational efficiency and cost footprint.

 
As you complete the assessment, you're provided a score for each pillar that you chose to evaluate and an aggregate score across the entire workload. You also receive a set of actionable recommendations that you can follow to better align the workload with your business priorities.

At the current pace of technical innovation, having a well-architected workload is a moving target. As best practices and technology evolve, business priorities change, or other factors shift, what was best for your workload may move right along with it. To continuously meet these targets and requirements, update your process to regularly review and monitor your or your customers' most important workloads to ensure that they're reliable, secure, and operating as expected.

Learn how to build great solutions

At Build 2020, we introduced the Build great solutions with the Microsoft Azure Well-Architected Framework learning path, which you’ll find helpful if you’re new to building solutions in the cloud or prefer a more interactive experience. This learning path consists of six modules: an overview of the framework along with one module for each pillar that provides a high-level conceptual overview without getting bogged down in the specific details of workload optimization.

 

Next steps

For a quick introduction to the Azure Well-Architected Framework please visit us at this session, or explore one of the modalities that we’ve detailed above.

We’re rapidly iterating to build out Azure Well-Architected across each of the channels we’ve detailed. If you have feedback, please reach out to us via GitHub, Facebook, and Twitter.
Quelle: Azure

Build safer, more resilient workplaces with IoT solutions

We are coming together as a global community, looking for opportunities to act or perform small steps that drive change for the better. Many parts of the world are still in the first stage of responding, actively working through the immediate crisis with urgency. While other areas have started on recovery, looking at how to restart the economy, provide stability, and most importantly bring together our society. Amidst these goals are also questions, how do we make it safe for people to connect in person? To have a meal with friends, travel to see loved ones, or function as a community?

Top of mind for many organizations, and a theme prevalent at Microsoft’s inaugural virtual Inspire conference this week: how do we make it safe for people to return to the workplace? And how can the Internet of Things (IoT) play a role in supporting these phases of responding, recovering, and rebuilding?

Digital capabilities enabling business resilience

The COVID-19 outbreak has been a reminder of how interconnected humanity is globally—and how resilient the human spirit can be. But it has also shown that businesses using technology to stay connected have been more resilient than others.

In the world of IoT, we have the ability to transform analog and digital feeds, to reason over data and respond immediately. The response is important. In today’s increasingly connected world, we have seen organizations and industries respond to market demands and needs by putting technology at the center of their business. But more importantly, we are also seeing customers use technology built on the Microsoft platform to develop their own unique digital capabilities.

As we see these organizations build out their own digital capabilities—most recently with a focus on coming out stronger from this global outbreak—it is those that are able to quickly adapt to the changes around them that emerge resilient. At Microsoft, we built an edge and cloud methodology grounded by the principles of trust, responsibility, and inclusiveness. And organizational resilience is built upon cloud-enabled technologies that offer on-demand tools tailored to your needs, enable productivity enhancement, drive cost savings, and so much more.

Innovations leading the way to safer workplaces

It has been energizing to see the innovative strides being made by our partners and customers. To see how they are investing in digital capabilities and addressing our global challenge. And this use of technology has helped many of our customers as they were forced to adapt to new ways in an accelerated fashion. What would have taken years has happened in mere weeks.

As we enter this phase of recovery, many of our partners are using IoT solutions to solve the question of how we enable safer workplaces. Microsoft’s role as a platform provider is to empower our partner ecosystem with platforms upon which to build solutions to meet the evolving needs of their customers.

Employee health testing

One of the first areas we have come to re-examine as part of this global outbreak is how sick you should be before you avoid the workplace. We have also shown ourselves time and time again in the past few months that you do not need to be in the office to be productive, efficient, and connected.

However, as some of us slowly return to work in office or factory environments, we are all sensitive to how others around us are feeling. IoT partners are building solutions on the Microsoft platform to monitor public health in public spaces, including business offices. These IoT solutions use connected devices—such as thermal imaging cameras for temperature monitoring, smart sensors for promoting social distancing, and hand sanitizer dispensers to encourage recommended hygiene—and turn the data gathered at the intelligent edge into valuable insights that can help manage how people are interacting with their environment.

Employee wellbeing, proximity, and contact

With the return to work, we anticipate how our work environments are structured will change. From office layouts and break rooms to the normal business handshake, some level of social distancing will be part of our daily routine.

Microsoft partners have developed IoT solutions that use proactive monitoring and real-time alerts to track employee proximity and ensure a safe, healthy working environment is being promoted. Microsoft partners have architected contactless UI systems that help minimize potential exposure by reducing touchpoints throughout the day.

Workplace sanitization

Even with reduced touchpoints and increased distancing, workplace sanitization will be more important than ever. BrainLit's BioCentric Lighting™ (BCL) system is a dynamic, self-learning, IoT-based system that delivers disinfection through ultraviolet light in unoccupied spaces, to promote health and well-being and help kill viruses without disrupting business operations. This solution leverages Azure Sphere, which connects the BrainLit devices directly to the cloud for complete Azure-based security and the latest OS and app updates, ensuring an up-to-date and scientifically based lighting and disinfection system.

Just as important as hygienic workspaces will be, so will the use of personal protective equipment (PPE) as we return to work. Partners have built solutions with the Azure intelligent edge to increase visibility of adherence to face mask policies, so safety violations and concerns can be quickly addressed, and a safe work environment maintained.

The role of security in digital capabilities

With solutions like the above, we are capturing more and more data that is used to generate valuable insights and contribute to a safer, healthier workplace for our employees. Yet a key part of this conversation is the importance of building all these solutions on a foundation of security. Especially as we move to a more connected world where we realize our potential to work from anywhere, it is more essential than ever to also protect our companies and our employees from a cybersecurity perspective.

From democratized data to digitized processes, companies must ensure the necessary security practices and procedures are in place to manage disparate technologies and various attack vectors. Plus, with attackers becoming increasingly creative in how they try to infiltrate IoT deployments by identifying security weaknesses, building security into every part of your IoT platform helps minimize risks to your private data, business assets, and brand reputation.

As companies build out their digital capabilities, they must be thoughtful and implement security by design. It requires that protection be built-in at each stage of your solution’s deployment—including your cloud services and devices—and that security weaknesses are minimized where they exist. And it requires using technology built on decades of experience to make your threat detection and response smarter and faster with AI-driven security signals that modernize your security operations.

Just as critical is protecting people’s privacy, especially as companies focus on digital technologies used for tracking, tracing, and testing to fight the global outbreak. Here at Microsoft, we believe privacy and ethical concerns must be considered as we move forward to use data responsibly in creating safer workplaces. We have seven privacy principles that we believe everyone should consider using to ensure people are in control of their data and understand how it will be collected and used—from providing appropriate data safeguards to deleting data as soon as it’s no longer needed.

Learn more about creating safer workplaces

In this increasingly connected world, it is thrilling to see the variety of IoT solutions and devices that exist to help generate valuable insights. Yet these same solutions don’t always have the necessary digital capabilities due to legacy, inflexibility, or the need for human intervention to respond. The result of this is we fail to act on the very insights presented to us.

Now, more than ever, we can’t afford to fail. But even more importantly, we can’t afford to not act. The decisions we make now as individuals, leaders, societies, organizations, and countries will have both an immediate and long-lasting impact. And the decisions we don’t make—even more so.

As companies look to reopen, how they bring together technology and people will play a key role in creating safer, more resilient workplaces. And companies that enhance their digital capabilities, so they can act more quickly and make informed decisions, will be able to successfully navigate future changes and uncertainties.

Contact iotcovidsupport@microsoft.com to discuss how IoT solutions built on Azure can help you to return to the workplace safely.

 

Microsoft does not create technologies related to contact tracing, exposure notification, and case management and does not imply or expressly represent any vetting or endorsement of contact tracing, exposure notification, or case management technologies.
Quelle: Azure

Microsoft Azure IoT Connector for FHIR now in preview

Today, Microsoft released the preview of Azure IoT Connector for FHIR—a fully managed feature of the Azure API for FHIR. The connector empowers health teams with the technology for a scalable end-to-end pipeline to ingest, transform, and manage Protected Health Information (PHI) data from devices using the security of FHIR® APIs.

Telehealth and remote monitoring. It’s long been talked about in the delivery of healthcare, and while some areas of health have created targeted use cases in the last few years, the availability of scalable telehealth platforms that can span multiple devices and schemas has been a barrier. Yet in a matter of months, COVID-19 has accelerated the discussion. We have an urgent need for care teams to find secure and scalable ways to deliver remote monitoring platforms and to extend their services to patients in the home environment.

Unlike other services that can use generic video services and data transfer in virtual settings, telehealth visits and remote monitoring in healthcare require data pipelines that can securely manage Protected Health Information (PHI). To be truly effective, they must also be designed for interoperability with existing health software like electronic medical record platforms. When it comes to remote monitoring scenarios, privacy, security, and trusted data exchanges are must-haves. Microsoft is actively investing in FHIR-based health technology like the Azure IoT Connector for FHIR to ensure health customers have an ecosystem they trust.

FHIR to fuel the Internet of Medical Things

FHIR (Fast Healthcare Interoperability Resources) is now the interoperability standard for secure and private exchange of health data. FHIR began as an open source framework for clinical data, but it’s growing adoption makes it an ideal technology to bring together data from the growing “Internet of Medical Things” (IoMT) and expand healthcare in remote monitoring scenarios.

Today remote data capture often requires device-specific platforms, making it difficult to scale when new processes are added or if patients use multiple devices. Developers have to build their own secure pipelines from scratch. With the Azure IoT Connector for FHIR available as a feature on Microsoft’s cloud-based FHIR service, it’s now quick and easy for health developers to set up an ingestion pipeline, designed for security to manage PHI from IoT devices. The Azure IoT Connector for FHIR focuses on biometric data at the ingestion layer, which means it can connect at the device-to-cloud or cloud-to-cloud workstreams. Health data can be sent to Event Hub, Azure IoT Hub, or Azure IoT Central, and is converted to FHIR resources, which enables care teams to view patient data captured from IoT devices in context with clinical records in FHIR.

The key features of the Azure IoT Connector for FHIR include:

Conversion of biometric data (such as blood glucose, heart rate, or pulse ox) from connected devices into FHIR resources.
Scalability and real-time data processing.
Seamless integration with Azure IoT solutions and Azure Stream Analytics.
Role-based Access Control (RBAC) allows for managing access to device data at scale in Azure API for FHIR.
Audit log tracking for data flow.
Helps with compliance in the cloud: ISO 27001:2013 certified, supports HIPAA and GDPR, and built on the HITRUST certified Azure platform.

 

Microsoft customers are already ushering in the next generation of healthcare

As the delivery of healthcare shifts outside the exam room, new FHIR-enabled technology is fueling IoT scenarios across the ecosystem of Microsoft’s customers.
Here are few of the great solutions already underway:

Humana’s Conviva Care Centers transform care for chronic conditions with IoT and FHIR

Conviva Care Centers, Humana’s senior-focused primary care subsidiary, will be using the Azure IoT Connector for FHIR this fall as Humana accelerates remote monitoring programs for patients living with chronic conditions. Congestive heart failure patients who monitor their weight and blood pressure at home will be able to use a new platform that enables easy sharing of data with their care team. Data from in-home devices, like scales and blood pressure cuffs, can be transferred via Azure IoT Connector for FHIR, providing doctors and nurses real-time data managed in a highly secure and private pipeline and allowing for proactive virtual touchpoints. Humana’s flexible remote monitoring platform will not only ensure patients have the support they need between clinic visits, but will also accelerate the future of user-centric care.

“Using the Azure IoT Connector for FHIR will open up new remote care paths for patients living with chronic conditions. Being able to make decisions with data coming in real time from home devices will be the game changer for improving the quality and timeliness of patient care.” —Marc Willard, Senior Vice President of Digital Health and Analytics at Humana

Sensoria Health’s Motus Smart—powered by Sensoria—is the new gold standard for enabling diabetes rehabilitation with remote monitoring

Motus Smart, powered by Sensoria, is a cutting-edge device used to provide remote patient monitoring quantified patient adherence and activity data to manage patients with diabetic foot ulcers and reduce amputation risk. Sensoria was able to deploy the Azure IoT Connector for FHIR to enable highly secure data exchange from the Motus device to patients, their doctors, and others within their circle of care. Clinicians at the Rancho Los Amigos National Rehabilitation Center are using enterprise-class applications to see real-time data, proactively reach out to patients, and address any issues that might be impeding proper treatment.

Centene connected health data platform helps manage chronic diseases

Centene is using Azure IoT Connector for FHIR in an effort to better manage the ever-expanding personal bio-metric data resulting from the proliferation of wearables and other medical devices. The company is leveraging the connector to explore the use of near-real-time monitoring and alerting as part of its overall priority on improving the health of its members, enabling them to take better care of themselves, and supporting its care management staff with actionable insights to improve the health of the communities Centene serves. In the future, Centene intends to use the connector to monitor and manage chronic conditions such as congestive heart failure, diabetes, and high-blood pressure. By leveraging Microsoft’s scalable, open platforms, Centene can make further progress toward improving outcomes for Centene Health Plan members.

Learn more and get started

We’re excited about the way our customers are embracing and delivering transformative care with FHIR technology. As we bring down the barriers of interoperability with new FHIR-based tools, the future vision of how we can evolve healthcare starts to unfold and it's inspiring.

Microsoft has expanded the tools in our FHIR ecosystem to include IoT pipelines, so our customers have easy to use, interconnected tools for responsibly managing patient health data. Whether you’re building clinical applications, analytics engines, or developing artificial intelligence (AI) with telehealth and remote monitoring, we want to make sure you have pipelines for PHI data with security in mind. Check out the Azure IoT Connector for FHIR and the Azure API for FHIR to get started today!

Read more about the Microsoft Cloud for Healthcare, which brings together our integrated capabilities, like our FHIR tools, with robust cloud capabilities specific to customers and partners in the healthcare industry. The Microsoft Cloud for Healthcare enriches patient engagement and connects health teams to help improve collaboration, decision-making, and operational efficiencies.

 

FHIR® is the registered trademark of HL7 and is used with the permission of HL7.
Quelle: Azure

Azure Time Series Insights Gen2: Leading the next generation of industrial IoT analytics platforms

The Internet of Things (IoT) is well-established for helping businesses find real-time insights from their industrial assets opening the path towards Industry 4.0. Answering questions like “how are all of my assets performing right now?” or “how can I improve my manufacturing process and attainment?” and “when will my assets need servicing?” used to be impossible to know or required manual data collection that was always out of date.

Today, business leaders are taking advantage of IoT to see this information with the click of a button. Yet as larger volumes of data are collected from industrial assets, finding insights can become more and more difficult. It can start to require costly and time-consuming data wrangling and data analytics techniques performed by highly specialized staff.

This is where Azure Time Series Insights Gen2 comes in. This fully managed IoT analytics platform—generally available today—enables you to uncover hidden trends, spot anomalies, and conduct root-cause analysis in large volumes of industrial data with an intuitive and straightforward user experience. Simple yet powerful, Azure Time Series Insights Gen2 allows you to explore and analyze billions of contextualized events across millions of sensors.

Since Azure Times Series Insights Gen2 is a serverless offering, you don’t have to worry about managing complicated compute clusters yourself. Additionally, Azure Time Series Insights Gen2 provides a scalable, pay-as-you-go pricing model enabling you to tune your usage to your business demands.

Azure Time Series Insights Gen2 is both a web experience and a platform. Knowledge workers can use the Time Series Explorer web experience to find insights from petabytes of IoT data in seconds through the simple, intuitive user interface. Developers can use the open and scalable platform to build solutions and custom user experiences with our rich APIs and JavaScript SDKs.

Azure Time Series Insights Gen2 is tailored for industrial IoT applications.

Driven by feedback from customers around the globe, here are key features that are now generally available and how they benefit industrial IoT customers.

Azure Time Series Insights Gen2 offers multi-layered storage

IoT customers work with IoT data in a variety of ways. The two most common scenarios we see are:

Highly interactive analytics over a short time span.
Advanced analysis of decades worth of historical data.

Azure Time Series Insights Gen2 covers both scenarios with retention-based data routing between managed warm and bring your own cold stores, including Azure Data Lake Storage. Warm store can be configured to retain up to 31 days of IoT data allowing you to perform highly interactive asset-centric analytics with low latency to monitor, trend, and troubleshoot your assets. Cold store, with its near-infinite, retention can be used to store decades worth of historical IoT data, ready to be used for operational intelligence and improved efficiencies.

Multi-layered storage.

Enterprise scale to power the analytics needs of industrial customers

Azure Time Series Insights Gen2 powers the analytics needs of many industrial customers across all major segments, including manufacturing, power and utilities, oil and gas, automotive, smart buildings, and mining. These customers generate billions of events across millions of data points, with most struggling to keep pace with the vast amounts of data generated by their assets. Azure Time Series Insights Gen2 scales to accommodate high volumes of data quickly and efficiently. Alongside our scalable storage options, Azure Time Series Insights Gen2 supports one-million-time series instances (or tags) per environment with rich semantic modeling. This allows you to seamlessly explore highly contextualized data and correlate trends across your industrial assets to unlock insights and achieve operational excellence.

Azure Time Series Gen2 supports one million tag instances.

Microsoft Power BI connecter helps bring your data silos together

The ability to bring your data silos together is important to make data driven decisions and drive digital transformation. Azure Time Series Insights Gen2 provides an out of the box Power BI connector which connects your Azure Time Series Insights Gen2 queries to a Power BI workspace. You can easily view your time series and business intelligence data in a single pane of glass to make better decisions with a holistic view of your business posture.

Azure Time Series Gen2 integrates with Power BI.

Contextualize raw telemetry with the Time Series Model

Traditionally, the data that's collected from IoT devices lacks contextual information, which makes it difficult to use for business purposes. The Time Series Model, within Azure Time Series Insights Gen2, allows you to contextualize raw telemetry by defining hierarchies, instance properties, and types. This makes your analysis of asset-centric data simple and more valuable to your organization.

It’s easy to get started with Time Series Model using Time Series Explorer to both author and curate your model. Alternatively, the Time Series Model can also be managed through our rich API surface.

The Time Series Model, within Azure Time Series Insights Gen2, allows you to contextualize raw telemetry.

Gain insights using Azure Time Series Insights Gen2 with Azure Digital Twins

Achieve even greater insights by integrating Azure Time Series Insights Gen2 and Azure Digital Twins. Azure Digital Twins allows you to fully model your physical environment and stream live IoT data for a complete view of your connected assets and environments. Understand how your assets, customers, and processes interact in both real and simulated environments.

 

Gain greater insights using Azure Time Series Insights Gen2 with Azure Digital Twins.

Open and flexible integration

Azure Time Series Insights Gen2 can be used with tools you know and love. Our cold store is backed by a customer-owned Azure Data Lake. Combining Azure Data Lake storage with our native support for the open source, highly efficient Apache Parquet lets you dive into decades of historical IoT data.

In addition, Azure Time Series Insights Gen2 ships with a Power BI connector allowing customers to export the time series queries they create in Azure Time Series Insights Gen2 into Power BI and view their time series data alongside other business data. Other highly sought-after connectors for popular analytics platforms such as Apache Spark™, Databricks, and Synapse will become available over time.

Time Series Explorer—analytics tool for knowledge workers and developers

The first-class user experience of the Time Series Explorer lets you use interpolation, scalar and aggregate functions, categorical variables, scatter plots, and time shifting of time series signals to analyze the data.

Time Series Explorer features the following user experience capabilities:

Automatically refresh charts.
Reverse lookup instance placement within the hierarchy.
Select and chart multiple variables through a single operation.
View chart statics.
Create marker annotations.
Duplicate time series instances in the well and change variables.
Change the line colors through the new color picker tool.
Use swim lanes to group related time series together.

New rich query APIs now give you the ability to use interpolation, new scalar and aggregate functions and categorical variables outside of the Time Series Explorer.

Time Series Explorer features the following API capabilities:

Interpolate patterns from existing data to reconstruct time series signals.
Process discrete signals using categorial variables.
Apply trigonometric functions to identify patterns.
Calculate time weighted averages.
Leverage new APIs for hierarchy traversal, time series search, auto-complete, paths, and facets.
Query data at scale with improved search and navigation efficiency.
Leverage new conditional logic, such as IFF, which allows you to determine if an expression is true or false when selecting what data should be considered for computation. When used with categorical variables, you can create threshold monitors and map ranges of values to their categories.

Customers are using Azure Time Series Insights to gain business insights in manufacturing, power and utilities, oil and gas, automotive, smart buildings, and mining.

Fonterra empowers employees with data

Founded in 2001, Fonterra is the world’s second largest dairy processor, responsible for approximately 30 percent of global dairy exports. Owned by over 10,000 New Zealand farmers, the co-operative operates in over 100 countries and processes approximately 22 billion liters of milk each year.

In 2018, Fonterra made a decision to fast-forward their digital transformation. After a lengthy review, Microsoft was chosen to upgrade their old system with a new, cutting-edge, cloud-based platform. Renamed the “New Historian,” the updated system promises to deliver on their goal of becoming a data driven organization by giving their operators, leaders, data scientists, and business intelligence teams the power to use data more intelligently.

"Fonterra is embracing advanced technologies to transform into a data-driven organization. We selected Azure Time Series Insights to provide storage, contextualization, and analysis capabilities and replace our legacy on-premises historian. This will allow us to effectively consolidate our data to empower operators, leaders, data scientists, and business intelligence teams." —Tristan Hunter, General Manager of Automation and Operational Technology, Fonterra

ENGIE Digital supports thousands of assets

ENGIE Digital, a provider of renewable energy, delivers energy and provides energy-related services to millions of consumers in more than 50 countries. ENGIE Digital designs, builds, and runs unique solutions that help other ENGIE Digital business units by supporting their development and operations. ENGIE Digital uses an in-house operational platform to collect and process millions of IoT signals every second from thousands of wind, solar, biogas, and hydroelectric energy assets around the globe—often in real-time.

ENGIE Digital selected Azure Time Series Insights and Microsoft Azure IoT Edge to modernize its platform. With these updates, the platform now supports ENGIE Digital teams across hundreds of renewable energy sites worldwide.

“Azure Time Series Insights is a foolproof solution. Its scalability, resilience, performance, and cost-effectiveness mean we always have the latest data at hand.” —Sebastien Gauthier, Head of Darwin Delivery, ENGIE Digital, energy and energy-related service provider

ShookIOT leverages Azure Time Series Insights to deliver customer insights

Oil and gas industry veterans, Dr. Dave Shook and Leanna Chan, have spent twenty years consulting with clients in the oil and gas industry. Time and time again, they see oil and gas companies struggling to leverage the full value of their data.

Traditionally companies store data in on-premises time-series database applications called historians; legacy operational technology (OT) tools that keep data siloed. This makes it difficult to connect with powerful information technology (IT) tools, such as cloud-based analytics. Additionally, collecting process data can be prohibitively expensive. Some process manufacturers store less than 75 percent of their data.

To address these challenges, the two entrepreneurs had a vision to fuse OT data with IT. They founded ShookIOT in Edmonton, Alberta, Canada in 2017. Their philosophy was to free data siloed on-premises and migrate it to the cloud—specifically the ShookIOT Fusion Cloud Historian running on Microsoft Azure. Once in the cloud, customers, such as Chevron, could harness the full value of their data leverage tools like Azure Time Series Insights.

“After our customer’s data and contextual information is stored in Azure, we leverage tools like Azure Time Series Insights to view data trends and Power BI to create data visualizations.” —Dave Shook, Co-Founder and CEO, ShookIOT

“ShookIOT Fusion improves upon the traditional long-term data storage found at most sites, leverages the Microsoft Azure cloud platform and accelerates all Azure analytics tools by providing operational and business data with context to users. —Leanna Chan, Co-Founder and Chief Revenue Officer, ShookIOT

Gain insights from large volumes of data easily

Explore and analyze billions of contextualized events across millions of industrial sensors. Uncover hidden trends, spot anomalies, and conduct root-cause analysis in large volumes of data with an intuitive and straightforward user experience. We’re excited to see how you use Azure Time Series Insights Gen2 to drive your digital transformation.

See the following resources to learn more:

Visit the Azure Time Series Insights Gen2 product page.
Read the Azure Time Series Insights documentation.
Read the Quickstart guide Explore the Azure Time Series Insights Preview demo environment.
Watch the Microsoft Build 2020 session Make your IoT data useful with an end-to-end analytics platform, Azure Time Series Insights.
View the Channel 9 IoT Show Deep Dive, Analyzing IoT Data using Azure Time Series Insights
Watch the Channel 9 IoT Show, Using Azure Time Series Insights to create an industrial IoT analytics platform.

Quelle: Azure

Azure Data Factory Managed Virtual Network

Azure Data Factory is a fully managed, easy-to-use, serverless data integration, and transformation solution to ingest and transform all your data. Choose from over 90 connectors to ingest data and build code-free or code-centric ETL/ELT processes.

Security is a key tenet of Azure Data Factory. Customers want to protect their data sources and hope that data transmission occurs as much as possible in a secure network environment. Any potential man-in-the-middle or spoof traffic attack on public networks could bring problems of data security and data exfiltration.

Now we are glad to announce the preview of Azure Data Factory Managed Virtual Network. This feature provides you with a more secure and manageable data integration solution. With this new feature, you can provision the Azure Integration Runtime in Managed Virtual Network and leverage Private Endpoints to securely connect to supported data stores. Your data traffic between Azure Data Factory Managed Virtual Network and data stores goes through Azure Private Link which provides secured connectivity and eliminates your data exposure to the internet. With the Managed Virtual Network along with Private Endpoints, you can also offload the burden of managing virtual network to Azure Data Factory and protect against the data exfiltration.

High-level architecture

Azure Data Factory Managed Virtual Network terminology

Managed Virtual Network

The Managed Virtual Network is associated with Azure Data Factory instance and managed by Azure Data Factory. When you provision Azure Integration Runtime, you can choose to have the Azure Integration Runtime within Managed Virtual Network.

Creating an Azure Integration Runtime within managed Virtual Network ensures that data integration process is completely isolated and secure.

Managed Private Endpoints

Managed Private Endpoints are private endpoints created in the Azure Data Factory Managed Virtual Network establishing a private link to Azure resources. Azure Data Factory manages these private endpoints on your behalf.

Private endpoint uses a private IP address in the managed virtual network to effectively bring the service into it. Private endpoints are mapped to a specific resource in Azure and not the entire service. Customers can limit connectivity to a specific resource approved by their organization.

Next steps

Get more secure today by following the steps for a Managed Virtual Network.

Quelle: Azure

Protecting Windows Virtual Desktop environments with Azure Security Center

With massive workforces now remote, IT admins and security professionals are under increased pressure to keep everyone productive and connected while combatting evolving threats.

Windows Virtual Desktop is a comprehensive desktop and application virtualization service running in Azure, delivering simplified management for virtual desktop infrastructure (VDI).

While organizations go through this transformation, allowing their employees to remain productive, IT and security professionals required to ensure the deployment of Windows Virtual Desktop is done in accordance with security best practices so it doesn’t add unnecessary risk to the business. In this blog, we will explore how Azure Security Center can help maintain your Windows Virtual Desktop environment configuration hygiene and compliance, and protect it against threats.

Overview of Windows Virtual Desktop Host Pool architecture

When setting up your Windows Virtual Desktop environment, you first need to create a Host Pool which is a collection of one or more identical virtual machines (VMs). To support the remote workforce use case, these VMs will usually run a Windows 10 multi-session OS. Below is an overview of the architecture:
 
You can find the VMs running in your host pool by checking the Host Pool details and clicking on the Resource Group name:

 

This will bring up the resource group details. Filtering by Virtual Machine will show the list of VMs:

Securing Windows Virtual Desktop deployment with Azure Security Center

Considering the shared responsibility model, here are the security needs customers are responsible for in Windows Virtual Desktop deployment:

Network.
Deployment Configuration.
Session host OS.
Application security.
Identity.

These needs should be examined both in the context of security posture as well as threat protection. Here is an example:

Misconfiguration of the VMs Network layer can increase the attack surface and result in a compromised endpoint. One thing we want to ensure is that all management ports should be closed on your Windows Virtual Desktop virtual machines.
Once your users are connected to their Windows Virtual Desktop session, they might be manipulated to browse to a malicious site or connect to a malicious machine. This can also happen in case there is malware on the machine. Analyzing the network traffic to detect that your machine has communicated with what is possibly a Command and Control center is another protection layer.

Azure Security Center the following security posture management and threat protection capabilities for Windows Virtual Desktop VMs:

Secure configuration assessment and Secure Score.
Industry-tested vulnerability assessment.
Host level detections.
Agentless cloud network micro-segmentation & detection.
File integrity monitoring.
Just in time VM access.
Adaptive Application Controls.

Here is a table that maps Azure Security Center protection capabilities Windows Virtual Desktop security needs:

You can find the complete list of recommendations and alerts in the following Azure Security Center reference guides:

Security Recommendations.
Alerts list.

Switching to the Azure Security Center portal, we can see the Windows Virtual Desktop host pool VMs under Compute & apps followed by the VMs and Servers tab, as well as their respective Secure Score and status:

 

Drilling down to a specific VM will show the full recommendation list as well as the Severity level:

 

These VMs are also assessed for compliance with different regulatory requirements, built-in or custom ones, and any compliance issues will be flagged out under the Regulatory Compliance dashboard.

In addition, security alerts will be showing under Threat Protection followed by Security Alerts:

Both security alerts and recommendations can be consumed and managed from the Security Center portal or can be exported to other tools for further analysis and remediation. One great example would be integrating Azure Security Center with Azure Sentinel as part of monitoring the Windows Virtual Desktop environment.

Enabling Azure Security Center for Windows Virtual Desktop environment

Azure Security Center Free tier provides security recommendations and Secure Score for Windows Virtual Desktop deployments.

To enable all protection capabilities you should follow these two steps:

Make sure you have Azure Security Center Standard tier (as shown below).
Enable threat protection for Virtual Machines.

And one last tip. If you are using Azure Devops CI/CD Pipelines together with Windows 10 Azure VM Image as a solution for continuous build and deploy of the Windows Virtual Desktop solution, you’re most likely using Azure Key Vault for the secret management. If not already enabled, setting up threat protection for Azure Key Vault should be your next stop.

How are you protecting your Windows Virtual Desktop environment? We are sure there are plenty more ideas out there and we would love to see the community submitting them to our GitHub repo.
Quelle: Azure

Preparing for what’s next: Financial considerations for cloud migration

Co-authored by Jorge Magana, Director, Azure Finance (Financial Planning and Analysis).

In the kick off blog of this series, I shared our top recommendations to accelerate your cloud migration journey, one of which was around aligning key stakeholders across your organization. As you move through assessments and plan your migration, it is critical to get buy in from your CFO and other financial stakeholders—even more so in today’s challenging macro-climate.

IT and finance organizations need to be aligned around how to be agile to adjust to rapidly shifting demands while ensuring that their cost structure is lean enough to weather tough market conditions. With this dual focus, it is critical to understand not only the technical benefits of a cloud transition, but also the financial and economic opportunities associated with it. Today I'm sharing my own experience of partnering with finance along with the wisdom that customers have shared about their journey.

How can cloud migration affect CFO priorities?

Here are three key areas that IT organizations need to internalize and align on with their finance organization as they plan cloud migration:

What’s the holistic impact to the organization’s financial posture? 
What will the impact be on external and internal finance KPIs and processes?
What operational changes are required during and after migration to ensure that budget/ROI controls are met? 

How is the organization’s financial posture going to change?

Azure customers constantly unlock new, positive ROI projects previously not possible on-premises as they migrate workloads. By design, Azure is built to facilitate business agility, creating opportunities for true competitive advantage and substantial decrease in time to market. As a result, our customers recognize significant financial benefits driven in large part by cloud flexibility and elasticity and changes in businesses’ financial operating models that reduce asset purchases and upfront cash investments.

Cloud flexibility and elasticity

First, Azure customers can adjust their cost structure to improve their organization’s bottom line, which is table stakes in today’s environment. In recent earnings calls, CFOs of companies not leveraging the cloud mentioned their inability to reduce fixed expenses, which hurt profitability. As our customers migrate to Azure, they are shifting to a cost structure that is variable by design:

Figure 1: Cloud cost structure provides flexibility

 

Next, Azure customers can maximize resource efficiency. We have worked directly with large and small customers alike who were running on-premises workloads at very low resource utilization. These customers purchased assets for peak demand and lead-times, but most of the time those servers, and even some datacenters, were sitting idle and underused. By rightsizing and optimizing capacity when migrating to Azure, customers can realize economic benefits from cloud scale and elasticity. As an example, the built-in scalability in Azure has helped Maersk quickly scale up on demand eliminating the need to maintain idle resources during off-peak times.

“Scalability is one of the big benefits we get from Azure. In the past, it might have taken us months to procure and configure servers and get them into production. Now, we can scale up on demand in Azure in a matter of minutes." – Musaddique Alatoor, Head of Equipment Innovation, A.P. Moller – Maersk

Finally, shifting to a cloud model can reduce costs by enabling customers to consume resources only during peak usage periods, while reducing capacity when demand needs drop.

Changes in the financial operating model

Key financial benefits of Azure are driven by a fundamental shift in the IT operating model, which benefits the organization’s core financial statements in the following ways:

Balance sheet: Prior to migrating to Azure, many of our customers owned or operated their datacenters. These were expensive long-term assets that limited the cash and capital required to grow the business, support strategic initiatives, and respond to market conditions. Once on Azure, our customers avoid buying equipment, repurpose expensive real estate, and shift datacenter operations costs into developing cloud applications and other projects that drive business growth. This makes their balance sheet more agile, shifting fixed assets to cash. This is what drove Maersk to move their five regional datacenters to Azure to lower the company’s risks and position them for continued growth.
Cash flow statement: Azure customers save immediate cash by avoiding cyclical and sporadic IT asset purchases. With the “pay for what you use” model along with platform capabilities like policy and tagging that Azure enables, CFOs increase visibility, predictability and delay cash spend.
Income statement (profit and loss): Over time, Azure customers can improve profitability by reducing the cost to deliver equal or larger IT value by taking advantage of Azure’s flexibility, low management costs, its broad portfolio of services and pricing models. Learn how CYTI was able to take advantage of Azure’s flexibility to reduce infrastructure costs.

"We're now saving about 30 percent a year on infrastructure costs just by moving to Azure, with more flexibility, better servers, greater customization, and more freedom to do what we want." – Darren Gourley, Chief Technology Officer, CYTI

How will financial KPIs and processes change?

When migrating from on-premises to Azure, there are several financial benefits that subsequently impact KPIs and finance processes. The two most prominent are: 1) budget and financial reporting processes: expense shifts from capital expenditure (CAPEX) to operational expenditure (OPEX); 2) Impact on EBITDA (earnings before interest, taxes, depreciation, and amortization).

CAPEX to OPEX: During an Azure migration, spend that was previously allocated to CAPEX is now being redeployed to OPEX. This is optimal from a cashflow timing and a balance sheet flexibility perspective but requires CFOs to shift budgets to support the new model. Capstone Mining used this approach to significantly lower their capital costs by moving to Azure.
"We wanted to eliminate $3 million (USD) in capital costs over about three years, and to reduce our operating costs by approximately the same amount. At the same time, we wanted to improve our quality of service. With Azure, we're confident about meeting these goals." – Jim Slattery, Chief Financial Officer, Capstone Mining
EBITDA: EBITDA is a financial metric that companies use to measure profitability. This metric ignores real costs like server spend. When moving to the cloud, EBITDA is impacted because the metric can no longer ignore costs like server depreciation. When moving to the cloud, if your company tracks EBITDA, it will likely be impacted from a migration shift. As opposed to overly focusing on EBITDA, many customers choose to identify additional financial metrics that better measure business value improvements (such as cash flows, operating income, or cost of goods sold efficiency).

Managing financial KPI’s and processes is a critical component of a CFO’s job. By creating a channel of communication with your financial stakeholders and highlighting symbiotic relationships of some of the KPI and process impacts of a cloud migration, you can begin working with your finance team to proactively reset expectations around both capital/operating budgets and EBITDA targets in a cloud vs on-premises world.

Implementing the business case: Ongoing cost-optimization and management

Once the cloud migration project begins, here are a few tips and best financial practices for success:

Reducing on-premises asset acquisitions: There must be broad internal alignment and processes to evaluate and control how and when teams buy new on-premises assets. Every new purchase will add fixed costs that will prevent cloud savings for a longer period.
Initial resource clean-up, rightsizing, and optimization: When migrating to Azure, consider which workloads are no longer needed and can be turned off. For workloads still needed, consider what can be done to optimize those resources and operational hours, leveraging tools such as Azure Migrate.
Continuous cost optimization: Workloads aren’t static. Once in Azure, leverage our tools (including Azure Cost Management and Azure Advisor) and establish processes to monitor resources and patterns to continuously optimize cloud costs.
Resource tagging and spend categorization: Azure allows for simplified resource tagging and cost allocation compared with on-premises. This helps increase spend accountability, while evaluating workload ROI. Through resource tagging you are able to better align your spend to cost categories like the cost of goods sold (COGS) or research and development and allocate costs of workloads directly to underlying business units. Targeted cost allocation can directly help drive efficiencies and reductions.
Billing models: Azure billing models like reserved instances and spot pricing are fantastic opportunities to save money. As an example, Azure three-year Reserved Instances (RI) do not require upfront payment, have tremendous flexibility, and provide discounts up to 72 percent.
Azure Hybrid Benefit: With Azure you can take advantage of your existing Microsoft licenses with Software Assurance to avoid incremental licensing costs for migrating workloads and maximize previous investments.

Figure 2: Well-optimized cloud usage can free up excess capacity

Aligning cloud spend with underlying workload usage

A) Idle capacity: Azure allows customers to eliminate idle capacity intended to cover future growth across workloads. Actions like rightsizing or eliminating unnecessary workloads can help you reduce your idle capacity when moving to the cloud.

B) Variable workloads: Azure customers only pay for the hours they need when demand temporarily peaks above average levels on variable workloads. Taking advantage of tools and actions like VM scale sets and “snoozing” can help you only pay for the resources needed.

C) Predictable workloads: Azure customers can minimize costs of predictable workloads by taking advantage of Azure Reserved Instances and Spot prices.

What’s next?

As the cloud migration team in IT, ensure finance partners and key stakeholders are brought in from the beginning, and include them in appropriate decision-making and progress review forums. Reach out to your finance peers to better understand their expectations and how you can collaborate as you embark on your cloud migration project. Use the Cloud Adoption Framework for Azure for best practice guidance around aligning your organization to a common vision and approach.
Leverage cost-savings offers (including Azure Hybrid Benefit and Reserved Instances) and free tools (Azure TCO calculator, Azure pricing calculator, Azure Migrate) as you plan and prepare for cloud migration.
Use tools like Azure Cost Management and Azure Advisor once on Azure to drive continuous optimization; ensure financial stakeholders have appropriate access and visibility.
For expert assistance from Microsoft or our qualified partners, check out our Cloud Solution Assessment offerings or join the Azure Migration Program (AMP).

We hope this gives you a good understanding of the critical intersection between IT and finance in the context of your organization’s cloud migration journey. Engaging the migration leadership team within your organization to collaboratively create both the technical and correlating financial roadmap ensures alignment, facilitates migration success and long-term organizational success. In the coming weeks, we will continue this blog series with deeper dives on topics like assessments, Landing Zones, infrastructure, data, and application migration best practices.  

Share your feedback

Please share your experiences or thoughts in the comments section below—we appreciate your feedback.
Quelle: Azure

Run high scale workloads on Blob storage with new 200 TB object sizes

Azure Blob storage is a massively scalable object storage solution that serves from small amounts to hundreds of petabytes of data per customer across a diverse set of data types, including logging, documents, media, genomics, seismic processing, and more. Read the Introduction to Azure Blob storage to learn more about how it can be used in a wide variety of scenarios.

Increasing file size support for Blob storage

Customers that have workloads on-premises today utilize files that are limited by the filesystem used with file size maximums up to exabytes in size. Most usage would not go up to the filesystem limit but do scale up to the tens of terabytes in size for specific workloads that make use of large files. We recently announced the preview of our new maximum blob size of 200 TB (specifically 209.7 TB), increasing our current limit of 5TB in size, which is a 40x increase! The increased size of over 200TB per object is much larger than other vendors that provide a 5TB max object size. This increase allows workloads that currently require multi-TB size files to be moved to Azure without additional work to break up these large objects.

This increase in object size limit will unblock workloads, including seismic analysis, backup files, media and entertainment (video rendering and processing), and others which include scenarios where multi-TB object size is used. As an example, a media company which is trying to move from a private datacenter to Azure can now do so with our ability to support files up to 200TB in size. Increasing our object size removes the need to carefully inventory existing file sizes as part of a plan to migrate a workload to Azure. Given many on-premises solutions can store files in the ten to hundreds of terabytes in size, removing this gap simplifies migration to Azure.

With large file size support, being able to break up an object into blocks to ease upload and download is critical. Every Azure Blob is made up of up to 50,000 blocks. This allows a multi-terabyte object to be broken down into manageable pieces for write. The previous maximum of 5 TB (4.75TiB) was based on a max block size of 100 MiB x 50,000 blocks. The preview increases the block size to 4,000 MiB and keeps 50,000 blocks per object for a maximum object size of 4,000 MiB x 50,000 = 190.7 TiB. Conceptually in your application (or within the utility or SDK), the large file is broken into blocks, each block is written to Azure Storage, and, after all, blocks have successfully been uploaded, the entire file (object) is committed.

As an example of the overall relationship within a storage account, the following diagram shows a storage account, Contososa, which contains one container with two blobs. The first is a large blob made up of 50,000 blocks. The second is a small blob made of a single block.

The 200 TB preview block blob size is supported in all regions, using tiers including Premium, Hot, Cool, and Archive. There is no additional charge for this preview capability. We do not support upload of very large objects using Azure Portal. The various methods to transfer data into Azure will be updated to make use of this new blob size. To get started today with your choice in language:

.Net.
Java.
JavaScript.
Python.
REST.

Next steps

We look forward to hearing your feedback via email or post in the Azure Storage technet forum.

Learn more about Azure Blob storage.
Quelle: Azure