6 Components of an Optimized Azure Infrastructure

by Neal Zimmerman 0 Comments

Your organization has made the business decision to move computing services into the public cloud to take advantage of its key benefits such as elasticity, agility, and ease of access—smart.

Whether you’ve been hosting all services in your own data center, a colocation service, or a vendor’s private cloud, it’s critical to prepare and optimize the infrastructure before your company begins its migration to the public cloud, including Microsoft Azure. Agio’s cloud migration engineers help identify and plan for the following: Azure subscriptions, hybrid identity, disaster recovery and resilience, networking, security, and governance.

Azure subscriptions

There are multiple ways to purchase an Azure subscription, including Pay-As-You-Go, Enterprise Agreements (EA), Open Licensing from Microsoft resellers, or Microsoft Partners known as Cloud Solution Providers (CSPs). Purchasing from a CSP like Agio provides the most flexibility and easier administration. We handle the often complex Microsoft billing process and provide you with an easy-to-understand monthly invoice.

Hybrid identity

Managing user access to Azure resources with identity and access management (IAM) is an essential step in pulling together an Azure infrastructure. Agio plans the integration between Azure Active Directory (Azure AD) and your existing Active Directory Domain Service. This way, users enjoy a seamless login experience for cloud-based resources by maintaining a single username and password combination. Integration also allows you to control access to your Azure services using existing security groups and boundaries.

Disaster recovery and resilience

As we plan the hybrid environment, Agio builds resilience and a disaster recovery strategy into the Azure design. Strategies range from a single-region deployment, which relies on Azure platform features such as fault domains and regional pairing for resilience, through to a full active-active model in which cloud services and databases are deployed and are servicing users from two regions.

Our experience shows that a middle-of-the-road approach is often most suitable. We will deploy apps and resources in a primary region and keep a full copy of the infrastructure in the secondary region so that it’s ready to act as a full backup if a complete app disaster or regional failure occurs. This active-passive model provides resiliency to your cloud service while controlling costs.

Networking

The Azure virtual network design has to include methods for connecting to your local network so users in the office can connect to Azure resources easily, and it has to allow for simple and secure access for your remote staff. It must be scalable and able to grow as your business expands.

While Express Route connections provide direct connectivity to the Azure datacenter(s), they are often cost prohibitive for most smaller organizations. Agio recommends creating a site-to-site VPN between your datacenter and the Azure network. Remote users connect through client-based VPN connections to your datacenter, which allows them access to hybrid resources in both your datacenter and the Azure network.

Security

Security is crucial in the cloud, so it’s important to have dedicated engineers who can evaluate the wide array of security tools and capabilities Azure provides. Agio’s security engineers understand which tools to leverage, including

  • Azure Security Center. Azure Security Center provides unified security management and advanced threat protection across hybrid cloud workloads. We use it to apply security policies across your workloads, limit your exposure to threats, and detect and respond to attacks.
  • Network security groups. A network security group (NSG) filters network traffic based on a list of security rules allowing or denying network traffic to resources connected to Azure VNets.
  • Data encryption. Azure Disk Encryption is a capability that encrypts your Windows and Linux IaaS virtual machine disks.

Governance

Agio automatically implements aspects of governance and security as we configure identity and access control. Broadly speaking, we address three areas:

  • Policy. Azure Policy applies and enforces rules and effects over your resources so they stay compliant with corporate requirements and SLAs.
  • Locks. Azure allows you to lock subscriptions, resource groups, and other components so that they can be modified only by those with the authority to do so.
  • Tags. Tags attach metadata to resources so you can control, audit, and manage resources.

Conclusion

Building your Azure infrastructure is more than just providing virtual networks and machines; it requires careful thought, planning, and expertise to make sure the environment is built to meet all security and compliance requirements, is scalable, and provides both cost efficiencies and a simplified end-user experience.

If you’re planning a migration or have already begun, Agio’s experienced cloud engineers provide the guidance, design, and implementation steps to ensure a successful project. Give us a call. We’re here to help.