is there any need to have azure backup plan? - azure

I want know is there any need to have backup plan? I am just curious about if azure have its policy that they can maintain backup of all application they have installed on there server so is there any need to take extra plan to have separate backup of our own code and database ? Please guide me ?

This purely depends upon the product which you are going to develop/host within Azure. There are several factors like SLA(Service Level Agreements), Compliances, Audit/Policies etc.,
Let say if your product related to healthcare/financial domain. In such a case, you need to follow certain policies, compliances.
Healthcare related products should be HIPAA compliances
Financial/Cards products should be PCI DSS
You can find all the list of compliance with Azure here
The Answer may be not be needed. Azure has a lot of services for managing backups. If your project/product is compliance, Audit, and policies approved by Azure. Then you don't really need a separate backup from your side.

Related

Can we have multiple effect in Azure Policy

I have created a policy which will enable Azure Hybrid Benefit for Windows Servers, Client & SQL. We have multiple subscriptions created based on prod and sandbox. What i'm looking for is, If the subscription is belongs to prod then it should do audit and for others it should do Append. So i think it should have kind of if else condition or where condition, but as i checked i don't see any reference article or any possibble solutions to achieve the same. Can someone guide me how to acheive the same. Thanks in advance!
Regards,
Logan
I would consider setting up an Azure Management Group hierarchy with the first level below the Root MG broken out into Prod and Sandbox. From there, you can scope different Azure Policies (one for Audit, the other for Append) depending on the Management Group the subscription falls under.

What would be a practical implementation of the Azure enterprise-scale landing zone architecture?

I've been reading through the Microsoft Cloud Adoption Framework for some time now. In our company, we have a similar implementation (hub-spoke), but a lot less modular like it is depicted in the docs. We don't have an identity or management subscription for example.
When looking at our own hub-spoke architecture, we basically only have 2 spokes: non-prod and prod in which we deploy all applications (VMs) inside one big VNet (one per spoke). Since we have hundreds of VMs ranging from very small tools on a single VM up to large complex setups with dozens of VMs, we would eventually also have many landing zones (and therefor VNets) I suppose? Our hub contains central shared services like the firewall, domain controllers etc.
Important to know is that we don't do any in-house application development or let other departments like marketing deploy Azure resources themselves. We basically setup Azure infrastructure into the spokes from within our central IT infrastructure department and give external partners access to deploy their applications into it.
What I'm particularly curious about is when you would decide to create a new landing zone in this architecture? Would you have a landing zone for each application? One for each department to enable self-service? Is our approach a good idea?
Very interested to learn how other companies are implementing this architecture.
The big part of enterprise scale landing zone is probably the modules you mentioned that are missing in your implementation.(Or any start small type of land zone)
Enroll in EA so you have an account to manage multiple subscriptions
Have the proper resource organization in place(management groups and
subscriptions).This ensures that you can deploy policies and RBAC
etc at the proper level.
Landing Zone sits on much high level than the applications(resource groups). There is no need for more than 1 Landing Zone. You maybe need to extended it, by either creating new Spoke, and/or in some case new subscription.

MS Azure - Can a single organization have multiple organizations under it?

I'm looking into transitioning all our company systems to MS Azure from our current on-premises setup. We have multiple affiliates operating using their versions of the same system (i.e. a custom built application that is fundamentally the same but is tailor fit to specific business cases/industries.
Is it possible for our mother company to register for MS Azure, and the affiliates exist as separate organizations on that plan? or is each organization required to have its own Azure subscription?
Many Thanks,
Jevb
I saw many different implementations of Azure for companies. Mostly based on per-separate-subscription model, sometimes I saw working with 1 subscription and then splitting teams to Resource Groups, I think it is all up to the company, budgets and goals.
I would recommend to read first these, maybe this will give you some hints how to start and migrate :)
https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/reference/azure-scaffold
https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/decision-guides/subscriptions/
https://learn.microsoft.com/en-us/azure/governance/management-groups/overview
You can have one tenant for your whole company, and individual subscriptions for each business case. The way that Azure does billing it is nice to split your industries into separate subscriptions until you have a solid tagging strategy in place.
I would highly suggest looking into management groups within Azure as you start to implement policy and RBAC for your individual subscriptions so that you can adhere to security best practices and avoid repeating yourself.
https://learn.microsoft.com/en-us/microsoft-365/enterprise/subscriptions-licenses-accounts-and-tenants-for-microsoft-cloud-offerings?view=o365-worldwide
https://learn.microsoft.com/en-us/azure/governance/management-groups/overview

How to prevent provisioning of expensive services

I have an Azure subscription and there are a number of services available.
If I configure VM, web apps, application. etc.,
there are few high-end resources which are very expensive.
In order to avoid unwanted billing,
I want to create a policy that allows only a few services and lower configuration resources.
Is there an Azure policy that can do that?
If I configure VM, web apps, application.. etc there are few high-end
resources which prices are high. In order to avoid unwanted billing, I
want to create policy there allow only a few services and lower
configuration resources
Do take a look at Azure Policy. In short, Azure Policies enables Cloud Governance and by defining proper policies, you can restrict creation of certain kinds of resources, disallow certain SKUs for resources and more.
However, as a good practice, you should have only few people in your organization who have the capability to provision resources and there should be a formal procedure for provisioning resources. One of my friend burned $180,000 in Azure in just 3 months because every developer in his team has the capability to create resources in the company's Azure Subscription. The developers in the team created resources as they pleased without thinking about pricing implication.

Data sovereignty vs Azure hosting options

I'm just learning about Azure so forgive me for my naivety. I work for a federal government that would be very hesitant to have their applications and data hosted in another country. Could a local company offer "Azure" services? i.e. could software developers in a government department build their applications and deploy them to the Azure cloud, ensuring that their data stays within the country? Or would they have to look at a non-Microsoft cloud provider?
Data and Compute will reside in the datacenter you specify. Blobs, Tables and Queues are also backed up automatically to a paired data center:
San Antonio <--> Chicago
Dublin <--> Amsterdam
Hong Kong <--> Singapore
You can opt-out of cross-datacenter data backup if data sovereignty becomes an issue. Once opted-out, data would only be in the specified data center, and you'd need to handle DR on your own (by possibly backing up data to on-premises storage).
Aside from those 6 datacenters, Fujitsu runs a Windows Azure data center in Japan. See this press release for more info.
Yes, when you create your Azure service you can specify what region (of the country) it runs in.
I'm not sure if you know this, but the Federal CIO (Vivek Kundra) is really pushing hard for Agencies to move to the cloud. You might want to check out Info.Apps.Gov for guidelines on the Federal Cloud initiative and resources for what you can and can't do.
To answer your immediate question: No. Only MS hosts Azure to my knowledge. I do know that Amazon is bending over backwards however to accommodate Government clients and you can control which datacenters are used on that service. MS appears to have a similar capability per the other answer to this question.
As far as I can tell, these are the only locations:
http://en.wikipedia.org/wiki/Azure_Services_Platform#Datacenters
If they're that concerned about data security though, they should deal directly with Microsoft, not buy Azure services that same way a client usually would. Microsoft may be able to arrange something depending on budget (but probably not).
Edit: What I'm basically saying is, Microsoft is not going to arbitrarily do special licensing. Meaning you either need a large enough budget to convince MS to build a data center in your country, or you need some other way of convincing MS to allow Azure services hosted in your country. Also, I hate to sound paranoid, but if you're worried about America seeing your data, you likely should avoid Ameican companies.
If there isn't a Windows Azure Data Centre in the relevant country, but you still want to use Azure, you'll need to look at a hybrid cloud model where data remains resident in a private cloud. However, in-flight data can still present complications for some organisations and Azure may not be the right answer in all cases.
If you like, I can talk about it some more using Chat. The company I work for specialises in just these cases and has the only production Windows Azure data centre that isn't owned by Microsoft (and isn't in the US). Probably best not go into further specifics here, though, for fear of my answer looking like pure spam!

Resources