Since Azure Functions host are dynamically added and removed based on the number of incoming events under "Consumption Plan", what is the guarantee that Azure transparently encrypts the data in-transit as well as at-rest on the hosts? Are there any documentations which can share some light on how Azure Functions fulfills HIPAA compliance?
Be careful not to conflate two separate things. The plan type is not relevant to compliance.
Azure Functions are covered for HIPAA apps. You can find the details here: Overview of Microsoft Azure compliance
Note, Azure itself is baseline compliant. But, you yourself can create and deploy an app that breaks compliance, just like you can on-prem. Azure Functions are by nature stateless, but there's little stopping you, the developer, form persisting data in a non-compliant way.
Related
Kind of a simple question, but puzzling...
Is there a stat in Azure services to monitor how many times data factory is / was accessed ?
So, as an example if an automated system is set up to make persistent API calls to ADF with the malicious intent exhaust it is there a way to monitor for that and gather some kind of stats?
The monitoring built into the Azure Data Factory PaaS itself only monitors legitimate, authenticated usage. You can see this on the https://adf.azure.com/en/monitoring/pipelineruns?factory=%2Fsubscriptions%... dashboard.
Notice how the root domain is adf.azure.com - this is the same for all tenants using data factory around the world. Your specific subscription / instance are mere query parameters in the URL. Microsoft Azure is fully managing the actual hosting of this PaaS, which means they are entirely responsible for subverting any DDOS or similar bad-actor attempts on this service. It's not something you have to worry about, and therefore not something you have much visibility into.
If you ever needed or wanted to check in on how microsoft is doing with this, head on over to https://status.azure.com/status and search for the "Azure Data Factory" row:
This is really one of the biggest selling points of using a fully-hosted cloud PaaS such as Data Factory. You are no longer responsible for the hardware, or even range of ip addresses that back this service. No more than you have to worry about someone DDOS'ing outlook.office.com which probably services your entire organisation's email. I could happen, but if it did, it affects all of Microsoft's customers around the world, not just you personally, so there should be no expectation that you personally are doing anything special to mitigate against it.
Note that more generically if you want to monitor network traffic within your NSGs, iterfaces, VNETs etc in general on Azure, the thing to use is the Application Insights' Network Monitoring at https://portal.azure.com/#view/Microsoft_Azure_Monitoring/AzureMonitoringBrowseBlade/~/networkInsights
This is more generically applicable to all provisioned resources and services on Azure though, not something specific to Azure Data Factory.
New to Azure and would like to know what the difference between Azure API Management and Logic Apps is.
Some pros and cons would be nice. Also what the costing for each of these is like.
Thanks
Seems you want to know about Azure API Management and Azure Logic Apps
Well let me help you what that actually are...
Azure API Management
Azure API Management allows organizations to publish APIs more securely, reliably, and at scale. Use API Management to drive API consumption among internal teams, partners, and developers while benefiting from business and log analytics available in the admin portal
Pros are
Consistent and modern API gateways for existing back-end services
Verifies API keys, JWT tokens, certificates, and other credentials
Help you to publish APIs to external, partner, and internal
developers to unlock the potential of their data and services
High availability Responds to requests to perform operations at
least 99.9% of the time.
Analytics, metrics and many more
For further details you could have a look on official docs
Pricing
There are different categories of pricing available based on type and uses. See the below screen shot:
You even can read more details about pricing here
Logic Apps:
Azure Logic Apps is a cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. Logic Apps simplifies how you design and build scalable solutions for app integration, data integration, system integration
Pros are
Maximum automation with hassle free service
Process and route orders across on-premises systems and cloud
services
Can move uploaded files from an SFTP or FTP server to Azure Storage
Help you connect legacy, modern, and cutting-edge systems more
easily and quickly by providing prebuilt APIs as Microsoft-managed
connectors
Pricing
Usually two categories of pricing you may have Consumption pricing model which depends on how much you consume and have to pay as per your consumption.
another one Fixed pricing model. See the screen shot:
You can have a look more details on official docs
Hope this would help you.
How does a Azure function differ from a ASP.NET Core Worker Service?
Does both of these cover the same use cases?
How do I decide which one to use?
Update:
Azure function is designed for azure. So when you use azure, or other azure services which are integrated with azure function, you should consider azure function, which could simplify your code and logic by the built-in features of azure function. But it will also have charges for azure function. And yes, if you don't use azure, just use asp.net core worker services.
Azure function are totally different from ASP.NET Core Worker Service.
The benefit of Azure function is that it supports a lot of triggers like azure blob trigger / azure event hub trigger, and is integrated with other azure services.
With these built-in features, it's easy to create a proper azure function to complete a proper task. For example, if you upload an image to azure blob storage, and then want to resize the image, you can easily create a blob trigger azure function with less code.
Worker services are the perfect use case for any background processing. And if you want to operation some azure services like azure blob / azure event hub etc. you may achieve this but need to do a lot of work.
At last, it depends on your use case to choose which one should be used, and select the simple / efficient one.
I think the answer Fred was looking for is, why would someone use Azure functions over Asp.net Core hosted service? And the answer isn't only because you have Azure account so everything is easy and integrated. It depends. I.e Traffic, cost, expertise, etc.
Actually, there are guidelines set by Microsoft when to use an Azure Functions versus let's say over a IHosted service running in a linux container hosted in AKS for example. and I'll post the link, but it's basically if your workload is mission critical or not. If you want the best performance, lowest cost, reliability a hosted dotnet core service running in Linux container would be an excellent alternative.
Here is the mission critical guidelines from Microsoft, hope this helps!
Design recommendations
Azure Functions:
Consider Azure Functions for simple business process scenarios which don't have the same stringent business requirements as business-critical system flows.
Low-critical scenarios can also be hosted as separate containers within AKS to drive consistency, provided affinity and anti-affinity requirements are fully considered when collocating containers on nodes.
Excerpt taken from here:
https://learn.microsoft.com/en-us/azure/architecture/framework/mission-critical/mission-critical-application-platform
I have an Azure subscription and there are a number of services available.
If I configure VM, web apps, application. etc.,
there are few high-end resources which are very expensive.
In order to avoid unwanted billing,
I want to create a policy that allows only a few services and lower configuration resources.
Is there an Azure policy that can do that?
If I configure VM, web apps, application.. etc there are few high-end
resources which prices are high. In order to avoid unwanted billing, I
want to create policy there allow only a few services and lower
configuration resources
Do take a look at Azure Policy. In short, Azure Policies enables Cloud Governance and by defining proper policies, you can restrict creation of certain kinds of resources, disallow certain SKUs for resources and more.
However, as a good practice, you should have only few people in your organization who have the capability to provision resources and there should be a formal procedure for provisioning resources. One of my friend burned $180,000 in Azure in just 3 months because every developer in his team has the capability to create resources in the company's Azure Subscription. The developers in the team created resources as they pleased without thinking about pricing implication.
If one is hosting an healthcare application(For me its ASP.NET MVC and going to host it in Azure cloud service) which needs to be HIPAA compliance, then encryption is required in 2 aspects:
data in motion; and
data at rest.
Upon searching various locations one comes to the conclusion that the data at rest is taken care by using TDE (transparent data encryption), and data in motion is taken care by SSL.
So is there no need to use any encryption/decryption logic from my end?
That's a tough question to be honest, and I'm afraid the answer is a little open ended. The certifications that Microsoft have for the Azure platform certifies the fabric and the platform services in your instance as HIPPA compliant.
Any service you build on the Azure platform also needs to meet that compliance so it is your responsibility to ensure that compliance is met. While I can provide you that level of detail you would need to verify your solution with someone who is an expert in HIPPA compliance.