Presentation is loading. Please wait.

Presentation is loading. Please wait.

Azure Management and Security

Published byJohnathan Francis Modified over 6 years ago

Similar presentations

Presentation on theme: "Azure Management and Security"— Presentation transcript:

1 Azure Management and Security
Corey Hynes

2 Corey J Hynes @CoreyJHynes MVP – Cloud and Datacenter Automation
5/14/2018 1:29 PM Corey J Hynes MVP – Cloud and Datacenter Automation Founder/CEO/Lead Architect – Learn on Demand Systems Active tech investor Have held positions such as developer, administrator, trainer, author, and project manager Avid youth soccer coach, triathlete, snowboarder, boater and diver Born in Newfoundland, Canada, currently live in Tampa, FL *missing info @CoreyJHynes © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Agenda 1 Introducing Azure Automation 5 Runbooks in Azure Automation 2
Azure Automation assets 6 Azure Key Vault 3 Azure Automation Desired State Configuration 7 Azure Security Center 4 Windows PowerShell Workflow 8 Role-Based Access Control in Azure Automation

4 Introducing Azure Automation

5 Introducing Azure Automation
11: Implementing Azure-based management and automation Introducing Azure Automation Local server Local resources Hybrid Runbook Worker VMs Azure resources DSC configurations Runbooks Azure Automation Internet Local Azure External resources Automation solution OMS workspace If students ask about the differences between Azure Automation and Azure Batch, point out that the latter provides similar automation tools, such as job scheduling. However, Azure Batch is designed for very large‑scale deployments and uses a different design, programming, and implementation model.

6 Azure Automation overview
Azure automation provides ways to automate manual, long-running, error-prone and frequently repeated tasks Saves both time and money by increasing reliability of regularly performed tasks Automated tasks can be scheduled to ensure that they are performed at pre- determined intervals

7 Azure Automation using runbooks Processes and tasks can be automated with runbooks
A runbook is a set of closely related tasks that represent a process Example: starting a virtual machine or set of virtual machines according to a schedule Runbooks may have few or many steps and represent simple or complex processes Runbooks are based on Windows PowerShell or Windows PowerShell Workflow Any task you can perform with Windows PowerShell or Windows PowerShell Workflow can be automated in a runbook

8 Azure Automation using runbooks Processes and tasks can be automated with runbooks
Graphical runbooks can be created without using scripting code Runbooks in Azure Automation run in the Azure cloud Can access cloud resources Can use external resources that are accessible from the cloud Hybrid Runbook Worker Makes it possible to run Azure Automation runbooks in your on-premises data center

9 Azure Automation using DSC
Configuration management can be automated by using Desired State Configuration (DSC) Azure Automation DSC is a cloud-based solution for PowerShell DSC Allows you to manage, deploy, and enforce configurations for physical host and virtual machine Uses declarative PowerShell syntax to define configurations Uses a centralized pull server that target machines use to retrieve and apply configurations from

10 Connecting Azure Automation to a subscription
Automation accounts You require at least one Automation account to start Azure Automation Automation accounts isolate automation resources (runbooks, assets, and configurations) from other resources You can use multiple automation accounts You can have separate accounts for development, production, cloud-based resources, on-premises resources, etc. Automation accounts are associated with a single Azure region but can be used to manage resources in any region All automation tasks run in the security context of an Azure AD account By default, creating an Automation account in the Azure portal creates a Run As account and a Classic Run As account

11 Demo: Connecting Azure Automation to a subscription

12 Introducing Azure Automation

13 Azure Automation assets
Azure Automation assets are resources that are globally available for runbooks Automation assets include Variables Values that are available to runbooks Used to define frequently used settings Connections Define information required to connect to a service or application from a runbook Credentials Username and password combination or certificate uploaded to Azure Schedules Schedule runbooks to run at a pre-determined times Integration modules Packages that contain a Windows PowerShell module that can be imported into Azure

14 Creating Automation assets
Automation assets can be created Using Azure portals Using Windows PowerShell cmdlets New-AzureAutomationSchedule New-AzureAutomationVariable New-AzureAutomationCertificate New-AzureAutomationConnection New-AzureAutomationCredential

15 Demo: Creating Azure Automation assets

16 Introducing Azure Automation

17 Implementing Azure Automation DSC
Built on PowerShell Desired State Configuration (DSC) Allows you to Author and manage PowerShell DSC configurations Import DSC resources Generate DSC node configurations (MOF documents) DSC items placed on DSC pull server Target nodes are physical or virtual machines, either on premises or in cloud Pick up items Automatically configure themselves to conform to specifications Report back on compliance

18 Implementing Azure Automation DSC
11: Implementing Azure-based management and automation Implementing Azure Automation DSC

19 Demo: Using Desired State Configuration

20 Windows PowerShell Workflow

21 Windows PowerShell Workflow Overview
A type of runbook that performs a set of activities to complete a task Well-suited for long-running tasks or tasks that require coordination of multiple steps across multiple objects Similar to PowerShell scripts with the following differences Can perform an action against multiple objects at the same time (parallel processing) Can recover automatically from failures Are processed by Windows Workflow Foundation, although written with Windows PowerShell syntax and launched by Windows PowerShell Code of a workflow is similar but not identical to PowerShell All runbooks in Azure Automation are ultimately implemented as Windows PowerShell Workflows

22 Authoring Windows PowerShell Workflows
20533C 11: Implementing Azure-based management and automation Authoring Windows PowerShell Workflows workflow test { InlineScript { Code } parallel { Command A Command B sequence { Command C Command D } Workflow syntax/keywords Parallel Foreach –parallel Sequence InlineScript Checkpoint-workflow Suspend-workflow

23 Runbooks in Azure Automation

24 Introduction to runbooks in Azure Automation
11: Implementing Azure-based management and automation Introduction to runbooks in Azure Automation Graphical runbooks Edited by using the graphical editor in the Azure portal Textual runbooks Based on Windows PowerShell Workflow or PowerShell scripts Edited by using the text editor in the Azure portal or imported from on-premises workflows and scripts No support for conversion between the two types

25 Importing and testing runbooks
Importing a runbook creates a new runbook You must specify the type of runbook you import A .graphrunbook file may only be imported into a graphical runbook A .ps1 file containing a Windows PowerShell Workflow can only be imported into a Windows PowerShell Workflow runbook A PowerShell script can be imported into either a PowerShell runbook or a PowerShell Workflow runbook A PowerShell script that is imported into a Windows PowerShell Workflow runbook is converted to a Windows PowerShell Workflow Comments added to indicate the changes that were made After creating or importing a runbook, you must publish the runbook before you can run it

26 Demo: Importing and testing runbooks

27 Runbooks in Azure Automation

28 Authoring runbooks Create new runbooks by using the Azure portal or Windows PowerShell Using the Azure portal In the Azure portal, open an Automation account Click the Runbooks tile Click Add a runbook Click Create a runbook Type a Name and select Type Runbook names must start with a letter Click Create to create the runbook and open the editor Using Windows PowerShell Use the New-AzureRmAutomation cmdlet Creates an empty Windows PowerShell Workflow runbook

29 Azure Automation runbooks Graphical authoring
11: Implementing Azure-based management and automation Azure Automation runbooks Graphical authoring Library Canvas Configuration

30 Authoring Azure Automation runbooks
20533C 11: Implementing Azure-based management and automation Authoring Azure Automation runbooks To create PowerShell scripts in Azure Automation Write code in the text editor Add PowerShell cmdlets from integration modules imported into an Automation account Reference automation assets that you have created Add runbooks

31 Azure Automation runbook lifecycle
11: Implementing Azure-based management and automation Azure Automation runbook lifecycle New In edit Published Publish Revert Possible actions in the New status Test the In edit status Publish (overwrite published runbook) the Published status: Start via Webhook Start on schedule

32 Publishing, testing, and executing runbooks
Testing validates a new or newly modified runbook before publishing Not equivalent to WhatIf Consider running in a dedicated environment Publishing designates a runbook as ready for production Can be scheduled Can be called by using webhook

33 Demo: Authoring and Publishing Runbooks
5/14/2018 1:29 PM Demo: Authoring and Publishing Runbooks © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

34 Azure Key Vault

35 Azure Key Vault overview
Protects cryptographic keys and secrets that are used by applications and services Provides a secure management solution for controlling and protecting keys use to gain access to and encrypt data Developers can create keys for testing; the same keys can be migrated to production. Security admins can grant or revoke access to keys as required Keys are stored in a vault and invoked by URIs when required Keys are protected using industry-standard algorithms, key lengths, and hardware security modules (HSMs) HSMs are FIPS Level 2 validated HSM-backed key storage has a different pricing SKU Import your own keys into Azure for management Key logging usage (near real time) is available

36 Configure and manage Azure Key Vault
Can be created by using the Azure portal (in preview mode) or PowerShell cmdlet New-AzureRmKeyVault Name of Key Vault must be globally unique Keys or secrets Can be added by using the Azure portal or PowerShell cmdlets Add-AzureKeyVaultKey Access policies for users and applications Managed using the Azure portal or PowerShell Set-AzureRmKeyVaultAccessPolicy

37 Demo: Configure and manage Azure Key Vault
5/14/2018 1:29 PM Demo: Configure and manage Azure Key Vault © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

38 Azure Security Center

39 Azure Security Center overview - capabilities
Prevention Monitors security state of Azure resources Defines policies for subscriptions and resource groups Policies based on organization-defined requirements, types of applications, sensitivity of data Rapidly deploys security services and appliance from Microsoft and partners Detection Collects and analyzes data from Azure resources, the network, and partner solutions Example: antimalware and firewalls Applies advanced analytics Leverages a variety of sources of global threat intelligence Response Provides prioritized security incidents and alerts Offers insights in to attack vectors and affected resources Suggests ways to stop current attacks and mitigate risk of future attacks

40 Azure Security Center overview - UI

41 Demo: Azure Security Center
5/14/2018 1:29 PM Demo: Azure Security Center © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

42 Role-Based Access Control in Azure Automation

43 Role-Based Access Control and Azure Automation
Role-Based Access Control (RBAC) Helps to enforce the security best practices of separation of duties and the principle of least privilege Role-based access can be granted to users by using the Azure portal, Azure command-line tools, or Azure Management APIs In Azure Automation, access is granted by assigning an appropriate role to users, groups, and applications at the Automation account scope

44 RBAC available roles Owner Contributor Reader Automation Operator
Allows access to all resources and actions within an Automation account Contributor Allows management of all resources, except modifying other users’ permissions Reader Allows viewing of resources only Automation Operator Allows performance of operational tasks, such as starting and stopping runbooks Does not allow access to resources such as credential assets User Access Administrator Allows management of user access to the Azure Management Account

45 Configuring RBAC for an Automation account

46 Demo: Role-Based Access Control and Azure Automation
5/14/2018 1:29 PM Demo: Role-Based Access Control and Azure Automation © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

47

Download ppt "Azure Management and Security"

Similar presentations

Lower costs and improve predictability Automation Enable service owners to focus on work that adds business value Reduce error-prone manual activities.

Lower costs and improve predictability Automation Enable service owners to focus on work that adds business value Reduce error-prone manual activities.
Lower costs and improve predictability Automation Enable service owners to focus on work that adds business value Reduce error-prone manual activities.

Lower costs and improve predictability Automation Enable service owners to focus on work that adds business value Reduce error-prone manual activities.
Integrate into existing systems with PowerShell integration modules Extend by building PS modules to enable integrating into other systems Optimize.

Integrate into existing systems with PowerShell integration modules Extend by building PS modules to enable integrating into other systems Optimize.
Integrate into existing systems with PowerShell integration modules Extend by building PS modules to enable integrating into other systems Optimize.

Integrate into existing systems with PowerShell integration modules Extend by building PS modules to enable integrating into other systems Optimize.
CMDB Ticketing Billing Management Systems Web based Runbook Authoring: Service Administrator can create runbooks to automate all aspects of cloud.

CMDB Ticketing Billing Management Systems Web based Runbook Authoring: Service Administrator can create runbooks to automate all aspects of cloud.
System Center 2012 R2 Windows Azure Pack Service Management Automation 101.

System Center 2012 R2 Windows Azure Pack Service Management Automation 101.
Automate Microsoft Azure Ross Sponholtz Mark Ghazai.

Automate Microsoft Azure Ross Sponholtz Mark Ghazai.
Microsoft Application Virtualization 5.0: Introduction Mohnish Chaturvedi & Ian Bartlett Premier Field Engineer WCL312.

Microsoft Application Virtualization 5.0: Introduction Mohnish Chaturvedi & Ian Bartlett Premier Field Engineer WCL312.
4/24/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/24/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Automating Operational and Management Tasks in Microsoft Operations Management Suite and Azure

Automating Operational and Management Tasks in Microsoft Operations Management Suite and Azure
Azure Automation Tao Yang & Pete Zerger ARC311 Microsoft Ignite 2015

Azure Automation Tao Yang & Pete Zerger ARC311 Microsoft Ignite 2015
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.

20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
Copyright © New Signature 2016. Who we are: Focused on consistently delivering great customer experiences. What we do: We help you transform your business.

Copyright © New Signature Who we are: Focused on consistently delivering great customer experiences. What we do: We help you transform your business.
From Zero to Automation HeroFrom Zero to Automation Hero A MNSCug production Steve Jesok Ameriprise – Senior Systems Engineer Ryan Andorfer.

From Zero to Automation HeroFrom Zero to Automation Hero A MNSCug production Steve Jesok Ameriprise – Senior Systems Engineer Ryan Andorfer.
Long Live Azure Automation!Long Live Azure Automation! Cloud-first Configuration Management and Automation Beth Cooper Program Manager.

Long Live Azure Automation!Long Live Azure Automation! Cloud-first Configuration Management and Automation Beth Cooper Program Manager.
Introduction Service Management Automation

Introduction Service Management Automation
Windows 2012R2 Hyper-V and System Center 2012

Windows 2012R2 Hyper-V and System Center 2012
IT Operations Management

IT Operations Management
1/27/2018 5:13 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

1/27/2018 5:13 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Microsoft Azure Virtual Machines

Microsoft Azure Virtual Machines

Similar presentations

Ads by Google