Presentation is loading. Please wait.

Presentation is loading. Please wait.

ARM and Compliance Vishwas Lele & Jason McNutt

Published byBernadette Labbé Modified over 6 years ago

Similar presentations

Presentation on theme: "ARM and Compliance Vishwas Lele & Jason McNutt"— Presentation transcript:

1 ARM and Compliance Vishwas Lele & Jason McNutt
12/4/ :08 AM  ARM and Compliance Vishwas Lele & Jason McNutt Applied Information Sciences © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Agenda Compliance Azure Resource Manager Azure Blueprints
12/4/ :08 AM Agenda Compliance Azure Resource Manager Azure Blueprints Resource Policies Service Catalog Post Deployment Monitoring © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 12/4/ :08 AM Compliance © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Compliance The act or process of complying to a laws, regulations, guidelines and specifications Sarbanes Oxley HIPAA PCI DSS FISMA Shared Responsibility Provider Customer Compliance through DevOps

5 12/4/ :08 AM ARM Basics © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Consistent Management Layer
Azure Resource Manager API Consistent Management Layer

7 Deploying with Azure Resource Manager
Build 2014 12/4/2018 Deploying with Azure Resource Manager template-driven declarative idempotent multi-service multi-region extensible © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Reference Architectures
Identity: Extending Active Directory to Azure Implementing a secure hybrid network architecture with federated identities in Azure Web applications (PaaS): Basic web application Improving scalability in a web application Web application with high availability Running virtual machines on Azure: Running a Windows VM on Azure Running a Linux VM on Azure Running multiple VMs for scalability and availability Running VMs for an N-tier architecture Adding reliability to an N-tier architecture (Windows) Adding reliability to an N-tier architecture (Linux) Running VMs in multiple regions for high availability (Windows) Running VMs in multiple regions for high availability (Linux) Hybrid network architectures: Implementing a hybrid network architecture with Azure and on-premises VPN Implementing a hybrid network architecture with Azure ExpressRoute Implementing a highly available hybrid network architecture Implementing a DMZ between Azure and your on-premises datacenter Implementing a DMZ between Azure and the Internet

9 From Reference Architectures to Building Blocks

10 Azure Blueprints 12/4/2018 10:08 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 “Azure Blueprints” NIST sp 800-53 rev4 - Compliant App Architecture
Notional Application Architecture/IaaS Fully scripted deployment ARM Templates Virtual Machine Extensions Desired State Configuration

12 DevOps Security Immutable architectures Automate all aspects
Deployment Security documentation OpenControl.org Compliance Masonry

13 Demo Jason McNutt 12/4/2018 10:08 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Resource Policies 12/4/2018 10:08 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Resource Policies: Scenarios
Chargeback: Require departmental tags Geo Compliance: Ensure resource locations Service Curation: Select your service catalog Convention: Enforce naming Bringing Control to the Cloud

16 Resource Policies: Key Concepts
Polices are a default allow system Policies are described via Policy Definitions Policies are applied via Policy Assignments

17 Policy Definition Language: Basic Structure
{ "if": { <condition> | <logical operator> }, "then": { "effect": "deny | audit | append" } Policy Definition Language: Basic Structure { "if": { <condition> | <logical operator> }, "then": { "effect": "deny | audit | append" }

18 Policy Definition Language: Logical Operators
Not "not": {<condition>} And "allOf": [ {<condition>}, {<condition>} ] Or "anyOf": [

19 Policy Definition Language: Conditions
equals "equals": "<value>" like "like": "<value*>" contains "contains": "<value>" in "in": [ "<value1>", "<value2>" ] containsKey "containsKey": "<keyName>"

20 Facets Governed by Policy
Name Type Location Tags Tag Values Kind Virtual Machine Size Virtual Machine Image Web ServerFarm SKU Storage Account SKU Scheduler SKU DocDB SKU CDN SKU Redis (Cache) SKU Redis (Cache) SSL Config Redis (Cache) Shard Count SQL Server Version SQL Server DB SLO SQL Server Edition SQL Server Elastic Pool SQL Server Pool DTU SQL Server Pool Edition …more coming soon

21 Resource Locks Accidents happen. Resource locks help prevent them :)
Resource locks allow administrators to create policies which prevent accidental changes or deletion.

22 Key Concepts Resource lock Lock level Scope:
Policy which enforces a "lock level" at a particular scope Lock level Type of enforcement; currently supports CanNotDelete and ReadOnly Scope: The realm to which the lock level is applied. Expressed as a URI; can be set at the resource group, or resource scope.

23 Post Deployment Monitoring
12/4/ :08 AM Post Deployment Monitoring © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 Post Deployment Monitoring
Azure Monitor Event Grid

25 Event Grid Microsoft Build 2017 12/4/2018 10:08 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 Azure Monitor Overview
Microsoft Build 2017 12/4/ :08 AM Azure Monitor Overview © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 Demo Vishwas Lele 12/4/2018 10:08 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 12/4/ :08 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "ARM and Compliance Vishwas Lele & Jason McNutt"

Similar presentations

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Introduction to SQL Azure March 31, 2015 John Deardurff Website:

Introduction to SQL Azure March 31, 2015 John Deardurff Website:
MIX 09 4/15/2017 11:14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

MIX 09 4/15/ :14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Session 1.

Session 1.
Built by Developers for Developers…. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

Built by Developers for Developers…. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
Windows Azure SQL Federation Name Title Microsoft Corporation.

Windows Azure SQL Federation Name Title Microsoft Corporation.
Feature: Assign an Item to Multiple Sites © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

Feature: Assign an Item to Multiple Sites © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
Windows Azure Connect Name Title Microsoft Corporation.

Windows Azure Connect Name Title Microsoft Corporation.
A Windows Azure application runs multiple instances of each role A Windows Azure application behaves correctly when.

A Windows Azure application runs multiple instances of each role A Windows Azure application behaves correctly when.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
Feature: Customer Combiner and Modifier © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.

Feature: Customer Combiner and Modifier © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

customer.

customer.
03 | Word Templates Brian Meier| Senior Lead Program Manager.

03 | Word Templates Brian Meier| Senior Lead Program Manager.
demo © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

demo © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

Similar presentations

Ads by Google