Microsoft Azure Training Day Modern Operations Governance Why

Governance + “Why Ops” Pablo Ariel Di Loreto | Algeiba Dev Hiram Sanchez |

Traditional approach Block Dev/Ops from directly accessing the cloud (portal/api/cli) to attain control Developers

Speed + Control Cloud-native governance -> removing barriers to compliance and enabling velocity Management

Azure is designed for effective governance Enforce compliance at scale and increase agility 1

Governance for the cloud The broadest governance portfolio of any cloud NEW NEW Management

Azure Governance Architecture Deploy and update cloud environments in a repeatable manner using composable

Introducing Azure Management Groups Efficiently apply governance controls and manage groups of Azure subscriptions

Management Group & subscription modeling strategy 1 Ensure compliance 2 Empower Dev. Ops 3

Azure Policy 1 Ensure compliance 2 Empower Dev. Ops Active control and governance at

Enforce policies as part of the development process 1 Ensure compliance 2 Empower Dev.

Azure Blueprints 1 Ensure compliance 2 Empower Dev. Ops Enabling quick, repeatable creation of

Azure Blueprints deploy and update cloud environments in a repeatable manner using composable artifacts

Azure Resource Graph Get visibility into your resources for effective inventory management 1 Ensure

Azure Cost Management 1 Ensure compliance 2 Empower Dev. Ops 3 Manage costs Monitor

Call to action Ensure that your production resources are well governed Start using today

Slides: 18

Download presentation

Microsoft Azure Training Day: Modern Operations

Governance + “Why Ops” Pablo Ariel Di Loreto | Algeiba Dev Hiram Sanchez | Algeiba IT

Traditional approach Block Dev/Ops from directly accessing the cloud (portal/api/cli) to attain control Developers Cloud Custodian / Engineers responsible for Cloud environment Operations

Speed + Control Cloud-native governance -> removing barriers to compliance and enabling velocity Management Groups Developers Cost Management Cloud Custodian Team Operations Policy Blueprints Templates RBAC Policies

Azure is designed for effective governance Enforce compliance at scale and increase agility 1 2 3 Ensure compliance Empower Dev. Ops Manage costs

Governance for the cloud The broadest governance portfolio of any cloud NEW NEW Management Group Policy Blueprints Resource Graph Cost Management Define organizational hierarchy Real-time enforcement, compliance assessment and remediation Deploy and update cloud environments in a repeatable manner using composable artifacts Query, explore & analyze cloud resources at scale Monitor cloud spend and optimize resources Control Environment Visibility Consumption Hierarchy

Azure Governance Architecture Deploy and update cloud environments in a repeatable manner using composable artifacts Azure Portal 3 rd party CLI Management Groups 2. Policy-based control Real-time enforcement, compliance assessment and remediation at scale ARM Templates Policy Definitions 1. Environment factory Role-based Access Providing control over the cloud environment, without sacrificing developer agility CRUD Subscriptions Azure Blueprints Policy Engine 3. Resource visibility Azure Resource Manager (ARM) Query, explore & analyze cloud resources at scale Virtual Machine Storage Network Query Azure Resource Graph Resource Provider

Introducing Azure Management Groups Efficiently apply governance controls and manage groups of Azure subscriptions Simplify subscription management Group subscriptions into logical groups Inherit properties that apply to all subscriptions View aggregated information above the subscription level 1 Ensure compliance 2 Empower Dev. Ops 3 Manage costs Fit your organization Apply controls at scale Create a flexible hierarchy that can be updated quickly Leverage Azure Resource Manager (ARM) objects that integrate with other Azure services Mirror the hierarchy to the organizational model that works for you Scale up or down depending on the organizational needs Azure services: Azure Policy RBAC Azure Cost Management Azure Blueprints Azure Security Center

Management Group & subscription modeling strategy 1 Ensure compliance 2 Empower Dev. Ops 3 Manage costs Org Management Group Prod RBAC + Policy Microsoft recommended Pre-Prod RBAC + Policy App A Prod App B Prod App A Pre-Prod App B Pre-Prod App D Prod Shared services (Prod) App C Pre-Prod Shared services (Pre-Prod)

Azure Policy 1 Ensure compliance 2 Empower Dev. Ops Active control and governance at scale for your Azure resources 3 Manage costs Enforcement & compliance Apply policies at scale Remediate & automate Turn on built-in policies or build custom ones for all resource types Apply policies to a Management Group with control across your entire organization Remediate existing resources at scale (NEW) Real-time policy evaluation and enforcement Periodic & on-demand compliance evaluation VM In-Guest Policy (NEW) Apply multiple policies and & aggregate policy states with policy initiatives Exclusion Scope Automatic remediation resources at deployment time Trigger alerts when a resource is out of compliance

Enforce policies as part of the development process 1 Ensure compliance 2 Empower Dev. Ops Shift left to deliver compliant code faster 3 Manage costs Pre-flight Validation Authoring

Azure Blueprints 1 Ensure compliance 2 Empower Dev. Ops Enabling quick, repeatable creation of fully governed environments 3 Manage costs Streamline environment creation Enable compliant development Lock foundational resources Centralize environment creation through templates Empower developers to create fully governed environments through self-service Ensure foundational resources cannot be changed by subscription owners Create multiple dev-ready environments and subscriptions from a centralize location Manage locks through a centralize location Add resources, policies and role access controls Track blueprint updates through versioning Leverage the integration with Azure Policy on the Dev. Ops lifecycle Update locked resource through blueprint definition updates

Azure Blueprints deploy and update cloud environments in a repeatable manner using composable artifacts 1 Ensure compliance 2 Empower Dev. Ops 3 Manage costs Subscription A Role-based access controls Subscription B Policy Definitions ARM Templates Azure Blueprints Subscription C …

Azure Resource Graph Get visibility into your resources for effective inventory management 1 Ensure compliance 2 Empower Dev. Ops 3 Manage costs Explore your resources Query & analyze Assess impact Get visibility into your Azure resources across subscriptions and management groups. Get the exact information you need through queries in seconds Understand the impact of applying policies before their implementation Access the information you need in the portal, CLI or Power. Shell Perform analysis at scale across all your environments Get a view of the operational impact of common actions like deprecations Find assets based on resource properties or their relationships Leverage Keyword Query Language for easy query creation

Azure Cost Management 1 Ensure compliance 2 Empower Dev. Ops 3 Manage costs Monitor cloud spend Drive organizational accountability Optimize cloud efficiency Track usage and cost trends Allocate usage and costs to business units and projects Increase resource utilization with virtual machine right-sizing Produce chargeback and show back reports Eliminate idle resources Detect spending anomalies and usage inefficiencies Forecast future spend using your historical data Visualize data in consolidated or custom dashboards Let teams access data and insights with Role-Based Access Control Automatically alert stakeholders of spending anomalies and overspending risks Improve virtual machine reserved instances management Pay less for Windows Server and SQL Server resources through Azure Hybrid Benefit

Call to action Ensure that your production resources are well governed Start using today Explore features and capabilities All services offered at no additional cost Visit Azure. com/governance

¡Muchas Gracias!