Understanding migration options – Migrating Workloads to Azure
The next phase of the migration planning is to determine how your migrated services will be built. This may be a simple lift-and-shift of one VM to a new VM in Azure, or you may take the opportunity to modify the technologies you use. This part of the process is more than just technical decisions …
Understanding migration options – Migrating Workloads to AzureRead More
The discovery phase – Migrating Workloads to Azure
Very few applications run in isolation on a single server. The majority will be split across multiple servers; for example, web applications may consist of a web server frontend and a backend database. To further complicate matters, some systems may share resources – multiple applications may share the same backend databases, and web servers may …
Assessing on-premises systems – Migrating Workloads to Azure
In the previous chapter, we examined Azure storage use, looking at the different types available, including their benefits, and how to secure them. In this chapter, we will focus on migrating workloads from on-premises systems into Azure. The process starts with an analysis of your current environment. We will discuss the areas you must consider, …
Assessing on-premises systems – Migrating Workloads to AzureRead More
AzCopy – Exploring Storage Solutions
AzCopy is a command-line tool available for Windows, Linus, and macOS that wraps some of the REST APIs calls to make it easier to perform actions against storage accounts. AzCopy has a login command to authenticate you to your Azure subscription and obtain an authorization token. You could use SAS to grant access without the …
Encryption – Exploring Storage Solutions
All storage accounts in Azure are encrypted by Storage Service Encryption (SSE) using a 256-bit Advanced Encryption Standard (AES) cipher. This makes Azure storage FIPS 140-2 compliant. Important note FIPS 140-2 is a US government security standard for the approval of cryptographic processes. By default, the keys used to encrypt the storage are managed by …
SASes – Exploring Storage Solutions
A SAS is a unique URL that you can generate that provides time-limited access to your storage account. An account SAS is created at the storage account level, granting access to all containers within that account. Alternatively, you can create a SAS for a container, a folder, or even an individual object, which is known …
Authorization – Exploring Storage Solutions
The next layer of protection ensures the person or application trying to access the data is authorized to. There are several different mechanisms in which to achieve this. RBAC Using RBAC, we can ensure a user or other type of identity (such as a managed identity or service principal) is authorized to perform a task …
Designing storage security – Exploring Storage Solutions
Protecting your data is a crucial consideration with any storage mechanism. Luckily, security is at the heart of Azure components, and storage solutions implement various protection levels by default. We will take a look at the different security options for Cosmos DB and Azure SQL in Chapter 12, Creating Saleable and Secure Databases. In this …
Designing storage security – Exploring Storage SolutionsRead More
VM disks – Exploring Storage Solutions
Windows and Linux servers must have at least one hard disk drive to store the operating system on and, sometimes, you might also need separate data disks. When virtualization was introduced, those disks also become virtual but were stored on physical drives as disk image files used by the Hypervisor. In the case of Windows …
Logging systems – Exploring Storage Solutions
Many applications and systems emit logging information that can be used for performance or diagnostics analysis. This type of data is typically a combination of structured and semi-structured data – but not always. This log data can be sent out in many different ways and from numerous sources, such as applications, VM operating systems, and …