The following is an abbreviated transcript from our webinar: 3 Techniques to Optimizing Your Azure Cloud Environment with Cloud Expert, Jordan Murbach.
Jordan Murbach 03:51
Studies show an hour of downtime costs $8,000 for a small company $74,000 for a medium company, and 700,000 for a large enterprise. For large enterprises, this equates to around $11,600 per minute. Put that into perspective. If a breach were to happen, it takes an average of six-nine days to contain while some take over 100 days to identify that a breach even took place.
This leads us to the first topic of the presentation, which is automation.
What is Automation and How Can it Help me? One of the benefits of it is it saves time and resources on automated tasks. These processes are both frequent and time-consuming. By giving these tasks over to Azure Automation, you will free up a lot of time and energy for your team.
So as far as all your employees will have more room to focus on business-critical jobs to add value to your company. The next benefit is it reduces human error. So Azure automation services help reduce human error throughout your system, allowing automated tests to run faster and smoother than ever before.
Furthermore, the decrease in human-generated errors will create more stability and security for your cloud system. Meanwhile, consistent monitoring helps you track performance throughout your cloud system, ensuring success in all your services.
The first step in Azure Automation is understanding what an automation account and runbook are.
Azure Automation allows you to automate tasks against resources in Azure on-premises and with other cloud providers such as Amazon Web Service, or better known as AWS. These tasks are known as run books, which are typically routine its procedures and operations.
Now, we’ll jump into creating an automation account. As you see I’ve already done this, so in the search bar will type for automation accounts. click into that, then we’ll fill out the required information when we create one.
Image Description: Automation Account Overview screen within Azure
You can name this however you want to assign to the resource group that you’re going to have the resources in, that you’re going to be automating. And then choose your location, as I said, already have one of these trains already. So, save time, I’m going to going to jump into this. So, when you’re filling this out, you’ll see that you’ll have an option to run as accounts when creating these automation accounts. So, in Azure, that’s technically just running as a system administrator. It provides authentication for managing resources on the Azure Resource Manager, or Azure classic deployment model using automation, runbooks, and other Automation features
Now that we’re in our automation account, let’s look at the runbooks Gallery to get an idea of the type of premade runbooks that we have here. So, as you can see, all of these are going to do at the beginning, you’re going to have to do with starting as your VMs and stopping them.
I’m sure you’ve been in a situation where if you didn’t have an automation account, turning off your VMs and turning it back on that, then you’re just needlessly increasing your spend in Azure
With these automation runbooks, you’re going to be able to neglect human error and always have it running 24/7 with no-fault.
Tip: Read our learning brief on the Top 5 Mistakes Your Data and Analytics Team are Making in the Cloud for more tips on how to avoid human error.
This is a very simple run like I have made, this is just a graphical text, as you would see in a beginner PowerShell course. We’re going to run this runbook, we don’t have to name it, you can name it, if you want, I’m going to leave this blank, and we’re going to hit OK. And then we’re going to head over here to the output, and this will run the workbook, and then it will put out the output that is going to be given, which is hello world.
Image description: Example of a Runbook within Beginner PowerShell
As you can see the automation process queues. runbook pleads the process in the place the information in the raw book and deletes it was the very simple runbook.
There are many robots that can help reduce spending and downtime such as stop, start meeting as your VM as we spoke earlier, and scheduling a start and turn off time for it. While not everything you may need is in the gallery, you can create your own room books by going to the automation account.
Then we’ll create a run book. Usually, the most used one is going to be PowerShell. And then you’re going to add a description to you create that and then you’re when that does, when that is finished, you’re going to assign it to a runbook. And you’re going to publish it.
And then you can test it out to see if it works, we’re not going to go into in-depth about that right now, because that’s a whole other time and a whole other topic.
But just know that if you don’t find something in the gallery, that you have the option to create it yourself either using these, either PowerShell, Python, or graphical, but then you can also use it using ARM template as well.
Availability Through Azure as Redundancy
Our next topic is going to be available through Azure as redundancy. With that, we’ll touch on geo-redundant storage and Azure VM site recovery.
First, we’ll start with the geo-redundant storage. And you’re asking yourself if you don’t know what is your redundant storage and why is important to you?
Georedundant storage copies your data in a storage account, synchronously three times within a single physical location in the primary region using locally redundant storage. It then copies data asynchronously to a single physical location in a secondary region that is hundreds of miles away from the primary region.
Georedundant storage offers durability for Azure Storage data objects of at least 99.9 times 10 to the 16th percent over a given year.
Tip: Explore more about the criticality of data objects and workloads with this Ultimate Cheat Sheet for Criticality of Workloads in the Cloud.
I will open this flow chart here to get an idea of what we are looking at. We had the data center and once it fails over and we restart once, we start that geo-replication. It takes everything that’s in the storage account and copies it identically to the secondary region backup data center.
Image Description: Flowchart of the process for georedundancy within Azure cloud storage
All your data is going to be stored and you do not have to worry about it being corrupted as that is why it creates it three separate times just in case in the instance of something going wrong, you’re going to have three or two other backups to go to.
And then this option right here makes read access to data available in the event of regional unavailability that changes it from geo-redundant storage to read access, geo-redundant storage, which is exactly how it sounds, it gives you the option to read the data. And even if there is not an event where you’re failing it over, and then we’ll just create it. Now that the storage account is created, you open the storage account, scroll down to geo-replication, prepare for the failover.
I’m going to head over to our storage account that is already created. Right now, we’re set to locally redundant storage. The reason that that is each time you do a failover, the replication type is going to switch back to locally redundant storage. To move this back to the data center your primary data center from your secondary, you’re going to want to change that to geo-redundant storage, or the read access geo-redundant storage. And to do that, we come down here to configuration replication type, we’re going to save this if we go back to geo-replication.
Image Description: Example of primary and secondary locations for Georedundancy in an Azure cloud environment
Azure Site Recovery
Now let’s talk about Azure Site Recovery. Now, this is the same exact type of recovery as the storage is for a VM. It’s going to copy the exact data to a secondary backup location.
Site Recovery helps ensure that your business continuity is up by keeping business apps and workloads running during outages. Outages are very far and few in between, but in the likelihood that it does happen, you obviously want to be prepared and not have any downtime with if anything, you want the most minimal downtime as possible.
If you refer to the first thing, we talked about was the cost of an hour as close to $8,000. The last year down, the more money you’re making, the happier it should be.
Site Recovery replicates workloads running on physical and virtual machines, from a primary site to a secondary location. When an outage does occur at your primary site, you failover to your secondary location and access apps from there. If it does happen in the likelihood event, but it does answer the primary location is running, then you can fail back to it seamlessly just like we do in a storage account.
Using Azure runbooks, we can automate disaster recovery by using an ARM template, also known as Azure Resource Manager, which triggers recovery when it detects a VM failure.
But having the ability to immediately transfer over to a secondary data center if the runbook detects that the VM is unresponsive or not running properly. That is very huge in minimizing your downtime. I want you to understand how much you can automate in your Azure environment with runbooks to keep business up and running as usual, with the reassurance of knowing that if something does fail, it will be very little to no downtime for your environment. And that is what we all want.
What is Azure Security Center?
Azure Security Center will help prevent, detect, and respond to threats with increased visibility and control over the security of your Azure resources and advanced analytics, which identifies attacks that might otherwise go unnoticed.
Some of the benefits of having this are:
- Understanding that the security state of Azure resources, take control of cloud security with policies that enable you to recommend and monitor security configurations. And make it easy for DevOps to deploy integrated Microsoft partner security solutions.
- Find threats with advanced analysis of your security-related events, developed using Microsoft’s best global intelligence, assets, and expertise.
- Respond and recover from incidents faster with real-time security alerts.
Image Description: Example of Azure Security Center dashboard with Azure Defender, Regulatory Compliance, Firewall manager, and Secure Score
Azure defender for servers enables threat detection and protection. When defender detects a threat, it triggers an alert in the security center where you can perform a detailed investigation to uncover the scope of the attack.
Whether it be real or whether it be a false positive, you’re probably going to see a lot more false positives than you are going to see real attacks. However, you don’t want to get overwhelmed with false positives. If you’re getting 1000 alerts a week, you know, it only takes one of those alerts to really make you have a bad day.
The system will run the Azure defender for servers will run vulnerability assessment scans for VMs file integrity monitoring and adaptive networking, to name a few features.
Azure defender for app services.
The defender for app services assesses the resources covered by your app service plan and generates security recommendations based on its findings. It will also detect a multitude of threats to your app services.
By monitoring VM instances, the app services are running on the requests and responses sent to and from the app services and the internal logs.
And finally, we have Azure, Azure SQL databases, and Azure defender running on that. Like the previous two defenders will discover, track, and help remediate potential database vulnerabilities and run assessment scans that provide an overview of your sequel machine’s security state.
Every resource has some type of workflow automation that can be configured, giving you the customer, the relief of knowing if you utilize automation to its full potential. You will save time by avoiding human error, downtime, and vulnerability. And with it a peace of mind that this is running even when your employees are off work, whether it be a holiday weekend, middle of the night, anything the runbooks are going to be running. The system will alert you to anything that is happening within your environment if you so choose to set it up that way.
End of Transcription Summary
Up next: Explore the 5 Steps to Avoid a Ransomware Attack with our latest Cloud Optimization Learning Brief.