Category Archives: Cloud visions

AMAZON S3 versus Sharepoint Online – Godzilla versus Hulk ( Part II)

Posted on by
Reply

SharePoint Online brings a tremendous environment of collaboration to your users. When you are working with partners or employees of your own company located in several subsidiaries in your country, this is the best in class approach.

But what is a file storage service?

A file storage service is a type of online service that allows users to store and access their files over the internet with security and appropriate authorization. Users can upload, download, share, and synchronise their files across different devices and platforms.

Sharepoint Drivers

Drivers to configure and deploy SharePoint are:

  • Provide easy and convenient access to files from anywhere and anytime.
  • Enable collaboration and sharing of files with others.
  • Reduce the need for maintaining physical storage devices and infrastructure.
  • Offer scalability and flexibility to adjust the storage capacity and performance according to the user’s needs.
  • Improve user´s mobility and remote work.

So when should i use Sharepoint?

SharePoint is a really powerful solution for collaboration, document process automation, content search, etc.

Sharepoint focus on the following scenarios:

  • Collaboration solutions with other employees and partners using folders in a structured hierarchy with appropriate permissions.
  • Intranet to provide current company information such as events, regulations, standardise forms, etc.
  • Search data such as expertise within the company, projects, people profiles, documents, etc.
  • Automate processes integrated with IA (together with MS Syntex)
  • Manage document workflows between departments and document life cycle.
  • Synchronise collaborative data on your laptop to work at your own pace if needed
  • Business Intelligent platform

To sum up, SharePoint can offer lots of advantages to your collaboration scenarios.

Enjoy the journey to the cloud with me…see you soon.

AMAZON S3 versus Sharepoint Online – Godzilla versus Hulk ( Part I)

Posted on by
Reply

I´ve read a lot and heard about Amazon S3 and SharePoint Online competition. Face to face, many companies think one is the best than the other. Even i had to listen a comment from a Microsoft guy saying clearly and loudly, SharePoint was quite better solution than Amazon S3.

To be honest, it depends on what kind of scenario are you figuring out. Each company has an explicit need that use to fit with one or the other.

Amazon S3 is an object storage service that offers industry-leading scalability, data availability, security, and performance. This means customers of all sizes and industries can use it to store and protect any amount of data for an specific region as this solution is global, for a range of use cases, such as data lakes, static websites, backup and restore or even archive data, enterprise applications, store IoT logs, and big data.

But what is an object storage?

An object storage is stored in a “flat” address space. Each stored object has a unique identifier and a metadata link that makes it easy to find among thousands of other objects. There is no hierarchy with several folders at all.

This approach improves latency, performance and solve scenarios with data such as x-ray images of patients in a hospital or TIFF files used for maps in a graphic Design Studio.

Amazon S3 Drivers

Drivers are the size for that data, format of files, store such data for a long time, latency to access that data and throughput within a time window to get all the information quickly as possible.

So when should i use Amazon S3?

S3 is global and has Edge Locations which are endpoints in several countries caching content. There are several flavours from S3 Standard to S3 Glacier deep archive depending on your company policies, performance and latency needed, resilience, etc.

Amazon S3 is very flexible as you can even use features such as:

  • Life cycle Management
  • Versioning
  • Encryption
  • Protect your buckets (where you classify your data) with ACL and compliance policies

Tu sum up, Amazon S3 covers lot of customers scenarios. Most very critical in terms of latency, or performance. It is a global solution to work with. Even you can pay a little bit more for Amazon S3 Transfer Acceleration which you can enable for a bucket when needed,and it speeds up data exchange with this bucket up to 6 times.

In the coming post, i am going to deep dive on Sharepoint Online and best scenarios for this Microsoft cloud solution.

Enjoy the journey to the cloud with me…see you soon.

FIRST FIVE MYTHS AND LEGENDS ABOUT FINOPS

Posted on by
Reply

The first definitions of FinOps as such, arise during the period of 2018 – 2020 to consolidate as a framework or financial culture in the cloud world and be sponsored by the FinOps Foundation.

Today there are more than 10.000 FinOps practitioners and more than 80% of enterprises in US are looking for a way to work, a financial culture, to allocate cost and understand the OPEX challenges that public cloud brings up.

In EMEA, we are getting on slower. Countries such as UK, France, Germany, Italy or here in Spain expect a strong expansion of FinOps culture in their companies (even SMB) as well as public sector.

But why is there so much confusion about what objectives this framework has?. Well, to be honest, there are a few misunderstandings that have led to this situation.

Finops is something we are still doing, we are using RI, we usually resize VMs and delete Orphants elements, even we are doing tagging properly

Cloud Economics, all related to optimize cloud spending with our engineers from a technical perspective, is part of Finops. Indeed, there is a capability called “Resource Utilization & Efficiency” and another called “Workload Management & Automation” that cover those scenarios when we need to optimize a cloud or multicloud environment.

Finops is just about save money and reduce cloud consumption

Finops is a culture to integrate Financial team, IT Engineers, procurement, PMO and CIOs and broke silos in order to allocate cloud cost, understand the appropriate cost metrics and ROI for each business or motivations to invest in the cloud. It is about being cost – effective, not just about save money.

Finops doesn´t make sense. It doesn´t provide any value to our business

Some roles as CTO, Engineers, some IT managers don´t see any value in a framework such as Finops. They think it´s too much “High Level”, maybe a fashion. It´s remarkable, they are technical people and don´t see technologies are needed to support a business. We have to pointed out here, public cloud ends up in caos if you don´t understand how to manage cloud cost in a new OPEX world.

When we buy a Cost Management Console, we will be moving faster to a RUN phase within FINOPS

This is not the approach, if you buy a cost console tool such as Cloud Health, Cloudability or whatever in the market, this is just a tool, you need to adapt to your cloud provider or multicloud solution together with governance, automation, forecast, budget strategies, etc.

If you have a FINOPS Team and you have applied some Finops principles, follow up stages, use a cost management console with some reports, you are done.

This is the start of a journey. Even if you set up a FINOPS TEAM, and you think you are on the way to a RUN stage, you need to be sure, your CEO and executive staff push down this culture, you need to be sure you have appropriate business metrics and the cost allocation and owners are part of your company culture. This is a cycle of cost effective optimization.

In the coming post, i am going to underline more confusing concepts about FinOps and deep dive in the possibilities that this framework provides to Finance and CFO´s roles.

Enjoy the journey to the cloud with me…see you soon.

HOW TO PROVIDE GOVERNANCE ON AWS FROM AZURE? A HOLISTIC VIEW

Posted on by
Reply

Hybrid cloud is a big challenge for mostly all the companies out there. They need to integrate their on premise workloads and cloud native solutions with similar governance, security posture and devops for instance. Some solutions can use more or less VMs, Microservices, Data analytics, ETL. But what happens when you want to use AWS as well as AZURE and obviously you need a single pane of glass to provide a holistic view of your multicloud environment?

Are there technologies to solve such a mess?. Let try to be focus laser on the big pain points to cope with:

  • Your IT team has a solid knowledge in Azure but very limited to AWS
  • You want to achieve a governance to services and IT solution as a whole even if workloads are spread between both clouds
  • AWS account are isolated with no landing zone as they are inherited from previous merged o company acquisitions.

Here you can see a Lab where i was testing VMs on a AWS account with visibility on my Azure ARC console.

Tagging and cost control: If you want within Azure ARC you can edit tags to some VMs on EC2 and build a unique perspective to a IT service for VMs even if they are located in a multicloud environment. So from you favourite cost management console, Azure cost management, you can connect to AWS and speed up your multicloud FINOPS strategy.

Standardization  for Policies and Governance: Linux or Windows VMs on EC2 can be managed exactly in the same way as you are working with VMs on Azure or on premise. Your Azure Policies will address all the issues regarding permissions, compliance, authorization to resources, etc. The best point, it doesn´t matter if they are on Azure or AWS.

Working with Microsoft Defender Anywhere: Azure ARC provides an agent to be deployed in some VMs so you can afterwards set up specific iniciativas to active and to roll Microsoft Defender for Endpoint. Taking into account that you will receive all the antimalware alarms and security tracking in the same console.

Another approach would be to register and deploy EKS from Azure ARC so you can provide governance to AWS kubernetes cluster from the Azure ARC console. Something quite interesting to those who has a strong knowledge on AZURE but want to deal with AWS as well.

I hope you enjoy this post. See you in the cloud.

CLOUDMANJI !! – WHEN YOU WORK IN FINANCE AND ALL AROUND YOU IS OPEX

Posted on by
Reply

The drums are beating, can you hear them?. But I don’t know where the sound is coming from. It’s thunderous, ringing in my ears…boom,boom…pause,..boom,boom. Like elephant heartbeats…

It is Cloudmanji!. A game that I don’t like to play as a financial manager, as a specialist in the purchasing department although i have been invited without wanting to attend that appointment.

OPEX is all around your work. It´s a new jungle where CAPEX is coming off the board. You are buying software subscriptions, Software as a Service (software that you can consume but you don´t need to install or maintain), Cloud infrastructure as PAYG (Pay as You Go), software products within the marketplace of your favourited Hyperscale. Moreover, others are buying, likely someone in the IT department, those software solutions and you just received invoices with not explanations at all.

Therefore, there are “Silos” in your company where not everybody is aligned about cloud spending or maybe the cloud adoption framework was rolled out to be focused on some “Personas” and business areas but not all stakeholders that should be involved in cloud projects.

First beat of drums

Cost Spike in the top one. This kind of scenario usually comes out of “Data Analytics” or “Big Data” Labs or Proof of concept aimed to analyse some specific information in order to take quick business decisions. Sponsor could be HR, Marketing or PMO directly. CIO is aligned with those guys, but he can´t figure out what comes next.

Sometimes happens because a junior consultant is responsable for deploying the prototype infrastructure on AWS, Oracle cloud or Azure as he just follows a default configuration which in many cases means to choose a “Premium Tier” for storage or data bases. Adding to that, there was no governance at all regarding what IT guys can do or can´t do.

The outcome is an unexpected invoice to Finance which means a spot in the budget for the big fish companies and a “cash burn out” for a small one or for a Startup.

The CFO wants to cut heads and he doesn´t know where to start. Who was guilty?, if any?, Who did the things wrong?. Where to start to fire up your team and see the cloud as an alliance?.

Second beat of drums

In the top two, an orphan and shared cost for the company, expensive and necessary, a cost which nobody wants to be assigned in their cost center code.

How do you split this kind of cost for several departments or countries?. Let´s say, you have several factories in your country, four in France, and even worst, two more in Spain, one in Portugal and UK. Due to the brexit and the currency things get extraordinary complex as you need to invoice in Euros and Pounds. There are also withholding taxes between Europe and UK.

You started with an application modernization strategy and migrated legacy applications to Azure. Application refactoring, (changing code and decoupling of architecture in small pieces called microservices) improved the deployment and scalation on demand to all those factories, supplying a quick and effective support for assembly line modifications.

All the factories need that cloud infrastructure and it´s critical and means a shared cost to all of them. It´s a complex cost which you can´t estimate properly. A Production, preproduction and development deployed in a multi-region approach. UK says France should pay the bill as they are the head quarter. Spain and Portugal say they can´t pay the bill as they have a smaller market than others and less profitable. France says cost should be splitted into euros (hence they pay France, Spain and Portugal) and into pounds. They say UK pays their factory in pounds and assumes all related to Brexit as withholding taxes.

How do you allocate cost in the cloud for such infrastructure?. How to estimate the appropriate average consumption for each factory?. How do you align Finance, IT guys and the Board to be on the same page and work together to find out a solution?

Third beat of drums

A company jumped into the cloud. They migrated three on premise data centers on premise. No cloud adoption was put on the table ended up in a bunch of solutions with no adequate scalation, security issues and no governance or cost allocate at all. A caos or nightmare that each new CIO has to cope with.

Not to mention, the company has workloads in two different hyperscalers. For instance, GCP and Azure.

After four CIOs and two CISOs went through the company, who is in charge of this scenario?. Finance says the situation is terrifying and horrible. No clear budgets, no budget alerts, no cost allocation, etc. How to deal with OPEX?.

To sum up, these scenarios are covered by FINOPS. This is a methodology where you are going to work with the IT cloud engineers, the CIO, your devops team, your Purchase department, Finance, PMO and some skilled people called Finops specialist.

In the next Cloudmanji episode, i´ll explain what it´s all about this approach and how you can leverage the methodology to deal with all these situations.

Dear CFOs, purchasing managers and IT guys enjoy the journey to the cloud with me…see you then in the next post.

MARKETPLACE: AN EXCLUSIVE AZURE & AWS SHOPPING CENTER – PART II

Posted on by
Reply

When you take a look to AWS, you can smell the origin of their public cloud strategy and why you can buy thirty-party technology solutions such as Palo Alto Firewalls, Linux Red Hat or SUSE VMs with lots of applications, or even Cisco or other network providers products. As you know, marketplaces are nothing else than platforms which enable transactions between customers and thirty party sellers.

Jim Collins identified the term “flywheel effect” and explained the concept to Jeff Bezos who saw an incredible opportunity where other people would have seen just a methodology without options to survive.

The idea is simple. Create a virtuous cycle that increases the number of sellers who offer their products and services, which therefore, increase the amount of offers and prices of those products or services so it´s more interesting to the users in order to find exactly what they want with the right prices.

Hence, improves the traffic to the platform and drives more sellers and customers to buy there. Moreover, you reduce prices to users, and they are used to visit your platform or marketplace from time to time.

From Amazon to AWS (Amazon Web Service) Marketplace

AWS marketplace was the first cloud marketplace for Hyperscalers AWS started the journey to sell thirty party IT products and services following in the footsteps of Amazon platform.

Customers can buy thousands of ISV products and services to deploy with agility and just for testing or find out if a specific software make sense and fill the gap in their company.

There is flexibility of prices, offer terms and conditions. There are pricing plans with an annual approach for 12 months subscriptions or even for just one month if you need for example to roll out a POC. there are others such as usage pricing where customers just pay for what they use in a PAYG approach or pricing models for specific product delivery methods such as containers or ML.

It is very flexible as you can buy even professional services product prices which are in general offerings of professional services packages. All the offers can be tailored for your target company if you are an AWS partner, and you can access to public or even private offers if you are a customer to leverage better discounts or improve some aspects of the ISV product or the consultancy company you deal with.

Lots of solutions are waiting for you…

You can make plans for some offer types publicly available or available to only a specific (private) audience. Likewise Azure marketplace we have explained in the previous post and follow up the same marketplace strategy as AWS did.

In summary, if you are figuring out which value can bring an ISV to your business on the cloud, and you want to leverage some AWS partner professional services in a specific area as cybersecurity or SAP, if a chance you should not forget.

Enjoy the journey to the cloud with me…see you then in the next post.

MARKETPLACE: AN EXCLUSIVE AZURE & AWS SHOPPING CENTER

Posted on by
Reply

When you, as a user, access your Azure Portal or AWS portal, you have the option to buy thousands of products or solutions preconfigure for you. You don´t need to worry for the licences or the IT capabilities to design or deploy an specific solution as there are all build following customer needs for several AWS or Microsoft partners and ISV (independent software vendors).

We will speak about the AWS marketplace later, in a new post. Just to pointed out, it was launched in 2012 to accommodate and foster the growth of AWS services from third-party providers that have built their own solutions on top of the Amazon Web Services platform such as ISV, SI (System Integrator) an resellers so the customer would buy exactly what they needed and when they needed adding a tremendous flexibility to grow their cloud solutions aligned with the business.

In the case of Azure was launched in 2014, it is a starting point for go-to-market IT software applications and services built by industry-leading technology companies.The commercial marketplace is available in 141 regions, on a per-plan basis.

What are the plans and how to use them (as a Partner)?

Microsoft partners can publish interesting solutions which involve licenses and services together within the Azure Marketplace On one hand, you don´t need to acquire licenses which prices are prorated within the price. On the other hand, you have access to expertise without hiring new employees in you IT team.

A plan defines an offer’s scope and limits, and the associated pricing when applicable. For example, depending on the offer type, you can select regional markets and choose whether a plan is visible to the public or only to a private audience. Some offer types support an scope of subscriptions, some support price related to consumption, and some let a customer purchase the offer with a license (BYOL), they have purchased directly from the publisher. 

Offer typePlans with pricing optionsPlans without pricing optionsPrivate audience option
Azure managed application
Azure solution template
Azure container✔ (BYOL)
IoT Edge module
Managed service✔ (BYOL)
Software as a service
Azure virtual machine
  • Markets: Every plan must be available in at least one market. You have the option to select only “Tax Remitted” countries, in which Microsoft remits sales and use tax on your behalf.
  • Pricing: Pricing models only apply to plans for Azure managed application, SaaS, and Azure virtual machine offers. An offer can have only one pricing model. For example, a SaaS offer cannot have one plan that’s flat rate and another plan that’s per user.
  • Plan visibility: Depending on the offer type, you can define a private audience or hide the offer or plan from Azure Marketplace.

How to publish and what kind of visibility can we provide (As a Partner)?

You can make plans for some offer types publicly available or available to only a specific (private) audience. Offers with private plans will be published to the Azure portal.

You can configure a single offer type in different ways to enable different publishing options, listing option, provisioning, or pricing. The publishing option and configuration of the offer type also align to the offer eligibility and technical requirements.

Be sure to review the online store and offer type eligibility requirements and the technical publishing requirements before creating your offer.

To publish your offers to Azure Marketplace, you need to have a commercial marketplace account in Partner Center and ensure your account is enrolled in the commercial marketplace program.

Also if your offer is published with a private plan, you can update the audience or choose to make the plan available to everyone. After a plan is published as visible to everyone, it must remain visible to everyone and cannot be configured as a private plan again.

Finally, as a partner can enable a free trial on plans for transactable Azure virtual machine and SaaS offers.

For example, azure virtual machine plans allow for 1, 3, or 6-month free trials. When a customer selects a free trial, we collect their billing information, but we don’t start billing the customer until the trial is converted to a paid subscription.

What are your benefits when using Azure Marketplace (As a User)?

Marketplace brings flexibility to customers as they can buy immediately any kind of offer based in a plan which provide several products from thousands of ISV without losing time to deal with any vendor or understand in detail the support model or licensing options.

In the Azure portal, select + Create a resource or search for “marketplace”. Then, browse the categories on the left side or use the search bar, which includes a filter function and choose what you need..

Likewise, there are lots of consultancy services provided from several Microsoft partners, some of them as a free trial so you can test the quality of their professional services and see their approach to fix your pain points.

Enjoy the journey to the cloud with me…see you then in the next post.

WELL ARCHITECTED FRAMEWORK FROM AWS TO AZURE, FACE TO FACE (II).

Posted on by
2

As we said in a previous post, AWS Well Architected Framework was launched officially in 2015. The Microsoft Azure WAF approach took more time as they started later, about 2020 with their own WAF methodology. Anyway it´s a collection of best practices, guides and blue prints in the same way that their competitors, Google (in this case, they called it “4 key architecture principles/pillars”, but covers the similar points), and AWS based in experiences and feedback from several stakeholders.

To Summarize, Azure or AWS WAF or the 4 Key Google architecture principles/pillars, helps cloud architects to build secure, high-performing, resilient, and efficient infrastructure for their applications and workloads for their business. Moreover, provide a better UX (user experience) for the employees and users.

Azure Approach...

From the Microsoft point of view, there are also 5 clear pillars as well as for AWS:

  • Cost Optimization – Focus on managing costs and reduce it as much as possible according with the scenario
  • Operational Excellence –Focus on achieving excellence on operations processes that keep a system running in production.
  • Performance Efficiency – Focus on achieving the best adoption of an IT solution in the cloud.
  • Reliability – Focus on recovering a system or IT solution from failures and continue to function in the cloud.
  • Security – Protecting applications and data from threats, keeping in mind the shared responsibility where a customer and Microsoft or some partners work together for a giving IT solution.

Did you notice any change comparing to AWS below?. Well, Microsoft wants to pointed out the same pillars but involve some extra staff around the pillars to make more powerful their offering. That means: references architectures, Azure Advisor as a point to start as well as CCO Dashboard, Cloudockit, AZGovViz, specific partners offerings or the WAF Review reporting (this is not different from AWS).

The Azure approach for the Well Architected Framework provides some changes in the steps to go ahead comparing to AWS. They are more HLD (high level design) to drill down later while Microsoft try to gather more details in order to sort out priorities, responsibilities and tools to address the right technologies to the right issues sooner.

It seems that this workshop process will be run smoothly and easy to use. The truth is, you will get struggle with some Workloads or specific IT components for sure. But what are the most important Microsoft Azure architecture “Quality Inhibitors” to face with?

Cost Optimization –

Operational Excellence –

Performance Efficiency –

Reliability –

Security –

Underused or orphaned resources

No automation or Silos automation

No design for scaling

No support for disaster recovery

No security threat
detection mechanism

As you can see, each hyperscaler has its own vision. But they are similar in the areas to evaluate and to fix when something is not working properly.

In the next post, we will cover more in depth similarities and differences between the two big cloud titans, Azure and AWS. In the meanwhile, the ball is in your court. Read, read and read…for sure you do… 🙂

Enjoy the journey to the cloud with me…see you then in the next post.

WELL ARCHITECTED FRAMEWORK FROM AWS TO AZURE, FACE TO FACE (I).

Posted on by
1

After some years migrating workloads from on premise to the cloud, after some years developing cloud first apps, the amount of architectures, technologies and hyperscalers have been expanding their value and support for millions of business and companies… The Well Architected Framework is nothing else that an approach to optimize all those IT solutions from several perspectives.

AWS Approach...

In 2012 AWS created the “Well-Architected” initiative to share with their customers and partners best practices for building in the cloud, and started publishing them in 2015. Now these set of principles are a reality and expanded to many cloud scenarios.

Let say we have some workloads and IT solutions in cloud providers such as AWS or Microsoft Azure with some complexity. Adding to that, we are not sure if the current scenario is designed according the best practices in terms of reliability as the IT service has some small delay responses to the users from time to time. Moreover, when you browse your AWS cost explorer console, this IT Service has a high consumption..

What can we do?, how can we shed some light on this?. OK, AWS provides a set of best practices, principles and strategists to reduce risk and impacts on these areas i´ve mentioned before as well as in other areas. Those areas, indeed, pillars are five:

  • Operational Excellence: The ability to support development and run workloads effectively, gain insight into their operations, and to continuously improve supporting processes and procedures to deliver business value.
  • Security: it´s focused on protect data, systems, and assets to take advantage of cloud technologies to improve your security.
  • Reliability: Enforces the ability of a workload to perform its intended function correctly and consistently when it’s expected to.
  • Performance Efficiency: The ability to use computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve.
  • Cost Optimization: The ability to run systems to deliver business value at the lowest price point.

The AWS approach for the Well Architected Framework provides a great value to improve a specific workload or some workloads with some interdependence. To leverage the five pillars potential, the Well-Architected Tool helps you review the digital state of your workloads and compares them to the latest AWS architectural best practices on those areas.

Even, If you want to be more specific and deep dive in a technology or a disruptive solution to identify a clear impact or reduce risk for your workloads, AWS offers AWS Well-Architected Lenses since 2017.

Some examples of Lens which, from my point of view, bring value, are:

Management and Governance Lens – AWS Well-Architected

Hybrid Networking Lens – AWS Well-Architected

SAP Lens – AWS Well-Architected

Financial Services Industry Lens – AWS Well-Architected

Serverless Applications Lens – AWS Well-Architected

In the second part of this post, we will explain the Azure Well Architected Framework. I hope it´s useful to you and it makes your day!.

Enjoy the journey to the cloud with me…see you then in the next post.

Azure Lighthouse, the secret sauce for any Managed Cloud Solution Provider

Posted on by
Reply

Managed Cloud Solution Providers (MCSP) are those thirty party companies that help your business to expand and provide muscle and expertise in two ways:

  1. Skill matrix to support – They have a bunch of experts in several disciplines to go through your IT service challenges and digital transformation, they are your mentor to understand your risk and how aligned is your investment in cloud solutions with your business. They have cloud architect and cloud strategist personas in their team to support your journey to the cloud on mostly hybrid scenarios.
  2. Tools to support– They have the right tools to support those business needs and to leverage your current digital state to a new version of your company achieving better efficient in your daily processes, simplifying your employees work, even their quality of life, and for sure, optimizing the time to react to your competitors with innovation. Just to remark, tools means not just thirty party tools but also the native cloud provider tools you have available when consuming cloud services.

Adding to those key points, all the most important operatives to support IT Services on the cloud are based in some specific daily tasks. Monitoring, backup, process automation or security are part of those operatives. Moreover, MCSP need to be effective to solve issues in order to provide the right quality to our customers. Something that it´s called “Operational Excellence” within the “Well Architected Framework”.With the massive expansion of cloud first IT services and migrations to the cloud of a huge amount of IT infrastructure to support data analytics, web services, disaster recovery and legacy applications in the road to be modernized, we need the right tools to cover some clear objetives. Azure Lighthouse has a tremendous maturity to solve lots of aspects and challenges any MCSP need to cope with:

  • Scale as soon as we need to grow. Here i mean scale horizontally. So even when you have to assist lots of customers you can cover their need with granularity and focus on their specific roadmap to the cloud.
  • Segment your IT cloud infrastructure from the customers IT cloud one. So any security issue or IT service downtime that you are providing internally as well as providing to others is limited and it just can affect a customer or group of customers.
  • Provide permissions to some IT resources in the cloud and delegate depending on your customers projects and skills involved access to other partners, to freelance or to sum up to collaborate within this new project with several profiles.
  • Achieve a whole picture of the IT services you are providing to your customers in several Azure contracts and tenants in terms of security posture, alerts with performance or health issues, triage misconfigured Items, provide the right azure governance, etc.

Azure Lighthouse has the potencial and flexibility to include monitoring and traceability to all the customers in several tenants, you get a holistic view, delegate specific permission with a great security level for a period or the time you want to the whole subscriptions or resources groups, integrate all in a Hybrid strategy together with Azure ARC or furthermore integrate security posture and SIEM for several tenants as well. Azure offers top native cloud tools to support your investments in almost any technology tendency.

Let´s go deeper into some nice strategies to any MCSP so they don´t get struggle trying to solve how to translate what they are doing right now on premise compare with Azure.

Access. To access you have as mandatory a secure authentication and authorization strategy., That´s why Microsoft offers the least privilege access approach with Azure Active Directory Privileged Identity Management (Azure AD PIM) to enhance even more access to the customers tenants with just a user or a security group.

Monitoring. Absolutely key for any MSCP. It is the core of your support to your customers. Adding you have to use the right ITSM (Information Technology Service Management) software to be aligned and strive in the right direction to assess and resolve customers issues from high priority to low priority.

Security Posture. Do you know how many misconfigurations and vulnerabilities exist in your customers Azure cloud?. Yes, you can add Azure Security Center to provide the right security posture and know which security controls are affected or can be aligned to your regulatory compliance. We can leverage the Security Score to see in a single pane of glass your customers security posture. Not easy peasy but helps a lot.

Incident Hunting. Maybe you know, maybe you don´t, Azure Sentinel, the Microsoft native SIEM can contribute to consolidate your security threats and deep dive any root cause of a security compromise across several tenants. https://techcommunity.microsoft.com/t5/azure-sentinel/using-azure-lighthouse-and-azure-sentinel-to-investigate-attacks/ba-p/1043899

It´s a powerful tool to track logs, see layer to layer what´s is happening and determine how to step up suitable hardening for your technologies.

Hybrid Scenarios. Regarding Hybrid scenarios, Azure ARC, can be integrate as well with Azure Lighthouse bringing a great benefit to that holistic overview i mentioned before. The main target in this case, will be to provide the right governance to your customers even if they have some private clouds or on premise infrastructure. Therefore, an exciting approach for those companies which already have a lot of legacy staff to migrate during years but want to explore the benefits of public cloud such as Azure.

To sum up depending on your cloud provider maturity level, there are some key native tools to improve your support on your own or with the help of a MCSP. Azure is one of the most important providers together with AWS to offer this level nowadays.

Enjoy the journey to the cloud with me…see you soon.