Azure Blueprint

-

                        Azure Blueprint

Ever wondered on how could anyone set up a compliance standards for the resources deployed in Microsoft Azure? In a fast moving industry where every small offerings by cloud provider keep on changing rapidly; it’s hard to keep the compliance-check up-to-date.

In order to address compliance standards, Microsoft recommend to use Azure Blueprint. It’s a free service that helps customer deploy and update cloud environments in a repeatable manner using composable artifacts such as policies, ARM templates and role based access controls (RBAC). Azure Blueprints is built to help customer’s setup governance strategy around their Azure environments and can also scale to support production/non-production implementations for large-scale migration environment.

In other words, Blueprints are a declarative way to orchestrate the deployment of various resource templates and other artifacts such as:

  1. Role Assignments
  2.  Policy Assignments
  3. Azure Resource Manager (ARM) template
  4. Resource Group

Microsoft Azure leads the industry with several compliance offerings that involves international and industry-specific compliance standards, such as ISO 27001, HIPAA, PCI, SOC 1 and SOC 2, along with country-specific standards, including FedRAMP and other NIST 800-53 derived standards, Australia IRAP and Singapore MTCS.

Let’s see this with an example to understand better,

ISO 27001: Shared Services’ is a blueprint available under Azure tenant. Simply navigate to the Blueprints page, click “Create a Blueprint”, and choose ‘ISO 27001: Shared Services’ blueprint from the list.

We could also notice various other compliance offering by Microsoft as shown in below screenshot.

           

                                                    Figure 1: Create a Blueprint


ISO 27001: Shared Services’ blueprint is designed to help people deploy production-ready, secure end-to-end solutions in quick time and it includes:

·        Hardened infrastructure resources: Azure Resource Manager (ARM) templates are used to automatically deploy the components of the architecture into Azure by specifying configuration parameters during setup. The infrastructure components include Azure Firewall, Active Directory, Key Vault, Azure Monitor, Log Analytics, Virtual Networks with subnets, Network Security Groups, and Role Based Access Control definitions. Additionally, these resources can be locked by Blueprints as a security measure to protect the consistency of the defined blueprint and the environment it was designed to create.

·        Policy controls: It is a set of Azure policies that help provide real-time enforcement, compliance assessment, and remediation for the required environment.

·        Security and Compliance controls: A team can be benefitted from all the controls for which Microsoft is responsible as cloud provider, and blueprint helps to configure a number of the remaining controls to meet ISO 27001 requirements.


                                                           Figure 2: Artifacts

Lifecycle of an Azure Blueprint

Yes, Azure Blueprint is no different, it has a lifecycle as they are created and then deployed. And, when they are no longer needed, they are deleted. Azure Blueprints also provides support for CI/CD pipelines for organizations that manage infrastructure-as-code (IaC). Azure Blueprint lifecycle consists of,

  1. Creation of Blueprint
  2.  Publishing of Blueprint
  3. Creating or editing a new version of Blueprint
  4. Publishing a new version of Blueprint
  5. Deletion of a specific version of Blueprint
  6. Deleting the Blueprint altogether

I hope this article would give its readers a better understanding about the overview of Azure Blueprints. 

If there are any feedback, please do share at the bottom of the page.

For more details about Azure Blueprints, please see this link.  

Comments

Post a Comment

Popular posts from this blog

Disaster Recovery of a VM in Azure

-
Image
Background Back in June 2018, Microsoft announced the general availability of Disaster Recovery (DR) for Azure virtual machines using Azure Site Recovery. Azure is the first public cloud provider to offer native DR solution for application running on IaaS. Along with Availability Zone and availability sets, ‘ Azure Site Recovery’ provides resiliency for applications running on Azure VMs. This blog will cover the extensive points on disaster recovery setup process for virtual machine hosted in Azure. I’ve divided this article into several sub-sections for disaster recovery: Prerequisites Create Recovery Services Vault Enable Replication Test Failover Failover, Commit & Re-Protect Prerequisites: A zure subscription with permission to create ‘ Recovery Services Vault’ and VMs in target region along with virtual network, storage account etc. Supported VM operating systems like Windows or Linux. Supported Azure regions for disaster recovery (DR) Outbound network ...
Read more

Deploy Azure Database for PostgreSQL using ARM template

-
Image
Azure Database for PostgreSQL is a relational database service based on the open-source Postgres database engine. It's a fully managed service provided by Microsoft Azure. It offers mission-critical workloads with predictable performance, security, high availability and dynamic scalability.       It's available in two deployment options Single Server (supports vertical scale on demand) Hyperscale   server (supports horizontal scale across machine using sharding)  For this blog, we'll explore " Single Server " deployment only. We'll also be looking into few integrations along with the deployment of Azure Database for PostgreSQL. These integration will include: Virtual Network integration for existing virtual network Diagnostics logs integration (generated logs to send across storage account and log analytics workspace and stream to event hub) Azure Active Directory User/group integration Key vault integration to store administrator password Pre-requisites ...
Read more

Workload Protection with Microsoft Defender for Cloud

-
Image
‘ Microsoft Defender for Cloud’ (previously known as Azure Security Center and Azure Defender) is a tool that strengthen your Cloud Security Posture Management (CSPM) and Cloud Workload Protection (CWP) . It protects your workload running in Azure, hybrid, or any other cloud platforms. In this blogpost, we will mainly focus on Cloud Workload Protection (CWP), which are typically agent-based workload-centric security protection solutions along with below topics. 1.                           Enable ‘ Microsoft Defender for Cloud ’ on your subscriptions 2.                           Enable Enhanced security features 3.                           Workload Protection a.       Dashboard coverage b. ...
Read more