On October 6, 2017 the Microsoft State and Local Government team hosted their second SLG Azure Fridays event with a presentation by me titled Continuous Delivery to Azure using Visual Studio Team Services. This webcast demonstrated the following:
Interested in learning how your State and Local Government counterparts are leveraging the cloud to digitally transform the way they do business? Are you an innovator that wants to benefit from participating in a community of like-minded business and IT professionals? Government agencies provide critical services to the communities they serve, and the growing demand to do more with less available resources makes the hybrid cloud discussion more relevant than ever before. Join us every four weeks to learn from Microsoft customers that have embraced technology as an innovative and transformative way to deliver government-related services to the communities they serve.
The SLG Azure Fridays community is made up of Microsoft customers actively delivering services through the Microsoft Azure cloud, or seeking new ways to bring innovation to their organizations, and presentations will primarily be delivered by State and Local Government customers based on challenges and opportunities relevant to all customers across the country. The community provides a forum to present your innovative solutions, and to network with peers that are rising to the ever changing landscape of delivering government services at scale.
On September 22, 2017 the Microsoft State and Local Government team kicked off a new webcast series called SLG Azure Fridays. Azure App Dev Technical Specialist, Brian Spann, presented DevOps 101. This webcast covers how adopting and implementing a DevOps strategy within your organization can enable you to shorten cycle times while improving software quality by streamlining the entire development workflow, from the backlog, through build and test, all the way into production, with real-time monitoring for availability and performance as well as user analytics to help inform the business on what to focus on next. Upcoming SLG Azure Fridays events are always listed at https://slgevents.azurewebsites.net. Limited spaces are available so register early.
On October 6, 2017 at 1:30PM EDT the Microsoft State and Local Government team will be kicking off a new free webcast series titled SLG Azure Fridays. This new weekly series is designed to cover technical Azure topics in the following categories for our State and Local Government customers:
Azure Application Development
Business Intelligence & Artificial Intelligence
The first webcast will be Continuous Delivery to Azure using Visual Studio Team Services.
A few months ago a co-worker completed a set of 5 videos that go into different aspects of architecture best practices for Azure Resource Manager deployments. At the time I had sent out a tweet with a link to the series but I forgot to post it out here. So without any more delay, check out Jeff Langford’s excellent video series on Channel 9.
Recently I was having a discussion with another Cloud Solutions Architect about hosting domain controllers in Azure and how to protect them. I thought I would post some of the best practices that we discussed:
Use a dedicated Azure storage account for Active Directory domain controller disks.
Ensure that the storage container for the domain controller’s OS and data disks is set to private access type (this is the default for new containers).
Use role based access control (RBAC) to limit who has access to manage the storage account and access keys.
Enable Azure Disk Encryption with key encryption key (KEK) for both the operating system and data disks. This will utilize Azure Key Vault for storing the keys. The Key Vault must reside in the same Azure region and subscription as the virtual machine.
Use RBAC to limit who has access to manage the Key Vault.
Keep domain controllers in their own virtual network subnet.
Set a static IP for the domain controller using PowerShell or the Azure Management Portal. Never set a static IP address directly in the operating system. You must always set the operating system to use DHCP.
Do not set public IP addresses on domain controllers.
Deploying domain controllers in Azure is an important step for providing an organization with resilient identity. By taking precautions like you would on-premises you can have a safe and secure cloud environment. The best practices listed above are not an exhaustive list of all configurations and settings that you should implement in order to have a secure domain controller environment in the cloud. Please review all of the documentation and apply your own security requirements and standards to your cloud deployment.
Microsoft’s Olivier Martin recently wrote a three part series called Networking to and within the Azure Cloud. This is an excellent primer on understanding the options you have as an organization to connect different virtual networks and regions together using VPN or ExpressRoute connections. I highly recommend checking this out even if you feel you have a solid understanding of networking in Microsoft Azure.
Put the cloud to work for you. Join us as we explore how your agency can achieve more while helping stay compliant and secure with Microsoft Azure Government. You’ll hear from industry leaders, analysts, and experts over the course of eight sessions designed to help you modernize your agency and kick off your digital transformation.