Managing Hybrid Identities with Microsoft Azure

Today, businesses are becoming a combination of on-premises and cloud applications. Users require access to those applications which are hosted both on-premises and in the cloud. Managing users both on-premises and in the cloud poses challenging scenarios.

Microsoft’s hybrid identity solutions span on-premises and cloud-based capabilities, creating a single user identity for authentication and authorization to all resources, regardless of location or device.

Azure AD Connect integrates any user who is present or being created in an on-premise Active Directory to Azure AD. This means you have a single user identity for accessing resources present on-premise, in Azure, O365 & your SaaS applications.

Business Benefits of Hybrid Identities:

  • An increase in productivity by providing access anywhere, anytime
  • Create and manage a single identity for each user across all your data center-based directories, keeping attributes in sync and providing self-service and SSO for users.
  • Keep resources productive with self-service password reset and group management for both data center and cloud-based directories.
  • Organizations have complete visibility and control over security and monitoring to help reduce inappropriate user activity and spot irregularities in user behaviors
  • Enforce strong authentication to sensitive applications and information with conditional access policies and multi-factor authentication.
  • Federate identities to maintain authentication against the data center-based directory.
  • Provide SSO access to hundreds of cloud-based applications.

 

The Three Hybrid Authentication Solutions:

While hybrid identity may seem like a complex issue when it is up and running, it makes accessing data and services both internal and external while collaborating with partners and customers much simpler. To achieve hybrid identity with Azure AD, three authentication methods can be used:

1. Password Hash Synchronization (PHS):

Password hash sync is the simplest way to enable authentication for on-premise AD objects in Azure AD. Users can use their existing on-prem credentials for accessing cloud-based applications on Azure. Active Directory DS stores the password in a hash form which is synced to Azure AD. When a user tries to login to Azure AD, the password is run through a hashing process and the hashed value is matched with the hash value present on Azure AD. If the hash values match, the user is allowed access to the resources.

2. Pass-Through Authentication (PTA):

Azure Active Directory (Azure AD) Pass-through Authentication allows your users to sign in to both on-premises and cloud-based applications using the same password. While deploying the Pass-through Authentication solution, lightweight agents are installed on your existing servers. These agents should have access to the on-premise AD domain controllers and outbound access to the internet. Network traffic is encrypted which is limited to authentication requests only.

3. Federation Authentication (AD FS):

With the Federation authentication method, you can federate your on-premises environment with Azure AD and use this federation for authentication and authorization. This sign-in method ensures that all user authentication occurs on-premises. Azure AD redirects the users to Active Directory Federations Services (ADFS) as the authenticated domain configured as a federated domain. The ADFS server authenticates the user with on-premise AD and returns a security token to authenticate with Azure AD. The configuration of this solution is much complex as it would require one or more ADFS Proxy servers, one or more ADFS Servers and SSL certificates for implementations.

Potential Reference Architecture Diagram:

Why SNP?

SNP Technologies Inc. is a leading provider of innovative technology solutions, specializing in harnessing the power of cloud services to drive business transformation. With a focus on delivering comprehensive solutions in AI, ML, and cloud services, SNP Technologies partners with clients across various industries to enhance operational efficiency and achieve their strategic objectives. We combine elements from our ISO certifications and Microsoft specializations as well as the most efficient and innovative technology tools and platforms to help our clients become more agile, more customer, and more operationally efficient. For more information, contact us here.

Modernize your On-premises SQL Server Infrastructure by Utilizing Azure and Azure Data Studio

Data estates are becoming increasingly heterogeneous as data grows exponentially and spreads across data centers, edge devices, and multiple public clouds. In addition to the complexity of managing data across different environments, the lack of a unified view of all the assets, security and governance presents an additional challenge.

Leveraging the cloud for your SQL infrastructure has many benefits like cost reduction, driving productivity, accelerating insights and decision-making can make a measurable impact on an organization’s competitiveness, particularly in uncertain times. While infrastructure, servers, networking, etc. all by default are maintained by the cloud provider.

With SQL servers 2008 and 2012 reaching their end-of-life, it is advisable to upgrade them or migrate them to Azure cloud services. Modernizing any version of SQL server to Azure brings up many added benefits, including:

  • Azure PaaS provides 99.99% availability
  • Azure IaaS provides 99.95% availability
  • Extended security updates for 2008, 2012 servers
  • Backing up SQL Server running in Azure VMs is made easy with Azure Backup, a stream-based, specialized solution. The solution aligns with Azure Backup’s long-term retention, zero infrastructure backup, and central management features.

Tools leveraged

For modernizing the SQL infrastructure, SNP leveraged a variety of tools from Microsoft, such as the following.

  • The Azure Database Migration Service has been used since the beginning to modernize on-premises SQL servers. Using this tool, you can migrate your data, schema, and objects from multiple sources to Azure at scale, while simplifying, guiding, and automating the process.
  • Azure Data Studio is one of the newest tools for modernizing SQL infrastructure with an extension of Azure SQL Migration. It’s designed for data professionals who run SQL Server and Azure databases on-premises and in multi cloud environments.

Potential reference architecture diagram

Let’s take a closer look at the architecture, what components are involved and what is being done in Azure Data Studio to migrate or modernize the on-premises SQL infrastructure.

Among the components of Azure data studio are the source to be modernized, the destination where the on-premises SQL must be moved, and the staging layer for the backup files. Backup files are a major component of modernization.

There are various components that are involved in the Azure Data Studio migration or modernization- Source SQL server. The on-premise SQL server which is to be modernized/migrated, Destination Server- The Azure SQL VM to which the on-prem SQL server will be moved, and the staging layer (Storage Account or the Network Share Folder) for the backup files. Backup files are a major component of modernization.

Azure Data Studio and Azure SQL Migration primarily rely on backup files. It uses a full backup of the database as well as transactional log backups. Another important component is the staging layer, where backup files will be stored.

Microsoft Azure Data Studio uses a network share folder, an Azure storage container, or an Azure file. There must be a specific structure or order in which backup files are placed in either of the places. As shown in the below architecture, backup files specific to the Database must be placed in their own folders or containers.

As part of the migration to Azure, Azure Data Studio along with the Azure SQL Migration extension utilizes a technology called Data Migration Service, which is the core technology behind the scenes. It has also been integrated with Azure Data Factory, which runs the pipeline at regular intervals to copy the backup files from the on-prem network share folder to Azure thereby restoring them on the target or restoring them if they are in containers.

When the backup files are in a network share folder, Azure Data Studio uses Self Hosted Integration Run time to establish a connection between on-premises and Azure. After the connection has been established, the Azure Data Studio begins the modernization process leveraging Azure DMS.

Initially, all full and subsequent transactional log backup files of the databases are placed in a specified database folder or database container. Azure Data Studio copies backup files from network share folders to Azure storage containers if the backup files are in a network share folder.

Following this, Azure Data Studio restores them to the target Azure SQL VM or Azure SQL Managed Instance while Azure Data Studio directly restores backup files from the storage account to the Azure target if the backup files are stored in the storage account.

Following the completion of the last log restoration on the target Azure SQL database, we need to cut over the database and bring it online on the target. The databases will be placed in the Restoring mode during the restoration of the backup files, which means that we will not be able to access them until the cutover has been completed.

Your next steps

If you like what you have read so far, let’s move forward together with confidence. We are here to help at every step. Contact SNP’s migration experts.

Microsoft Fabric: Meet your Organizational Goals for Effective Data Management and Analytics

In 2023 Microsoft announced major updates to its Azure data platform. While their OpenAI service has been dominating the headlines, questions about Microsoft’s new, comprehensive analytics solution Fabric have been just as central in our customer discussions.

Adoption of a new data analytics platform is no easy feat, with concerns around skilling, tool integration, obsolescence, security and so forth. The concerns and path forward will vary depending on the organization’s circumstances – from those having a legacy SQL Server implementation on-premises to those having an advanced, cloud-native analytics deployment, and everywhere in between. That said, these four high-level questions should be in mind for any organization evaluating the Fabric potential:

  1. Should we consider exploring Microsoft Fabric given our existing data platform maturity and investment?
  2. Which Fabric capabilities would be the most suitable and beneficial for my organization?
  3. How can I preserve my current data platform investment while capitalizing on the advantages offered by Fabric?
  4. What steps are necessary to establish governance and cost management in this new platform?

Before we continue with our recommendations to address these questions, let’s take a few minutes to level-set on what Fabric is and is not.

The Microsoft Fabric Ecosystem

At its core, Fabric is software-as-a-service (SaaS) integrating three Microsoft products: Azure Data Factory, Power BI and the Synapse data platform for an all-in-one suite designed for performance, scalability and ease of use. Underlying Fabric is the OneLake unified data foundation and Microsoft Purview for persistent data governance.

Microsoft Fabric Ecosystem

Source: What is Microsoft Fabric – Microsoft Fabric | Microsoft Learn

Facets of the Microsoft Fabric Platform:

  • Data Engineering: Empowers data engineers to transform and democratize large-scale data through Apache Spark within a lakehouse.
  • Data Factory: Equips business and technical users with tools for data integration, offering over 300 transformations (including AI-based) via 200+ native connectors while managing data pipelines.
  • Data Science: Integrates with Azure Machine Learning, enabling data scientists to develop and deploy ML models and leverage SynapseML for scalable ML pipelines.
  • Data Warehouse: Natively stores data in the open Delta Lake format separate from compute to promote scalability and performance for analytics workloads.
  • Real-Time Analytics: Facilitates querying and analysis of observational data, including real-time streams, unstructured/semi-structured data, and IoT data.
  • Power BI: An integral component of Fabric, providing data visualization integrated with Microsoft 365 apps and within Power BI.
  • Dataflows Gen 2: A new generation of dataflows accelerates authoring with a no-code/low-code experience.

While Fabric is a SaaS offering, it is still a resource installed in an Azure subscription. As such, a landing zone with prerequisite identity, networking, security, and governance must be in place.

While a Fabric analytics solution can be fully composed with Fabric tooling, within the Azure tenant an organization can integrate Fabric with Azure resources that sit outside Fabric, for instance Cosmos DB, Azure AI Services and Azure Monitor.

For more information about Fabric, please see the Resources section at this end of this blog.

Microsoft Fabric Evaluation Criteria

When working with our customers, SNP recommends the high-level success criteria below be evaluated when contemplating Microsoft Fabric as their Data & Analytics platform:

  • Seamless Integration: Evaluate how Fabric, with external tools, should be achieve data sharing and workflow orchestration without disruption to your established ecosystem.
  • Improved EfficiencyThe true value of any platform lies in its ability to simplify processes. Microsoft Fabric should reduce the time and effort required for data engineering, data science, and analytics tasks. Evaluate how migrating the workloads to Fabric will increase efficiency and productivity across data engineering services and also result in faster time to derive insights in BI apps.
  • Data Democratization Microsoft Fabric empowers business users and data scientists alike, offering self-service access to data and analytics capabilities. Evaluate how this feature can help in extending the utility of data throughout your organization.
  • Scalability: As your organization grows, so do your data needs. Evaluate Microsoft Fabric’s ability to scale effectively, accommodating increased workloads without compromising performance.
  • Cost Optimization:  Financial considerations are paramount. Evaluate how Fabric can help in cost reduction, optimized resource utilization, and improved cost management capabilities, when compared to your existing data platform architecture.
  • Enhanced Data Governance: Data governance is critical, especially in today’s regulatory environment. Evaluate how Fabric facilitates effective enforcement of data governance policies, ensuring data quality, and maintaining compliance standards.
  • Data Security: With data breaches an ever-present threat, success means strengthening data security and privacy, especially for sensitive or regulated data. Evaluate the Security features of Fabric to over the risks and implement tighter security policies.

Conclusion

In this blog, we’ve explored the evaluation criteria that can guide your organization’s adoption of Microsoft Fabric as your Data & Analytics platform. By keeping these criteria in mind, you can maximize the value of this platform alongside your existing investments, leading to more effective decision-making and a competitive edge in your industry.

Your Next Steps:

If you like what you’ve read so far, let’s move forward together with confidence. SNP recommends the following approach to start understanding, exploring, and evaluating Microsoft Fabric for your business: We’re here to help at every step. Contact SNP’s Data & AI experts here

SNP process

Modernize and Migrate your SQL Server Workloads with Azure

Modernizing and migrating SQL Server is just one of the many reasons why a company might want to migrate its data. Other common reasons may include mergers, hardware upgrades or moving to the cloud. In most cases, however, data migrations are associated with downtime, data loss, operational disruptions, and compatibility problems.

With SNP Technologies Inc., these concerns are alleviated, and the migration process is simplified. We help businesses migrate complete workloads seamlessly through real-time, byte-level replication and orchestration. For enhanced agility with little to no downtime, we can migrate data and systems between physical, virtual and cloud-based platforms.

When it comes to the modernization of SQL Server, we can migrate and upgrade your workload simultaneously. Production sources can be lower versions of SQL Server that are then upgraded to newer versions, for example, SQL 2008, 2008R2, and 2012 can be moved to a newer version of Windows and SQL or to Azure.

 

Some key benefits of modernizing or migrating your sql workloads include:

  • Built-in high Availability and disaster recovery for Azure SQL PaaS with 99.99% availability
  • Automatic backups for Azure SQL PaaS services
  • High availability with 99.95% for Azure IaaS
  • Can leverage the azure automatic backups or Azure Backup for SQL Server on Azure VM

Listed below are the various steps SNP follows to migrate an on-premises SQL server to Azure PaaS or IaaS

  • Assessment to determine what is the most appropriate target and their Azure sizing.
  • A performance assessment will be conducted before the migration to determine potential issues with the modernization.
  • A performance assessment will be conducted post-migration to determine if there is any impact on performance.
  • Migration to the designated target.

 

As part of our modernization process, we utilize a variety of tools that Microsoft provides. The following are various tools or services we leverage during the modernization process.

Assessment to determine what is the most appropriate target and their Azure sizing with Azure Migrate:

Azure migrate is a service in Azure that uses Azure SQL Assessment to assess the customer’s on-premises SQL infrastructure. In Azure Migrate, all objects on the SQL server are analyzed against the target (whether it’s Azure SQL Database, Azure SQL Managed Instance or SQL Server on Azure VM) and the target is calculated by considering all performance parameters such as IOPS, CPU, Memory, Costing etc., along with the appropriate Azure size. Following the assessment, SNP gets a better idea of what needs to be migrated, while the assessment report recommends the most appropriate migration solution.

This assessment generates four types of reports:

  • Recommended type (it gives us the best option by comparing all the available options (best fit)– If the SQL server is ready for all the targets, it will give us the best fit considering all the factors like performance, cost, etc
  • Recommendation of instances to Azure SQL MI– It gives the information If the SQL server is ready for MI. If the SQL server is ready for MI, it gives us a target recommendation size. If the Server has any issues with SQL MI, it shows us all the various issues it has and its corresponding recommendations
  • Recommendation of Instances to Azure SQL VM– It will assess individual instance and provides us with the suitable configuration specific to individual instance
  • Recommendation of Servers to SQL Server on Azure VM– If the server is ready to move to the SQL server on Azure, it will give us the appropriate recommendation

Our assessment checks if there are any performance impacts post migration with Microsoft’s data migration assistant

To prepare for modernizing our SQL infrastructure to Azure, we need to know what objects will be impacted post-migration, so we can plan what steps to take post-migration. A second assessment is performed using a Microsoft Data Migration Assistant (DMA) tool to identify all the objects that will be impacted after migration. This tool can be used to determine which objects are going to be impacted post-migration during this phase. The DMA categorizes the objects into five/ four categories for modernizing to SQL Server on Azure VM.

Some key factors considered at this stage include:

  1. Breaking Changes:  These are the changes that will impact the performance of a particular object. Following a migration, we will need to ensure that breaking changes are addressed.
  2. Behavior Changes: There are changes that may impact query performance and should be addressed for optimal results.
  3. Informational issues: We can use this information to identify issues that might affect post-migration
  4. Deprecated Feature: These are the features that are going to be deprecated
  5. Migration blockers: These are the objects that are going to block the migration, either we remove them prior to migration or change them as per the business requirements.

Note: Migration blockers are specific to the Modernization of SQL Server to Azure SQL PaaS

 

Modernization using Azure Data Studio:

Once we have an Azure target along with the Azure size and a list of affected objects, we can move on to modernization, where we migrate our SQL infrastructure to the Azure target. In this phase, the SQL infrastructure is modernized using a tool called Azure Data Studio, which uses an extension called Azure SQL Migration, leveraging Azure Data Migration Service (Azure DMS).

In Azure Data Studio, you will be able to perform a modernization of the SQL server infrastructure by using the Native SQL backups (the latest full back up as well as the transactional log backups from the previous backup). In this method, backup files of SQL server databases are copied and restored on the target. Using Azure Data Studio, we can automate the backup and restore process. All we must do is manually place the backup files into a shared network folder or Azure storage container so that the tool recognizes the backups and restores them automatically.

Post Migration:

Upon completion of modernization, all objects impacted by the modernization should be resolved for optimal performance. DMA provides information regarding all impacted objects and offers recommendations on how to address them.

Your Next Steps:

If you like what you’ve read so far, let’s move forward together with confidence. We’re here to help at every step. Contact SNP’s migration experts here

 

 

Legacy Application Modernization with Microsoft Azure

In today’s fast-paced digital landscape, businesses face constant pressure to innovate and stay competitive. Legacy applications, while valuable, often hinder this progress due to their outdated infrastructure and high maintenance costs. However, there’s a solution that allows businesses of all sizes to revitalize their legacy applications while reducing IT\SDLC expenses with – Microsoft Azure Cloud.

Microsoft Azure, a robust cloud platform, offers a pathway to migrate and modernize legacy applications effectively. In this blog, we’ll explore three common scenarios in which you can leverage Azure to breathe new life into your aging applications.

Three Key Scenarios for Transforming your Outdated Systems:

Scenario 1: Cloud Infrastructure-based Applications (Lift & Shift)

In this scenario, enterprises migrate their existing on-premises applications to Microsoft Azure’s Infrastructure as a Service (IaaS) platform. The core components of the applications remain unchanged, but they find a new home on virtual machines (VMs) in the cloud. This approach, often referred to as “Lift & Shift,” is the ideal choice for businesses looking for a quick migration strategy [Migrate First Modernize Later].

Benefits:

  • Speedy migration with minimal disruptions.
  • Reduced infrastructure management overhead.
  • A stepping stone for future modernization efforts.

Scenario 2: Cloud Optimized Applications

Enterprises can achieve additional benefits without undergoing a significant code overhaul. Azure enables applications to leverage modern cloud technologies such as containers or other cloud-managed services like database as service, App Services etc. These containers can be deployed on either App Service for containers or Kubernetes. There by further optimize the applications with better monitoring integrations, cache as a service, and continuous integration/continuous deployment (CI/CD) pipelines.

Benefits:

  • Enhanced scalability and agility.
  • Integration with managed cloud services.
  • Reduced complexity and improved performance.

Scenario 3: Cloud-Native Applications

Driven by evolving business needs, this scenario targets the modernization of mission-critical applications. Here, Azure’s Platform as a Service (PaaS) offerings come into play, facilitating the migration of applications to cloud-native platforms. This approach often involves developing new code, especially when transitioning to cloud-native or microservice-based models.

Benefits:

  • Harness the full potential of cloud-native capabilities.
  • Achieve unparalleled scalability and agility.
  • Streamline development and deployment processes.

Key Business Benefits of Azure Migration:

1. Platform Benefits:

Microsoft Azure provides a comprehensive cloud stack, covering frontend, backend, data, intelligence, Ops, SecOps, and DevOps. It offers a powerful and flexible foundation for both existing and new applications.

2. Security:

Azure prioritizes security with built-in services and intelligent threat management. It ensures the safety of your workloads and data.

3. Fully Managed:

Azure’s built-in auto-scaling, CI/CD, load balancing, and failover capabilities eliminate the need for complex configurations, saving time and resources.

4. Superior Tooling:

Azure offers advanced monitoring, telemetry, and debugging tools, along with seamless integration with popular development platforms like Visual Studio, GitHub, BitBucket, and Azure DevOps.

5. Familiarity:

For businesses using ASP.NET apps, Azure is enterprise-ready and supports your existing knowledge and skills, making the transition smoother.

Conclusion:

Modernizing legacy applications is not just about staying up-to-date; it’s about unlocking new possibilities, reducing costs, and ensuring long-term sustainability. Microsoft Azure’s robust features and flexible migration options empower businesses to transform their legacy systems into agile, high-performance assets that drive innovation and competitiveness in today’s digital landscape.

Are you looking to modernize yours for applications? Our team can help transform your applications to become more agile and efficient. Contact us.

APP MODERNIZATION
APP MODERNIZATION

Azure Arc enabled Kubernetes for Hybrid Cloud Management — Manage Everything and Anywhere

Azure Arc-enabled Kubernetes extends Azure’s management capabilities to Kubernetes clusters running anywhere, whether in public clouds or on-premises data centers. This integration allows customers to leverage Azure features such as Azure Policy, GitOps, Azure Monitor, Microsoft Defender, Azure RBAC, and Azure Machine Learning.

Key features of Azure Arc-enabled Kubernetes include:

  1. Centralized Management: Attach and configure Kubernetes clusters from diverse environments in Azure, facilitating a unified management experience.
  2. Governance and Configuration: Apply governance policies and configurations across all clusters to ensure compliance and consistency.
  3. Integrated DevOps: Streamline DevOps practices with integrated tools that enhance collaboration and deployment efficiency.
  4. Inventory and Organization: Organize clusters through inventory, grouping, and tagging for better visibility and management.
  5. Modern Application Deployment: Enable the deployment of modern applications at scale across any environment.

In this blog, we will follow a step by step approach and learn how to:

1. Connect Kubernetes clusters running outside of Azure

2. GitOps – to define applications and cluster configuration in source control

3. Azure Policy for Kubernetes

4. Azure Monitor for containers

 

1. Connect Kubernetes clusters

Prerequisites

  • Azure account with an active subscription.
  • Identity – User or service principal
  • Latest Azure CLI
  • Extensions – connectedk8s and k8sconfiguration
  • An up-and-running Kubernetes cluster
  • Resource providers – Microsoft.Kubernetes, Microsoft.KubernetesConfiguration, Microsoft.ExtendedLocation

Create a Resource Group

Create a Resource Group using below command in Azure portal choose your desired location. Azure Arc for Kubernetes supports most of the azure regions. Use this page Azure products by region to know the supported regions.

* az group create –name AzureArcRes -l EastUS -o table

For example: az group create –name AzureArcK8sTest –location EastUS –output table

Connect to the cluster with admin access and attach it with Azure Arc

We use az connectedk8s connect cli extension to attach our Kubernetes clusters to Azure Arc.

This command verify the connectivity to our Kubernetes clusters via kube-config (“~/.kube/config”) file and deploy Azure Arc agents to the cluster into the “azure-arc” namespace and installs Helm v3 to the .azure folder.

For this demonstration we connect and attach AWS – Elastic Kubernetes service and Google cloud – Kubernetes engine. Below, we step through the commands used to connect and attach to each cluster.

 

AWS – EKS

* aws eks –region <Region> update-kubeconfig –name <ClusterName>

* kubectl get nodes

AWS – EKS 2

* az connectedk8s connect –name <ClusterName> –resource-group AzureArcRes

az connectedk8s connect

GCLOUD- GKE

GCloud – GKE

* gcloud container clusters get-credentials <ClusterName> –zone <ZONE> –project <ProjectID>

* kubectl get no

* az connectedk8s connect –name <ClusterName> –resource-group AzureArcRes

az connectedk8s connect

Verify Connected Clusters

* az connectedk8s list -g AzureArcRes -o table

Verify Connected Clusters

Azure Arc

 

2. Using GitOps to define applications & clusters

We use the connected GKE cluster for our example to deploy a simple application.

Create a configuration to deploy an application to kubernetes cluster.
We use “k8sconfiguration” extension to link our connected cluster to an example git repository provided by SNP.

* export KUBECONFIG=~/.kube/gke-config

* az k8sconfiguration create \

–name app-config \

–cluster-name <ClusterName> –resource-group <YOUR_RG_NAME>\

–operator-instance-name app-config –operator-namespace cluster-config \

–repository-url https://github.com/gousiya573-snp/SourceCode/tree/master/Application \

–scope cluster –cluster-type connectedClusters

Check to see that the namespaces, deployments, and resources have been created:

* kubectl get ns –show-labels

We can see that cluster-config namespace have been created.

Azure Arc enabled Kubernetes

* kubectl get po,svc

The flux operator has been deployed to cluster-config namespace, as directed by our sourceControlConfig and application deployed successfully, we can see the pods are Running and Service LoadBalancer IP also created.

Azure Arc enabled Kubernetes

Access the EXTERNAL-IP to see the output page:

Azure Arc enabled Kubernetes

Please Note:

Supported repository-url Parameters for Public & Private repos:

* Public GitHub Repo   –  http://github.com/username/repo  (or) git://github.com/username/repo

* Private GitHub Repo –  https://github.com/username/repo (or) git@github.com:username/repo

* For the Private Repos – flux generates a SSH key and logs the public key as shown below:

Azure Arc enabled Kubernetes

For this demonstration we connect and attach AWS – Elastic Kubernetes service and Google cloud – Kubernetes engine. Below, we step through the commands used to connect and attach to each cluster.

3. Azure Policy for Kubernetes

Use Azure Policy to enforce that each Microsoft.Kubernetes/connectedclusters resource or Git-Ops enabled Microsoft.ContainerService/managedClusters resource has specific Microsoft.KubernetesConfiguration/sourceControlConfigurations applied on it.

Assign Policy:

To create the policy navigate to Azure portal and Policy, in the Authoring section select the Definitions.
Click on Initiative definition to create the policy and search for gitops in the Available Definitions, click on Deploy GitOps to Kubernetes clusters policy to add.
Select the subscription in the Definition locations, Give the Policy assignment Name and Description.

Choose the Kubernetes in the existing Category list and scroll-down to fill the Configuration related details of an application.

Azure Arc

Select the policy definition and click on Assign option above and set the scope for the assignment. Scope can be Azure resource group level or subscription and complete the other basics steps – Assignment name, Exclusions, remediation etc.

Click on parameters and provide name for the Configuration resourceOperator instanceOperator namespace and set the Operator scope to cluster level or namespace, Operator type is Flux and provide your application github repo url (public or private) in the Repository Url field. Now, additionally pass the Operator parameters such as “–git-branch=master –git-path=manifests –git-user=your-username –git-readonly=false” finally click on Save option and see the policy with the given name is created in the Assignments.

Once the assignment is created the Policy engine will identify all connectedCluster or managedCluster resources that are located within the scope and will apply the sourceControlConfiguration on them.

Azure Arc

–git-readonly=false enables the CI/CD for the repo and creates the Auto releases for the commits.

 

Azure Arc enabled Kubernetes

 

Verify a Policy Assignment

Go to Azure portal and click on connected Cluster resources to check the Compliant Status, Compliant: config-agent was able to successfully configure the cluster and deploy flux without error.

Azure Arc enabled Kubernetes

We can see the policy assignment that we created above, and the Compliance state should be Compliant.

Azure Arc

4. Azure Monitor for Containers

It provides rich monitoring experience for the Azure Kubernetes Service (AKS) and AKS Engine clusters. This can be enabled for one or more existing deployments of Arc enabled Kubernetes clusters using az cli, azure portal and resource manager.

Create Azure Log Analytics workspace or use an existing one to configure the insights and logs. Use below command to install the extension and configure it to report to the log analytics workspace.

*az k8s-extension create –name azuremonitor-containers –cluster-name <cluster-name> –resource-group <resource-group> –cluster-type connectedClusters –extension-type Microsoft.AzureMonitor.Containers –configuration-settings logAnalyticsWorkspaceResourceID=<armResourceIdOfExistingWorkspace

It takes about 10 to 15 minutes to get the health metrics, logs, and insights for the cluster. You can check the status of extension in the Azure portal or through CLI. Extension status should show as “Installed”.

Azure Arc enabled Kubernetes

Azure Arc enabled Kubernetes

We can also scrape and analyze Prometheus metrics from our cluster.

Clean Up Resources

To delete an extension:

* az k8s-extension delete –name azuremonitor-containers –cluster-type connectedClusters –cluster-name <cluster-name> –resource-group <resource-group-name>

To delete a configuration:

*az k8sconfiguration delete –name ‘<config name>‘ -g ‘<resource group name>‘ –cluster-name ‘<cluster name>‘ –cluster-type connectedClusters

To disconnect a connected cluster:

* az connectedk8s delete –name <cluster-name> –resource-group <resource-group-name>

 

Conclusion:

This blog provides an overview of Azure Arc-enabled Kubernetes, highlighting how SNP assists its customers in setting up Kubernetes clusters with Azure Arc for scalable deployment. It emphasizes the benefits of Azure Arc in managing Kubernetes environments effectively.

SNP offers subscription services to accelerate your Kubernetes journey, enabling the installation of production-grade Kubernetes both on-premises and in Microsoft Azure. For more information or to get assistance from SNP specialists, you can reach out through the provided contact options. Contact SNP specialists here.

Open Source Tools for Automation & Configuration Management

DevOps represents a change in IT culture, focusing on rapid IT service delivery through the adoption of agile, lean practices in the context of a development & operations-oriented approach. DevOps emphasizes people, tools and culture while seeking to improve collaboration between operations and development teams.

With all the hype surrounding DevOps, understanding the lingo associated with this technology can be a challenge. Here’s a list of common terms—and definitions—to help you understand DevOps better:

SNP’s DevOps Platforms:

Chef

A configuration management tool and an automation platform for DevOps that revamps infrastructure into simple code. A Chef helps bring all inventory to central place, further automate configuration, deployment, and scaling of servers and applications, regardless of whether the server or application is in the cloud, on-site, or in a hybrid environment. Chef runs in two modes: Client/Server and standalone configuration, and it’s written in the Ruby programming language.

Puppet

An open-source IT automation software that aids management of an infrastructure throughout its lifecycle, from provisioning and configuration to orchestration and reporting. Puppet enables automation, deployment, and scaling of applications in the cloud and on-site, and it follows the Client/Server computing model. It is written in Ruby [programming language].

Salt

A configuration management application that handles remote execution of applications. Its purpose is to provide central system management. Salt provides a dynamic communication bus for infrastructures that can be used for orchestration, remote execution, and configuration management. It’s written in Python.

LXC 

A Linux Container (LXC) is an operating system–level virtualization method that allows multiple isolated Linux systems to run as a single host and function as a controller. Virtualization is not provided through virtual machines, but through a virtual environment with a process set and network space. Each isolated system has its own directory structure, network devices, IP addresses, and process table. LXE is fully written in user space and supports bindings in programming languages written in C, Python, Shell, and Lua.

Docker

An application deployment automation tool that resides inside software containers. It helps package an application and its dependencies as a virtual container. Docker is written in Go programming language.

Jenkins

An open-source continuous integration server featuring numerous plugins that support project building and testing. Jenkins monitors a version control system by maintaining a build system, monitoring it for changes, and providing appropriate change notifications. It is written in Java.

Kubernetes

Kubernetes, which is also referred to as K8s, is an open-source platform for automating the deployments, scaling, and management of the container applications. K8s gives freedom of running the opensource platform anywhere, i.e., on-premises, public cloud, private cloud infrastructure, letting you effortlessly shuffle the workloads anywhere based on the business\technical needs.

For more on how DevOps can enable your operations and development teams to collaborate more effectively, Contact SNP Technologies here.

Accelerate Innovation Across Hybrid & Multicloud Environments with Azure Arc

With the growing trend of multicloud and edge computing, organizations are increasingly finding themselves managing a diverse array of applications, data centers, and hosting environments. This heterogeneity presents significant challenges in managing, governing, and securing IT resources. To address these complexities, organizations need a robust solution that enables them to centrally inventory, organize, and enforce control policies across their entire IT estate, regardless of location.

SNP leverages Azure Arc and a hybrid approach to empower its customers to effectively manage resources deployed in both Azure and on-premises environments through a unified control plane. With Azure Arc, organizations can simplify their infrastructure management, making it easier to accelerate migration decisions driven by policies while ensuring compliance with regulatory requirements.

Microsoft Azure enables management of a variety of services deployed externally, including:

  • Windows and Linux servers: These can run on bare metal, virtual machines (VMs), or public cloud IaaS environments.
  • Kubernetes clusters: Organizations can manage their containerized applications seamlessly across different environments.
  • Data services: Azure Arc supports data services based on SQL Azure and PostgreSQL Hyperscale, allowing for consistent data management practices.
  • Microservices applications: Applications packaged and deployed as microservices running on Kubernetes can be easily monitored and managed through Azure Arc.

 

Hybrid Unified Management & How it Benefits your Business

Azure Arc involves deploying an agent on servers or on Kubernetes clusters for resources to be projected on the Azure Resource Manager. Once the initial connectivity is done, Arc extends governance controls such as Azure Policy and Azure role based access controls across a hybrid infrastructure. With Azure governance controls, we can have consistency across environments which helps enhance productivity and mitigate risks.

Some key benefits of Azure Arc include:

  • Azure Arc enabled solutions can easily expand into a Hybrid-cloud architecture as they are designed to run virtually anywhere.
  • Azure Arc data includes technical and descriptive details, along with compliance and security policies.
  • Enterprises can use Azure security center to ensure compliance of all resources registered with Azure Arc irrespective of where they are deployed. They can quickly patch the operating systems running in VMs as soon as  vulnerability is found. Policies can be defined once and automatically applied to all the resources across Azure, data center and even VMs running in other cloud platforms.
  • All the resources registered with Azure Arc send the logs to the central, cloud based Azure monitor. This is a comprehensive approach in deriving insights for highly distributed and disparate infrastructure environments.
  • Leveraging Azure Automation, mundane to advanced maintenance operations services across the public, hybrid or multi-cloud environments can be performed effortlessly.

 

Azure services for support management and governance of other cloud platforms. includes:

  • Azure Active Directory
  • Azure Monitor
  • Azure Policy
  • Azure Log Analytics
  • Azure Security Center/Defender
  • Azure Sentinel

 

Unified Kubernetes Management

With AKS and Kubernetes, Azure Arc provides the ability to deploy and configure Kubernetes applications in a consistent manner across all environments, adopting modern DevOps techniques. This offers:

Flexibility

  • Container platform of your choice with out-of-the-box support for most Cloud native applications.
  • Used across Dev, Test and Production Kubernetes clusters in your environment.

Management

  • Inventory, organise and tag Kubernetes clusters.
  • Deploy apps and configuration as code using GitOps.
  • Monitor and Manage at scale with policy-based deployment.

Governance and security

  • Built in Kubernetes Gatekeeper policies.
  • Apply consistent security configuration at scale.
  • Consistent cluster extensions for Monitor, Policy, Security, and other agents

Role-based access control

  • Central IT based at-scale operations.
  • Management by workload owner based on access privileges.

Leveraging GitOps

  • Azure Arc also lets us organize, view, and configure all clusters in Azure (like Azure Arc enabled servers) uniformly, with GitOps (Zero touch configuration).
  • In GitOps, the configurations are declared and stored in a Git-repo and Arc agents running on the cluster continuously monitor this repo for updates or changes and automatically pulls down these changes to the cluster.
  • We can use cloud native tools practices and GitOps configuration and app deployment to one or more clusters at scale.

 

Azure Arc Enabled Data Services

Azure Arc makes it possible to run Azure data services on-premises, at the edge, and 3rd party clouds using Kubernetes on hardware of our choice. 

Arc can bring cloud elasticity on-premises so you can optimize performance of your data workloads with the ability to dynamically scale, without application downtime. By connecting to Azure, one can see all data services running on-premises alongside those running in Azure through a single pane of glass, using familiar tools like Azure Portal, Azure Data Studio and Azure CLI.

Azure Arc enabled data services can run Azure PostgreSQL or SQL managed instance in any supported Kubernetes environment in AWS or GCP, just the way it would run it in an on-prem environment.

With the of Azure Arc, organizations can reach, for hybrid architectures, the following overall business objectives:

  • Standardization of operations and procedures
  • Organization of resources
  • Regulatory Compliance and Security
  • Cost Management
  • Business Continuity and Disaster Management

 

For more on how you can revolutionize the management and development of your hybrid environments with Azure Arc,

10 Advantages of Microsoft Power BI

Microsoft Power BI (business intelligence) is a powerful analytics tool that helps companies of all sizes analyze data and share insights. With this technology, enterprises can monitor their business more closely and get instant answers with rich dashboards available for every device.

Power BI is broken down into multiple tools:

  • Power Query to extract and transform.
  • Power Pivot to model and analyze.
  • Power View and Map to visualize data.

Key features and benefits of Microsoft Power BI include:

  • The Q&A function. Sometimes the fastest way to get an answer from your data is to ask a question using natural language, and that’s exactly what Q&A allows users to do, making this feature a top cited benefit in achieving self-service business intelligence.
  • Dashboards, reports, and datasets are at the heart of Power BI. Users can create personalized dashboards, which combine on-premises and cloud-born data in a single view, allowing them to monitor their most important data enterprise wide and from all their business apps.
  • The ability to easily embed BI and analytics in the app to deliver interactive reports and geo-map visualizations empowered by Bing maps.
  • With SQL Server analysis services on-premises and Azure analysis services in the cloud, users can build robust, reusable data models, enabling consistent reporting and analyses.
  • Power BI is available in three separate national cloud data centers, each offering the same level of security, privacy, compliance, and transparency as the global version of Power BI.
  • The ability to connect to nearly any application or data source (literally hundreds of options), no matter whether those resources live in the cloud or on-premises. A few examples include Excel spreadsheets, GitHub, Mail Chimp, SharePoint, and Google Analytics.
  • Very little engineering resources are needed to use Power BI. In fact, some instances don’t require any engineering at all. Managers simply need to create an API key and plug it into the software. If your organization already uses Microsoft systems (such as Office 365), using Power BI will feel natural as it integrates easily with Office 365 Groups and Microsoft Teams.
  • Power BI is simple to use. Even basic users will find it to have a short learning curve.
  • Fast turnarounds and low costs. By analyzing the most recent data, businesses can make informed decisions regarding which markets are growing and which ones are underperforming. Plus, the business retains ownership of the data always and can perform the analysis internally to save money.
  • Constant innovation. The Power BI product is updated nearly every month with new features and functions.

Are you ready to get started on the Power BI Suite? Contact the SNP team here.

Why you should consider moving your applications to Microsoft Azure

Migrating applications to Microsoft Azure offers a range of benefits that can enhance performance, scalability, and overall efficiency. Here are several compelling reasons to consider making the move:

1. Scalability and Flexibility

  • On-Demand Resources: Azure allows you to scale your applications up or down based on demand. This flexibility ensures you only pay for what you use, making it easier to handle traffic spikes without overprovisioning.

2. Global Reach

  • Multiple Data Centers: Azure has a vast network of data centers around the world, enabling you to deploy applications closer to your users. This reduces latency and improves the overall user experience.

3. Enhanced Security

  • Robust Security Features: Azure provides a comprehensive set of security tools and features, including encryption, identity management, and threat detection. Microsoft’s security expertise helps safeguard your applications and data.

4. Integration with Existing Tools

  • Seamless Integration: Azure integrates well with Microsoft products and services, such as Office 365, Dynamics 365, and Power BI. This compatibility enhances productivity and streamlines workflows.

5. Cost Management

  • Flexible Pricing Models: Azure offers various pricing options, including pay-as-you-go and reserved instances, allowing you to choose a model that fits your budget. This helps manage costs while ensuring access to powerful computing resources.

6. Support for Multiple Programming Languages and Frameworks

  • Diverse Development Environment: Azure supports a wide range of programming languages, frameworks, and platforms, making it suitable for various development needs. This allows developers to use the tools they’re most comfortable with.

7. Advanced Analytics and AI Capabilities

  • Built-In Analytics Tools: Azure provides access to powerful analytics and artificial intelligence services, enabling you to gain insights from your data and build intelligent applications without extensive infrastructure.

8. Reliable Backup and Disaster Recovery

  • High Availability: Azure offers built-in backup and disaster recovery solutions to ensure business continuity. This reduces the risk of data loss and downtime, providing peace of mind for critical applications.

9. DevOps and Continuous Integration/Continuous Deployment (CI/CD)

  • Streamlined Development Process: Azure supports DevOps practices with tools for automated testing, continuous integration, and deployment. This accelerates the development cycle and improves collaboration between development and operations teams.

10. Sustainability and Compliance

  • Environmentally Friendly: Microsoft is committed to sustainability, with initiatives to reduce carbon emissions and operate data centers using renewable energy. Azure also complies with various regulatory standards, ensuring your applications meet necessary legal requirements.

Conclusion

Migrating your applications to Microsoft Azure can unlock significant benefits, from enhanced scalability and security to advanced analytics and cost management. By leveraging Azure’s comprehensive cloud capabilities, your organization can become more agile, improve operational efficiency, and focus on innovation while Microsoft manages the underlying infrastructure. As the cloud landscape continues to evolve, moving to Azure can position your business for long-term success.

For more information on Microsoft Azure, Contact SNP Technologies here.