Contact Us

Author: snp

Secure your Azure Applications with Web Application Firewall Using Azure Front Door

Posted on by snp

Azure Web Application Firewall (WAF) on Azure Front Door provides centralized protection for your web applications. WAF defends your web services against common exploits and vulnerabilities. It keeps your service highly available for your users and helps you meet compliance requirements.

In this blog, we will highlight two use case scenarios for Azure Front Door to secure any backend such as APIs, Web Apps, Azure functions, OR Logic Apps.

1. Azure Front Door with VNET

Securing a backend with Virtual Network needs a premium tier subscription hence It is more expensive in terms of cost and, Azure front Door needs an Azure Application Gateway behind the Azure Front Door since it needs a public endpoint.

2. Azure Front Door without VNET Integration

The alternative to the first case is that securing backend is without need of a VNET integration for customers who do not want to go with Azure premium subscription, this way there is cost benefit. This blog covers the second scenario where there is no need to go for VNET integration which requires premium tier.

Process of securing API backends

Resources needed:

1. Azure Front Door: Azure Front Door is a global, scalable entry-point that uses the Microsoft global edge network to create fast, secure, and widely scalable web applications. With Front Door, you can transform your global consumer and enterprise applications into robust, high-performing personalized modern applications with contents that reach a global audience through Azure. Front Door works at Layer 7 (HTTP/HTTPS layer) using any cast protocol with split TCP and Microsoft’s global network to improve global connectivity. Based on your routing method you can ensure that Front Door will route your client requests to the fastest and most available application backend. An application backend is any Internet-facing service hosted inside or outside of Azure. Front Door provides a range of traffic routing methods and backend health monitoring options to suit different application needs and automatic failover scenarios. Similar to Traffic Manager, Front Door is resilient to failures, including failures to an entire Azure region.

2. WAF with Azure Front Door: Azure Web Application Firewall (WAF) on Azure Front Door provides centralized protection for your web applications. WAF defends your web services against common exploits and vulnerabilities. It keeps your service highly available for your users and helps you meet compliance requirements. WAF on Front Door is a global and centralized solution. It’s deployed on Azure network edge locations around the globe. WAF enabled web applications inspect every incoming request delivered by Front Door at the network edge. WAF prevents malicious attacks close to the attack sources, before they enter your virtual network. You get global protection at scale without sacrificing performance. A WAF policy easily links to any Front Door profile in your subscription. New rules can be deployed within minutes, so you can respond quickly to changing threat patterns.

3. Azure API Management: API Management (APIM) is a way to create consistent and modern API gateways for existing back-end services. API Management helps organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services. Businesses everywhere are looking to extend their operations as a digital platform, creating new channels, finding new customers and driving deeper engagement with existing ones. API Management provides the core competencies to ensure a successful API program through developer engagement, business insights, analytics, security, and protection. You can use Azure API Management to take any backend and launch a full-fledged API program based on it.

4. Azure APP Gateway (Optional): Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer (OSI layer 4 – TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port. Application Gateway can make routing decisions based on additional attributes of an HTTP request, for example URI path or host headers. For example, you can route traffic based on the incoming URL. So if /images is in the incoming URL, you can route traffic to a specific set of servers (known as a pool) configured for images. If /video is in the URL, that traffic is routed to another pool that’s optimized for videos.It is not necessary to have an Azure App Gateway behind Azure Front Door when the backend is not deployed in VNET, otherwise, you must have an App Gateway behind the Front Door when your backend resources are deployed within a Virtual Network. 

Key scenarios why one should use Application Gateway behind Front Door:

  • Front Door can perform path-based load balancing only at the global level but if one wants to load balance traffic even further within their virtual network (VNET) then they should use Application Gateway.
  • Since Front Door doesn’t work at a VM/container level, so it cannot do Connection Draining. However, Application Gateway allows you to do Connection Draining.
  • With an Application Gateway behind Front Door, one can achieve 100% TLS/SSL offload and route only HTTP requests within their virtual network (VNET).
  • Front Door and Application Gateway both support session affinity. While Front Door can direct subsequent traffic from a user session to the same cluster or backend in a given region, Application Gateway can direct affinitize the traffic to the same server within the cluster.

Creating and Configuring Azure resources

1. Azure Front Door

a) Create an Azure Front Door resource

b) Configure Front Door to application backend to any internet-facing service hosted inside or outside of Azure

c)  Front Door provides different routing, backend health monitoring options and automatic failover scenarios

Key Features of Front Door
  • Accelerated application performance
  • Enable fast failover at the edge with active path monitoring
  • Intelligent health monitoring for backend resources
  • URL/path based routing for requests
  • Enables hosting of multiple websites
  • Session affinity
  • SSL offloading
  • Define custom domain
  • WAF at the Edge
Add Custom Domain to Front Door
  • Create a CNAME DNS record
  • Map the temporary subdomain
  • Associate the custom domain with Front Door
  • Verify the Custom Domain
  • Map the permanent Custom Domain
Setup Geo filtering policies
  • Define Geo filtering match condition
  • Add geo-filtering match condition to a rule with Action and Priority
  • Add rules to policy
  • Link WAF policy to a Front Door frontend host

2. WAF with Azure Front Door

  • Create a Front Door.
  • Create an Azure WAF policy.
  • Configure rule sets for a WAF policy.
  • Associate a WAF policy with Front Door.
  • Configure a custom domain for web application
Key Features of WAF
  • IP Restrictions
  • Managed rules
  • Custom rules
  • Rate Limiting
  • Geo blocking
  • Redirect Action

Azure Web Application Firewall on Azure Front Door

Azure Web Application Firewall on Azure Front Door

Azure Web Application Firewall on Azure Front Door

Configure Azure Front Door with Azure WAF
  • As an acceleration, caching, and security layer in front of your web app.
  • Create an Azure Front Door resource
  • Create an Azure WAF profile to use with Azure Front Door resource
Add Managed rule sets to the WAF Policy

Managed rule sets are built and managed by Microsoft that helps protect you against a class of threats- Default rule set or Bot protection rule set.

Associate a WAF policy with the Azure Front Door resource
  • Configure the custom domain for your web application
  • After Azure Front Door and WAF is added to Front-end application, the DNS entry that corresponds to that custom domain should point to the Azure Front Door resource
Lock down your web application
  • Microsoft recommend you ensure only Azure Front Door edges can communicate with your web application.
  • This will ensure no one can bypass the Azure Front Door protection and access your application directly.

3) API Management

API Management (APIM) is a way to create consistent and modern API gateways for existing back-end services. API Management helps organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services. Businesses everywhere are looking to extend their operations as a digital platform, creating new channels, finding new customers and driving deeper engagement with existing ones. API Management provides the core competencies to ensure a successful API program through developer engagement, business insights, analytics, security, and protection. You can use Azure API Management to take any backend and launch a full-fledged API program based on it.

APIM Deployment Models:
  • APIM should not be deployed to Virtual Network
  • In case if APIM is deployed into Virtual Network then it should be deployed into External access mod
  • In both the cases API Management is accessible from a public internet
  • If you deploy APIM into Virtual Network with internal access type (APIM is accessible only within the VNET) then you need to additionally provision Azure Application Gateway in-front of APIM and use that as a backend endpoint in Azure Front Door
API Management Access Restriction Policies

To lock down your application to accept traffic only from your specific Front Door, you will need to set up IP ACLs for your backend and then restrict the traffic on your backend to the specific value of the header ‘X-Azure-FDID’ sent by Front Door.

  • Basically, for each requests sent to the backend, Front Door includes Front Door ID inside X-Azure-FDID header.
  • If you want your APIM instance to only accept requests from Front Door, you can use the check-header policy to enforce that a request has a X-Azure-FDID header
  • These policies can be applied at Global level for all APIs or at individual API level or at Products level

Azure Web Application Firewall on Azure Front Door

Importing APIs to APIM

Azure functions, App Service API apps, Open API specification APIs and Logic apps can be imported to Azure API management and will be exposed to external consumers or client apps. These APIs can be grouped together into Products and policies can be applied at Individual API/Function or at the Product level.

Importing an Azure function to APIM

Azure Web Application Firewall on Azure Front Door

Test Results with Azure Front Door

1. API Management without Azure Front Door

In the first case where we have the Azure function exposed using APIM and there is no specific Azure Front Door included in the inbound policy section which means anyone can call your API from outside and which means it is not very secure in nature. From the below screenshot, it shows that no inbound policy to check for specific Front Door ID

Azure Web Application Firewall on Azure Front Door

The below screenshot show that, when there is no check for Azure Front Door ID in the inbound policy, we are able to make API call without any issues from Postman (200 OK).

Azure Web Application Firewall on Azure Front Door2 .API Management is secured with Azure Front Door

In this case the APIM APIs are secured by placing an Azure Front Door and all traffic should go through Front Door, we have configured this by using an inbound policy where we are allowing traffic via a specific Front Door ID that we created in this subscription.

Checking for a specific Front Door ID in APIM inbound policy section, by enabling “check-header” policy with Front Door ID.

Azure Web Application Firewall on Azure Front Door

403 Forbidden ERROR, when try to make a call with APIM API url which mean by passing Front Door

Azure Web Application Firewall on Azure Front Door200 OK, when calling via Front Door URI

Azure Web Application Firewall on Azure Front Door

Conclusion

Hence, it is recommended to use an Azure Front Door to secure your backend, whether it can be a Web App, Azure function, Logic Apps or an API. Also, we can configure the IP ranges to allow only the Azure Front Door IP ranges to be allowed to make any requests to API backend either using WAF at the Front Door or by configuring an IP restriction policy in APIM policy section.

For more on how you can leverage Azure Front Door for your business, contact SNP Technologies Inc. here.

 

SNP’s Hybrid Cloud Adoption Framework for Azure

Posted on by snp

SNP’s Hybrid Cloud Adoption Framework for Azure provides a structured approach to help organizations transition to a hybrid cloud model effectively. This framework is designed to streamline the adoption process, ensuring alignment with business goals while leveraging the capabilities of Azure. Here’s an overview of the framework’s key components:

Assessment and Strategy Development

  • Current State Analysis: Evaluate the existing IT landscape, including applications, infrastructure, and data. Identify workloads that are suitable for migration to the cloud.
  • Business Objectives Alignment: Understand the organization’s goals, such as cost savings, scalability, or improved agility, to align the cloud strategy with overall business objectives.

Design and Architecture

  • Hybrid Architecture Blueprint: Create a detailed architecture plan that incorporates both on-premises and Azure resources. Define how data and applications will interact across environments.
  • Best Practices: Implement Azure best practices for security, compliance, and performance to ensure a robust hybrid architecture.

Migration Planning

  • Workload Prioritization: Prioritize workloads for migration based on factors like complexity, business impact, and readiness.
  • Migration Pathways: Determine the migration approach—whether lift-and-shift, refactoring, or rearchitecting—and create a detailed migration plan.

Implementation and Deployment

  • Execution: Implement the migration plan, moving workloads and data to Azure as per the established timelines.
  • Automation: Leverage Azure tools for automating deployment and configuration, reducing manual effort and minimizing errors.

Integration and Optimization

  • Seamless Integration: Ensure that on-premises systems and Azure services are integrated smoothly for consistent data flow and application performance.
  • Performance Tuning: Continuously monitor and optimize workloads in Azure to ensure they perform efficiently and meet user expectations.

Governance and Compliance

  • Policy Framework: Establish governance policies to manage resources across hybrid environments, ensuring compliance with regulatory requirements.
  • Security Posture Management: Implement Azure Security Center and other tools to monitor security and compliance across the hybrid environment.

Monitoring and Support

  • Continuous Monitoring: Use Azure Monitor and Azure Application Insights to track performance and health of both on-premises and Azure resources.
  • Support Mechanisms: Set up support structures for ongoing management, maintenance, and troubleshooting of hybrid cloud environments.

Innovation and Evolution

  • Continuous Improvement: Foster a culture of continuous improvement by regularly reviewing and updating the hybrid cloud strategy to adapt to changing business needs.
  • Emerging Technologies: Stay informed about new Azure features and services that can enhance the hybrid cloud strategy, such as AI, machine learning, and advanced analytics.

Conclusion

SNP’s Hybrid Cloud Adoption Framework for Azure provides organizations with a comprehensive roadmap for successful hybrid cloud adoption. By focusing on assessment, design, migration, integration, governance, and continuous improvement, organizations can maximize the benefits of a hybrid cloud strategy, ensuring scalability, agility, and enhanced performance while aligning with their business objectives.

 

Step-by-Step Guide to Migrating Aderant Legal Software System to Azure

Posted on by snp

The legal or law industry has changed a great deal in recent years. Increasing client demands, globalization, and greater IT complexity have all affected firm profitability. The requirement to have a comprehensive, agile, and user-friendly financial and practice management system to manage operations and support key decision making has now moved beyond a functional need to a strategic requirement. Therefore, choosing the right system demands much more than comparing software functionality.

Often when law firms consider the idea of “moving to the cloud,” they think it is changing their existing software entirely, abandoning their current legal software and switching to a web-based application. But this is not required with Aderant. Law firms can keep their existing software and still get the benefits of the Cloud via a fully managed private cloud platform.

If you are not already familiar, Aderant is  a fantastic tool that assists law firms in handling their invoicing, payments received, managing their cases, and generating helpful financial reports to determine the fiscal health of the firm.

 

Getting Started with SNP Technologies Inc.

A well-planned, well-executed implementation minimizes disruption and avoids negative consequences. If you are like most law firms, your team has not implemented a new practice management system in many years. Selecting a partner with experience is important to your success. This is where we come in.

  • The SNP professional services teams have extensive experience of moving data, on-premises servers, applications, and other business elements used by law firms to the Cloud.
  • Our solution experts come with years of experience of  implementing practice management systems to Azure for many firms like yours.
  • Our services professionals have extensive knowledge and deep understanding of the challenges a law firm will face when they take on a system conversion.
  • SNP will guide you every step of the way and help you to stay on track, meet your business objectives, and get your system up and running on time and within budget.

 

In this blog, we will walk you through some of the challenges you may come across while migrating your Aderant system to the Cloud and how SNP can help you overcome them to achieve better and reliable performance while making optimal use of your resources.

Because Aderant is most often installed on physical servers located within a law office, all the components are connected via LAN, this directly impacts the network, storage connectivity mechanism and performance of the system causing bottlenecks while migrating to Azure.

 

A Better Way: Responsive, Knowledgeable Product Support Keeps your Firm Up & Running

The best way to move Aderant to the cloud is to leverage a fully managed private cloud platform from Azure. You get to avoid the hassle that often comes with not understanding how to install or manage all the components required. You get to just enjoy using Aderant from the cloud. A fully managed private cloud from Azure results in more uptime as well as knowing that you have a team of experts on your side to install and manage Aderant while providing you with the support you need. How we do it:

VIRTUAL MACHINE & DISK PERFORMANCE:

Key factors to consider while selecting the resource to host your Aderant system:

  • How the disk model and size you choose defines the Input Output (IO) cap
  • What generation of the virtual machine and size define the Input Output (IO) cap?
  • How the virtual machine and disk combination affects the total Input Output (IO) cap
  • How host caching feature affects the disk Input Output cap and how it improves overall Input Output cap of the virtual machine.

Azure virtual machines have input/output operations per second (IOPS) and throughput performance limits based on the virtual machine type and size. The disks have their own IOPS and throughput limits. Aderant’s efficient performance depends on size of the VM, type and size of disks which we select.

Here we cover several scenarios which are considered while moving to Azure:

Scenario 1: Aderant hosted on an on-premises data center

Scenario 2: How application performance gets capped due to disk input output capping

Aderant makes a query that need 25,000 IOPS. As it is a D16s_v3 and it has 25600 IOPS limit, IOPS requested by application are allowed. The 25,000 IOPS requests are broken down into four different requests. 8,000 IOPS are requested to each of 3 data disks and 1000 IOPS to OS disk. As shown in above diagram, OS disk is P15 with a limit of 1100 IOPS and as application requested 1000 IOPS, it responds to the request with 1000 IOPS. Data disk for temp DB is P40 with a limit of 7500 and as application requested 8000 IOPS, it responds with 7500 IOPS only. Data disk for Logs is P50 with a limit of 7500 and as application requested 8000 IOPS, it responds with 7500 IOPS only. Data disk with DB is P60 with a limit of 16000 and as application requested 8000 IOPS, it responds with 8000. The application’s performance is capped by the attached disks, and it can only process 24,000 IOPS.

  • VM Size – D16s_v3
  • OS Disk – P15 (256 GB with 1100 IOPS)
  • Data Disk for DB – P60 (8TB with 16000 IOPS)
  • Data disk for Logs ­– P50 (4TB with 7500 IOPS)
  • Data disk for TempDB – P40 (2TB with 7500 IOPS)

How application performance gets capped due to disk input output capping

Scenario 3: How application performance gets capped due to VM IO capping

Aderant makes a query that need 25,000 IOPS. As it is a D8s_v3 and it has 12800 IOPS limit, IOPS requested by application are capped at 12800. Though the attached disks combinedly can handle the IOPS requested by application, it does not perform due to VM IOPS limit.

  • VM Size – D8s_v3
  • OS Disk – P15 (256 GB with 1100 IOPS)
  • Data Disk for DB – P60 (8TB with 16000 IOPS)
  • Data disk for Logs ­– P60 (8TB with 16000 IOPS)
  • Data disk for TempDB – P60 (8TB with 16000 IOPS)

How application performance gets capped due to VM IO cappingBy looking at the above two examples, anyone can conclude that application performs better using the disk configurations in example 2 and using VM configuration in example 1. But how can you further refine these configurations to cut down cost as using D16s_v3 is 100% more expensive as compared to D8s_v3?

 

Scenario 4: Hosting the caching feature for disks to make the application work with D8s_v3

Aderant makes a query that need 25,000 IOPS. As host caching is enabled on the data disk for logs and the other data disk for temp DB, IOPS request is divided into two sets. As these both data disks are receiving 16000 IOPS requests from application and as host caching is enabled on these disks, they can serve the 16000 IOPS which are not counted into 12800 uncached limit of VM.

Azure VMs enabled with host caching has two different IOPS limits. Cached IOPS limit and Uncached IOPS limit. D8s_v3 has max cached limit of 16000 IOPS and uncached limit of 12800.

  • VM Size – D8s_v3
  • OS Disk – P15 (256 GB with 1100 IOPS)
  • Data Disk for DB – P60 (8TB with 16000 IOPS)
  • Data disk for Logs ­– P60 (8TB with 16000 IOPS)
  •  Data disk for TempDB – P60 (8TB with 16000 IOPS)

Hosting the caching feature for disks to make the application work with D8s_v3.

APPLICATION & SERVER LOAD BALANCING FOR ADERANT

You may be using 3rd party load balancers like Kent, F5 or NetScaler to facilitate load balancing for Aderant application servers. You may also be considering whether you need to have the same appliance deployed in Azure which will be easy for your administrators to manage or replacing it with Azure native load balancer. Majority of these load balancers mask the client IP with load balancer IP and presents it as the source to the application servers. Due to this you may not face an issue while opting persistence, but can you do same with Azure load balancer?

Yes. It is possible. You can use Azure standard load balancer with session persistence enabled for client IP and it works great with Aderant app servers.

 

TESTING

Planning and creating a testing strategy for such a performance sensitive application is key to successful migration. Testing with limited load and limited users will give an idea about application functionality but it does not give you a choice to test the application reaction for usual heavy load created on daily basis. Identify the test cases for various Aderant expert modules, run the test cases in production environment, make a note of time, execute the same test cases in test environment and performing a comparison will give insights on the performance of the system. By performing similar activity as above by on boarding few users to test environment and asking them to perform their regular activities will give you the information and data you need to fine tune the infrastructure to be production ready.

 

CONCLUSION: MODERN TECHNOLOGY + NON-DISRUPTIVE MIGRATIONS + GOOD CUSTOMER EXPERIENCE = SUCCESS

SNP’s dedicated professional services and support teams come with years of experience to help you implement practice management systems that can easily be configured to meet your exact business requirements with ongoing support you need to maintain peak operations.

SNP is a partner you can trust to ensure that your financial and practice management system provides the functionality you need to run your firm and support your strategic goals for years to come. The operational benefits that our clients gain include:

  • Access to cutting-edge functionality with Azure.
  • Reduced integration issues.
  • Extremely responsive and knowledgeable client support.
  • The ability to participate in new product development.
  • Eliminating the hassle of working with multiple vendors.
  • Faster deployment and higher user adoption rates.
  • Lower total cost of ownership.

 

These benefits then lead directly to the things that really impact your success:
  • Responding to client requests (new pricing models, billing information, matter status, etc.) faster.
  • Getting actionable performance management data to accurately track performance and enable smart decision making.
  • A stronger infrastructure that enables you to better leverage new opportunities for the success of both your partners and your staff.

 

If you are considering a new practice and financial management system or your law firm already uses Aderant as a practice management tool and you’d like to learn more about hosting it from Azure, contact SNP on sales@snp.com .We would love to help you explore how Azure cloud can benefit your law firm!

Big Data and the Cloud

Posted on by snp

Big Data and the cloud have a synergistic relationship that enables organizations to harness vast amounts of data efficiently and effectively. Here’s an overview of how cloud computing supports big data initiatives and the benefits of integrating the two:

Understanding Big Data

Big Data refers to the large volumes of structured, semi-structured, and unstructured data that inundate businesses daily. The characteristics of big data are often summarized by the “Three Vs”:

  • Volume: The sheer amount of data generated and stored.
  • Velocity: The speed at which data is created, processed, and analyzed.
  • Variety: The different types of data (text, images, videos, etc.) coming from various sources.

The Role of Cloud Computing in Big Data

  1. Scalability
    • Elastic Resources: Cloud platforms allow organizations to scale their resources up or down based on data processing needs, ensuring they can handle large datasets without investing in physical infrastructure.
  2. Cost Efficiency
    • Pay-as-You-Go Model: Organizations can pay only for the resources they use, reducing costs associated with maintaining on-premises hardware and software.
  3. Data Storage and Management
    • Cloud Storage Solutions: Services like Amazon S3, Google Cloud Storage, and Azure Blob Storage provide scalable storage options for storing vast amounts of data reliably and securely.
  4. Processing Power
    • Distributed Computing: Cloud providers offer powerful processing capabilities, enabling the use of frameworks like Apache Hadoop and Apache Spark for distributed data processing across multiple nodes.
  5. Data Analytics and Insights
    • Integrated Tools: Cloud platforms often come with built-in analytics tools (e.g., Azure Synapse, Google BigQuery) that allow organizations to analyze data quickly and derive insights without complex setup.
  6. Real-Time Data Processing
    • Stream Processing Services: Cloud solutions like Azure Stream Analytics and AWS Kinesis enable real-time data ingestion and processing, allowing organizations to respond to data as it flows in.
  7. Collaboration and Accessibility
    • Global Access: Cloud-based solutions facilitate collaboration by allowing teams to access and analyze data from anywhere, promoting a more agile and responsive approach to data management.
  8. Security and Compliance
    • Advanced Security Measures: Cloud providers invest heavily in security technologies and compliance frameworks, offering features like encryption, access controls, and auditing to protect sensitive data.

Use Cases of Big Data in the Cloud

  • Customer Insights: Organizations can analyze large datasets from customer interactions to understand preferences, optimize marketing strategies, and enhance customer experiences.
  • Predictive Analytics: Companies can use historical data to forecast future trends, improve inventory management, and make data-driven decisions.
  • IoT Data Management: The cloud provides the infrastructure necessary to store and process data generated from Internet of Things (IoT) devices, enabling real-time analysis and insights.
  • Social Media Analytics: Businesses can leverage big data analytics to monitor social media trends, sentiment analysis, and engagement metrics to inform marketing strategies.

Conclusion

The combination of big data and cloud computing offers organizations the flexibility, scalability, and power needed to manage and analyze vast amounts of data effectively. By leveraging cloud-based tools and services, businesses can unlock valuable insights, enhance decision-making, and drive innovation, all while minimizing costs and complexity. Embracing this synergy is essential for any organization looking to thrive in today’s data-driven landscape.

For more information,  Contact Us Here

SNP Collaborates with Citrix to Deliver an On-demand Webinar on How You Can Migrate your Citrix Environment to Azure

Posted on by snp

It is anticipated, by 2023, the Desktop-as-a-Service (DaaS) market is expected to grow by 29%, as more and more companies reap the benefits of a cloud workspace. But what exactly are these benefits and how do they differ from those currently seen on-premises?

For businesses adopting a cloud-first strategy, desktop migration is the next natural step. As Citrix and SNP Technologies continues to forge a winning partnership with Microsoft Azure, there is no better time to make the leap to securer, cost effective, and more flexible desktop delivery.

Our solution experts will show you:

* How you can seamlessly deliver and manage the users’ apps, desktops, data, and devices.

* Successfully and most efficiently scale desktops and applications to the cloud.

* Build a strategy for migrating infrastructure and virtual desktops to the cloud.

* How to proactively test the VDI related user experience from all your remote locations.

* Get insights to optimize and right-size your infrastructure, avoid downtime and improve datacenter efficiency, invest wisely and reduce the cost and complexity of IT operations management.

* Drill down into the technical aspects of deployment, including recommendations on Azure compute, network, and storage, key Citrix infrastructure components, and Azure business continuity.

* How to optimize the performance and availability of hosted desktops and applications.

* And much more!

Watch the webinar on-demand

Cloud for Data Center Efficiency, Performance and Availability

Posted on by snp

Using cloud solutions to enhance data center efficiency, performance, and availability is a strategic approach that many organizations are adopting. Here’s an overview of how cloud technologies can optimize these aspects:

1. Efficiency

  • Resource Optimization:
    • Dynamic Scaling: Cloud services allow organizations to scale resources up or down based on demand, ensuring that they only pay for what they use. This prevents over-provisioning and underutilization of resources.
    • Automated Workloads: Automation tools in the cloud can manage routine tasks and workflows, freeing up IT staff to focus on more strategic initiatives.
  • Cost Management:
    • Pay-As-You-Go Model: Cloud providers offer flexible pricing structures, allowing organizations to reduce capital expenditures and convert fixed costs to variable costs, which can lead to significant savings.
  • Energy Efficiency:
    • Optimized Data Centers: Cloud providers often operate energy-efficient data centers, utilizing advanced cooling and power management technologies. Organizations can benefit from lower energy consumption by offloading workloads to the cloud.

2. Performance

  • High-Performance Computing (HPC):
    • Cloud platforms provide access to powerful computing resources that can handle intensive workloads, such as big data analytics, machine learning, and complex simulations, without the need for significant on-premises infrastructure.
  • Global Reach:
    • Content Delivery Networks (CDN): Cloud providers offer CDNs to deliver content quickly to users around the globe, improving the performance of web applications and services.
  • Load Balancing:
    • Cloud solutions can automatically distribute workloads across multiple servers, ensuring optimal performance and reducing the risk of bottlenecks during peak usage times.

3. Availability

  • Redundancy and Reliability:
    • Multi-Region Deployments: Cloud services allow for the deployment of applications and data across multiple geographic regions. This ensures high availability and disaster recovery, as services can continue operating even if one region experiences issues.
  • Automated Backups:
    • Cloud solutions often include automated backup features that regularly back up data, ensuring it can be restored quickly in case of loss or corruption.
  • Monitoring and Alerts:
    • Cloud providers offer comprehensive monitoring tools that provide insights into performance and availability. Organizations can set up alerts for any anomalies, enabling quick responses to potential issues.

Conclusion

Leveraging cloud technologies significantly enhances data center efficiency, performance, and availability. By optimizing resource utilization, reducing costs, and improving reliability, organizations can create a more agile and resilient IT environment. This not only helps in maintaining operational continuity but also positions businesses to innovate and respond swiftly to market demands. As organizations continue to embrace digital transformation, integrating cloud solutions into their data center strategy will be essential for success.

To learn more about how you can increase your data center efficiency, Contact SNP Technologies here

From DevOps to DevSecOps

Posted on by snp

DevSecOps (Development, Security & Operations) is a transformational shift in the digitally evolving IT world which incorporates secure culture, practices, and tools to drive visibility, collaboration, and agility of security into each phase of the DevOps pipeline.

Why DevSecOps is crucial for your business:

  • Continuous Security- DevSecOps uses automated security review of code and automated application security testing.
  • Increased efficiency & quality: Security issues are detected and remediated during development phases which increases the speed of delivery and enhances quality.
  • Enhanced compliance: In DevSecOps, security auditing, monitoring, and notification systems are automated and continuously monitored, which facilitates enhanced compliance.
  • Increased collaboration: By integrating development, security and operations, DevSecOps fosters a culture of openness and transparency from the earliest stages of development.

SNP’s Approach to DevSecOps:

SNP Technologies, leverages Microsoft Azure to implement a DevSecOps framework that focuses on services like:

  • Vulnerability assessment and threat investigation.
  • Automated code analysis and review.
  • Secure releases of CI/CD pipeline.
  • Huge cost savings.
  • Scalability and improved resilience by deploying microservices and containers.
  • Automated security and monitoring for enhanced compliance.

DevSecOps Implementation:

Infrastructure Security

  • This is an access control and centralized authentication mechanism.
  • Role-based Access Control (RBAC) is required for secure access to clusters and namespaces with identity managed at the container level to grant secure access to specific Azure resources.
  • Ingress controllers can be used to define internal IP addresses, so services are accessible internally.
  • Network isolation can play a key role as network policies are used to manage pod-to-pod communications or from an IP outside of the cluster.
  • Data is encrypted between apps and services; this includes both data in transit and data at rest.

Container/Pod Security

  • Pod managed identities are leveraged to secure and authenticate images and other resources in the container registry.
  • Credentials are requested and retrieved from digital vault/key vault.
  • Isolation is done at pod level security policies which enables fine-grained authorization to pods using pod security to limit access and services.

Security Management

  • Manual errors are eliminated by integrating security scanners, running security static analysis tools and scanning any pre-built container images in the build pipeline.
  • Security events on the cluster are monitored for attacks with log analytics integration.  

Why SNP?

At SNP, we help you choose and implement a right DevSecOps solution which aligns with your technology roadmap. For more information, contact us here.

Managing Data Growth with Microsoft Azure

Posted on by snp

Managing data growth effectively is crucial for organizations as they seek to harness the power of data while ensuring scalability, security, and cost efficiency. Microsoft Azure offers a robust suite of tools and services to help organizations manage their growing data needs. Here’s how Azure can assist in managing data growth:

1. Scalable Storage Solutions

  • Azure Blob Storage: Ideal for storing unstructured data, such as images, videos, and backups. It offers scalable capacity and redundancy options, making it easy to store and retrieve large volumes of data.
  • Azure Data Lake Storage: Designed for big data analytics, it allows you to store both structured and unstructured data at scale, with hierarchical namespace capabilities for better organization.
  • Azure Files and Azure Disks: Provide managed file shares and persistent disk storage for applications running in Azure, allowing for easy scaling as data needs grow.

2. Data Management and Governance

  • Azure Data Catalog: A fully managed service that helps you discover, understand, and consume data sources. It provides metadata management and data governance capabilities to ensure data quality and compliance.
  • Azure Purview: A unified data governance solution that enables you to classify, manage, and govern data across your Azure environment, providing visibility into data assets and compliance.

3. Data Analytics and Insights

  • Azure Synapse Analytics: An integrated analytics service that combines big data and data warehousing. It enables you to analyze large volumes of data from various sources and gain insights through powerful querying capabilities.
  • Power BI: A business analytics tool that helps visualize data and share insights across your organization, making it easier to understand data growth trends and inform strategic decisions.

4. Data Protection and Security

  • Azure Backup: Provides a reliable and scalable backup solution for your data, protecting against loss due to accidental deletion, corruption, or disasters.
  • Azure Security Center: Helps secure your data with advanced threat protection, providing security management and threat detection capabilities to protect your Azure resources.

5. Automated Scaling and Performance Management

  • Azure Autoscale: Automatically adjusts resources based on demand, ensuring that applications can handle data growth without manual intervention. This helps optimize costs while maintaining performance.
  • Azure Monitor: Provides comprehensive monitoring and analytics capabilities to track performance metrics and set alerts, helping you manage resource utilization effectively as data grows.

6. Cost Management and Optimization

  • Azure Cost Management and Billing: Helps track and manage cloud spending, providing insights and recommendations to optimize costs as data storage and processing requirements increase.
  • Reserved Instances: Allow you to save on compute costs by committing to a one- or three-year term, which can be beneficial as data processing needs expand.

Conclusion

Microsoft Azure provides a comprehensive suite of services and tools to help organizations manage data growth effectively. By leveraging scalable storage solutions, robust data governance, advanced analytics, and automated management features, businesses can ensure that their data infrastructure supports their growth objectives while maintaining security and cost efficiency. Embracing these Azure capabilities allows organizations to harness the power of their data and make informed, data-driven decisions.

For more information about how you can manage your data with Azure, contact our Azure experts here

SNP Collaborates with Citrix to Deliver Graphic-Intensive Solutions on Citrix Cloud and Azure

Posted on by snp

In the ever-changing IT landscape, Citrix is pushing the limits of what’s possible for our customers and partners. It’s exciting how we’re helping them use our technologies, from moving workloads to the cloud, thinning down endpoints, and tweaking our ICA protocol to maximize graphics performance.

Take one of my Citrix Service Provider partners, Connecticut-based SNP Technologies. I worked with them throughout the first half of 2019 to create an offering in the cloud that they have brought to market successfully. SNP is an entirely cloud-focused CSP, and in this blog post, I’ll share their use case and the technology they used to accomplish their goals.

SNP Technologies came to the Citrix CSP team with one goal in mind — to verticalize and go to market targeting high-end architecture, design, and engineering firms. They wanted to tackle two pain points for this niche market:

  • Minimize cost as endpoints with built-in graphics cards are expensive
  • No central way to manage and maintain security on any of the data created on these endpoints

In partnership with SNP Technologies, Citrix devised a plan to tackle these issues, leveraging the latest technologies from both Citrix and Microsoft. How did we do it? Let’s take a look at the technology landscape:

Technology in Practice:

Architecture, design, and engineering firms use graphics-intensive applications such as AutoDesk and SolidWorks, which require more than the average amount of hardware resources to operate properly. As a 100 percent cloud-focused partner, SNP Technologies naturally leveraged the Citrix Cloud Virtual Apps and Desktops service which helped in the following ways:

  • Saved on compute costs and the cost of deploying and maintaining a Citrix environment.
  • Onboarding new customers is easier and seamless.
  • SNP used GPU-enabled Azure N-Series VMs running Windows 10 to deliver the best user experience for their customers.
  • Each end user gets a high-end Windows 10 desktop in the cloud, pre-installed with the applications they need to get their work done, all while keeping the data locked down and secured from one management location.

Taking a quick glance at the cost of compute on the Azure side for the N-Series VMs, one might think, “How is this solution viable from a cost perspective?” Citrix was able to help decrease the Azure compute cost dramatically for SNP Technologies by leveraging our Autoscale feature, exclusive to the Citrix Cloud Virtual Apps and Desktops service. Autoscale enables proactive power management of machines based on load, a schedule, or a combination of both. It also supports many VDA hosting platforms, including Microsoft Azure Resource Manager. Autoscale supports SNP Technology’s 100 percent cloud-first approach, doesn’t require on-prem installations, and is built in to the Virtual Apps and Desktops service at no additional cost.

Enabling an Optimal User Experience:

Citrix graphics policies were tweaked to enable an optimal user experience. One benefit of partnering with SNP and  Citrix is that we have a team dedicated to creating graphics policies for all types of deployments. After many testing cycles, here’s what we found to be optimal:

Optimize for 3D Graphics Workload

  • This setting configures the appropriate default settings that best suit graphically intense workloads and should only be used when a GPU is available to the session.

Hardware Encoding for Video

  • This setting allows the use of graphics hardware, if available, to compress screen elements with video (H.264) codec.

Setting the Video Codec for Compression for the entire screen

  • This setting allows use of a video codec (H.264) to compress graphics when video decoding is available on the endpoint. Select “For the entire screen” to optimize for improved user experience and bandwidth, especially in cases with heavy use of server-rendered video and 3D graphics.

Setting the Target Frame Rate at the maximum of 60 Frames Per Second

  • This setting specifies the maximum number of frames per second sent from the virtual desktop to the user device. Setting a high number of frames per second improves the user experience but requires more bandwidth. By default, the maximum is 30 frames per second.

Setting Visual Quality to high

  • This setting specifies the desired visual quality for images displayed on the user device. We found that “high” worked best for our use case, and we recommend that if you require visually lossless image quality.

Graphics Status Indicator set to enabled

  • This setting will configure the graphics status indicator to run in the user session. This will allow the user to see details on the graphics mode in use, including graphics provider, encoder, hardware encoding, image quality, progressive display status, and lossless text.

Please note, depending on the specific application and use case, policies will need to be tweaked. We recommend working with your SNP or Citrix engineer to determine what best fits your needs.

Finally, from a technology perspective, SNP Technologies leveraged the Citrix Gateway service, which is included in the Citrix Virtual Apps and Desktops license. Citrix Gateway has points of presence (PoPs) all over the world, enabling users to connect to the nearest location. SNP Technologies was able to include features like high availability and global server load balancing in their branded solution for their end customers without having to stand up or configure complicated networking architectures.

This deployment was exciting because we were able to break down barriers and show what’s possible with cloud, creating a solution that can be deployed in a matter of hours, which just wasn’t possible before. As a result, SNP Technologies’ onboarding of new customers has become seamless and almost effortless. The power of Citrix and Microsoft has reached new heights, and this deployment is proof that if you aren’t thinking about a cloud-first approach, you’re missing out and you’ll probably get left behind in this ever-changing market.

This blog is authored by Neir Benyamin, Partner Sales Engineer at Citrix and Co-authored by Raviteja Beeram, Cloud Solutions Architect at SNP TechnologiesRead the complete blog here.

For more information on SNP’s graphic-intensive solutions on Citrix Cloud and Azure, contact us here.

The Azure Customer Immersion Experience: What it is and Why You Need it

Posted on by snp

Do these thoughts describe your company’s Azure cloud adoption?

  • “Cloud knowledge is essential for IT and Development on-boarding”
  • “Our teams need to get up to speed quickly”
  • “We don’t know where to start”

If so, you probably need a facilitated training on Azure cloud technologies, and the means to this end is a Azure Customer Immersion Experience, or CIE for short.

In my prior blog post, I shared 5 Tips to Discover App Innovation on Azure as a short guide to help you acclimate to the Azure cloud, with tip #3 being to “Schedule Customer Immersion Experience (CIE)”. If the sentiments I opened with above ring true, my advice is to make the CIE a high priority.

Unlike the other four tips, the CIE is a facilitated activity, as opposed to a task that relies on individual initiative. Individual initiative is difficult to track and manage, whereas with a facilitated activity you ensure that the right people are scheduled at the right time to get the right Azure training to meet on-boarding needs.

For this reason, I wanted to dedicate a full blog to tip #3.

If you have not read my prior post, I recommend you have a look at 5 Tips to Discover App Innovation on Azure, particularly tip #3, and then return to this post.

About the Microsoft CIE program

The Microsoft CIE program is an innovative training approach that favors hands-on experiences over lecture. The leader of the CIE is referred to as a “facilitator” or “emcee”, as opposed to an “instructor”. Each CIE has an over-arching topic, such as “Managing Infrastructure” or “Application Innovation”. Hands-on lab or hackfest style workshops are the training modality.

Labs for the Microsoft CIE program come from a pool of Instructor-led Labs (a total of 83, as of this writing).

The facilitator briefly introduces the CIE material and then fosters a conversational walk-through of the workshop content. Attendees are encouraged to work together and contribute to the conversation.

Facilitators are Azure knowledge workers (such as myself) who enjoy the opportunity to lead their peers through a great learning experience. The Facilitator is not necessarily an expert on all topics covered in the workshop. But this is the point of the CIE. Everyone who attends has the opportunity to share their experience, brainstorm and ask questions that the group can respond to.

To become a CIE facilitator, one participates in a three-week course and presents a customer immersion experience as their final project.

SNP’s CIE approach

At SNP, we take a hybrid approach to CIE delivery. For one, we favor a little more lecture, but certainly short of “death by PowerPoint.” We also curate workshops from a wider array of lab material produced by Microsoft and some home-grown. That is, we do not confine ourselves to the aforementioned list of labs at https://www.microsoft.com/handsonlabs/instructorledlabs.

Our CIE engagements have a single SNP facilitator. As well, SNP engineers participate as proctors to assist attendees and offer their unique technical insight.

At the onset of the CIE, attendees are provided with a virtual lab environment with all Azure resources required for the CIE. These lab environments are furnished by Microsoft at no additional cost, and are available for the day only. As the lab environments expire, customers often elect to use a company Azure subscription or the individual MSDN subscriptions of attendees. In such cases, prerequisites are furnished several days before the CIE. Typical requirements are:

  • Azure subscription
  • Azure DevOps Organization
  • Visual Studio Code
  • Visual Studio 2017 or greater
  • Git

An Example CIE for Azure Kubernetes Service

In the 5 Tips blog eluded to earlier, I summarized topics covered in an “App Innovation with Azure” 2-day workshop. To mix things up, the following CIE example targets IT and Development professionals interested in a one-day immersion into Azure Kubernetes Service (AKS), Microsoft’s managed service for Kubernetes.

This workshop takes a challenge-based approach wherein attendees are expected to work together in small “teams” to solve “challenges” including:

  • Kubernetes cluster deployment with AKS
  • MongoDB deployment on AKS
  • Setting up Azure Container Registry (ACR)
  • Packaging front-end and back-end applications as Docker containers
  • Pushing the containers to ACR
  • Use Azure DevOps to set up a CI/CD pipeline to deploy the containers on AKS
  • Scale the application
  • Monitor container performance with Azure Container Health
  • and more

The feedback from attendees of this CIE has been excellent. The collaborative format and workshop guidance is suitable for novices and those with intermediate knowledge of Kubernetes and Azure.

In Closing

As an IT professional selling cloud solutions for a living, I know that Azure can be intimidating but it doesn’t have to be. There is much that you can do on your own to get-up-to-speed, and the assistance of a Microsoft Partner such as SNP accelerates the establishment of a production-ready Azure ecosystem for your workloads.

Customer Immersion Experiences are an important tool to employ as you adopt Azure, and also to learn new Azure cloud technology that emerges on an annual basis.

Lastly, the good news!  For some qualified organizations there are funding opportunities for either the CIE itself or for next steps coming out of the CIE – pilots, POCs, etc. So, if you want to learn more, give us a call to schedule a CIE today.