Sergey Nivens - Fotolia

Explore the latest options for Azure public cloud management

Microsoft has revamped and expanded features to streamline Azure management. Check out these five tips on Azure tools, automation and more to fine-tune your management process.

One of the first choices an enterprise faces before migrating to the public cloud is which provider to use. Amazon Web Services, Azure and Google are currently the top public cloud providers in the market and offer competitive services to meet common enterprise needs.

The Azure public cloud offers features related to management, automation and security. For those who need a more customized approach to cloud deployment and management, Azure also supports third-party software.

Azure has added a lot of tools and services over the years, such as Azure Resource Manager, Azure Automation and Azure Site Recovery, to simplify cloud management. Delve deeper into some of these additions, and get best practices to improve management of your Azure public cloud.

Managing Azure resources with ARM vs. the classic admin portal

With the continued expansion of the Azure public cloud, the classic Azure management portal has become outdated. Azure Resource Manager (ARM), the new management portal, addresses the shortcomings of the old one for most services. Switching from the old portal to ARM also gives users helpful features to develop and deploy large-scale applications efficiently.

Templates in ARM save admins time when deploying Azure services or resource groups that share the same features. Admins can also apply tags to resource groups to receive alerts if a user or project goes over budget.

Like any IT deployment, security is always a concern. Admins can use ARM to implement role-based access controls to ensure that users can only access the resources needed for their particular job.

Before you switch over from the old portal, check to see if ARM covers all the services you need. If not, some enterprises may need to use both portals until ARM gains more functionality.

Explore options for Azure public cloud automation

Automation is a great feature for cloud admins who perform tasks such as cloning VMs across different regions or modifying widespread security policies. Microsoft's Azure Automation service offers two automation techniques: Azure runbooks and Azure Desired State Configuration (DSC). To choose between the two, identify enterprise processes and requirements.

Both automation options stem from PowerShell, but Azure DSC requires a Pull Server to store configurations. Runbooks manage Azure services, as well as control private data center resources. Admins can create their own runbooks or customize those offered in the Runbook Gallery. If these options do not work for your organization, consider third-party tools such as such as Chef, Puppet, Ansible and Salt.

Invoke Azure runbooks with a webhook

Within the Azure Automation service, admins can create a runbook, using either PowerShell scripts or workflows, to automate processes in the Azure public cloud. Admins can also use a webhook, similar to an API that can be called from anywhere, to invoke runbooks remotely. A webhook creates a unique HTTP endpoint that external systems or applications can access.

Admins with access to the internet can execute runbooks through command-line tools. Since this is done in a public environment without an authentication system, there are security risks. A token is needed with the HTTP request, but users should add another layer of authentication or avoid using webhooks for processes that demand higher levels of security.

Get started with Microsoft Azure Security Center

Preventing security threats is an important part of any cloud strategy. Microsoft Azure Security Center is a service that provides threat prevention and detection. The service monitors Azure resources, implements security policies and allows for deployment of third-party security appliances. The service can also help admins monitor past activity and, through technologies like machine learning and behavioral analysis, offer recommendations to strengthen security.

If a threat is detected, the service sends customized alerts and provides insights into how to mitigate the risk. Microsoft Azure Security Center costs vary depending on the tier. The standard tier runs $15 per node each month, but Azure users can test the service with a free 90-day trial period. Additionally, users will incur storage costs for security data.

Using Azure Site Recovery for cloud DR, backup

The public cloud is a popular environment for backup and redundancy. Top cloud providers, including Azure, AWS and Google, offer automated services with large storage capacities and quick recovery times. These disaster recovery (DR) and backup services are more reliable and cheaper than storing data in an additional enterprise-owned data center.

Microsoft's service, Azure Site Recovery, automatically replicates and backs up data and VMs from private Windows environments to the Azure public cloud. It also offers features such as remote monitoring, custom DR plans, testing and automated failover and recovery. Azure Site Recovery works well for larger organizations but smaller businesses may want to consider software-as-a-service products such as HotLink, Infrascale and Zerto.

When building a cloud DR and business continuity plan, prioritize applications by business importance to cause the least amount of disruption. Once the plan is in place, establish a data replication process and set recovery time objectives for each workload.

Next Steps

Familiarize yourself with Azure storage types

Compare container services from Azure, Google and AWS

Get acquainted with Azure big data services

Dig Deeper on Managing cloud infrastructure