At Daymark, we practice what we preach. If it’s not good enough for us, it’s not good enough for our customers either! One example: Microsoft Azure. Long before we achieved Elite Microsoft partner status, we had moved our own network onto Azure, and now have over three years of experience running our environment in the cloud. Here are some of the lessons we’ve learned and best practices we implement when helping clients migrate to Azure.
1. Creating Your Virtual Network
Our network contains virtual gateways from both of our Azure locations on the East and West coasts. For our firewalls, we use CheckPoint, which can be run through Linux VMs in the Azure Marketplace. We also use Route Tables for each Subnet and Gateway in the Virtual Network to make sure those who are trying to access the environment go through multiple hops before they can reach the Internet.
2. Azure Security
Security in Azure can be run a number of different ways. As mentioned in the Virtual Network section, we run our firewalls through CheckPoint, but there are several other ways to implement Firewalls in the Azure environment. Outside of firewalls for network security, there are additional security measures that Azure offers including Network Security Groups. By creating Network Security Groups, you can group together Subnets and Network Interfaces within groups and set specific Outbound and Inbound Rules for how people are able to access them.
Another security measure Azure offers is the Security Center. The Security Center allows you to view your resource security health, provides alerts, and makes recommendations specific to what is in your network. You can take all of the data that the Security Center has collected and explore it in PowerBI for a deeper analysis. You can also view and create your own Security policy.
3. Backup and Recovery Services (ASR)
In our own environment, we use the Recovery Services Vault in Azure to backup all of our VMs that are in Azure. We not only use Recovery Service Vault for VM backup, we also use it to backup all of our File-Folders with Cloud-GRS backup.
Another feature of Azure Backup and Recovery Services is their Azure Site Recovery offering, which acts as a Disaster-as-a-Service (DRaaS). You can replicate both VMware VMs or physical servers to Azure and Azure will act as a DR location. So if your VMs fail, you can be back up and running within minutes.
4. Implementing Web Apps
A Web App is more or less just a fancy name for a website in Azure. At Daymark, we run our website through Azure, and Azure monitors and provides us an App Service for it. There are a number of different features you can run with Web App to make sure that your website will always be running optimally. For example, you can set it to auto-scale for times you think traffic may spike or you could also set up a Traffic Manager, which can act as a Load Balancer between your main site and a backup if you wanted one.
5. Implementing Storage Accounts
With Microsoft Azure, you can take your SQL databases and put them into the cloud. Azure SQL databases allow you to accumulate data that you find using other features in Azure and process a large number of database calls each day. One example of how Azure SQL databases accumulate and process data effectively is if you were to collect data from an Internet of Things device like a LAN sensor which collects data center temperatures, humidity, etc. Once the LAN sensor had collected all of the data it was supposed to, the Azure SQL database would be able to accumulate it and use database calls to search through and sort the data.
These are just 5 of the Azure best practices we use at Daymark and recommend and deploy for our clients. Stay tuned for future blogs with more of our lessons learned and uses cases. Got a question on Azure best practices? Email me!