Azure Role-Based Access Control (RBAC) offers the powerful ability to accord permissions based on the principle of “least privilege.” In this short video, we extend the idea of Azure RBAC to implement a JIT (just in time) permission control. We think a JIT model can be useful for the following reasons:
1) Ability to balance the desire for “least privilege” with the cost of managing an exploding number of fine-grained permission rules (hundreds of permission types, combined with hundreds of resources).
2) Allow coarse-grained access (typically DevOps teams need access to multiple services) that is “context aware” (permission is granted during the context of a task).
Of course JIT can only be successful if its accompanied with smart automation (so users have instant access to permissions that they need and when they need them).
Interested? Watch this 15-minute video that goes over the concepts and a short demonstration of JIT with Azure RBAC.
Over the years, AIS has leveraged “Excel on Server” to enable power users to develop their own code.
Consider a common requirement to implement calculations/reports that adhere to the Financial Accounting Standards Board (FASB) standards. These types of reports are often large and complex. The calculations in the reports are specific to a geographical region, so a multi-national company needs to implement different versions of these calculations. Furthermore, over time these calculations have to be adjusted to comply with changing laws.
Traditionally, these calculations have been implemented using custom code, and as a result, suffer from the challenges outlined above, including the high cost of development and maintenance, requirements being lost in translation, the lack of traceability, and the lack of a robust mechanism for making a quick change to a calculation in response to a change in a standard. This is where the power of Excel on Server comes in.
As you may know, Excel on the server is available via in two forms: Read More…
The microservice architecture has been very popular in the industry past few years and we’re learning about the successful adoption of this architecture. The higher rate of architecture style adoption is due to the echo system that’s evolved around this architecture and benefits realized by the organizations. In this blog post, I’ll introduce the microservice, walk through steps to build more of a “Hello World” stateless microservice using the Microsoft Service Fabric, and deploy the microservice to local service fabric environment.
Before we dive in to the building of the stateful microservice let’s look at the basics of the microservice, purpose and types of microservice. Read More…
How do you get better uptime than the cloud? Two clouds!
AIS’ CTO Vishwas Lele stopped by the .NET Rocks podcast this week to talk about our experiences building ultra-reliable applications, both on-premises and in the cloud.
The discussion digs into the decisions around reliability – it’s easy to want it, but will you pay for it? It’s important to calculate the cost of downtime, as that helps set the budget for what it takes to stay up. And that leads to a conversation about how you build highly reliable software – it can’t just come from the infrastructure, there is code involved as well! And the next question is – how do you make your app work in two different clouds?
Another month, another great #AzureGovMeetup in Washington, D.C. Last week’s Meetup was all about the hybrid cloud (storing data both on-premises and in the cloud), a critical part of government IT transformation.
Keeping up with ever-changing IT environments is a challenge for most organizations, so we discussed how agencies can gain visibility and control across their hybrid cloud, along with choosing the right tools, management and recovery, and improving security and protection. The Meetup also featured updates on the latest technologies and upcoming plans from the recent Microsoft Build 2017 conference.
AIS’ CTO and Azure MVP Vishwas Lele and Cloud Architect Harin Sandhoo both gave great presentations, along with Microsoft Cloud Solution Architect, Brian Harrison. In case you missed it (or want to watch again), you can watch the entire Meetup right here: Read More…
With the recent release of Microsoft Teams, you may be wondering what the differences between Teams and Office 365 Groups are. At AIS, we’re always on the forefront of the latest Office 365 services, and given our long-time partnership with Microsoft, we’ve actually been using both Microsoft Teams and Office 365 Groups for while now. We’ve gotten a solid sense of what both services are good at and what they’re…not so good at. At least not yet. Read More…
Microsoft has over a thousand Virtual Machine images available in the Microsoft Azure Marketplace. If your organization has their own on-premises “Gold Image” that’s been tailored, hardened, and adapted to meet specific organizational requirements (compliance, business, security, etc.), you can bring those images into your Azure subscription for reuse, automation, and/or manageability.
I recently had the opportunity to take a client’s virtualized Windows Server 2008 R2 “Gold Image” in .OVA format (VMware ), extract the contents using 7-Zip, run the Microsoft Virtual Machine Converter to create a VHD, prepare and upload the VHD, and create a Managed Image that was then deployed using PowerShell and an Azure Resource Manager Template.
Part 3: Azure Automation, Azure RunBooks, and Octopus Deploy
With just PowerShell and an Azure ARM template, we can kick off a deployment in just a few minutes. But there are still some manual steps involved – you still need to login to your Azure subscription, enter a command to create a new resource group, and enter another command to kick off a deployment. With the help of an Azure automation account and a platform called Octopus Deploy, we can automate this process even further to a point where it takes as little as three clicks to deploy your whole infrastructure! Read More…
After you’ve created your template, you can use PowerShell to kick off the deployment process. PowerShell is a great tool with a ton of features to help automate Azure processes. In order to deploy Azure ARM Templates with PowerShell, you will need to install the Azure PowerShell cmdlets. You can do this by simply running the command Install-Module AzureRM inside a PowerShell session.
Check out this link for more information on installing Azure PowerShell cmdlets. PowerShell works best on a Windows platform, although there is a version now out for Mac that you can check out here. You can also use Azure CLI to do the same thing. PowerShell and Azure CLI are quick and easy ways to create resources without using the Portal. I still stick with PowerShell, even though I primarily use a Mac computer for development work. (I’ll talk more about this in the next section.) Read More…