Microsoft Antimalware provides free real-time protection against viruses, spyware and other malicious software. The solution is built on the same antimalware platform as Microsoft Security Essentials, Forefront Endpoint Protection, System Center Endpoint Protection, Windows Intune and Windows Defender. Microsoft Antimalware is a single-agent malware protection for tenant environments.
Microsoft Antimalware for Azure Cloud Services and Virtual Machines is a detailed guide by Microsoft if you would like to explore about the Microsoft Antimalware. There are many ways to deploy Microsoft Antimalware to your Azure IaaS or Cloud Services infrastructure, but I would like to focus on following two,
IaaSAntimalware extension can be defined in resource manager template (
virtualMachineProfileensures consistency across VM cluster.
Service Fabric would be a core tool in your computing arsenal for Microservices architecture, very popular among Microsoft and Azure enthusiast. I have covered Service Fabric extensively with in many blog posts. In this post, I would like to focus on Operational and Service Management aspect of the Azure Service Fabric.
These problems mentioned above are a very common scenario (for Service Fabric or Microservices implementation) at any enterprise scale and business critical Microservices implementation. Clearly, the challenge is the scale. You could be dealing with 100+ logical services and 25-30 machine cluster in typical high-end microservices environments, or even bigger.
Microsoft Operations Management Suite would be an excellent fit if you are in Azure (also if you are not). Let us try to evaluate OMS based on following the business value of IT operations and management criteria.
Following-up on my last month’s Linkedin Digest , I am staring a new Azure Operations Management Suite Blog Series.
Microsoft Operations Management Suite (OMS) enables organisations to gain insight and control with Service Management, Security Orchestration and IT Operations across Azure, Hybrid Cloud and on-premises data centre.
The product provides focus on the following mainstream IT Operations, and Service Management functions.
I would do a separate blog post discussing and evaluating the Microsoft Operations Management Suite and the problem definition that the product addresses. In this post, would keep to basics and a step-by-step guide to setup and overview of OMS Portal.
As an Azure Computing enthusiast, I am following the Service Fabric since the platform was available for private preview. The Service Fabric is a distributed platform that addresses significant challenges in managing cloud applications. i.e. Microservices, High-Density Web Services or self-host applications. The Azure Service Fabric avoids complex logistical problems around the infrastructure and service management. It mainly focuses on implementing critical, high-volume workload that is scalable, fault-tolerant, self-healing, stateless or stateful, fast deployable, resource balancing, self-optimising and manageable.
There are mainly two ways to provision the Service Fabric clusters,
Previous two post explained how to Setup Key Vault in Azure and Access Azure Key Vault using Azure AD Application and Certificates. This blog post would discuss Cloud Security Patterns (or Application Cryptography Patterns) using Microsoft Azure Key Vault.
Two most prominent challenges that any cloud deployment would demand is securing your application configuration or application secrets. i.e. database connection strings, third party API keys, passwords, encryption salts, unsecured endpoints. Cyber forensic evidence suggests that compromised application configuration leads to larger and abysmal organisation security failures. Therefore, it is crucial for every cloud project to consider the aspect seriously. OWASP finds A5 Security Misconfiguration and A6 Sensitive Data Exposure are two most common vulnerability.
The suggested cloud application security patterns, secure Application Secrets using random AES 128-bit symmetric data key, and wrap secure symmetric data key using Application specific RSA HSM (HSM Key). All access points are secured by Azure AD Security Principal and Client Certificates.
In a previous post we have discussed options for setting up an Azure Key Vault. Let’s move to next logical topic, how to access Azure Key Vault securely from client applications.
To access Azure Key Vault securely, you can opt for either of the following options.
Setting up an Azure Key Vault is relatively very easy than some Azure deployment. Microsoft Azure supports Web Portal, PowerShell, Shell Scripts, CLI, ARM templates and other scripting languages.
Key decision points are ACL, Service Principal and managing access secrets. The article would discuss all of these aspects of the journey. Let us start from simple and then we would move to advance options (for DevOps).