Do I need a Firewall and WAF for Website HTTPS traffic only
Hello Azure Community, I'm looking for some advice or feedback around the need to deploy a Firewall and WAF for Website only solution that uses HTTPS and Websockets on a IaaS platform leveraging Windows Server, IIS and SQL Server. I've had a couple of comments/suggestions that I should be deploying a Firewall as well, suggesting that a WAF isn't sufficient enough to prevent attacks such as sql injection. Given that adding a firewall to the solution adds substantial dollars to the monthly bill , I'm looking for any other feedback in terms of how secure a WAF is for layer 7 traffic or what others are deploying for website only traffic. i.e., WAF only or FW and WAF? To be clear, this isn't necessarily about the dollars but rather is a client throwing money out the door with the addition of the FW when a WAF will do? Thanks in advance, PaulRecovery Services Vault- Backup Alerts- Configure Notifications with PowerShell?
Hi, Using Recovery Services Vaults to backup VMs in Azure, we can configure Backup Alert notifications using the portal- is there a way of doing this in PowerShell (or via API/ CLI...)? Use case- we want to turn on email notifications on all our vaults, or update/add an email address.Microsoft Azure Hub-Spoke model by Enterprise Design 2 of 4 Lift and Shift
Microsoft Azure Hub-Spoke model This blogpost about Microsoft Azure Hub-Spoke model by Enterprise Design 2 of 4 “Lift and Shift” is part of a Datacenter transition to Microsoft Azure Intelligent Cloud. It’s talking about Azure Architecture, Security, Assessment, Azure Policy, and implementation of the design. Here you find the first blogposts : Microsoft Azure Hub-Spoke model by Enterprise Design 1 of 4 Microsoft Azure Policy and BluePrints Overview (Extra Blogpost) It’s important for your business to have your Azure Architectural design with Security in place before you start your “Lift and Shift” actions, think about Identity Management and Provisioning, RBAC for your Administrators and Super Users with Two-Factor Authentication. Security with Network Security Groups and Firewalls Read the Complete blogpost here about "Lift and Shift" to the Cloud with Azure Site Recovery migration ServicesWhy should I care about an Azure Virtual Machine Backup and how to set it up!
Dear Azure Friends, In this article, I am concerned with gaining attention when it comes to responsibilities and misunderstandings. The following customer statements: "The virtual machine is hosted in Azure, so the responsibility lies with Azure". "I pay for the virtual machine in Azure so Azure has to take care of the backup". Honestly this is absolute nonsense (sorry for this expression). There is only one answer to these customer statements: Shared responsibility in the cloud!! Let's take a look together at shared responsibility in the cloud. https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility Now let's take a closer look. A virtual machine in Azure is infrastructure-as-a-service (IaaS). Please take a look at the intersection, we can see exactly where the responsibilities lie. Everything that has to do with physical infrastructure lies with Microsoft. The rest is clearly up to the customer. Let's take a close look => from the operating system!!! Now the following customer scenario: The customer runs a virtual machine in Azure. First, some applications from third-party providers are installed and a few operating system adjustments are made. Everything is fine, after a few weeks operating system updates (including security patches) are installed. After the reboot, the system in Azure no longer appears as "Running" but "unknown". So what now? Call Microsoft? Open a ticket? We have seen that the responsibility does not lie with Microsoft but with the customer! This is exactly what is regularly and often underestimated. In order to prevent this scenario from happening, it is imperative to have a backup. So that in case of emergency a recovery can be made. Of course it needs more than just a backup, that has to be handled company wide with different processes. But let's keep it simple in this example and start with setting up a backup for a virtual machine. When it comes to backup, there is no way around a Recovery Service Vault. Now we can customize the proposed backup policy for our needs. We assign a new name and set up the schedule. If you wish you can select different retention options, from weekly, monthly to yearly. You can optionally name the Azure Backup Resource Group below. Click "OK" and then click "Enable Backup". The deployment is made then click on "Go to resource". Now we are in the Recovery Service Vault. Here we can find the details of our backup job. For some time now, the Backup Center has been available in Azure and will be the first point of contact for setting up backups in the future. Here we immediately see info about our backup in the overview. In the meantime I started the backup manually (outside the schedule) so that we can look at the backup together. The backup result in the virtual machine details. The Backup Center shows us that the transfer to the Vault still needs to be processed. Important: The backup is the first step in the right direction, don't forget to perform a test restore regularly to make sure that your virtual machine will work exactly as you expect it to after a restore! If the customer had created at least one backup, this "ugly" situation would never have occurred. For this reason it is super important to know where the RESPONSIBILITIES lie! I hope this article was useful. Thank you for taking the time to read the article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechslerBackup Windows 10 to Microsoft Azure Backup
Azure Backup for your Windows 10 PC allows you to backup Files and Folders and store and backup them to the cloud. You can use this for small environments, VIP machines or for remote workers which are always on the road. Data is encrypted on the on-premises client machine using AES256 and the data is sent over a secure HTTPS link. Backups are stored encrypted in Azure with the customers own key. https://www.thomasmaurer.ch/2018/10/backup-windows-10-microsoft-azure-backup/Whitepaper Achieving Compliant Data Residency and Security with Azure
Introduction Security and compliance–basic elements of the trusted cloud–are top priorities for organizations today. This paper is designed to help customers ensure that their data is handled in a manner that meets their data protection, regulatory, and sovereignty requirements on the global cloud architecture of Microsoft Azure. Transparency and control are also essential to establishing and maintaining trust in cloud technology. Microsoft recognizes that restricted and regulated industries require additional details for their risk management and to ensure compliance at all times. Microsoft provides an industry-leading security and compliance portfolio. Security is built into the Azure platform, beginning with the development process, which is conducted in accordance with the Security Development Lifecycle (SDL), and includes technologies, controls and tools that address data management and governance, Active Directory identity and access controls, network and infrastructure security technologies and tools, threat protection, and encryption to protect data in transit and at rest. Microsoft also provides customers with choices to select and limit the types and locations of data storage on Azure. With the innovation of the security and compliance frameworks, customers in regulated industries can successfully run mission-critical workloads in the cloud and leverage all the advantages of the Microsoft hyperscale cloud. This simple approach can assist customers in meeting the data protection requirements of government regulations or company policies by helping them to: Understand data protection obligations. Understand the services and controls that Azure provides to help its customers meet those obligations. Understand the evidence that customers need to assert compliance. The paper is structured into these three sections, with each diving deeper into the security and technologies that help Microsoft customers to meet data protection requirements. The final section discusses specific requirements to which industries and organizations in selected European markets are subject. Download this Awesome whitepaper, “Achieving compliant data residency and security with Azure.” Learn here more on Compliance, Trust, Security and ResponsibilitiesAutomate Backup For Azure File Shares Using PowerShell For Azure Backup
Azure File storage offers shared storage for applications using the standard SMB 3.0 protocol. Microsoft Azure virtual machines and cloud services can share file data across application components via mounted shares, and on-premises applications can access file data in a share via the File storage API. Microsoft also introduced Azure File Sync service which is a new service that will allow you to centralize your file shares in Azure Files, whilst maintaining the compatibility of an on-premises file server with all the flexibility and performance benefits that provide. Any protocol installed on the Windows Server can access the Azure file share, including SMB, NFS, and FTPS. With the integration of Azure Backup service, you can protect your data in the cloud without worrying about on-premises backup solutions. This is a great solution for the hybrid cloud! In this blog, I will share with you how to automate the backup for Azure File Shares using PowerShell so you can schedule it to take snapshots at regular intervals every week, month, or year for long term retention. How To Automate Backup For Azure File Shares Using PowerShell For Azure BackupBackup of on-Premises servers Data to Azure
Hi Team, Good Day!!!, We are in the planning phase of how can we take 140 TB of on-Premises backup copy to Azure cloud with best possible way. In on-premises we have configured backup in many difference ways to store into multiple servers with Storage boxes. Some of the them applications configuration, Databases, full VM export daily .etc . All of them need to backed-up directly to cloud . Assume customer is having express route configured from one of it Primary Data center Expecting some solutions!!!. Thanks, Kesavan K M
