Contact Us

Author: snp

Cloud for Data Center Efficiency, Performance and Availability

Posted on by snp

Using cloud solutions to enhance data center efficiency, performance, and availability is a strategic approach that many organizations are adopting. Here’s an overview of how cloud technologies can optimize these aspects:

Efficiency

  • Resource Optimization:
    • Dynamic Scaling: Cloud services allow organizations to scale resources up or down based on demand, ensuring that they only pay for what they use. This prevents over-provisioning and underutilization of resources.
    • Automated Workloads: Automation tools in the cloud can manage routine tasks and workflows, freeing up IT staff to focus on more strategic initiatives.
  • Cost Management:
    • Pay-As-You-Go Model: Cloud providers offer flexible pricing structures, allowing organizations to reduce capital expenditures and convert fixed costs to variable costs, which can lead to significant savings.
  • Energy Efficiency:
    • Optimized Data Centers: Cloud providers often operate energy-efficient data centers, utilizing advanced cooling and power management technologies. Organizations can benefit from lower energy consumption by offloading workloads to the cloud.

Performance

  • High-Performance Computing (HPC):
    • Cloud platforms provide access to powerful computing resources that can handle intensive workloads, such as big data analytics, machine learning, and complex simulations, without the need for significant on-premises infrastructure.
  • Global Reach:
    • Content Delivery Networks (CDN): Cloud providers offer CDNs to deliver content quickly to users around the globe, improving the performance of web applications and services.
  • Load Balancing:
    • Cloud solutions can automatically distribute workloads across multiple servers, ensuring optimal performance and reducing the risk of bottlenecks during peak usage times.

Availability

  • Redundancy and Reliability:
    • Multi-Region Deployments: Cloud services allow for the deployment of applications and data across multiple geographic regions. This ensures high availability and disaster recovery, as services can continue operating even if one region experiences issues.
  • Automated Backups:
    • Cloud solutions often include automated backup features that regularly back up data, ensuring it can be restored quickly in case of loss or corruption.
  • Monitoring and Alerts:
    • Cloud providers offer comprehensive monitoring tools that provide insights into performance and availability. Organizations can set up alerts for any anomalies, enabling quick responses to potential issues.

Conclusion

Leveraging cloud technologies significantly enhances data center efficiency, performance, and availability. By optimizing resource utilization, reducing costs, and improving reliability, organizations can create a more agile and resilient IT environment. This not only helps in maintaining operational continuity but also positions businesses to innovate and respond swiftly to market demands. As organizations continue to embrace digital transformation, integrating cloud solutions into their data center strategy will be essential for success.

To learn more about how you can increase your data center efficiency, Contact SNP Technologies here

From DevOps to DevSecOps

Posted on by snp

DevSecOps (Development, Security & Operations) is a transformational shift in the digitally evolving IT world which incorporates secure culture, practices, and tools to drive visibility, collaboration, and agility of security into each phase of the DevOps pipeline.

Why DevSecOps is crucial for your business:

  • Continuous Security- DevSecOps uses automated security review of code and automated application security testing.
  • Increased efficiency & quality: Security issues are detected and remediated during development phases which increases the speed of delivery and enhances quality.
  • Enhanced compliance: In DevSecOps, security auditing, monitoring, and notification systems are automated and continuously monitored, which facilitates enhanced compliance.
  • Increased collaboration: By integrating development, security and operations, DevSecOps fosters a culture of openness and transparency from the earliest stages of development.

SNP’s Approach to DevSecOps:

SNP Technologies, leverages Microsoft Azure to implement a DevSecOps framework that focuses on services like:

  • Vulnerability assessment and threat investigation.
  • Automated code analysis and review.
  • Secure releases of CI/CD pipeline.
  • Huge cost savings.
  • Scalability and improved resilience by deploying microservices and containers.
  • Automated security and monitoring for enhanced compliance.

DevSecOps Implementation:

Infrastructure Security

  • This is an access control and centralized authentication mechanism.
  • Role-based Access Control (RBAC) is required for secure access to clusters and namespaces with identity managed at the container level to grant secure access to specific Azure resources.
  • Ingress controllers can be used to define internal IP addresses, so services are accessible internally.
  • Network isolation can play a key role as network policies are used to manage pod-to-pod communications or from an IP outside of the cluster.
  • Data is encrypted between apps and services; this includes both data in transit and data at rest.

Container/Pod Security

  • Pod managed identities are leveraged to secure and authenticate images and other resources in the container registry.
  • Credentials are requested and retrieved from digital vault/key vault.
  • Isolation is done at pod level security policies which enables fine-grained authorization to pods using pod security to limit access and services.

Security Management

  • Manual errors are eliminated by integrating security scanners, running security static analysis tools and scanning any pre-built container images in the build pipeline.
  • Security events on the cluster are monitored for attacks with log analytics integration.  

Why SNP?

At SNP, we help you choose and implement a right DevSecOps solution which aligns with your technology roadmap. For more information, contact us here.

Managing Data Growth with Microsoft Azure

Posted on by snp

Managing data growth effectively is crucial for organizations as they seek to harness the power of data while ensuring scalability, security, and cost efficiency. Microsoft Azure offers a robust suite of tools and services to help organizations manage their growing data needs. Here’s how Azure can assist in managing data growth:

Scalable Storage Solutions

  • Azure Blob Storage: Ideal for storing unstructured data, such as images, videos, and backups. It offers scalable capacity and redundancy options, making it easy to store and retrieve large volumes of data.
  • Azure Data Lake Storage: Designed for big data analytics, it allows you to store both structured and unstructured data at scale, with hierarchical namespace capabilities for better organization.
  • Azure Files and Azure Disks: Provide managed file shares and persistent disk storage for applications running in Azure, allowing for easy scaling as data needs grow.

Data Management and Governance

  • Azure Data Catalog: A fully managed service that helps you discover, understand, and consume data sources. It provides metadata management and data governance capabilities to ensure data quality and compliance.
  • Azure Purview: A unified data governance solution that enables you to classify, manage, and govern data across your Azure environment, providing visibility into data assets and compliance.

Data Analytics and Insights

  • Azure Synapse Analytics: An integrated analytics service that combines big data and data warehousing. It enables you to analyze large volumes of data from various sources and gain insights through powerful querying capabilities.
  • Power BI: A business analytics tool that helps visualize data and share insights across your organization, making it easier to understand data growth trends and inform strategic decisions.

Data Protection and Security

  • Azure Backup: Provides a reliable and scalable backup solution for your data, protecting against loss due to accidental deletion, corruption, or disasters.
  • Azure Security Center: Helps secure your data with advanced threat protection, providing security management and threat detection capabilities to protect your Azure resources.

Automated Scaling and Performance Management

  • Azure Autoscale: Automatically adjusts resources based on demand, ensuring that applications can handle data growth without manual intervention. This helps optimize costs while maintaining performance.
  • Azure Monitor: Provides comprehensive monitoring and analytics capabilities to track performance metrics and set alerts, helping you manage resource utilization effectively as data grows.

Cost Management and Optimization

  • Azure Cost Management and Billing: Helps track and manage cloud spending, providing insights and recommendations to optimize costs as data storage and processing requirements increase.
  • Reserved Instances: Allow you to save on compute costs by committing to a one- or three-year term, which can be beneficial as data processing needs expand.

Conclusion

Microsoft Azure provides a comprehensive suite of services and tools to help organizations manage data growth effectively. By leveraging scalable storage solutions, robust data governance, advanced analytics, and automated management features, businesses can ensure that their data infrastructure supports their growth objectives while maintaining security and cost efficiency. Embracing these Azure capabilities allows organizations to harness the power of their data and make informed, data-driven decisions.

For more information about how you can manage your data with Azure, contact our Azure experts here

SNP Collaborates with Citrix to Deliver Graphic-Intensive Solutions on Citrix Cloud and Azure

Posted on by snp

In the ever-changing IT landscape, Citrix is pushing the limits of what’s possible for our customers and partners. It’s exciting how we’re helping them use our technologies, from moving workloads to the cloud, thinning down endpoints, and tweaking our ICA protocol to maximize graphics performance.

Take one of my Citrix Service Provider partners, Connecticut-based SNP Technologies. I worked with them throughout the first half of 2019 to create an offering in the cloud that they have brought to market successfully. SNP is an entirely cloud-focused CSP, and in this blog post, I’ll share their use case and the technology they used to accomplish their goals.

SNP Technologies came to the Citrix CSP team with one goal in mind — to verticalize and go to market targeting high-end architecture, design, and engineering firms. They wanted to tackle two pain points for this niche market:

  • Minimize cost as endpoints with built-in graphics cards are expensive
  • No central way to manage and maintain security on any of the data created on these endpoints

In partnership with SNP Technologies, Citrix devised a plan to tackle these issues, leveraging the latest technologies from both Citrix and Microsoft. How did we do it? Let’s take a look at the technology landscape:

Technology in Practice:

Architecture, design, and engineering firms use graphics-intensive applications such as AutoDesk and SolidWorks, which require more than the average amount of hardware resources to operate properly. As a 100 percent cloud-focused partner, SNP Technologies naturally leveraged the Citrix Cloud Virtual Apps and Desktops service which helped in the following ways:

  • Saved on compute costs and the cost of deploying and maintaining a Citrix environment.
  • Onboarding new customers is easier and seamless.
  • SNP used GPU-enabled Azure N-Series VMs running Windows 10 to deliver the best user experience for their customers.
  • Each end user gets a high-end Windows 10 desktop in the cloud, pre-installed with the applications they need to get their work done, all while keeping the data locked down and secured from one management location.

Taking a quick glance at the cost of compute on the Azure side for the N-Series VMs, one might think, “How is this solution viable from a cost perspective?” Citrix was able to help decrease the Azure compute cost dramatically for SNP Technologies by leveraging our Autoscale feature, exclusive to the Citrix Cloud Virtual Apps and Desktops service. Autoscale enables proactive power management of machines based on load, a schedule, or a combination of both. It also supports many VDA hosting platforms, including Microsoft Azure Resource Manager. Autoscale supports SNP Technology’s 100 percent cloud-first approach, doesn’t require on-prem installations, and is built in to the Virtual Apps and Desktops service at no additional cost.

Enabling an Optimal User Experience:

Citrix graphics policies were tweaked to enable an optimal user experience. One benefit of partnering with SNP and  Citrix is that we have a team dedicated to creating graphics policies for all types of deployments. After many testing cycles, here’s what we found to be optimal:

Optimize for 3D Graphics Workload

  • This setting configures the appropriate default settings that best suit graphically intense workloads and should only be used when a GPU is available to the session.

Hardware Encoding for Video

  • This setting allows the use of graphics hardware, if available, to compress screen elements with video (H.264) codec.

Setting the Video Codec for Compression for the entire screen

  • This setting allows use of a video codec (H.264) to compress graphics when video decoding is available on the endpoint. Select “For the entire screen” to optimize for improved user experience and bandwidth, especially in cases with heavy use of server-rendered video and 3D graphics.

Setting the Target Frame Rate at the maximum of 60 Frames Per Second

  • This setting specifies the maximum number of frames per second sent from the virtual desktop to the user device. Setting a high number of frames per second improves the user experience but requires more bandwidth. By default, the maximum is 30 frames per second.

Setting Visual Quality to high

  • This setting specifies the desired visual quality for images displayed on the user device. We found that “high” worked best for our use case, and we recommend that if you require visually lossless image quality.

Graphics Status Indicator set to enabled

  • This setting will configure the graphics status indicator to run in the user session. This will allow the user to see details on the graphics mode in use, including graphics provider, encoder, hardware encoding, image quality, progressive display status, and lossless text.

Please note, depending on the specific application and use case, policies will need to be tweaked. We recommend working with your SNP or Citrix engineer to determine what best fits your needs.

Finally, from a technology perspective, SNP Technologies leveraged the Citrix Gateway service, which is included in the Citrix Virtual Apps and Desktops license. Citrix Gateway has points of presence (PoPs) all over the world, enabling users to connect to the nearest location. SNP Technologies was able to include features like high availability and global server load balancing in their branded solution for their end customers without having to stand up or configure complicated networking architectures.

This deployment was exciting because we were able to break down barriers and show what’s possible with cloud, creating a solution that can be deployed in a matter of hours, which just wasn’t possible before. As a result, SNP Technologies’ onboarding of new customers has become seamless and almost effortless. The power of Citrix and Microsoft has reached new heights, and this deployment is proof that if you aren’t thinking about a cloud-first approach, you’re missing out and you’ll probably get left behind in this ever-changing market.

This blog is authored by Neir Benyamin, Partner Sales Engineer at Citrix and Co-authored by Raviteja Beeram, Cloud Solutions Architect at SNP TechnologiesRead the complete blog here.

For more information on SNP’s graphic-intensive solutions on Citrix Cloud and Azure, contact us here.

The Azure Customer Immersion Experience: What it is and Why You Need it

Posted on by snp

Do these thoughts describe your company’s Azure cloud adoption?

  • “Cloud knowledge is essential for IT and Development on-boarding”
  • “Our teams need to get up to speed quickly”
  • “We don’t know where to start”

If so, you probably need a facilitated training on Azure cloud technologies, and the means to this end is a Azure Customer Immersion Experience, or CIE for short.

In my prior blog post, I shared 5 Tips to Discover App Innovation on Azure as a short guide to help you acclimate to the Azure cloud, with tip #3 being to “Schedule Customer Immersion Experience (CIE)”. If the sentiments I opened with above ring true, my advice is to make the CIE a high priority.

Unlike the other four tips, the CIE is a facilitated activity, as opposed to a task that relies on individual initiative. Individual initiative is difficult to track and manage, whereas with a facilitated activity you ensure that the right people are scheduled at the right time to get the right Azure training to meet on-boarding needs.

For this reason, I wanted to dedicate a full blog to tip #3.

If you have not read my prior post, I recommend you have a look at 5 Tips to Discover App Innovation on Azure, particularly tip #3, and then return to this post.

About the Microsoft CIE program

The Microsoft CIE program is an innovative training approach that favors hands-on experiences over lecture. The leader of the CIE is referred to as a “facilitator” or “emcee”, as opposed to an “instructor”. Each CIE has an over-arching topic, such as “Managing Infrastructure” or “Application Innovation”. Hands-on lab or hackfest style workshops are the training modality.

Labs for the Microsoft CIE program come from a pool of Instructor-led Labs (a total of 83, as of this writing).

The facilitator briefly introduces the CIE material and then fosters a conversational walk-through of the workshop content. Attendees are encouraged to work together and contribute to the conversation.

Facilitators are Azure knowledge workers (such as myself) who enjoy the opportunity to lead their peers through a great learning experience. The Facilitator is not necessarily an expert on all topics covered in the workshop. But this is the point of the CIE. Everyone who attends has the opportunity to share their experience, brainstorm and ask questions that the group can respond to.

To become a CIE facilitator, one participates in a three-week course and presents a customer immersion experience as their final project.

SNP’s CIE approach

At SNP, we take a hybrid approach to CIE delivery. For one, we favor a little more lecture, but certainly short of “death by PowerPoint.” We also curate workshops from a wider array of lab material produced by Microsoft and some home-grown. That is, we do not confine ourselves to the aforementioned list of labs at https://www.microsoft.com/handsonlabs/instructorledlabs.

Our CIE engagements have a single SNP facilitator. As well, SNP engineers participate as proctors to assist attendees and offer their unique technical insight.

At the onset of the CIE, attendees are provided with a virtual lab environment with all Azure resources required for the CIE. These lab environments are furnished by Microsoft at no additional cost, and are available for the day only. As the lab environments expire, customers often elect to use a company Azure subscription or the individual MSDN subscriptions of attendees. In such cases, prerequisites are furnished several days before the CIE. Typical requirements are:

  • Azure subscription
  • Azure DevOps Organization
  • Visual Studio Code
  • Visual Studio 2017 or greater
  • Git

An Example CIE for Azure Kubernetes Service

In the 5 Tips blog eluded to earlier, I summarized topics covered in an “App Innovation with Azure” 2-day workshop. To mix things up, the following CIE example targets IT and Development professionals interested in a one-day immersion into Azure Kubernetes Service (AKS), Microsoft’s managed service for Kubernetes.

This workshop takes a challenge-based approach wherein attendees are expected to work together in small “teams” to solve “challenges” including:

  • Kubernetes cluster deployment with AKS
  • MongoDB deployment on AKS
  • Setting up Azure Container Registry (ACR)
  • Packaging front-end and back-end applications as Docker containers
  • Pushing the containers to ACR
  • Use Azure DevOps to set up a CI/CD pipeline to deploy the containers on AKS
  • Scale the application
  • Monitor container performance with Azure Container Health
  • and more

The feedback from attendees of this CIE has been excellent. The collaborative format and workshop guidance is suitable for novices and those with intermediate knowledge of Kubernetes and Azure.

In Closing

As an IT professional selling cloud solutions for a living, I know that Azure can be intimidating but it doesn’t have to be. There is much that you can do on your own to get-up-to-speed, and the assistance of a Microsoft Partner such as SNP accelerates the establishment of a production-ready Azure ecosystem for your workloads.

Customer Immersion Experiences are an important tool to employ as you adopt Azure, and also to learn new Azure cloud technology that emerges on an annual basis.

Lastly, the good news!  For some qualified organizations there are funding opportunities for either the CIE itself or for next steps coming out of the CIE – pilots, POCs, etc. So, if you want to learn more, give us a call to schedule a CIE today. 

5 Tips to Discover App Innovation on Azure

Posted on by snp

“How can we use Azure Cloud to modernize our applications” is among top asks we hear at SNP from our customers. There are various motivations for the question, from an interest in re-hosting legacy applications running on on-premise servers to greenfield application development initiatives. The person posing the question knows that cloud technology has something to offer, but the territory is unexplored and mysterious.

In this blog, my aim is not to extol the virtues of Azure Web Apps, Functions, Azure managed Kubernetes or other service of the moment. Neither will I convey best practices to solve an application architecture problem with Azure technology. Rather, my intent for these tips is to help lower the veil, so to speak. Follow some or all, and you will find Azure approachable and ready to implement for your application innovation projects.

1. Play in an Azure Sandbox

If you are new to Azure, Microsoft makes it super easy to set up a FREE Azure subscription. And, if you are a Visual Studio subscriber, don’t overlook your Azure benefits.

Once you have an Azure subscription, you’ll have access to the Azure Portal, the management portal for Microsoft Azure. Log in and you are prompted to take a guided tour. It’s short and worth the trip.

 

Next, I recommend a visit to the Quickstart Center. In the portal search box, start typing “quickstart” to expose the Quickstart Center link.

Azure Portal Search for Quickstart Center

Follow the link and review the “Get started” screen. You’ll want to review the Setup guides, but if you are eager to play, dive right into the “Start a project” options. The options do not require an existing application project or database. For instance, select “Create a web app” and then “Create a CI/CD pipeline with Azure DevOps Projects.” With DevOps Project, in a few steps through its wizard UI you can:

  • Create a Web App service (for Windows or Linux)
  • Application scaffolding for a .NET, Node.js, PHP, Java, Python, Ruby, Go or C
  • Create an Azure DevOps Organization
  • Git repository with Azure Repos
  • CI/CD pipeline with Azure Pipelines

Azure Portal Quickstart Center

Note the “Take an online course” tab in the Quickstart Center. This is one of several venues for deeper Azure study. I mention other learning resources in the tips that follow.

While in Azure Portal, my next suggestion to get a sense of the scope of Azure is to follow the All services link on the left menu. From here you can see over 100 Azure service types categorized by domains, such as Compute, Networking, Storage, Web, and so forth.

The groups that are the core of solutions in Azure for app innovation are Compute, Web, Containers, Integration, Internet of Things, Databases, and DevOps. Peer into these service types to get a high-level sense of what Azure has to offer.

Azure Portal All Services view

2. Explore the Azure Architecture Center

I started our tips with the Azure subscription sandbox, but paramount to Azure app innovation is an understanding of the service tooling and how to apply it. Azure Architecture Center holds the key to learning how to get the most out of Azure.

From the navigation menu on the left and featured links on the home page, we know that this is our go-to reference for:

  • Understanding Cloud fundamentals
  • Review of example scenarios and reference architectures
  • Guidance on cloud native, application design patterns
  • And much more

Azure Architecture Center home page screen capture

After the home page, an excellent place to start is the Azure Application Architecture Guide.

After gaining a foundational understanding of cloud computing and architectures, a primary concern of development teams is to review its digital estate and determine how to go about cloud adoption. There is an excellent set of articles for this, which begins with a favorite of mine The 5 Rs of rationalization.

3. Schedule an Azure Customer Immersion Experience

I’ve saved the sales pitch for this, our third tip ☺

Customer Immersion Experience (CIE) is a program for Microsoft Partners, such as SNP, to deliver hands-on training to software delivery teams. SNP’s expert facilitators can conduct the workshop on-site or remotely. The format is a blend of PowerPoint driven lecture, instructor led demonstrations, whiteboard sessions and proctored hands-on-labs.

For an App Innovation CIE, SNP can deliver a 1/2 day to multi-day workshop tailored to the technologies you work with and the Azure resources that best correlate to your application workloads.

For example, consider the topics below that we cover in our “App Innovation with Azure” 2-day workshop. This workshop targets product owners, developers and system administrators that contribute to the application value stream.

App Innovation on Azure Cloud
Learn the benefits of cloud computing and how Azure services facilitate modernization of application workloads.

Deploy a website to Azure with Azure App Service
Learn how to create a website through the hosted web app platform in Azure App Service. Use the publishing features of Visual Studio 2017 to deploy and manage an ASP.NET Core web application hosted on Azure.

DevOps for Azure Applications
An overview of DevOps practices and their benefits, followed by a guided tour of Azure DevOps, Microsoft’s suite of tools to plan smarter, collaborate better, and ship faster.

Containers on Azure
A synopsis of the benefits of containers for application packaging, and a survey of the options in Azure for container management and deployment.

Azure Dev Spaces
A demonstration of Microsoft’s utility to test and iteratively develop your entire microservices application running in Azure Kubernetes Service (AKS) without the need to replicate or mock dependencies.

4. Do a Hands on Lab

While the structured delivery of training via the CIE model is quite beneficial, Microsoft provides hands-on-labs that can be done at your own pace. The primary resources for app innovation labs are:

Put an “Azure Immersion Monday” on your calendar, where you block out an hour or two for a lab a couple times a month.

Azure hands on lab graphic

5. Azure Podcasts, Videos and Blogs

As technologies, we know how hard it is to keep apace with the latest developments. With some discipline, it is not difficult to keep up with changes in the fast evolving Azure ecosystem. The matrix of resources below helps me and I hope you find it useful, too!

Title Format Consume in… When
Azure Podcast Podcast 30 mins Tuesday commute
Azure DevOps Podcast Podcast 45 mins Wednesday commute
Azure Friday Video 15 mins Monday morning
Azure Source blog Blog 30 mins Wednesday morning

 

 

 

 

Azure Source is a compilation of content from the prior week. I’ll often bookmark several pieces to review later over the course of the current week. This usually adds another 30 to 60 minutes to my weekly Azure content consumption.

In Closing

As you have read the tips above and started to explore Azure on your own, you have seen the breadth of Azure and understand how to navigate and explore its myriad services. If you have any tips of your own or follow up questions, please feel free to contact us.

Managing Hybrid Identities with Microsoft Azure

Posted on by snp

Today, businesses are becoming a combination of on-premises and cloud applications. Users require access to those applications which are hosted both on-premises and in the cloud. Managing users both on-premises and in the cloud poses challenging scenarios.

Microsoft’s hybrid identity solutions span on-premises and cloud-based capabilities, creating a single user identity for authentication and authorization to all resources, regardless of location or device.

Azure AD Connect integrates any user who is present or being created in an on-premise Active Directory to Azure AD. This means you have a single user identity for accessing resources present on-premise, in Azure, O365 & your SaaS applications.

 

Business Benefits of Hybrid Identities:

  • An increase in productivity by providing access anywhere, anytime
  • Create and manage a single identity for each user across all your data center-based directories, keeping attributes in sync and providing self-service and SSO for users.
  • Keep resources productive with self-service password reset and group management for both data center and cloud-based directories.
  • Organizations have complete visibility and control over security and monitoring to help reduce inappropriate user activity and spot irregularities in user behaviors
  • Enforce strong authentication to sensitive applications and information with conditional access policies and multi-factor authentication.
  • Federate identities to maintain authentication against the data center-based directory.
  • Provide SSO access to hundreds of cloud-based applications.

 

The Three Hybrid Authentication Solutions:

While hybrid identity may seem like a complex issue when it is up and running, it makes accessing data and services both internal and external while collaborating with partners and customers much simpler. To achieve hybrid identity with Azure AD, three authentication methods can be used:

 

1. Password Hash Synchronization (PHS):

Password hash sync is the simplest way to enable authentication for on-premise AD objects in Azure AD. Users can use their existing on-prem credentials for accessing cloud-based applications on Azure. Active Directory DS stores the password in a hash form which is synced to Azure AD. When a user tries to login to Azure AD, the password is run through a hashing process and the hashed value is matched with the hash value present on Azure AD. If the hash values match, the user is allowed access to the resources.

 

2. Pass-Through Authentication (PTA):

Azure Active Directory (Azure AD) Pass-through Authentication allows your users to sign in to both on-premises and cloud-based applications using the same password. While deploying the Pass-through Authentication solution, lightweight agents are installed on your existing servers. These agents should have access to the on-premise AD domain controllers and outbound access to the internet. Network traffic is encrypted which is limited to authentication requests only.

 

3. Federation Authentication (AD FS):

With the Federation authentication method, you can federate your on-premises environment with Azure AD and use this federation for authentication and authorization. This sign-in method ensures that all user authentication occurs on-premises. Azure AD redirects the users to Active Directory Federations Services (ADFS) as the authenticated domain configured as a federated domain. The ADFS server authenticates the user with on-premise AD and returns a security token to authenticate with Azure AD. The configuration of this solution is much complex as it would require one or more ADFS Proxy servers, one or more ADFS Servers and SSL certificates for implementations.

 

Why SNP?

At SNP, we help you choose and implement a hybrid identity solution which aligns with your information technology roadmap. For more information, contact us here.

Power BI is Now Available on Microsoft’s 3 Sovereign National Clouds

Posted on by snp

Microsoft Power BI and its availability on national clouds highlights important considerations for organizations. Here’s a refined summary that emphasizes the implications of using Microsoft’s national cloud services:

Benefits of Microsoft Power BI in National Clouds

Overview: Microsoft Power BI is available on three national cloud platforms, providing organizations with tailored cloud solutions that comply with local regulations and enhance data security. These national clouds are designed to meet the specific needs of governments and regulated industries by offering isolated instances of Microsoft services within the geographic boundaries of specific countries.

Key Benefits for Organizations

  1. Data Sovereignty:
    • By utilizing national cloud services, organizations can ensure that their data remains within the borders of their country, addressing concerns about data residency and compliance with local laws.
  2. Enhanced Compliance:
    • Each national cloud environment maintains separate compliance offerings and audit procedures, aligning with government regulations. This allows organizations to meet stringent compliance requirements while leveraging Microsoft’s robust cloud capabilities.
  3. Consistent Security and Privacy:
    • While the compliance frameworks may differ, Microsoft maintains high standards of security, privacy, and transparency across all its cloud environments. Organizations can trust that their data is protected at all times.

Key Services Available in Microsoft’s National Clouds

  • Microsoft Azure Services:
    • Provides hyper-scale computing, storage, networking, and identity management tailored to meet government-required levels of security and compliance. Azure safeguards data with stringent control measures and transparency.
  • Microsoft Office 365:
    • Employs a defense-in-depth security strategy that layers multiple security controls (physical, logical, and data) to protect information. This ensures that if one security area fails, others remain in place to mitigate risk.
  • Microsoft Dynamics 365:
    • A cloud-based CRM solution that enables government employees to manage data reporting and workflows securely. It includes features to restrict access to sensitive data, ensuring that only authorized personnel can view critical information.

Conclusion

Leveraging Microsoft Power BI and other Microsoft services in national clouds allows organizations to take advantage of advanced analytics and productivity tools while adhering to local regulations and maintaining high security and compliance standards. This setup not only enhances operational efficiency but also instills confidence in data management practices, making it an ideal choice for organizations in regulated environments. By prioritizing data sovereignty and robust security, businesses can fully harness the power of the cloud without compromising on compliance or safety.

If you’re interested in transforming your company’s data into rich visuals to collect and organize so you can focus on what matters to you, Contact SNP Technologies here for more details and information on Power BI.

Achieve Cloud Native Network Security with Azure Firewall

Posted on by snp

Cloud developers and IT teams struggle to stay ahead of challenges protecting users, data, and applications from today’s cybersecurity attacks. With Azure Firewall, network security policies can be enforced while allowing companies to take advantage of the scale and simplicity of Azure.

 

Azure Firewall:

The Azure Firewall is fully integrated with the Azure platform, portal UI, and services. It offers fully native firewall capabilities for all your virtual network resources, and it includes built-in high availability that lets you scale your resources automatically. Azure’s Network Security Groups (NSG) are able to allow/deny and filter TCP/UDP traffic.

 

How it works:

IT administrators can create connectivity policies using application and network filtering rules and enforce the policies across multiple subscriptions and virtual networks. The new service is built to work with Azure’s existing security services to strengthen and enhance the entire security experience.

 

Azure Firewall offers advantages like:

  • Built-in high availability: No additional load balancers are required, and there is nothing you need to configure.
  • Unrestricted cloud scalability: Azure Firewall scales automatically to accommodate changing network traffic flows, so IT administrators never need to budget for peak traffic periods.
  • Application FQDN filtering rules: Users can limit outbound HTTP/S traffic to a specified list of fully qualified domain names (FQDN), including wild cards. This feature does not require SSL termination.
  • Network traffic filtering rules: Centrally create “allow” or “deny” network filtering rules by source and destination IP address, port, and protocol. Azure Firewall is fully stateful, which enables it to distinguish legitimate packets for different types of connections. Plus, rules are enforced and logged across multiple subscriptions and virtual networks.
  • FQDN tags: FQDN tags make it easy to allow well known Azure service network traffic through the firewall.
  • Outbound SNAT support: All outbound virtual network traffic IP addresses are translated to the Azure Firewall public IP address (Source Network Address Translation). The firewall can identify and allow traffic originating from a virtual network to remote Internet destinations.
  • Inbound DNAT support: Inbound network traffic to firewall public IP address is translated (Destination Network Address Translation) and filtered to the private IP addresses on virtual networks.
  • Azure Monitor logging: All events are integrated with Azure Monitor, allowing IT administrators to archive logs to a storage account, stream events to Event Hub, or send them to Log Analytics.

 

For more information on Azure Firewall, contact SNP Technologies here.

SQL Server 2008 + 2008 R2 End of Life Support- 4 Ways to Migrate to Microsoft Azure

Posted on by snp

On July 9, 2019, Microsoft will end support and security updates for SQL Server 2008 + 2008 R2. By that date, businesses using those systems will need to have migrated their operations to new software. That presents issues not only of cost and security but availability. It’s not like you can migrate during downtime anymore. The 24/7 nature of the modern IT organization demands that you transfer on the fly to minimize service interruptions.

SNP has put together a unique process to ensure your organization has a low-risk, high-availability move to your optimal successor system for SQL Server 2008 + 2008 R2. Beyond that, this process will give you a reliable and repeatable methodology for future upgrades that includes planning, technology implementation, and validation and training.

Two Migration Paths to the Modern Cloud:

1. Migrate SQL on-premises to Azure SQL Database Managed Instances (SQL DB MI): This option gives you an intelligent, fully-managed PaaS solution that provides near 100% compatibility with SQL Server on-premises. SQL MI provides built-in high-availability and disaster recovery capabilities plus intelligent performance features and the ability to scale on the fly. SQL MI also provides a version less experience that takes away the need for manual security patching and upgrades.

2. Migrate SQL on-premises to Azure SQL VM: This is an IaaS option that provides Extended Security Updates at no additional charge above the standard pricing for Azure Virtual Machines. For customers that migrate workloads to Azure Virtual Machines, we will offer Security Updates and Bulletins rated “Critical” for SQL Server 2008 and 2008 R2.  This route to modern migration also offers you:

  • Three years of Extended Security Updates at no additional charge and the ability to upgrade to a newer version when ready
  • Built-in monitoring of security and performance for hundreds to thousands of databases at scale
  • The option to migrate SQL Server workloads to Azure with on-premises licenses
  • Significant time and resource savings with hybrid capabilities

Whichever route you choose to the cloud, or if you have no digital transformation plan, we recommend you upgrade to the most current version of SQL Server. That way, even if you cannot meet the end of support deadline, you can buy Extended Security Updates to keep the remaining servers protected until you upgrade them. Otherwise, you can choose to move to Azure by opting to rehost, refactor, rearchitect, or rebuild your workload or app. Or, you can upgrade on-premises to the latest version of Windows Server.

4 Ways to Migrate to Microsoft Azure:

  • Rehost: Migrate 2008 and 2006 R2 workloads to Azure VM or Azure SQL Database MI (No code change required). This allows organizations to maintain existing versions and editions without paying for extended support. Microsoft is extending SQL Server 2008/2008R2 support through 2022 for servers migrated to Azure.
  • Refactor, Rearchitect, or Rebuild: Innovate with Windows server containers and Azure SQL Database MI (From minimal change to new code required)
  • Upgrade: Upgrade to Windows Server 2019 or SQL Server 2019 and get cloud and DevOps ready (potential code change required)
  • Pay for Extended Support: Here the costs are exponentially higher than the other options listed above and can be short term focused.

 

For more details of information on how you can prepare for SQL Server 2008 and 2008 R2 end of support, contact an SNP representative.