The following article explains the architecture of Microsoft Azure and we examine a scenario that was taken from the Azure Architecture weblog
This architecture is about the DevSecops concept, and I will explain each service that I have used here. This architecture is about GitHub security. Component Explanation is as follows:
1) GitHub
It is a place where developers or code designers will use it to push or pull the code. It is a distributed version control system. The code can be pushed via Visual Studio Code or locally. Here we have used Visual Studio Code as GitHub code spaces. Along with GitHub, we have added some security features associated with it, like Microsoft Azure AD and GitHub security.
2) Azure Active Directory with Multifactor Authentication
It is a multi-tenant, cloud-based identity service that controls access to Azure and GitHub. Azure AD can be configured as the identity provider for GitHub, and multi-factor authentication can be enabled for extra security.
3) GitHub Security
It works to eliminate threats in many ways. Agents and services identify vulnerabilities in repositories and independent packages. They also upgrade dependencies to up-to-date, secure versions. It can be used for version control.
4) GitHub Actions
It is used for deploying the ARM templates, which are used for deploying the code as well as structure provisioning in Azure. It can be used for deploying PAAS platforms like web apps.
5) Azure Resource Manager
It uses JSON templates to describe the resources involved in deployment. Teams can also manage these template documents by using DevOps tools, like version control, code collaboration, and CI/CD workflows.
6) Azure App Service
It provides a platform for building and deploying scalable web apps. This platform is often used for patching and scaling the applications in web apps.
7) Microsoft Azure policy
This generally helps the IT team with policy definitions that you make. For example, if you want to deploy a web app of a particular configuration and during the deployment, the policy of making doesn't match, then the alert that is configured for this gets triggered and stops you from making the deployment.
Microsoft Defender for Cloud provides unified security management for hybrid cloud deployments.
9) Microsoft Azure Monitor It is used to provide a UI representation for logs and metrics. When this service of Azure identifies any irregular conditions, it alerts all the apps and personnel that you have created. Working on this Architecture The user pushes the code to the GitHub repository and, whether the user is authentic or not, it gets identified by Azure AD where you get the MFA and identity of the user. Then GitHub actions get triggered with a check in GitHub security. GitHub security does code scanning in the following ways:
Secret Scanning- It inspects repositories or commits for any tokens, keys, or secrets that appear in code. Other users can be notified that secrets have leaked into public view, and service providers can be notified that one of their secrets has leaked. Service providers can optionally revoke or renew the secrets.
Code Scanning- It inspects code for known vulnerabilities and coding errors. As an example, if a developer leaves a database connection string exposed in code, this feature discovers the secret. GitHub starts the process of obtaining an uncompromised string after verifying its validity with the database. The GitHub actions start deploying the ARM templates to Azure in which we have written a JSON code for deploying the web app as infrastructure and the code is deployed through GitHub actions.
How much costlier this architecture will be?
Cost optimization is always about looking at ways to reduce unnecessary expenses and improve operational efficiencies. It has always been a concern for the IT industry. The client needs the best security architecture with the lowest expenses.
If possible, use Linux to host actions. It can be a dual benefit because it is cost-effective and, as well as it can be security-wise, a good deal. In addition, the choice of an operating system that hosts Actions jobs affects the per-minute consumption rate and per-minute cost. Address issues during programming, rather than issuing them about a month later, so that developers don't need to refresh their knowledge of the code. Please create a budget-related alert in Azure so that you can get notified before it exceeds. Have a look at the configuration of the web apps that you have created. Scaling can be helpful, but only when it is needed. Look at the region where you want to create the resource in Azure.
Do you want to upgrade your Windows server, migrate your application, or upgrade your SharePoint server to the cloud but don’t know where to start?
Upgrading Windows, SharePoint and Exchange can be a daunting process. With complicated steps and uncertain outcomes, how can you trust the job will be done right? Azure Architecture and Microsoft Azure are here to help. Irish Taylor’s team is knowledgeable in Windows server upgrades, application migrations and upgrades, SharePoint server migrations and upgrades to newer versions, and even Microsoft Exchange upgrades and migrations to Exchange Online. Upgrade and migrate with confidence when you trust Azure Architecture and Microsoft Azure
Comments