Building Your Cloud Foundation Part 1: Core Configuration & Governance
The majority of enterprises (94%) are using some form of cloud computing today. An increasing number of those organizations are looking to Azure cloud services to maximize their investment in Microsoft technologies and gain scalable, powerful computing platforms.
What I have learned over my 14 years of assisting companies with their cloud initiatives is that in their rush to the cloud, they overlook key fundamentals that are essential to achieving their desired outcomes. Without building a strong Azure foundation, organizations miss vital security, compliance, and governance configurations that protect them from possible breaches and “cloud creep”. As a result, these organizations may end up overspending and miss out on some of cloud’s biggest benefits, including cost efficiency, high availability, and process improvements like automation.
To help you avoid these missteps, we’ve created a multi-part blog series featuring the six essential building blocks of a strong Azure foundation that is secure, scalable, and economical:
- Core Configuration & Governance
- Network & Interconnectivity
- Identity & Access Management
- Security & Compliance
- Operational Effectiveness
In this first installment, we’ll look at the cornerstone of your cloud foundation: Core Configuration & Governance. This first area of focus establishes your cloud policy, or the way your organization consumes and manages cloud resources. Governance can sometimes be a sprawling and even intimidating practice. But in this blog, you’ll learn that by establishing proper scope and mitigating tangible risks through corporate policy and standards, you can lay the groundwork for future success.
Why is governance so important?
Think of cloud governance as the guardrails that keep cloud from becoming the Wild, Wild West of computing environments. The primary goal is to mitigate risk and control cloud resources through standardized principles while still allowing appropriate access and functionality. Your governance efforts actually go hand-in-hand with your cost optimization goals because they enable resource monitoring and controls that help your organization avoid overages and sprawl.
Rather than developing your cloud governance from scratch, the Azure Governance Scaffold and its pillars give you a ready framework to build on. The management and implementation of your Management Groups and Azure subscriptions, as well as the associated policies, are tied to various aspects of this scaffold.
How is governance implemented within Azure?
Microsoft’s Cloud Adoption Framework governance model identifies the key areas of importance when building your Governance minimum viable product (MVP). Aligning with this framework is key to an organization’s success.
Managing cloud expenses within Azure involves evaluating and monitoring your existing costs, limiting IT spend and creating cost accountability while still being able to scale to meet new demands.
Tools to use for cost management include Azure Blueprints, Azure Policy, Azure Cost Management, Azure Advisor, and the main Azure Portal itself.
We’ll be digging deeper into Azure security later in this blog series, but it’s important to set a baseline for these efforts with your governance compliance guardrails.
Tools to use for baseline security within Azure include Azure Blueprints, Azure Policy, Azure Security Center, Azure Sentinel, Azure Networking, Hybrid Identity, and Azure Automation.
You need to keep your cloud environment organized so you can maintain your governance as it grows over time and your cloud resources remain tailored to your requirements. Resource Consistency efforts are designed to help you do this by focusing on configuration, on-boarding, recovery, and discoverability for your adoption efforts.
Tools to use for Resource Consistency include Azure Blueprints, Azure Policy, Azure Monitor, Azure Advisor, Resource Manager Templates, Resource Graph, and Management Groups.
Identity Management is also the subject of a later post, but similar to Security, you will need to implement baseline ID and Access Management capabilities for your Azure foundation. This baseline will ensure consistent role definitions and assignments.
Tools to use for Identity Baseline include Azure Blueprints, Role-based Access Controls, Azure Active Directory, Directory Federation, and Directory Replication.
One of the primary advantages of the cloud is being able to rapidly stand up new resources and services. Deployment Acceleration helps you achieve this through deployment templates that enable centralized management, consistency, and standardization.
Tools to use for Deployment Acceleration include Azure Blueprint, Azure Policy, Resource Grouping and Tagging, Resource Manager Templates, Azure Advisor, Azure DevOps, Azure Site Recovery, Azure Backup, and Azure Automation.
Azure Governance Best Practices
The following best practices can help you avoid common setbacks and optimize outcomes when setting up your initial governance foundation. Keep in mind, these are general recommendations. An Azure Readiness Assessment can provide more specific remediation steps based on your actual environment.
Your framework helps ensure that consistent standards are applied when implementing cloud resources. It is critical that you document all standards and configurations as part of this framework. In other words, be sure to record each of the following best practice areas within your overarching governance policy.
Role-based Access Controls (RBAC)
RBAC helps simplify administration while defining clear separation of duties. It does so by grouping users according to their role within the organization and the level of access and control they require within your cloud subscriptions. This ensures that each role is designated access only to specific areas and resources they require to do their job.
Using a naming convention for cloud resources is probably second nature for many IT administrators who are accustomed to naming virtual servers and other resources. However, it is worth reinforcing that naming standards make administration much easier and can help reduce break-fix actions.
Azure Policy enforces rules within your cloud environment around deployments, cost, and licensing. You should use it to configure rules for sizing, service, and deployment, as well as cost policy, app policy, and usage policy.
Similar to naming standards, Resource Tags can help keep things organized and easy to manage. They can be used for granular reporting and cost analysis, so be sure to tag every resource using a standardized method.
The beauty of the cloud is in its ability to scale up and down according to your needs. By scheduling resources to run when workloads are actually being used, you can dramatically reduce your cost over time.
Scaling & Automated Provisioning
Azure automation tools are powerful allies to keep your resources right-sized, whether they’re being used for automated scaling and new provisioning or decommissioning resources as required. Performance triggers are one method to activate automation rules and adjust cloud resources according to current demand.
One way to improve cost optimization within Azure is the use of Reserved Instances. For steady workloads, you can significantly reduce costs compared to Pay as You Go pricing by using one- or three-year upfront payments. You can still exchange or cancel these instances should you need to adjust your resources unexpectedly.
By embracing the Microsoft Cloud Adoption Framework and Governance foundation guidance you can avoid improper implementation and having to comeback and rework what has already been done. Learn how Lunavi can help you plan your cloud governance policy and implement these best practices within your Azure environment.
In my next post, we’ll examine how to implement and capitalize on Network & Interconnectivity best practices for your Azure Foundation.