Contact Us

Category: Technology

Azure’s Software Defined Connectivity — Virtual WAN

Posted on by snp

The hybrid cloud network consists of both physical and virtualized technologies to provide connectivity across Cloud, private data centers, on-premises, and branch offices. To help customers with their massive modernization efforts, SNP leverages the Azure Virtual WAN to build and deploy applications while simplifying branch connectivity. 

Azure Virtual WAN:

Azure’s Virtual WAN is software-defined connectivity that allows you to take advantage of optimized and automated branch connectivity on a global scale with Azure. Virtual WAN provides a better networking experience by seamlessly connecting branches to Azure with SDWAN & VPN devices (i.e., Customer Premises Equipment or CPE) with built-in ease of use and configuration management. It also provides security and routing functionalities to provide a single operational interface.

  • Branch connectivity (via connectivity automation from Virtual WAN Partner devices such as SD-WAN or VPN CPE).
  • Site-to-site VPN connectivity.
  • Remote user VPN connectivity (point-to-site).
  • Private connectivity (ExpressRoute).
  • Intra-cloud connectivity (transitive connectivity for virtual networks).
  • VPN ExpressRoute inter-connectivity.
  • Routing, Azure Firewall, and encryption for private connectivity.

 

How it works:

Traffic from branches goes into Microsoft’s network at the Microsoft edge site which is closest to a given branch office. Currently, there are 130 of these sites in the Microsoft global network. Once traffic is within the network, it can terminate one of your Virtual WAN’s virtual hubs. 

 

Azure’s Virtual WAN offers benefits like:

  • Integrated connectivity solutions in hub and spoke: Automate site-to-site configuration and connectivity between on-premises branch office and an Azure hub.
  • Automated spoke setup and configuration: Connect virtual networks and workloads to the Azure hub seamlessly.
  • Intuitive troubleshooting: Ability to see the end-to-end flow within Azure, and then use this information to take required actions.
  • Massive scalability with software-defined connectivityConnect global branch offices, point-of-sale locations, and sites using Azure and the Microsoft global network.
  • Optimize security and agility: Leverage secure transport network services and integrated firewall capabilities to ensure the secure delivery of all applications across your hybrid enterprise. Securely identify and manage the performance of today’s modern and encrypted applications running over SSL, TLS, and HTTPS.
  • One place for managing your network: Quickly respond to the needs of your business with application-centric, business intent-based policies that are centrally managed and applied network-wide across all remote locations.
  • Reduced costs: Maximize the use of redundancy and lower-cost connectivity options with zero-touch provisioning and centralized management to reduce the cost of deploying and maintaining a hybrid WAN architecture.
  • Reliability: Create a highly available WAN architecture that virtualizes and dynamically leverages multiple links at remote locations. Retain end-to-end visibility of network performance and end-user experience for troubleshooting and problem resolution.
  • Performance: Deliver superior application performance to your business with the industry-leading WAN optimization solution from SNP.

 

For more information on Azure Virtual WAN, contact SNP Technologies here.

Ensure PaaS Resources Are Private in Your Hybrid Cloud

Posted on by snp

Use a secure hub-spoke network architecture and Azure Policies to enforce the use of Private Endpoints in a hub’s centralized, private DNS zone.

Security is a leading concern as enterprises adopt hybrid cloud strategies and a challenging one at that. At SNP Technologies, we have hybrid security solutions to meet the stringent security requirements of our customers.

In this article, we highlight the scenario wherein the organization has adopted Azure managed resources, such as Azure SQL Database and Azure App Service, in their hybrid cloud solution architecture. These so-called “platform-as-a-services” resources (or PaaS for short) are exposed to the public internet by default.

Hence, the challenge is how to reign in the PaaS resources, so their traffic only flows over the organization’s private network. The solution entails the integration of DNS zones with private endpoints and the use of government policies to enforce the security configuration for each PaaS resource added to the network.

First, we discuss a recommended network architecture to fulfill this requirement. Then we provide examples of governance policies designed by SNP that enforce secure practices for private IP range integration and name resolution. These methods solve many hybrid cloud solution architecture concerns, like:

  • Configuring a Hub & Spoke network model with an Azure private DNS zone
  • Handling the redirect of DNS queries originating from on-premises to an Azure private DNS zone via a private IP
  • Providing an Azure Virtual Network private IP for Azure managed (PaaS) resources (e.g., Azure SQL, App Service)
  • Connecting Azure PaaS resources to Azure private DNS zones for DNS resolution
  • Blocking public endpoints on Azure PaaS resources
  • Deploying PaaS resources on different subscriptions within the same tenant

Networking Solution

Figure 1 illustrates the architecture designed by SNP engineers to secure a hybrid cloud having PaaS resources. This example has an Azure SQL database and the architecture features:

  1. For the on-premises network, the Active Directory DNS servers are configured with conditional forwarders for each private endpoint public DNS zone, such as *.database.windows.net* and *.windows.net*. These are then pointed to the DNS server hosted in the Hub VNet in Azure.
  2. The DNS server hosted in the hub VNet on Azure uses the Azure-provided DNS resolver (168.63.129.16) as a forwarder.
  3. The virtual network used as a hub VNet is linked to the Private DNS zone for Azure services names, such as privatelink.database.windows.net.
  4. The spoke virtual network is only configured with hub VNet DNS servers and will send requests to DNS servers.
  5. When the DNS servers hosted on Azure VNet are not the authoritative Active Directory domain names, conditional forwarders for the private link domains are set up on on-premises DNS servers pointing to the azure DNS forwarders.

Figure 1

 

Governance Solution

A ensure private networking for PaaS resources, the following conditions should be met:

  • The PaaS resource has a private endpoint, not a public endpoint
  • A DNS record for the PaaS resource is entered in the central, private DNS zone for the entire network

Below we describe three policies that work together to ensure these conditions are met.

Please note that the policies are customized and not built-in Azure policies (e.g. Azure Policy samples). In the list of resources provided at the end of this article is a link to a tutorial on how to create a custom policy definition in Azure.

Policy 1: Disable public endpoint for PaaS services

Why: Access to endpoints are by default accessible over the public internet.

How: This policy prevents users from creating Azure PaaS services with public endpoints and invokes an error if the private endpoint is not configured at resource creation.

Note: In Azure, the resource that enables the private endpoint is Azure Private Link. Please refer to the Resources section at the end of this article for links to related Azure documentation.

Figure 2 depicts the Azure Portal screen when the policy criteria is not met:

1. Validation fails because of the governance policy

2. Error Details indicate the Azure Policy that disallows the Public Endpoint creation

3. In the Networking section we see that “Private endpoint” setting is set to “None”

4. Once the Private endpoint is added, the policy validation passes (Figure 3)

Figure 2

Networking Solution for Ensure PaaS Resources Are Private in Your Hybrid Cloud

 

Figure 3

Networking Solution for Ensure PaaS Resources Are Private in Your Hybrid Cloud

Policy 2: Deny creation of a private DNS zone with a Private Link prefix

Why: By default, when you create a private endpoint, a private DNS zone is created on each spoke subscription.

As a centralized DNS with a conditional forwarder and private DNS zones is used in our architecture, we need to prevent the user from creating their own Private Link, private DNS zones for each new resource added to the network. If ungoverned, sprawl would occur.

How: This policy prevents creation of a private DNS zone with a Private Link prefix in the spoke subscriptions. With Policy 3 that follows, we associate the newly created resource with a central, private DNS zone already in the hub.

Figure 4 shows the Azure Portal screen when the policy criteria is not met, and user tries to deploy a DNS zone for a Private Link.

1. Deployment fails due to policy

2. Error Details shows the Azure Policy that denied creation of resource and the reason

Figure 4

Networking Solution for Ensure PaaS Resources Are Private in Your Hybrid Cloud

To avoid the deployment error, during resource creation, users must set the “Integrate with private DNS zone” to “No” (Figure 5).

Figure 5

Networking Solution for Ensure PaaS Resources Are Private in Your Hybrid Cloud

 

If the user tries to create a private endpoint with Private link integration, then the policy will deny creation of the resource during validation as depicted in Figure 6, the Azure Portal resource creation screen when the “Integrate with DNS private zone?” setting is set to “Yes”.

1. Integrate with Private DNS Zone is set to “Yes”.

2. Error details reference the policy that denied creation of resource, and reason.

Figure 6

Networking Solution for Ensure PaaS Resources Are Private in Your Hybrid Cloud

 

Figure 7 depicts the Azure Portal screen when the “Integrate with DNS private zone?” setting is set to “No”.

3. The setting is observed in the Networking configuration

4. Policy validation passes

Figure 7

Networking Solution for Ensure PaaS Resources Are Private in Your Hybrid Cloud

Policy 3: “Deploy If Not Exists” policy to automate DNS entries

Why: As described above, since the “Integrate with DNS private zone?” setting is set to “No”, a DNS zone for the Private Link is not created. Therefore, we need to have a method to integrate the Private Link with the centralized DNS zone of the hub. Out of the box, Azure does not provide this option during resource creation.

How: We use a Remediation policy to automate the DNS entry. Within Azure, resources that are non-compliant to a deployIfNotExists policy can be put into a compliant state through Remediation.

The Azure portal screen captures below depict the policy remediation plan:

1. In Figure 8 we see the policy to remediate. The Remediation task is to automatically  add the Azure Resource DNS record to the central private DNS zone.

2. Figure 9 shows that the remediation policy successfully added the DNS entries on the private DNS zone for the respective Private Link DNS records.

Figure 8

Networking Solution for Ensure PaaS Resources Are Private in Your Hybrid Cloud

 

Figure 9

Networking Solution for Ensure PaaS Resources Are Private in Your Hybrid Cloud

 

Conclusion

In this article we have shown how one can securely deploy Azure PaaS resources with private endpoints. While thoughtful hybrid network planning is a given, Azure governance is an ingredient for success that is often overlooked. We hope you explore the resources provided below to learn more about Azure Private Link, how DNS in Azure is managed and how Azure Policy can automate the governance of resource creation once the network and security foundation is in place. Contact SNP Technologies here.

Resources

Simplify Cloud Security Across Hybrid & Multicloud with Azure Arc

Posted on by snp

Cloud infrastructure usage has seen tremendous growth in the past few years. As an established Microsoft Gold Partner, SNP is in a unique position where we help our customers build and manage their Cloud platform securely.

Leveraging Microsoft Azure,  we are blurring the lines between the traditional categories of platform and management as we deliver an open cloud platform that has built-in security and operations management – and can still meet the needs of our large enterprise customers.

Some of the key features that can help you monitor, secure, and manage your hybrid cloud with the broad built-in security and management capabilities are:

Azure Governance and Compliance: 

The Azure governance features help implement governance across environments, helps in creating hierarchies, applying Azure policies, creating blueprints, inventory management and optimize cost using Azure Cost management.

Azure Cost Management:

Cost management is a critical concern for many businesses, but with this feature now available for customers and partners for free, Azure spend can be managed and optimized seamlessly across Azure, AWS, and Google Cloud Platforms.

Microsoft Defender for Cloud for Hybrid Workloads:

Microsoft Defender for Cloud helps you protect all workloads running in Azure, on-premises and in other cloud platforms from cyber threats. With the recent release of new capabilities, customers can better detect and defend against advanced threats, automate and orchestrate security workflows, and streamline the investigation of threats.

Azure Auto Manage for Virtual Machines:

This feature simplifies the process of the entire VM life cycle by enrolling services like Microsoft Defender for Cloud, VM inventory, backup, VM insights, update management, change tracking, DSC, guest configuration, and more to your existing virtual machines.

End-to-End Monitoring of Applications & Infrastructure:

The new Azure monitor user experience centralizes the monitoring services together, so that you can get visibility across your infrastructure and applications. In addition, the application insights feature has been further optimized for application performance monitoring and failure diagnostics in applications.

Azure Arc – Hybrid Workload Management:

Customers can now manage their hybrid server infrastructure located on-premises or another cloud platform (AWS, Google, etc.). Azure Arc can deliver the following products and features for hybrid servers- Inventory with single plane of management experience, update management, Azure policies, Microsoft Defender for Cloud, integration of device logs with Sentinel, Azure automation, track configuration changes, auto manage for Arc enabled servers, efficiently manage Windows and Linux virtual machines in Azure, and across hybrid environments.

For more details of information on Hybrid Cloud Security & Management, contact an SNP representative

 

SNP’s Hybrid Cloud Adoption Framework for Azure

Posted on by snp

SNP’s Hybrid Cloud Adoption Framework for Azure provides a structured approach to help organizations transition to a hybrid cloud model effectively. This framework is designed to streamline the adoption process, ensuring alignment with business goals while leveraging the capabilities of Azure. Here’s an overview of the framework’s key components:

Assessment and Strategy Development

  • Current State Analysis: Evaluate the existing IT landscape, including applications, infrastructure, and data. Identify workloads that are suitable for migration to the cloud.
  • Business Objectives Alignment: Understand the organization’s goals, such as cost savings, scalability, or improved agility, to align the cloud strategy with overall business objectives.

Design and Architecture

  • Hybrid Architecture Blueprint: Create a detailed architecture plan that incorporates both on-premises and Azure resources. Define how data and applications will interact across environments.
  • Best Practices: Implement Azure best practices for security, compliance, and performance to ensure a robust hybrid architecture.

Migration Planning

  • Workload Prioritization: Prioritize workloads for migration based on factors like complexity, business impact, and readiness.
  • Migration Pathways: Determine the migration approach—whether lift-and-shift, refactoring, or rearchitecting—and create a detailed migration plan.

Implementation and Deployment

  • Execution: Implement the migration plan, moving workloads and data to Azure as per the established timelines.
  • Automation: Leverage Azure tools for automating deployment and configuration, reducing manual effort and minimizing errors.

Integration and Optimization

  • Seamless Integration: Ensure that on-premises systems and Azure services are integrated smoothly for consistent data flow and application performance.
  • Performance Tuning: Continuously monitor and optimize workloads in Azure to ensure they perform efficiently and meet user expectations.

Governance and Compliance

  • Policy Framework: Establish governance policies to manage resources across hybrid environments, ensuring compliance with regulatory requirements.
  • Security Posture Management: Implement Azure Security Center and other tools to monitor security and compliance across the hybrid environment.

Monitoring and Support

  • Continuous Monitoring: Use Azure Monitor and Azure Application Insights to track performance and health of both on-premises and Azure resources.
  • Support Mechanisms: Set up support structures for ongoing management, maintenance, and troubleshooting of hybrid cloud environments.

Innovation and Evolution

  • Continuous Improvement: Foster a culture of continuous improvement by regularly reviewing and updating the hybrid cloud strategy to adapt to changing business needs.
  • Emerging Technologies: Stay informed about new Azure features and services that can enhance the hybrid cloud strategy, such as AI, machine learning, and advanced analytics.

Conclusion

SNP’s Hybrid Cloud Adoption Framework for Azure provides organizations with a comprehensive roadmap for successful hybrid cloud adoption. By focusing on assessment, design, migration, integration, governance, and continuous improvement, organizations can maximize the benefits of a hybrid cloud strategy, ensuring scalability, agility, and enhanced performance while aligning with their business objectives. Contact SNP here.

 

Step-by-Step Guide to Migrating Aderant Legal Software System to Azure

Posted on by snp

The legal or law industry has changed a great deal in recent years. Increasing client demands, globalization, and greater IT complexity have all affected firm profitability. The requirement to have a comprehensive, agile, and user-friendly financial and practice management system to manage operations and support key decision making has now moved beyond a functional need to a strategic requirement. Therefore, choosing the right system demands much more than comparing software functionality.

Often when law firms consider the idea of “moving to the cloud,” they think it is changing their existing software entirely, abandoning their current legal software and switching to a web-based application. But this is not required with Aderant. Law firms can keep their existing software and still get the benefits of the Cloud via a fully managed private cloud platform.

If you are not already familiar, Aderant is  a fantastic tool that assists law firms in handling their invoicing, payments received, managing their cases, and generating helpful financial reports to determine the fiscal health of the firm.

 

Getting Started with SNP Technologies Inc.

A well-planned, well-executed implementation minimizes disruption and avoids negative consequences. If you are like most law firms, your team has not implemented a new practice management system in many years. Selecting a partner with experience is important to your success. This is where we come in.

  • The SNP professional services teams have extensive experience of moving data, on-premises servers, applications, and other business elements used by law firms to the Cloud.
  • Our solution experts come with years of experience of  implementing practice management systems to Azure for many firms like yours.
  • Our services professionals have extensive knowledge and deep understanding of the challenges a law firm will face when they take on a system conversion.
  • SNP will guide you every step of the way and help you to stay on track, meet your business objectives, and get your system up and running on time and within budget.

 

In this blog, we will walk you through some of the challenges you may come across while migrating your Aderant system to the Cloud and how SNP can help you overcome them to achieve better and reliable performance while making optimal use of your resources.

Because Aderant is most often installed on physical servers located within a law office, all the components are connected via LAN, this directly impacts the network, storage connectivity mechanism and performance of the system causing bottlenecks while migrating to Azure.

 

A Better Way: Responsive, Knowledgeable Product Support Keeps your Firm Up & Running

The best way to move Aderant to the cloud is to leverage a fully managed private cloud platform from Azure. You get to avoid the hassle that often comes with not understanding how to install or manage all the components required. You get to just enjoy using Aderant from the cloud. A fully managed private cloud from Azure results in more uptime as well as knowing that you have a team of experts on your side to install and manage Aderant while providing you with the support you need. How we do it:

VIRTUAL MACHINE & DISK PERFORMANCE:

Key factors to consider while selecting the resource to host your Aderant system:

  • How the disk model and size you choose defines the Input Output (IO) cap
  • What generation of the virtual machine and size define the Input Output (IO) cap?
  • How the virtual machine and disk combination affects the total Input Output (IO) cap
  • How host caching feature affects the disk Input Output cap and how it improves overall Input Output cap of the virtual machine.

Azure virtual machines have input/output operations per second (IOPS) and throughput performance limits based on the virtual machine type and size. The disks have their own IOPS and throughput limits. Aderant’s efficient performance depends on size of the VM, type and size of disks which we select.

Here we cover several scenarios which are considered while moving to Azure:

Scenario 1: Aderant hosted on an on-premises data center

Scenario 2: How application performance gets capped due to disk input output capping

Aderant makes a query that need 25,000 IOPS. As it is a D16s_v3 and it has 25600 IOPS limit, IOPS requested by application are allowed. The 25,000 IOPS requests are broken down into four different requests. 8,000 IOPS are requested to each of 3 data disks and 1000 IOPS to OS disk. As shown in above diagram, OS disk is P15 with a limit of 1100 IOPS and as application requested 1000 IOPS, it responds to the request with 1000 IOPS. Data disk for temp DB is P40 with a limit of 7500 and as application requested 8000 IOPS, it responds with 7500 IOPS only. Data disk for Logs is P50 with a limit of 7500 and as application requested 8000 IOPS, it responds with 7500 IOPS only. Data disk with DB is P60 with a limit of 16000 and as application requested 8000 IOPS, it responds with 8000. The application’s performance is capped by the attached disks, and it can only process 24,000 IOPS.

  • VM Size – D16s_v3
  • OS Disk – P15 (256 GB with 1100 IOPS)
  • Data Disk for DB – P60 (8TB with 16000 IOPS)
  • Data disk for Logs ­– P50 (4TB with 7500 IOPS)
  • Data disk for TempDB – P40 (2TB with 7500 IOPS)

How application performance gets capped due to disk input output capping

Scenario 3: How application performance gets capped due to VM IO capping

Aderant makes a query that need 25,000 IOPS. As it is a D8s_v3 and it has 12800 IOPS limit, IOPS requested by application are capped at 12800. Though the attached disks combinedly can handle the IOPS requested by application, it does not perform due to VM IOPS limit.

  • VM Size – D8s_v3
  • OS Disk – P15 (256 GB with 1100 IOPS)
  • Data Disk for DB – P60 (8TB with 16000 IOPS)
  • Data disk for Logs ­– P60 (8TB with 16000 IOPS)
  • Data disk for TempDB – P60 (8TB with 16000 IOPS)

How application performance gets capped due to VM IO cappingBy looking at the above two examples, anyone can conclude that application performs better using the disk configurations in example 2 and using VM configuration in example 1. But how can you further refine these configurations to cut down cost as using D16s_v3 is 100% more expensive as compared to D8s_v3?

 

Scenario 4: Hosting the caching feature for disks to make the application work with D8s_v3

Aderant makes a query that need 25,000 IOPS. As host caching is enabled on the data disk for logs and the other data disk for temp DB, IOPS request is divided into two sets. As these both data disks are receiving 16000 IOPS requests from application and as host caching is enabled on these disks, they can serve the 16000 IOPS which are not counted into 12800 uncached limit of VM.

Azure VMs enabled with host caching has two different IOPS limits. Cached IOPS limit and Uncached IOPS limit. D8s_v3 has max cached limit of 16000 IOPS and uncached limit of 12800.

  • VM Size – D8s_v3
  • OS Disk – P15 (256 GB with 1100 IOPS)
  • Data Disk for DB – P60 (8TB with 16000 IOPS)
  • Data disk for Logs ­– P60 (8TB with 16000 IOPS)
  •  Data disk for TempDB – P60 (8TB with 16000 IOPS)

Hosting the caching feature for disks to make the application work with D8s_v3.

APPLICATION & SERVER LOAD BALANCING FOR ADERANT

You may be using 3rd party load balancers like Kent, F5 or NetScaler to facilitate load balancing for Aderant application servers. You may also be considering whether you need to have the same appliance deployed in Azure which will be easy for your administrators to manage or replacing it with Azure native load balancer. Majority of these load balancers mask the client IP with load balancer IP and presents it as the source to the application servers. Due to this you may not face an issue while opting persistence, but can you do same with Azure load balancer?

Yes. It is possible. You can use Azure standard load balancer with session persistence enabled for client IP and it works great with Aderant app servers.

 

TESTING

Planning and creating a testing strategy for such a performance sensitive application is key to successful migration. Testing with limited load and limited users will give an idea about application functionality but it does not give you a choice to test the application reaction for usual heavy load created on daily basis. Identify the test cases for various Aderant expert modules, run the test cases in production environment, make a note of time, execute the same test cases in test environment and performing a comparison will give insights on the performance of the system. By performing similar activity as above by on boarding few users to test environment and asking them to perform their regular activities will give you the information and data you need to fine tune the infrastructure to be production ready.

 

CONCLUSION: MODERN TECHNOLOGY + NON-DISRUPTIVE MIGRATIONS + GOOD CUSTOMER EXPERIENCE = SUCCESS

SNP’s dedicated professional services and support teams come with years of experience to help you implement practice management systems that can easily be configured to meet your exact business requirements with ongoing support you need to maintain peak operations.

SNP is a partner you can trust to ensure that your financial and practice management system provides the functionality you need to run your firm and support your strategic goals for years to come. The operational benefits that our clients gain include:

  • Access to cutting-edge functionality with Azure.
  • Reduced integration issues.
  • Extremely responsive and knowledgeable client support.
  • The ability to participate in new product development.
  • Eliminating the hassle of working with multiple vendors.
  • Faster deployment and higher user adoption rates.
  • Lower total cost of ownership.

 

These benefits then lead directly to the things that really impact your success:
  • Responding to client requests (new pricing models, billing information, matter status, etc.) faster.
  • Getting actionable performance management data to accurately track performance and enable smart decision making.
  • A stronger infrastructure that enables you to better leverage new opportunities for the success of both your partners and your staff.

 

If you are considering a new practice and financial management system or your law firm already uses Aderant as a practice management tool and you’d like to learn more about hosting it from Azure, contact SNP, we would love to help you explore how Azure cloud can benefit your law firm!

SNP Collaborates with Citrix to Deliver an On-demand Webinar on How You Can Migrate your Citrix Environment to Azure

Posted on by snp

It is anticipated, by 2023, the Desktop-as-a-Service (DaaS) market is expected to grow by 29%, as more and more companies reap the benefits of a cloud workspace. But what exactly are these benefits and how do they differ from those currently seen on-premises?

For businesses adopting a cloud-first strategy, desktop migration is the next natural step. As Citrix and SNP Technologies continues to forge a winning partnership with Microsoft Azure, there is no better time to make the leap to securer, cost effective, and more flexible desktop delivery.

Our solution experts will show you:

  • How you can seamlessly deliver and manage the users’ apps, desktops, data, and devices.
  • Successfully and most efficiently scale desktops and applications to the cloud.
  • Build a strategy for migrating infrastructure and virtual desktops to the cloud.
  • How to proactively test the VDI related user experience from all your remote locations.
  • Get insights to optimize and right-size your infrastructure, avoid downtime and improve datacenter efficiency, invest wisely and reduce the cost and complexity of IT operations management.
  • Drill down into the technical aspects of deployment, including recommendations on Azure compute, network, and storage, key Citrix infrastructure components, and Azure business continuity.
  • How to optimize the performance and availability of hosted desktops and applications.

 

Watch the webinar on-demand

 

From DevOps to DevSecOps

Posted on by snp

DevSecOps (Development, Security & Operations) is a transformational shift in the digitally evolving IT world which incorporates secure culture, practices, and tools to drive visibility, collaboration, and agility of security into each phase of the DevOps pipeline.

Why DevSecOps is crucial for your business:

  • Continuous Security- DevSecOps uses automated security review of code and automated application security testing.
  • Increased efficiency & quality: Security issues are detected and remediated during development phases which increases the speed of delivery and enhances quality.
  • Enhanced compliance: In DevSecOps, security auditing, monitoring, and notification systems are automated and continuously monitored, which facilitates enhanced compliance.
  • Increased collaboration: By integrating development, security and operations, DevSecOps fosters a culture of openness and transparency from the earliest stages of development.

SNP’s Approach to DevSecOps:

SNP Technologies, leverages Microsoft Azure to implement a DevSecOps framework that focuses on services like:

  • Vulnerability assessment and threat investigation.
  • Automated code analysis and review.
  • Secure releases of CI/CD pipeline.
  • Huge cost savings.
  • Scalability and improved resilience by deploying microservices and containers.
  • Automated security and monitoring for enhanced compliance.

DevSecOps Implementation:

Infrastructure Security

  • This is an access control and centralized authentication mechanism.
  • Role-based Access Control (RBAC) is required for secure access to clusters and namespaces with identity managed at the container level to grant secure access to specific Azure resources.
  • Ingress controllers can be used to define internal IP addresses, so services are accessible internally.
  • Network isolation can play a key role as network policies are used to manage pod-to-pod communications or from an IP outside of the cluster.
  • Data is encrypted between apps and services; this includes both data in transit and data at rest.

Container/Pod Security

  • Pod managed identities are leveraged to secure and authenticate images and other resources in the container registry.
  • Credentials are requested and retrieved from digital vault/key vault.
  • Isolation is done at pod level security policies which enables fine-grained authorization to pods using pod security to limit access and services.

Security Management

  • Manual errors are eliminated by integrating security scanners, running security static analysis tools and scanning any pre-built container images in the build pipeline.
  • Security events on the cluster are monitored for attacks with log analytics integration.  

Why SNP?

At SNP, we help you choose and implement a right DevSecOps solution which aligns with your technology roadmap. For more information, contact us here.

SNP Collaborates with Citrix to Deliver Graphic-Intensive Solutions on Citrix Cloud and Azure

Posted on by snp

In the ever-changing IT landscape, Citrix is pushing the limits of what’s possible for our customers and partners. It’s exciting how we’re helping them use our technologies, from moving workloads to the cloud, thinning down endpoints, and tweaking our ICA protocol to maximize graphics performance.

Take one of my Citrix Service Provider partners, Connecticut-based SNP Technologies. I worked with them throughout the first half of 2019 to create an offering in the cloud that they have brought to market successfully. SNP is an entirely cloud-focused CSP, and in this blog post, I’ll share their use case and the technology they used to accomplish their goals.

SNP Technologies came to the Citrix CSP team with one goal in mind — to verticalize and go to market targeting high-end architecture, design, and engineering firms. They wanted to tackle two pain points for this niche market:

  • Minimize cost as endpoints with built-in graphics cards are expensive
  • No central way to manage and maintain security on any of the data created on these endpoints

In partnership with SNP Technologies, Citrix devised a plan to tackle these issues, leveraging the latest technologies from both Citrix and Microsoft. How did we do it? Let’s take a look at the technology landscape:

Technology in Practice:

Architecture, design, and engineering firms use graphics-intensive applications such as AutoDesk and SolidWorks, which require more than the average amount of hardware resources to operate properly. As a 100 percent cloud-focused partner, SNP Technologies naturally leveraged the Citrix Cloud Virtual Apps and Desktops service which helped in the following ways:

  • Saved on compute costs and the cost of deploying and maintaining a Citrix environment.
  • Onboarding new customers is easier and seamless.
  • SNP used GPU-enabled Azure N-Series VMs running Windows 10 to deliver the best user experience for their customers.
  • Each end user gets a high-end Windows 10 desktop in the cloud, pre-installed with the applications they need to get their work done, all while keeping the data locked down and secured from one management location.

Taking a quick glance at the cost of compute on the Azure side for the N-Series VMs, one might think, “How is this solution viable from a cost perspective?” Citrix was able to help decrease the Azure compute cost dramatically for SNP Technologies by leveraging our Autoscale feature, exclusive to the Citrix Cloud Virtual Apps and Desktops service. Autoscale enables proactive power management of machines based on load, a schedule, or a combination of both. It also supports many VDA hosting platforms, including Microsoft Azure Resource Manager. Autoscale supports SNP Technology’s 100 percent cloud-first approach, doesn’t require on-prem installations, and is built in to the Virtual Apps and Desktops service at no additional cost.

Enabling an Optimal User Experience:

Citrix graphics policies were tweaked to enable an optimal user experience. One benefit of partnering with SNP and  Citrix is that we have a team dedicated to creating graphics policies for all types of deployments. After many testing cycles, here’s what we found to be optimal:

Optimize for 3D Graphics Workload

  • This setting configures the appropriate default settings that best suit graphically intense workloads and should only be used when a GPU is available to the session.

Hardware Encoding for Video

  • This setting allows the use of graphics hardware, if available, to compress screen elements with video (H.264) codec.

Setting the Video Codec for Compression for the entire screen

  • This setting allows use of a video codec (H.264) to compress graphics when video decoding is available on the endpoint. Select “For the entire screen” to optimize for improved user experience and bandwidth, especially in cases with heavy use of server-rendered video and 3D graphics.

Setting the Target Frame Rate at the maximum of 60 Frames Per Second

  • This setting specifies the maximum number of frames per second sent from the virtual desktop to the user device. Setting a high number of frames per second improves the user experience but requires more bandwidth. By default, the maximum is 30 frames per second.

Setting Visual Quality to high

  • This setting specifies the desired visual quality for images displayed on the user device. We found that “high” worked best for our use case, and we recommend that if you require visually lossless image quality.

Graphics Status Indicator set to enabled

  • This setting will configure the graphics status indicator to run in the user session. This will allow the user to see details on the graphics mode in use, including graphics provider, encoder, hardware encoding, image quality, progressive display status, and lossless text.

Please note, depending on the specific application and use case, policies will need to be tweaked. We recommend working with your SNP or Citrix engineer to determine what best fits your needs.

Finally, from a technology perspective, SNP Technologies leveraged the Citrix Gateway service, which is included in the Citrix Virtual Apps and Desktops license. Citrix Gateway has points of presence (PoPs) all over the world, enabling users to connect to the nearest location. SNP Technologies was able to include features like high availability and global server load balancing in their branded solution for their end customers without having to stand up or configure complicated networking architectures.

This deployment was exciting because we were able to break down barriers and show what’s possible with cloud, creating a solution that can be deployed in a matter of hours, which just wasn’t possible before. As a result, SNP Technologies’ onboarding of new customers has become seamless and almost effortless. The power of Citrix and Microsoft has reached new heights, and this deployment is proof that if you aren’t thinking about a cloud-first approach, you’re missing out and you’ll probably get left behind in this ever-changing market.

This blog is authored by Neir Benyamin, Partner Sales Engineer at Citrix and Co-authored by Raviteja Beeram, Cloud Solutions Architect at SNP TechnologiesRead the complete blog here.

For more information on SNP’s graphic-intensive solutions on Citrix Cloud and Azure, contact us here.

The Azure Customer Immersion Experience: What it is and Why You Need it

Posted on by snp

Do these thoughts describe your company’s Azure cloud adoption?

  • “Cloud knowledge is essential for IT and Development on-boarding”
  • “Our teams need to get up to speed quickly”
  • “We don’t know where to start”

If so, you probably need a facilitated training on Azure cloud technologies, and the means to this end is a Azure Customer Immersion Experience, or CIE for short.

In my prior blog post, I shared 5 Tips to Discover App Innovation on Azure as a short guide to help you acclimate to the Azure cloud, with tip #3 being to “Schedule Customer Immersion Experience (CIE)”. If the sentiments I opened with above ring true, my advice is to make the CIE a high priority.

Unlike the other four tips, the CIE is a facilitated activity, as opposed to a task that relies on individual initiative. Individual initiative is difficult to track and manage, whereas with a facilitated activity you ensure that the right people are scheduled at the right time to get the right Azure training to meet on-boarding needs.

For this reason, I wanted to dedicate a full blog to tip #3.

If you have not read my prior post, I recommend you have a look at 5 Tips to Discover App Innovation on Azure, particularly tip #3, and then return to this post.

About the Microsoft CIE program

The Microsoft CIE program is an innovative training approach that favors hands-on experiences over lecture. The leader of the CIE is referred to as a “facilitator” or “emcee”, as opposed to an “instructor”. Each CIE has an over-arching topic, such as “Managing Infrastructure” or “Application Innovation”. Hands-on lab or hackfest style workshops are the training modality.

Labs for the Microsoft CIE program come from a pool of Instructor-led Labs (a total of 83, as of this writing).

The facilitator briefly introduces the CIE material and then fosters a conversational walk-through of the workshop content. Attendees are encouraged to work together and contribute to the conversation.

Facilitators are Azure knowledge workers (such as myself) who enjoy the opportunity to lead their peers through a great learning experience. The Facilitator is not necessarily an expert on all topics covered in the workshop. But this is the point of the CIE. Everyone who attends has the opportunity to share their experience, brainstorm and ask questions that the group can respond to.

To become a CIE facilitator, one participates in a three-week course and presents a customer immersion experience as their final project.

SNP’s CIE approach

At SNP, we take a hybrid approach to CIE delivery. For one, we favor a little more lecture, but certainly short of “death by PowerPoint.” We also curate workshops from a wider array of lab material produced by Microsoft and some home-grown. That is, we do not confine ourselves to the aforementioned list of labs at https://www.microsoft.com/handsonlabs/instructorledlabs.

Our CIE engagements have a single SNP facilitator. As well, SNP engineers participate as proctors to assist attendees and offer their unique technical insight.

At the onset of the CIE, attendees are provided with a virtual lab environment with all Azure resources required for the CIE. These lab environments are furnished by Microsoft at no additional cost, and are available for the day only. As the lab environments expire, customers often elect to use a company Azure subscription or the individual MSDN subscriptions of attendees. In such cases, prerequisites are furnished several days before the CIE. Typical requirements are:

  • Azure subscription
  • Azure DevOps Organization
  • Visual Studio Code
  • Visual Studio 2017 or greater
  • Git

An Example CIE for Azure Kubernetes Service

In the 5 Tips blog eluded to earlier, I summarized topics covered in an “App Innovation with Azure” 2-day workshop. To mix things up, the following CIE example targets IT and Development professionals interested in a one-day immersion into Azure Kubernetes Service (AKS), Microsoft’s managed service for Kubernetes.

This workshop takes a challenge-based approach wherein attendees are expected to work together in small “teams” to solve “challenges” including:

  • Kubernetes cluster deployment with AKS
  • MongoDB deployment on AKS
  • Setting up Azure Container Registry (ACR)
  • Packaging front-end and back-end applications as Docker containers
  • Pushing the containers to ACR
  • Use Azure DevOps to set up a CI/CD pipeline to deploy the containers on AKS
  • Scale the application
  • Monitor container performance with Azure Container Health
  • and more

The feedback from attendees of this CIE has been excellent. The collaborative format and workshop guidance is suitable for novices and those with intermediate knowledge of Kubernetes and Azure.

In Closing

As an IT professional selling cloud solutions for a living, I know that Azure can be intimidating but it doesn’t have to be. There is much that you can do on your own to get-up-to-speed, and the assistance of a Microsoft Partner such as SNP accelerates the establishment of a production-ready Azure ecosystem for your workloads.

Customer Immersion Experiences are an important tool to employ as you adopt Azure, and also to learn new Azure cloud technology that emerges on an annual basis.

Lastly, the good news!  For some qualified organizations there are funding opportunities for either the CIE itself or for next steps coming out of the CIE – pilots, POCs, etc. So, if you want to learn more, give us a call to schedule a CIE today. 

5 Tips to Discover App Innovation on Azure

Posted on by snp

“How can we use Azure Cloud to modernize our applications” is among top asks we hear at SNP from our customers. There are various motivations for the question, from an interest in re-hosting legacy applications running on on-premise servers to greenfield application development initiatives. The person posing the question knows that cloud technology has something to offer, but the territory is unexplored and mysterious.

In this blog, my aim is not to extol the virtues of Azure Web Apps, Functions, Azure managed Kubernetes or other service of the moment. Neither will I convey best practices to solve an application architecture problem with Azure technology. Rather, my intent for these tips is to help lower the veil, so to speak. Follow some or all, and you will find Azure approachable and ready to implement for your application innovation projects.

1. Play in an Azure Sandbox

If you are new to Azure, Microsoft makes it super easy to set up a FREE Azure subscription. And, if you are a Visual Studio subscriber, don’t overlook your Azure benefits.

Once you have an Azure subscription, you’ll have access to the Azure Portal, the management portal for Microsoft Azure. Log in and you are prompted to take a guided tour. It’s short and worth the trip.

 

Next, I recommend a visit to the Quickstart Center. In the portal search box, start typing “quickstart” to expose the Quickstart Center link.

Azure Portal Search for Quickstart Center

Follow the link and review the “Get started” screen. You’ll want to review the Setup guides, but if you are eager to play, dive right into the “Start a project” options. The options do not require an existing application project or database. For instance, select “Create a web app” and then “Create a CI/CD pipeline with Azure DevOps Projects.” With DevOps Project, in a few steps through its wizard UI you can:

  • Create a Web App service (for Windows or Linux)
  • Application scaffolding for a .NET, Node.js, PHP, Java, Python, Ruby, Go or C
  • Create an Azure DevOps Organization
  • Git repository with Azure Repos
  • CI/CD pipeline with Azure Pipelines

Azure Portal Quickstart Center

Note the “Take an online course” tab in the Quickstart Center. This is one of several venues for deeper Azure study. I mention other learning resources in the tips that follow.

While in Azure Portal, my next suggestion to get a sense of the scope of Azure is to follow the All services link on the left menu. From here you can see over 100 Azure service types categorized by domains, such as Compute, Networking, Storage, Web, and so forth.

The groups that are the core of solutions in Azure for app innovation are Compute, Web, Containers, Integration, Internet of Things, Databases, and DevOps. Peer into these service types to get a high-level sense of what Azure has to offer.

Azure Portal All Services view

2. Explore the Azure Architecture Center

I started our tips with the Azure subscription sandbox, but paramount to Azure app innovation is an understanding of the service tooling and how to apply it. Azure Architecture Center holds the key to learning how to get the most out of Azure.

From the navigation menu on the left and featured links on the home page, we know that this is our go-to reference for:

  • Understanding Cloud fundamentals
  • Review of example scenarios and reference architectures
  • Guidance on cloud native, application design patterns
  • And much more

Azure Architecture Center home page screen capture

After the home page, an excellent place to start is the Azure Application Architecture Guide.

After gaining a foundational understanding of cloud computing and architectures, a primary concern of development teams is to review its digital estate and determine how to go about cloud adoption. There is an excellent set of articles for this, which begins with a favorite of mine The 5 Rs of rationalization.

3. Schedule an Azure Customer Immersion Experience

I’ve saved the sales pitch for this, our third tip ☺

Customer Immersion Experience (CIE) is a program for Microsoft Partners, such as SNP, to deliver hands-on training to software delivery teams. SNP’s expert facilitators can conduct the workshop on-site or remotely. The format is a blend of PowerPoint driven lecture, instructor led demonstrations, whiteboard sessions and proctored hands-on-labs.

For an App Innovation CIE, SNP can deliver a 1/2 day to multi-day workshop tailored to the technologies you work with and the Azure resources that best correlate to your application workloads.

For example, consider the topics below that we cover in our “App Innovation with Azure” 2-day workshop. This workshop targets product owners, developers and system administrators that contribute to the application value stream.

App Innovation on Azure Cloud
Learn the benefits of cloud computing and how Azure services facilitate modernization of application workloads.

Deploy a website to Azure with Azure App Service
Learn how to create a website through the hosted web app platform in Azure App Service. Use the publishing features of Visual Studio 2017 to deploy and manage an ASP.NET Core web application hosted on Azure.

DevOps for Azure Applications
An overview of DevOps practices and their benefits, followed by a guided tour of Azure DevOps, Microsoft’s suite of tools to plan smarter, collaborate better, and ship faster.

Containers on Azure
A synopsis of the benefits of containers for application packaging, and a survey of the options in Azure for container management and deployment.

Azure Dev Spaces
A demonstration of Microsoft’s utility to test and iteratively develop your entire microservices application running in Azure Kubernetes Service (AKS) without the need to replicate or mock dependencies.

4. Do a Hands on Lab

While the structured delivery of training via the CIE model is quite beneficial, Microsoft provides hands-on-labs that can be done at your own pace. The primary resources for app innovation labs are:

Put an “Azure Immersion Monday” on your calendar, where you block out an hour or two for a lab a couple times a month.

Azure hands on lab graphic

5. Azure Podcasts, Videos and Blogs

As technologies, we know how hard it is to keep apace with the latest developments. With some discipline, it is not difficult to keep up with changes in the fast evolving Azure ecosystem. The matrix of resources below helps me and I hope you find it useful, too!

Title Format Consume in… When
Azure Podcast Podcast 30 mins Tuesday commute
Azure DevOps Podcast Podcast 45 mins Wednesday commute
Azure Friday Video 15 mins Monday morning
Azure Source blog Blog 30 mins Wednesday morning

 

 

 

 

Azure Source is a compilation of content from the prior week. I’ll often bookmark several pieces to review later over the course of the current week. This usually adds another 30 to 60 minutes to my weekly Azure content consumption.

In Closing

As you have read the tips above and started to explore Azure on your own, you have seen the breadth of Azure and understand how to navigate and explore its myriad services. If you have any tips of your own or follow up questions, please feel free to contact us.