Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AzureBootcamp2023: Azure PaaS, but as private as possible by Stephan Graber

AzureBootcamp2023: Azure PaaS, but as private as possible by Stephan Graber

Azure PaaS is a great option to modernize your environment, but what happens if everything needs to be secured and the services need to be as private as possible? What is possible and where are limitations? Are there best practices and when is it necessary to change the mindset?
🙂 STEPHAN GRABER ⚡️ Partner and Cloud Engineer @ GrabX Solutions

More Decks by Azure Zurich User Group

Other Decks in Technology

Transcript

  1. 1
    1
    But as private as possible….
    11. Mai 2023
    Azure PaaS

    View full-size slide

  2. 2
    2
    About me
    Stephan Graber
    Partner | Azure Architect
    [email protected]

    View full-size slide

  3. 3
    3
    Azure PaaS – but secure please
    Cloud a bit topic
    Security baselines strict as on prem
    Migration with a refactoring

    View full-size slide

  4. 4
    4
    Azure PaaS – easy deployment
    Public access often default option
    Firewall on service can help manage
    access

    View full-size slide

  5. 5
    5
    One option – service endpoints

    View full-size slide

  6. 6
    6
    Service Endpoints Routing

    View full-size slide

  7. 7
    7
    Private Endpoints to the rescue

    View full-size slide

  8. 8
    8
    DNS Considerations

    View full-size slide

  9. 9
    9
    DNS Private Resolver

    View full-size slide

  10. 10
    10
    Custom DNS Server

    View full-size slide

  11. 12
    12
    Portal Access

    View full-size slide

  12. 13
    13
    Internal Communication from PaaS

    View full-size slide

  13. 14
    14
    vNET Integrations
    Access to other services in private network
    Secure Communication

    View full-size slide

  14. 15
    15
    Cross Tenant Private Endpoint

    View full-size slide

  15. 16
    16
    How to make sure that no services have public access
    Govern your environment
    Secure Communication

    View full-size slide

  16. 17
    17
    Azure Private Link Scope

    View full-size slide

  17. 18
    18
    What are the “issues”?

    View full-size slide

  18. 20
    20
    Internal APIM
    Forced Tunneling

    View full-size slide

  19. 21
    21
    Logic App - Connectors
    vNet Integrated

    View full-size slide

  20. 22
    22
    App Service Environment
    Azure App Service is a multi-tenant PaaS environment for
    building, deploying, and scaling web apps and APIs
    Azure App Service Environment is the premium, single-tenant
    variation of Azure App Service, on which to deploy enterprise
    applications for compliance oriented organizations

    View full-size slide

  21. 23
    23
    Key takeaways
    PaaS Service can be private with Private Endpoint even cross
    Tenant.
    Not every scenario is supported, but it is getting better very day

    View full-size slide

  22. 29
    29
    2021
    Unsere Geschichte
    Eine Übersicht
    heute
    1. Mitarbeiter
    Aufbau Software
    Entwicklung-sparte –
    2. Mitarbeiter
    3 neue Mitarbeiter
    4. Partner
    Gründung: 3 Partner
    xxx
    2019
    Juli
    2020
    September September
    Juli
    Strategische Partnerschaft
    mit isolutions AG
    April
    Januar

    View full-size slide

  23. 30
    30
    Zahlen und Fakten
    Über uns…
    SO
    based
    8
    Mitarbeiter 30 Jahre
    Ø Alter
    100+
    Erfolgreiche
    Projekte
    1Mio.+
    Umsatz im
    2021
    20+
    Kunden
    Cloud
    only

    View full-size slide

  24. 31
    31
    Unser Spirit
    6 Kernwerte…
    Vertrauen Transparenz Agil Leidenschaftlich Befähigen Sicher

    View full-size slide

  25. 32
    32
    Unser Spirit
    6 Kernwerte und 3 Prinzipien
    CLOUD ONLY
    ARBEIT MIT SCHLÜSSELPERSONEN
    KLARER AUFTRAG

    View full-size slide

  26. 33
    33
    Kundenlandschaft – Fokus KMUs
    Ausgewählte Kunden

    View full-size slide

  27. 34
    34
    Unser
    Angebot

    View full-size slide

  28. 35
    35
    Unser Hauptangebot
    Übersicht
    HAUPTANGEBOTE
    AZURE/COMPUTE
    USER ADOPTION
    SECURITY
    SOFTWARE
    DEVELOPMENT/REFACTORING
    MODERN WORKPLACE

    View full-size slide

  29. 36
    36
    Security
    Angebot: Security
    Details
    M365 / Azure Governance
    Security Assessment
    Microsoft Defender for Endpoint
    Cloud App Security
    Information Protection

    View full-size slide

  30. 37
    37
    Modern
    WP
    Angebot: Modern Workplace
    Details
    Windows 10 Management
    Mobile Device Management
    M365 Setup

    View full-size slide

  31. 38
    38
    Software
    Entwicklung
    Angebot: Software Entwicklung
    Details
    Refactoring
    Customise Software
    Websites

    View full-size slide

  32. 39
    39
    User
    Adoption
    Angebot: User Adoption
    Details
    Workshops & Schulungen
    Champions Community
    Support

    View full-size slide

  33. 40
    40
    What’s next?
    DevOps
    DEV OPS
    Operate
    Deploy
    Release
    Monitor
    Plan
    Code
    Build
    Test
    Unser Fokus bis vor kurzem…

    View full-size slide

  34. 41
    41
    Status Quo im Wiederspruch mit
    unserer Vision
    DEV
    Unser Fokus bis vor kurzem…
    THE PREFERRED E2E CLOUD SERVICE
    PROVIDER OF SMEs
    vs.
    Plan
    Code
    Build
    Test

    View full-size slide

  35. 42
    42
    Unsere Services
    Existierend
    EXISTING
    AVD Service / M365 Desktops
    Support Service
    Azure Firewall Service

    View full-size slide