Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AzureBootcamp2023: Azure PaaS, but as private as possible by Stephan Graber

Azure Zurich User Group
PRO
May 11, 2023
Technology
0
9

AzureBootcamp2023: Azure PaaS, but as private as possible by Stephan Graber

Azure PaaS is a great option to modernize your environment, but what happens if everything needs to be secured and the services need to be as private as possible? What is possible and where are limitations? Are there best practices and when is it necessary to change the mindset?
🙂 STEPHAN GRABER ⚡️ Partner and Cloud Engineer @ GrabX Solutions

Azure Zurich User Group
PRO

May 11, 2023
Tweet

More Decks by Azure Zurich User Group

See All by Azure Zurich User Group
Aug23 [Slides]: HPC on Azure in the Financial Services Industry by Darko Mocelj
azurezurich
PRO
0
11
Container App Service Deep Dive by Mohammad Nofal
azurezurich
PRO
0
52
KEDA - Mastering Scale to Zero by Daniel Hasselwander
azurezurich
PRO
0
17
AzureBootcamp2023: Data Clean Rooms & Confidential Computing by David Sturzenegger & Primo Amrein
azurezurich
PRO
0
21
AzureBootcamp2023: Virtual Network Manager by Marcel Zehner
azurezurich
PRO
0
10
AzureBootcamp2023: Azure API Management by Michael Rüefli
azurezurich
PRO
0
7
AzureBootcamp2023: Eventdriven Systems on Azure done right by Robin Konrad
azurezurich
PRO
0
6
AzureBootcamp2023: Azure Networking vNext by Eric Berg
azurezurich
PRO
0
16
AzureBootcamp2023: Building a Lakehouse Platform on Azure by Hansjörg Wingeier & Mathias Herzog
azurezurich
PRO
0
14

Other Decks in Technology

See All in Technology
組織・プロセス・技術 - フロントエンドの生産性向上への複眼的アプローチ / 20230921
bengo4com
3
760
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
0
400
kanto_kaggler_senkin13
senkin13
1
620
できる!アクセシビリティ向上/droidkaigi2023-day2
nikkei_engineer_recruiting
0
1.6k
UIコンポーネントライブラリをうまく使うためにできること / components-with-designer
mottox2
4
2.1k
【2023】SWR vs TanStack Query
ytaisei
1
200
AWS 初心者が取り組んだセキュリティ強化の2年間とこれから/Two years of security enhancement efforts by AWS beginners and the future
yayoi_dd
0
190
クラウドだからできた 地方主導のJAWS DevOps
matsuihidetoshi
2
180
F0推定アルゴリズムHarvestは中で何をしているのか
nagiss
1
300
変化する組織の中で運用するフロントエンドエコシステム / Frontend Ecosystem in Organizational Changes
i524
1
540
Advancing Equity and Inclusion for Deaf Students in Higher Education
3playmarketing
0
120
How to Maximize Effectiveness and Efficiency of Daily Scrum
eiki
0
120

Featured

See All Featured
Practical Orchestrator
shlominoach
179
9.3k
Pencils Down: Stop Designing & Start Developing
hursman
115
10k
RailsConf 2023
tenderlove
0
240
Automating Front-end Workflow
addyosmani
1354
200k
Why You Should Never Use an ORM
jnunemaker
PRO
49
8.2k
Raft: Consensus for Rubyists
vanstee
130
5.9k
No one is an island. Learnings from fostering a developers community.
thoeni
14
1.8k
Code Review Best Practice
trishagee
53
13k
Fantastic passwords and where to find them - at NoRuKo
philnash
34
2.2k
jQuery: Nuts, Bolts and Bling
dougneiner
57
6.8k
Making Projects Easy
brettharned
104
5.1k
Debugging Ruby Performance
tmm1
68
11k

Transcript

  1. 1
    1
    But as private as possible….
    11. Mai 2023
    Azure PaaS

    View Slide

  2. 2
    2
    About me
    Stephan Graber
    Partner | Azure Architect
    [email protected]

    View Slide

  3. 3
    3
    Azure PaaS – but secure please
    Cloud a bit topic
    Security baselines strict as on prem
    Migration with a refactoring

    View Slide

  4. 4
    4
    Azure PaaS – easy deployment
    Public access often default option
    Firewall on service can help manage
    access

    View Slide

  5. 5
    5
    One option – service endpoints

    View Slide

  6. 6
    6
    Service Endpoints Routing

    View Slide

  7. 7
    7
    Private Endpoints to the rescue

    View Slide

  8. 8
    8
    DNS Considerations

    View Slide

  9. 9
    9
    DNS Private Resolver

    View Slide

  10. 10
    10
    Custom DNS Server

    View Slide

  11. 11
    11
    Demo

    View Slide

  12. 12
    12
    Portal Access

    View Slide

  13. 13
    13
    Internal Communication from PaaS

    View Slide

  14. 14
    14
    vNET Integrations
    Access to other services in private network
    Secure Communication

    View Slide

  15. 15
    15
    Cross Tenant Private Endpoint

    View Slide

  16. 16
    16
    How to make sure that no services have public access
    Govern your environment
    Secure Communication

    View Slide

  17. 17
    17
    Azure Private Link Scope

    View Slide

  18. 18
    18
    What are the “issues”?

    View Slide

  19. 19
    19

    View Slide

  20. 20
    20
    Internal APIM
    Forced Tunneling

    View Slide

  21. 21
    21
    Logic App - Connectors
    vNet Integrated

    View Slide

  22. 22
    22
    App Service Environment
    Azure App Service is a multi-tenant PaaS environment for
    building, deploying, and scaling web apps and APIs
    Azure App Service Environment is the premium, single-tenant
    variation of Azure App Service, on which to deploy enterprise
    applications for compliance oriented organizations

    View Slide

  23. 23
    23
    Key takeaways
    PaaS Service can be private with Private Endpoint even cross
    Tenant.
    Not every scenario is supported, but it is getting better very day

    View Slide

  24. 24

    View Slide

  25. 29
    29
    2021
    Unsere Geschichte
    Eine Übersicht
    heute
    1. Mitarbeiter
    Aufbau Software
    Entwicklung-sparte –
    2. Mitarbeiter
    3 neue Mitarbeiter
    4. Partner
    Gründung: 3 Partner
    xxx
    2019
    Juli
    2020
    September September
    Juli
    Strategische Partnerschaft
    mit isolutions AG
    April
    Januar

    View Slide

  26. 30
    30
    Zahlen und Fakten
    Über uns…
    SO
    based
    8
    Mitarbeiter 30 Jahre
    Ø Alter
    100+
    Erfolgreiche
    Projekte
    1Mio.+
    Umsatz im
    2021
    20+
    Kunden
    Cloud
    only

    View Slide

  27. 31
    31
    Unser Spirit
    6 Kernwerte…
    Vertrauen Transparenz Agil Leidenschaftlich Befähigen Sicher

    View Slide

  28. 32
    32
    Unser Spirit
    6 Kernwerte und 3 Prinzipien
    CLOUD ONLY
    ARBEIT MIT SCHLÜSSELPERSONEN
    KLARER AUFTRAG

    View Slide

  29. 33
    33
    Kundenlandschaft – Fokus KMUs
    Ausgewählte Kunden

    View Slide

  30. 34
    34
    Unser
    Angebot

    View Slide

  31. 35
    35
    Unser Hauptangebot
    Übersicht
    HAUPTANGEBOTE
    AZURE/COMPUTE
    USER ADOPTION
    SECURITY
    SOFTWARE
    DEVELOPMENT/REFACTORING
    MODERN WORKPLACE

    View Slide

  32. 36
    36
    Security
    Angebot: Security
    Details
    M365 / Azure Governance
    Security Assessment
    Microsoft Defender for Endpoint
    Cloud App Security
    Information Protection

    View Slide

  33. 37
    37
    Modern
    WP
    Angebot: Modern Workplace
    Details
    Windows 10 Management
    Mobile Device Management
    M365 Setup

    View Slide

  34. 38
    38
    Software
    Entwicklung
    Angebot: Software Entwicklung
    Details
    Refactoring
    Customise Software
    Websites

    View Slide

  35. 39
    39
    User
    Adoption
    Angebot: User Adoption
    Details
    Workshops & Schulungen
    Champions Community
    Support

    View Slide

  36. 40
    40
    What’s next?
    DevOps
    DEV OPS
    Operate
    Deploy
    Release
    Monitor
    Plan
    Code
    Build
    Test
    Unser Fokus bis vor kurzem…

    View Slide

  37. 41
    41
    Status Quo im Wiederspruch mit
    unserer Vision
    DEV
    Unser Fokus bis vor kurzem…
    THE PREFERRED E2E CLOUD SERVICE
    PROVIDER OF SMEs
    vs.
    Plan
    Code
    Build
    Test

    View Slide

  38. 42
    42
    Unsere Services
    Existierend
    EXISTING
    AVD Service / M365 Desktops
    Support Service
    Azure Firewall Service

    View Slide