Limerick DotNet-Azure User Group (LDNA)-Cloud Adoption Framework Governance Overview

I spoke at the Limerick DotNet-Azure User Group (LDNA) about Cloud Adoption Framework – Governance Overview and below are the slides from the session.

The recording should be available in a couple of days so check back the Speaking page.

Limerick-DotNet-Azure-User-Group-LDNA

Cloud Adoption Framework – Manage Overview

The last phase of Cloud Adoption Framework is the Manage phase.

Manage methodology of the Cloud Adoption Framework

Inventory and visibility

First step is to take a complete snapshot of the environment so it can be managed properly. Create inventory of assets and develop visibility into the run state of each asset.

There should be centralized logging about change management, service heath and configuration of IT operations.

ProcessToolPurpose
Monitor health of Azure servicesAzure Service HealthHealth, performance, and diagnostics for services running in Azure
Log centralizationLog AnalyticsCentral logging for all visibility purposes
Monitoring centralizationAzure MonitorCentral monitoring of operational data and trends
Virtual machine inventory and change trackingChange Tracking and Inventory in Azure AutomationInventory VMs and monitor changes for guest OS level
Subscription monitoringAzure activity logMonitoring change at the subscription level
Guest OS monitoringAzure Monitor for VMsMonitoring changes and performance of VMs
Network monitoringAzure Network WatcherMonitoring network changes and performance
DNS monitoringDNS AnalyticsSecurity, performance, and operations of DNS
Inventory and visibility

Operational Compliance

Establish controls and processes to ensure each state is properly configured and running in a well-governed environment.

ProcessToolPurpose
Patch managementAzure Automation Update ManagementManagement and scheduling of updates
Policy enforcementAzure PolicyPolicy enforcement to ensure environment and guest compliance
Environment configurationAzure BlueprintsAutomated compliance for core services
Resource configurationDesired State ConfigurationAutomated configuration on guest OS and some aspects of the environment
Operational compliance

Protect and Recover

Ensure all managed assets are protected and can be recovered using baseline management tooling.

ProcessToolPurpose
Protect dataAzure BackupBack up data and virtual machines in the cloud.
Protect the environmentMicrosoft Defender for CloudStrengthen security and provide advanced threat protection across your hybrid workloads.
Protect and recover

Enhanced Baseline

Evaluate common additions to the baseline that might meet business needs.

DisciplineProcessToolPotential impactLearn more
Inventory and visibilityService change trackingAzure Resource GraphGreater visibility into changes to Azure services might help detect negative effects sooner or remediate faster.Overview of Azure Resource Graph
Inventory and visibilityIT Service Management (ITSM) integrationIT Service Management ConnectorAutomated ITSM connection creates awareness sooner.IT Service Management Connector (ITSMC)
Operational complianceOperations automationAzure AutomationAutomate operational compliance for faster and more accurate response to change.See the following sections
Operational compliancePerformance automationAzure AutomationAutomate operational compliance with performance expectations to resolve common resource specific scaling or sizing issues.See the following sections
Operational complianceMulticloud operationsAzure Automation Hybrid Runbook WorkerAutomate operations across multiple clouds.Hybrid Runbook Worker overview
Operational complianceGuest automationDesired State Configuration (DSC)Code-based configuration of guest operating systems to reduce errors and configuration drift.DSC overview
Protect and recoverBreach notificationMicrosoft Defender for CloudExtend protection to include security-breach recovery triggers.See the following sections
Enhanced Baseline

Platform Specialization

Invest in ongoing operations of a specific workload generally reserved for mission critical workloads.

ProcessToolPurposeSuggested management level
Improve system designMicrosoft Azure Well-Architected FrameworkImproving the architectural design of the platform to improve operationsN/A
Automate remediationAzure AutomationResponding to advanced platform data with platform-specific automationPlatform operations
Service catalogManaged applications centerProviding a self-service catalog of approved solutions that meet organizational standardsPlatform operations
Container performanceAzure Monitor for containersMonitoring and diagnostics of containersPlatform operations
Platform as a service (PaaS) data performanceAzure SQL AnalyticsMonitoring and diagnostics for PaaS databasesPlatform operations
Infrastructure as a service (IaaS) data performanceSQL Server Health CheckMonitoring and diagnostics for IaaS databasesPlatform operations
Platform Specialization

Workload Specialization

Invest in ongoing operations of a shared platform.

RequirementToolPurpose
Application monitoringApplication InsightsMonitoring and diagnostics for applications
Performance, availability, and usageApplication InsightsAdvanced application monitoring with the application dashboard, composite maps, usage, and tracing
Workload Specialization