Azure

Roles & Responsibilities (R&R

Network Models (OSI & TCP/IP)

Well-Architected Framework (WAF)

Google Resources

Cloud 101 -- & -- Training.

Cloud 101 & Training.

What is a cloud? (by NIST SP-800-145) A ubiquitous (present, everywhere) model, for convenient, on-demand network access to a shared pool of (configurable) computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned (get) and released with minimal management effort or service provider interaction.
Value / Needs / Essential Characteristics (by NIST):
1. On-Demand Self-Service -- Allows customers to use cloud computing as required without human contact between consumers and service providers.
2. Broad Network Access -- The cloud customer/tenant, whoever's consuming a cloud service, does not manage the IT service infrastructure. As a result, this means that that IT service runs in a CSP's data center somewhere and is therefore accessible to the consumer over a network.
3. Resource Pooling -- A situation in which CSPs serve multiple clients, customers/"tenants" with provisional (get, access) and scalable services. These services can be adjusted to suit each client's needs without any changes being apparent to the client or end user.
4. Rapid Elasticity -- To scale (expand or reduce) quickly to meet demand. Consumers benefit from rapid elasticity because they can expand or reduce their resources how and when they would like.
5. Measured Service -- A delivery model in which a utility provider monitors how much of a particular service each customer consumes within a designated period.
Training.
1. MS Azure AI Fundamentals (AI-900T00-A).
  - Certification: Microsoft Certified: Azure AI Fundamentals

Network Models -- OSI Model & TSP/IP Model

OSI Model (Open Systems Interconnection Model).

BLUF: (1) A conceptual framework that defines how data is transmitted between computer systems on a network. (2) Developed by the International Organization for Standardization (ISO), the OSI model serves as a universal language for networking, allowing different devices and software to communicate regardless of the underlying technology.
OSI Model: (7-Layers)
1. (7) Application Layer: This top layer interacts directly with applications like web browsers or email clients.
  - - HTTP, SMTP, SNMP, PROFNET
2. (6) Presentation Layer: Prepares data for the application layer by handling encryption, compression, and formatting.
3. (5) Session Layer: Establishes, manages, and terminates communication sessions between devices. (aka Logins)
4. (4) Transport Layer: Ensures reliable data transfer between applications on different devices.
  - - TCP/UDP
5. (3) Network Layer: Routes data packets across the network to the destination device.
  - - IP
6. (2) Data Link Layer: Packages data into frames for transmission & controls error detection on the physical link.
7. (1) Physical Layer: Transmits and receives raw data bits over the physical medium
  - - Cables, ethernet, fiber optics, etc.

TCP/IP Model (Transmission Control Protocol/Internet Protocol Model).

BLUF: (1) Like the OSI Model, the TSP/IP MOdel is another way to conceptualize how data is packaged and transmitted over a network. (2) Unlike the OSI model's seven layers, TCP/IP has four layers, offering a simpler, more practical approach.
The Foundation of the Internet/Dominate Model/Widely Used: The TCP/IP model is the foundation for how the Internet operates. While both TCP/IP and OSI provide valuable frameworks for understanding network communication, TCP/IP's simplicity and practicality make it the dominant model used in network design and implementation.
TCP/IP Model: (4-Layers)
1. Application Layer: This layer is closest to the user and interacts with applications we use daily, like web browsers, email, or video conferencing tools. It provides the interface through which applications access network services. Common protocols at this layer include HTTP (web browsing), FTP (file transfer), and SMTP (email).
2. Transport Layer: This layer is responsible for ensuring reliable data delivery between applications. It handles two main protocols:
  - TCP (Transmission Control Protocol): TCP guarantees reliable, in-order delivery of data by breaking it into segments, acknowledging receipt, and retransmitting lost data packets.
  - UDP (User Datagram Protocol): UDP offers a connectionless service for faster data transfer but at the expense of reliability. It simply sends data packets without error checking or retransmission.
3. Network Layer: This layer is responsible for addressing and routing data packets across the network. It uses the Internet Protocol (IP) to assign unique IP addresses to devices and determine the best path for data to reach its destination.
4. Network Interface Layer: (Sometimes combined with the Data Link Layer in the OSI model) This layer deals with the physical transmission of data packets over the network medium (cables, wifi) It prepares the data for transmission and handles any errors that may occur at the physical level.

R&R -- Azure Cloud Architect

The Azure Cloud Architect is responsible for designing and implementing enterprise infrastructure and platforms required for cloud computing and will work on advanced complex technical projects or business issues requiring state of the art technical or industry knowledge. The Azure Cloud Architect has a deep understanding of cloud environments, including SaaS, PaaS, and IaaS. This role analyses customer and system requirements and defines system architecture that will meet both needs. The role is also responsible for deploying and configuring the cloud platform infrastructure and to perform consumption and cost planning when required by customer engagements. The Azure Cloud Architect ensures that project rollouts meet required security and compliance standards. This position is required to be able to work both autonomously and as part of a larger project team. Project goals are generally communicated in “solution” or project goal terms.

Job Requirements

Experience and proficiencies in designing and implementing enterprise-scale infrastructure systems built on Microsoft technologies for on-premises, hybrid environments or cloud native environments.
Proficient in DevOps technologies such as Terraform, Bicep and CI/CD.
Designs, deploys, and configures the Azure infrastructure within commercial and government platforms (GCC/GCCH/DoD).
Proficient in design, configuration, security and deployment of Azure virtual networks or Hybrid network boundaries towards Zero Trust structures.
Ability to design, configure, secure, and deploy the Identity perimeter for Azure cloud offerings, utilizing Azure AD, AD, Azure AD Domain Services, PIM, MFA, Conditional Access, and Information Protection.
Ability to extend and design, configure, deploy, and maintain federated Identities using Azure AD and/or ADFS.
Ability to design, construct, configure, and maintain all facets of complex and multi-forest Identity solution including on-premises and Cloud based components.
Ability to design, configure, secure, and deploy additional Azure products including but not limited to: Azure virtual network components, Azure Backup, Azure Site Recovery, Azure Migrate, Azure Scale Sets, Azure HPC compute and Azure Kubernetes Service.
Ability to design, configure, and deploy Microsoft Defender including the Microsoft Defender for 365 (Defender for Endpoint, O365, and Identity and Cloud App Security) and Azure Defender for Cloud (Defender for Server, IoT, Container Registries, Storage, Kubernetes, Key Vault, and SQL).
Ability to interface with clients with a high level of technical abilities and professionalism.
Must be able to interface and lead customers through design sessions and help the customer make decisions.
Demonstrate excellent written and verbal communication skills, with both technical and non-technical personnel and customers.
The Cloud Infrastructure Architect will provide pre-sales assistance to sales teams and practice managers.
This position will provide leadership to the working group through specialization (SME).
Demonstrate ability to stay current with infrastructure, security and compliance best practices on existing and emerging technology platforms.
Ability to proactively collaborate across internal, customer, and key partner teams.
Must represent Planet’s values to our customers every day.
Ability to travel up to 20% (subject to change) every day.
Must be comfortable with some level of travel

Preferred Requirements

Have working knowledge of Compliance frameworks (HIPAA/CMMC or others)
Working knowledge of Azure Data services including, but not limited to SQL Database, Azure Data Factory, Azure Cosmos DB, Azure Synapse and Azure Data Lake.
Experience working for a technology consulting firm or software product company.

R&R -- Cloud Security Architect: Foundation for a Secure Azure Cloud Environment.

Cloud Security Architect: Foundation for a Secure Azure Cloud Environment

BLUF: Security architecture refers to the design and implementation of security controls within an IT infrastructure, including cloud environments like Azure. It's a comprehensive approach that ensures the confidentiality, integrity, and availability (CIA triad) of your data and systems.
Steps to Implement a Secure Architecture (Based on Microsoft and Industry best practices): (5)
1. Define Requirements and Threat Model:
  - Identify your organization's security needs and compliance requirements.
  - Conduct a threat modeling exercise to understand potential vulnerabilities and attack vectors.
  - Authoritative sources: (2)
    1. NIST Special Publication 800-30 (Rev. 1): [NIST SP 800-30 risk assessment framework for information systems and organizations ON National Institute of Standards and Technology (.gov) nist.gov]
    2. CISA's ZTMM.
    3. Microsoft Security Design Principles: https://learn.microsoft.com/en-us/azure/well-architected/security/principles
2. Design and Implement Security Controls:
  - Based on your requirements and threat model, select appropriate security controls. These controls can be preventive, detective, corrective, or a combination.
  - Preventive controls aim to stop attacks before they happen (e.g., firewalls, encryption).
  - Detective controls identify and log security incidents (e.g., intrusion detection systems).
  - Corrective controls restore systems and data after an attack (e.g., backups, disaster recovery plans).
  - Authoritative sources: (2)
    1. CIS Controls: [The Center for Internet Security ciscontrols.org]
    2. Microsoft Azure Security Benchmark: [Microsoft Azure Security Benchmark ON Microsoft docs.microsoft.com]
3. Leverage Cloud Service Provider (CSP) Security Features:
  - Cloud platforms like Azure offer a wide range of built-in security features. Utilize these features to strengthen your overall security posture.
  - Examples include MS Entra ID (aka Azure AD) for IAM, MFA, SSO, Azure Security Center for threat detection and vulnerability management, and Azure Key Vault for managing cryptokey, encryption keys.
4. Secure Development Practices (DevSecOps):
  - Integrate security considerations throughout the development lifecycle (DevSecOps).
  - This includes secure coding practices, vulnerability scanning, and penetration testing.
5. Continuous Monitoring and Improvement:
  - Security is an ongoing process. Regularly monitor your security posture, identify and address vulnerabilities, and update your security controls as needed.
  - Utilize Azure tools for security monitoring and logging, such as Azure Monitor and Azure Sentinel (SIEM).
Azure Tools for Security Architecture Implementation.
1. MS Entra ID (aka Azure AD): Provides IAM, MFA, and SSO for your Azure resources.
2. Azure Security Center: Offers threat detection, vulnerability management, and security recommendations for your Azure environment.
3. Azure Key Vault: Securely stores and manages cryptographic keys, encryption keys, and secrets used by your cloud applications and services.
4. Azure Firewall: Manages inbound and outbound network traffic for your Azure virtual networks.
5. Azure Monitor: Collects and analyzes data from your Azure resources to provide insights into security posture and performance.
6. Azure Sentinel (SIEM): A Security Information and Event Management (SIEM) tool that aggregates security data from various sources for threat detection, investigation, and response.
7. Azure Policy: Defines and enforces security configurations for your Azure resources to ensure consistent security compliance.

Framework -- Well-Architected Framework (WAF). Migrate / Deploy

Well-Architected Framework (WAF).

BLUF: 5 guidelines to produce high-quality, stable, and efficient cloud architecture.
Guidelines: (5)
1. Reliability: The workload is resilient (withstand, recover quickly) and available.
2. Security: [Security Documentation, Policy & Controls] Throughout the Application Life Cycle (ALM), from design & development, [Security], and implementation, to deployment, and operations (DevSecOps).
3. Cost Optimization: Focus on generating incremental (increase) value early using a “Build-Measure-Learn” feedback loop to gain measured customer reactions, learn, and adjust (Pivot) to improve customer interactions.
4. Operational Excellence: Keep Operations, Production, Processes, and Applications running. Do audits and QA/QC using a “Maturity Assessment Plan” (aka Checklist).
5. Performance Efficiency: The workload can scale (to increase or decrease) to meet user demands efficiently.

References -- (Cloud).

References (Cloud).

Resources