From 27150fb6be0970f0af312db6d81975f1d0327f31 Mon Sep 17 00:00:00 2001 From: Adam Boeglin <40869465+adamboeglin@users.noreply.github.com> Date: Mon, 19 Aug 2019 11:08:52 -0700 Subject: [PATCH 01/14] Update Bulkhead Pattern (#1718) Updated the introduction paragraph to improve SEO. --- docs/patterns/bulkhead.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docs/patterns/bulkhead.md b/docs/patterns/bulkhead.md index 6c4ae500fd4..dd5febf5038 100644 --- a/docs/patterns/bulkhead.md +++ b/docs/patterns/bulkhead.md @@ -13,9 +13,7 @@ ms.custom: seodec18 # Bulkhead pattern -Isolate elements of an application into pools so that if one fails, the others will continue to function. - -This pattern is named *Bulkhead* because it resembles the sectioned partitions of a ship's hull. If the hull of a ship is compromised, only the damaged section fills with water, which prevents the ship from sinking. +The Bulkhead pattern is a type of application design that is tolerant of failure. In a bulkhead architecture, elements of an application are isolated into pools so that if one fails, the others will continue to function. It's named after the sectioned partitions (bulkheads) of a ship's hull. If the hull of a ship is compromised, only the damaged section fills with water, which prevents the ship from sinking. ## Context and problem From 7b4a7270c85feb050bb994a6765e527bd5a28e9c Mon Sep 17 00:00:00 2001 From: frachkid <50231837+frachkid@users.noreply.github.com> Date: Mon, 19 Aug 2019 23:27:49 +0400 Subject: [PATCH 02/14] Update metrics-tolerance.md (#1715) --- .../governance/cost-management/metrics-tolerance.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/cloud-adoption/governance/cost-management/metrics-tolerance.md b/docs/cloud-adoption/governance/cost-management/metrics-tolerance.md index 87d57fb3ae0..a2165cc1a60 100644 --- a/docs/cloud-adoption/governance/cost-management/metrics-tolerance.md +++ b/docs/cloud-adoption/governance/cost-management/metrics-tolerance.md @@ -19,7 +19,7 @@ This article is intended to help you quantify business risk tolerance as it rela Cost Management generally focuses on metrics related to costs. As part of your risk analysis, you'll want to gather data related to your current and planned spending on cloud-based workloads to determine how much risk you face, and how important investment in cost governance is to your cloud adoption strategy. -The following are examples of useful metrics that you should gather to help evaluate risk tolerance within the Security Baseline discipline: +The following are examples of useful metrics that you should gather to help evaluate risk tolerance within the Cost Management discipline: - **Annual spending:** The total annual cost for services provided by a cloud provider. - **Monthly spending:** The total monthly cost for services provided by a cloud provider. From 59c1e405bd81eb39020b71a5a2d2b63bee2d47a2 Mon Sep 17 00:00:00 2001 From: frachkid <50231837+frachkid@users.noreply.github.com> Date: Tue, 20 Aug 2019 21:56:12 +0400 Subject: [PATCH 03/14] Update metrics-tolerance.md (#1716) --- .../governance/cost-management/metrics-tolerance.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/cloud-adoption/governance/cost-management/metrics-tolerance.md b/docs/cloud-adoption/governance/cost-management/metrics-tolerance.md index a2165cc1a60..0ff13e858d2 100644 --- a/docs/cloud-adoption/governance/cost-management/metrics-tolerance.md +++ b/docs/cloud-adoption/governance/cost-management/metrics-tolerance.md @@ -41,7 +41,7 @@ Once you have identified [business risks](./business-risks.md), you will work wi - **Overprovisioned trigger:** A company who believes their deployed solutions are overprovisioned. Cost Management is a priority investment until they can demonstrate proper alignment of provisioning and asset utilization. - **Monthly spending trigger:** A company that spends over $x,000 per month is considered a sizable cost. If spending exceeds that amount in a given month, they will need to invest in Cost Management. - **Annual spending trigger:** A company with an IT R&D budget that allows for spending $X,000 per year on cloud experimentation. They may run production workloads in the cloud, but they will still be considered experimental solutions if the budget doesn't exceed that amount. Once it goes over, they will need to treat the budget like a production investment and manage spending closely. -- **Operating expense-adverse (uncommon):** As a company, they are adverse to operating expenses and will need Cost Management controls in place before deploying a dev/test workload. +- **Operating expense-adverse (uncommon):** As a company, they are averse to operating expenses and will need Cost Management controls in place before deploying a dev/test workload. ## Next steps From e22f922202849bf0fa3429dd3a6e5e6a470621f3 Mon Sep 17 00:00:00 2001 From: Tim Sullivan Date: Wed, 21 Aug 2019 13:27:54 -0500 Subject: [PATCH 04/14] Remove Azure Migrate v2 Reference (#1724) No longer in preview https://docs.microsoft.com/en-us/azure/migrate/whats-new#azure-migrate-new-version From 16810fcf893ed5fa993627bb81ff0b5d69a22cac Mon Sep 17 00:00:00 2001 From: Shubha Vijayasarathy Date: Thu, 22 Aug 2019 13:52:16 -0700 Subject: [PATCH 05/14] Updating Event Hubs info (#1646) * Mention Kafka compatibility --- docs/data-guide/big-data/real-time-processing.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/data-guide/big-data/real-time-processing.md b/docs/data-guide/big-data/real-time-processing.md index 034867804d6..d95114806d1 100644 --- a/docs/data-guide/big-data/real-time-processing.md +++ b/docs/data-guide/big-data/real-time-processing.md @@ -40,7 +40,7 @@ The following technologies are recommended choices for real-time processing solu ### Real-time message ingestion -- **Azure Event Hubs**. Azure Event Hubs is a message queuing solution for ingesting millions of event messages per second. The captured event data can be processed by multiple consumers in parallel. +- **Azure Event Hubs**. Azure Event Hubs is a messaging solution for ingesting millions of event messages per second. The captured event data can be processed by multiple consumers in parallel. While Event Hubs natively supports AMQP (Advanced Message Queuing Protocol 1.0), it also provides a binary compatibility layer that allows applications using the Kafka protocol (Kafka 1.0 and above) to process events using Event Hubs with no application changes. - **Azure IoT Hub**. Azure IoT Hub provides bi-directional communication between Internet-connected devices, and a scalable message queue that can handle millions of simultaneously connected devices. - **Apache Kafka**. Kafka is an open source message queuing and stream processing application that can scale to handle millions of messages per second from multiple message producers, and route them to multiple consumers. Kafka is available in Azure as an HDInsight cluster type. @@ -78,4 +78,4 @@ In a purely real-time solution, most of the processing orchestration is managed The following reference architecture shows an end-to-end stream processing pipeline: -- [Stream processing with Azure Stream Analytics](../../reference-architectures/data/stream-processing-stream-analytics.md) \ No newline at end of file +- [Stream processing with Azure Stream Analytics](../../reference-architectures/data/stream-processing-stream-analytics.md) From 7f018986a565c70390d99c13ffddf5c61fb6a376 Mon Sep 17 00:00:00 2001 From: frachkid <50231837+frachkid@users.noreply.github.com> Date: Fri, 23 Aug 2019 17:21:22 +0400 Subject: [PATCH 06/14] Update caf-governance-of-resources.md --- includes/caf-governance-of-resources.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/includes/caf-governance-of-resources.md b/includes/caf-governance-of-resources.md index 7561eaa2ba1..8a149c166ac 100644 --- a/includes/caf-governance-of-resources.md +++ b/includes/caf-governance-of-resources.md @@ -54,8 +54,8 @@ Until trust in the cloud environment is fully established it's important to tigh 2. Validate that on-premises security and traffic management mechanisms treat connected cloud networks as untrusted. Resources and services hosted in the cloud should only have access to authorized on-premises services. 3. Validate that the local edge device in the on-premises datacenter is compatible with [Azure VPN Gateway requirements](/azure/vpn-gateway/vpn-gateway-about-vpn-devices) and is configured to access the public internet. 1. In the root management group, create a second blueprint definition named `secure-hybrid-vnet`. - 1. Add the Resource Manager template for the VPN Gateway as an artifact of the blueprint definition. - 2. Add the Resource Manager template for the your virtual network as an artifact of the blueprint definition. + 1. Add the Resource Manager template for the VPN Gateway as an artifact to the blueprint definition. + 2. Add the Resource Manager template for the virtual network as an artifact to the blueprint definition. 3. Publish the blueprint definition. 1. Assign the `secure-hybrid-vnet` blueprint definition to any subscriptions requiring on-premises connectivity. This definition should be assigned in addition to the `governance-baseline` blueprint definition. From b6a71e43f927b0db0b9fccf613cb0c8bf1327d59 Mon Sep 17 00:00:00 2001 From: frachkid <50231837+frachkid@users.noreply.github.com> Date: Mon, 26 Aug 2019 06:53:21 +0400 Subject: [PATCH 07/14] Update cost-management-evolution.md (#1737) --- .../journeys/large-enterprise/cost-management-evolution.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/cloud-adoption/governance/journeys/large-enterprise/cost-management-evolution.md b/docs/cloud-adoption/governance/journeys/large-enterprise/cost-management-evolution.md index f2d7db52257..5cde9fb73e2 100644 --- a/docs/cloud-adoption/governance/journeys/large-enterprise/cost-management-evolution.md +++ b/docs/cloud-adoption/governance/journeys/large-enterprise/cost-management-evolution.md @@ -54,7 +54,7 @@ The following changes to policy will help remediate the new risks and guide impl 3. Cloud assets should be continually monitored for optimization opportunities. 4. Cloud Governance tooling must limit Asset sizing options to an approved list of configurations. The tooling must ensure that all assets are discoverable and tracked by the cost monitoring solution. 5. During deployment planning, any required cloud resources associated with the hosting of production workloads should be documented. This documentation will help refine budgets and prepare additional automations to prevent the use of more expensive options. During this process consideration should be given to different discounting tools offered by the cloud provider, such as Reserved Instances or License cost reductions. -6. All application owners are required to attend trained on practices for optimizing workloads to better control cloud costs. +6. All application owners are required to attend a training on cost management practices for optimizing workloads to better control cloud costs. ## Evolution of the best practices From 81b9922bc8e8062ca0458fc244798cf880421082 Mon Sep 17 00:00:00 2001 From: frachkid <50231837+frachkid@users.noreply.github.com> Date: Mon, 26 Aug 2019 06:54:57 +0400 Subject: [PATCH 08/14] Update business-risks.md (#1728) --- docs/cloud-adoption/includes/governance/business-risks.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/cloud-adoption/includes/governance/business-risks.md b/docs/cloud-adoption/includes/governance/business-risks.md index add5a7b64aa..d1e0e1bc2d8 100644 --- a/docs/cloud-adoption/includes/governance/business-risks.md +++ b/docs/cloud-adoption/includes/governance/business-risks.md @@ -7,7 +7,7 @@ The initial objective is to establish a foundation for governance agility. An ef ## Business risks -The company is at an early stage of cloud adoption, experimenting and building proofs of concept. Risks are now relatively low, but future risks are likely. There is little definition around the final state of the technical solutions to be deployed to the cloud. In addition, the cloud readiness of IT employees is low. A foundation for cloud adoption will help the team safely learn and grow. +The company is at an early stage of cloud adoption, experimenting and building proofs of concept. Risks are now relatively low, but future risks are likely to have a significant impact. There is little definition around the final state of the technical solutions to be deployed to the cloud. In addition, the cloud readiness of IT employees is low. A foundation for cloud adoption will help the team safely learn and grow. **Future-proofing:** There is a risk of not empowering growth, but also a risk of not providing the right protections against future risks. From 6f8425dccf8d9f8f2984deda5d6f3833348e76c9 Mon Sep 17 00:00:00 2001 From: frachkid <50231837+frachkid@users.noreply.github.com> Date: Mon, 26 Aug 2019 06:56:43 +0400 Subject: [PATCH 09/14] Update business-risks.md (#1729) --- docs/cloud-adoption/includes/governance/business-risks.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/cloud-adoption/includes/governance/business-risks.md b/docs/cloud-adoption/includes/governance/business-risks.md index d1e0e1bc2d8..0c1dc6f6315 100644 --- a/docs/cloud-adoption/includes/governance/business-risks.md +++ b/docs/cloud-adoption/includes/governance/business-risks.md @@ -11,7 +11,7 @@ The company is at an early stage of cloud adoption, experimenting and building p **Future-proofing:** There is a risk of not empowering growth, but also a risk of not providing the right protections against future risks. -An agile yet robust governance approach is needed to support the board’s vision for corporate and technical growth. Failure to implement such a strategy will slow technical growth, potentially risking market share growth and future market share. The impact of such a business risk is unquestionably high. However, the role IT will play in those potential future states is unknown, making the risk associated with current IT efforts relatively high. That said, until more concrete plans are aligned, the business has a high tolerance for risk. +An agile yet robust governance approach is needed to support the board’s vision for corporate and technical growth. Failure to implement such a strategy will slow technical growth, potentially risking current and future market share growth. The impact of such a business risk is unquestionably high. However, the role IT will play in those potential future states is unknown, making the risk associated with current IT efforts relatively high. That said, until more concrete plans are aligned, the business has a high tolerance for risk. This business risk can be broken down tactically into several technical risks: From 7fea246fac6d5e9e09d8150cba738dbaef106406 Mon Sep 17 00:00:00 2001 From: frachkid <50231837+frachkid@users.noreply.github.com> Date: Mon, 26 Aug 2019 06:57:32 +0400 Subject: [PATCH 10/14] Update security-baseline-evolution.md (#1732) --- .../small-to-medium-enterprise/security-baseline-evolution.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/cloud-adoption/governance/journeys/small-to-medium-enterprise/security-baseline-evolution.md b/docs/cloud-adoption/governance/journeys/small-to-medium-enterprise/security-baseline-evolution.md index af6772c0270..e9a3d1f6d9e 100644 --- a/docs/cloud-adoption/governance/journeys/small-to-medium-enterprise/security-baseline-evolution.md +++ b/docs/cloud-adoption/governance/journeys/small-to-medium-enterprise/security-baseline-evolution.md @@ -85,7 +85,7 @@ The following changes to policy will help remediate the new risks and guide impl ## Evolution of the best practices -The governance MVP design will evolve to include new Azure policies and an implementation of Azure Cost Management. Together, these two design changes will fulfill the new corporate policy statements. +The governance MVP design will evolve to include new Azure policies and an implementation of Azure Security Center. Together, these two design changes will fulfill the new corporate policy statements. 1. The Networking and IT Security teams will define network requirements. The cloud governance team will support the conversation. 2. The Identity and IT Security teams will define identity requirements and make any necessary changes to local Active Directory implementation. The cloud governance team will review changes. From 5c3bedf8da6f411e0c1b155a2f2ba375fd67482b Mon Sep 17 00:00:00 2001 From: frachkid <50231837+frachkid@users.noreply.github.com> Date: Mon, 26 Aug 2019 06:58:21 +0400 Subject: [PATCH 11/14] Update resource-consistency-evolution.md (#1733) --- .../resource-consistency-evolution.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/cloud-adoption/governance/journeys/small-to-medium-enterprise/resource-consistency-evolution.md b/docs/cloud-adoption/governance/journeys/small-to-medium-enterprise/resource-consistency-evolution.md index 492f7f484ff..99baa0032a3 100644 --- a/docs/cloud-adoption/governance/journeys/small-to-medium-enterprise/resource-consistency-evolution.md +++ b/docs/cloud-adoption/governance/journeys/small-to-medium-enterprise/resource-consistency-evolution.md @@ -76,7 +76,7 @@ The following changes to policy will help remediate the new risks and guide impl ## Evolution of the best practices -This section of the article will evolve the governance MVP design to include new Azure policies and an implementation of Azure Cost Management. Together, these two design changes will fulfill the new corporate policy statements. +This section of the article will evolve the governance MVP design to include new Azure policies and an implementation of Azure Vault and Azure Monitor. These design changes will fulfill the new corporate policy statements. 1. The cloud operations team will define operational monitoring tooling and automated remediation tooling. The cloud governance team will support those discovery processes. In this use case, the cloud operations team chose Azure Monitor as the primary tool for monitoring mission-critical applications. 2. Create a repository in Azure DevOps to store and version all relevant Resource Manager templates and scripted configurations. From 210efc5f2ddc7e307496039b574a67c4b017b992 Mon Sep 17 00:00:00 2001 From: frachkid <50231837+frachkid@users.noreply.github.com> Date: Mon, 26 Aug 2019 07:00:03 +0400 Subject: [PATCH 12/14] Update narrative.md (#1734) --- .../governance/journeys/large-enterprise/narrative.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/cloud-adoption/governance/journeys/large-enterprise/narrative.md b/docs/cloud-adoption/governance/journeys/large-enterprise/narrative.md index 5f3f725a9d4..3abc9070976 100644 --- a/docs/cloud-adoption/governance/journeys/large-enterprise/narrative.md +++ b/docs/cloud-adoption/governance/journeys/large-enterprise/narrative.md @@ -19,7 +19,7 @@ The following narrative establishes a use case for a [large enterprise governanc Customers are demanding a better experience when interacting with this company. The current experience caused market erosion and led to the board to hire a Chief Digital Officer (CDO). The CDO is working with marketing and sales to drive a digital transformation that will power improved experiences. Additionally, several business units recently hired data scientists to farm data and improve many of the manual experiences through learning and prediction. IT is supporting these efforts where it can. However, there are "shadow IT" activities occurring that fall outside of needed governance and security controls. -The IT organization is also facing its own challenges. Finance is planning continued reductions in the IT budget over the next five years, leading to some necessary spending cuts starting this year. Conversely, GDPR and other data sovereignty requirements are forcing IT to invest in assets in additional countries to localize data. Two of the existing datacenters are overdue for hardware refreshes, causing further problems with employee and customer satisfaction. Three more datacenters require hardware refreshes during the execution the five-year plan. The CFO is pushing the CIO to consider the cloud as an alternative for those datacenters, to free up capital expenses. +The IT organization is also facing its own challenges. Finance is planning continued reductions in the IT budget over the next five years, leading to some necessary spending cuts starting this year. Conversely, GDPR and other data sovereignty requirements are forcing IT to invest in assets in additional countries to localize data. Two of the existing datacenters are overdue for hardware refreshes, causing further problems with employee and customer satisfaction. Three more datacenters require hardware refreshes during the execution of the five-year plan. The CFO is pushing the CIO to consider the cloud as an alternative for those datacenters, to free up capital expenses. The CIO has innovative ideas that could help the company, but she and her teams are limited to fighting fires and controlling costs. At a luncheon with the CDO and one of the business unit leaders, the cloud migration conversation generated interest from the CIO's peers. The three leaders aim to support each other using the cloud to achieve their business objectives, and they have begun the exploration and planning phases of cloud adoption. From 339f871589f002488fb686fa020ce949ffec46da Mon Sep 17 00:00:00 2001 From: frachkid <50231837+frachkid@users.noreply.github.com> Date: Mon, 26 Aug 2019 07:00:35 +0400 Subject: [PATCH 13/14] Update security-baseline-evolution.md (#1735) --- .../journeys/large-enterprise/security-baseline-evolution.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/cloud-adoption/governance/journeys/large-enterprise/security-baseline-evolution.md b/docs/cloud-adoption/governance/journeys/large-enterprise/security-baseline-evolution.md index 4c72168bf57..8a4b0c48a01 100644 --- a/docs/cloud-adoption/governance/journeys/large-enterprise/security-baseline-evolution.md +++ b/docs/cloud-adoption/governance/journeys/large-enterprise/security-baseline-evolution.md @@ -93,7 +93,7 @@ The following changes to policy will help remediate the new risks and guide impl ## Evolution of the best practices -This section of the article will evolve the governance MVP design to include new Azure policies and an implementation of Azure Cost Management. Together, these two design changes will fulfill the new corporate policy statements. +This section of the article will evolve the governance MVP design to include new Azure policies and an implementation of Azure Security Center. Together, these two design changes will fulfill the new corporate policy statements. The new best practices fall into two categories: Corporate IT (hub) and Cloud Adoption (spoke). From f5304b221b3a416fb524c1d5f285ff514440c2a3 Mon Sep 17 00:00:00 2001 From: frachkid <50231837+frachkid@users.noreply.github.com> Date: Mon, 26 Aug 2019 07:01:02 +0400 Subject: [PATCH 14/14] Update resource-consistency-evolution.md (#1736) --- .../journeys/large-enterprise/resource-consistency-evolution.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/cloud-adoption/governance/journeys/large-enterprise/resource-consistency-evolution.md b/docs/cloud-adoption/governance/journeys/large-enterprise/resource-consistency-evolution.md index b7bf88e25cf..c8fd48f0f51 100644 --- a/docs/cloud-adoption/governance/journeys/large-enterprise/resource-consistency-evolution.md +++ b/docs/cloud-adoption/governance/journeys/large-enterprise/resource-consistency-evolution.md @@ -73,7 +73,7 @@ The following changes to policy will help remediate the new risks and guide impl ## Evolution of the best practices -This section of the article will evolve the governance MVP design to include new Azure policies and an implementation of Azure Cost Management. Together, these two design changes will fulfill the new corporate policy statements. +This section of the article will evolve the governance MVP design to include new Azure policies and an implementation of Azure Site Recovery and Azure Monitor. These design changes will fulfill the new corporate policy statements. Following the experience of this fictional example, it is assumed that the Protected Data evolution has already happened. Building on that best practice, the following will add operational monitoring requirements, readying a subscription for mission-critical applications.