Blogs

Posts Tagged ‘AWS’

AWS vs Azure

Posted on December 1st, 2022 by admin@mismo2023

The cloud service providers AWS and Azure are truly miraculous helping millions across the globe creating a virtual space with a plethora of benefits. This article will delve deep into their pros and cons and look at the wide array of services, benefits and advantages they have. We will consider factors like: the cloud storage cost, the loss rate of data transfers, availability of data and so on.

AWS: It all began with the Amazon’s team recognizing the stagnation and complexity of their IT infrastructure. In order to improvise on their efficiency, Amazon’s team replaced the pre-existing infrastructure into well documented APIs. By the year 2003, Amazon had a moment of realization about their skills that is important for creating scalable and effective data centres. This is how Amazon Web Services came into existence. AWS is one of the leading providers of requirement basis cloud solution providing an IT infrastructure to companies of varying sizes. For companies that run on non-windows services, AWS works most efficiently for them and is a highly customisable podium. Netflix, Spotify, and such eminent companies use AWS.

AWSs’ services remained unparalleled as Google, their first competitor only came up beyond 2009 and Microsoft stepped up by 2010 as they did not believe in the potential of the cloud infrastructure. It is only after Amazon’s successful system that made Microsoft enter the world of cloud. Azure was launched by Microsoft, but their entry was not welcomed pleasantly as it faced several challenges. AWS had already become a giant as it had a lead of 7 years over Azure and provided ample scalable services.

It was about time that Microsoft stepped up and set its firm footing by adding support to various programming languages and operating systems. They got along with Linux and also made their services more scalable. With this redemption, Azure made its name to the top in the list of cloud providers.

Today AWS and Azure have become two prominent names when it comes to cloud service providers. They introduce the world with a virtual infrastructure with Azure holding about 29.4% of the workloads of installed applications, AWS holds a good 41.5% and Google only has about 3%.

There are a few differences between AWS and Azure, and both have their respective pros and cons. These two top players have their list of unequivocal set of advantages as they are great at what they provide.

Services:

Azure and AWS extends on premise data centre into firewall and cloud. VPC or Amazon Virtual Private Cloud helps users to create subnets, Private IP address range, network gateways and route tablets in the areas of networking services when compared to Microsoft Virtual Network which has similar services. When we talk of computing services Azure provides services like App Services, Azure Virtual Machine, Container services, Azure Functions while AWS provides: Elastic Beanstalk, ECS, AWS Lambda, EC2 and so on. Both these services are quite similar as well. While in the case of storage services, AWS provides temporary storage that is specified with the beginning of the instance and automatically dissolves with its termination. They also provide block storage that can either be attached or separated. Azure provides storage such as Blob, Disk Storage and Standard Archives.

Pricing:

Pricing of computing services depends upon the differences in configuration, the measurement of the computing units and the various range of services: storage, databases, computing and traffic.

AWS follows a pay as you go structure of pricing where there is an hourly charge while Azure charges per minute. An AWS m3. large instance is estimated at $0.133 per hour (21 CPU and 3.75 GB memory), somewhat similar pricing is followed by Microsoft in the Medium VM (2×1.6Ghz CPU, 3.5 GB RAM) that costs about $0.45 per hour. Azure can be deemed more expensive as compared to AWS regarding computing, but it provides for good discounts in case of long-term payments. AWS is also known for supporting the Hybrid cloud environment better. Meanwhile the security provided by AWS via user defined roles is unparalleled as it provides security by giving permissions on the entire account.

Open-Source Integration:

AWS employs tools such as Jenkins, GitHub, Docker and Ansible for their open-source integration as Amazon highly supports the Open-Source sect. Azure on the other hand provides native integration for windows development tools namely: Active Directory, SQL databases and VBS. On instances when Microsoft fails to support open source, Amazon is always open to it. Azure works great alongside NET developers and AWS with Linux Services.

Databases:

In order to save your information, a database is required and both our cloud service providers AWS and Azure relational database (SQL) or NoSQL. Microsoft provides their user with an SQL database while Amazon provides RDS (Relational Database Service) and Amazon DynamoDB. These databases provide automatic replication and are extremely efficient and durable.

Advantages of AWS certification:

AWS is the largest cloud computing service provider and has extra weightage to their certification as they have additional marketability because a large number of companies are using their services. AWS certification also gives you access to AWS certified LinkedIn and other certifications for professionals and developers. These include AWS Developer Associate, AWS SysOps, Cloud Architect Certification, gcp certification and so on.

The advantages of Azure Certification:

Azure also renamed as Microsoft Azure in the year 2014 provide additional benefits to those who are aware of their in-house data platforms. 55% of major Fortune 500 companies go for the services provided by Azure, and hence its certification opens a career opportunity for the candidates in these companies. It has been estimated that around 365,000 companies opt Azure every year which creates demand for Azure professionals. Their certification include Architect Microsoft Azure, Developing Microsoft Azure, Cloud Solution Architect, Cloud Architect, Implementing Microsoft Azure and so on.

Azure and AWS: Making the world a better place

Both AWS and Azure have made huge contributions trying to make this globe a better place to be in. AWS is used to scale flood alerts in Cambodia saving millions of lives and is cost effective. Other risky zones now replicate this technology to detect calamities beforehand.

NASA with the use of AWS platform has created a virtual Storehouse of videos, pictures and audio files that can be accessed easily in one centralized space.

The Weka Smart Fridge that has been created using the Azure IoT suite, helps store vaccines helping medical support to make vaccinations available to people easily.

Both AWS and Azure are reliable sources making lives easy for people around the globe.

Contact Us for Free Consultation

Tags: ,

How Startups can succeed with Cloud Computing?

Posted on May 7th, 2021 by admin@mismo2023

Startups are an enjoyable but demanding professional experience. A host of entrepreneurially dedicated professionals pursue their passion and dive into the world of launching their own company with meteoric growth from businesses. E.g., Facebook, Uber, and Airbnb.

It is noted that in the fast-paced world of startups, there are a lot of challenges that are not faced in the regular office environment. From infrastructure to marketing, all processes of a startup must be built from scratch which becomes difficult for a new company, mainly due to a lack of investments. While the employee count can be subsequently low at the beginning with individuals being from multiple cities or even countries, the major issue arises when a proper structure is required to manage the work of each member.

With Cloud Computing above risks can be reduced.

First, let us understand what is cloud computing?

Cloud Computing is a network of computing services like servers, storage, databases, networking, software, analytics, and intelligence. You only pay for the cloud services you use which helps in reducing operational costs & runs your infra more efficiently. It follows a Pay as you go (PAYG) cost model for cloud services, which is much more beneficial than the traditional IT cost model that has a lot more upfront capital expenditures for both hardware and software requirements.

Read More:- Storage on Cloud

Read on as we discuss the reasons why adopting cloud computing systems can benefit your startup business.

Many people tend to think that life in the world of startups is very fascinating & exciting, still, it cannot be denied that it has its own set of risks and demerits. In a report presented by the Small Business Administration (SBA) Office of Advocacy’s (2018) Frequently Asked Questions (FAQ), it was stated that the number of Small and medium-sized enterprises (SMEs) that are able to sustain through the five-year mark, range from only 45.4% to 51%.

 All bodies of startups have many risks: founders, investors, customers, and partners. But by following a proper approach such risks can be avoided.

As discussed, startups face the following few problems:-

  1. Employee location. (different cities/countries/regions)
  2. Lack of funds.
  3. Stability.

Here are the major benefits of adopting cloud computing for your startup:-

  1. Data Protection: Cloud Solution Providers put forward a group of technologies & services which help in data protection. Daily backups and snapshots on secure servers will secure your data.
  2. Speed & Low Cost: Cloud Computing enhances the flexibility of your business. With just a few taps, it offers you a creative IT infrastructure at low costs. It is easy, quick, and requires minimal investment. You only pay when you use the server.
  3. Effective Collaboration: With Virtualization now being the ‘new normal’, all the employees can work more profusely without the need for large spaces. Also, decreased infrastructure costs, power usage, maintenance, upgrades, hardware, installation services, and support expenses – all of which are immeasurably valuable savings for a startup. Cloud Computing allows all the employees of a firm to access various documents, files & other data from anywhere, anytime via Internet-enabled devices.
  4. Scalability: A Cloud storage platform allows the organization to scale resources up or down in a flexible and cost-effective manner. Contrary to the conventional approach, where human intervention is necessary and costly, sophisticated software and hardware can be inserted or removed according to your convenience. The virtual existence of the cloud increases the usability and availability of service additions. The cloud’s versatility, usability, flexibility, and competitiveness to entrepreneurs are thus critical to the long term success rate of today’s marketplace.

The mobility, accessibility, affordability, and productivity that the Cloud provides is extremely beneficial for startups.

If you have any more ideas on how cloud computing can help startups, do share in the comment section. To read more blogs by Mismo Systems, click here.

Azure AD SSO & AWS – Connecting the Rivals

Posted on May 4th, 2021 by admin@mismo2023

Being part of Mismo Systems, I am fortunate enough to get to work on a diverse set of projects. Few technologies that we see deployed often are Microsoft 365 and EC2, S3 on AWS. Microsoft 365 is growing in stature in the Enterprise space when it comes to Identity and Single Sign-On. Microsoft has worked hard to make it ridiculously simple to integrate with SaaS, Public Clouds, or any other application. Microsoft 365 comes pre-packaged with a free version of Azure AD in the backend, which means you do not have to worry about setting up any major infrastructure if you want to dabble your feet into the world of enterprise SSO. Recently while working on a project I was tasked with setting up SSO between Azure AD and AWS and I thought why not share the knowledge I gathered while working on this with you by writing this blog. Now, before we go ahead and set up the Azure AD SSO for AWS, let’s first take a quick dip into the world of SSO.

Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single identity to any of several related, yet independent, software systems. It is a property of identity and access management (IAM) that enables users to securely authenticate with multiple applications and websites by logging in only once—with just one set of credentials (username and password). With SSO, the application or website that the user is trying to access relies on a trusted third party to verify that users are who they say they are.

Single sign-on provides a giant leap forward in how users sign in and use applications. Single sign-on based authentication systems are often called “modern authentication”. Modern authentication and single sign-on fall into a category of computing called Identity and Access Management (IAM). Web applications are incredibly popular. Web apps are hosted by various companies and made available as a service. Some popular examples of web apps include Microsoft 365, GitHub, and Salesforce, and there are thousands of others. People access web apps using a web browser on their computer. Single sign-on makes it possible for people to navigate between the various web apps without having to sign in multiple times.

Traditionally, companies used on-prem federation services to enable users/applications to connect without worrying about safety threats to overcome this challenge. In order to set up this mechanism companies require ADFS (Active Directory Federation Services. ADFS provided a means for managing online identities and providing single sign-on capabilities.

List of requirements to set up ADFS federation in the traditional environment are listed below:

  • ADFS server with High availability solution (Active & Passive)
  • WAP or ADFS Proxy server for external expose
  • Public CA – Certificate
  • Domain controller server

Some of the challenges with traditional federation setup are:

  • High availability & Server Maintenance – Administration
  • Billing cost for hardware, license and certificate management

A solution for the above scenario is to use Azure AD with Enterprise application SSO supported application with centralized user management setup. When you integrate Amazon Web Services (AWS) with Azure AD, you can:

  • Control in Azure AD who has access to Amazon Web Services (AWS)
  • Enable your users to be automatically signed-in to Amazon Web Services (AWS) with their Azure AD accounts
  • Manage your accounts in one central location – the Azure portal

Choosing a single sign-on method

There are several ways to configure an application for single sign-on. Choosing a single sign-on method depends on how the application is configured for authentication.

  • Cloud applications can use OpenID Connect, OAuth, SAML, password-based, linked, or disabled methods for single sign-on
  • On-premises applications can use password-based, Integrated Windows Authentication, header-based, linked, or disabled methods for single sign-on. The on-premises choices work when applications are configured for Application Proxy

This flowchart helps you decide which single sign-on method is best for your situation:

Since we are going to implement SSO between Azure AD and AWS, I will only talk about the former, i.e. Cloud application. For this blog, we look at how to set up SSO using SAML.

SAML

SAML stands for Security Assertion Markup Language. It is an XML-based open-standard for transferring identity data between two parties: an identity provider (IdP) and a service provider (SP).

  • Identity Provider — Performs authentication and passes the user’s identity and authorization level to the service provider
  • Service Provider — Trusts the identity provider and authorizes the given user to access the requested resource

In our scenario, the identity provider would be Azure AD, (which itself uses Auth0 to authenticate users). The service provider would be AWS. The employee signs into the “My Apps” dashboard with Auth0. They click on the AWS icon, and AWS recognizes that the user wants to log in via SAML. AWS sends the employee back to Auth0 with a SAML Request that asks Auth0 to authenticate the user. Since the employee has already authenticated with Auth0, Auth0 verifies the session and sends the user back to AWS with a SAML Response. AWS checks this response, and if it looks good, the employee is granted access!

Benefits of SAML Authentication

  • Improved User Experience — Users only need to sign in one time to access multiple service providers. This allows for a faster authentication process and less expectation of the user to remember multiple login credentials for every application. In the example above, that user could have clicked on any of the other icons in their dashboard and been promptly logged in without ever having to enter more credentials!
  • Increased Security — SAML provides a single point of authentication, which happens at a secure identity provider. Then, SAML transfers the identity information to the service providers. This form of authentication ensures that credentials are only sent to the IdP directly
  • Loose Coupling of Directories — SAML doesn’t require user information to be maintained and synchronized between directories
  • Reduced Costs for Service Providers — With SAML, you don’t have to maintain account information across multiple services. The identity provider bears this burden

Azure & AWS – Why use both?

There are two main reasons why an organization would want to use multiple clouds: To leverage the strengths of each cloud and to improve availability. Large organizations are selecting different services or features from different providers as part of an overall multi-cloud strategy. This allows them to optimize resources and budgets, as some environments are better suited than others for particular tasks.

In my specific scenario, the company was already using AWS. Once it was decided that they would migrate their workplace services from G Suite to Microsoft 365, we had to go ahead and implement a way for the two technologies to be connected to each other to provide users with a seamless experience. But there are other examples as well where companies willingly go ahead and use both Azure and AWS to manage their cloud infrastructure.

There are specific reasons why an organization would want to use both AWS and Azure together. A few general-use cases for multi-cloud environments include:

  • Site replication and disaster recovery
  • On-ramping and off-ramping data
  • Load balancing across different clouds
  • Cloud switching to take advantage of cost structures
  • Keeping development and production environments separate

Such scenarios warrant the use SSO as users only need to remember the credentials for one environment rather than having to remember a slew of different passwords.

Now that we have covered some basics of the SSO & SAML, lets go ahead and start setting up SSO between Azure AD and AWS. Before we start, there are a few pre-requisites that we need to know of which are as follows:

  • An Azure AD subscription
  • An AWS single sign-on (SSO) enabled subscription

Adding Amazon Web Services (AWS) from the gallery

To configure the integration of Amazon Web Services (AWS) into Azure AD, we need to add Amazon Web Services (AWS) from the gallery to our list of managed SaaS apps. The steps are as follows:

  • Sign in to the Azure portal using a work or school account
  • In the Azure portal, search for and select Azure Active Directory
  • Within the Azure Active Directory overview menu, choose Enterprise Applications > All applications
  • Select New application to add an application

In the Add from the gallery section, type Amazon Web Services (AWS) in the search box

  • Select Amazon Web Services (AWS) from results panel and then add the app. We wait a few seconds while the app is added to our tenant

Once the app is added successfully, it opens a new app blade where we can start configuring SSO.

Configure Azure AD SSO

  • In the Amazon Web Services (AWS) application integration page, select single sign-on in Manage section and click on SAML
  • In Save Single Sign On Setting prompt click on “No, I’ll save it later”
  • On the Set up single sign-on with SAML page, in the SAML Signing Certificate (Step 3) dialog box, click on Download to save a copy of the federation metadata XML as shown:

Now we move to the AWS console to upload this federation metadata XML and add Azure AD as an identity provider.

Configure Amazon Web Services (AWS) SSO

  • In a different browser window, we sign-on to our AWS company site as an administrator
  • In the AWS Management Console, type IAM in the find services field, and click IAM
  • Select Identity Providers > Create Provider
  • On the Configure Provider page, perform the following steps:
  • In Provider Type chose SAML
  • In Provider Name, type AzureAD (The name can be anything, I have added Azure AD to simplify things. You can add whatever name you like)
  • In the Metadata Document, choose the federation metadata XML file you downloaded in the step above and click on Next Steps
  • Click Create to finish the process
  • Now select Roles > Create role
  • On the Create role page, perform the following steps:
  • Under Select type of trusted entity, select SAML 2.0 federation
  • Under Choose a SAML 2.0 Provider, select the SAML provider you created previously (AzureAD or whatever name you choose in the step above)
  • Select Allow programmatic and AWS Management Console access
  • Select Next: Permissions
  • On the Attach permissions policies dialog box, attach the appropriate policy, per your requirements. I chose the AdministratorAccess role
  • On the Review dialog box, perform the following steps:
  • In Role name, enter your role name
  • In Role description, enter the description
  • Select Create role
  • Create as many roles as needed, and map them to the identity provider
  • Now, we need to create a user on AWS with the ReadRoles permissions and add it to Azure Azure AD so that we can grant our Azure AD users the roles we created in the step above. To do that, we forst need to create a ReadRoles policy in AWS IAM. In the IAM section, select Policies and click Create Policies
  • In the Visual Editor on Create Policy page, do the following:
  • In Services, choose IAM
  • In Actions, choose ListRoles
  • Click Review Policy
  • Click Create Policy
  • Now we create a new user account in the AWS IAM service. In the AWS IAM console, select Users and click on Add User
  • In the Add user section:
  • Enter the user name as AzureADRoleManager
  • For the access type, select Programmatic access. This way, the user can invoke the APIs and fetch the roles from the AWS account
  • Select Next Permissions
  • On the Set Permissions page, select the policy we created above
  • On the Review page, click Create User and download the user credentials of a user

Configure AWS Role Provisioning in Azure AD

  • In the Azure AD management portal, in the AWS app, go to Provisioning and click on Get Started
  • In the Provisioning Mode, select Automatic and enter the access key and secret in the clientsecret and Secret Token fields, respectively and click on Test Connection
  • Once the test is successful, click on Save and reload the page. Once the page has reloaded, select Edit Provisioning
  • Turn on provisioning by toggling the Provisioning Status Button to On

The provisioning service imports roles only from AWS to Azure AD. The service does not provision users and groups from Azure AD to AWS. After we save the provisioning credentials, we must wait for the initial sync cycle to run. Sync usually takes around 40 minutes to finish.

Assign the Azure AD test user

  • Within the Azure Active Directory overview menu, choose Enterprise Applications > All applications
  • In the application list, select Amazon Web Services (AWS)
  • In the app’s overview page, find the Manage section and select Users and groups and, select Add user, then select Users and groups in the Add Assignment dialog
  • In the Users and groups dialog, select the required user the Users list, then click the Select button at the bottom of the screen
  • Click on Assign
  • To assign a specific AWS role to the user, select the user and click on Edit
  • Click on Select A Role and select the appropriate role for the user. Click Assign once done

End User Experience

Once you have added the user to the App and assigned appropriate permission, the user can start accessing the AWS console without needing to perform any additional authentication. The user can log in to https://myapps.microsoft.com using their Azure AD/Microsoft 365 credentials and they will see the Amazon Web Services (AWS) app in their my apps portal.

They will be taken to the AWS console directly just by clicking on it and will granted to access to those services only for which they were assigned the roles.

Conclusion

As a next step, it is best practice to set up several SAML Roles inside of AWS. The SAML roles can and should be granularly defined down to the AWS account and resource level.

Here are some example roles to get started with:

  • ReadOnlyAccess Role
  • AmazonEC2FullAccess Role
  • AdministratorAccess Role

On the Azure AD side, we recommend creating groups for each of the above Roles. The assign users to the group, and they are then automatically assigned to the AWS role. Using groups makes a bit easier to manage large amounts of users.

Find out more about Mismo Systems

We love Cloud, Containers, DevOps, and Workplace as a service. If you are interested in chatting, connect with us on Twitter, or drop us an email: connect@mismosystems.com. We hope you found this article helpful. If there is anything you would like to contribute or you have questions, please let us know!

Amazon CloudFront

Posted on April 4th, 2021 by admin@mismo2023

Amazon CloudFront is a brisk Content Delivery Network (CDN) service that safely transfers data, videos, applications, and Application Programming Interface (APIs) to patrons all around the world with low latency, high transfer speeds, in an environment that is developer-friendly.
CloudFront is amalgamated with AWS- both are physical locations directly linked to the AWS global infrastructure, plus other services provided by AWS.


Cloud Front works immaculately with services like AWS Shield for DDoS mitigation, Amazon S3, Elastic Load Balancing, or Amazon EC2 as starters for your applications, & Lambda@Edge to run very specialized codes that are closer to customers’ users and to have a very specific tailor-made experience.

In the end, using AWS origins like Amazon S3, Amazon EC2, or Elastic Load Balancing, won’t cost you anything for transferring data between them and CloudFront.

It would literally take a few minutes to get started with CDN, and you only have to use the AWS tools that you are familiar with already, like APIs, AWS Management Console, AWS CloudFormation, CLIs, and SDKs. The CDN of Amazon provides a straightforward, pay-as-you-go model of pricing and has the benefits of no upfront price or any long-time bonds. The customer care support for the CDN is a part of your existing AWS support subscription.

Benefits:


1) Swift and comprehensive:
The Amazon CDN is based on a very large scale and is internationally spread. The CloudFront network has approximately 220 points of presence (PoPs) and has a considerable grip over the highly sustainable Amazon backbone network for better performance and availability for the company’s consumers.


2) Highly secured network:
The Amazon CloudFront is a very secure CDN that gives protection at two levels: network and application. Your traffic and applications get a lot of added advantages through a wide array of built-in protections like the AWS Shield Standard, with no additional cost. Configurable features like AWS Certificate Manager (ACM) can also be used to manage customer SSL certificates at no added cost.


3) Highly Programmable:
Customization of the features of Amazon CloudFront as per your requirements is quite simple. Lambda@Edge functions, which are triggered by the events of CloudFront, expand your customer code across AWS locations globally, allowing you to re-locate even complex application logic closer to your consumers to increase responsiveness. Integration with other tools and automation interfaces for today’s DevOps and CI/CD environment by the application of native APIs/AWS tools is also supported by AWS.


4) A profound integration with AWS:
The AWS services like Amazon S3, Amazon EC2, Elastic Load Balancing, Amazon Route S3, and the AWS Elemental Media services are integrated with the Amazon CloudFront. They are all present with the same console and all the attributes in the CDN can be configured programmatically with the help of APIs or the AWS Management Console.

Mismo Systems is a Cloud Solutions Provider – A team of enthusiastic professionals, who love & live technology, providing highly innovative IT solutions that will add value to your business.

Follow us on LinkedIn & Twitter to get more information on our Services!

AWS Security Features

Posted on April 4th, 2021 by admin@mismo2023

The Amazon Web Services (AWS) in terms of security follow a shared responsibility model. So, the security ‘of’ the cloud is on the shoulders of AWS, whereas you and your organization’s development team have to look after the security “in” the cloud. Hence, the protection of the infrastructure of the cloud, including hardware, software, and networking falls under the territory of AWS. All the other security objectives, including access to your AWS resources and the security of your application, is your responsibility. The following is an overview of four of the most common AWS security features you’ll need to keep your cloud secure.

1. S3 Security

S3 stands for Amazon’s Simple Storage Service, which is responsible for providing data storage with a high level of availability & durability. Just like all AWS services, the S3 by default denies access from most sources. Only the bucket and object owners (the AWS account owner) have read/write access by default. Hence, it becomes important to lock your S3 buckets so that no unauthorized users are able to view, upload, or delete your files. Contrary to other services, there are several ways of adding permissions to S3, like:

  • Firstly, by giving IAM roles to your hand-picked users within your AWS account. They can be used to specify what the users are allowed to do, and how many of them have access to it?
  • Usage of Bucket Policies to lock down a single bucket. There is an option of adding permissions to either the individual users or the entire AWS accounts. Bucket policies can be helpful if some files in your application are public and some are private.
  • Use of Access Control Lists (ACL) to gain access for AWS accounts & not the individual users. These become very helpful when your company is in possession of & uses several AWS accounts or if any other organization needs access to your files.

2. Identity Access Management (IAM)

The IAM is a free-of-cost element of the AWS that allows you to control & manage- ‘what users have access to what services and resources. By default, access to resources is generally denied, so you will have to grant users permissions in IAM. Permissions are incredibly comminuted and allow you to specify the particular file or resources that a user can access, what the things are that they can do with the file and the work conditions that have to be present for the permissions to get activated – like, using a specific IP address to access AWS. Here are some best practices you should consider with IAM:

  • Granting few privileges- Granting the users only the permissions they need to perform the tasks, and nothing more. This is very beneficial, as you can always grant more permissions, but you cannot obtain the databases that were deleted or removed because you made everyone an admin.
  • Creation of groups- A group can be defined as a lump or collection of users that allows you to specify the various permissions for the concerned users. Because of this, tracking who has what permissions becomes very easy, plus you can add permissions to several users at once. For example, a group called Mismo AWS could be given full control over the AWS, while the other group, i.e., AWS Developers, in this case, may only be given access to Lambda and S3.
  • Enable multi-factor authentication, or MFA, for all users. MFA means that, for a user to sign in, they will have to enter the passcode followed by an additional code that is sent to them through a secondary device, like a smartphone. This is very useful as, even if a user’s password is compromised, their account will not be accessible.

3. Cloud Trail

Your applications are not directly affected by CloudTrail, but it is essentially a tool used for tracking the activity of the users, compliance demonstration, and executing the security analysis. The review activity can also be searched through the logs created by CloudTrail. Overall, it is present by default, so you can view the logs as long as you have an AWS account. CloudTrail is very useful in determining whether your security configuration is sufficient or not? You can view the following from CloudTrail logs:

  • The various updates to AWS services.
  • The IP address source of the API calls.
  • Which account created, deleted, or even modified the different AWS resources.

You can monitor and protect your organization’s digital assets with the built-in features of AWS. You have the power to determine which security features to employ and who has access to them. Your data gets stored securely on the cloud, & your organization’s unique security requirements are still under your control.

4. Security Groups

Elastic Cloud Compute also called EC2, instances are the actual servers on which the applications are run. Each server operates from a Virtual Private Cloud (VPC), a virtual network that you have control over. These VPCs have. There are many security groups in VPCs, which may or may not allow the entry of traffic.

In these security groups, you get to choose the traffic that can enter both in and out of your VPC. Security groups, however, are stateful, so if you allowed ‘in’ a request, its response is allowed ‘out’. By default, traffic is denied, so everything gets rejected if it is not specifically allowed ‘in’. It is quite common for all the traffic to be allowed for Outbound traffic (because you are the one who is sending it), but it is important to cut down on the type of inbound traffic that you allow. You can also specify the types of requests (like HTTP, SSH, etc.), the port range, & the source of traffic through these security groups.

For more of such blogs click here.

Azure vs AWS

Posted on March 14th, 2021 by admin@mismo2023

It’s Azure vs AWS!! Read this blog to know the major differences between Azure & AWS.

What is Azure?

Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying and managing applications and services through Microsoft-managed data centres. Founded in 2010, it can be operated on both Linux and Microsoft. Azure is a uniquely powerful offering because of its builder, Microsoft.

Azure offers Platform as a Service (PaaS) and an Infrastructure as a Service (IaaS)

What is AWS?

AWS is a subsidiary of Amazon providing on-demand cloud computing services and APIs to individuals, companies and government on a metered pay-as-you-go basis. Founded in 2006, Aws runs on Amazon Linux, which is a modified Linux operating system developed for their own use. The vast toolset of AWS is growing at an exponential rate. It’s been in the cloud computing market for more than 10 years, which means that AWS is the frontrunner and has been for some time.

AWS offering services are categorised as Platform as a Service (PaaS), Infrastructure as a Service (IaaS), and Software as a Service (Saas).

Features and Services

1.    Computing Power

  • AWS EC2 users can configure their own virtual machines (VMs), choose pre-configured machine images (MIs), or customize MIs. Users have the freedom to choose the size, power, memory capacity, and number of VMs they wish to use. 
  • Azure users, on the other hand, chose a virtual hard disk (VHD) to create a VM. This can be pre-configured by Microsoft, the user, or a separate third party. It relies on virtual scale sets for scalability purposes. 

2. Storage

  • AWS’s storage relies on machine instances, which are virtual machines hosted on AWS infrastructure. Temporary storage is allocated once per instance and destroyed when an instance is terminated. You can also get block storage attached to an instance, similar to a hard drive. AWS’s cloud object storage solution offers high availability and automatic replication across regions.
  • Azure offers temporary storage through D drive and block storage through Page Blobs for VMs, with Block Blobs and Files doubling as object storage. It supports relational databases, Big Data, and NoSQL through Azure Table and HDInsight. There are two classes of storage offered by Azure -Hot and Cool. Cool storage is comparatively less pricey than Hot, but one has to incur additional read and write costs.

3. Databases

AWS works perfectly with NoSQL and relational databases providing a mature cloud environment for big data. AWS’ core analytics offering EMR helps set up an EC2 cluster and provides integration with various AWS services. Amazon’s relational database service (RDS) supports six popular database engines: 

  1. Amazon Aurora
  2. MariaDB
  3. Microsoft SQL
  4. MySQL
  5. Oracle
  6. PostgreSQL

Azure’s SQL database, on the other hand, is based solely on Microsoft SQL.  Azure supports both NoSQL and relational databases and as well Big Data through Azure HDInsight and Azure table. Azure provides analytical products through its exclusive Cortana Intelligence Suite that comes with Hadoop, Spark, Storm, and HBase. 

4.  Network and Content Delivery

  • AWS uses a virtual private cloud (VPC) so that users can create isolated private networks within the cloud. From there, it uses API gateways for cross-premises connectivity. To ensure smooth operation, it uses elastic load balancing during networking. A user can create route tables, private IP address ranges, subnets, and network gateways within a VPC. 
  • Instead of a VPC, Azure uses a Virtual Network (VNET) that grants users the ability to create isolated networks, as well as subnets, private IP ranges, route tables, and network gateways. 
  • Both AWS and Azure offer firewall options and solutions to extend your on-premises data centre into the cloud without compromising your data. 

5.  Pricing

  • AWS provides a pay-as-you-go model and charges per hour. AWS can help you save more with increased usage- the more you use, the less you pay. AWS instances can be purchased based on one of the following models –
  • Reserved Instances – Paying an upfront cost based on the use, one can reserve an instance for 1 to 3 years.
  • On-demand Instances -Just pay for what you use without paying any upfront cost.
  • Spot Instances- Bid for extra capacity based on availability.
  • Azure charges per minute, offering a more exact pricing model than AWS. It also offers short-term commitments allowing you to choose between monthly or pre-paid charges

For more such blogs, visit here. Subscribe to our newsletter for the latest updates on Windows Virtual Desktop & Microsoft Teams.

Tags: ,

Amazon FSx – How can it help you?

Posted on March 4th, 2021 by admin@mismo2023

The Amazon FSx has a very efficient way of deploying and running traditional file servers in the cloud that is completely administered by AWS. You can use the wide feature sets & fast performance of popular open-source & commercially licensed file systems with a hassle-free experience, i.e., remove the headaches of hardware provisioning, software configuration, patching, and backups.

You can choose out of the 2 file systems:

  • Amazon FSx for Windows File Server Amazon FSx for Windows File Server is a fully managed file server accessible over the SMB protocol. It is deployed on a Windows server managed by AWS and have features like data deduplication, end-user file restore, and Microsoft Active Directory integration, scheduled backups, and data encryption. You can use this to migrate your file servers to cloud and it can be used as a file share for applications.
  • Amazon FSx for Lustre Amazon FSx for Lustre is also a fully managed service for workloads that require high performance such as machine learning, high-performance computing (HPC), video rendering, and financial simulations. Powered by Lustre, the world’s most popular high-performance file system, FSx for Lustre offers shared storage with low latencies, up to hundreds of gigabytes per second of throughput, and millions of IOPS.

Features

Economical

You get the option of spinning file systems up or down on-demand. It provides an extensive amount of Solid-State Disk (SSD) & Hard Disk Drive (HDD) data storage facilities that allow you to choose the best plan according to your storage & price specifications.

The FSx for Windows File Server provides data deduplication, hence enabling cost efficiency by eliminating all the residual data. The FSx for Lustre allows you to select non-replicated, scratch file systems to promote cost-cutting for the temporary processing of data.

Efficient performance

Even the most graphic-intense enterprise applications & high-performance workloads are supported by the FSx, as it was designed to deliver quick & expected results with measurable & consonant performance.

High read and write speeds with consistent low latency data access are delivered by the Amazon FSx.

Just select the type of storage & throughput level according to your application’s requirements. There is also a provision for increasing the storage capacity at any given time, in accordance with your dynamic business requirements.

Available & Scalable

Operates the same as any other AWS, & it offers several options for deployment in accordance with your work’s requirements. With FSx for Windows File Server, you get the option of choosing either single-AZ or multi-AZ deployment types, which depends on the needs of your application. With FSx for Lustre, you get to select from scratch or persistent storage for temporary or permanent data processing.

Simple & fully managed

It can be opened with a few clicks, in which there is no hassle in managing file servers & storage volumes, updating hardware, configuring software, monitoring storage consumption, or performing backups – with Amazon FSx all these processes become automatic.

Safe & accommodating

Encryption of your data at rest & in transit is done automatically by the Amazon FSx. For overseeing the network access to your file system, Amazon FSx allows you to operate your file systems via an Amazon Virtual Private Cloud (Amazon VPC). The Amazon FSx is the culmination of a carefully planned file system having the highest security standards that comply with ISO, PCI-DSS, and SOC certifications, & is HIPAA eligible. Additionally, the integration with AWS Backup allows you to meet your data protection specifications that are secured with compliance management & centralized backup for your Amazon FSx file systems.

Integrated with AWS services

Several AWS services can be integrated with the Amazon FSx file systems, like- Amazon CloudWatch, Amazon CloudTrail, AWS KMS, Amazon SageMaker, Amazon Elastic Container Service (Amazon ECS), Amazon WorkSpaces, Amazon AppStream 2.0, Amazon S3, Amazon Elastic Kubernetes Service (Amazon EKS), AWS Batch, and AWS ParallelCluster.

To know more about our services contact us here!

DevOps with AWS

Posted on February 23rd, 2021 by admin@mismo2023

What is CI CD?

Continuous Integration

Developers work on the code which is stored in a code repository.  Code repository can be GitHub, AWS CodeCommit etc. As developers keep making changes to the code and push to the code repository, a build server builds the code and runs the tests. Build Server can be AWS CodeBuild, Jenkins etc.

This process is called continuous integration. Developers focus on developing code and not building and running tests. It helps to identify and fix bugs faster and have code available for frequent releases.

Continuous Delivery and Deployment

With Continuous integration, you have automated the code build and testing. The next step is to deploy the code. For this, you can use a deployment server which can be AWS CodeDeploy, Jenkins etc. The deployment server will take the code from the build server and push the code to the test/prod environment.

With Continuous delivery, you will have a manual step to approve the deployment. The deployment will be automated and repeatable. With Continuous deployment, no manual steps are required, and deployment will be fully automated.

In practical scenarios, continuous deployment can be used to push the deployment to test & UAT servers while manual approval can be used for production deployment.

Also Read:- Breakout Rooms and Its Usage – Microsoft Teams

AWS Technology Stack for CI CD

Code Commit can be used as a private code repository for version control for collaboration, backup and audit. It includes all the benefits of AWS i.e., Scale, Security, Compliance and integration with other services including AWS Code Build, Jenkins etc. You can use GIT to integrate your local repository with the Code Commit repository. You can configure role-based access, notifications and triggers. For e.g. You can configure a trigger to execute a lambda function for automation.

Code Build A fully managed build service can be an alternative to tools like Jenkins. It has all the benefits of a managed service i.e., scale, security and no maintenance overhead and power of integration with services like Cloud Watch for notifications & alerts and Lambda for automation. It uses Docker containers under the hood (you can use your own docker image as well), is serverless and pure Pay as You Go (PAYG).

Code Deploy managed service by AWS is to deploy code on EC2 instances or on-premises machines. Code deploy can be used instead of tools like terraform, ansible etc. if it meets your requirement of continuous deployment. You can group the environment such as prod, dev etc. Code deploy will not provide resources for you. Code deploy agent will be running on the server/EC2 instance and will perform the deployment.

Code Pipeline to orchestrate the whole deployment. It supports code repositories such as GitHub, Code Commit, build tools such as Code Build, Jenkins, deployment tools such as Code Deploy, Terraform, and load testing tools. It creates artefacts for each stage.

All these services can easily use powerful management and monitoring tools like CloudWatch for logging and monitoring.

AWS Directory Service: The Amazon Cloud Active Directory!

Posted on February 4th, 2021 by admin@mismo2023

The AWS Directory Service provides several ways to use the Microsoft Active Directory (AD) with other AWS utilities. Information regarding users, groups, & devices can be stored in directories, & the administrators use them to retrieve the information & resources. AWS Directory Service offers many directory alternatives for clients who wish to utilize the current Microsoft AD or Lightweight Directory Access Protocol (LDAP)–aware applications in the cloud. There is also a provision of the same alternatives to developers who seek a directory to manage users, groups, devices, & access.

What to select?

I want Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) for applications in my cloud: Choose AWS Directory Service for Microsoft Active Directory

I develop SaaS applications: The developers of upscale SaaS applications can use Amazon Cognito.

AWS Directory Service for Microsoft AD

Also known by the name AWS managed Microsoft AD, the AWS Directory Service for Microsoft AD is backed by a verified Microsoft Windows Server AD, overseen by AWS in the AWS Cloud. AWS managed AD permits a wide range of AD–aware applications to be migrated to the AWS Cloud. 

The AWS Managed Microsoft AD can be used with Microsoft SharePoint, Microsoft SQL Server, & several .NET applications. It is also compatible with AWS managed services such as Amazon WorkDocs, Amazon WorkSpaces, Amazon Connect, Amazon QuickSight, Amazon Chime, & Amazon Relational Database Service for Microsoft SQL Server (Amazon RDS for SQL Server, Amazon RDS for Oracle, & Amazon RDS for PostgreSQL).

AWS Managed Microsoft AD is present in 2 editions: Standard & Enterprise.

Standard Edition: AWS Managed Microsoft AD (Standard Edition) has been optimized to be a central directory for small-scale & midsize businesses with as many as 5,000 employees. Enough storage capacity is allotted to support up to 30,000 directory objects, like computers, users & groups.

Enterprise Edition: AWS Managed Microsoft AD (Enterprise Edition) has been created to back firms with up to 500,000* directory objects.

Security in AWS Directory Service

Cloud security at AWS is of the utmost priority. As a customer of AWS, you can avail several benefits from a data centre & network architecture that has been modelled to match the needs of organizations, for whom top-notch security of their data is a priority.

You and the AWS have to share the charge of security. This is described under the shared responsibility model as ‘the security of the cloud & security in the cloud’:

Security of the cloud – AWS is in charge of handling & protecting the fundamentals that run AWS services in the AWS Cloud. AWS also gives you services that are absolutely safe. Third-party auditors are regulated to continuously evaluate the level of our security as a part of the AWS compliance program.

Security in the cloud – The AWS service you use is your responsibility. The sensitivity of your data, your company’s needs, & applicable laws & regulations are also in your own hands.

Infrastructure Security in AWS Directory Service

Since it is a managed service, the AWS Directory Service is protected by the AWS global network security protocols.

Identity & Access Management for AWS Directory Service

Credentials are required to get access to the AWS Directory Service, which the AWS can use to authenticate your requests. Those credentials should have valid permission to gain access to the AWS resources, like an AWS Directory Service directory.

Contact us to know more!

AWS CodePipeline

Posted on November 4th, 2020 by admin@mismo2023

AWS CodePipeline is an Amazon Web Services tool that automates the app deployment process, enabling the developer to easily create, design, and execute software for new functionality and upgrades. The approach is known as continuous distribution.

AWS CodePipeline dynamically builds, checks, and launches the program any time the specification is changed; the developer uses a virtual user interface to model workflow settings for the release phase in the pipeline. AWS CodePipeline incorporates a range of Amazon services. It also facilitates tailored programs and activities via the AWS command-line interface.

The development team could define and execute actions, or a set of actions called a level. The developer should decide which CodePipeline testing should run and the pre-production environments it will run. The software will then run these activities into a concurrent execution cycle, in which several processors perform computational functions concurrently to optimize workflows. It takes source code from Amazon Simple Storage Service and deploys it on both AWS CodeDeploy and AWS Elastic Beanstalk. Developers can also add AWS Lambda functions or third-party DevOps platforms, such as GitHub or Jenkins.

All custom acts include creating, deploying, checking, and invoking, which promote special release processes. The developer will set up a worker to test the CodePipeline for job demands, then execute the task and return the status response.

The administrator gives access to AWS CodePipeline by AWS Identity and Access Management (IAM). IAM Roles Monitor which end-users may make improvements or changes to the release process of the program.