Category: Cloud Computing

Four Azure Tools Which Help You Secure Your Cloud Services

Ulv Bjørnsson2 Comments

In today’s interconnected cloud-first, mobile world, securing your online apps and services is vital. However, building secure solutions which deliver value in today’s complex and regulated environment can be a challenge. With information essentially becoming the currency of the digital age, the creation of multiple compliance regulations has forced organizations to implement technical security measures to protect their online systems and customers. Meeting these compliance requirements can be challenging, especially if you are leveraging the benefits of the cloud. Not only do you need to build and configure your apps and services securely, but you also need to ensure your chosen cloud provider meets any necessary compliance requirements.

Compliance in the Cloud Compliance Is a Shared Responsibility

On Azure, Microsoft is responsible for meeting the compliance requirements for its platform while you are responsible for any compliance measures which relate to your cloud service.

With more certifications than any other cloud service provider, Azure meets a broad set of international as well as industry-specific compliance standards. These include the GDPR, ISO 27001, HIPAA, SOC, among others. Microsoft also conducts regular comprehensive audits to ensure it maintains these standards and adheres to the security controls needed.

However, as stated, ensuring your services that are running on Azure meet compliance requirements is your responsibility. Thankfully Microsoft Azure provides a few tools which can help you secure your cloud services and meet the necessary compliance standards.

Read More »

An update and a recap we are in the middle of 2018!

Ulv BjørnssonLeave a comment

It’s Summer, the heat in Norway and most of the world is unreal these days with world records being broken. We are in the middle of 2018, and a lot has happened!

I joined Lumagate in March as a Principal Solution Architect, and in May the rebranding to Innofactor was completed which was celebrated with an event called Inspirit that was held in Helsinki.

6Innopaper1920_1200.jpg

Innofactor is a leading provider of digitalization and cloud solutions in the Nordic countries. Our task is to help our customers digitalize their business, promote a collaborative way of working, and develop their business processes by utilizing data-driven decision making and secure cloud services. Together with our customers, partners, employees, and investors we produce solutions that help our customers and society to succeed.

If you are looking for a place where you can work with cutting-edge technology, good colleagues and exciting days, you should definitely check us out.

On the 7th of June, I spoke at GNIST, a cloud seminar put-together by Innofactor. Primed on cloud computing, there were a lot of exciting speakers and topics. I was asked to hold a session, and I did one called “A recipe for Cloud Migration” where I covered getting control over operational costs, increasing workforce productivity and driving business agility by moving to Cloud.

If you are holding an event and have a call for content or speakers, let me know. I’ll check it out, and I can if you want also forward it to other relevant speakers based on topic and audience.

 

aliglobalreach.PNG

Also at the start of July, I was announced as an Alibaba Cloud Most Valuable Professional which I am incredibly humbled by and appreciative to be recognised by Alibaba Cloud for doing the things I love. Nothing is more rewarding than to be able to do what I’m passionate about technology, security and the intersection of it all with the human element. There is no doubt that Alibaba Cloud is the go-to cloud for anyone looking to have a presence in mainland China.

 

2018 has been a year to symbolise new beginnings and challenges which I am thoroughly enjoying. Working a lot with governance for enterprise organizations as well as hosters in the Nordics and massive datacenter migrations to cloud, I’m looking forward to writing more on this going forward and sharing my insight as well as hearing from you; what your thoughts, gotchas, questions or pitfalls you’d like to ask about or share.

 

Bilderesultat for weather 2018 summer europe

Enjoy the summer and remember to stay hydrated!

If there are any topics or areas you’d like me to focus on, don’t hesitate to let me know! As always you can reach me at @UlvBjornsson, via the comments or by connecting with me on LinkedIn.

Microsoft’s Coco framework: Enhancing cybersecurity on the Blockchain

Ulv Bjørnsson2 Comments

Article-5-2.jpgCoco Framework, is NOT a blockchain ledger.

Coco is a blockchain ledger framework.

It leverages a combination of trusted execution environments, advanced cryptography and innovative blockchain-focused consensus mechanisms to enable new ways of utilizing the blockchain. Coco stands for Confidential Consortium.

If you want a deeper dive, I suggest you check out the Coco Framework whitepaper, here.

Additionally, Microsoft offers BaaS (Blockchain-as-a-service) and was chosen by Bankchain which is a platform for banks that want to implement blockchain technology; members include State Bank of India, ICICI Bank, DCB Bank, Kotak Mahindra Bank, Federal Bank, Deutsche Bank and UAE Exchange.

Read More »

Artificial intelligence and Cloud computing: Real-time fraud detection in online banking application within the cloud

Ulv Bjørnsson4 Comments

Over the last few years, cloud computing has been the buzz. Cloud computing services offer an infrastructure that is highly scalable and supports high-performance computing. With high adoption by businesses of all sizes. Development and deployment of applications within the cloud platform are easy and time to market is done in a fraction of the time.

Artificial intelligence is not a new technology. It has been here for a long time and has helped develop computers and software that perform tasks that are associated with intelligence. Machine learning and deep learning are subsets of artificial intelligence that involve the development of algorithms that learn from data inputs and give intelligent output based on that data and the learned patterns.

A lot of research has been done and still is being done on implementing artificial intelligence into cloud computing. Cloud service providers such as Amazon, Google and Microsoft have already integrated AI into their clouds to improve service delivery. AI brings about capabilities such as machine learning, recognition of patterns and robotics to the cloud. On the other hand, the cloud is able to provide a wide range and large volumes of data since these capabilities are largely dependent on data as input so as to produce the desired output. The cloud also allows the systems to open-access and open-source data which is very crucial in facilitating collaborative learning.

Read More »

Creating a Load Balancer in the Microsoft Cloud: Azure

Ulv BjørnssonLeave a comment

WHAT IS AZURE LOAD BALANCER?

Azure Load Balancer secures high availability and network performance to your applications/frontend/backend.

It is a Layer 4 load balancer (TCP/UDP) that distributes traffic among instances of services defined in the load-balanced set.

You can load-balance web applications, Virtual Machines, and so-on by routing traffic based on NAT rules that you configure on the load-balancer.

Read More »

Connect to Microsoft Azure with Powershell

Ulv Bjørnsson1 Comment

In this article I’ll walk you through the steps needed to connecting to your Microsoft Azure environment, as well as giving you a glimpse of how you can manage it by starting up a IaaS virtual machine.

There is endless potential, to what you can manage and automate of Azure resources with PowerShell, but from here to there, first step is connecting it!

autoallthings.png

Installing Azure PowerShell Module

First off we are going to install the Azure PowerShell module

WebPlatformInstaller_2017-07-03_13-05-42
The installer takes a few minutes, once installed we will connect to your Azure subscription.

Read More »

Microsoft Azure: Azure PowerShell – ForbiddenError: The server failed to authenticate the request.

Ulv Bjørnsson1 Comment

Hey, so if you are getting this error I’ll walk you through the easiest ways to remedy it.

powershell_2017-07-03_13-53-48.png

PS C:\> Get-AzureVM
Get-AzureVM : ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and i
s associated with this subscription.
At line:1 char:1
+ Get-AzureVM
+ ~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Get-AzureVM], ComputeCloudException
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.GetAzureVMCommand

or

Set-AzureSubscription : ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.

The solution often is easier then you’d think, just like how browsers have their cache so does your Microsoft Azure PowerShell so you’ll want to input this:

Clear-AzureProfile

powershell_2017-07-03_13-58-31.png

This will clear your current Azure profile.

You should also consider deleting the content of this folder:

C:\Users\%USERNAME%\AppData\Roaming\Windows Azure Powershell

After which you can run

Add-AzureAccount / Login-AzureRMAccount

and then you can execute any Azure PowerShell commands that you’d like to run. For a more detailed walkthrough check my article on connecting and managing Microsoft Azure via PowerShell.

 

PS: If you are still getting errors, you should check whether the mode you are running in is incorrect you can input 

Switch-AzureMode AzureResourceManager

Important to note that “Switch-AzureMode” is deprecated and will be removed in a future release. However doing so seemed to import the certificate and removed the “ServiceManagement” modules that were loaded with this install and installed the correct certificate.

So now to see if it’s working we can run Get-AzureVM or Get-AzureRMvm

which outputs:

powershell_2017-07-03_15-20-32.png

 

chrome_2017-07-03_15-22-47

As always, you can follow me on Twitter at @UlvBjornsson or follow me on here, if you have tips for articles you’d like to read or topics you want to hear more about, hit me up.

Ulv

Watch out bad guys, here comes Windows Defender ATP

Ulv BjørnssonLeave a comment

Busy days, we had WannaCry remind us about the importance of patch compliance and mitigation (add political pun about encryption and weapons) and we saw IT and business rally to mitigate, patch and get their heads over water.

NotPetya spread over the same attack vector and utilized PsExec with the SMBv1 vulnerability but had a much more complicated payload, which turned out to not be ransomware, but a wiper prompting for a ransom, allowing no way to decrypt essentially rendering the data lost.

chrome_2017-06-30_15-40-58.png

So with that in mind I decided to write a post about the upcoming Windows 10 Fall Creators Update, touching on Windows Defender ATP and security in general, and my thoughts surrounding it..

chrome_2017-06-30_15-44-39.png

First off, it integrates Windows Defender Advanced Threat Protection (ATP) into Windows 10 essentially unifying the Windows threat protection stack.

To sum it up, it’s built in and not added on. 

Security is complicated, it involves layer upon layer, there is exterior security, interior security, network, information, os hardening, user training and so on.

One of the best things with ATP?

It integrates with cloud intelligence and the rest of your security, giving you a single pane of glass for administration.

windows-defender-atp-new-dashboard
Windows Defender ATP dashboard view

Now what is the ATP? It covers a range of features such as:

Windows Defender Exploit Guard

Windows Defender Explot Guard (WDEG) uses information from the Microsoft Intelligent Security Graph (ISG) and provides a heavy set of intrusion rules and policies to assist and prrevent advanced threats, as well as zero day exploits.

windows-defender-atp-exploit-guard
Machine timeline from Exploit Guard

 

Windows Defender Application Guard

A real winner here I believe, we’ll see how it turns out when it goes live for everyone, but I like the idea of Windows Defender Application Guard (WDAG) because even if the OS stack, network stack is secure, does not necessarily mean your third-party applications for example your browser is. Example and point: when Tim in accounting accidentally downloads malicious malware or Rambo in security triggers a zero-day worm whilst researching in the wrong container, WDAG will isolate and contain the threat. Keeping your device, apps and data secure. At least in theory.

Windows Defender Device Guard

Also integrated into ATP, Device Guard allows whitelisting of applications on a per-device basis and if anything it gives the Security Operations Center better insight, and automated application control as well as implementation of DDG into ATP gives organizations an easy implementation.
so-what.jpgWell improved detection, response capabilities and a growing detection dictionary that includes more indicators of attacks (IoA) with a large suite being gathered into one product in the Windows threat protection stack will allow you to remedy, as well as spot weaknesses far faster then before, and reduces the overhead required and the custom implementations required to make all the systems “talk“.

 

Updated-Figure-3.jpg

So what is my take from this? I thoroughly believe that the creator of a product (Microsoft) is most likely the best to create a security solution best suited for their product (Windows and surrounding services).

windows-defender-atp-security-analytics.png

To sum it up ATP integrated with Windows 10, and Cloud Intelligence (Office 365, Microsoft Azure) will be a huge step in the right direction, and be a valuable asset to any Service Operations Center or IT operation team.

download (1).png

As always if you have any suggestions about topics, articles, how-to’s and what not hit me up here or on twitter at @UlvBjornsson

Microsoft Azure: Configuring auto-shutdown

Ulv BjørnssonLeave a comment

So, in Azure you pay for what you use. If it’s on (or if it is allocated), you are paying for it, until it is deallocated.

So what can we do to save costs? We can configure automatic shutdown.

2017-06-08_13-58-35.png

So if we enter “Auto-shutdown” on the left panel in the VM:

chrome_2017-06-08_14-02-47.png

So let’s enable it, and set our preferred time for shutdown. Ensure that you have configured the timezone correctly so that it shutsdown when you expect it to.

 

chrome_2017-06-08_14-05-14.png

There you go, you’ve configured automatic shutdown on a schedule.

Next up, we’ll be looking at runbooks and the possbility of turning your virtual machines off, but also on again on a fixed schedule.

Stay tuned for more, and always you can reach me here or over on twitter at @UlvBjornsson.

If you are curious about the Azure exam 70-533, you can check out my write up on it over here.

Until next time!

Ulv

70-533: Implementing Microsoft Azure Infrastructure Solutions – Preparing and taking the exam

Ulv Bjørnsson2 Comments

As some of you know I have a background with private cloud and as of late been moving more and more towards the hybrid cloud, to take advantage of Microsoft Azure.

I’ve been preparing for multiple exams as of late and wanted to take the 70-533 Implementing Microsoft Azure
Infrastructure Solutions due to the sheer volume of growth Microsoft is having with Azure.

So I realized, I best stay updated and formalize my knowledge.

Figured it was time to sit the 70-533 exam which covers:


Preparing

Microsoft-70-533

I took advantage of Microsoft’s focus on Azure, they provide free training and heavily discounted practice tests as well as exam vouchers.

Here are the resources I took advantage of in the time going towards the exam itself:

2017-05-24_14-44-33

 

One of the challenges with the exam is that it is quite broad and to understand the width you need hands on experience, thankfully the hands on labs from Microsoft were great.

The exam also covers Powershell as well as JSON examples, that you have to plot in the right cmdlet for – so get used to it, throw up an editor, or run through the practice test.

A strong suggestion that I urge you to follow through with it, get an Azure trial, the best way to familiarize yourself with Azure is by using it, and also to understand the basics of the ARM deployments and the Powershell scripts.

GitHub has many great repositories that let you get a full infrastructure up and running in no time, however to maximize your trial, remember to turn things off or deleting them so you can get the most out of your thirty day trial.

Some workplaces also have free trials up and running, so ask a colleague you might already have an environment dedicated for Azure testing.

 

 

 

main-qimg-d432f9144cb764cbfa02e33c28948594

Conclusion

I am happy to announce that I did pass the 70-533 exam, it was a challenge, and really happy to have passed it. These days a lot of my time is spent on researching new Azure features, looking at ways I can implement them and also quality assurance, ensuring they have a place in a customers production environment.

I would recommend the exam to anyone wanting to formalize their knowledge, but also wanting to dive deeper into Microsoft Azure. Let me know how your preparation or exam is going in the comments, and as always hit me up here or on twitter at @UlvBjornsson if you have any ideas for future articles or thoughts you’d like to share.