Arraya Insights

by

More companies are adopting a cloud or hybrid cloud computing environment and are beginning the application modernization process than ever before, and for good reason. Taking advantage of app modernization results in reduced costs, increased developer efficiency, and operational standardization (which cuts down on mundane tasks and lowers the potential for human error). By 2024, it’s expected that over 50% of all applications will be modern apps.  

Even prior to the pandemic, containers were gaining popularity. From 2020 and on, there’s been a large-scale push for app modernization with a resulting increase in container and Kubernetes adoption. In this blog, we’ll break down both containers and Kubernetes and explain why your business’s IT department should care about them.  

Containers  

Containers are a package of software that bundles an application’s code together with the related configuration files and libraries, along with the dependencies required for the app to run. These eliminate the need for Virtual Machines as a single host operating system manages the containers’ access to physical resources, such as RAM and CPU.  

Containers have become the most popular option, surpassing VM-centric data centers, which don’t work well at hyperscale.  

The benefits of containers include: 

  • Agile application creation and deployment 
  • Continuous development, integration, and deployment 
  • Dev and Ops separation of concerns 
  • Cloud and OS distribution portability 
  • Resource isolation and utilization  

As lightweight and isolated environments, containers make it easier for apps to develop, deploy, and manage.  

Kubernetes 

Kubernetes is an open-source container management platform that unifies a cluster of machines into a single pool of compute resources. 

The architecture of Kubernetes is made up of various pieces: 

  • Pods are the smallest unit of computing within Kubernetes and encapsulate one or more applications. These are run within a cluster by way of a cluster Node.  
  • Cluster Nodes are given internal cluster IP addresses and ports so that the system can distinguish between Nodes and manage communication between those Nodes.  
  • A kubelet is the primary “Node agent” that runs on each Node and registers the Node with the API server, using either a host name, a flag to override the host name, or a specific logic for a cloud provider. The kubelet works in terms of a PodSpec, which is a YAML or JSON object that describes a pod. This is a type of load balancer that is meant to route traffic to the requested cluster IP and ports.  
  • The API server allows internal and external interfacing via JSON over HTTP.  
  • ETCD is a key-value data store that handles the real-time state of the cluster and stores configuration values for the deployment (for example: how many Nodes need to be running or how many pod instances are available in each Node).  
  • The Scheduler uses the information from the ETCD to schedule to create instances of pods to meet those requirements. This monitors the workload to ensure that no resource is over allocated.  

Kubernetes come with a set of built-in controllers that run inside the controller manager. These native controllers include functions to manage replications, Nodes, endpoints, and namespaces. As such, the need for a guest operating system is removed and we can automate the management of our application. By telling the Master what configuration we want, we’re allowing the environment to self-heal. It will allocate resources, create new instances, and load balance based on our pre-defined requirements.  

This eliminates the need for expensive utilities designed to balance load, identify predictive failures, and maximize availability. We can do all these functions natively from Kubernetes from a single pane of Admin glass.  

Next Steps: Getting to Know Your Options 

Azure Service Fabric 

This distributed systems platform makes it easy to package, deploy, and manage scalable and reliable microservices and containers. Azure Service Fabric manages all of this with a strong ability to build stateful services.  

This platform offers: 

  • fast time to market 
  • container and service orchestration in the same environment 
  • the ability to choose your architecture 
  • microservice agility 
  • IDE integration 
  • the capacity to run anywhere 

Service Fabric powers many Microsoft services today, including Azure SQL Database, Azure Cosmos DB, Cortana, Microsoft Power BI, Microsoft Intune, Azure Event Hubs, Azure IoT Hub, Dynamics 365, Skype for Business, and more.  

Azure Kubernetes Service  

This service offers serverless Kubernetes, an integrated continuous integration and continuous delivery (CI/CD) experience, and enterprise-grade security and governance.  

Azure Kubernetes Service provides: 

  • elastic provisioning of capacity without the need to manage the infrastructure 
  • faster end-to-end development experience through Visual Studio Code Kubernetes tools, Azure DevOps, and Azure Monitor 
  • the most comprehensive authentication and authorization capabilities using Azure Active Directory and dynamic rules enforcement across multiple clusters with Azure policy 
  • availability in more regions than any other cloud provider  

Unite your development and operations teams within a single platform to rapidly build, deliver, and scale applications with confidence.  

VMware Tanzu Kubernetes Grid 

With Tanzu, users can reliably deploy and run containerized workloads across private and public clouds. Users can run the same Kubernetes across data center, public cloud, and edge to keep workloads properly isolated and secure.  

This provides: 

  • consistent Kubernetes everywhere 
  • automated multicluster operations 
  • validated integrated services 
  • enterprise-wide management 
  • Kubernetes on vSphere 
  • expert support 24/7 

This is a great option for customers that want to run this on-prem or in multiple clouds.  

To learn more, watch our tech summit session, IaaS: Now What?. Here, we break down containers, Kubernetes, and how these fit into the app modernization process as a whole.  

Interested in learning more about how containers and Kubernetes can help your business? Contact an Arraya expert today.  

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now.     

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.    

by

In this episode of the Arraya Insights Vodcast, our panel discusses cyber security considerations for 2022. They touch on the major breaches from 2021 and the impact they’ve had on organizations heading into the new year, as well as what could be coming in 2022. Topics include cyber insurance, micro-segmentation, zero trust, cyber resilience, configuration management, and more.

Hosted by Scott Brion, Director, Cyber Security, this episode’s panel includes Mike Piekarski, Enterprise Security Architect, and Keith Wood, Cyber Security Consultant. 

Prefer an audio format? Subscribe to our Arraya Insights Radio feed in your Apple or Android podcast catcher for an audio-only version of our vodcast. Or, you can use the player below.

https://soundcloud.com/user-166960433-952960141/arraya-insights-vodcast-2022-cyber-security-considerations?si=58321ef4fd7549e08ff58fa0f92e1db5&utm_source=clipboard&utm_medium=text&utm_campaign=social_sharing

by

Microsoft Teams has become the platform of choice throughout the pandemic based on the global need for remote collaboration. In 2021, Teams reached a staggering 250 million active monthly users. However, many businesses and organizations are only tapping the surface of what Teams can do for them.

In this blog, we’ll break down the Teams world of applications and bots, connections with other systems, and how your business can take advantage of automation.

With a little extra knowledge, businesses can eliminate redundant tasks, streamline workflows, and boost productivity overall within their organization.

Apps, Bots, & Connectors

Applications, bots, and connectors work together within Teams to make day-to-day tasks easier and users more productive overall.

  • Apps

App in Teams provide content and services to users that help with Teams integration. With over 700 apps available within the Teams store, these are web apps that run context inside Teams to make everyday work easier.

Apps contain one or more of the following parts:

  • Bots

Bots, which are also referred to as chatbots or conversational bots, are commonly used for:

  1. Embedding functionality from other services
  2. Automating low level tasks
  3. Triggering workflow from conversations

With Bots, you communicate via message for something as simple as a search request to something as complex as an AI-powered conversation. Bots can be part of a larger application or stand alone and improve productivity and collaboration by bringing intelligence to chat within your Teams channels.

Bots can reduce the need to constantly switch applications and windows by triggering workflows directly from your conversations.

  • Connectors

Connectors are proactive services out of Teams that send information and content directly into your Teams Channel where members can see this information and act on it. This turns regular messages into actionable tasks.

With connecters, you can:

  1. Launch with a Bot: Quickly trigger scheduled flows using the Flow Bot in Teams
  2. Streamline approvals: Aggregate and automate all of your Team’s approval processes
  3. Create and manage flows: Schedule alerts, notifications, and more with automation, all without leaving Teams

These facets are not mutually exclusive, and their functionality intertwines with one another to increase efficiency, productivity, and make users’ lives easier overall. 

Power Platform

While Teams is the hub for all your communication and collaboration tasks, Power Platform is the core that connects everything, including Office 365, Dynamics 365, Azure, and hundreds of apps.  

Power Platform is an app that comes native with Teams which hosts major components, including:

Each of these apps can then work with the Dataverse, or Common Data Service, allowing users to securely store and manage data that’s used by your business applications. The Dataverse is easy to manage and secure as data is held within tables with sets of rows and columns that are meant to store specific types of data. Whatever security posture you have as it relates to Azure or 365, you can present this same information into the Dataverse with the same permissions and structures.    

To learn more about each of these components, check out our blog, Microsoft’s Power Platform: How These 4 Products Are Ready to Modernize Your Business.

Power Automate

Power Automate allows users to streamline repetitive tasks and paperless processes.

This can be done in three different ways: Infusion of AI (similar to the virtual chat agents), API-automation (DPA), and UI-automation (RPA).

  • API-Automation (DPA)

Data Process Automation (DPA) allows you to automate processes that include multiple applications that offer an API. You can then leverage the API to push and pull data from one system to another, based on the defined business logic. Power Automate provides a UI to build these automation flows and all 365 applications can natively communicate via Power Automate.

Every Microsoft application has a specific functionality built in that users can leverage, without having to write code. With Power Automate, users can stitch together tasks to automate an entire process in a Microsoft application or approximately 400 outside applications.

  • UI-Automation (RPA)

Robotic Process Automation allows users to build workflows from their desktops for applications that don’t have an API. Users can customize, build, and manage UI flow scripts in a security cloud environment by using low-code experience with step-by-step record and play back experience.  

Users can seamlessly integrate UI automation with API-based automation and AI through AI builder by combining UI flows with regular flows. This allows users more flexibility in where they access their data and information.

This desktop automation can be used by anyone within your business with unlimited use cases as the platform is entirely built in with no code.

Next Steps: What Are Your Pain Points?

At Arraya, we can help you better understand your Teams framework, create repeatable components, then leverage these components into whatever business use case fits your needs. What workflows cause the most headaches for your employees? How can you automate or streamline these tasks?

Let us help you harness the power of Teams. Whether you’re new to Teams or a seasoned user, we can help you with:

  • Assessments and planning
  • Execution and structuring of data
  • Support and maintenance
  • Documentation
  • Data migration and integration

For more information on Microsoft Teams, contact an Arraya expert today to start a conversation.

Visit https://www.arrayasolutions.com//contact-us/ to connect with our team now.

Comment on this and all of our posts on: LinkedInTwitter and Facebook.    

Follow us to stay up to date on our industry insights and unique IT learning opportunities.  

by

Technology has the power to transform a business. However, many businesses aren’t taking advantage of the features that are available with the licensing they’re already paying for.  

Microsoft’s Power Platform is a collection of products that grants users the capability to enhance their productivity, innovation, and collaboration through low-code tools. This line of business intelligence application development and connectivity software provides a low code solution. This means businesses no longer need a professional developer to stitch together applications, automations, and integrations.  

For any Dynamics 365, Office 365, or Azure users, you likely already have access to Power Platform. The question is: Are you using it?  

Power Platform is made up of four components that allow organizations to modernize their business practices on their own, no matter their IT experience. In this blog, we’ll break down these four components, what they do, and how your business can start taking advantage of something you probably already have. 

Power BI 

Power BI is an analytics and dashboard tool that empowers businesses to collect, utilize, and review their data.  

With Power BI, users can: 

  • Transform data into visuals that can be shared with colleagues on any device 
  • Collaborate and share customized dashboards and interactive reports 
  • Visually explore and analyze data – on premises and in the cloud – all in one view 
  • Scale across your organization with built-in governance and security  

This is available as both Power BI Desktop and Power BI Service: 

  • Power BI Desktop:  

This is a free, downloadable application that can be installed on your computer. This complete data analysis and report creation tool is used to connect to, transform, visualize, and analyze your data.  

  • Power BI Service:  

This is a software-as-a-service which supports report editing and collaboration for teams and organizations. You can connect to data sources in the Power BI service as well, but modeling is limited. Power BI Service is used to create dashboards, create and share apps, and analyze data. 

This data visualization capability allows users to present data in customizable ways, providing businesses with insights that enable fast and informed decisions.  

For more information on leveraging your data, check out our 2021 Tech Summit Session, Power BI Dashboard Primer: How to Display Native O365 Data in Power BI. Here, we define a use case of Power BI to demonstrate how you can begin leveraging your data. Contact us to learn more and get started.  

Power Apps 

Power Apps is a low code solution to build custom applications. While this advanced functionality was previously only available to professional developers, now anyone can build professional-grade apps that modernize processes and resolve pain points. However, for those who don’t have the time to dedicate to building their own apps, Arraya’s experts can build yours from the ground up or assist you throughout the process. 

Your teams can begin building and launching apps right away using prebuilt templates, drag-and-drop simplicity, and quick deployment – then roll out improvements as needed. In addition, professional developers can access these tools to seamlessly extend app capabilities with Azure functions and custom connectors to proprietary or on-premises systems.  

The benefits of Power Apps can include: 

  • Creating applications that enable business transformation and improved business outcomes 
  • More advanced and faster decision making due to improved access to information 
  • Increased employee satisfaction as users have more control over their work due to the ability to create applications that increase efficiency  
  • Secure applications that tie into Azure Active Directory and Microsoft’s security solutions 

With Power Apps, the average cost to develop an application is 74% less and eliminates the need for vendor license costs.  

Watch our 2021 Tech Summit Session, Citizen Development: Build a PowerApp in an Hourto learn more about building and launching your own custom, low-code apps. Don’t have the time? Contact an Arraya expert and we can handle the process from start to finish for you.  

Power Automate  

Power Automate provides users with the capability to streamline repetitive tasks and paperless processes through process automation.  

In every business, process, and workflow, there are countless mundane, time-consuming tasks that are still manual. With Power Automate, they don’t have to be. This empowers everyone to build automated processes using low-code, drag-and-drop tools, and hundreds of pre-built connectors.  

Automated processes boost efficiency, and with AI Builder, users are provided the capability to create document automation, process approvals, detect images and text, and create with prebuilt models.  

Process automation can be done in two ways: 

  • Robotic Process Automation (RPA):  

Known as “Digital Workers,” RPA records and repeats a set of demonstratable actions performed by an end user. These automations span multiple applications at the desktop level that usually require manual intervention. 

If an app is older or not natively cloud-based, RPA scripts these desktop functions and then screen scrapes them to have the capability to do these tasks for you.  

  • Process orchestration:  

This is a re-engineering of existing processes by leveraging software, integrating systems, and optimizing workflows.  

The amount of time that is spent building automation is an excellent investment in comparison to the amount of time that’s wasted on these manual tasks. Whether you’re starting out with a completely manual process, or your workflow is already partially automated, you can involve Power Automate to bring your workflow to full automation.  

Watch our webinar, Simplifying HR Processes with Power Platformto see how Power Automate works in action. Here, we define a use case in which we automate HR onboarding and offboarding processes for new users. Does your business face manual tasks that should be automated? Contact us to learn more about how we can help.  

Power Virtual Agent 

Power Virtual Agent provides users with the capability to rapidly respond to customer and employee needs by building intelligent virtual agents and chat bots that use AI to provide data entry. No coding is necessary.  

With Power Virtual agent, users can take data and migrate this from one application or system to another as they’re all built on the same platform within the Microsoft stack. 

These chatbots, which can be integrated with products and services, can quickly resolve common issues and answer questions at any time. There’s no need for code or AI expertise and users can choose from hundreds of pre-built connectors. Power Automate allows users to create custom workflows and Microsoft Bot Framework creates complex scenarios.  

Using AI and data-driven insights, your business can build smarter bots with rich, personalized conversations.  

Next Steps: Enhance Your Capability, Productivity, and Innovation with These Low-Code Tools 

It’s time to adapt and resolve the challenges that your business faces every day. Power Platform provides users with the opportunity to take tech into their own hands. These low-code platforms cut out manual tasks, streamline your processes, and allow your employees to focus on the business goals that matter most.  

If you’re an Azure, Dynamics 365, or Office 365 user, are you taking advantage of these capabilities? Whether you’re looking to integrate a chat bot or build a custom app, Arraya is available to assist you. From offering guidance to handling the entire process from start to finish, our experts are here to help.  

To learn more about creating solutions that accelerate your business, contact an Arraya expert today.  

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now.  

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.   

Follow us to stay up to date on our industry insights and unique IT learning opportunities.  

by

The Cloud Management Gateway (CMG) is designed to support devices that are Configuration Manager clients and not connected or reachable within corporate networks. In addition to providing management capabilities, updates, servicing, and task sequences, the CMG can seamlessly connect to Azure cloud resources over the internet without the use of VPNs (virtual private networks).  

This allows users to manage clients that roam on the internet or are in branch offices across the WAN, without exposing your on-premises infrastructure to the internet.  

While this blog is not intended to be an exhaustive ‘how to article,’ we hope to clarify the setup for the design decision process so users can get up and running quickly and start testing the available options in a single instance lab configuration.  

Recommended Configurations  

Before you begin, we recommend that you make the following configurations:  

  1. Enable AD-Connect hybrid devices if you have not already done so 
  • This is the only CMG authentication option that enables user targeting when configuring hybrid managed devices   
  • This process automatically adds the targeted devices to Azure AD as Hybrid Azure Active Directory Domain Joined (HAADJ) when configured by GPO or Client policy  
  • This filtering should specify or exclude specific OUs (Organizational Units) at first, so the entire domain worth of devices (and servers) is not imported, as is recommended in most Hybrid enablement cases 
  1. Filter the devices allowed to manually join Azure AD to limit rogue and unintended devices from enrolling 
  1. Use Enhanced Http (which is required by current releases of Configuration Manager 2013 and greater) to use a primary site without converting it to https PKI (Public Key Infrastructure)  
  1. Define the boundaries and boundary groups for the VPN and test clients using standard practices   
  1. Assign the Distribution point and Distribution point group to use Microsoft cloud resources where possible  

5 Steps to Configuring the Cloud Management Gateway  

  1. Certificate Creation  

There are 2 certificates required, one for the server connection to Azure and the other for the client. This can be completed on an internal PKI, or you can use a more public facing root cert provider. The requirement to extend a Configuration Manager Resource to Azure AD is dependent on the root certificate(s). 

  • Create the cloud certificate(s)
  • Request the certificate on the Configuration Manager Server
    -There is a service name required when requesting the certificate from the CA (Certificate Authorities) 
    -The naming convention would need a unique service name added as the Common Name
    (CN) properties during creation (at the time of the Certificate request): 
    <service name>.<AZURE region>.cloudapp.azure.com 
    -This will be auto populated later in the setup CMG Wizard when the certificate is imported 

  1. Azure Application Setup  

Note: You will need an Azure subscription owner role to set this up.  

In the Azure Servicesmode, you can pre-create the AD application using default options and a unique hostname.  

  1. Cloud Management Gateway Setup  

Configure the CMG in console:  

  1. Import previously created Root certificate  
  1. Select VM (Virtual Machine) Scale Set sizing and capacity  

Note: The options to select a VM and instances needed can be resized later. If you are only testing, the lab option provided would be suitable.   

  1. Add the Configuration Manager Role  

This configuration is adding the Cloud Management Gateway Role to the site server. It will auto-populate a detected instance of the Azure Application. 

Once you are setup, you can check the service health to ensure that you are properly configured (up until this point) by right-clicking on the new service created. 

  1. Client Configuration  

The client will get the latest information for the CMG URL when the management point info updates on the client side and the root certificate is auto enrolled on the workstation during the next log on or reboot cycle.  

Note: Reboot the test system when connected on-prem or through VPN (virtual private network) to expedite a full policy update.  

Next Steps: Client Deployment   

In this scenario, we took steps to complete AD-Connect Hybrid device enrollment and the client that was pre-existing was not modified. The client can be installed as usual to support the new configurations. 

Once CMG is deployed and configured, clients can seamlessly access on-premises site roles whether they’re on the intranet or internet.  

To learn more about MECM-CMG, check out our recent blog: 

Microsoft’s Cloud Management Gateway (CMG): 8 of Our Most Frequently Asked Questions 

Contact an Arraya expert today to get started or should you have any questions. 

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now. 

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.     

   

by

In the last week or so, there has been constant talk of the recently discovered Log4j vulnerability. This bug in computer code, which affected nearly every major software company, is considered one of the worst vulnerabilities discovered in recent history. CISA director, Jen Easterly, warned that this is the most serious security flaw she’s seen in her career.  

CISA outlined that Log4j is “broadly used in a variety of consumer and enterprise services, websites, and applications – as well as operational technology products – to log security and performance information. An unauthenticated remote actor could exploit this vulnerability to take control of an affected system.” 

Cyber criminals are actively taking advantage of this flaw, with the Wall Street Journal reporting that there are 10 million attempts to exploit Log4j per hour. Retail, technology, finance, and manufacturing have been frequent targets.  

Federal Trade Commission’s Warning to All Businesses 

Following the exposure of this vulnerability, the FTC issued a warning to all businesses and organizations that they could face legal repercussions if this security vulnerability is not addressed. 

The FTC outlined that those businesses that use Log4j have a duty to take reasonable steps to mitigate this known software vulnerability to reduce the likelihood of harm to consumers. As such, the FTC recommends all companies take appropriate action to mitigate this flaw and protect consumer data, immediately.   

Using Equifax’s 2017 data breach and subsequent $700 million settlement as an example, the FTC made it clear that they would use their full authority to pursue legal action against companies who have not addressed the vulnerability.  

CISA provided a guide to help companies determine whether their products with Log4j are among those that are vulnerable. 

Next Steps: Identify Your Log4j Vulnerability and Take Action to Protect Your Business & Consumers 

Every company needs to act on the Log4j vulnerability now to avoid potential fines and penalties, and ensure they are not vulnerable to the Log4j exploit. At Arraya, we can help your company discover the vulnerability through our security and penetration testing solutions and remediate the issue, once detected.    

Waiting on this issue means exposing your company and consumers, and facing significant consequences from the FTC. Start a conversation with an Arraya expert and act today! 

For more information on the Log4j vulnerability, listen to the latest episode of the Arraya Insights Vodcast: Cyber Security Analysis – Lessons Learned from the Log4j Vulnerability and 2022 Predictions.  

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now. 

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.

by

While some employees are slowly returning to the office, a generous portion of the workforce is still logging in remotely. In some capacity, remote work is here to stay indefinitely.  

As more companies become acquainted with a hybrid workforce, they’re often met with challenges related to managing their remote clients, enabling endpoint protection, distributing software, and more. With Microsoft’s Cloud Management Gateway, users can safely manage remote clients without exposing their on-premises infrastructure to the internet.  

So, what is Cloud Management Gateway?  

Cloud Management Gateway, or CMG for short, is a cloud extension of Microsoft Endpoint Configuration Manager that enables remote systems’ management without VPN (Virtual Private Networks) and without an extensive certificate requirement.  

Cloud Management Gateway FAQ’s:  

If you’re considering CMG for your business or organization, we’ve broken down the most frequently asked questions we receive so you know what to expect:  

  1. Do I need certificates? 

Yes, a trusted third-party certificate or public key infrastructure (PKI) certificates are required to create a secure communication between your on-premises Configuration Manager and the CMG resources that are primarily hosted in Azure. As far as the client certificates, plan to enable certificate enrollment for the workstations when domain joined. 

Please note that the use of certificates is less than a traditional SCCM Internet Based Computer Management (IBCM) configuration when using modern authentication and enhanced http in MECM (Microsoft Endpoint Configuration Manager). This configuration does not require that the management point be converted to operate only with https. 

  1. Where would a CMG get installed? 

The CMG is configured as a site system role, using the Configuration Manager console and with the use of an active Azure tenant. The resources used by the CMG are provisioned in the Azure cloud. 

  1. Are there fees associated with running the CMG? 

Yes, there are compute fees for the virtual machine scale sets and egress fees for non-Microsoft provided content. 

  1. Do I need an Azure Cloud subscription? 

Yes, there are Azure resources used for various purposes. In addition to authentication tokens provided by Azure AD (Active Directory), Intune integration with Microsoft Endpoint Configuration Manager (co-management) is highly recommended but not required.  

  1. Which version of Configuration Manager is required?  

2107 (July 2021 release) or later, is required to support the current features and deployment practices for the CMG. 

  1. What is enhanced http or e-http?  

E-http allows you to secure sensitive client communication without the need for PKI server authentication certificates. Clients can securely access content from distribution points without the need for a network access account, client PKI certificate, or Windows authentication.  

  1. Do I still need a split-tunnel VPN configuration for my Microsoft content?  

Yes. To keep the costs down when utilizing Azure stored content and make this fully independent of on-premises content, this configuration is recommended to allow Microsoft edge content locations to download the content when connected to VPN. Microsoft related content provided in this configuration is not billed as egress when servicing internet-based clients. 

  1. How does this change my non-Microsoft content delivery?  

When completely disconnected, the client will negotiate the state and switch to internet managed. Internet managed devices are configured to get Microsoft updates through Microsoft resources. As far as non-Microsoft content is concerned, the client will be able to only get content that is distributed to the CMG Servers in Azure, also known as a Virtual Machine Scale Set.  

Next Steps: Enhance Your Remote Environment 

CMG provides users with a straightforward way to manage Configuration Manager clients remotely so clients can seamlessly access on-premises site roles whether on the intranet or internet. As the workforce continues to rapidly change, it’s important that your business takes advantage of the latest means to support your employees.  

For more information on Cloud Management Gateway, contact an Arraya expert today to start a conversation.  

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now. 

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.    

by

Are your traditional on-premises SQL Server databases holding your business back? For users looking to accelerate their digital transformation, migrating from a traditional on-premises SQL Server database to an Azure SQL Database offers several benefits. These include reduced costs, increased innovation capabilities, tighter security measures, and compliance with regulations.   

Migrating to Azure is the logical next step for many businesses who may need to increase capacity, rethink their disaster recovery method, or reduce unnecessary costs.  

For those looking to further their digital transformation, there are three options available for a SQL migration. Below, we’ll breakdown what each option offers, who is best suited to each option, and what users can expect in costs and licensing. 

Azure SQL Database 

  • Microsoft: Manages the infrastructure, operating system, and the SQL instance  
  • You: Manage the database 

Azure SQL Database is an intelligent, scalable, relational database service built for the cloud. This fully managed database automates updates, provisioning, and backups. In addition, it offers flexible and serverless compute with hyperscale storage to adapt to any changing needs.  

SQL Database has two deployment options: 

  1. Single Database (DBaaS): This is an isolated database with its own set of resources managed by a logical SQL server.  
  1. Elastic Pools (DBaaS): This is a collection of databases with a shared set of resources managed via a logical SQL server. Individual databases can be moved in and out of an elastic pool providing a cost-effective solution for managing the performance of multiple databases that have variable usage patterns. 

These options are best for modern cloud applications that want to use the latest stable SQL Server features but face time constraints in development and marketing. They offer a fully managed SQL Server database engine, which is based on the latest stable Enterprise Edition of SQL Server. These are built on standardized hardware and software that is owned, hosted, and maintained by Microsoft. 

Cost & Licensing 

Azure SQL Database is sold as a service and available with several options and in several service tiers with different prices for resources. All resources are billed hourly at a fixed rate based on the service tier and compute size.  

Managed Instances (PaaS) 

  • Microsoft: Manages the infrastructure and operating system 
  • You: Manage the SQL instances  

This fully managed SQL Server is a collection of Microsoft managed system and user databases with a shared set of resources. Azure SQL Managed Instances supports database migration from on-premises with minimal to no database change. With no code changes, you’ll have almost 100% compatibility.  

This intelligent, scalable cloud database service combines the broadest SQL Server database engine compatibility with all the benefits of a fully managed platform as a service.  

Azure SQL Managed Instances is best for new applications or existing on-premises applications that want to use the latest stable SQL Server features and that are migrated to the cloud with minimal changes.  

This option provides all the PaaS benefits of Azure SQL Database but adds capabilities that were previously only available in SQL Server VMs. This includes a native virtual network and near 100% compatibility with on-premises SQL Server. Instances of SQL Managed Instance provide full SQL Server access and feature compatibility for migrating SQL Servers to Azure.  

Cost & Licensing 

Managed Instances is sold as a service and available with several options and in several service tiers with different prices for resources. All resources are billed hourly at a fixed rate based on the service tier and compute size you choose. You can also bring your own license.  

Virtual SQL Server (IaaS) 

  • Microsoft: Manages the infrastructure 
  • You: Manage the operating system and the SQL instances 

Virtual SQL Server provides the performance and security of SQL Server with the flexibility and hybrid connectivity of Azure. This allows for an instance of SQL Server inside a fully managed virtual machine (VM).  

A SQL Server that is installed and hosted in the cloud runs on Windows Server or Linux virtual. SQL virtual machines are a good option for migrating on-premises SQL Server databases and applications without any database change. All recent versions and editions of SQL Server are available for installation in an IaaS virtual machine.  

What differentiates SQL Database and SQL Managed Instance is that SQL Server on Azure Virtual Machines allows full control over the database engine. Azure virtual machines also provide automated updates and backups and Azure storage providers higher availability and performance.  

Cost & Licensing:  

For Virtual SQL Server, you can either pay-as-you-go for a SQL Server license already included in a SQL Server image or easily use an existing license. All the supported SQL server versions (2008R2, 2012, 2014, 2016, 2017, 2019) and editions (developer, express, web, standard, enterprise) are available. You can also stop or resume the VM, as needed.  

Next Steps: Begin Planning Your SQL Server Migration to Azure 

Is your business considering a migration to Azure? Arraya Solutions can help.  

Our application experts can help you formulate a plan that will positively impact both your top and bottom lines.  

Start modernizing your applications today by migrating to Azure so you can take advantage of reduced costs, better security, and unlimited innovation. Contact one of our Arraya experts to get started.  

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now. 

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities. 

by

In this episode of the Arraya Insights Vodcast, our panel discusses the impact and early lessons from the Log4j vulnerability. They dive into risk management and responsibility, cloud security, tactics to defend against attacks, and more – then wrap up with cyber security predictions for 2022. Hosted by Scott Brion, Director, Cyber Security, this episode’s panel includes Mike Piekarski (Enterprise Security Architect) and Keith Wood (Cyber Security Consultant).

Prefer an audio format? Subscribe to our Arraya Insights Radio feed in your Apple or Android podcast catcher for an audio-only version of our vodcast. Or, you can use the player below.

https://soundcloud.com/user-166960433-952960141/arraya-insights-vodcast-cyber-security-analysis-log4j-vulnerability-and-2022-security-predictions

by

Today, a company is only as good as its people and its technology. Technology is meant to work for you. 

The right environment, whether on-premises, in the cloud, or a hybrid of both, should support your business, enhance your processes, and help you achieve your goals.  

When researching what type of environment is right for your business, it’s important to first ask yourself the following questions: 

  • What are you trying to focus on and accomplish? 
  • What problems are you trying to resolve? 
  • How can your applications, workload, and data best support your business? 

The right environment will depend entirely on which service provides the best fit, features, OEM alignment, and price to meet each business’ requirements.  

Understanding Your Options: Why Hybrid Cloud is Often the Best Fit 

Here are the computing environment options that businesses can consider today:  

  • Data center/on-premises storage (Private Cloud): This type of storage means your company’s server is hosted within your organization’s infrastructure and usually physically onsite.  
  • Cloud computing (Public Cloud): This is the delivery of computing services (including servers, storage, databases, networking, software, analytics, and intelligence) entirely via the Internet.  
  • Hybrid cloud: This is a type of cloud computing that combines on-premises infrastructure (or a private cloud) with a public cloud and allows data and apps to move between the two environments.  

With so much recent information surrounding the cloud, there are still a few common misconceptions we see. Many people still think of the cloud as a destination, but in reality, it’s an operating model.  

The cloud is not new, although it has progressed significantly in recent years, in part due to the
pandemic. Despite some suggesting that a cloud-first position is best, transitioning fully to the cloud is not always the answer or even an option for some businesses. Data centers are still very much relevant for certain needs and still a requirement for some. This has led the majority of our customers to adopt a hybrid cloud environment to best support their processes.  

Cloud Migration Challenges: What New Users Can Expect  

Technology is synonymous with change and the cloud is always doing just that: updating and changing. While transitioning to the cloud offers several benefits, including flexibility, scalability, and in some scenarios, increased security, there is a learning curve for new users. This is usually the most significant challenge for new adopters of the cloud.  

Pricing may also make cloud-potentials hesitate. Once customers understand the features and benefits they will experience in the cloud, pricing often makes much more sense. Others may have a hard time understanding where they are gaining efficiency and why this is a better option. 

Even if you have both the cloud and an on-prem environment, users will be able to manage everything from one, single location. A hybrid solution offers the same governance, structure, security measures, and policies across the board.  

Next Steps: Which Environment is Right for You? 

Where you choose to host your applications and data can have a significant impact on your business’ success and your customers’ experience and there is frequently more than one right option. Everyone is in a different phase of their hybrid cloud journey, and Arraya can help offer the blueprint of what steps make the most sense for you next.  

Contact an Arraya expert today to learn more about what environment best suits your needs. Or, to learn more about hybrid cloud computing, check out the latest from Arraya Insights Radio: 

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now.     

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.