We are big fans of Microsoft Azure, and because we spend a lot of our time managing Azure environments for our customers, we have noticed there are a few common mistakes organisations are making when managing their Azure Cloud. We’re unpacking them here for you.
2. No Azure Dashboard
There are out-of-the-box dashboards that you can use when using Application Insights. These dashboards give you information about the health of your Sitecore environment by creating dashboards with key metrics that users can view every time they log into Azure. By presenting this information to your team regularly, you're providing deeper intelligence and pseudo training to those users to help them understand what's going on under the hood.
Good examples of the type of information they’re seeing might be number of App services and resources in the environment, reporting statistics, number of client-side errors, number of service-side errors, number of time-outs, maybe a total CPU and memory usage for app services, or average SQL DTU usages. You could take one of the out-of-the-box dashboards and customize it, or you can build one from scratch.
3. No Alert Groups
Alert groups allow you to create a group of people using mobiles or simply email addresses, and push notifications to specific groups for core and important activities. Once you set up all your monitoring rules inside Azure, you can map those to an alert group.
The benefit of using alert groups is you don't have to specify individual notification people on each individual alert and typically in a good Sitecore environment, you have between one hundred and two hundred individual alerts for the solution. Those alerts include things like 80% CPU usage or above, or application downtime.
4. WAF not used in Protection Mode
Web Application Firewalls often get used, but they don't get used in protection mode. Protection mode is where you are actually stopping and actively preventing attacks on your solution as opposed to listening mode where you're allowing those attacks to happen, but you are recording the information through the Web Application Firewall.
If you're going to the trouble and expense of configuring a Web Application Firewall, do it properly and have the confidence to turn protection mode on.
5. Active Directory or Role-Based Access Control is not applied
One of the core things about Azure is the shared identity model from Azure Active Directory. RBAC, or Role-Based Access Control is something that you can use to apply security to all the different resources inside your Azure subscription. By spending the time to create the appropriate RBAC controls across your Sitecore solution, you apply the extra layer of security to prevent things like developers being able to log in and access raw data in the SQL servers, and the ability to manipulate app services live in real time.
6. Allowing all users to make changes in the Azure UI
Last, we believe that you should be making all your changes through Azure infrastructure as code such as Resource Manager templates and PowerShell. Inevitably, you will need to go into the Azure portal for certain things. You should focus on making sure RBAC control always applies a least-permissions model to your entire environment, and make sure that you are keeping control of the number of owners, contributors, developers, and application service principles that you have in your environment.
If you found this helpful, but you’re still struggling with your Azure environment or need assistance managing your MarTech solution on the Azure Cloud make sure you book your 90-minute meeting below and we can get working on a solution for you.