Blogs

Startups are an enjoyable but demanding professional experience. A host of entrepreneurially dedicated professionals pursue their passion and dive into the world of launching their own company with meteoric growth from businesses. E.g., Facebook, Uber, and Airbnb.

It is noted that in the fast-paced world of startups, there are a lot of challenges that are not faced in the regular office environment. From infrastructure to marketing, all processes of a startup must be built from scratch which becomes difficult for a new company, mainly due to a lack of investments. While the employee count can be subsequently low at the beginning with individuals being from multiple cities or even countries, the major issue arises when a proper structure is required to manage the work of each member.

With Cloud Computing above risks can be reduced.

First, let us understand what is cloud computing?

Cloud Computing is a network of computing services like servers, storage, databases, networking, software, analytics, and intelligence. You only pay for the cloud services you use which helps in reducing operational costs & runs your infra more efficiently. It follows a Pay as you go (PAYG) cost model for cloud services, which is much more beneficial than the traditional IT cost model that has a lot more upfront capital expenditures for both hardware and software requirements.

Read More:- Storage on Cloud

Read on as we discuss the reasons why adopting cloud computing systems can benefit your startup business.

Many people tend to think that life in the world of startups is very fascinating & exciting, still, it cannot be denied that it has its own set of risks and demerits. In a report presented by the Small Business Administration (SBA) Office of Advocacy’s (2018) Frequently Asked Questions (FAQ), it was stated that the number of Small and medium-sized enterprises (SMEs) that are able to sustain through the five-year mark, range from only 45.4% to 51%.

 All bodies of startups have many risks: founders, investors, customers, and partners. But by following a proper approach such risks can be avoided.

As discussed, startups face the following few problems:-

1. Employee location. (different cities/countries/regions)
2. Lack of funds.
3. Stability.

Here are the major benefits of adopting cloud computing for your startup:-

1. Data Protection: Cloud Solution Providers put forward a group of technologies & services which help in data protection. Daily backups and snapshots on secure servers will secure your data.
2. Speed & Low Cost: Cloud Computing enhances the flexibility of your business. With just a few taps, it offers you a creative IT infrastructure at low costs. It is easy, quick, and requires minimal investment. You only pay when you use the server.
3. Effective Collaboration: With Virtualization now being the ‘new normal’, all the employees can work more profusely without the need for large spaces. Also, decreased infrastructure costs, power usage, maintenance, upgrades, hardware, installation services, and support expenses – all of which are immeasurably valuable savings for a startup. Cloud Computing allows all the employees of a firm to access various documents, files & other data from anywhere, anytime via Internet-enabled devices.
4. Scalability: A Cloud storage platform allows the organization to scale resources up or down in a flexible and cost-effective manner. Contrary to the conventional approach, where human intervention is necessary and costly, sophisticated software and hardware can be inserted or removed according to your convenience. The virtual existence of the cloud increases the usability and availability of service additions. The cloud’s versatility, usability, flexibility, and competitiveness to entrepreneurs are thus critical to the long term success rate of today’s marketplace.

The mobility, accessibility, affordability, and productivity that the Cloud provides is extremely beneficial for startups.

If you have any more ideas on how cloud computing can help startups, do share in the comment section. To read more blogs by Mismo Systems, click here.

Being part of Mismo Systems, I am fortunate enough to get to work on a diverse set of projects. Few technologies that we see deployed often are Microsoft 365 and EC2, S3 on AWS. Microsoft 365 is growing in stature in the Enterprise space when it comes to Identity and Single Sign-On. Microsoft has worked hard to make it ridiculously simple to integrate with SaaS, Public Clouds, or any other application. Microsoft 365 comes pre-packaged with a free version of Azure AD in the backend, which means you do not have to worry about setting up any major infrastructure if you want to dabble your feet into the world of enterprise SSO. Recently while working on a project I was tasked with setting up SSO between Azure AD and AWS and I thought why not share the knowledge I gathered while working on this with you by writing this blog. Now, before we go ahead and set up the Azure AD SSO for AWS, let’s first take a quick dip into the world of SSO.

Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single identity to any of several related, yet independent, software systems. It is a property of identity and access management (IAM) that enables users to securely authenticate with multiple applications and websites by logging in only once—with just one set of credentials (username and password). With SSO, the application or website that the user is trying to access relies on a trusted third party to verify that users are who they say they are.

Single sign-on provides a giant leap forward in how users sign in and use applications. Single sign-on based authentication systems are often called “modern authentication”. Modern authentication and single sign-on fall into a category of computing called Identity and Access Management (IAM). Web applications are incredibly popular. Web apps are hosted by various companies and made available as a service. Some popular examples of web apps include Microsoft 365, GitHub, and Salesforce, and there are thousands of others. People access web apps using a web browser on their computer. Single sign-on makes it possible for people to navigate between the various web apps without having to sign in multiple times.

Traditionally, companies used on-prem federation services to enable users/applications to connect without worrying about safety threats to overcome this challenge. In order to set up this mechanism companies require ADFS (Active Directory Federation Services. ADFS provided a means for managing online identities and providing single sign-on capabilities.

List of requirements to set up ADFS federation in the traditional environment are listed below:

• ADFS server with High availability solution (Active & Passive)
• WAP or ADFS Proxy server for external expose
• Public CA – Certificate
• Domain controller server

Some of the challenges with traditional federation setup are:

• High availability & Server Maintenance – Administration
• Billing cost for hardware, license and certificate management

A solution for the above scenario is to use Azure AD with Enterprise application SSO supported application with centralized user management setup. When you integrate Amazon Web Services (AWS) with Azure AD, you can:

• Control in Azure AD who has access to Amazon Web Services (AWS)
• Enable your users to be automatically signed-in to Amazon Web Services (AWS) with their Azure AD accounts
• Manage your accounts in one central location – the Azure portal

Choosing a single sign-on method

There are several ways to configure an application for single sign-on. Choosing a single sign-on method depends on how the application is configured for authentication.

• Cloud applications can use OpenID Connect, OAuth, SAML, password-based, linked, or disabled methods for single sign-on
• On-premises applications can use password-based, Integrated Windows Authentication, header-based, linked, or disabled methods for single sign-on. The on-premises choices work when applications are configured for Application Proxy

This flowchart helps you decide which single sign-on method is best for your situation:

Since we are going to implement SSO between Azure AD and AWS, I will only talk about the former, i.e. Cloud application. For this blog, we look at how to set up SSO using SAML.

SAML

SAML stands for Security Assertion Markup Language. It is an XML-based open-standard for transferring identity data between two parties: an identity provider (IdP) and a service provider (SP).

• Identity Provider — Performs authentication and passes the user’s identity and authorization level to the service provider
• Service Provider — Trusts the identity provider and authorizes the given user to access the requested resource

In our scenario, the identity provider would be Azure AD, (which itself uses Auth0 to authenticate users). The service provider would be AWS. The employee signs into the “My Apps” dashboard with Auth0. They click on the AWS icon, and AWS recognizes that the user wants to log in via SAML. AWS sends the employee back to Auth0 with a SAML Request that asks Auth0 to authenticate the user. Since the employee has already authenticated with Auth0, Auth0 verifies the session and sends the user back to AWS with a SAML Response. AWS checks this response, and if it looks good, the employee is granted access!

Benefits of SAML Authentication

• Improved User Experience — Users only need to sign in one time to access multiple service providers. This allows for a faster authentication process and less expectation of the user to remember multiple login credentials for every application. In the example above, that user could have clicked on any of the other icons in their dashboard and been promptly logged in without ever having to enter more credentials!
• Increased Security — SAML provides a single point of authentication, which happens at a secure identity provider. Then, SAML transfers the identity information to the service providers. This form of authentication ensures that credentials are only sent to the IdP directly
• Loose Coupling of Directories — SAML doesn’t require user information to be maintained and synchronized between directories
• Reduced Costs for Service Providers — With SAML, you don’t have to maintain account information across multiple services. The identity provider bears this burden

Azure & AWS – Why use both?

There are two main reasons why an organization would want to use multiple clouds: To leverage the strengths of each cloud and to improve availability. Large organizations are selecting different services or features from different providers as part of an overall multi-cloud strategy. This allows them to optimize resources and budgets, as some environments are better suited than others for particular tasks.

In my specific scenario, the company was already using AWS. Once it was decided that they would migrate their workplace services from G Suite to Microsoft 365, we had to go ahead and implement a way for the two technologies to be connected to each other to provide users with a seamless experience. But there are other examples as well where companies willingly go ahead and use both Azure and AWS to manage their cloud infrastructure.

There are specific reasons why an organization would want to use both AWS and Azure together. A few general-use cases for multi-cloud environments include:

• Site replication and disaster recovery
• On-ramping and off-ramping data
• Load balancing across different clouds
• Cloud switching to take advantage of cost structures
• Keeping development and production environments separate

Such scenarios warrant the use SSO as users only need to remember the credentials for one environment rather than having to remember a slew of different passwords.

Now that we have covered some basics of the SSO & SAML, lets go ahead and start setting up SSO between Azure AD and AWS. Before we start, there are a few pre-requisites that we need to know of which are as follows:

• An Azure AD subscription
• An AWS single sign-on (SSO) enabled subscription

Adding Amazon Web Services (AWS) from the gallery

To configure the integration of Amazon Web Services (AWS) into Azure AD, we need to add Amazon Web Services (AWS) from the gallery to our list of managed SaaS apps. The steps are as follows:

• Sign in to the Azure portal using a work or school account
• In the Azure portal, search for and select Azure Active Directory
• Within the Azure Active Directory overview menu, choose Enterprise Applications > All applications
• Select New application to add an application

In the Add from the gallery section, type Amazon Web Services (AWS) in the search box

• Select Amazon Web Services (AWS) from results panel and then add the app. We wait a few seconds while the app is added to our tenant

Once the app is added successfully, it opens a new app blade where we can start configuring SSO.

Configure Azure AD SSO

• In the Amazon Web Services (AWS) application integration page, select single sign-on in Manage section and click on SAML

• In Save Single Sign On Setting prompt click on “No, I’ll save it later”

• On the Set up single sign-on with SAML page, in the SAML Signing Certificate (Step 3) dialog box, click on Download to save a copy of the federation metadata XML as shown:

Now we move to the AWS console to upload this federation metadata XML and add Azure AD as an identity provider.

Configure Amazon Web Services (AWS) SSO

• In a different browser window, we sign-on to our AWS company site as an administrator
• In the AWS Management Console, type IAM in the find services field, and click IAM

• Select Identity Providers > Create Provider

• On the Configure Provider page, perform the following steps:
• In Provider Type chose SAML
• In Provider Name, type AzureAD (The name can be anything, I have added Azure AD to simplify things. You can add whatever name you like)
• In the Metadata Document, choose the federation metadata XML file you downloaded in the step above and click on Next Steps

• Click Create to finish the process

• Now select Roles > Create role

• On the Create role page, perform the following steps:
• Under Select type of trusted entity, select SAML 2.0 federation
• Under Choose a SAML 2.0 Provider, select the SAML provider you created previously (AzureAD or whatever name you choose in the step above)
• Select Allow programmatic and AWS Management Console access
• Select Next: Permissions

• On the Attach permissions policies dialog box, attach the appropriate policy, per your requirements. I chose the AdministratorAccess role

• On the Review dialog box, perform the following steps:
• In Role name, enter your role name
• In Role description, enter the description
• Select Create role
• Create as many roles as needed, and map them to the identity provider

• Now, we need to create a user on AWS with the ReadRoles permissions and add it to Azure Azure AD so that we can grant our Azure AD users the roles we created in the step above. To do that, we forst need to create a ReadRoles policy in AWS IAM. In the IAM section, select Policies and click Create Policies

• In the Visual Editor on Create Policy page, do the following:
• In Services, choose IAM
• In Actions, choose ListRoles
• Click Review Policy

• Click Create Policy

• Now we create a new user account in the AWS IAM service. In the AWS IAM console, select Users and click on Add User

• In the Add user section:
• Enter the user name as AzureADRoleManager
• For the access type, select Programmatic access. This way, the user can invoke the APIs and fetch the roles from the AWS account
• Select Next Permissions

• On the Set Permissions page, select the policy we created above

• On the Review page, click Create User and download the user credentials of a user

Configure AWS Role Provisioning in Azure AD

• In the Azure AD management portal, in the AWS app, go to Provisioning and click on Get Started
• In the Provisioning Mode, select Automatic and enter the access key and secret in the clientsecret and Secret Token fields, respectively and click on Test Connection

• Once the test is successful, click on Save and reload the page. Once the page has reloaded, select Edit Provisioning

• Turn on provisioning by toggling the Provisioning Status Button to On

The provisioning service imports roles only from AWS to Azure AD. The service does not provision users and groups from Azure AD to AWS. After we save the provisioning credentials, we must wait for the initial sync cycle to run. Sync usually takes around 40 minutes to finish.

Assign the Azure AD test user

• Within the Azure Active Directory overview menu, choose Enterprise Applications > All applications
• In the application list, select Amazon Web Services (AWS)
• In the app’s overview page, find the Manage section and select Users and groups and, select Add user, then select Users and groups in the Add Assignment dialog
• In the Users and groups dialog, select the required user the Users list, then click the Select button at the bottom of the screen

• Click on Assign
• To assign a specific AWS role to the user, select the user and click on Edit

• Click on Select A Role and select the appropriate role for the user. Click Assign once done

End User Experience

Once you have added the user to the App and assigned appropriate permission, the user can start accessing the AWS console without needing to perform any additional authentication. The user can log in to https://myapps.microsoft.com using their Azure AD/Microsoft 365 credentials and they will see the Amazon Web Services (AWS) app in their my apps portal.

They will be taken to the AWS console directly just by clicking on it and will granted to access to those services only for which they were assigned the roles.

Conclusion

As a next step, it is best practice to set up several SAML Roles inside of AWS. The SAML roles can and should be granularly defined down to the AWS account and resource level.

Here are some example roles to get started with:

• ReadOnlyAccess Role
• AmazonEC2FullAccess Role
• AdministratorAccess Role

On the Azure AD side, we recommend creating groups for each of the above Roles. The assign users to the group, and they are then automatically assigned to the AWS role. Using groups makes a bit easier to manage large amounts of users.

Find out more about Mismo Systems

We love Cloud, Containers, DevOps, and Workplace as a service. If you are interested in chatting, connect with us on Twitter, or drop us an email: connect@mismosystems.com. We hope you found this article helpful. If there is anything you would like to contribute or you have questions, please let us know!

1. Azure Compute

Azure compute is an on-demand computing service for running cloud-based applications. Azure compute service can be divided broadly into three categories.

• Infrastructure as a service

Virtual Machine: It is an IaaS service that allows us to deploy and manage VMs inside a virtual network (VNet). The most fundamental building block is the Azure virtual machine. We don’t need to buy any physical hardware and bear its maintenance cost. Using Azure virtual machine, we are able to deploy different services such as Windows, Linux within the Azure cloud. All this gets done within a few minutes. When we implement a virtual machine, every virtual machine will have an associated OS disk and data disk (if we want).

• Platform as a service

App Service: It is a managed PaaS offering from Microsoft Azure for hosting web apps, mobile app back ends, etc. With this, we can simply upload our code and it deploys the application for us.

• Serverless services

Infrastructure provisioning and management are invisible to the developer, hence the name serverless.

Azure Functions: With azure functions, we can run small pieces of code (“functions”) without worrying about the application infrastructure.

Azure logic apps: Azure logic apps are similar to azure functions, just that we don’t have to write code. With this, we can schedule, automate and orchestrate tasks, etc.

2. Azure Site Recovery

Azure Site Recovery is Azure’s built-in disaster recovery as a service (DRaaS).

What it does is when primary infrastructure goes down then it directs to the secondary infrastructure until it comes back again. It helps in business continuity.

As an organization, you need to adopt a business continuity and disaster recovery (BCDR) strategy that keeps your data safe when planned and unplanned outages occur.

Simple to deploy and manage:

We can set up Azure Site Recovery simply by replicating an Azure VM to a different Azure region directly from the Azure portal. Azure Site Recovery is automatically updated with new Azure features as they’re released.

Reduce infrastructure costs:

It reduces the cost of deploying, monitoring, patching, and maintaining on-premises disaster recovery infrastructure by eliminating the need for building or maintaining a costly secondary datacenter.

Testing without disruption:

 You can easily run disaster recovery drills, without affecting ongoing replication.

RTO and RPO targets:

The recovery time objectives (RTO) and recovery point objectives (RPO) are within organizational limits. Site Recovery provides continuous replication for Azure VMs and VMware VMs, and replication frequency as low as 30 seconds for Hyper-V.

3. Azure Content Delivery Network (CDN)

Azure CDN delivers high bandwidth content to users by caching their content at strategically placed nodes across the world. It lowers the latency to a great extent and reduces the file download time.

CDN stores the cached content on edge servers in POP (Point of Presence) locations that are close to end-users.

4. Azure Cost Management

 While the cloud made it easy to deploy and manage thousands of resources, it’s also important to manage the cost. Microsoft Azure Cost Management delivers cloud business management solutions to multi-cloud enterprises so that they can grow the cloud with confidence. It helps organizations effectively manage and optimize cloud spend across Azure and other clouds.

Azure Cost Management is a SaaS offering that helps organizations to monitor, allocate, and optimize cloud spend in a multi-cloud environment (Azure, AWS and Google Cloud Platform, etc.).

• Service on by default
• Set budgets, track, and get alerts.
• Maximize cloud potential.
• Free to manage azure costs.
• Integrated with the azure advisor.
• Optimize cloud spending.

Have questions? Let us know in the comments section below!

We see all businesses small or big, consuming cloud technology in one or another way. The pandemic has increased the adoption substantially and before that security was one of the drivers of moving to the cloud.

While we help businesses to realize the benefits of cloud technologies, we are concerned about their misunderstanding (especially small & medium) that moving to the cloud will take away their responsibility and everything is managed by cloud provider including security.

It is super important to have a clear understanding of everyone’s responsibility. Some examples below:

• In case of SaaS services (e.g., Microsoft 365), you need to ensure that you are following the best practices to keep your account secure. Some of these are:
• Implementing Multi Factor Authentication (MFA).
• Disabling the services & accounts that are not required including legacy authentication.
• Have right process & procedures (onboarding & offboarding).
• Use Single Sign On/Single Identity to reduce the attack surface.
• Use premium security offerings like Advanced Threat Protection (ATP), Azure AD Premium, Intune etc.
• In case of Cloud platforms (IaaS & Pass):
• Make sure that you have opened only the required network traffic.
• Patching your servers regularly.
• Using offerings like Web Application Firewalls, DDoS protection etc. to protect your workloads.
• Protect database servers by isolating then in a different network.

Here is a diagram from Microsoft to help you understand the shared responsibility.

Another very important factor is to have regular monitoring & audit of the environment. This preventive approach helps you avoid security breaches and downtime. You can use the services of a Cloud Solutions Provider to do this for you.

It is the responsibility of cloud solution providers to share this information and making sure that customer is aware of this. To tackle this, we at Mismo Systems has decided that all of the customers will be managed. This will make it a little difficult for us to compete in the market due to the increased cost of adding managed services by default. However, we think it’s the only way and is in the best interest of our customers.

You can read about Mismo’s Managed Services here.

Let’s understand our responsibility and have safe cloud computing!

In this blog, we are going to discuss a feature provided by Microsoft teams known as Breakout rooms. Also, we will focus on how we can create and manage it with a proper set of procedures. To be able for this feature to work seamlessly you must be the meeting organizer and use the Teams, desktop client, to access the breakout rooms option and to manage breakout rooms and participants.

If you want to use breakout rooms, you will either need to start a Meet Now meeting in a channel or calendar or schedule a private meeting with selected participants or a channel. Calls from chat interfaces do not support this feature as they are not considered meetings.

Context

• Breakout Room Purpose and Need.
• Using a Breakout Room

Breakout Room Purpose and Need:

Basically, a breakout room is a feature in Team meetings where a private room can be added inside the main meeting which the users can join and communicate. It allows a group of users to communicate with each other while the main meeting is ongoing.

This helps the group of users to save time and energy in creating another meeting and adding designated users in it and further joining back the main meeting back. The meeting organizer can create up to 50 breakout rooms and choose to assign participants automatically or manually into rooms.

An example that will simplify the concept of having this feature – let us say there is an organization that is inviting its different employee teams/groups for a meeting. In the meeting, they will discuss project ideas from different teams/groups.

Now traditionally if we implement this scenario, the solution to this will be first to create the main meeting room where all the tasks for each team must be discussed. Then these teams will start their own respective meeting to discuss project ideas. So, if there are 25 teams then 25 new meetings will be started which can result in mismanagement and more overload.

Now using breakout rooms in teams this can be done in few minutes and with barely any overload as well it is easily manageable. Admin can create 25 breakout rooms which will be there in the main meeting itself and the admin can monitor activities in the rooms easily including other features too.

 How to create and manage breakout rooms:

Let us start with the prerequisites, and it is quite simple. You need a private team in Microsoft Teams. Breakout rooms cannot be set up before a meeting and must be created after the meeting has started. 

Note: It is recommended NOT to invite participants until all the preparations are done. It can cause lots of calendar pop-ups for invitations in the meeting which would be a bit annoying for the participants.

 The breakout room icon is located on the meeting menu between the reactions control and the ellipsis that reveals additional actions.

1. Join your meeting from the Teams desktop client.
2. Once the meeting has started, select the breakout room icon.
3. In the pop-up settings window, select the number of breakout rooms you want to create and how participants will be assigned:
   • Automatically – participants who have already joined the meeting will be assigned into equal-sized rooms. Participants who join the meeting after automatic allocation will need to be assigned manually.
   • Manually – allows you to assign participants to rooms as you choose.

4. Select Create rooms button. A menu will appear to the right of your Teams meeting window displaying room management options, room titles, participants, and status of your breakout rooms and participants.

5. To manually create additional rooms, select Add room.
6. To assign/move a participant, select the closed room where the participant is currently assigned. Check the boxes next to the names of the participants you want to move. Select Assign and choose any room you want to place them in.

Note: The participants joining via a desk phone or Teams mobile app cannot be assigned and will remain in the main meeting.

7. To edit the title of a room or delete it, hover over the status icon next to the room title:
8. Rename room: Change the title of the selected room. It is recommended to create a specific title as the chat log remains accessible for participants after the meeting.
9. Delete room: Remove the selected room. Any assigned participants will be moved to the list of unassigned participants. To open additional overarching room settings, select the ellipsis icon next to the Breakout rooms heading, and chose rooms settings while all rooms are closed:
10. Automatically move people into opened rooms – select to move participants automatically in and out of their assigned rooms when you open or close the breakout rooms. Participants will receive a notification that they will be moved automatically with 10-second notice.
11. Let people go back to the main meeting: select to allow participants to move between the main meeting and their assigned breakout room when the breakout rooms are open. If this option is not selected, participants will be able to move back into the main meeting by selecting Return, or back to the breakout room by selecting Join room.

Note: It is not possible for participants to switch between breakout rooms unless the meeting organizer has assigned them a new room.

• Recreate rooms: delete all current rooms and settings to start from the beginning.

• Make an Announcement: Organizers can send announcements to the breakout rooms and recall all participants back to the main meeting at any time.

When you are satisfied with the breakout rooms allocations and settings, you need to open the rooms to allow participants to access them.

• To open all the rooms at once, select Start rooms. The status icon next to the rooms will change from Closed to Open.
• To open individual rooms, hover over the Closed status icon of the room and select the ellipsis icon. Select Open.
• When participants are in the breakout room, in meeting displays beside their name. If this status is not shown beside a name, you can prompt the participant to enter the breakout room by selecting their name and Ask to join.

You will be added to the breakout room and can interact with all features of the meeting.

• While you are in a breakout room, you will be On Hold in the main meeting and will not be able to see if participants have entered the main meeting until you return to the main meeting.
• Select the Leave button to leave the breakout room and return to the main meeting.

At the end of the meeting, you can either leave your breakout rooms open or closed.

• Open: Allows participants to continue collaborating to the breakout room chat and re-open the breakout room meeting after the main meeting has ended. If the meeting is recurring, your breakout room settings and allocations are saved and maintained for subsequent meetings.
• Closed: Breakout room chats become read-only for all participants after the meeting has ended and cannot be re-opened. Breakout room settings and allocations are not saved for subsequent meetings.

Have any questions? Let us know in the comments section below. Thanks for reading!

Cloud has bloomed over the last decade, according to Goldman’s analysts almost 23% of IT workloads now live on Public clouds, and expected to reach 45% in the next 4 years, with the cloud service market reaching a valuation of $1 trillion.

What is the driving force behind this immense growth?

The major factors are Cost, Security, and Accessibility. Cost is the main factor that most of the enterprise consider before making any decision. IT workloads can either be on Cloud or on-prem Data Centres.

On-Prem Data Centres: On-premises data centres are a group of privately owned & controlled servers. It is based on Capex (Capital Expenditure) model which means the enterprise must require in-house server hardware, software licenses, integration capabilities, and an in-house IT team to control, administer and maintain the data centre and resolve potential issues that may arise. This does not even factor in the amount of maintenance that an enterprise is responsible for when something breaks or does not work. Enterprise with a huge growth potential must also factor in the cost of future upgrades, which are going to be needed with increased workloads.

Cloud: Cloud works on Opex (Operational expense) model which means a third-party provider owns the infrastructure which includes hardware & software and enterprises can subscribe to services and manage their account over the internet, this allows enterprises to pay on an As-Needed basis and effectively scale up or down depending upon overall usage and user requirements.

(Read More:- A quick look at the 4 Most Used Services on Microsoft Azure)

Following are some of the parameters to compare the cost of both:

Infrastructure: – Since the on-prem data centre is a Capex which means enterprise must spend a huge sum of money on hardware, software licensing, data backup, IT staff, and space for the housing data centre. In cloud computing a third-party CSP pays for all of these and enterprises can choose from monthly or annual subscriptions. So, on-prem have an enormous upfront cost and cloud computing has none.

Compliance: – Enterprises in the health and finance sectors must be compliant with HIPPA, CCPA, etc. Enterprises having on-prem data centres need to recruit staff with proper knowledge about regulations to take care of compliance-related matters. Servers need to be properly configured and maintained to stay compliant, if something went wrong then the whole burden falls on the enterprise itself. Unlike on-prem, Cloud providers (Amazon, Microsoft, Google) spend a huge sum of money to stay compliant. Although the responsibility will be yours if your CSP is not compliant, you can trust the word of big CSP’s like Microsoft, AWS, Google Cloud, etc

Backup: – Enterprises having on-prem data centres are more prone to data loss because data is stored in internal servers and backup as well. Many enterprises choose to use cloud services for data backup even after having on-prem data centres, which is an overhead for enterprises. Enterprises are offered various services to avoid data loss in the cloud such as redundancy (LRS, GRS, and ZRS), retention policy, snapshots, etc. Data is everything nowadays so losing data could be a huge cost for enterprises.

Deployment: – Deployment cost is something that must be born in both solutions. Although Cloud deployment costs can be lower by outsourcing the deployment service to a CSP partner which is specialized in doing so.

Scalability: – Scaling up or down according to your workloads in on-prem requires capital, time, and manpower, however, it can be done with just a few clicks and at a comparatively lesser cost.

Monthly Management: – When it comes to operating costs in on-prem, it is somewhat fixed. It includes rent for space, electricity cost, and in-house IT staff salaries. In Cloud, you can outsource the management of cloud servers to a CSP partner at a significantly less cost.

If you still have questions about whether cloud computing is a solution to your complex IT problems? Call Mismo Systems today!

Amazon CloudFront is a brisk Content Delivery Network (CDN) service that safely transfers data, videos, applications, and Application Programming Interface (APIs) to patrons all around the world with low latency, high transfer speeds, in an environment that is developer-friendly.
CloudFront is amalgamated with AWS- both are physical locations directly linked to the AWS global infrastructure, plus other services provided by AWS.

Cloud Front works immaculately with services like AWS Shield for DDoS mitigation, Amazon S3, Elastic Load Balancing, or Amazon EC2 as starters for your applications, & Lambda@Edge to run very specialized codes that are closer to customers’ users and to have a very specific tailor-made experience.

In the end, using AWS origins like Amazon S3, Amazon EC2, or Elastic Load Balancing, won’t cost you anything for transferring data between them and CloudFront.

It would literally take a few minutes to get started with CDN, and you only have to use the AWS tools that you are familiar with already, like APIs, AWS Management Console, AWS CloudFormation, CLIs, and SDKs. The CDN of Amazon provides a straightforward, pay-as-you-go model of pricing and has the benefits of no upfront price or any long-time bonds. The customer care support for the CDN is a part of your existing AWS support subscription.

Benefits:

1) Swift and comprehensive:
The Amazon CDN is based on a very large scale and is internationally spread. The CloudFront network has approximately 220 points of presence (PoPs) and has a considerable grip over the highly sustainable Amazon backbone network for better performance and availability for the company’s consumers.

2) Highly secured network:
The Amazon CloudFront is a very secure CDN that gives protection at two levels: network and application. Your traffic and applications get a lot of added advantages through a wide array of built-in protections like the AWS Shield Standard, with no additional cost. Configurable features like AWS Certificate Manager (ACM) can also be used to manage customer SSL certificates at no added cost.

3) Highly Programmable:
Customization of the features of Amazon CloudFront as per your requirements is quite simple. Lambda@Edge functions, which are triggered by the events of CloudFront, expand your customer code across AWS locations globally, allowing you to re-locate even complex application logic closer to your consumers to increase responsiveness. Integration with other tools and automation interfaces for today’s DevOps and CI/CD environment by the application of native APIs/AWS tools is also supported by AWS.

4) A profound integration with AWS:
The AWS services like Amazon S3, Amazon EC2, Elastic Load Balancing, Amazon Route S3, and the AWS Elemental Media services are integrated with the Amazon CloudFront. They are all present with the same console and all the attributes in the CDN can be configured programmatically with the help of APIs or the AWS Management Console.

Mismo Systems is a Cloud Solutions Provider – A team of enthusiastic professionals, who love & live technology, providing highly innovative IT solutions that will add value to your business.

Follow us on LinkedIn & Twitter to get more information on our Services!

We help customers host applications on the cloud, this includes accounting systems including Tally, ERP software including SAP, and Navision. We host workloads only with leading public cloud providers which are Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).

We ensure that the solution is compliant from the licensing standpoint of both cloud providers (e.g., Microsoft) and business systems (e.g., Tally or NAV). We ensure that the system is secure and there’s no open access by implementing VPN and implementing backups.

All these services are fully managed. We perform regular monitoring of system performance, continuously evaluating the security posture, patching systems every month, and perform regular restore drills. And all this is proactive and there have been instances where we approached customers to reduce the server config (and hence reducing the cost) because of less load than expected. That is the beauty of Pay as You Go (PAYG).

I come across a question often from my team that our solution is costlier and also while discussing with customers that we are getting it at a much cheaper price than you are offering then why we should host with you. This bothered me and I decided to find out why our cost is higher than the so-called competition. I took help from one of the potential customers and spoke to the competition. And the following is what I found was making us costlier.

• Competition is using a remote access solution that is not compliant as per cloud or license provider licensing terms. You ask them about it, and they will have no answer. Test it out!
• They are not providing a VPN and the system is open from anywhere. They claim to have a firewall and antivirus but keeping your accounting system open to the whole world is a clear no-no from a business owner perspective.
• They have got into a contract with a third-party data center provider and will give you a server. Your contract is with them and not with the datacenter. There’s no direct control or visibility and shifting to another provider will be a nightmare.
• We enable you to host with major public cloud providers and the contract is between you and the cloud provider. You are the owner of the account. With the portal of Public Cloud, you can see your server and control it and even kick us out if we underperform and onboard another service provider. Think of the visibility and control you have. If I am a business owner, I cannot let my business systems under someone else’s control.
• We provide proactive managed services, so your systems are always running and secure with a data backup which is tested regularly.
• They give a fixed cost per user, our model is PAYG, so you can scale up or down easily.

I hope this gives us and our customers visibility of what you get when you host with us and what you lose when you host with a low-cost provider.

Cloud computing has established itself as the inevitable future when it comes to IT services. This picture becomes much clearer when we take a glimpse at some of the prominent cloud statistics such as, “one-third of companies’ total IT budget is allocated to cloud services” or Cisco’s statement saying that “94% of the world’s workload will be run on the cloud by 2021”.

If we take a brief look at the road that cloud computing has traveled so far, we can find that the concept first came into being in DARPA’s (the Defense Advanced Research Projects Agency) quest of developing a breakthrough technology that allows a “computer to be used by two or more people, simultaneously” in 1963.

As soon as the late 1990s came the years when Salesforce took a huge direction and giving rise to a whole new way of providing services to the globe i.e., SaaS (Software as a Service) when they made available their application to anybody with just an internet connection.

Since then, cloud computing has become a behemoth of a platform, far-reaching the imaginations of its progenitors, taking its modern form in 2006 when Amazon came up with AWS (Amazon web services) offering a fleet of VMs dubbed as EC2 (Elastic Cloud Computing).

At present, there is a multitude of major players in this segment starting from Microsoft Azure, Google Cloud Platform to IBM Bluemix and Alibaba. All having their unique specialty and benefits.

Now that we have covered the ground of the cloud’s existence so far, let’s get back to the future. SaaS seems to be the ultimate stop for any IT offering and the statistics solidifying this argument is the latest forecast from Gartner, which predicts the SaaS revenue to be $113 Billion and some change just for 2021, higher than any other form of cloud offering. This surge can be seen not only in SaaS but in IaaS and PaaS as well.

The trust in the cloud is so profound at the present and strengthening by the day so much so that organizations feel highly confident in moving all of the Infra to the cloud, making it the fastest-growing service with ‘Cumulative Annual Growth Rate (CAGR)’ of 33.7%.

With the cloud offering a highly agile and flexible landscape, organizations are making the best of various strategies while moving to the cloud. One of the most popular ones being the hybrid cloud, which is the best of both worlds – Private and Public Cloud with 84% of the enterprise making use of this strategy.

It’s clear, looking at the picture above that cloud will come with various innovations as we go along and how companies make use of it will be equally interesting to watch. The stage has been set for the unprecedented level of modernization across the globe. We all as earthlings are set to reap benefits from this technologically revolutionary and green campaign and once more we all get the opportunity to bear witness to the future unfolding right in front of us.

Read more blogs from Mismo Systems here.

The Amazon Web Services (AWS) in terms of security follow a shared responsibility model. So, the security ‘of’ the cloud is on the shoulders of AWS, whereas you and your organization’s development team have to look after the security “in” the cloud. Hence, the protection of the infrastructure of the cloud, including hardware, software, and networking falls under the territory of AWS. All the other security objectives, including access to your AWS resources and the security of your application, is your responsibility. The following is an overview of four of the most common AWS security features you’ll need to keep your cloud secure.

1. S3 Security

S3 stands for Amazon’s Simple Storage Service, which is responsible for providing data storage with a high level of availability & durability. Just like all AWS services, the S3 by default denies access from most sources. Only the bucket and object owners (the AWS account owner) have read/write access by default. Hence, it becomes important to lock your S3 buckets so that no unauthorized users are able to view, upload, or delete your files. Contrary to other services, there are several ways of adding permissions to S3, like:

• Firstly, by giving IAM roles to your hand-picked users within your AWS account. They can be used to specify what the users are allowed to do, and how many of them have access to it?
• Usage of Bucket Policies to lock down a single bucket. There is an option of adding permissions to either the individual users or the entire AWS accounts. Bucket policies can be helpful if some files in your application are public and some are private.
• Use of Access Control Lists (ACL) to gain access for AWS accounts & not the individual users. These become very helpful when your company is in possession of & uses several AWS accounts or if any other organization needs access to your files.

2. Identity Access Management (IAM)

The IAM is a free-of-cost element of the AWS that allows you to control & manage- ‘what users have access to what services and resources. By default, access to resources is generally denied, so you will have to grant users permissions in IAM. Permissions are incredibly comminuted and allow you to specify the particular file or resources that a user can access, what the things are that they can do with the file and the work conditions that have to be present for the permissions to get activated – like, using a specific IP address to access AWS. Here are some best practices you should consider with IAM:

• Granting few privileges- Granting the users only the permissions they need to perform the tasks, and nothing more. This is very beneficial, as you can always grant more permissions, but you cannot obtain the databases that were deleted or removed because you made everyone an admin.
• Creation of groups- A group can be defined as a lump or collection of users that allows you to specify the various permissions for the concerned users. Because of this, tracking who has what permissions becomes very easy, plus you can add permissions to several users at once. For example, a group called Mismo AWS could be given full control over the AWS, while the other group, i.e., AWS Developers, in this case, may only be given access to Lambda and S3.
• Enable multi-factor authentication, or MFA, for all users. MFA means that, for a user to sign in, they will have to enter the passcode followed by an additional code that is sent to them through a secondary device, like a smartphone. This is very useful as, even if a user’s password is compromised, their account will not be accessible.

3. Cloud Trail

Your applications are not directly affected by CloudTrail, but it is essentially a tool used for tracking the activity of the users, compliance demonstration, and executing the security analysis. The review activity can also be searched through the logs created by CloudTrail. Overall, it is present by default, so you can view the logs as long as you have an AWS account. CloudTrail is very useful in determining whether your security configuration is sufficient or not? You can view the following from CloudTrail logs:

• The various updates to AWS services.
• The IP address source of the API calls.
• Which account created, deleted, or even modified the different AWS resources.

You can monitor and protect your organization’s digital assets with the built-in features of AWS. You have the power to determine which security features to employ and who has access to them. Your data gets stored securely on the cloud, & your organization’s unique security requirements are still under your control.

4. Security Groups

Elastic Cloud Compute also called EC2, instances are the actual servers on which the applications are run. Each server operates from a Virtual Private Cloud (VPC), a virtual network that you have control over. These VPCs have. There are many security groups in VPCs, which may or may not allow the entry of traffic.

In these security groups, you get to choose the traffic that can enter both in and out of your VPC. Security groups, however, are stateful, so if you allowed ‘in’ a request, its response is allowed ‘out’. By default, traffic is denied, so everything gets rejected if it is not specifically allowed ‘in’. It is quite common for all the traffic to be allowed for Outbound traffic (because you are the one who is sending it), but it is important to cut down on the type of inbound traffic that you allow. You can also specify the types of requests (like HTTP, SSH, etc.), the port range, & the source of traffic through these security groups.

For more of such blogs click here.