My apologies to those awaiting the next instalment on one of my blog series. Unfortunately I am going trough a bit of a rough patch personally and at home and as such writing has been very low on my list of priorities. When I am in calmer waters I will try to get back to this blog.
This is the third post in a 6 part series on running WordPress on Azure, with the purpose of getting started with Azure and learning some base skills while actually producing something useful, namely your own WordPress blog. This series is primarily aimed at IT professionals wanting to make a start with Azure.
PART 1 – “Hello world! So this is WordPress … on Azure 🙂” provided a high-level overview of the components and activities needed and PART2 – “WordPress on Azure – Part2: Creating and using your Azure subscription” looked at how to get your own Azure subscription and getting started with Azure. Today we will be looking at actually deploying and configuring WordPress.
WordPress on Azure – Part3: Installing WordPress
As discussed before, WordPress will be deployed as PaaS service. In other words we will not be creating a (virtual-) server, configuring the OS and actually installing the application and database on it, we will be making use of the Azure platform services to host the web site and the database. The web site and database needed to run WordPress will thus be consumed “as a Service”; rather than running our own Web Server and our own Database Server, we will only be consuming the database itself and the web engine itself.
Our marketing department asked me to do an interview on Securing the Modern Workplace and I’ve actually been planning to do a short training and awareness session inside the company on securing cloud resources. I thus decided to take a (temporary) break from my series on WordPress on Azure PaaS and use this blog to prepare for the interview and the training session. As I was writing this article I realised I cannot really do the topic justice in one, short article. Today I will thus spend some time sketching the background and explaining the various solutions at high level and in 5 separate future articles (when I get the time) I will do a further deep-dive into each of the individual solution areas for those wanting more details.
Today we look at how you can secure the Modern Workplace using Microsoft 365.
Modern IT Management faces a number of challenges due to a rapidly changing landscape and IT is no longer just a cost center but is expected to add real, tangible business value to the company. IT mangers should be focusing on how to help the business benefit from technology advancements, rather than spending large amounts of time on rather basic needs such as providing users with a secure desktop and standard office automation facilities. Both business and end users have further come to expect a quick, friendly and out of the box experience, leveraging self-service capabilities and allowing them to work anywhere and on any device. Business however has also come to expect an ever decreasing TCO and the agility to light up new cloud services quickly, as and when business needs arise. For many IT managers this has become a complex juggling act or even a complete nightmare.
In PART 1 of our series on Securing the Modern Workplace using Microsoft 365 we discussed the background and high level solutions, and defined 5 specific solution areas, namely TRUSTED USER, TRUSTED DEVICE, TRUSTED APP, TRUSTED PLATFORM and TRUSTED DATA.
Today we will dive into a bit more detail on how you can ensure you have TRUSTED USERS when making use of Microsoft 365.
You may have heard the often-used slogan “Identity is the new Firewall” or “Identity as Control Plane” and this is very true. Securing the datacenter and device is no longer enough, as the systems that process your data and where you store your data are no longer in your datacenter but out there on the internet. The best place to start securing your data in the Modern Workplace is right at the from door, by securing the user’s IDENTITY. Some claim that as much as 97% of all security breaches in the last year started with a breached identity. Regardless of whether this figure is accurate or not, if you can assume somebody’s identity you often have unhindered access all devices, apps, platforms and data the user has access to. The weakest link in your security chain is HUMANS. We are animals of habit, we are often lazy, we are incredibly creative in circumventing all kinds of complex security road blocks and most importantly we are very susceptible to social engineering attacks such as Phishing. The most important step you can take to improve your security posture today is to protect your users’ identities.
This is the second article in my short series about creating your own WordPress blog, hosted on Azure. In the first article here we looked at the base requirements to get started and summarised what we will be doing. Today we look at choosing and creating an Azure subscription and some basics around using Azure subscriptions.
To host anything on Azure we need a subscription. Your Azure subscription determines how much you pay for services and also in some cases which services you have or don’t have available. Windows 10 for example is not allowed to be used for production purposes on Azure due to licensing (yet … watch this space, W10 on Azure coming soon!). Another example is the size or number of VM’s or other services you are allowed to run on Azure. Your subscription type and level of credit allowed impacts this. Lucky for us we don’t need much to run WordPress, neither in terms of size nor in terms of quantity and as such it should end up being pretty cheap.
So I decided to start a blog. I’ve always looked at blogging with a certain amount of apprehension. “Will I become one of those guys that just does stuff cause the crave attention?”. Well I decided to set all misgiving aside and do it anyways … the world needs to be enlightened.
As I will be blogging about Microsoft Cloud technology I set down some base requirements for myself:
- It needs to run in the cloud, either as SaaS or PaaS. While my firm belief is that SaaS is the future, I decided to go with a PaaS solution just because my fingers we burning to do some stuff on Azure.
- It needs to make use of the Microsoft stack. I was actually quite conflicted here, “should I use SharePoint?”, “or maybe built something myself using .net?”. While my preference would have gone to something from Microsoft, WordPress is just so damn simple, elegant and just works. I am typically not a big fan of going with “point solutions” but in stead tend to look at the overall architecture and try to find the best way to create an elegant, harmonious whole in any environment. This is why I tend up making use of 99% Microsoft based solutions and why I love their products. Having said this, WordPress is so simple. I don’t have much time to invest here and WordPress is in the Azure marketplace, makes use of all-PaaS services on Azure so it was kind of a no-brainier.
- It should be free. As I have a Visual Studio with MSDN subscription I get free monthly credit on Azure. I mostly end up using only a small portion of that credit every month meaning these is plenty left for me to host WordPress on Azure without it costing me anything. So even though hosting it on Azure is not free, I don’t have to pay 🙂 More on that later.
- It should be properly managed, secured, backed up and always available. I’ll treat this just like I would an (smaller-) customer solution.
My apologies for letting my blog get a bit stale in the last months but I have been working very hard to achieve my Architect certification.
I am proud to announce that I achieved this today!
Hopefully I can now get back to my long overdue, unfinished blogs soon…
I’m shamelessly reposting this article from Jeff’s blog just because it’s such a good article. See this blog post for detailed instructions for adding ABSOLUTELY CRUCIAL MFA to your environment of you are a Cloud Solution Provider managing customer environments. (I’m sure Jeff won’t mind as I am linking directly back to his blog 🙂