Azure updates include alerts and role-based controls
- By Kurt Mackie
- Sep 18, 2014
Government cloud administrators can now set up alerts for eight Azure services, according to Microsoft. IT pros can create alert thresholds on metrics that they are interested in and then have Azure send an email when that threshold is crossed.
Azure Alerting currently can tap the following Azure services, according to Microsoft's announcement:
- Cloud services
- Virtual machines
- Web hosting plans
- Storage accounts
- SQL databases
- Redis Cache
- DocumentDB accounts
Microsoft plans to add to that list of supported services in the near future.
While ready for deployment today, Azure Alerting gets accessed through the Azure Portal management console. The Azure Portal is still at the preview stage, though. It may seem confusing to use a finished product via a beta product, but that seems to be the case with Microsoft's Azure Alerting feature.
In addition, Microsoft issued a preview of the ability to "create alerts on operational events." Examples of operational events that might get flagged include the deletion of virtual machines, the stopping of a website or template deployment failures, according to the announcement. This operational event alert feature also gets configured through the Azure Portal preview, but Microsoft indicated it plans to extend it to other Azure management products in the near future.
Role-based access preview
Microsoft also released a preview of role-based access control (RBAC) in Azure. IT pros can limit Azure resource access and specify the kinds of actions that personnel can perform. It's done by assigning specific roles to users or groups through the Azure Portal preview or via the command-line tools that come with Azure Resource Manager APIs. Microsoft also indicated that it has built some new PowerShell APIs to automate setting up and using the RBAC feature.
The current Azure management portal and the older management APIs can't be used with the new RBAC preview, Microsoft noted, because they weren't "built with the concept of role-based security."
The RBAC preview comes with three prebuilt Azure roles: "Owner," "Contributor" and "Reader." The Owner role has permissions to carry out all management operations for a resource. Examples of Owners might be a "service administrator" or a "coadministrator," according to Microsoft. The Contributor role has the same permissions as the Owner role except that Contributors can't grant access to other users. The Reader role just has read-only access to a resource. Microsoft's announcement explained that Reader roles don't have access to "secrets," such as access to passwords.
Microsoft eliminated a restriction that users had to be Azure subscribers in order for the RBAC feature to be used. Instead, users can be assigned to Resource Groups. Microsoft defines a Resource Group as "a container to group resources that share lifecycle." Alternatively, users can be assigned to specific Azure services, such as Azure Virtual Machines, Websites, etc.
The RBAC preview is based Active Directory (both on-premises and in the cloud), which can be used to set permissions that work with the RBAC feature. Federation is also possible, so IT pros can sync their existing users and groups on premises to Azure Active Directory, which is Microsoft's cloud-based identity and access management solution.
Other Azure improvements
The Azure Alerting feature and the RBAC preview were the two main management nuggets to be found in Microsoft's very long list of Azure improvements. However, there were a few other highlights.
For instance, Microsoft announced the general availability of Azure SQL Database service tiers, featuring enhanced service level agreements to 99.99 percent uptime. Microsoft also announced the general availability of its Azure API Management Service, which is a perk for developers, allowing them to publish their APIs and collaborate with partners. Microsoft also issued a preview of Media Services, which provides organizations the means to broadcast events (Microsoft claims that Media Services provides the same resources that were used to "live stream the 2014 Winter Olympic Games and 2014 FIFA World Cup" events, for instance).
Microsoft also enhanced its Azure Websites service such that it can access Azure Virtual Networks resources. The WordPress service running on Azure Websites now features a "scalable CMS [content management system]." Lastly, Microsoft added backup options to Azure Websites, allowing users to choose the destination, choose SQL or MySQL databases via a Web site's connection strings and restore to either a new site or to a "deployment slot on a site."
This article originally appeared on Redmondmag.com, a sister site to GCN.