Please enable JavaScript.
Coggle requires JavaScript to display documents.
5.2 Cloud governance strategy - Coggle Diagram
5.2 Cloud governance strategy
Iteratively
Lặp đi lặp lại
tangible
/'tædʒəbl/ (a) xác thực; có thể sờ mó được; hữu hình
consensus
/kən'sensəs/ sự nhất trí
readiness
/'redinis/ sự sẵn sàng
custodian
/kʌ'stəʊdiən/ người trông coi, người chăm sóc
standpoint
/'stændpɔint/ quan điểm
circuit
/'sɜ:kit/ chu vi, vòng
aspirational
đầy khát vọng
invoke
/in'vəʊk/ viện ra, dẫn ra, cầu khẩn (xin giúp đỡ…)
adoption
/ə'dɒp∫n/ sự chấp nhận
seasonal
/'si:zənl/ heo thời vụ, theo mùa
agility
/ə'dʒiləti/ sự nhanh nhẹn
robust
/rəʊ'bʌst/ (a) khỏe; tráng kiện
fraud
/frɔ:d/ sự lừa đảo
irreversible
/,iri'vɜ:səbl/ không thể đảo ngược lại
formulate
/'fɔ:mjʊleit/ trình bày, diễn đạt
exempt
/ig'zempt/ (v) miễn cho
residency
cư trú
custodian
/kʌ'stəʊdiən/ người trông coi
certify
/'sɜ:tifai/ cấp chứng nhận
Payment Card Industry (PCI) Data Security Standard (DSS)
minimum viable product (MVP)
Identity and Access Management (IAM)
service-level agreements (SLAs)
multifactor authentication (MFA)
Cross-origin resource sharing (CORS)
Governance is most beneficial when you have:
Multiple subscriptions to manage.
Regulatory requirements that must be enforced.
Multiple engineering teams working in Azure.
Standards that must be followed for all cloud resources.
Cloud Adoption Framework
3 Ready your organization
Azure landing zone
Expand the landing zone
Azure setup guide
Best practices
4 Adopt the cloud
Migrate
Migration scenarios
Best practices
Migrate your first workload
Process improvements
Innovate
Azure innovation guide
Best practices
Business value consensus
Feedback loops
2 Make a plan
Initial organizational alignment
Ensure that the right people are involved in your migration efforts, both from a technical standpoint as well as from a cloud governance standpoint.
Skills readiness plan
Build a plan that helps individuals build the skills they need to operate in the cloud.
Digital estate:
Create an inventory of the existing digital assets and workloads that you plan to migrate to the cloud.
Cloud adoption plan
Build a comprehensive plan that brings together the development, operations, and business teams toward a shared cloud adoption goal.
5 Govern your cloud environments.
Benchmark
Initial governance foundation
Methodology
Improve the initial governance foundation
1 Define your strategy
Document business outcomes
Meet with leadership from your finance, marketing, sales, and human resource groups to help you document your goals.
Develop a business case
Validate that moving to the cloud gives you the right return on investment (ROI) for your efforts.
Define and document your motivations
Meeting with stakeholders and leadership can help you answer why you're moving to the cloud.
Choose the right first project
Choose a project that's achievable but also shows progress toward your cloud migration goals.
6 Manage your cloud environments.
Define business commitments
Expand the management baseline
Establish a management baseline
Advanced operations and design principles:
Manage subscriptions
Access control
Subscription limits
Billing
multiple departments and need to do a "chargeback"
Resource tags
billing report per subscription
Azure role-based access control (Azure RBAC).
Scopes
A single subscription.
A resource group
A management group (a collection of multiple subscriptions)
A single resource
resource locks
You can apply locks to a subscription, a resource group, or an individual resource
lock levels
CanNotDelete
ReadOnly
Apply for children
Tags
Operations management
Security
Cost management and optimization
Governance and regulatory compliance
Resource management
Workload optimization and automation
Can apply tags to a resource group, but those tags aren't automatically applied to the resources within that resource group
can use Azure Policy to ensure that a resource inherits the same tags as its parent resource group
Azure Policy
MFA should be enabled on accounts with write permissions on your subscription
CORS should not allow every resource to access your web applications
Allowed locations
System updates should be installed on your machines
Allowed virtual machine SKUs
This scope could be a management group (a collection of multiple subscriptions), a single subscription, or a resource group
Policy assignments are inherited by all child resources within that scope
You can exclude a subscope from the policy assignment
Policy evaluation happens about once per hour
Azure Policy initiative
is a way of grouping related policies into one set
Azure Blueprints
Policy assignments
Azure Resource Manager templates
Role assignments
Resource groups
Blueprints are also versioned