Since I have been blogging here at Checkyourlogs.net, I’ve been sharing my journey of Azure administration and security with you. My focus is specifically around Azure storage services above all, and in this post I’d like to highlight the top things I’ve learned thus far in the journey.
- Start and end your sessions in Azure portal with Azure Advisor. This helps for not just Storage Accounts, but services of all types. Every time I log in to the Azure Portal, I recommend re-running Advisor recommendations and ensuring there are no new recommendations. Lastly, when you are done with your Azure Portal time re-run the recommendations and ensure nothing you have done in this session has introduced a new warning of any impact level. See my post exploring Azure Advisor.
- (Continued) – Azure Advisor is a great way to know how your services are configured – be sure to use it. It’s free!
- Azure Storage Metrics are great. For Azure storage accounts, the metrics can provide important insights on many aspects of the usage, number of items, throughput and more. Azure Metrics for storage accounts can also be put in your dashboard(s), giving you first look view in the Azure portal on the metrics that matter to you most. See my post on Azure storage metrics.
- Storage services can change. Over time, new capabilities are added to Azure services as well as new services are added. One example is if you added a storage account a while ago, before general purpose v2 was in place. This can be made visible in Azure Advisor as a recommendation to upgrade to v2. You can upgrade to storage accounts on the fly, but make sure you test the applications interaction. See my post on upgrading storage accounts either by PowerShell or in Configuration.
- Sometimes cloud services need cleanup. I’m the worst about cleaning up in lab environments, its important in the cloud to not leave resources unused in the cloud. The best first step is to identify resource groups are to be deleted, and then identify the services that should be deleted. Its important to not take the costs for Azure services that are not needed. See my post on deleting resource groups.
- Organize with Azure tags. Tags are a nice way to put in application names, business unit information, status for production or development and more. This will help with the cleanup in the previous steps! See my post on tags.
- Azure Blueprints are a path to success for security. I find myself frequently referring to Azure Blueprints as a resource that can help ensure deployments in Azure which are subject to PCI-DSS or other standards. See my post on Azure Blueprints.
These six are the first and most important ones, but there will be more. Do you use Azure storage services? What are your top tips? Share your tips below.