IT Techy Minds -- We run and explore the IT

Citrix SIA Service (Citrix Secure Internet Access)

Hello,

Citrix SIA is one Saas cloud based Service from Citrix Vendor.  SIA ensures protection to Web & Saas base applications. when we say Web and Saas Apps means all the internet traffic which is going in or out from client machine.

undefined

                                              Diagram from Citrix Docs

 

Citrix SIA Service consist of following components working under one Umbrella.

1. Secure Web Gateway

2. Firewall

3. CASB (Cloud Access security Broker)

4. DLP (Data Loss prevention)

5. Sandox 

6. Malware Protection.

Citrix deliver a SASE Architecture. (Secure Access Service Edge) where All the Services are delivered via one Vendor with tight integration  Citrix CVAD, SD-WAN, Citrix Workspace Secure Access and third party SD-WAN solutions , Splunk, Microsoft CAS other security products.

Citrix SIA qualities which makes it different from other vendors solutions.

1. Comprehensive security :- web Gateway, Firewall, CASB, DLP, IDP,malware protection, SSL Packet inspection.

2. Unified managment : Single Vendor solution and tight integration with SD-WAN, CVAD, Analytics and CSWA .

3. single phase architecture

4. 100 plus Point of presense

5. 10 Plus malware engine feeds : best 10 security feeds under one price umbrella.

6. Higher performance (Auto Scale in)

7. Dedicated instance per customer. 

Few benefits of SASE 

1. Single Vendor solution which reduces resolution time

2. better managebility

3. Lower down the cost of solution

4. better performance

5. lower down the handling time 

6. less complexity

We will be publishing another article for explaning each Citrix SIA Component deeply.

thanks for reading and keep studying.

Thanks

Amit Gupta

 

Office 365 requires connectivity to the Internet.

Hello Users

Here is some very useful information about office 365 URL & IP to function it properly for users. (Source from MS).

Office 365 requires connectivity to the Internet. The endpoints below should be reachable for customers using Office 365 plans, including Government Community Cloud (GCC).

This is Live document and keep checking it regularly

https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252fen-us%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2

Amit Kumar Gupta

Certified: CCA-XenApp/XenDesktop/XenServer, Google Cloud Architect, MCSE, ITIL, Vmware Certified , AWS Fundamentals. AWS Pratitioner

Microsoft certified - Enterprise Cybersecurity Fundamentals & Planning for Security Incident response.

https://www.linkedin.com/in/amit-gupta-5321a527/

 

 

 

Drivers for Workload migration to Azure cloud

Hi Admin

In this post , we will talk about moving workload to Azure and why?

Migration has already been focused based on Technology or business. moving from one application to another or moving between Datacenters always add some benefits on business & cost driven.

 Main goal of moving to cloud ot overcome challenges

1. Customer to focus on Core business not IT

2. Avoid H/W lifecycle cost

3. Lack of Agility

4. Avoid cost of projected capacity purchase

5. Expense of maintaining a global presence

6. Enable disaster-recovery scenarios

 

How Cloud solution mitigate the above challenges

1. Customer to focus on Core business not IT - Hosting workloads in Azure allows non-IT businesses to re-focus their resources. Microsoft, who has been running enterprise-class datacenters since 1989, can handle the datacenter management, freeing up organizations to focus on their business. company dont have to care about backend compute procurements.

2. Avoid H/W lifecycle cost - All the H/W compute is handled by MS Azure so Customer dont have to care and spend cost on H/W lifecycle and limited to MS which results huge cost saving for Customers

3. Lack of Agility - Azure helps IT departments keep up with business demands by enabling infrastructure and platform deployments to occur in minutes. Azure offers rich support for DevOps workflows, natively supporting continuous integration and deployment (CI/CD) toolsets and methodologies. Organizations can build complex network infrastructures and make use of different storage tiers using native options in Azure. IT will have all the tools they need to increase their agility to cloud-speed

4. Avoid cost of projected capacity purchase - No need of procuring capacity to meet business projected requirements or % of reserve capacity.  Its on-demand and avaliable in few minutes

5. Expense of maintaining a global presence - Azure cloud is globally present and well connected. its big relief for cust & get workload spread Geographically in few minutes.

undefined

5.  Enable disaster-recovery scenarios : Azure Site Recovery (ASR) democratizes disaster recovery (DR) by allowing organizations to use Azure as their DR datacenter. Workloads are synchronized into Azure, enabling failover with recovery time objectives that are measured in minutes. Until the failover, only licensing and storage costs are incurred, making ASR dramatically lower in cost than traditional DR strategies. If an organization has a second datacenter, ASR also supports synchronizing and failing over to the alternate data center.

more details coming in another post

Amit Kumar Gupta

Certified: CCA-XenApp/XenDesktop/XenServer, Google Cloud Architect, MCSE, ITIL, Vmware Certified , AWS Fundamentals. AWS Pratitioner

Microsoft certified - Enterprise Cybersecurity Fundamentals & Planning for Security Incident response.

https://www.linkedin.com/in/amit-gupta-5321a527/

Security in Azure environment and detection methods

Hi Admin

Since most of the organization has started the journey of cloud and more concerned about how resources & data will be secured.

Hackers have become more advanced and racing with security system

There are some good articles from MS which shows how MS Azure ensured security in cloud system. Always remember the secuirty model defers based on service model and MS has ensured availiablity of tool which can be used by cust to monitor and secure the system.

 

undefined

undefined

Detecting attack by using Azure Security Center

1. SQL Brute Force attack  (https://azure.microsoft.com/en-us/blog/how-azure-security-center-helps-reveal-a-cyberattack/)

2. Bitcoin mining attack (https://azure.microsoft.com/en-us/blog/how-azure-security-center-detects-a-bitcoin-mining-attack/)

3. DDoS attack using cyber threat intelligence (https://azure.microsoft.com/en-us/blog/how-azure-security-center-detects-ddos-attack-using-cyber-threat-intelligence/)

4. Good applications being used maliciously (https://azure.microsoft.com/en-us/blog/how-azure-security-center-aids-in-detecting-good-applications-being-used-maliciously/)

Interesting Docs. https://docs.microsoft.com/en-us/azure/security-center/security-center-detection-capabilities

 

Amit Kumar Gupta

Certified: CCA-XenApp/XenDesktop/XenServer, Google Cloud Architect, MCSE, ITIL, Vmware Certified , AWS Fundamentals. AWS Pratitioner

Microsoft certified - Enterprise Cybersecurity Fundamentals & Planning for Security Incident response.

https://www.linkedin.com/in/amit-gupta-5321a527/

 

Azure Offered Services under Web, Data, Media, and Management Sections

Hi IT Geeks

Contiue to Azure offered Services.

Web and Mobile Services (including media and content delivery)

App Service. Create scalable cloud apps for web and mobile without the need to manage the underlying web server configuration.

Web Apps. Quickly create and deploy mission critical Web apps at scale.

Mobile Apps. Implement a hosted back-end service for mobile applications that run on multiple mobile platforms.

API Apps. Publish your service APIs securely.

Logic Apps. Automate the access and use of data across clouds without writing code.

Content Delivery Network. Ensure secure, reliable content delivery with broad global reach.

Media Services. Encode, store, and stream video and audio at scale.

Azure Search. Provide a fully managed search service.

Databases, Data and Analytics Services

SQL Database. Implement relational databases for your applications without the need to provision and manage a database server.

SQL Data Warehouse. Learn how to use SQL Data Warehouse, which combines the SQL Server relational database with massively parallel processing.

Azure Cosmos DB. Implement an Azure Cosmos DB service that functions as a globally distributed database using one of the multi-model APIs.

HDInsight. Use Apache Hadoop to perform big data processing and analysis.

Redis Cache. Implement high-performance caching solutions for your applications.

Machine Learning. Apply statistical models to your data and perform predictive analytics.

Monitoring and Management Services

Microsoft Azure Portal. Build, manage, and monitor all Azure products in a single, unified console.

Azure Resource Manager. Use Azure Resource Manager to deploy, manage, and monitor the infrastructure components and resources for applications and services.

Log Analytics. Centralize log data from multiple systems in a single data store, gaining deeper insight into your hybrid IT environment.

Automation. Simplify cloud management with process automation.

Scheduler. Use Scheduler to schedule and monitor jobs such as recurring application actions and routine maintenance.

Thanks with Regards

Amit Kumar Gupta

CCA in XenApp/XenDesktop/XenServer,Google Cloud Architect, MCSE, ITIL, Vmware Certified

Microsoft certified - Planning for Security Incident response.

https://www.linkedin.com/in/amit-kumar-gupta-5321a527/

Azure Services: offered Compute, Storage, and Identity Under Azure Umbrella

Hello It Geeks

Just to revise the Azure offered Services. Here is list of Services which are offered under umbrella.

Virtual Machines. Create Windows® and Linux virtual machines from pre-defined templates, or deploy your own custom server images in the cloud.

Virtual Machine Scale Sets. Deploy Virtual Machine Scale Sets using Azure Resource Manager templates.

Virtual Networks. Provision networks to connect your virtual machines, PaaS cloud services, and on-premises infrastructure.

Cloud Services. Define multi-tier PaaS cloud services that you can deploy and manage on Microsoft Azure.

Load Balancer. Quickly create highly-available and scalable applications, with support for the most common networking protocols.

VPN Gateway. Connect on-premises networks to Azure through Site-to-Site VPNs using secure protocols like IPSec and IKE.

Azure DNS. Use Azure DNS to host your Domain Name System (DNS) domains in Azure.

ExpressRoute. Create a dedicated high-speed connection from your on-premises data center to Azure.

Traffic Manager. Implement load-balancing for high scalability and availability.

Network Watcher. Monitor and diagnose networking issues without logging in to your virtual machines (VMs) using Network Watcher.

Storage and Backup Services

Azure Storage. Store data in files, binary large objects (BLOBs), tables, and queues.

Data Lake Store. Use as a hyper scale repository for big data analytics workloads.

StorSimple. Consolidate storage infrastructure, automate data management across the enterprise, accelerate disaster recovery, and improve compliance.

Backup. Use Azure as a backup destination for your on-premises servers.

Azure Site Recovery. Manage complete site failover for on-premises and Azure private cloud infrastructures.

Security and Identity Services

Security Center. Use Azure Security Center to get a central view of the security state of all of your Azure resources.

Key Vault. Create and import encryption keys, reduce latency with cloud scale and global redundancy, and simplify and automate tasks for SSL/TLS certificates.

Azure Active Directory. Integrate your corporate directory with cloud services for a single sign on (SSO) solution.

Azure Active Directory Domain Services. Join Azure virtual machines to a domain without domain controllers.

Azure Multi-Factor Authentication. Implement additional security measures in your applications to verify user identity.

The more updated details can be read at https://azure.microsoft.com/en-us/features/azure-portal/

Login to trail portal.

Thanks with Regards

Amit Kumar Gupta

CCA in XenApp/XenDesktop/XenServer,Google Cloud Architect, MCSE, ITIL, Vmware Certified

Microsoft certified - Planning for Security Incident response.

https://www.linkedin.com/in/amit-kumar-gupta-5321a527/

Home ← Older posts