SlideShare a Scribd company logo

Onboarding a Historical Company on the Cloud Journey

Marius Zaharia
Marius Zaharia

This session, oriented on governance and strategy, unveil you the challenges we have encountered and the solutions we've applied to succeed in onboarding one of the most important public companies in France to the Azure Cloud. Real life customer feedback and insights here.

Related slideshows

Conquering Disaster Recovery Challenges and Out-of-Control Data with the Hybr...
Conquering Disaster Recovery Challenges and Out-of-Control Data with the Hybr...Conquering Disaster Recovery Challenges and Out-of-Control Data with the Hybr...
Conquering Disaster Recovery Challenges and Out-of-Control Data with the Hybr...
 
OpenStack + VMware: Everything You Need to Know (Kilo-edition)
OpenStack + VMware: Everything You Need to Know (Kilo-edition)OpenStack + VMware: Everything You Need to Know (Kilo-edition)
OpenStack + VMware: Everything You Need to Know (Kilo-edition)
 
DefCore: The Interoperability Standard for OpenStack
DefCore: The Interoperability Standard for OpenStackDefCore: The Interoperability Standard for OpenStack
DefCore: The Interoperability Standard for OpenStack
 
1 of 44
Architecture technique Onboarding a Historical Company on the Cloud Journey
Onboarding a Historical Company on the Cloud Journey
This is the story of a journey. The journey of a long run voyager. It has started a few hours ago* and it’s still running. The view is… cloudy, but so interesting. Away, the horizon line looks bright and sunny. I was there, accompanying the voyager on its way. I am here, telling you the story. * on the technological eve scale
Introduction
Cellenza, recognized experts 14 Azure .NET ALM SQL Server Windows Client 1 4 Publications and actions : • White Papers (Cell’Insights) : http://www.cellenza.com/cellinsights • Articles in Programmez! • Cellenza Blog : http://blog.cellenza.com • TechEvents and community meetups • Speakers : TechDays / MS Expériences, Azure Camp…
A few of our customers
Marius Zaharia Marius Zaharia http://blog.lecampusazure.net @LeCampusAzure marius.zaharia@cellenza.com At the start of cloud computing at the end of the first decade, Marius Zaharia - currently Cloud Technical Manager at Cellenza - saw the enormous potential of this technology, especially that of Microsoft Azure. Since then, his focus has been on setting up cloud architectures and their corporate governance. Marius has gained both professional developer and infrastructure engineer experience, which allows him to have a complementary approach and broad coverage of project needs. Passionate about the cloud, he is also an active contributor to the Azure User Group France community, organizer of community events and speaker at local and international conferences.
The (Hi)story
The Story of a Customer • Our Customer : a strategic actor of the public transportation sector in France • Established public company in France for ages • Large national coverage • At the root of most of the transportation networks in France • Now part of a consolidated group of companies (thereby called The Group)
The Customer’s IT system • The Customer’s IT system • Large number of business or technical applications • Includes many professions, mostly IT professional oriented • Outsourcing different tasks • managed services, operations, production, expertize, or consulting • Some services of the organization: • Engineering Operations and Service (EOS) • Technical Architecture (TA) • Networking (NE) • The Innovation Pole (IP) • Information Security Service (ISS) • Production Service Center • Build Delivery Center…
The Customer’s Infrastructure • Owns a number of Data Centers • Two main regions (Lyon, Lille) • Customer’s and Group’s infrastructure networks got interconnected • However, various elements of the infrastructure are different • Also, there are differences in governance and procedures • Very important security concerns and restrictions
The Challenge
The Challenge • The Customer needs to encourage and accelerate the pace of innovation via experiments • The projects want to move on the IT infrastructure in a timely matter • The actual internal (IS) and Group organization and culture are not « agile » enough for : • More and more Innovation coming • Time to Market and Cost Effective delivery
The Approach
When the Cloud Comes into the Picture • Looking closely to the advancements of the main actors in the public Cloud : Microsoft Azure, Amazon AWS • It seems that the Cloud may be the gate • « Let’s try and see how it works and how it could help us » • Key factors : • Onboard the Information Security Service (ISS) team from the very beginning • Openness of the CIO
The Steps (and Other Challenges)
Opening Azure • Azure subscription contracted • At the Group level • Used first by ISS team (fall 2016) • Several basic deployments were made, and a site-to-site VPN connection was tempted • The first learnings : • some projects interconnected with the SI • others separated/isolated from it • Then, the advancements and works slowed down • Also, the VPN was malfunctioning Note: the Group also moved on Azure. An ExpressRoute connection was setup at that level.
New Challenges • How to fix the VPN, first ? • How to organize and classify projects and environments ? • How to protect our IS while being open to experiment ? • How to give amplitude to the works in the Cloud ?
Moving to a Real Team • The EOS engaged to initiate a dedicated Azure team • Team directly attached to the chief of Technical Architecture • The Azure Team will be the « the armed arm » of the Innovation Pole • 2 people, Azure experts, with knowledge in infrastructure, networking, security, and governance • Not an easy task, but people were found - at
The First Real Works • First thing first: the VPN was fixed • Dead Peer Detection set at 10s in local Juniper appliance • Second thing : « security hole » detected (and solved) • Force Tunelling setup missing in configuration • Results: • The team gains the Customer’s confidence • The Networking team is also very cooperative Azure VPN Gateway
New Challenge (and solution) • The Customer envisions moving on in the Cloud and eventually targeting production workloads • Blocker : the Group strategy is not yet in phase with the Customer’s one regarding the Cloud • The Group warns about production responsability in the cloud • Result: agreement on an « experiment oriented » scope for the Customer’s Cloud works
New Challenge (and Solution) • VNET w/ VPN : all traffic in Azure has now to be monitored and configured in local appliances • The actual process of configuring the rules for projects takes days or weeks • Solution: a set of 2 Network Virtual Appliances (Palo Alto) was configured and implemented in Azure • Routing, detecting and filtering traffic • Configuration of the rules directly implemented by the Azure team jointly with the ISS
More and More Steps • A first draft of governance and management rules is defined • The team is now ready to receive projects • First internal communication (limited at this stage) • First projects coming quickly • The interest for the team’s services increases rapidly • The team is reinforced on engineering and project management sides • ….
The Result [As Of Today]
Results : A Platform for Innovation Experimentations •Containers •Appliances •DB on PaaS •File Sharing •… Projects Deployed and Run A technological advancement •Driving IT innovation •Positioning within the Group
Projects Typology and Requirements 1. VM hosting (a lot) 2. Simple projects (less) • Azure infrastructure • Software installation 3. Complex projects (a few) • Azure infrastructure • Software installation • App deployment and configuration • OS : • Windows (WS 2012 R2) • Linux (Ubuntu) • Containers (Ubuntu) • Platforms: ASP.NET, Java, SQL Server, PostGreSQL, PHP, MySQL, … • Apps & software: Tomcat, WordPress, Jupyter, HDInsight, Kuberntes, Ckan, ngnix,Traefic, Faveod, …
How All This Works
Platform Overview Zones 1. Intranet • for applications willing to connect with the core IT system • Azure outbound to internet controlled and opened on case by case basis 2. Internet • for applications not connected with the core IT system • for low level classified data Connectivity, networking, securization • Intranet • Main VNET interconnected with the core IT system via IPSEC VPN • 1 mutualized subnet (for single VMs) • VNETs peered with a main • secured by 2 Palo Alto NVAs • Internet • Isolated from each other • VNETs dedicated to each project • RDP/SSH via jump VMs in Intranet
Intranet Zone – Base Infrastructure
Our « Service Catalog » • Core services • VMs (in mutualized infrastructure) • Environment setup (VMs / software / networking / routing / …) • Deployment (Azure provisioning and deployment; OS/container image build;) • Governance : Backup, Log Analytics • Mediation for « third party » services • DNS (records in our dedicated zone : *.exp.xxx.yyyy.fr) : mediate requests to the DNS owner service • Certificates (corresponding to the records above) : mediate requests to the SSI service • Other services • « Consulting » : application architecture
Industrialization • ARM templates • adapt then reuse quick start templates • use of linked templates working model • standardize and reuse of linked templates among projects • Packer • standardize OS images • CI/CD with VSTS • Build of OS or container images • Deployment of containers Packer JSON example, as stored in VSTS
Azure Services Used • Azure Resource Manager • Azure VMs • several sizes used intensively (D_v2) • Networking: VNET, Network Security Groups, User Defined Routes • Intranet zone: all default routing overrided • Containers: Azure Container Service, Azure Container Registry • 1 cluster Kubernetes for a big project • Network Virtual Appliances: Palo Alto (licence PAYG) • Azure AD • directory synchronized at the Group Level • Azure Backup • Log Analytics • App Service Domains • Azure DNS • Azure Automation • Currently experimenting: • PaaS: SQL Database, Database for PostGreSQL • Azure File Share, Azure File Sync • Other : Packer, for OS Imaging
Governance : Project Onboarding and Management • Prerequisites • security pre-qualification (data classification, flows, …) • technical architecture document (DAT) required if complex project • PROCESS • Onboarding • gather requirements • elaboration • « official response » • Implementation • per segment : provision, configure, build, deploy, request third party services, aggregate response • delivery • Lifecycle monitoring • Unprovisioning Project Onboarding Process
Governance • Platform evolution • Updates, patches • Complimentary services • New services added • Tooling usage • VSTS • Work, Build, Release • Planner • Dashboard • O365 Group • SharePoint • Excel • DevOps • Used internally for own processes
Team Organization • TEAM « EXPerimentation Projects on Azure » (EXP Azure) • Team formed of : • 1 Team Lead / Azure Expert • 1 Project Manager (infrastructure integrator) • 1 Infrastructure Architect / Azure Expert • 1 System Engineer • Associated : • 1 Security Expert from ISS • 1 Technical Architect from EOS
Agility • Scrum methodology, adapted • Tooling : VSTS • 2 weeks sprints • 2 « epics » : • projects • platform governance and evolution • Features = Projects • Product backlog items • Tasks Scrum management in Visual Studio Team Services
The Next Steps [Of Tomorrow]
Moving to a new, larger team and scope • A new team structure is built on top • Will include roles: • Service Catalog Owner • Cloud Operations Engineer • Cloud QA Lead • Will expand work force on existing • System Engineer • Cloud Architect • More integration with existing IT services (build, production) • More responsibilities • More projects onboarding • More production oriented • Richer Cloud offering • More services delivered • Identity and Authentication • DNS ownership • More PaaS, Serverless, …
Synergy with the Group • The synergy with the Group will be essential and strategical • Azure Production workloads to be pushed to the Group Managed Services and Operations • Keep Experiments responsibility and autonomy • Integrate with ExpressRoute infrastructure • Deploy projects with a faster interaction with the core IT system • Share more of our knowledge • Our technological advance may influence decisions and choices at the group level
Difussion : Culture of Cloud and Agility • The results of the EXP Azure team are progressively diffused in the organization • The DevOps and automation practices applied internally are also propagated • The Agile process shows to other teams a much faster delivery process • The other teams will start integrating some of EXP Azure experiences
Conclusion
The Cloud The Cloud …is not (anymore) a tabou subject even in the public sector …proves to be a strong innovation driver …may be the way of developing DevOps and Agility adoption
Our role in the success of our customers There is no success in the Cloud : • Without a strong technical competency • Without the maturity and experience • Without a Team Here is where we come in the play.
Thank you, • Picture references • NG/MATTHEW G. WHEELER, VIA RAIL CANADA • GLACIERBAYALASKA.COM • PINTEREST • IBC SYSTEMS • CIO.COM • SNCF • SNCF RÉSEAU • TRACKINTELLIGENCE.COM • SHUTTERSTOCK • PIXABAY • CHILDREN’S MINISTRY LEADER • WIKIPEDIA

More Related Content

Onboarding a Historical Company on the Cloud Journey

  • 1. Architecture technique Onboarding a Historical Company on the Cloud Journey
  • 3. This is the story of a journey. The journey of a long run voyager. It has started a few hours ago* and it’s still running. The view is… cloudy, but so interesting. Away, the horizon line looks bright and sunny. I was there, accompanying the voyager on its way. I am here, telling you the story. * on the technological eve scale
  • 5. Cellenza, recognized experts 14 Azure .NET ALM SQL Server Windows Client 1 4 Publications and actions : • White Papers (Cell’Insights) : http://www.cellenza.com/cellinsights • Articles in Programmez! • Cellenza Blog : http://blog.cellenza.com • TechEvents and community meetups • Speakers : TechDays / MS Expériences, Azure Camp…
  • 6. A few of our customers
  • 7. Marius Zaharia Marius Zaharia http://blog.lecampusazure.net @LeCampusAzure marius.zaharia@cellenza.com At the start of cloud computing at the end of the first decade, Marius Zaharia - currently Cloud Technical Manager at Cellenza - saw the enormous potential of this technology, especially that of Microsoft Azure. Since then, his focus has been on setting up cloud architectures and their corporate governance. Marius has gained both professional developer and infrastructure engineer experience, which allows him to have a complementary approach and broad coverage of project needs. Passionate about the cloud, he is also an active contributor to the Azure User Group France community, organizer of community events and speaker at local and international conferences.
  • 9. The Story of a Customer • Our Customer : a strategic actor of the public transportation sector in France • Established public company in France for ages • Large national coverage • At the root of most of the transportation networks in France • Now part of a consolidated group of companies (thereby called The Group)
  • 10. The Customer’s IT system • The Customer’s IT system • Large number of business or technical applications • Includes many professions, mostly IT professional oriented • Outsourcing different tasks • managed services, operations, production, expertize, or consulting • Some services of the organization: • Engineering Operations and Service (EOS) • Technical Architecture (TA) • Networking (NE) • The Innovation Pole (IP) • Information Security Service (ISS) • Production Service Center • Build Delivery Center…
  • 11. The Customer’s Infrastructure • Owns a number of Data Centers • Two main regions (Lyon, Lille) • Customer’s and Group’s infrastructure networks got interconnected • However, various elements of the infrastructure are different • Also, there are differences in governance and procedures • Very important security concerns and restrictions
  • 13. The Challenge • The Customer needs to encourage and accelerate the pace of innovation via experiments • The projects want to move on the IT infrastructure in a timely matter • The actual internal (IS) and Group organization and culture are not « agile » enough for : • More and more Innovation coming • Time to Market and Cost Effective delivery
  • 15. When the Cloud Comes into the Picture • Looking closely to the advancements of the main actors in the public Cloud : Microsoft Azure, Amazon AWS • It seems that the Cloud may be the gate • « Let’s try and see how it works and how it could help us » • Key factors : • Onboard the Information Security Service (ISS) team from the very beginning • Openness of the CIO
  • 17. Opening Azure • Azure subscription contracted • At the Group level • Used first by ISS team (fall 2016) • Several basic deployments were made, and a site-to-site VPN connection was tempted • The first learnings : • some projects interconnected with the SI • others separated/isolated from it • Then, the advancements and works slowed down • Also, the VPN was malfunctioning Note: the Group also moved on Azure. An ExpressRoute connection was setup at that level.
  • 18. New Challenges • How to fix the VPN, first ? • How to organize and classify projects and environments ? • How to protect our IS while being open to experiment ? • How to give amplitude to the works in the Cloud ?
  • 19. Moving to a Real Team • The EOS engaged to initiate a dedicated Azure team • Team directly attached to the chief of Technical Architecture • The Azure Team will be the « the armed arm » of the Innovation Pole • 2 people, Azure experts, with knowledge in infrastructure, networking, security, and governance • Not an easy task, but people were found - at
  • 20. The First Real Works • First thing first: the VPN was fixed • Dead Peer Detection set at 10s in local Juniper appliance • Second thing : « security hole » detected (and solved) • Force Tunelling setup missing in configuration • Results: • The team gains the Customer’s confidence • The Networking team is also very cooperative Azure VPN Gateway
  • 21. New Challenge (and solution) • The Customer envisions moving on in the Cloud and eventually targeting production workloads • Blocker : the Group strategy is not yet in phase with the Customer’s one regarding the Cloud • The Group warns about production responsability in the cloud • Result: agreement on an « experiment oriented » scope for the Customer’s Cloud works
  • 22. New Challenge (and Solution) • VNET w/ VPN : all traffic in Azure has now to be monitored and configured in local appliances • The actual process of configuring the rules for projects takes days or weeks • Solution: a set of 2 Network Virtual Appliances (Palo Alto) was configured and implemented in Azure • Routing, detecting and filtering traffic • Configuration of the rules directly implemented by the Azure team jointly with the ISS
  • 23. More and More Steps • A first draft of governance and management rules is defined • The team is now ready to receive projects • First internal communication (limited at this stage) • First projects coming quickly • The interest for the team’s services increases rapidly • The team is reinforced on engineering and project management sides • ….
  • 25. Results : A Platform for Innovation Experimentations •Containers •Appliances •DB on PaaS •File Sharing •… Projects Deployed and Run A technological advancement •Driving IT innovation •Positioning within the Group
  • 26. Projects Typology and Requirements 1. VM hosting (a lot) 2. Simple projects (less) • Azure infrastructure • Software installation 3. Complex projects (a few) • Azure infrastructure • Software installation • App deployment and configuration • OS : • Windows (WS 2012 R2) • Linux (Ubuntu) • Containers (Ubuntu) • Platforms: ASP.NET, Java, SQL Server, PostGreSQL, PHP, MySQL, … • Apps & software: Tomcat, WordPress, Jupyter, HDInsight, Kuberntes, Ckan, ngnix,Traefic, Faveod, …
  • 28. Platform Overview Zones 1. Intranet • for applications willing to connect with the core IT system • Azure outbound to internet controlled and opened on case by case basis 2. Internet • for applications not connected with the core IT system • for low level classified data Connectivity, networking, securization • Intranet • Main VNET interconnected with the core IT system via IPSEC VPN • 1 mutualized subnet (for single VMs) • VNETs peered with a main • secured by 2 Palo Alto NVAs • Internet • Isolated from each other • VNETs dedicated to each project • RDP/SSH via jump VMs in Intranet
  • 29. Intranet Zone – Base Infrastructure
  • 30. Our « Service Catalog » • Core services • VMs (in mutualized infrastructure) • Environment setup (VMs / software / networking / routing / …) • Deployment (Azure provisioning and deployment; OS/container image build;) • Governance : Backup, Log Analytics • Mediation for « third party » services • DNS (records in our dedicated zone : *.exp.xxx.yyyy.fr) : mediate requests to the DNS owner service • Certificates (corresponding to the records above) : mediate requests to the SSI service • Other services • « Consulting » : application architecture
  • 31. Industrialization • ARM templates • adapt then reuse quick start templates • use of linked templates working model • standardize and reuse of linked templates among projects • Packer • standardize OS images • CI/CD with VSTS • Build of OS or container images • Deployment of containers Packer JSON example, as stored in VSTS
  • 32. Azure Services Used • Azure Resource Manager • Azure VMs • several sizes used intensively (D_v2) • Networking: VNET, Network Security Groups, User Defined Routes • Intranet zone: all default routing overrided • Containers: Azure Container Service, Azure Container Registry • 1 cluster Kubernetes for a big project • Network Virtual Appliances: Palo Alto (licence PAYG) • Azure AD • directory synchronized at the Group Level • Azure Backup • Log Analytics • App Service Domains • Azure DNS • Azure Automation • Currently experimenting: • PaaS: SQL Database, Database for PostGreSQL • Azure File Share, Azure File Sync • Other : Packer, for OS Imaging
  • 33. Governance : Project Onboarding and Management • Prerequisites • security pre-qualification (data classification, flows, …) • technical architecture document (DAT) required if complex project • PROCESS • Onboarding • gather requirements • elaboration • « official response » • Implementation • per segment : provision, configure, build, deploy, request third party services, aggregate response • delivery • Lifecycle monitoring • Unprovisioning Project Onboarding Process
  • 34. Governance • Platform evolution • Updates, patches • Complimentary services • New services added • Tooling usage • VSTS • Work, Build, Release • Planner • Dashboard • O365 Group • SharePoint • Excel • DevOps • Used internally for own processes
  • 35. Team Organization • TEAM « EXPerimentation Projects on Azure » (EXP Azure) • Team formed of : • 1 Team Lead / Azure Expert • 1 Project Manager (infrastructure integrator) • 1 Infrastructure Architect / Azure Expert • 1 System Engineer • Associated : • 1 Security Expert from ISS • 1 Technical Architect from EOS
  • 36. Agility • Scrum methodology, adapted • Tooling : VSTS • 2 weeks sprints • 2 « epics » : • projects • platform governance and evolution • Features = Projects • Product backlog items • Tasks Scrum management in Visual Studio Team Services
  • 37. The Next Steps [Of Tomorrow]
  • 38. Moving to a new, larger team and scope • A new team structure is built on top • Will include roles: • Service Catalog Owner • Cloud Operations Engineer • Cloud QA Lead • Will expand work force on existing • System Engineer • Cloud Architect • More integration with existing IT services (build, production) • More responsibilities • More projects onboarding • More production oriented • Richer Cloud offering • More services delivered • Identity and Authentication • DNS ownership • More PaaS, Serverless, …
  • 39. Synergy with the Group • The synergy with the Group will be essential and strategical • Azure Production workloads to be pushed to the Group Managed Services and Operations • Keep Experiments responsibility and autonomy • Integrate with ExpressRoute infrastructure • Deploy projects with a faster interaction with the core IT system • Share more of our knowledge • Our technological advance may influence decisions and choices at the group level
  • 40. Difussion : Culture of Cloud and Agility • The results of the EXP Azure team are progressively diffused in the organization • The DevOps and automation practices applied internally are also propagated • The Agile process shows to other teams a much faster delivery process • The other teams will start integrating some of EXP Azure experiences
  • 42. The Cloud The Cloud …is not (anymore) a tabou subject even in the public sector …proves to be a strong innovation driver …may be the way of developing DevOps and Agility adoption
  • 43. Our role in the success of our customers There is no success in the Cloud : • Without a strong technical competency • Without the maturity and experience • Without a Team Here is where we come in the play.
  • 44. Thank you, • Picture references • NG/MATTHEW G. WHEELER, VIA RAIL CANADA • GLACIERBAYALASKA.COM • PINTEREST • IBC SYSTEMS • CIO.COM • SNCF • SNCF RÉSEAU • TRACKINTELLIGENCE.COM • SHUTTERSTOCK • PIXABAY • CHILDREN’S MINISTRY LEADER • WIKIPEDIA

Editor's Notes

  1. The IT department of the Customer encompasses the implementation and operation of a large number of business or technical applications It includes many professions, mostly IT professional oriented : infrastructure engineers, architects, technicians, and so on It relies pretty heavily on outsourcing different tasks like managed services, operations, production, expertize, or consulting to external companies (mostly via service and competency centers) Some services of the internal organization: Engineering Operations and Service (EOS) Production Service Information Security Service (ISS) Infrastructure Project Management
  2. Owns a number of Data Centers hosting currently the infrastructure the applications The whole infrastructure is known as The Information System (IS) As The Customer joined The Group, their infrastructure’s networks got interconnected Today, a user from the IS is capable to connect to a service within the Group’s infrastructure, and viceversa However, various elements of the infrastructure (like networking appliances, identity systems, tooling, and so on) are different Also, there are differences in governance and procedures For the Customer and for the Group, there are very important security concerns and restrictions (due to their strategic activity)
  3. Looking closely to the advancements of the main actors in the public Cloud : Microsoft Azure, Amazon AWS It seems that the Cloud may be the gate « Let’s try and see how it works and how it could help us » Key factor : onboard the Information Security Service (ISS) team from the very beginning This ensures there will not be [too many] blocking rocks on the road [TODO bienvieillance du DSI / IT Officer)
  4. Requesting an Azure agreement via The Group An Azure subscription was provisioned The ISS team was the one using an Azure Subscription (fall 2016) Several basic deployments were made, and a site-to-site VPN connection was tempted The first learnings : some projects need to be interconnected with the SI others need rather to be separated/isolated from it (risky or unknown stuff running) Then, the advancements and works slowed down Also, the VPN was malfunctioning
  5. The EOS engaged to initiate a dedicated Azure team Team directly attached to the chief of EOS 2 people, Azure experts, with knowledge in infrastructure, networking, security, and governance Not easy task, but people were found (at Cellenza)
  6. First thing first: the VPN was fixed Not a big issue, the configuration was mostly good, but missing a « keep alive » option while no traffic (« Dead Peer Detection » set at 10s in local Juniper appliance) Second thing (during the works for the first): « security hole » detected (and solved) The « force tunelling » setup was envisioned but missing in configuration Results: The team gains the Customer’s confidence The Networking team is also very cooperative
  7. Enthousiastic of the advancement, the Customer envisions moving on in the Cloud and eventually targetting production workloads Blocker : the Group strategy is not yet in phase with the Customer’s one regarding the Cloud The Group warns about production responsability in the cloud Result: agreement on an « experiment oriented » scope for the Customer’s Cloud works
  8. VNET w/ VPN : Because of the Forced Tunelling, all traffic in Azure has now to be monitored and configured in local appliances (Palo Alto) The actual process of configuring the rules for projects takes days or weeks Solution: a set of 2 Network Virtual Appliances (Palo Alto) was configured and implemented in Azure They now allow the configuration of the rules to be directly implemented by the Azure team jointly with the ISS
  9. by this, interconnected with the whole Group