Archive for the ‘Azure’ Category

Azure Log Analytics Workspace – Ensuring Compliance, Centralizing and Streamlining Monitoring

Posted on April 18th, 2024 by Sania Afsar

In the realm of cloud computing, the ability to monitor, analyze, and respond to IT environment anomalies is crucial for maintaining system integrity and compliance with regulatory standards. Azure Log Analytics Workspace (LAW) is a powerful service that enables businesses to aggregate, analyze, and act on telemetry data from various sources across their Azure and on-premises environments. This article delves into LAW, its alignment with SOC 2 compliance, and the practicalities of Azure Monitoring and diagnostic settings, offering insights from a recent project implemented for a software development company.

Azure Log Analytics Workspace (LAW): A unique environment within Azure Monitor that allows for the collection and aggregation of data from various sources. It provides tools for analysis, visualization, and the creation of alerts based on telemetry data.

SOC 2 Compliance: A framework for managing data based on five “trust service principles”—security, availability, processing integrity, confidentiality, and privacy. It is essential for businesses that handle sensitive information.

Azure Monitoring: A comprehensive solution that provides full-stack monitoring, from infrastructure to application-level telemetry, facilitating the detection, analysis, and resolution of operational issues.

Diagnostic Settings: Configurations within Azure that direct how telemetry data is collected, processed, and stored. It includes logs and metrics for auditing and monitoring purposes.

Why LAW should be used?

LAW plays a pivotal role in operational and security monitoring, offering several benefits:

Centralized Log Management: It consolidates logs from various sources, making it easier to manage and analyze data.

Compliance and Security: Helps organizations meet regulatory standards like SOC 2 by providing tools for continuous monitoring and alerting on security and compliance issues.

Operational Efficiency: Streamlines troubleshooting and operational monitoring, reducing the time to detect and resolve issues.

Cost-Effectiveness: Offers scalable solutions for log data ingestion and storage, providing flexibility and control over costs.

Configuration Process and Technical Details

Creating and Configuring Log Analytics Workspace

1. Azure Portal:

  1. Navigate to the Azure portal.
  2. Go to “All services” > “Log Analytics workspaces”.
  3. Click “Add”, select your subscription, resource group, and specify the workspace name and region.
  4. Review and create the workspace.

Same can be achieved using Powershell cmdlet New-AzOperationalInsightsWorkspace.

New-AzOperationalInsightsWorkspace -ResourceGroupName “YourResourceGroup” -Name “YourWorkspaceName” -Location “Region”

2. Enabling Diagnostic Settings

Azure Portal:

  1. Navigate to the resource (e.g., a VM, database).
  2. Select “Diagnostic settings” > “Add diagnostic setting”.
  3. Choose the logs and metrics to send to the Log Analytics workspace.
  4. Select the workspace created earlier and save the setting.

Azure CLI:

There is no corresponding powershell cmdlet however the same can be achieved using azure cli. It is advised that this step be done using the Azure portal unless it needs to be automated, In case of large number of targets consider using a bash script and an csv file for input

az monitor diagnostic-settings create –resource /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroup/providers/ResourceProvider/ResourceType/ResourceName –workspace /subscriptions/YourSubscriptionId/resourcegroups/YourResourceGroup/providers/microsoft.operationalinsights/workspaces/YourWorkspaceName –name “YourDiagnosticSettingName” –logs ‘[{“category”: “CategoryName”, “enabled”: true}]’ –metrics ‘[{“category”: “CategoryName”, “enabled”: true}]’

 Integrating Data Sources

To configure agents and services to send data to LAW:

1. Windows and Linux Servers:

Install the Log Analytics agent on each server.

During the agent configuration, specify the workspace ID and primary key to connect the agent to your workspace.

2. Azure Resources:

Many Azure services offer built-in integration with Log Analytics.

Use the Azure portal to enable integration by selecting the Log Analytics workspace as the target for logs and metrics.

3. Application Insights:

For application telemetry, integrate Application Insights with your application.

Configure the Application Insights SDK to send data to the Log Analytics workspace by setting the instrumentation key.

Insights on a case study from a Software Development Company Perspective

In a recent project for a software development company, LAW was leveraged to enhance operational visibility and ensure SOC 2 compliance. The focus was on automating log collection and analysis to proactively address system anomalies, secure sensitive data, and streamline the development lifecycle. By integrating LAW, the company achieved:

  • Enhanced Security Posture: Through real-time monitoring and alerting capabilities.
  • Operational Excellence: Improved system reliability and availability by quickly identifying and addressing issues.
  • Compliance Assurance: Simplified compliance reporting and auditing processes, ensuring adherence to SOC 2 requirements.


Azure Log Analytics Workspace is an indispensable tool for organizations looking to enhance their monitoring capabilities and ensure compliance with standards like SOC 2. Its ability to aggregate and analyze data from a multitude of sources provides a comprehensive view of an organization’s IT environment, facilitating informed decision-making and operational efficiency. The integration of LAW, coupled with Azure Monitoring and diagnostic settings, offers a robust solution for maintaining system integrity, security, and compliance.

Azure Stack HCI 3-node Cluster Configuration – Switchless Storage Network

Posted on April 17th, 2024 by Sania Afsar

Mismo Systems implemented a 3-node Azure Stack HCI cluster for one of the clients. The cluster was configured with a dual-link full mesh storage network interconnect (Switchless).

This blog provides an overview of the Azure Stack HCI design, high-level implementation steps, network connectivity of the servers, IP configurations and cluster configuration.

Azure Stack HCI Design

Below is the high-level detail of the above Design diagram:

  • 03 Nos. DELL EMC AX-740dx servers, installed with Azure Stack HCI 21H2 Operating System.
  • Azure Stack HCI cluster will be created using the three servers.
  • The cluster will be created and managed using a Windows Admin Center instance.
  • The cluster will be registered with Azure.
  • Azure storage account-based cloud witness will be used for the cluster.

High-Level Configuration Steps

Below are the high-level steps performed to complete the cluster configuration:

S. No.Task
1Server Racking and Cabling
2iDRAC Configuration on the servers
3BIOS Configuration for QLogic NIC configuration
4Initial network configuration and domain join the servers
5Azure Stack HCI cluster configuration:
– Prerequisite check, feature installation and updates installation
– Network and Virtual Switch configuration
– Cluster validation and creation – Storage validation and Enable Storage Space Direct
6Post cluster creation configuration
7Cloud Witness Quorum configuration
8Azure Stack HCI registration to Azure
9Storage volumes creation
10Virtual Machines creation

Network Interfaces

There were 3 Azure Stack Certified servers – DELL EMC AX-740dx, installed with Azure Stack HCI 21H2 Operating System. The servers had the following network interfaces:

Each of the servers has the following network interfaces:

  • 1 iDRAC network port
  • 2 QLogic FastLinQ 41262 Dual Port 10/25GbE SFP28 Adapter, PCIe Low Profile
  • 1 Intel X710 Dual Port 10GbE SFP+
  • 1 i350 Dual Port 1GbE, rNDC

Network Interface Connectivity

The diagram below describes the connectivity of network interfaces and their configuration.

Below tables provides low-level detail of the Azure Stack HCI Implementation:

Network Interface | PurposeNode | IP Address | vSwitch | Team Configuration
Azure Stack HCI – Network Configuration
i350 Dual Port 1GbE, rNDC | Management NetworkNODE1 | | MgmtSwitch | SET Team <NIC 1 and NIC 2> NODE2 | | MgmtSwitch | SET Team <NIC 1 and NIC 2> NODE3 | | MgmtSwitch | SET Team <NIC 1 and NIC 2> Gateway – Subnet –
Intel X710 Dual Port 10GbE SFP | VM NetworkNODE1 – | VMNetworkSwitch | SET Team <NIC 3 and NIC 4> NODE2 – | VMNetworkSwitch | SET Team <NIC 3 and NIC 4> NODE3 – | VMNetworkSwitch | SET Team <NIC 3 and NIC 4> Gateway: Subnet –
QLogic FastLinQ 41262 Dual Port 10/25GbE SFP28 Adapter | Storage NetworkNODE1 – NIC 5 || Storage 1 <Node 1 – Node 2>
NODE1 – NIC 6 || Storage 2 <Node 1 – Node 3> NODE1 – NIC 7 | | Storage 4 <Node 2 – Node 1>
NODE1 – NIC 8 | | Storage 5 <Node 3 – Node 1>

NODE2 – NIC 5 || Storage 1 <Node 1 – Node 2>
NODE2 – NIC 6 || Storage 3 <Node 2 – Node 3> NODE2 – NIC 7 || Storage 4 <Node 2 – Node 1>
NODE2 – NIC 8 || Storage 6 <Node 3 – Node 2>   NODE3 – NIC 5 || Storage 2 <Node 1 – Node 3>
NODE3 – NIC 6 || Storage 3 <Node 2 – Node 3> NODE3 – NIC 7 || Storage 5 <Node 3 – Node 1>
NODE3 – NIC 8 || Storage 6 <Node 3 – Node 2>   Subnet –

Azure Stack HCI Cluster Detail

Configuration ItemDetail
Azure Stack HCI – Initial Configuration
Azure Stack HCI OS21H2
Time zoneCentral time (US & Canada) UTC -6:00
Joined AD DS Domain
Windows Admin Center
Azure Stack HCI – Cluster Configuration
Cluster TypeStandard
Cluster Name and IPCluster01 |
Cluster Quorum DetailCloud Witness | Storage Account – <storageaccountname>
Azure Stack HCI – Registration to Azure
Azure Subscription Name and ID<Azure Subscription Name and ID>
Resource Group<Resource Group Name>
Azure Region for registrationWest Europe

The need for a hybrid solution – Azure Stack HCI

Posted on April 25th, 2022 by admin@mismo2023

Microsoft’s Azure Stack HCI is a hyper-converged infrastructure with virtualization, software-defined networking, and more. What separates it from the rest is it seamlessly integrates with Microsoft Azure. It’s never been easier to unify your on-premises infrastructure with the power of Azure.

We have listed below a few points for why you need this new & exciting hybrid solution for your business:-

Azure Hybrid by design

Extend your datacentre to the cloud and manage Azure Stack HCI hosts, virtual machines (VMs) and Azure resources side by side in the Azure portal. Make your infrastructure hybrid by seamlessly connecting it to Azure services such as Azure Monitor, Azure Backup, Azure Security Centre, Azure Site Recovery etc.

Enterprise-scale and great price-performance

Get infrastructure modernisation, consolidate virtualised workloads, and gain cloud efficiencies on-premises. Take advantage of software-defined compute, storage, and networking on a broad range of form factors and brands. With the new feature update, get powerful host protection with a Secured-core server, thin provisioning and intent-driven networking. Optimize your costs based on your needs with a flexible per-core subscription.

Familiar management and operations

Simplify your operations by using an easy-to-manage HCI solution that integrates with your environment and popular third-party solutions. Use Windows Admin Centre with a built-in deployment GUI to leverage your existing Windows Server and Hyper-V skills to build your hyper-converged infrastructure. Automate completely scriptable management tasks using the popular cross-platform Windows PowerShell framework.

Deployment flexibility

Select the deployment scenario that is best for your environment, such as an appliance-like experience, a validated node solution from one of more than 20 hardware partners or repurposed hardware. Choose optimized solutions that are available on a broad portfolio of x86 servers and hardware add-ons. Manage your solution using Azure or familiar management tools and choose from a wide selection of utility software options within the enhanced ISV partner ecosystem.

Contact us for more information!

Microsoft rebrands Windows Virtual Desktop as Azure Virtual Desktop

Posted on June 22nd, 2021 by admin@mismo2023

Microsoft’s virtual desktop infrastructure platform has been rebranded under the Azure name and notified of new security and management capabilities that are currently under preview. Formerly known as the Windows Virtual Desktop (WVD), the platform will now be known as Azure Virtual Desktop (AVD), Microsoft said in an official statement on the 6th of June 2021.

The organization has also launched early access to several features in Azure Virtual Desktop – The flexible cloud VDI platform for the hybrid workplace, to enhance its security and management system, like the new and improved Azure Active directory support.

A handful of selected users of the AVD will have vastly improved support for Azure Active Directory, which is responsible for managing security controls and user access to apps and data. Soon, users will have the ability to enrol virtual machines automatically with Microsoft Endpoint Manager, thus, not only making the deployment easier but also reducing the need for a domain controller.

Another added feature that has been seen in the preview is the ability to link the AVD virtual machines to Azure Active Directory which will essentially allow its users to connect with the virtual machine from any properly approved device.

An exciting onboarding experience in the Azure portal will begin an automated deployment of a Virtual Desktop environment. Another interesting news is that now the independent software vendors can pay a monthly per-user access price to use AVD to deliver apps for customers to stream as opposed to the previous system which included just internal employees.

It is important to highlight that since last year there has been a noticeable spike in the number of Windows Virtual Desktop users due to the ongoing pandemic. To know more about it click here.

Thanks for reading!

How Startups can succeed with Cloud Computing?

Posted on May 7th, 2021 by admin@mismo2023

Startups are an enjoyable but demanding professional experience. A host of entrepreneurially dedicated professionals pursue their passion and dive into the world of launching their own company with meteoric growth from businesses. E.g., Facebook, Uber, and Airbnb.

It is noted that in the fast-paced world of startups, there are a lot of challenges that are not faced in the regular office environment. From infrastructure to marketing, all processes of a startup must be built from scratch which becomes difficult for a new company, mainly due to a lack of investments. While the employee count can be subsequently low at the beginning with individuals being from multiple cities or even countries, the major issue arises when a proper structure is required to manage the work of each member.

With Cloud Computing above risks can be reduced.

First, let us understand what is cloud computing?

Cloud Computing is a network of computing services like servers, storage, databases, networking, software, analytics, and intelligence. You only pay for the cloud services you use which helps in reducing operational costs & runs your infra more efficiently. It follows a Pay as you go (PAYG) cost model for cloud services, which is much more beneficial than the traditional IT cost model that has a lot more upfront capital expenditures for both hardware and software requirements.

Read More:- Storage on Cloud

Read on as we discuss the reasons why adopting cloud computing systems can benefit your startup business.

Many people tend to think that life in the world of startups is very fascinating & exciting, still, it cannot be denied that it has its own set of risks and demerits. In a report presented by the Small Business Administration (SBA) Office of Advocacy’s (2018) Frequently Asked Questions (FAQ), it was stated that the number of Small and medium-sized enterprises (SMEs) that are able to sustain through the five-year mark, range from only 45.4% to 51%.

 All bodies of startups have many risks: founders, investors, customers, and partners. But by following a proper approach such risks can be avoided.

As discussed, startups face the following few problems:-

  1. Employee location. (different cities/countries/regions)
  2. Lack of funds.
  3. Stability.

Here are the major benefits of adopting cloud computing for your startup:-

  1. Data Protection: Cloud Solution Providers put forward a group of technologies & services which help in data protection. Daily backups and snapshots on secure servers will secure your data.
  2. Speed & Low Cost: Cloud Computing enhances the flexibility of your business. With just a few taps, it offers you a creative IT infrastructure at low costs. It is easy, quick, and requires minimal investment. You only pay when you use the server.
  3. Effective Collaboration: With Virtualization now being the ‘new normal’, all the employees can work more profusely without the need for large spaces. Also, decreased infrastructure costs, power usage, maintenance, upgrades, hardware, installation services, and support expenses – all of which are immeasurably valuable savings for a startup. Cloud Computing allows all the employees of a firm to access various documents, files & other data from anywhere, anytime via Internet-enabled devices.
  4. Scalability: A Cloud storage platform allows the organization to scale resources up or down in a flexible and cost-effective manner. Contrary to the conventional approach, where human intervention is necessary and costly, sophisticated software and hardware can be inserted or removed according to your convenience. The virtual existence of the cloud increases the usability and availability of service additions. The cloud’s versatility, usability, flexibility, and competitiveness to entrepreneurs are thus critical to the long term success rate of today’s marketplace.

The mobility, accessibility, affordability, and productivity that the Cloud provides is extremely beneficial for startups.

If you have any more ideas on how cloud computing can help startups, do share in the comment section. To read more blogs by Mismo Systems, click here.

Azure AD SSO & AWS – Connecting the Rivals

Posted on May 4th, 2021 by admin@mismo2023

Being part of Mismo Systems, I am fortunate enough to get to work on a diverse set of projects. Few technologies that we see deployed often are Microsoft 365 and EC2, S3 on AWS. Microsoft 365 is growing in stature in the Enterprise space when it comes to Identity and Single Sign-On. Microsoft has worked hard to make it ridiculously simple to integrate with SaaS, Public Clouds, or any other application. Microsoft 365 comes pre-packaged with a free version of Azure AD in the backend, which means you do not have to worry about setting up any major infrastructure if you want to dabble your feet into the world of enterprise SSO. Recently while working on a project I was tasked with setting up SSO between Azure AD and AWS and I thought why not share the knowledge I gathered while working on this with you by writing this blog. Now, before we go ahead and set up the Azure AD SSO for AWS, let’s first take a quick dip into the world of SSO.

Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single identity to any of several related, yet independent, software systems. It is a property of identity and access management (IAM) that enables users to securely authenticate with multiple applications and websites by logging in only once—with just one set of credentials (username and password). With SSO, the application or website that the user is trying to access relies on a trusted third party to verify that users are who they say they are.

Single sign-on provides a giant leap forward in how users sign in and use applications. Single sign-on based authentication systems are often called “modern authentication”. Modern authentication and single sign-on fall into a category of computing called Identity and Access Management (IAM). Web applications are incredibly popular. Web apps are hosted by various companies and made available as a service. Some popular examples of web apps include Microsoft 365, GitHub, and Salesforce, and there are thousands of others. People access web apps using a web browser on their computer. Single sign-on makes it possible for people to navigate between the various web apps without having to sign in multiple times.

Traditionally, companies used on-prem federation services to enable users/applications to connect without worrying about safety threats to overcome this challenge. In order to set up this mechanism companies require ADFS (Active Directory Federation Services. ADFS provided a means for managing online identities and providing single sign-on capabilities.

List of requirements to set up ADFS federation in the traditional environment are listed below:

  • ADFS server with High availability solution (Active & Passive)
  • WAP or ADFS Proxy server for external expose
  • Public CA – Certificate
  • Domain controller server

Some of the challenges with traditional federation setup are:

  • High availability & Server Maintenance – Administration
  • Billing cost for hardware, license and certificate management

A solution for the above scenario is to use Azure AD with Enterprise application SSO supported application with centralized user management setup. When you integrate Amazon Web Services (AWS) with Azure AD, you can:

  • Control in Azure AD who has access to Amazon Web Services (AWS)
  • Enable your users to be automatically signed-in to Amazon Web Services (AWS) with their Azure AD accounts
  • Manage your accounts in one central location – the Azure portal

Choosing a single sign-on method

There are several ways to configure an application for single sign-on. Choosing a single sign-on method depends on how the application is configured for authentication.

  • Cloud applications can use OpenID Connect, OAuth, SAML, password-based, linked, or disabled methods for single sign-on
  • On-premises applications can use password-based, Integrated Windows Authentication, header-based, linked, or disabled methods for single sign-on. The on-premises choices work when applications are configured for Application Proxy

This flowchart helps you decide which single sign-on method is best for your situation:

Since we are going to implement SSO between Azure AD and AWS, I will only talk about the former, i.e. Cloud application. For this blog, we look at how to set up SSO using SAML.


SAML stands for Security Assertion Markup Language. It is an XML-based open-standard for transferring identity data between two parties: an identity provider (IdP) and a service provider (SP).

  • Identity Provider — Performs authentication and passes the user’s identity and authorization level to the service provider
  • Service Provider — Trusts the identity provider and authorizes the given user to access the requested resource

In our scenario, the identity provider would be Azure AD, (which itself uses Auth0 to authenticate users). The service provider would be AWS. The employee signs into the “My Apps” dashboard with Auth0. They click on the AWS icon, and AWS recognizes that the user wants to log in via SAML. AWS sends the employee back to Auth0 with a SAML Request that asks Auth0 to authenticate the user. Since the employee has already authenticated with Auth0, Auth0 verifies the session and sends the user back to AWS with a SAML Response. AWS checks this response, and if it looks good, the employee is granted access!

Benefits of SAML Authentication

  • Improved User Experience — Users only need to sign in one time to access multiple service providers. This allows for a faster authentication process and less expectation of the user to remember multiple login credentials for every application. In the example above, that user could have clicked on any of the other icons in their dashboard and been promptly logged in without ever having to enter more credentials!
  • Increased Security — SAML provides a single point of authentication, which happens at a secure identity provider. Then, SAML transfers the identity information to the service providers. This form of authentication ensures that credentials are only sent to the IdP directly
  • Loose Coupling of Directories — SAML doesn’t require user information to be maintained and synchronized between directories
  • Reduced Costs for Service Providers — With SAML, you don’t have to maintain account information across multiple services. The identity provider bears this burden

Azure & AWS – Why use both?

There are two main reasons why an organization would want to use multiple clouds: To leverage the strengths of each cloud and to improve availability. Large organizations are selecting different services or features from different providers as part of an overall multi-cloud strategy. This allows them to optimize resources and budgets, as some environments are better suited than others for particular tasks.

In my specific scenario, the company was already using AWS. Once it was decided that they would migrate their workplace services from G Suite to Microsoft 365, we had to go ahead and implement a way for the two technologies to be connected to each other to provide users with a seamless experience. But there are other examples as well where companies willingly go ahead and use both Azure and AWS to manage their cloud infrastructure.

There are specific reasons why an organization would want to use both AWS and Azure together. A few general-use cases for multi-cloud environments include:

  • Site replication and disaster recovery
  • On-ramping and off-ramping data
  • Load balancing across different clouds
  • Cloud switching to take advantage of cost structures
  • Keeping development and production environments separate

Such scenarios warrant the use SSO as users only need to remember the credentials for one environment rather than having to remember a slew of different passwords.

Now that we have covered some basics of the SSO & SAML, lets go ahead and start setting up SSO between Azure AD and AWS. Before we start, there are a few pre-requisites that we need to know of which are as follows:

  • An Azure AD subscription
  • An AWS single sign-on (SSO) enabled subscription

Adding Amazon Web Services (AWS) from the gallery

To configure the integration of Amazon Web Services (AWS) into Azure AD, we need to add Amazon Web Services (AWS) from the gallery to our list of managed SaaS apps. The steps are as follows:

  • Sign in to the Azure portal using a work or school account
  • In the Azure portal, search for and select Azure Active Directory
  • Within the Azure Active Directory overview menu, choose Enterprise Applications > All applications
  • Select New application to add an application

In the Add from the gallery section, type Amazon Web Services (AWS) in the search box

  • Select Amazon Web Services (AWS) from results panel and then add the app. We wait a few seconds while the app is added to our tenant

Once the app is added successfully, it opens a new app blade where we can start configuring SSO.

Configure Azure AD SSO

  • In the Amazon Web Services (AWS) application integration page, select single sign-on in Manage section and click on SAML
  • In Save Single Sign On Setting prompt click on “No, I’ll save it later”
  • On the Set up single sign-on with SAML page, in the SAML Signing Certificate (Step 3) dialog box, click on Download to save a copy of the federation metadata XML as shown:

Now we move to the AWS console to upload this federation metadata XML and add Azure AD as an identity provider.

Configure Amazon Web Services (AWS) SSO

  • In a different browser window, we sign-on to our AWS company site as an administrator
  • In the AWS Management Console, type IAM in the find services field, and click IAM
  • Select Identity Providers > Create Provider
  • On the Configure Provider page, perform the following steps:
  • In Provider Type chose SAML
  • In Provider Name, type AzureAD (The name can be anything, I have added Azure AD to simplify things. You can add whatever name you like)
  • In the Metadata Document, choose the federation metadata XML file you downloaded in the step above and click on Next Steps
  • Click Create to finish the process
  • Now select Roles > Create role
  • On the Create role page, perform the following steps:
  • Under Select type of trusted entity, select SAML 2.0 federation
  • Under Choose a SAML 2.0 Provider, select the SAML provider you created previously (AzureAD or whatever name you choose in the step above)
  • Select Allow programmatic and AWS Management Console access
  • Select Next: Permissions
  • On the Attach permissions policies dialog box, attach the appropriate policy, per your requirements. I chose the AdministratorAccess role
  • On the Review dialog box, perform the following steps:
  • In Role name, enter your role name
  • In Role description, enter the description
  • Select Create role
  • Create as many roles as needed, and map them to the identity provider
  • Now, we need to create a user on AWS with the ReadRoles permissions and add it to Azure Azure AD so that we can grant our Azure AD users the roles we created in the step above. To do that, we forst need to create a ReadRoles policy in AWS IAM. In the IAM section, select Policies and click Create Policies
  • In the Visual Editor on Create Policy page, do the following:
  • In Services, choose IAM
  • In Actions, choose ListRoles
  • Click Review Policy
  • Click Create Policy
  • Now we create a new user account in the AWS IAM service. In the AWS IAM console, select Users and click on Add User
  • In the Add user section:
  • Enter the user name as AzureADRoleManager
  • For the access type, select Programmatic access. This way, the user can invoke the APIs and fetch the roles from the AWS account
  • Select Next Permissions
  • On the Set Permissions page, select the policy we created above
  • On the Review page, click Create User and download the user credentials of a user

Configure AWS Role Provisioning in Azure AD

  • In the Azure AD management portal, in the AWS app, go to Provisioning and click on Get Started
  • In the Provisioning Mode, select Automatic and enter the access key and secret in the clientsecret and Secret Token fields, respectively and click on Test Connection
  • Once the test is successful, click on Save and reload the page. Once the page has reloaded, select Edit Provisioning
  • Turn on provisioning by toggling the Provisioning Status Button to On

The provisioning service imports roles only from AWS to Azure AD. The service does not provision users and groups from Azure AD to AWS. After we save the provisioning credentials, we must wait for the initial sync cycle to run. Sync usually takes around 40 minutes to finish.

Assign the Azure AD test user

  • Within the Azure Active Directory overview menu, choose Enterprise Applications > All applications
  • In the application list, select Amazon Web Services (AWS)
  • In the app’s overview page, find the Manage section and select Users and groups and, select Add user, then select Users and groups in the Add Assignment dialog
  • In the Users and groups dialog, select the required user the Users list, then click the Select button at the bottom of the screen
  • Click on Assign
  • To assign a specific AWS role to the user, select the user and click on Edit
  • Click on Select A Role and select the appropriate role for the user. Click Assign once done

End User Experience

Once you have added the user to the App and assigned appropriate permission, the user can start accessing the AWS console without needing to perform any additional authentication. The user can log in to using their Azure AD/Microsoft 365 credentials and they will see the Amazon Web Services (AWS) app in their my apps portal.

They will be taken to the AWS console directly just by clicking on it and will granted to access to those services only for which they were assigned the roles.


As a next step, it is best practice to set up several SAML Roles inside of AWS. The SAML roles can and should be granularly defined down to the AWS account and resource level.

Here are some example roles to get started with:

  • ReadOnlyAccess Role
  • AmazonEC2FullAccess Role
  • AdministratorAccess Role

On the Azure AD side, we recommend creating groups for each of the above Roles. The assign users to the group, and they are then automatically assigned to the AWS role. Using groups makes a bit easier to manage large amounts of users.

Find out more about Mismo Systems

We love Cloud, Containers, DevOps, and Workplace as a service. If you are interested in chatting, connect with us on Twitter, or drop us an email: We hope you found this article helpful. If there is anything you would like to contribute or you have questions, please let us know!

A quick look at the 4 Most Used Services on Microsoft Azure

Posted on May 4th, 2021 by admin@mismo2023

1. Azure Compute

Azure compute is an on-demand computing service for running cloud-based applications. Azure compute service can be divided broadly into three categories.

  • Infrastructure as a service

Virtual Machine: It is an IaaS service that allows us to deploy and manage VMs inside a virtual network (VNet). The most fundamental building block is the Azure virtual machine. We don’t need to buy any physical hardware and bear its maintenance cost. Using Azure virtual machine, we are able to deploy different services such as Windows, Linux within the Azure cloud. All this gets done within a few minutes. When we implement a virtual machine, every virtual machine will have an associated OS disk and data disk (if we want).

  • Platform as a service

App Service: It is a managed PaaS offering from Microsoft Azure for hosting web apps, mobile app back ends, etc. With this, we can simply upload our code and it deploys the application for us.

  • Serverless services

Infrastructure provisioning and management are invisible to the developer, hence the name serverless.

Azure Functions: With azure functions, we can run small pieces of code (“functions”) without worrying about the application infrastructure.

Azure logic apps: Azure logic apps are similar to azure functions, just that we don’t have to write code. With this, we can schedule, automate and orchestrate tasks, etc.

2. Azure Site Recovery

Azure Site Recovery is Azure’s built-in disaster recovery as a service (DRaaS).

What it does is when primary infrastructure goes down then it directs to the secondary infrastructure until it comes back again. It helps in business continuity.

As an organization, you need to adopt a business continuity and disaster recovery (BCDR) strategy that keeps your data safe when planned and unplanned outages occur.

Simple to deploy and manage:

We can set up Azure Site Recovery simply by replicating an Azure VM to a different Azure region directly from the Azure portal. Azure Site Recovery is automatically updated with new Azure features as they’re released.

Reduce infrastructure costs:

It reduces the cost of deploying, monitoring, patching, and maintaining on-premises disaster recovery infrastructure by eliminating the need for building or maintaining a costly secondary datacenter.

Testing without disruption:

 You can easily run disaster recovery drills, without affecting ongoing replication.

RTO and RPO targets:

The recovery time objectives (RTO) and recovery point objectives (RPO) are within organizational limits. Site Recovery provides continuous replication for Azure VMs and VMware VMs, and replication frequency as low as 30 seconds for Hyper-V.

3. Azure Content Delivery Network (CDN)

Azure CDN delivers high bandwidth content to users by caching their content at strategically placed nodes across the world. It lowers the latency to a great extent and reduces the file download time.

CDN stores the cached content on edge servers in POP (Point of Presence) locations that are close to end-users.

4. Azure Cost Management

 While the cloud made it easy to deploy and manage thousands of resources, it’s also important to manage the cost. Microsoft Azure Cost Management delivers cloud business management solutions to multi-cloud enterprises so that they can grow the cloud with confidence. It helps organizations effectively manage and optimize cloud spend across Azure and other clouds.

Azure Cost Management is a SaaS offering that helps organizations to monitor, allocate, and optimize cloud spend in a multi-cloud environment (Azure, AWS and Google Cloud Platform, etc.).

  • Service on by default
  • Set budgets, track, and get alerts.
  • Maximize cloud potential.
  • Free to manage azure costs.
  • Integrated with the azure advisor.
  • Optimize cloud spending.

Have questions? Let us know in the comments section below!

Hosting with Transparency, Compliance, and Security

Posted on April 4th, 2021 by admin@mismo2023

We help customers host applications on the cloud, this includes accounting systems including Tally, ERP software including SAP, and Navision. We host workloads only with leading public cloud providers which are Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).

We ensure that the solution is compliant from the licensing standpoint of both cloud providers (e.g., Microsoft) and business systems (e.g., Tally or NAV). We ensure that the system is secure and there’s no open access by implementing VPN and implementing backups.

All these services are fully managed. We perform regular monitoring of system performance, continuously evaluating the security posture, patching systems every month, and perform regular restore drills. And all this is proactive and there have been instances where we approached customers to reduce the server config (and hence reducing the cost) because of less load than expected. That is the beauty of Pay as You Go (PAYG).

I come across a question often from my team that our solution is costlier and also while discussing with customers that we are getting it at a much cheaper price than you are offering then why we should host with you. This bothered me and I decided to find out why our cost is higher than the so-called competition. I took help from one of the potential customers and spoke to the competition. And the following is what I found was making us costlier.

  • Competition is using a remote access solution that is not compliant as per cloud or license provider licensing terms. You ask them about it, and they will have no answer. Test it out!
  • They are not providing a VPN and the system is open from anywhere. They claim to have a firewall and antivirus but keeping your accounting system open to the whole world is a clear no-no from a business owner perspective.
  • They have got into a contract with a third-party data center provider and will give you a server. Your contract is with them and not with the datacenter. There’s no direct control or visibility and shifting to another provider will be a nightmare.
  • We enable you to host with major public cloud providers and the contract is between you and the cloud provider. You are the owner of the account. With the portal of Public Cloud, you can see your server and control it and even kick us out if we underperform and onboard another service provider. Think of the visibility and control you have. If I am a business owner, I cannot let my business systems under someone else’s control.
  • We provide proactive managed services, so your systems are always running and secure with a data backup which is tested regularly.
  • They give a fixed cost per user, our model is PAYG, so you can scale up or down easily.

I hope this gives us and our customers visibility of what you get when you host with us and what you lose when you host with a low-cost provider.

Azure vs AWS

Posted on March 14th, 2021 by admin@mismo2023

It’s Azure vs AWS!! Read this blog to know the major differences between Azure & AWS.

What is Azure?

Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying and managing applications and services through Microsoft-managed data centres. Founded in 2010, it can be operated on both Linux and Microsoft. Azure is a uniquely powerful offering because of its builder, Microsoft.

Azure offers Platform as a Service (PaaS) and an Infrastructure as a Service (IaaS)

What is AWS?

AWS is a subsidiary of Amazon providing on-demand cloud computing services and APIs to individuals, companies and government on a metered pay-as-you-go basis. Founded in 2006, Aws runs on Amazon Linux, which is a modified Linux operating system developed for their own use. The vast toolset of AWS is growing at an exponential rate. It’s been in the cloud computing market for more than 10 years, which means that AWS is the frontrunner and has been for some time.

AWS offering services are categorised as Platform as a Service (PaaS), Infrastructure as a Service (IaaS), and Software as a Service (Saas).

Features and Services

1.    Computing Power

  • AWS EC2 users can configure their own virtual machines (VMs), choose pre-configured machine images (MIs), or customize MIs. Users have the freedom to choose the size, power, memory capacity, and number of VMs they wish to use. 
  • Azure users, on the other hand, chose a virtual hard disk (VHD) to create a VM. This can be pre-configured by Microsoft, the user, or a separate third party. It relies on virtual scale sets for scalability purposes. 

2. Storage

  • AWS’s storage relies on machine instances, which are virtual machines hosted on AWS infrastructure. Temporary storage is allocated once per instance and destroyed when an instance is terminated. You can also get block storage attached to an instance, similar to a hard drive. AWS’s cloud object storage solution offers high availability and automatic replication across regions.
  • Azure offers temporary storage through D drive and block storage through Page Blobs for VMs, with Block Blobs and Files doubling as object storage. It supports relational databases, Big Data, and NoSQL through Azure Table and HDInsight. There are two classes of storage offered by Azure -Hot and Cool. Cool storage is comparatively less pricey than Hot, but one has to incur additional read and write costs.

3. Databases

AWS works perfectly with NoSQL and relational databases providing a mature cloud environment for big data. AWS’ core analytics offering EMR helps set up an EC2 cluster and provides integration with various AWS services. Amazon’s relational database service (RDS) supports six popular database engines: 

  1. Amazon Aurora
  2. MariaDB
  3. Microsoft SQL
  4. MySQL
  5. Oracle
  6. PostgreSQL

Azure’s SQL database, on the other hand, is based solely on Microsoft SQL.  Azure supports both NoSQL and relational databases and as well Big Data through Azure HDInsight and Azure table. Azure provides analytical products through its exclusive Cortana Intelligence Suite that comes with Hadoop, Spark, Storm, and HBase. 

4.  Network and Content Delivery

  • AWS uses a virtual private cloud (VPC) so that users can create isolated private networks within the cloud. From there, it uses API gateways for cross-premises connectivity. To ensure smooth operation, it uses elastic load balancing during networking. A user can create route tables, private IP address ranges, subnets, and network gateways within a VPC. 
  • Instead of a VPC, Azure uses a Virtual Network (VNET) that grants users the ability to create isolated networks, as well as subnets, private IP ranges, route tables, and network gateways. 
  • Both AWS and Azure offer firewall options and solutions to extend your on-premises data centre into the cloud without compromising your data. 

5.  Pricing

  • AWS provides a pay-as-you-go model and charges per hour. AWS can help you save more with increased usage- the more you use, the less you pay. AWS instances can be purchased based on one of the following models –
  • Reserved Instances – Paying an upfront cost based on the use, one can reserve an instance for 1 to 3 years.
  • On-demand Instances -Just pay for what you use without paying any upfront cost.
  • Spot Instances- Bid for extra capacity based on availability.
  • Azure charges per minute, offering a more exact pricing model than AWS. It also offers short-term commitments allowing you to choose between monthly or pre-paid charges

For more such blogs, visit here. Subscribe to our newsletter for the latest updates on Windows Virtual Desktop & Microsoft Teams.

Tags: ,

What is Budget in Azure and how can you set the Budget?

Posted on March 4th, 2021 by admin@mismo2023

Budget in Azure to manage and monitor the spending or consumed cost for Azure services.

We can apply budget on individual Azure resource, Resource Group and on Subscription level.

We can set the budget for a specific period (Monthly, Quarterly, Annually) how spending is going on for that specific time. Cost can be managed proactively.

We can get a notification when the budget thresholds based on created exceeded value for the total amount.

How can you set a Budget?

Step 1.  Go to Cost Management + Billing> Cost Management>Budgets>Add

Step 2. Create a budget>Give Name, Rest Period, Creation Date, Expiration date.

Step 3. Give Budget Amount.

Step 4. Set Alert Conditions, give Alert recipients email id and Create.

For more such blogs, click here.