book

Multi-Cloud Architecture and Governance

Name: Multi-Cloud Architecture and Governance
Author: Jeroen Mulder
ISBN: 9781800203198

by Jeroen Mulder

December 2020

Intermediate to advanced

412 pages

9h 58m

English

Packt Publishing

Read now

Unlock full access

Multi-Cloud Architecture and Governance
Why subscribe?ContributorsAbout the authorAbout the reviewersPackt is searching for authors like you
Preface
Who this book is forWhat this book coversTo get the most out of this bookDownload the color imagesConventions usedGet in touchReviews
Section 1 – Introduction to Architecture and Governance for Multi-Cloud Environments
Chapter 1: Introduction to Multi-Cloud
Understanding multi-cloud conceptsMulti-cloud – more than just public and privateMulti-cloud as a true mixed zoneSetting out a real strategy for multi-cloudWhat would be the best solution for my business requirements? Introducing the main players in the fieldPublic cloudsPrivate cloudsSummaryQuestionsFurther reading
Chapter 2: Business Acceleration Using a Multi-Cloud Strategy
Analyzing the enterprise strategy for the cloudIndustry positionEnterprise core competenceLong-term planningFinancial structureFitting cloud technology to business requirementsBusiness planningFinancial planningTechnical planningIT4ITKeeping track of cloud developments – focusing on the business strategyFoundation architectureCost of delayBenefit of opportunityCreating a comprehensive business roadmapMapping the business roadmap to the cloud-fit strategyThe Twelve-Factor AppSummaryQuestionsFurther reading
Chapter 3: Getting Connected – Designing Connectivity
Connectivity is king – connectivity concepts in multi-cloudVPNUnderstanding concepts of direct connectivityManaged dedicated connectivity through telecom companies or brokersDesigning a network topology for multi-cloud – thinking aheadPrerequisites for creating a network designUnderstanding network protocols in multi-cloudSummaryQuestions
Chapter 4: Service Designs for Multi-Cloud
Introducing the scaffold for multi-cloud environmentsIdentity and access management (IAM)SecurityCost managementMonitoringAutomationCloud adoption stagesStage 1 – defining a business strategy and business caseStage 2 – creating your teamStage 3 – defining the architectureStage 4 – engaging with cloud providers; getting financial controls in placeStage 5 – building and configuring the landing zone Stage 6 – assessmentStage 7 – migrating and transformingTranslating business KPIs into cloud SLAsUsing cloud adoption frameworks to align between cloud providersUnderstanding identities and roles in the cloudCreating the service design and governance modelRequirementsRAIDService decompositionRoles and responsibilitiesProcessesCostsSecuritySummaryQuestionsFurther reading
Chapter 5: Managing the Enterprise Cloud Architecture
Defining architecture principles for multi-cloudBusiness principlesSecurity and complianceData principlesApplication principlesInfrastructure and technology principlesPrinciples for usabilityPrinciples for processesTransition and transformationCreating the architecture artifactsCreating a business visionEnterprise architecturePrinciples catalogRequirements catalogHigh-level designLow-level designWorking under architecture for multi-cloud and avoiding pitfallsStage 1 – security architectureStage 2 – architecture for scalabilityStage 3 – architecture for availabilityStage 4 – architecture for operabilityStage 5 – architecture for integrationPitfalls in architectureChange management and validation as the cornerstoneValidating the architectureSummaryQuestionsFurther reading
Section 2 – Getting the Basics Right with BaseOps
Chapter 6: Designing, Implementing, and Managing the Landing Zone
Understanding BaseOps and the foundational concepts Defining and implementing the base infrastructure – the landing zoneDefining standards and policies for the base infrastructureManaging the base infrastructure Defining and managing infrastructure automation tools and processes (Infrastructure as Code and Configuration as Code)Defining and implementing monitoring and management toolsSupporting operationsCreating a multi-cloud landing zone and blueprintConfiguring the landing zone on AzureCreating a landing zone in AWSCreating the landing zone in GCPManaging the landing zone using policiesManaging basic operations in AWSManaging basic operations in AzureManaging basic operations in GCPOrchestrating policies for multi-cloudGlobal admin galore – the need for demarcationSummaryQuestionsFurther reading

Chapter 7: Designing Resilience and Performance
Starting with business requirementsUnderstanding data risksUnderstanding application risksUnderstanding technological risks Exploring solutions for resiliency in different cloud propositions Working with AWS backup and disaster recoveryCreating backup plans in GCPOptimizing your multi-cloud environmentUsing Trusted Advisor for optimization in AWS Optimizing environments using Azure AdvisorOptimizing GCP with Cloud Trace and Cloud DebuggerPerformance KPIs in a public cloud – what's in it for you?SummaryQuestionsFurther reading
Chapter 8: Defining Automation Tools and Processes
Cross-cloud infrastructure automationAutomation processes using a code repository and workflowsExploring automation toolsAzure AutomationAWS OpsWorksAutomation in Google Cloud PlatformExploring other automation toolsArchitecting automation for multi-cloudSummaryQuestionsFurther reading
Chapter 9: Defining and Using Monitoring and Management Tools
Defining monitoring and management processesCloud healthCloud performance GovernanceSecurityCloud usage (analytics)Exploring monitoring and management toolsAzure Monitor and LighthouseAWS CloudWatch and Control TowerGoogle Cloud Platform's Cloud Monitoring and Operations SuiteVMware's TanzuOther end-to-end monitoring toolsConsolidating and interpreting data from monitoring systemsDiscovering the single-pane-of-glass viewSummaryQuestionsFurther reading
Section 3 – Cost Control in Multi-Cloud with FinOps
Chapter 10: Managing Licenses
Types of license agreementsSoftware licenses in cloud platformsManaging licenses and contractsUsing third-party brokers for licensesSetting up an account hierarchySummaryQuestionsFurther reading
Chapter 11: Defining Principles for Resource Provisioning and Consumption
Avoiding Amex Armageddon with unlimited budgetsThe provisioning and consumption of resources in public cloud platformsDeploying resources in Azure using ARMDeploying resources in AWS using OpsWorksDeploying resources in GCP using Deployment ManagerBenefits of cloud provisioningThe provisioning and consumption of resources in on-premises propositionsSetting guidelines and principles for provisioning and consumptionUsing the Azure pricing calculatorUsing the AWS calculatorUsing the GCP instance pricingDesign example for resource planningControlling resource consumption using cost alertsSummaryQuestionsFurther reading
Chapter 12: Defining Naming Conventions and Tagging
Creating a naming conventionNaming convention standards in AzureNaming convention standards in AWSNaming convention standards in GCPCreating a tagging conventionDefining tags in AzureDefining tags in AWSDefining tags in GCPImplementing naming and taggingManaging naming and tagging conventionsSummaryQuestionsFurther reading
Chapter 13: Validating and Managing Bills
Exploring billing options and using cost dashboards Using cost management and billing in AzureUsing AWS Cost Management for billingUsing billing options in GCPValidating invoicesCentralizing billing in multi-cloudSummaryQuestionsFurther reading
Section 4 – Security Control in Multi-Cloud with SecOps
Chapter 14: Defining Security Policies
Understanding security policiesUnderstanding security frameworksDefining the baseline for security policiesImplementing security policiesImplementing security policies in Azure Security CenterImplementing security policies in AWS Security HubImplementing security policies in GCP Security Command CenterManaging security policiesSummaryQuestionsFurther reading
Chapter 15: Implementing Identity and Access Management
Understanding identity and access managementUsing a central identity store with Active DirectoryDesigning access management across multi-cloudExploring Privileged Access Management (PAM)PAM on cloud platformsEnabling account federation in multi-cloudSummaryQuestionsFurther reading
Chapter 16: Defining Security Policies for Data
Storing data in multi-cloud conceptsExploring storage technologiesUnderstanding data protection in the cloudUnderstanding data encryptionSecuring access, encryption, and storage keysUsing encryption and keys in AzureUsing encryption and keys in AWSUsing encryption and keys in GCPSecuring raw data for big data modeling SummaryQuestionsFurther reading
Chapter 17: Implementing and Integrating Security Monitoring
Understanding SIEM and SOARDifferentiating SIEM and SOARThe role of SOCSetting up the requirements for integrated securityImplementing the security modelExploring multi-cloud monitoring suitesExploring SIEM solutions from Splunk, LogRythm, and Rapid7Implementing SecOps with VMware and ServiceNowIntroducing cloud-native SIEM with Azure SentinelSummaryQuestionsFurther reading
Section 5 – Structured Development on Multi-Cloud Environments with DevOps
Chapter 18: Designing and Implementing CI/CD Pipelines
Understanding CI/CD and pipelinesGetting started with CI/CDWorking under version controlUsing push and pull principles in CI/CDPushing the code directly to the master Pushing code to forks of the masterBest practices while working with CI/CDDesigning the multi-cloud pipelineExploring tooling for CI/CDWorking with Azure DevOpsWorking with AWS CodePipelineWorking with Google Cloud Build SummaryQuestionsFurther reading
Chapter 19: Introducing AIOps in Multi-Cloud
Understanding the concept of AIOpsOptimizing cloud environments using AIOpsExploring AIOps tools for multi-cloudSummaryQuestionsFurther reading
Chapter 20: Introducing Site Reliability Engineering in Multi-Cloud
Understanding the concept of SREWorking with risk analysis in SREApplying monitoring principles in SREApplying principles of SRE to multi-cloud – building and operating distributed systemsSummaryQuestionsFurther reading
Assessments
Chapter 1Chapter 2Chapter 3Chapter 4Chapter 5Chapter 6Chapter 7Chapter 8Chapter 9Chapter 10Chapter 11Chapter 12Chapter 13Chapter 14Chapter 15Chapter 16Chapter 17Chapter 18Chapter 19Chapter 20
Other Books You May Enjoy
Leave a review - let other readers know what you think

Content preview from Multi-Cloud Architecture and Governance

Chapter 15: Implementing Identity and Access Management

In Chapter 4, Service Design for Multi-Cloud, we discussed governance in multi-cloud. In that chapter, we learned that everything and everyone has an identity in the cloud. It is the core principle of identity and access management in cloud. In this chapter, we will learn how we can manage identities and control their behavior by granting them specific roles that allow them to perform only those activities that are related to the primary job of an administrator. We will see that Role-Based Access Control (RBAC) is very important to keep our cloud environments secure. We will learn about authenticating and authorizing identities, how to deal with least privileged accounts, what eligible ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Software Architecture Patterns for Serverless Systems

Publisher Resources

ISBN: 9781800203198

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Multi-Cloud Architecture and Governance

by Jeroen Mulder

Chapter 15: Implementing Identity and Access Management

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.