Recently Azure announced this service called ‘Azure Lighthouse’. It allows managed service providers and customers to manage the tenant access and the delegation from a single point of interface in the Azure Portal itself. With some marketing garnish, I would like to call it as Cloud Native Managed Service Model. Let me take you through the fundamentals of Azure Lighthouse.
Introduction Sometime back when it was in the preview, I posted an article on Azure Managed Service Identity (MSI) and how we can use it, to eliminate storing credentials in the code, whilst avoiding the bootstrap problem. Read the link for more details. This post is about Managed Identity, in short, Managed Identity is the new … Continue reading Deep Dive into Azure Managed Identities – Behind the scenes
Cloud is the new normal; almost, all the enterprises have been going through or at least planning their cloud adoption. Gone are the days, enterprise IT deals with big chunks of metal. Though the cloud adoption is at its peak, I rarely see democratized cloud adoption in enterprises. Cloud is often used as a centralized IT … Continue reading Democratizing Enterprise Cloud in Azure
Cloud has the proven promise of great opportunities for organizations & ISVs. Modern cloud platforms have low entry barriers and huge array service offerings beyond traditional enterprise application requirements. Cloud and the services provide intact environment to SaaS application providers with cutting edge innovation, agility and computational and storage scale for the global reach.
We keep the credentials and other secrets of the application in the source files. These secrets are visible to developers and being pushed to the source control. In order to avoid this, we can keep the secrets in centralized key management systems - but the credentials of the centralized key management system should be kept in the source files, resulting that at least one credential being placed in the source files.
Let's see how to overcome this using Azure Managed Service Identity
General Data Protection Regulation (GDPR) the law imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents. The GDPR applies no matter where you are located. I have been reading the key … Continue reading Understanding GDPR and personal data
Azure B2C is a large membership database which also provides the features of tokens, sessions and membership/authentication experience (sign-up, sign-in, forget password and etc). But there are some scenarios which are little tricky based on how the entire solution is handled. Let me explain such a use case and describe different ways to handle that … Continue reading Azure B2C with custom attributes with predetermined values
Being part of a software services company, customers often ask the question how to restrict access to Azure resources. It is understandable that any organization wouldn’t prefer to give all the rights of the organizational Azure subscription to a person. In the classic Azure model the only way to give access to Azure portal is, … Continue reading Controlling access to your Azure resources using RBAC