Project 1 Comprehensive Cloud Plan

Name:

Date: 11/14/2023

Cyber Domain Consultants

Executive summary
As a cloud administrator at Cyber Domain Consultants, a firm specializing in Microsoft Azure cloud
adoption support, I've been tasked with assisting our client, a federal government agency, with its
upcoming Azure cloud pilot. I am required to collaborate with them on a $100,000 Azure cloud
migration project that they want to implement to improve their agency's IT structures. The agency
employs 1,000 people and operates several regional offices across the country. The federal agency is in
charge of a small data center that has no more room for expansion in its server room. The federal
agency's ultimate goal is to eliminate the need for additional hardware by being able to set up and tear
down a system as quickly as possible. This comprehensive cloud plan explains the various aspects that
will be considered prior to the federal agency's adoption of cloud services. This report explains some of
the major benefits of using Azure, as well as different Azure cloud types and deployment models, as well
as some key Azure terms. The significance of FedRAMP and the Azure governance model are also
discussed.

List three benefits of using Azure

The CIO of the federal government agency wants to use the cloud as a platform for its IT needs. The
organization has several offices and 1,000 employees across the country. It has run out of space in its
data center and does not want to buy more hardware. It needs a cloud-based solution that can host its
applications and services without any additional equipment. The agency wants to have the flexibility and
convenience of creating and deleting systems quickly and easily. It also does not want to deal with
server maintenance, updates, or patches. The federal agency needs to modernize its IT infrastructure,
which is old and inefficient. The agency wants to use a cloud-based solution that can handle its growing
and changing needs. Azure services are a good choice for the agency, as they offer flexible and
affordable options for moving to the cloud. The agency will also have access to reliable and secure
systems and services of Azure. Azure web services are a set of cloud-based services that enable us to
create and deploy web applications quickly and easily Here are three key benefits of Azure for the
federal government, among many others:

1. Development and deployment: Azure web services make it easy for Azure developers to create web
applications fast, with features like built-in devops, continuous integration with Visual Studio Online and
GitHub, staging and production support, and automatic updates. We can also integrate your web
applications with on-premises or other cloud systems (Knerl, 2020).

Cyber Domain Consultants

2. Scalability and performance: Azure web services let us customize your web applications to our needs
and only pay for what we use. We can also take advantage of Azure’s global network of data centers to
deliver fast and reliable service to your customers. Azure web services also work with various languages,
frameworks, and platforms for web development, such as .NET, Java, Node.js, PHP, Python, Ruby,
WordPress, Umbraco, Joomla!, and Drupal (Pedamkar, 2019).

3. Security and compliance: Azure web services offer extensive and layered security measures, such as
encryption, firewalls, identity and access management, and threat detection and prevention. Azure also
meets more compliance requirements than any other cloud provider, adhering to various industry and
regional standards, such as ISO, HIPAA, GDPR, and FedRAMP. Azure is also much more cost-effective
than AWS for Windows Server and SQL Server workloads, saving up to 80% of the cost (Kumar, 2023).

Explain Azure cloud types and deployment models

Azure is a cloud computing platform that offers various types of cloud services and deployment models.

Cloud types: There are three main types of cloud computing, depending on the level of control and
responsibility over the resources and services.

1. Infrastructure-as-a-service (IaaS): This is the most basic kind of cloud computing, where the user can
rent IT resources such as servers, storage, networks, and operating systems from a cloud provider and
pay only for what they use. The user has full control and responsibility for configuring and managing the
resources, while the provider ensures the maintenance and security of the physical infrastructure.

2. Platform-as-a-service (PaaS): This kind of cloud computing gives the user a variety of tools and
services to build and host web or mobile applications without worrying about the infrastructure behind
them. The user can focus on the application logic and design, while the provider takes care of the
servers, storage, networks, databases, and other components.

3. Software-as-a-service (SaaS): This is the most common kind of cloud computing, where the user can
access software applications over the internet that are hosted and managed by the provider. The user
does not need to install or maintain the software, and can use it on any device with an internet
connection. The provider handles the updates, security, and scalability of the applications (Types of
Cloud Computing - Definition | Microsoft Azure, n.d.).

Cyber Domain Consultants

Figure 1: Type of Cloud service models (Source: https://dachou.github.io/assets/20180928-cloud-service-
models-20100115.png)

Deployment models: There are three main deployment models for cloud computing, depending on the
location and ownership of the resources and services.

1. Public cloud: This is the most common deployment model, where the user can access cloud resources
and services that are shared by multiple users and hosted by a third-party provider over the internet.
The user does not need to invest in or maintain any hardware or software, and can benefit from the
economies of scale and high availability of the provider. The user only pays for the resources and
services they use, and can scale up or down as needed.

2. Private cloud: This is a deployment model where the user can access cloud resources and services
that are used exclusively by one organization and hosted either on-premises or by a third-party provider.
The user has more control and security over the resources and services, and can customize them to
meet their specific needs and requirements. The user is responsible for the cost and maintenance of the
hardware and software, and may have limited scalability and availability (Public Cloud vs Private Cloud
vs Hybrid Cloud | Microsoft Azure, n.d.).

3.Hybrid cloud: This is a deployment model that combines the public and private clouds, allowing the
user to move data and applications between the two environments. The user can leverage the best of
both worlds, such as using the public cloud for high-demand or less-sensitive workloads, and using the
private cloud for low-latency or highly-sensitive workloads. The user can also benefit from the flexibility

Cyber Domain Consultants

and innovation of the public cloud, while meeting the regulatory and data sovereignty requirements of
the private cloud (Azure Cloud Deployment Models, 2021).

Figure 2: Cloud Deployment models (Source: https://kinsta.com/wp-content/uploads/2020/04/cloud-

deployment-models-1-1.png)

Define Azure terms

 Tenant
A tenant is a way of connecting an identity, such as a person, company, or organization, with an Azure
Active Directory (Azure AD) service. A tenant can include many subscriptions, which are the payment
units for Azure resources. A tenant uses the same Azure AD service for all its subscriptions, which means
you can have the same users, groups, and policies for all the subscriptions in the tenant. A tenant can
also go by the name of a directory, an instance, or an organization (timwarner-msft, 2023b)

 Management group
A management group is a container that stores subscriptions or other management groups and allows
you to apply governance conditions, such as policies and access controls, to everything inside it. A
management group can help you manage access, policy, and compliance for multiple subscriptions at
the same time. A management group has a parent-child relationship with other management groups
and subscriptions, creating a hierarchy that can have up to six levels of depth. A management group can
only store subscriptions that trust the same Azure AD tenant (timwarner-msft, 2023b).

Cyber Domain Consultants

  Subscription
A subscription is a way of arranging your resources. Each Azure resource is part of only one subscription.
You have to create a subscription to begin using Azure. A subscription has a payment relationship with
an Azure account, which is the email address that you provide when you join Azure. You can use the
same Azure account for multiple subscriptions, but each subscription can have only one Azure account.
You can also choose management settings, such as policies and role-based access control, for the
subscription level (martinekuan, 2023).

 Resource group
A resource group is a way of grouping similar resources in a subscription. Each resource can be in only
one resource group. Resource groups let you arrange resources more precisely within a subscription.
They’re usually used to represent a collection of assets that are required to support a workload,
application, or specific function within a subscription. You can also choose management settings, such as
policies and role-based access control, for the resource group level (martinekuan, 2023).

 Resources
A resource is something that Azure controls. Examples include Azure Virtual Machines, virtual networks,
and storage accounts. Each resource has a unique name and an ID that Azure uses to recognize it. You
can also choose management settings, such as policies and role-based access control, for the resource
level (martinekuan, 2023).

Figure 3: Relationship between management levels (Source:

https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-setup-guide/media/
organize-resources/scope-levels.png)

Cyber Domain Consultants

Explain the significance of FedRAMP

FedRAMP is a program that allows the federal government to use cloud services in a secure and efficient
manner. It stands for Federal Risk and Authorization Management Program. It provides a uniform way of
assessing and authorizing cloud service providers (CSPs) that want to work with federal agencies. It also
obliges CSPs to monitor and report on their security performance and incidents frequently. FedRAMP’s
objectives are to reduce the cost and time of security compliance, enhance the oversight and
transparency of cloud security, and encourage the innovation and competitiveness of the cloud market
(FedRAMP, 2023).

FedRAMP certification is a process that ensures that a cloud service provider (CSP) adheres to the
security requirements and standards of the federal government. It is vital for CSPs that want to offer
their cloud solutions to federal agencies, as well as for agencies that want to use cloud services to store,
process, or transmit federal information. FedRAMP certification provides several benefits, such as:

 It verifies that CSPs have put in place the necessary security controls and safeguards to protect
federal data and systems from cyber threats and risks.
 By allowing agencies to reuse the security packages of authorized CSPs, it reduces the
duplication and cost of security assessments and authorizations.
 It raises the visibility and accountability of cloud security by requiring CSPs to regularly report on
their security performance and incidents.
 It promotes cloud market innovation and competitiveness by allowing CSPs to reach multiple
federal customers with a single certification (What Is a Fedramp Certification?, 2022).

Propose an Azure governance model

The Azure governance model is a framework that helps you manage and control your Azure resources
and services in a consistent and compliant way. Azure governance is necessary so that you can establish
the rules and policies required to ensure that any environment you create adheres to the agency's rules
and guidelines. The agency has a lot of difficult-to-follow policies, so it's crucial to follow the
recommended governance guide from Microsoft to do things correctly. It is also important to consider
that, because costs can quickly escalate, governance will aid in the proper allocation of resources for

Cyber Domain Consultants

testing and production environments. Identity management, access management groups, security
controls, network services, and blueprints are some of the key components of the Azure governance
model. Azure governance is a way of managing and controlling your Azure resources at scale and
according to your organization’s policies and standards.

Identity management refers to the process of ensuring and granting access to users, groups, and
applications that require Azure resources. Azure Active Directory (Azure AD) is the service that allows
you to securely sign in and use Azure. You can use Azure AD to manage who users are, what roles and
permissions they have, force them to use more than one method of authentication, and collaborate
with other identity providers (Microsoft, n.d.). Access management groups are containers that help you
organize and apply rules and policies to your subscriptions. You can use management groups to create a
subscription hierarchy that corresponds to your organizational structure and business needs.
Management groups can also be used to assign role-based access control (RBAC) and Azure Policy
definitions to multiple subscriptions at the same time. Security controls are methods for protecting your
Azure resources from threats and risks. Azure Security Center, Azure Sentinel, Azure Firewall, and Azure
Key Vault are some of the security services and features available to help you use security controls.
These services allow you to monitor and respond to security incidents, create network security rules,
encrypt and manage your secrets, and much more (timwarner-msft, 2023a).

Network services enable you to connect your Azure resources and applications to one another and to
the internet. Azure provides a number of network services to help you plan and deploy your network
design, including Azure Virtual Network, Azure Load Balancer, Azure VPN Gateway, and Azure
ExpressRoute. These services can be used to create isolated and secure virtual networks, distribute
traffic among your resources, and establish secure connections with your on-premises network, among
other things. Blueprints are templates that aid in the automation of the creation and configuration of
Azure resources. Azure Blueprints is a service that lets you design, manage, and deploy blueprints that
define your resource types, locations, names, tags, RBAC assignments, and policy assignments. You can
use blueprints to ensure consistency and compliance across your Azure environment (tvuylsteke, 2023).

Cyber Domain Consultants

References
Azure Cloud Deployment Models. (2021, September 21). Vegibit. https://vegibit.com/azure-

cloud-deployment-models/

FedRAMP. (2023, July 20). Wikipedia.com; Wikipedia. https://en.wikipedia.org/wiki/FedRAMP

Knerl, L. (2020, April 2). Top 5 Benefits of Microsoft Azure. Hp.com; HP.

https://www.hp.com/us-en/shop/tech-takes/top-5-benefits-microsoft-azure

Kumar, B. (2023, September 23). 7 Key Benefits Of Microsoft Azure + Azure For Business -

Azure Lessons. Azurelessons.com. https://azurelessons.com/benefits-of-microsoft-azure/

martinekuan. (2023, October 9). Azure fundamental concepts - cloud adoption framework.

Learn.microsoft.com. https://learn.microsoft.com/en-us/azure/cloud-adoption-

framework/ready/considerations/fundamental-concepts

Microsoft. (n.d.). What is identity access management (IAM)? | microsoft security.

Www.microsoft.com.

https://www.microsoft.com/en-us/security/business/security-101/what-is-identity-access-

management-iam

Pedamkar, P. (2019, October 26). Advantages of azure | top 16 advantages of azure in detail.

EDUCBA. https://www.educba.com/advantages-of-azure/

Public Cloud vs Private Cloud vs Hybrid Cloud | Microsoft Azure. (n.d.). Azure.microsoft.com.

https://azure.microsoft.com/en-us/resources/cloud-computing-dictionary/what-are-

private-public-hybrid-clouds/

timwarner-msft. (2023a, February 28). Azure governance design area guidance - cloud adoption

framework. Learn.microsoft.com; Microsoft.

Cyber Domain Consultants

 https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/

design-area/governance

timwarner-msft. (2023b, April 21). Organize your resources with management groups - azure

governance - azure governance. Learn.microsoft.com. https://learn.microsoft.com/en-

us/azure/governance/management-groups/overview

tvuylsteke. (2023, April 3). Governance, security, and compliance in azure - cloud adoption

framework. Learn.microsoft.com. https://learn.microsoft.com/en-us/azure/cloud-

adoption-framework/ready/azure-setup-guide/govern-org-compliance?

tabs=AzureBlueprints

Types of cloud computing - definition | microsoft azure. (n.d.). Azure.microsoft.com; Microsoft.

https://azure.microsoft.com/en-us/resources/cloud-computing-dictionary/types-of-cloud-

computing/

What is a fedramp certification? (2022, June 22). Reciprocity.com; Reciprocity.

https://reciprocity.com/resources/what-is-fedramp-certification/

Cyber Domain Consultants