My last posts covered structuring, securing, and controlling deployment of your Azure environment. In the realm of safety and security measures, what comes next is developing a recovery and release strategy for cloud-based applications and servers.
Let’s break this down into three pieces.
First, assume re-deployability and DevOps are at every level. We talk a lot about DevOps as it relates to applications with continuous deployment and automated release management; what we don’t do is exactly that for corporate IT. We don’t follow infrastructure as code (IaC) techniques, and this leads to a position where it can’t re-deploy.
The best environment is when corporate IT’s configuration is completely re-deployable as code. Taking it a step further, it can be wiped out and we know that it’s completely re-deployable from the source code repository. In a nutshell, teach corporate IT to do the same thing developers do.
This first piece is a huge security benefit alone, not to mention a recovery benefit. If someone messes something up – and believe me, it happens more often than not, particularly when you let them have write access in the portal (touched on in mistake #7!) – you are going to have to re-deploy. However, if they don’t have write access in the portal, all the better – you can send the code through Dev, QA, Prod, and test it.
Corporate IT, being built into the release management pipeline, both ensures you have the previous versions of things as well as allows you to re-deploy the environment more effectively.
Second on recovery strategies is leveraging Azure Backup as required for all Resource Groups. The way you back up in the cloud is simply not going to be the way you back up on-premises. While this is something we intuitively get, sometimes we forget to actually configure it! While it’s great to have an on-premises backup system, we cannot solely rely on application teams.
To help them get there, make sure the backup configuration is something that is built into the way you provision. When you teach someone how to do it, you also teach them to ensure that the provisioning process includes backup and that they have a way to monitor, manage, and maintain it. This is a very important step, and you can force it with Azure Policy or building it with a script.
A third recovery strategy is to leverage cross-regional backup. There are some things you need to do on a cross-regional basis, and this is something you need to make assumptions on.