End to End Secured and Shielded Dell APEX Cloud Platform for Microsoft Azure
Thu, 15 Feb 2024 12:34:55 -0000
|Read Time: 0 minutes
On September 26, 2023, we introduced to the market the new Dell APEX Cloud Platform for Microsoft Azure. It is the first offer for Premier Solutions for Microsoft Azure Stack HCI, a new category in the Azure Stack HCI catalog reserved for key partners with the greatest levels of engagement with Microsoft and deepest integrations into familiar Microsoft management tools.
Dell APEX Cloud Platform for Microsoft Azure is a fully integrated infrastructure platform designed to optimize Microsoft Azure hybrid cloud deployments by optimizing operations, accelerating time-to-value across on-prem, edge, and Azure cloud deployments. It greatly simplifies initial deployments and on-going operations across the complete technology stack.
Security built in at every phase in the lifecycle
Security for Dell APEX Cloud Platform for Microsoft Azure is not an afterthought, but rather an integral part of the overall platform design process that leverages our Cyber Resilient Architecture and inherits Dell’s hardened server and software design to protect, detect, and recover from cyberattacks.
Full stack lifecycle management is key to maintaining a strong security posture throughout the life of your APEX Cloud Platforms, continuously and consistently applying Dell and Microsoft updates without risks to the platform and running workloads.
Dell APEX Cloud Platform for Microsoft Azure also leverages intrinsic infrastructure security management through Dell Infrastructure Lock and Secured-core server functionalities.
- Infrastructure Lock protects against unintentional or malicious changes to critical configuration settings in the BIOS or iDRAC. It also prevents any updates to BIOS, iDRAC, firmware, or drivers while enabled.
- Secured-core functionality helps proactively defend against and disrupt many of the paths attackers might use to exploit a system by establishing a hardware root-of-trust, protecting firmware, and introducing virtualization-based security.
You can learn more on these platform features in this video.
Azure Stack HCI, Microsoft Defender for Cloud, and Azure Policy security features
Dell APEX Cloud Platform for Microsoft Azure takes full advantage of the security features that come with Azure Stack HCI:
- Encryption and data protection
- Data-at-rest encryption enabled with BitLocker by default
- Self-Encrypting Drives (SED) require authentication independent of the OS
- Always-on antivirus protection
- Microsoft Defender Antivirus enabled by default on cluster nodes for real-time detection
- Automatic definition updates
- Recommended security baseline
- Over 200 security settings enabled out-of-the-box
- Disables legacy protocols and ciphers
- Closely meets CIS benchmark and DISA STIG requirements
- Reduced attack surface
- Windows Defender Application Control (WDAC) enabled by default
- WDAC enforces an explicit list of applications and code allowed to run
Microsoft Defender for Cloud and Azure Policy assess, secure, and defend Dell APEX Cloud Platform for Microsoft Azure at-scale:
- Continuously assess -- understand your current security posture, identify and track vulnerabilities.
- Secure -- harden connected resources and services by following customized and prioritized recommendations.
- Defend -- detect and resolve threats to those resources and services. With prioritized security alerts, focus on what matters most and present to the right audience.
With this approach, the entire platform stack is covered – Azure Stack HCI, VMs, AKS hybrid workload cluster, and virtualized and cloud-native applications.
You can learn more on these platform features in this video.
Security Configuration Guide
If you want to go deeper and learn about all the different elements that come into play to properly guarantee the end to end secured and shielded protection for the platform, you can read our Dell APEX Cloud Platform for Microsoft Azure Security Configuration Guide, where we provide the configuration details for:
- Product and subsystem security: authentication, authorization, network security
- Cryptography: cryptographic modules
- Certificate management
- Event monitoring, auditing, and logging
- Integrity: security updates
Conclusion
Dell APEX Cloud Platform for Microsoft Azure enhances Azure operations for edge and on-premises deployments by providing consistent management with centralized Azure tools while mitigating security and compliance risks with an intrinsic approach to security that extends Azure governance across all deployment environments.
Thanks for reading and… stay tuned for more updates in Info Hub!
Author: Ignacio Borrero, Senior Principal Engineer, HCI and Multicloud Technical Marketing
@virtualpeli
Related Blog Posts
Monitoring the Dell APEX Cloud Platform for Microsoft Azure with Azure Insights
Wed, 06 Mar 2024 15:29:18 -0000
|Read Time: 0 minutes
Some background
In September 2023, we officially released Dell APEX Cloud Platform for Microsoft Azure, the first offer in the market for Premier Solutions for Microsoft Azure Stack HCI.
Collaboratively built with Microsoft, this new platform extends and optimizes Azure Hybrid Cloud to on-premises, delivering three fundamental benefits:
- Simplifying deployment and operations
- Accelerating application modernization
- Optimizing workload placement
Figure 1. Dell APEX Cloud Platform for Microsoft Azure Architecture
The innovation at Dell Technologies never stops. We are constantly developing and improving our products, and we have just launched our first update to the platform. Briefly, this release introduces and enhances:
- New Features:
- Azure Stack HCI, version 23H2
- Single-node expansion to a 2-node cluster
- Convert 2-node switchless storage network cluster to 2-node switched storage
- ACP foundation software improvements:
- Day 0/1 Operations (Automated cluster deployment up to 16 nodes, JSON file upload, Day 1 RESTful APIs)
- Day 2 Operations (GUI for drive add/replace, GUI for node repair/replace)
- Integrations:
- Serviceability (Add ESE/RSC logs to support log bundle collection)
- Azure Update Manager
- Event Monitoring for Dell APEX Cloud Platform for Microsoft Azure
Check out those updates in greater detail in these blogs: What's New with the Dell APEX Cloud Platform for Microsoft Azure March 2024 Release and Dell Technologies First to Deliver Azure Stack HCI 23H2.
In this blog, we want to put the spotlight on one particularly significant, useful, and easy to consume new capability – Event Monitoring for Dell APEX Cloud Platform for Microsoft Azure.
Event Monitoring for Dell APEX Cloud Platform for Microsoft Azure
Dell APEX Cloud Platform for Microsoft Azure seamlessly integrates with Microsoft’s Azure Portal, providing the ability to monitor events generated on both Dell APEX Cloud Platform for Microsoft Azure hardware and the Cloud Platform Manager VM.
This new Insights for Azure Stack HCI monitor feature allows our customers to directly visualize in Azure Portal informational event data generated by the multicloud (MC) node hardware and the Cloud Platform Manager VM using an Insights integrated workbook.
With this workbook, we are empowering users to effectively manage and optimize their clusters and, in turn, receive the benefit of accelerated issue detection and time to resolution. I know, we’re excited too.
Enabling Event Monitoring for Dell APEX Cloud Platform for Microsoft Azure: Is it difficult?
Not really. Simply follow these steps:
- First, ensure you meet these mandatory prerequisites in your cluster:
- Azure Stack HCI, version 23H2 (registered and connected to Azure)
- Arc-enabled (Azure Monitor extension installed)
- Insights enabled
- Once you have completed the prerequisites, navigate to the Insights page of your cluster in Azure portal and:
Figure 2. Enabling Event Monitoring in Azure portal
- Select the Event Monitoring for Dell APEX Cloud Platform for Microsoft Azure workbook
- Click Enable selected
- Click Enable to enable the workbook
Boom. Done. That was easy, and now the workbook is enabled…what is next?
What does Event Monitoring for Dell APEX Cloud Platform for Microsoft Azure look like?
Once the page refreshes, you’ll be taken to the first of the two tabs of the workbook – the Overview tab – which provides a brief description of what this workbook is and the information it can provide to its users.
Figure 3. Event Monitoring for Dell APEX Cloud Platform Overview tab
The second tab in the workbook – the Health tab – presents a summary of the alerts or events that have occurred on the cluster, broken down into Warning, Critical, and Informational alerts.
The Health tab also provides a Nodes table with a high-level overview of each node for the selected time range, including which cluster it belongs to, the node name, health status, node state, uptime, and domain.
Figure 4. Event Monitoring for APEX Cloud Platform for Microsoft Azure Health tab
A second table – the Alerts table – shows each alert in greater detail, including its corresponding node, component and subcomponent, severity level, event code, product service tag number, reported time, a short description, and even a knowledgebase article for issue diagnosis and troubleshooting guidance.
Note that you can leverage the Search bar to filter the information based on a given search term and the Time Range drop-down menu to show the events that occurred on all the MC nodes for the cluster within a specific time range.
Conclusion
Our workbook, Event Monitoring for Dell APEX Cloud Platform for Microsoft Azure, makes real the ability to monitor events generated on both Dell APEX Cloud Platform for Microsoft Azure hardware and the Cloud Platform Manager within the Azure Portal.
This powerful integration provides a great deal of value, significantly reducing the issue detection time and time to resolution.
Thanks for reading, and stay tuned for more updates in Info Hub!
Resources
We have tons of great content to help you deep-dive into Dell APEX Cloud Platform for Microsoft Azure powered by Dell APEX Cloud Platform Foundation Software:
- What's New with the Dell APEX Cloud Platform for Microsoft Azure March 2024 Release
- Dell Technologies First to Deliver Azure Stack HCI 23H2
- YouTube playlist with educational and demo videos
- NEW YouTube playlist for March 2024 release
- Info Hub white papers, videos, and interactive demos
- APEX Cloud Platform for Azure main product page
- Microsoft’s official announcement of 23H2 general availability
- General availability of Azure Virtual Desktop
- Azure Stack HCI Security Book
- Check out What’s new for Azure edge infrastructure in 2023 for an eye opening case study of a fictional grocery store chain that uses Microsoft Azure to deploy and manage infrastructure at the edge using Azure Arc, Azure Kubernetes Service, and Azure Stack HCI. This is a highly enlightening, end-to-end view of how all the technologies within the Azure hybrid cloud ecosystem can harmoniously work together to solve a real-world business problem in the retail vertical.
And as always, please reach out to your Dell Technologies account team if you would like to have more in-depth discussions about the Dell APEX Cloud Platforms family. If you don’t currently have a Dell Technologies contact, we’re here to help on our corporate website.
Author: Ignacio Borrero, Senior Principal Engineer, Technical Marketing Dell CI & HCI
@virtualpeli
Appendix
Concept | Definition |
Dell APEX Cloud Platform for Microsoft Azure hardware | A turnkey on-premises infrastructure platform, collaboratively engineered between Dell Technologies and Microsoft to optimize Azure hybrid cloud operations. Based on multicloud (MC) nodes as the cluster(s) foundation. |
Cloud Platform Manager VM | Each cluster runs the Dell APEX Cloud Platform Foundation Software in a Cloud Platform Manager VM. This software is responsible for communicating with the underlying infrastructure and integrating automation workflows into Microsoft Windows Admin Center. |
Azure Workbook | A flexible canvas for data analysis and the creation of rich visual reports within the Azure portal. |
What's New with the Dell APEX Cloud Platform for Microsoft Azure March 2024 Release
Wed, 06 Mar 2024 18:09:44 -0000
|Read Time: 0 minutes
Dell APEX Cloud Platform for Microsoft Azure is about to reach its first six months of existence, and we’re celebrating by incorporating a plethora of enhancements across the entire platform.
First and foremost, Dell has become the first Microsoft partner to enable 23H2 for new deployments. We can ship new platforms based on Dell multicloud (MC) nodes that include a factory staging of Azure Stack HCI 23H2. Dell Services will assist customers on the initial deployment experience,
Azure Stack HCI 23H2 (2311.2 release) comes full of rich features, including:
- Simplification in infrastructure deployment as key Azure Kubernetes Service (AKS) components are created as part of the Azure Stack HCI deployment
- Enhancement in Azure Arc-enabled on-premises resources like virtualized desktops, server VMs, and Azure Kubernetes Service (AKS) hybrid workload clusters, as they are now automatically Azure-Arc enabled
- Azure Stack HCI cloud-based deployment
- Management of updates across all Azure Stack HCI clusters using Azure Update Manager
- New capabilities and improvements to the core Azure Stack HCI stack – hypervisor, storage, security, and virtual machines
Check out these features in greater depth in this blog, Dell Technologies First to Deliver Azure Stack HCI 23H2.
But there is much more to this March release than 23H2, ranging from new cluster node expansion options to improvements in Dell APEX Cloud Platform foundation software for Day 0, Day 1, and Day 2 operations to serviceability and platform monitoring enhancements.
Cluster expansion
Today, all cluster expansion operations are led by Dell Support and Services. Starting with this APEX Cloud Platform for Microsoft Azure March release, there are two new operations supported:
- Upgrading a single node deployment to a 2-node cluster
Through a Dell Services-led engagement, it is possible to expand a single node deployment to a 2-node switched or switchless cluster.
Figure 1. Single node to 2-node cluster Azure Stack HCI expansion
- Converting a 2-node switchless storage network cluster to a 2-node switched storage network cluster
Dell Services converts from a switchless storage network topology to a switched one. From there – 2-node switched – we can grow our Azure Stack HCI deployment up to 16 nodes.
Figure 2. 2-node switchless to 2-node switched cluster conversion
Dell APEX Cloud Platform Foundation software improvements
Numerous improvements in the platform will affect distinct solutions’ areas. As of today, platform deployment operations are done through a white glove experience led by Dell Services teams, but we are investing in a more API-driven approach moving forward:
- Day 0 – Day 1 Operations
- To make initial deployment even simpler, we can now use a JSON file that stores the configuration options for our environment, avoiding the need to go step-by-step through the deployment wizard.
- A RESTful API has been made available to automate provisioning operations.
- The automated initial deployment was limited to 6 nodes. From this APEX Cloud Platform Foundation Software v1.01 and forward, this process can include up to 16 nodes.
- iDRAC Service Module (iSM) is installed as part of the initial deployment after the first cluster node boots. Its lifecycle management is handled by Dell APEX Cloud Platform Foundation software.
- Day 2 Operations
- Wizard driven process for node repair/replace
- This is a Dell services-led procedure, that – depending on the issue – may require re-imaging the node or preparing a new server.
- In a nutshell, when the issue requires the Operating System to be reinstalled, we need to go through the node repair operation.
- Wizard driven process for node repair/replace
Figure 3. GUI driven process for node repair/replace
- Wizard driven process to add/replace disks in a node
- These operations can be customer-led.
- Validation checks are run to ensure optimal operation completion.
- Verification checks are run post disk insertion. When these finalize successfully, the process can be considered completed.
Figure 4. Add disk to a Dell APEX Cloud Platform for Microsoft Azure node shows successful completion
- There is a similar wizard when the case is disk replacement instead of disk addition. The output of the replacement process will look like the following:
Figure 5. Replace disk/s to a Dell APEX Cloud Platform for Microsoft Azure node shows successful completion
- Serviceability improvements
- Embedded Service Enabler (ESE) and Remote Secure Credential (RSC) logs have been added to the log bundle collection mechanism. These logs can be very useful when remote access to the cluster is denied and we want to diagnose the connection issue.
Figure 6. Checking the content of a Dell APEX Cloud Platform for Microsoft Azure to verify both ESE and RSC logs are included in the bundle
- Microsoft Azure portal integrations
- Event Monitoring for Dell APEX Cloud Platform for Microsoft Azure will deliver a customized Azure workbook which will allow you to monitor faults and events that happen on the Dell APEX Cloud Platform for Microsoft Azure hardware and the Cloud Platform Manager via the Microsoft’s Azure Portal itself.
Figure 7. Dell's customized Azure workbook, integrated with Insights in Azure Portal, to monitor real time faults and events generated within Dell APEX Cloud Platform for Microsoft Azure
Check the Resources section in this blog for useful links to more information on Dell APEX Cloud Platform for Microsoft Azure and specifics to this new release.
We will continue working on enhancing the platform features, so stay tuned for more new and exciting capabilities soon.
Resources
- Blog: Dell Technologies First to Deliver Azure Stack HCI 23H2
- Blog: Monitoring the Dell APEX Cloud Platform for Microsoft Azure with Azure Insights
- Info Hub blogs with further details about the new enhancements in our latest release
- Info Hub white papers, videos, and interactive demos
- YouTube playlist with educational and demo videos
- NEW YouTube playlist for March 2024 release
- Main product page with spec sheets, solution briefs, infographics, and other great collateral
- Dell Support site with administrator guides
- Microsoft’s official announcement of 23H2 general availability
- General availability of Azure Virtual Desktop
- Azure Stack HCI Security Book
- Check out What’s new for Azure edge infrastructure in 2023 for an eye opening case study of a fictional grocery store chain that uses Microsoft Azure to deploy and manage infrastructure at the edge using Azure Arc, Azure Kubernetes Service, and Azure Stack HCI. This is a highly enlightening, end-to-end view of how all the technologies within the Azure hybrid cloud ecosystem can harmoniously work together to solve a real-world business problem in the retail vertical.
And as always, please reach out to your Dell Technologies account team if you would like to have more in-depth discussions about the Dell APEX Cloud Platforms family. If you don’t currently have a Dell Technologies contact, we’re here to help on our corporate website.
Author: Inigo Olcoz - Senior Principal Engineer Technologist Dell HCI Technical Marketing
X: @VirtualOlcoz