Vantage Technologies
Azure Managed Services
Vantage Health Technologies create solutions to the world’s most complex health challenges. They provide decision support, operational tools and step-by-step workflows to empower healthcare workers across the spectrum to achieve predictable, cost-effective and improved health outcomes – at scale.
Vantage Technologies solutions have been proven across geographies, clients and health challenges. They regularly collaborate with BroadReach Health Development to help them implement impactful digital transformation within their programs.
Vantage Technologies use their AI-enabled platform, Vantage, built on the Microsoft suite of applications. This is the Future of Work for Healthcare.
The Problem
The Cloud Adoption Framework and Well Architected Framework is always top of mind when designing and implementing new technology this ensures a stable, secure Azure environment whilst also ensuring the correct level of performance across all services for the money being spent. Enhance security, such as implementing Privileged Identity Management (PIM) and Defender for Servers Plan 1. Ongoing running costs is always a concern in an evolving environment. Cost management such as Reserved Instances for Virtual Machines and SQL Databases, Elastic Pools for Azure SQL Databases contributes managing costs effectively.
- Cost optimisation.
- Security (proactive and reactive).
- Automate Maintenance (Windows Updates).
The Challenges
Maintaining, improving security and keeping within budgets within an ever-evolving Azure environment.
The Solution
Maintaining, improving security and keeping within budgets within an ever-evolving Azure environment.
Cost Management
- Reserved instances for Azure Virtual Machines and Azure SQL Databases.
- Reserved Instances for Azure Cosmos DB.
- Stop and Start Automation Workbooks for non-production workloads mainly for Azure Analysis Services (AAS).
- Azure Stop and Start V2 Logic apps to stop and start non-production and production workloads during off-peak hours.
- Remove unused or orphaned resources and then optimize the discovery of unused resources, by levering a customised workbook that allows the customer to easily detect orphaned (unused) resources.
Security
- Assess and remove unused Azure AD Identities.
- Implement Privileged Identity Management (PIM) for:
– Azure Entra ID,
– Multiple subscriptions and
– Configure elevated Access Approval and Reporting. - Azure Defender for Cloud:
– Azure Defender for Servers Plan 1
– Defender for Containers
– Defender for Key Vaults
– Defender for Resource Manager - Automation of Windows and Linux Patch management:
– Azure Automation Accounts was used to Automate the update cycles of the Windows and Linux virtual machines. Azure Automation Accounts was later replaced with Azure Update Management to streamline and automate the way critical security updates are delivered.
Business Continuity Planning and Disaster Recovery
- The overall backup strategy has been aligned using Azure Backup and enabling features such as Cross Region restore in the event of a disaster.
- Security has been tightened on the Recovery Vaults by enabling functionality such as “Always on Soft delete” and Resource Guard with Multiuser Authorization.
- Business Continuity Planning and Disaster Recovery drills are performed on a yearly basis.
Results
Monthly OpEx costs are stable, despite having more features and services enabled in Azure. Costs are reported on weekly and appropriate action taken when unforeseen costs changes are detected. The Azure environment has improved security and is stable since the introduction of automated maintenance and scheduled downtime.
Lessons Learned
When working with new technology deployments for new solutions, planning is very important especially when changes need to be made to existing production environments. The ideal approach is to test these new technology deployments and solutions in the development and test environments and then mitigate issues before deploying to the production environment. Enhancing security is a journey. It is not always possible to enable all the security features all at once due to potential downtime, operational impact and cost.
Next Steps
It is a continuous journey of supporting and maintaining the current environment. Security and cost management is also a continues and evolving activity. One of the big next steps is to enhance the Business Continuity Planning and Disaster Recovery strategy with technologies such as Azure Site Recovery and SQL Geo replication.
The Team
Riaan Strydom: Delivery Lead – Azure Infrastructure
Christo Greeff: Delivery Lead – App Modernisation Azure
Dean Sardinus: Delivery Lead – Azure Infrastructure
Keith Williams: Azure Engineer
Bijon Brits: MSP Technical Lead