Secured environments in Azure
Our client recently completed a FastTrack engagement with Microsoft, designed to establish a customer environment template in Azure to support the client’s contracted service offering. Our client intended to duplicate the environment 59 times, establishing one environment for each of their 60 customers.
Upon completion of the template, the client determined that the firewall offerings inside Azure Firewall did not sufficiently meet their security requirements.
The challenge was to provide them with a security architecture that would support all the environments at a sustainable cost and still meet their requirements.
“We appreciate your service on this SOW! I think we are nearing the completion of the additional work on our side to move forward. We certainly would not be at this point without your team’s help. Thank you!”
- VP of Technical Service
Beyond Impact’s global security and network teams jumped into action. We met with the client to validate the requirements and perform discovery on their environment. Our findings concluded that six of the requirements were consistent across every environment, but one requirement was variable depending on the customer.
The solution selected required two components: 1) Application Gateway Web Application Firewall (WAF); 2) Network Virtual Appliance Firewall. WAF is a standard component within Azure and merely required enablement and configuration. The NVA solution required the implementation of an NVA pair in high availability mode, scrutinizing the inbound and outbound traffic to the segregated environments.
Four NVA options were assessed. Upon analysis, two were ruled out as they were unable to address all the hard requirements. The third was ruled out due to its inability to provide high availability. Fortinet was chosen as the NVA, as it met all requirements. Beyond Impact provided the architecture, diagrams, documentation, configuration change direction, and specifications of the NVA relative to model and licensing.
Beyond Impact team members mentored the client’s network team through the implementation process.
Within a week, the solution had been implemented and traffic was traversing the secured environment. During testing, some minor complications were encountered and addressed. Beyond Impact rolled off the project leaving the client with solid documentation and a solution that met their needs along with flexibility to meet future obligations. Our client now has a workable Azure security architecture that will enable them to migrate their client instances to Azure in a consistent and secure fashion.