CISA Releases Twenty Industrial Control Systems Advisories

CISA Releases Twenty Industrial Control Systems Advisories

by | Nov 10, 2022 | Security, Technology

This article is contributed. See the original author and article here.

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

SSL

Secure .gov websites use HTTPS

A lock (lock icon) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite

by | Nov 10, 2022 | Security, Technology

This article is contributed. See the original author and article here.

CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022. The advisory has been updated to include an additional Malware Analysis Report containing new indicators of compromise.

CISA encourages organizations to review the latest update to AA22-228A and apply the recommended mitigations.

CISA Releases Twenty Industrial Control Systems Advisories

Microsoft Releases November 2022 Security Updates

by | Nov 9, 2022 | Security, Technology

This article is contributed. See the original author and article here.

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

SSL

Secure .gov websites use HTTPS

A lock (lock icon) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Azure Marketplace new offers – November 9, 2022

Azure Marketplace new offers – November 9, 2022

by | Nov 9, 2022 | Technology

This article is contributed. See the original author and article here.

We continue to expand the Azure Marketplace ecosystem. For this volume, 125 new offers successfully met the onboarding criteria and went live. See details of the new offers below:


 




















































































































































































































































































































































































































































































Get it now in our marketplace
AskforCloud logo.png .NET on CentOS Stream 8: This offer from AskforCloud provides .NET on CentOS Stream 8. .NET is an open-source developer platform created by Microsoft. With .NET, you can use multiple languages, editors, and libraries to build for the web, for mobile devices, for IoT, or for other uses. You can write .NET apps in C#, F#, or Visual Basic.
AskforCloud logo.png

.NET on Debian 10: This offer from AskforCloud provides .NET on Debian 10. .NET is an open-source developer platform created by Microsoft. With .NET, you can use multiple languages, editors, and libraries to build for the web, for mobile devices, for IoT, or for other uses. You can write .NET apps in C#, F#, or Visual Basic.
AskforCloud logo.png .NET on Debian 11: This offer from AskforCloud provides .NET on Debian 11. .NET is an open-source developer platform created by Microsoft. With .NET, you can use multiple languages, editors, and libraries to build for the web, for mobile devices, for IoT, or for other uses. You can write .NET apps in C#, F#, or Visual Basic.
AskforCloud logo.png

.NET on openSUSE 15: This offer from AskforCloud provides .NET on openSUSE 15. .NET is an open-source developer platform created by Microsoft. With .NET, you can use multiple languages, editors, and libraries to build for the web, for mobile devices, for IoT, or for other uses. You can write .NET apps in C#, F#, or Visual Basic.
AskforCloud logo.png

.NET on Red Hat Enterprise Linux 7: This offer from AskforCloud provides .NET on Red Hat Enterprise Linux 7. .NET is an open-source developer platform created by Microsoft. With .NET, you can use multiple languages, editors, and libraries to build for the web, for mobile devices, for IoT, or for other uses. You can write .NET apps in C#, F#, or Visual Basic.
AskforCloud logo.png

.NET on Red Hat Enterprise Linux 9: This offer from AskforCloud provides .NET on Red Hat Enterprise Linux 9. .NET is an open-source developer platform created by Microsoft. With .NET, you can use multiple languages, editors, and libraries to build for the web, for mobile devices, for IoT, or for other uses. You can write .NET apps in C#, F#, or Visual Basic.
AskforCloud logo.png

.NET on SUSE Enterprise Linux 12: This offer from AskforCloud provides .NET on SUSE Enterprise Linux 12. .NET is an open-source developer platform created by Microsoft. With .NET, you can use multiple languages, editors, and libraries to build for the web, for mobile devices, for IoT, or for other uses. You can write .NET apps in C#, F#, or Visual Basic.
AskforCloud logo.png

.NET on SUSE Enterprise Linux 15: This offer from AskforCloud provides .NET on SUSE Enterprise Linux 15. .NET is an open-source developer platform created by Microsoft. With .NET, you can use multiple languages, editors, and libraries to build for the web, for mobile devices, for IoT, or for other uses. You can write .NET apps in C#, F#, or Visual Basic.
AskforCloud logo.png

.NET on Ubuntu Server 18.04 LTS: This offer from AskforCloud provides .NET on Ubuntu Server 18.04 LTS. .NET is an open-source developer platform created by Microsoft. With .NET, you can use multiple languages, editors, and libraries to build for the web, for mobile devices, for IoT, or for other uses. You can write .NET apps in C#, F#, or Visual Basic.
AskforCloud logo.png

.NET on Ubuntu Server 20.04 LTS: This offer from AskforCloud provides .NET on Ubuntu Server 20.04 LTS. .NET is an open-source developer platform created by Microsoft. With .NET, you can use multiple languages, editors, and libraries to build for the web, for mobile devices, for IoT, or for other uses. You can write .NET apps in C#, F#, or Visual Basic.
AskforCloud logo.png

.NET on Ubuntu Server 22.04 LTS: This offer from AskforCloud provides .NET on Ubuntu Server 22.04 LTS. .NET is an open-source developer platform created by Microsoft. With .NET, you can use multiple languages, editors, and libraries to build for the web, for mobile devices, for IoT, or for other uses. You can write .NET apps in C#, F#, or Visual Basic.
AskforCloud logo.png

.NET on Windows Server 2012 R2: This offer from AskforCloud provides .NET on Windows Server 2012 R2. .NET is an open-source developer platform created by Microsoft. With .NET, you can use multiple languages, editors, and libraries to build for the web, for mobile devices, for IoT, or for other uses. You can write .NET apps in C#, F#, or Visual Basic.
AskforCloud logo.png

.NET on Windows Server 2016: This offer from AskforCloud provides .NET on Windows Server 2016. .NET is an open-source developer platform created by Microsoft. With .NET, you can use multiple languages, editors, and libraries to build for the web, for mobile devices, for IoT, or for other uses. You can write .NET apps in C#, F#, or Visual Basic.
AskforCloud logo.png

.NET on Windows Server 2022: This offer from AskforCloud provides .NET on Windows Server 2022. .NET is an open-source developer platform created by Microsoft. With .NET, you can use multiple languages, editors, and libraries to build for the web, for mobile devices, for IoT, or for other uses. You can write .NET apps in C#, F#, or Visual Basic.
AskforCloud logo.png

.NET SDK on Debian 10: This offer from AskforCloud provides a .NET software development kit (SDK) on Debian 10. The kit includes everything you need to build and run .NET applications. .NET is an open-source developer platform created by Microsoft.
AskforCloud logo.png

.NET SDK on Debian 11: This offer from AskforCloud provides a .NET software development kit (SDK) on Debian 11. The kit includes everything you need to build and run .NET applications. .NET is an open-source developer platform created by Microsoft.
AskforCloud logo.png

.NET SDK on openSUSE 15: This offer from AskforCloud provides a .NET software development kit (SDK) on openSUSE 15. The kit includes everything you need to build and run .NET applications. .NET is an open-source developer platform created by Microsoft.
AI Signature Recognition.png

AI Signature Recognition: AI Signature Recognition from Cogniware uses algorithms and computer vision to verify the authenticity of signatures. Easily verify thousands of paper-based customer signatures. A demo version and a full version are available. The full version include automatic processing of photos and an implementation in your environment.
AllegroGraph 7.3.0.png

AllegroGraph 7.3.0: AllegroGraph is a multi-modal graph and document database that supplies foundational structure for scalable enterprise knowledge graphs. Thanks to its database security, AllegroGraph is fit for HIPAA access controls, privacy rules for banks, and security models for policing, intelligence, and government.
AskforCloud logo.png

Azure CLI on Red Hat Enterprise Linux 9: This offer from AskforCloud provides the Azure Command-Line Interface (CLI) on Red Hat Enterprise Linux 9. The cross-platform tool allows you to connect to Azure and execute administrative commands through a terminal using interactive command-line prompts or a script.
AskforCloud logo.png

Azure CLI on Windows Server 2012 R2: This offer from AskforCloud provides the Azure Command-Line Interface (CLI) on Windows Server 2012 R2. The cross-platform tool allows you to connect to Azure and execute administrative commands through a terminal using interactive command-line prompts or a script.
AskforCloud logo.png

Azure CLI on Windows Server 2016: This offer from AskforCloud provides the Azure Command-Line Interface (CLI) on Windows Server 2016. The cross-platform tool allows you to connect to Azure and execute administrative commands through a terminal using interactive command-line prompts or a script.
AskforCloud logo.png

Azure CLI on Windows Server 2019: This offer from AskforCloud provides the Azure Command-Line Interface (CLI) on Windows Server 2019. The cross-platform tool allows you to connect to Azure and execute administrative commands through a terminal using interactive command-line prompts or a script.
AskforCloud logo.png

Azure CLI on Windows Server 2022: This offer from AskforCloud provides the Azure Command-Line Interface (CLI) on Windows Server 2022. The cross-platform tool allows you to connect to Azure and execute administrative commands through a terminal using interactive command-line prompts or a script.
Azure Virtual Desktop on Ubuntu 22.04 for Developers.png

Azure Virtual Desktop on Ubuntu 22.04 for Developers: This offer from Ntegral provides Ubuntu 22.04 on a Microsoft Azure virtual machine. The desktop image comes preconfigured with Visual Studio Code, Git, and LibreOffice, an open-source office suite that’s compatible with Microsoft Office.
AskforCloud logo.png

Cassandra on Debian 10: This offer from AskforCloud provides Apache Cassandra on Debian 10. Cassandra is an open-source NoSQL distributed database trusted by thousands of companies for scalability and high availability. Cassandra enables developers to scale their databases dynamically, using off-the-shelf hardware, with no downtime.
AskforCloud logo.png

Cassandra on Debian 11: This offer from AskforCloud provides Apache Cassandra on Debian 11. Cassandra is an open-source NoSQL distributed database trusted by thousands of companies for scalability and high availability. Cassandra enables developers to scale their databases dynamically, using off-the-shelf hardware, with no downtime.
Confidencial.png

Confidencial Encryption Technology: Confidencial’s selective encryption technology allows you to embed protected content within your Office documents and Microsoft Teams messages that’s viewable only by the individuals or groups you designate. Thus, you could create a document that contains portions visible only to HR, with other portions visible only to your legal department.
Ctelo logo.png

Ctelo Office Connect for Microsoft Teams: Ctelo Office Connect is an add-on to Ctelo Business Phone that connects offices based in countries with strict telecom regulations. This makes it possible to deploy a global telephony solution based on Microsoft Teams.
Ctelo logo.png

Ctelo Voice Channel for Microsoft Dynamics: Ctelo Voice Channel for Dynamics 365 Customer Service enables representatives to resolve customer service issues via phone. Part of the Ctelo Business Phone offering, Ctelo Voice Channel makes it possible to use the existing company telecom contract and phone numbers in both Microsoft Teams and Microsoft Dynamics.
Ntegral logo.png

Docker on AlmaLinux 8: This offer from AskforCloud provides Docker Community Engine on AlmaLinux 8. Docker is a platform that enables developers and system administrators to build, run, and share applications with containers.
Ntegral logo.png

Docker on AlmaLinux 9: This offer from AskforCloud provides Docker Community Engine on AlmaLinux 9. Docker is a platform that enables developers and system administrators to build, run, and share applications with containers.
Ntegral logo.png

Docker on Oracle Linux 8: This offer from AskforCloud provides Docker Community Engine on Oracle Linux 8. Docker is a platform that enables developers and system administrators to build, run, and share applications with containers.
Ntegral logo.png

Docker on Rocky Linux 8: This offer from AskforCloud provides Docker Community Engine on Rocky Linux 8. Docker is a platform that enables developers and system administrators to build, run, and share applications with containers.
Ntegral logo.png

Docker on Ubuntu 22.04: This offer from AskforCloud provides Docker Community Engine on Ubuntu 22.04. Docker is a platform that enables developers and system administrators to build, run, and share applications with containers.
env0 Pro.png

env0 Pro: DevOps engineers, infrastructure-as-code developers, and site reliability engineers can use env0 to automate Terraform and Terragrunt Git flows, simplify the governance of cloud deployments, and manage the provisioning of teams, users, and environments.
Ntegral logo.png

Fedora 36 Desktop: This offer from Ntegral provides Fedora 36 on a Microsoft Azure virtual machine. The desktop image comes preconfigured with Visual Studio Code, Git, and LibreOffice, an open-source office suite that’s compatible with Microsoft Office.
Foxit eSign.png

Foxit eSign: Foxit eSign, an electronic signature tool, lets you quickly and easily prepare, send, sign, and track legally binding documents and agreements. Foxit eSign also can automate workflows. When you add Foxit eSign to Microsoft 365 and SharePoint, you can maximize document completion within your standard workflows.
Data Science Dojo logo.png

Locust, Packaged by Data Science Dojo: This offer from Data Science Dojo provides Locust on Ubuntu 20.04. Locust is an open-source load-testing framework for web apps. It’s based on Python and is used for quality assurance processes. Through Locust, web testers can determine the potential of a website to withstand a number of concurrent users.
MetaSpark.png

MetaSpark: Useful for project management, IT support, customer relationship management, or onboarding, MetaSpark consolidates tasks in one unified workspace. As teams deliver on their work, they can be recognized and rewarded based on company goals.
Oracle 8.5 Minimal.png

Oracle 8.5 Minimal: This offer from Art Group provides an image of Oracle 8.5 built with a minimal profile. It contains just enough packages to run Oracle 8.5 within Microsoft Azure, bring up an SSH Server, and allow users to log in. Integrated cloud tools and technologies simplify infrastructure deployment.
PULSE.png

PULSE: Delivery deadlines are getting tighter for all storytellers, whether you’re a studio or a production company. By using PULSE, production teams and vendors will benefit from automation tools, a central storage location, and a collaborative workspace. Pull, transcode, and deliver production content to all your creative teams without data wrangling or manual file transfers.
Ntegral logo.png

Red Hat Enterprise Linux 8.6 Desktop: This offer from Ntegral provides Red Hat Enterprise Linux 8.6 on a Microsoft Azure virtual machine. The desktop image comes preconfigured with an RDP-based remote desktop environment and LibreOffice, an open-source office suite that’s compatible with Microsoft Office.
Ntegral logo.png

Rocky Linux 9 Desktop “Blue Onyx”: This offer from Ntegral provides Rocky Linux 9 on a Microsoft Azure virtual machine. The desktop image comes preconfigured with an RDP-based remote desktop environment and LibreOffice, an open-source office suite that’s compatible with Microsoft Office.
Siemens NX.png

Siemens NX: Siemens NX on Microsoft Azure lets you run your CAD tools on the cloud. NX is built on a flexible and extensible architecture, and it supports working from home, from the office, or a remote location with secure and uninterrupted access.
AskforCloud logo.png

Spark on Debian 10: This offer from AskforCloud provides Apache Spark on Debian 10. Apache Spark is an open-source analytics engine for executing data engineering, data science, and machine learning on single-node machines or clusters. It supplies high-level APIs in Java, Scala, Python, and R, along with an optimized engine that supports general execution graphs.
AskforCloud logo.png

Spark on Debian 11: This offer from AskforCloud provides Apache Spark on Debian 11. Apache Spark is an open-source analytics engine for executing data engineering, data science, and machine learning on single-node machines or clusters. It supplies high-level APIs in Java, Scala, Python, and R, along with an optimized engine that supports general execution graphs.
AskforCloud logo.png

Spark on Ubuntu Server 18.04 LTS: This offer from AskforCloud provides Apache Spark on Ubuntu Server 18.04 LTS. Apache Spark is an open-source analytics engine for executing data engineering, data science, and machine learning on single-node machines or clusters. It supplies high-level APIs in Java, Scala, Python, and R, along with an optimized engine that supports general execution graphs.
AskforCloud logo.png

Spark on Ubuntu Server 22.04 LTS: This offer from AskforCloud provides Apache Spark on Ubuntu Server 22.04 LTS. Apache Spark is an open-source analytics engine for executing data engineering, data science, and machine learning on single-node machines or clusters. It supplies high-level APIs in Java, Scala, Python, and R, along with an optimized engine that supports general execution graphs.
VenueArc - Event Management.png

VenueArc – Event Management: VenueArc streamlines event and venue management operations to help performing arts professionals increase accessibility, collaboration, productivity, and profitability. It features CRM integration, a contract generator, single sign-on through Azure Active Directory, and a pay-as-you-go model.

Go further with workshops, proofs of concept, and implementations
Airport Analytics.png Airport Analytics: 6-Week Proof of Concept: In this proof of concept, Glorious Insight will deliver its airport analytics platform on Microsoft Azure and assist in user adoption to drive successful outcomes. The platform will provide accurate collection of key performance indicators.
App of the Future Greenfield.png

App of the Future Greenfield Envisioning & Design: 5-Day Workshop: InCycle’s App of the Future offer provides a Microsoft-funded engagement to quickly envision, prototype, and design an app on Azure. InCycle will conduct a design workshop to uncover your top business objectives, then create a rapid Azure prototype and reference architecture design.
Azure Arc Deployment.png

Azure Arc Deployment: 1-Day Workshop: In this workshop, Chrisons will demonstrate how to manage, secure, develop, and operate infrastructure, apps, and Azure services. Participants will learn how to centrally manage a wide range of resources, including Windows and Linux servers, SQL Server, Kubernetes clusters, Azure Arc, and other Azure services.
Azure Database Migration.png

Azure Database Migration: 1-Week Implementation: Start your journey to Microsoft Azure with PetaBytz’s migration service. PetaBytz’s team of experts will move your database assets to Azure so you can meet key business demands, such as scale, uptime, security, automation, and data insight innovation.
Azure DevOps, GitHub workshops.jpg

Azure DevOps, GitHub, and DevSecOps Workshops: Achieve a DecSecOps culture in your organization with Azure DevOps and GitHub. Over the course of a few workshops, DevTools will help your team adopt Azure DevOps and GitHub to achieve CI/CD features and application security in a DevSecOps workflow.
Azure Optimization Workshop.png

Azure Optimization: 2-Hour Workshop: This workshop from Cloud Direct will tell you why and how to align your Azure environment to the Microsoft Azure Well-Architected Framework. You’ll be able review your Azure environment for opportunities to reduce spending, increase security, and boost technical performance.
Azure Site Recovery implementation.png

Azure Site Recovery Implementation: SVA will set up Azure Site Recovery to keep your applications operational during planned or unexpected outages. Azure Site Recovery provides you with replication, failover, and recovery processes. This offer is available only in German.
Azure Stack HCI workshop (2-day).png

Azure Stack HCI: 2-Day Workshop: Chrisons will show you how Azure Stack HCI works and how to implement relevant solutions, such as enabling servers or centralized cloud management. Azure Stack HCI is built to accommodate everything from a small, two-node deployment to a 16-node deployment spread across offices and datacenters around the world.
Azure Stack HCI workshop (Greeneris).png

Azure Stack HCI: 3-Hour Workshop: This workshop from Greeneris will introduce you to Azure Stack HCI and the benefits it can bring to your organization. Azure Stack HCI is a hyperconverged infrastructure cluster solution that hosts virtualized Windows and Linux workloads and their storage in a hybrid environment that combines on-premises infrastructure with cloud services.
Azure Synapse and Power BI implementation.png

Azure Synapse and Power BI: 6-Week Pilot Implementation: KiZAN will deploy a pilot implementation of a modern data platform, provide opportunities to work with Microsoft Power BI and Azure Synapse in your production environment, and develop a plan to assist with a full production deployment of Power BI and Azure Synapse.
Azure Virtual Desktop (TOSYS).png

Azure Virtual Desktop Implementation and Support: TOSYS will set up Azure Virtual Desktop so your company can try it out in small-scale or large-scale production use. Azure Virtual Desktop can be used for telework, regardless of whether the device is a PC or a smartphone. This service is available only in Japanese.
CFO Cockpit.png

CFO Cockpit Package for Financial Analysis: Using Microsoft Power BI, Polestar will create a dashboard that will give you a bird’s-eye view into your company’s financial performance. Analysis typically covers a profit and loss statement, a balance sheet, accounts receivable, accounts payable, and inventory.
Churn Prediction.png

Churn Prediction Software Implementation: Using Azure Machine Learning, Polestar can help you identify employees with a greater likelihood of leaving your company. Being aware of the underlying parameters that could be responsible for attrition will give you the flexibility and time to act accordingly.
CI-CD pipeline implementation.png

CI/CD Pipeline Implementation (5 Weeks): In this implementation, Linnovate will create a continuous integration/continuous delivery (CI/CD) pipeline for a single containerized application in an existing Kubernetes environment using Azure DevOps.
Course to implement Microsoft Sentinel.png

Course to Implement Microsoft Sentinel: This course from Nebulan, available in Spanish, will give you practical experience in implementing Microsoft Sentinel. Participants will learn about threat detection, incident management, automation, and workbooks.
Custom Application Development.png

Custom Application Development with Azure: Zure’s team will assist your company with application development using Microsoft Azure Platform as a Service technologies, which feature modern architecture choices and DevOps practices. Zure offers concept design services, application development, application support, and everything in between.
Implementation of Azure services.png

Implementation of Azure Services: SEIDOR will implement Microsoft Azure services to help your business be more profitable and competitive. You’ll receive business continuity and optimization of systems and applications, investigation of cyber threats, and secure desktop and application delivery from any device and any location.
IoT apps.png

IoT Apps Using PaaS: 2-Month Proof of Concept: Internet Initiative Japan Inc. will support customers’ IoT environment development with Azure Platform as a Service, licensing provisions, network functions, and selection of IoT devices. This service is available only in Japanese.
LTI Sustainable.png

LTI Sustainable Smart Spaces: 12-Week Implementation: LTI will implement its connected-building solution, which includes sensors and uses numerous Azure services, so your organization can optimize building performance and align to environmental and sustainability goals.
Modern Secure Datacenter.png

Modern Secure Datacenter: 10-Day Implementation: Abtis specializes in managed security services for medium-sized companies. In this engagement, Abtis will provide cloud security management, cloud workload protection, and network security through various Azure services. This offer is available only in German.
PetaMigrate.png

PetaMigrate: 3-Day Workshop: Learn about PetaBytz’s cloud adoption framework in this workshop, which will include an assessment of your organization’s IT landscape and guidance for a migration to Microsoft Azure. PetaBytz can enable you to adopt Azure services with minimal downtime.
Power Move to Azure.png

Power Move to Azure with Skytap: Using Skytap, Kyndryl will migrate your IBM AIX Power workloads to Microsoft Azure. Kyndryl provides production-ready preintegrated offerings that cover all transformation needs: strategy, development, migration, modernization, and management.
Predictive Order Management.png

Predictive Order Management System: 8-Week Implementation: Having a lean, efficient supply chain is vital for manufacturing, distribution, or retail businesses. In this engagement, Datamind will implement an AI-based predictive order management system to improve your supply chain efficiency and deliver daily order recommendations.
Privileged Identity Management.png

Privileged Identity Management Jump-Start: Steeves and Associates will discuss the Privileged Identity Management service of Azure Active Directory, determine your company’s business and technical objectives, deliver a workshop to plot out an implementation​, and conduct an IT operations training.
Sales Forecasting Kit.png

Sales Forecasting Implementation: Using Microsoft Power BI dashboards and data engineering with Python and Azure Data Factory, Polestar will forecast your sales over a specified period of time. This implementation is appropriate for retail stores, consumer packaged goods companies, or insurance agents.
Secure App and Internet Gateway.png

Secure App and Internet Gateway: 6-Week Implementation: LAB3 will deploy a secure internet gateway in your tenant to provide round-the-clock visibility and threat management that meets the protection standards of the Infosec Registered Assessors Program (IRAP). IRAP is governed and administered by the Australian Cyber Security Centre.
Shield One.png

Shield One Managed Security Service (1 Year): Get a bird’s-eye view of your cybersecurity with the security information and event management capabilities of Microsoft Sentinel. Signal Alliance can connect your Microsoft 365 suite and all other security tools to its Shield One managed service. This will provide continual monitoring and incident response for your enterprise platforms.
Well-Architected.png

Well-Architected: Public Cloud Security Posture Workshop: Elisa’s experts will introduce the security posture management and workload protection capabilities of Microsoft Defender for Cloud. You’ll later get an assessment of your public cloud security, followed by recommendations. Continuous posture monitoring by Elisa is available as an option.

Contact our partners
9A Connected Factory & Insights

App Modernization Assessment

Aquila Clouds FinOps

Aruba EdgeConnect Enterprise in Azure Virtual WAN

Automate Information Extraction from Images/Videos Using AI

Azure and Microsoft 365 License Consultancy: 4-Day Assessment

Azure Arc Hybrid Managed Services

Azure Assessment from Ascend

Azure Boards: 1-Hour Briefing

Azure DevOps: 1-Week Assessment

Azure Virtual Desktop: 3-Day Assessment

CB Blockchain Seal for SharePoint

Cerberus – Domain Analysis: 3-Month Assessment

Cerberus Strategic Assessment

Cloud Migration Readiness: 2-Week Assessment

Cloud Readiness Briefing

Cortex EIP Version 1.2.311

Custom Software Development: 2-Day Assessment

Cymmetri Platform

Data Modernization Discovery: 3-Day Assessment

DeepSense

delphai for M&A

delphai for Sales

EasyGov: Delivering Convenience & Transforming Governance

Ecosystem Intelligence

Enow’s Monitoring and Reporting for Microsoft 365

Exodus EMM Migration to Microsoft Intune

Eyeglass: Disaster Recovery Automation

Feelix: AI-Based Chronic Disease Management System

FlowFit

Fusion Analytics v16.5

Kontent.ai

Lizard Uni Bot

Managed Service and Shared SBC for Microsoft Teams

Move to Azure: 1-Week Assessment

NebulaGraph Enterprise

Noibit’s Managed Service for Microsoft Sentinel

Pavement Express

Power Finance: 1-Week Assessment

Predictive Safety Fatigue Management System

Sirus NGSI-LD Context Broker Web App

Software & Cloud Economics Assessment

Springboard: Infrastructure-as-Code Framework for Azure

TCS Envirozone

Tetrate Istio Distribution
Unified Customer Intelligence
Verizon 5G Edge

Azure DevOps – Leveraging Pipeline Decorators for Custom Process Automation

Azure DevOps – Leveraging Pipeline Decorators for Custom Process Automation

by | Nov 8, 2022 | Technology

This article is contributed. See the original author and article here.

Introduction


 


Background


In the recent pandemic, health institutions all across the world have been pushed to their limits on about every facet. Through this, many such institutions have begun to reprioritize their modernization efforts around their cloud infrastructure to support increasing demands and hedge against uncertainty. As institutions are migrating their existing workloads into the cloud, a common challenge they are faced with is that many of their on-prem security processes and standards tend to not map one-to-one with the services they are being migrated to. With the sensitive nature of the healthcare industry, it is especially important to solution feasible routes to always ensure security and validation is in place end-to-end.


In this blog post, we will look at how Azure DevOps Pipeline Decorators can be leveraged to bridge the gap in our cloud environment with the customer’s existing security processes on their on-premises IIS server.


 


What are Pipeline Decorators?


If you have ever run across jobs executing on your azure pipelines that you have not previously defined, there is a good chance you may have already run into decorators before!


Pipeline decorators allow you to program jobs to execute before or after any pipeline runs across your entire Azure DevOps organization. For scenarios such as running a virus scan before every pipeline job, or any sort of automated steps to assist with governance of your CICD processes, pipeline decorators grants you the ability to impose your will at any scale within Azure DevOps.


Read further on decorators on Microsoft Learn: Pipeline decorators – Azure DevOps | Microsoft Learn


In this blog post, I will be walking through a sample process based on the customer scenario’s requirements, and how the pipeline decorators can fit in to assist with their governance objectives.


 


Scenario


Customer’s Azure DevOps organization has grown to a considerable size composed of numerous projects with various applications with no clearly defined process or standards they adhere to. All of these applications have been hosted on an on-premises IIS server, where the application teams are trusted to provide manual inputs to deployment variables.


Due to the lack of out-of-the-box controls for validating IIS file path permissions with Azure Active Directory identities within Azure DevOps, this was an area of concern with the customer as the deployed production applications effectively did not have any preventative measures to address malicious actors or human error overwriting existing applications.


When looking at the deployment tasks to IIS servers from Azure DevOps, the two primary variables the customer was looking to control were:



  • virtualAppName– Name of an existing an already existing virtual application on the target machines

  • websiteName– Name of an existing website on the machine group


Considering the RBAC strategy the customer has in mind with AAD, there will be a third variable to represent the ownership of the application via an AAD group.



  • groupId– AAD ID of the application owner’s group


In the next section, I will outline a high-level process proposal based on these three variables, that goes into onboarding applications.


 


 


Solutioning


 


High-Level Process Proposal for Onboarding New Applications


For this demo’s purposes, we will make the following assumptions to build out a process that illustrates how application teams can successfully onboard and assist the operations team in successfully managing the application environment within their on-prem IIS server.


 


Assumptions



  1. Ops team only require the following three parameters to help govern application deployments:

    • virtualAppName

    • groupId

    • websiteName



  2. Application teams only need flexibility while building applications within the CICD pipelines, and currently do not have much concerns or the expertise to manage deployments.

  3. Ops team wishes to also build security around these parameters such that only the authorized actors will be able to modify these values.


 


Onboarding New Applications




  1. Ops team provides a template (such as GitHub issues templates) for new application requests to the application teams, and captures the following IIS deployment-specific information:



    • virtualAppName

    • groupId

    • websiteName


    For this demo, I have created a simple GitHub issues YAML form which the operations team can leverage to capture basic information from the application teams, which can also be tied to automation to further reduce operational overhead:




1.png



  1. Ops team is then notified of the request, and upon successful validation continues to provision an Application Environment with the captured information

    1. application environment in this context involves the following components:

      1. Key Vault (per application)

      2. Service Connection to application Key Vault with read permissions over secrets

      3. Place the application team provided, ops team validated virtualAppName, groupId, websiteName values as secrets

      4. Place Service Connection details in the project variable group to allow for the decorator to dynamically retrieve secrets for each project

      5. Application registered onto the IIS server that adheres to existing IIS server file management strategies





  2. Once the environment is ready for use, notify the application teams by updating the issue template and now the application teams only need to focus on building and publishing their artifact within their CICD pipelines


 


Updating Existing Applications



  1. Ops team provides a template for change requests to the application teams, and captures the following information:

    • virtualAppName

    • groupId

    • websiteName

    • Change Justification/Description



  2. Core Ops team reviews and approves the change request

  3. Update the application environment accordingly

  4. Notify the application team

    2.png


 


Now with the high-level process defined, we will now look at how we could bring in the relevant parameters into the decorators to impose validation logic.


 


 


Building the Demo


 


Setting up our Demo Application Environment


In this example, I created a key vault named kv-demolocaldev, and placed the virtualAppName, groupId, and websiteName so we may retrieve the values later as shown below:


 


3.png


 


Now, we must create the project and subsequently create the service connection to the key vault scoped to the project.


To do this, I created an Azure Resource Manager Service Connection while using my demo identity, that is scoped to the resource group containing the key vault:


 


4.png


 


 


Once the service connection is done provisioning, you can navigate to the AAD object by following the Manage Service Principal link, which will allow you to retrieve the Application ID to be used when adding the access policy.


 


5.png


 


 


Selecting the Manage Service Principal link will take us to the AAD object, where we can find the Azure Application ID to add to our Key Vault access policy.


 


6.png


 


 


7.png


 


The service connection will only need GET secret permissions on its access policy.


 


8.png


 


Afterwards, we now capture the information about the service connection and key vault by creating a variable group on the application’s Azure DevOps project named demo-connection-details:


 


9.png


 


 


There will need to be additional steps taken to provision the IIS server as well with the parameters, but for this demo’s purpose we will assume that the provisioning steps have already been taken care of. Now with this, we can move onto building out our decorators.


 


Building the Decorators


For the pipeline side, the customer is looking to control both the pre-build with validating the input variables, and post-build in placing guardrails around deployment configurations with the validated parameters.


Both pre and post decorators will leverage the same key vault secrets, so we will start with integrating the key vault secrets into the YAML definition.


 


Pipeline decorators leverage the same YAML schema as the YAML build pipelines used within Azure DevOps. Meaning we can take advantage of conditional logic with repo branches, dynamic variables, and pull in key vault secrets with service connections.


The high-level logic we are attempting to demonstrate for the pre and post decorators are the following:


 


Pre:



  1. Check for variables/conditions to bypass decorators

  2. Using pre-established variables, connect to application’s Azure Key vault and retrieve secret values

  3. For each of the deployment variables, process custom validation logic


Post:



  1. Deploy the application/artifact to the IIS server


 


You can find the demo files within the following repo: https://github.com/JLee794-Sandbox/ADO-Decorators-PoC


Pre-build decorator


To ensure users can opt-out of the process during development, we can leverage the same YAML schema as build pipelines to construct our conditionals.



  1. Check for variables/condition to bypass decorators


 


In the pre-build decorator YAML definition (located in Build/Pre/input-parameter-decorator.yml), for pipeline builds that run off the main branch, that also checks for a simple variable flag named testDecorator to be true for the decorator to execute.


 


steps:

– ${{ if and(eq(variables[‘Build.SourceBranchName’], ‘main’), contains(variables[‘testDecorator’],’true’) ) }}:

 


Following right after, I retrieve websiteName, groupId, and virtualAppName with the connection details we have placed within the demo-connection-details, which will be passed in by the build pipeline.


 


– task: AzureKeyVault@2

  displayName: ‘[PRE BUILD DECORATOR] Accessing Decorator Params from the key vault – $(decorator_keyvault_name), using $(decorator_keyvault_connection_name) connection.’

  inputs:

    azureSubscription: $(decorator_keyvault_connection_name)         # Service Connection Name (scoped to RG)

    KeyVaultName: $(decorator_keyvault_name)   # Key Vault Name

    SecretsFilter: ‘websiteName,groupId,virtualAppName’   # Secret names to retrieve from Key Vault

    RunAsPreJob: true

 


Now that the secrets have been pulled in, we can now run our custom validation logic for each. For the purpose of this demo, we will just check that each variable exists and throw an error through a simple PowerShell script.


 


– task: PowerShell@2

    name: ValidateDeploymentVariables

    displayName: ‘[PRE BUILD DECORATOR] Validate Deployment Variables (Injected via Decorator)’

    inputs:

      targetType: ‘inline’

      script: |

        $errorArr = @()


        try {

          Write-Host “VirtualAppName: $(virtualAppName)”

          # your input test cases go here

          # e.g querying the remote-machine to match the virtualAppName

        }

        catch {

          errorArr += ‘virtualAppName’

          Write-Host “##vso[task.logissue type=error]Input parameter ‘virtualAppName’ failed validation tests.”

        }


        try {

          Write-Host “GroupID: $(groupId)”

          # your input test cases go here

          # e.g querying the remote-machine to match the groupId against the local file permissions

        }

        catch {

          Write-Host “##vso[task.logissue type=error]Input parameter ‘groupId’ failed validation tests.”

          errorArr += ‘GroupID’

        }


        try {

          Write-Host “WebSiteName: $(webSiteName)”

          # your input test cases go here

          # e.g querying the web-site URL to see if site already exists, etc.

        }

        catch {

          Write-Host “##vso[task.logissue type=error]Input parameter ‘webSiteName’ failed validation tests.”

          errorArr += ‘GroupID’

        }


        if ($errorArr.count -gt 0) {

          # Link to your teams documentation for further explanation

          Write-Warning -Message “Please provide valid parameters for the following variables: $($errorArr.join(‘, ‘))”

          Write-Warning -Message “See <https://docs.microsoft.com/en-us/azure/devops/pipelines/process/variables?view=azure-devops&tabs=yaml%2Cbatch> for additional details”

          throw “Please provide valid values for $($errorArr.join(‘, ‘)).”

        }

 


And we are done with the pre-build decorator! Of course, while developing it is important to iteratively test your code. If you would like to publish your code now, skip to the (Publish your extension) section below.


 


Post-build decorator


For our post-build decorator, all we want to do is determine when the decorator should run, and simply invoke a deployment task such as the IISWebAppDeploymentOnMachineGroup task.


 


Of course, there are many more validation steps and tools you can place here to further control your deployment process, but for the sake of this demo we will just be outputting some placeholder messages:


 


steps:

– task: PowerShell@2

  name: DeployToIIS

  displayName: Deploy to IIS (Injected via Decorator)

  condition: |

    and

    (

      eq(variables[‘Build.SourceBranch’], ‘refs/heads/main’),

      eq(variables.testDecorator, ‘true’)

    )

  inputs:

    targetType: ‘inline’

    script: |

      # Validation steps to check if IIS

      # Validation steps to check if iOS or Android

      # > execute deployment accordingly


      Write-Host @”

        Your IIS Web Deploy Task can look like this:


        – task: IISWebAppDeploymentOnMachineGroup@

          inputs:

            webSiteName: $(webSiteName)

            virtualApplication: $(virtualAppName)

            package: ‘$(System.DefaultWorkingDirectory)***.zip’ # Optionally, you can parameterize this as well.

            setParametersFile: # Optional

            removeAdditionalFilesFlag: false # Optional

            excludeFilesFromAppDataFlag: false # Optional

            takeAppOfflineFlag: false # Optional

            additionalArguments: # Optional

            xmlTransformation: # Optional

            xmlVariableSubstitution: # Optional

            jSONFiles: # Optional

      “@

 


Publishing the Extension to Share with our ADO Organization


First, we need to construct a manifest for the pipeline decorators to publish them to the private Visual Studio marketplace so that we may start using and testing the code.


In the demo directory, under Build we have both Pre and Post directories, where we see a file named vss-extension.json on each. We won’t go into too much of the details around the manifest file here today, but the manifest file allows us to configure how the pipeline decorator executes, and for what sort of target.


 


Read more on manifest files: Pipeline decorators – Azure DevOps | Microsoft Learn


 


With the manifest file configured, we can now publish to the marketplace and share it with our ADO organization:




  1. Create publisher on the Marketplace management portal




  2. Install tfx command line tool


    npm install -g tfx-cli



  3. Navigate to the directory containing the vss-extension.json




  4. Generate the .vsix file through tfx extension create


    > tfx extension create –rev-version
    

    TFS Cross Platform Command Line Interface v0.11.0
    
Copyright Microsoft Corporation
    

    === Completed operation: create extension ===
    
 – VSIX: /mnt/c/Users/jinle/Documents/Tools/ADO-Decorator-Demo/Build/Pre/Jinle-SandboxExtensions.jinlesampledecoratorspre-1.0.0.vsix
    
 – Extension ID: jinlesampledecoratorspre
    
 – Extension Version: 1.0.0
    
 – Publisher: Jinle-SandboxExtensions



  5. Upload the extension via the Marketplace management portal or through tfx extension publish




  6. Share your extension with your ADO Organization on the management portal


    10.png


  7. Install the extension on your ADO Organization



    1. Organization Settings > Manage Extensions > Shared > Install

      11.png





Testing the Decorator


Now that your pipeline decorators are installed in your organization, any time you push an update to the Visual Studio marketplace to update your extensions, your organization will automatically get the latest changes.


 


To test your decorators, you can leverage the built in GUI for Azure DevOps to validate your YAML syntax, as well as executing any build pipeline with the appropriate trigger conditions we have configured previously.


 


In our demo application environment, I updated the out-of-the-box starter pipeline to include our connection variable group, as well as specify the testDecorators flag to true:


variables:

– name: testDecorator

  value: true

– group: demo-connection-details

Running the pipeline, I can now see the tasks I have defined execute as expected:


12.png


 


Once we verify that the pre and post tasks have run as expected with the conditional controls evaluating in a similar manner, we can then conclude this demo.




Conclusion


 


Now with the decorator’s scaffolding in place, the customer can continue to take advantage of the flexibility provided by Azure DevOps pipeline’s YAML schema to implement their existing security policies at the organization level.


 


I hope this post helped bring understanding to how pipeline decorators can be leveraged to automate custom processes and bring governance layers into your ADO environment.


If you have any questions or concerns around this demo, or would like to continue the conversation around potential customer scenarios, please feel free to reach out any time.