...
- Create a new Virtual machine by restoring an existing backup.
- Use a Azure Automation Runbook in combination with DSC to install the Deflt-FEWS software
- Use a devops solution tor creating a new virtual machine by deploying ARM templates of the components.
...
Web Services: Update the EVN variables with the changed database connection.
Archive Server: update the location of the Azure File Share in the archive configuration file.
Operator Client Recovery
Operator Client with synchronization profile
It is possible to have a synchonizing operator client on premise. In case the Azure Database is no longer available, the Operator Client can still be used with the synchronized data in the local datastore.
In case a new database has been installed after a disaster recovery, the Operator Client has to be reconfigured to access the new database.
Direct Database Access Operator Client
In case a new database has been installed after a disaster recovery, the Operator Client has to be reconfigured to access the new database.
Azure File Shares Archive recovery
In case of a disaster or a human error with the archived data on an Azure Files Share, Azure backup can be used to restore the archived files. It is recommended to use a geo redundant backup for archived data.
Monitoring and Alerting
Event Logs
Delft-FEWS logs all events from forecast workflows in the central database.
Operator Client
The Operator Client provides some access to information on the status of the system components, file imports and workflows.
Admin Interface
The Browser Based FEWS Admin Interface provides a dashboard for the FEWS Administrators to view the status of the Delft-FEWS components and workflows. Errors and events are logged within the central database and log extracts can be downloaded via the browser to provide to Deltares in the event of issues which can't be resolved internally.
The Admin Interface also provides a series of APIs to enable access to the events and status information and the audit logs.
Audit Logs of user actions are also stored in the central database and the Admin Interface API can be used to access these events.
Log Analytics
Using the Log Analytics service (part of Azure Monitoring) of Azure allows collecting log events from the different Delft-FEWS components.
The Master Controller, Forecasting Shell Server and Admin Interface support sending error log events to the Windows Event Logger. Log Analytics can be connected to the Windows Event Logger. This requires installing the MicrosoftMonitoringAgent extension using the ARM templates.
To connect other Delft-FEWS component to Log Analytics a custom connector has to be defined. All Delft-FEWS components log files to the local file system.
Malware protection
To protect the VMs from malware, it is required to install the IaaSAntimalware extension using the ARM templates. Enabling malware protection may have a negative impact on the performance of the Delft-FEWS components. It may be required to add some of the Delft-FEWS directories to the exclusion list.
Azure Infrastructure Monitoring
Infrastructure monitoring of the Delft-FEWS Virtual Machines is done with Azure Monitoring Services. This requires installing the IaaSDiagnostics extension using the ARM templates
Security
For Delft-FEWS in the cloud the same principles apply for security as on premise: Security - Shared responsibility model for Delft-FEWS system installations. Securing your cloud assets requires continuous investment in keeping your containers safe. An infamous example of malconfigured Kubernetes has been Tesla's unsecured admin console for a Kubernetes cluster. This led to malicious actors getting hold of credentials for Tesla's wider AWS environment who used it for cryptomining. Tesla highlighted that it was a test instance "only", but this incident shows why it's really important to secure both production and pre-production resources as far as possible.
...
Deltares has done several migrations and implementations of Delft-FEWS in the cloud. Microsoft Azure is the most popular provider among the community but Delft-FEWS will run in any cloud-environment.
Based on our experience with successful migration and implementations like like MDBA (link) we drafted a "how to get started" bullet list.
...