Blogs 2018-03-08T09:36:45+00:00
2304, 2018

Workload Isolation via Application Security Groups

By | April 23rd, 2018|Categories: Azure, Azure Networking, Security|

An Azure subscription is designed to host a large number of workloads. In enterprises these workloads (ex:- application workloads) often belong to separate teams, each with their own security priorities. Isolation of these workloads (VM belonging to workload-1 should not talk to VM belonging to workload-2, even though both the VMs might be in the same subnet) thus becomes an important priority. For the purposes of this article, we will call such separation, East-West isolation. We will make the following assumptions: A single workload can contain more than one VM but we wont distinguish and design for the separate roles those VMs might play. Essentially, we will design so that all of the workload can sit in a single subnet.

1404, 2018

App Innovation Circle – 2018

By | April 14th, 2018|Categories: Azure, Events|Tags: |

It's always been a pleasure to present on Microsoft Azure Cloud. Had an amazing experience in presenting Deep Dive on Microsft Azure and Serverless Computing at App Innovation Circle 2018 event held at Microsoft India Development Center , Hyderabad App Innovation Circle 2018 Agenda: Few pics from the Event: https://www.flickr.com/gp/kraghu_306/37C1Cm Few helpful links on Function Apps, Logic Apps, ASP.NET Core, and Container: Resources Finally, I want to end this blog with an inspirational quote by a famous American writers William Arthur Ward who once said: "Curiosity is the Wick in the candle of Leaning". Happy Learning...!! 🙂

1204, 2018

Virtual Machine Serial Console access

By | April 12th, 2018|Categories: Azure|Tags: , |

The public preview of Serial Console access for both Linux and Windows VMs has been launched. Managing and running virtual machines can be hard. But now, extensive tools are there to manage and secure the VMs, including patching management, configuration management, agent-based scripting, automation, SSH/RDP connectivity, and support for DevOps tooling like Ansible, Chef, and Puppet. However, sometimes this isn’t enough to diagnose and fix issues. Maybe a change that has been made resulted in an fstab error on Linux and you cannot connect to fix it. Maybe a bcdedit change that has been made pushed Windows into a weird boot state. Now, it is possible to debug both with direct serial-based access and fix these issues with the

2903, 2018

Deploy Function App to Azure using VS Code

By | March 29th, 2018|Categories: Azure, Azure Function App|Tags: , |

This blog will walk you through the creation and deployment of a JavaScript Function application using the Azure Functions extension in Visual Studio Code. Prerequisites: Download Visual Studio Code Install Node.js and npm Note: To enable local debugging, you need to install the Azure Functions Core Tools. Operating Systems: For macOS, install using Homebrew. $ brew tap azure/functions $ brew install azure-functions-core-tools For Windows, install using npm. $ npm install -g azure-functions-core-tools@core Once you have the prerequisites we can proceed by Installing the Azure Function Extension. Install the Azure Functions extension Once the extension is installed, log into your Azure account - in the AZURE FUNCTIONS explorer, click Sign in to Azure... and follow the instructions. Once logged in we should see our Azure email address in the status bar and the

2511, 2017

Enabling Just-In-Time VM Access

By | November 25th, 2017|Categories: Azure, Azure Security Center, Resource Manager|Tags: , |

  What is Just in time Virtual Machine access ? Just in time virtual machine (VM) access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed. JIT VM feature is more like an automated Azure Network Security Group rule set for accessing to any Azure specific VM(s) for a temporary period  which can be enabled any set of ports restricted from and to IP/Network range. Typically, Azure Security Center locks down the inbound traffic to any specific ports and opens a port by creating a Network Security Group rule(s) for an appropriate time and from approved IP addresses(which in most cases would be

1010, 2017

Microsoft Azure Networking (Part – 3)

By | October 10th, 2017|Categories: Azure Application Gateway, Azure Networking|

  Hello Everyone 🙂 Thanks for following the blog. As we know this blog is a part of Microsoft Azure Networking blog series. This blog is Part - 3 where we continue the Networking resources from understanding Azure Application Gateway. If you haven't read the Part - 1 and Part - 2 Azure application Gateway Layer 7 : HTTP/HTTPS load balancing WebSocket support. Web application firewall URL-based routing. Routing based on tuple of source & destination IP addresses. Round Robin Session affinity via cookies SSL decoding/terminations & end-to-end SSL processing. Services: Two SKU's -> Web Application firewall (WAF) and Standard. Small, Medium & Large services tiers. Differences in pricing for outbound data Small doesn’t support WAF Differenced in speed of putdound data processing.

1009, 2017

Microsoft Azure Networking (Part-2)

By | September 10th, 2017|Categories: Azure Networking, Load Balancer|Tags: , |

  Hello again 🙂 Thanks for following the blog. As we know we have been covering Microsoft Azure Networking resources. This blog is Part - 2 where we continue the Networking resources. If you haven't read the Part 1, click here Lets understand about Azure Load Balancer and see why anyone should use, Pros and Cons, and finally few examples of the resource in real world. Azure Load Balancer Layer 4(transport) : TCP & UDP. Routing for virtual machines & cloud services. Support virtual & hybrid networks(on prem/-- -) Supports reserved IP Addresses. Routing based on tuple of source & destination IP addresses. Supports session affinity. Supports port forwarding. Internet Facing Load Balancer :- Load Balancer passes public IP request to Virtual

2207, 2017

Azure ARM VM Snapshot (unmanaged Disks)

By | July 22nd, 2017|Categories: Azure, Resource Manager|Tags: , , , |

There are some scenarios where the managed Azure Backup Services may not be a suitable fit. So let's discuss more on the custom backup strategy which uses snapshots behind the scenes.   Azure Storage provides the capability to take snapshots of blobs.   Before we dig into Snapshot strategy, lets understand, "What's a Snapshot ?" In Hyper-V Environment, the configuration, memory and supporting process information is saved and a differential disk is created to store future disk changes. When you delete a VM, all the snapshots are deleted. However, the virtual hard disk (VHD) is not deleted, which means all content stored in the differential disks associated with the snapshots must be merged with the original VHD, as the following diagram shows:

206, 2017

Microsoft Azure Networking (Part-1)

By | June 2nd, 2017|Categories: Azure Networking, Azure Traffic Manager|

  Hello Everyone 🙂 As we all know Microsoft Azure is growing day by day and expanding its length and breadth. So, we are starting with few basic series of blogs which explains more on the basic terminology of the individual resource in most IaaS components of Azure which are Networking, Compute, etc. Today let's understand concepts and resources which are under Azure Networking. When you say Azure networking you typically deal with below resources: 1. Azure Traffic Manager 2. Azure Load Balancer 3. Azure Application Gateway 4. Static IP Reservations 5. Network Security Group 6. User Defined Routes Lets dig down into individual resource and see why anyone should use the Resource, Pros and Cons, and finally few examples

1205, 2017

Azure Key Vault Implementation

By | May 12th, 2017|Categories: Azure, Azure Key Vault|

  Continuing the previous blogs where we learned about Azure Key Vault Overview and also about Key Vault Lifecycle, lets do some hands on and understand how Key Vault is implemented in real world scenario. Today we will cover how to Authenticate a Client Application with Azure Key Vault using Azure Active Directory Application and how to set various access policies for the applications. Each application should be given minimum set of permissions that it requires to operate on. A Security Administrator would be given full permission so that it could modify the Vault Key/Secret as required and an Azure Developer will have limited permissions on Keys and Secrets. For Such a scenarios, it is best to have two or more AD applications created and have separate