The Tech Guy

The Essentials of Modern Tech

Blog

Azure Monitor now supports alerts for Azure Backup

Built-in Azure Monitor Alerts for Azure Backup is now generally available. With this solution, users receive default alerts for critical scenarios related to backup security and job failures, that are integrated with Azure Monitor. You can monitor these alerts at scale via either the Azure Monitor dashboard or via Backup center, and route these alerts to various notification channels of choice.

Keep reading

Difference between Azure on-demand reserved capacity and Reserved Instances.

A cloud budget is a financial strategy that projects how much an organization will spend on cloud computing services over a specific time frame. Forecasting and allocating funds for various cloud computing components are considered to be part of cloud budgeting. A cloud budget differs from an IT budget. All expenditures made by the IT department of the organization, including cloud services, are included in the IT budget. A Cloud Budget allots amount for the cloud component of software engineering, which is why it is important to avoid confusing them.

Microsoft Azure provides multiple options such as autoscaling, hybrid benefit, etc to plan cost optimization. But reserving the instances can help save your cloud cost significantly. In this article I talk about two available options for capacity reservation: On-demand capacity reservation and Reserved instances.

Keep reading

Options to host microservices applications

In my previous article, I talked about key differences between Microservices and Monolithic architecture. In the last few years we have seen an immense growth in the available options to host our services. Cloud has definitely played a key role in accelerating the adoption to the microservices architecture and making it relatively easy. In this…

Keep reading

What is Azure Bastion Service?

Bastion provides secure RDP and SSH connectivity to all of the VMs in the virtual network in which it is provisioned. Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside world, while still providing secure access using RDP/SSH.

Keep reading

How to troubleshoot Azure VM connectivity?

Troubleshooting a virtual machine connectivity can sometimes be quite tricky since we don’t have complete control on the underlying hardware and restricted on the options available at the operating system level.

In this article I explain how you can troubleshoot you VM connectivity issue.

Keep reading

Real-time Azure Interview Questions – Compute

In this article I will try to list down a few questions which can be used to test the logical understanding of Azure components.

Every interviewer has his/her way of judging the candidates, which means most of the interviews will have different questions, but if you familiarize yourself with these concepts you should be in a position to answer most of the questions.

Keep reading

Difference between Azure Site Recovery & Azure Migrate?

Azure Site Recovery is a DR solution offered by Microsoft. Contrary to this Azure Migrate is a tool used solely for cloud/Azure migration. This isn’t designed for DR because it doesn’t provide a failback option.

In this article I talk about these two options and try to point out major differences between the both.

Keep reading

Different options to backup Azure Virtual Machine

In today’s world where data is the new oil and almost everything revolves around data one way or another. This also means keeping data secure and resilient to failures should be one of the top priority.
Cloud vendors provide us different options such as IaaS, PaaS or SaaS to host our application. While hosting our application on IaaS we are more prone to failures since we are responsible for managing the infrastructure as well.

Keep reading

What is Azure Virtual Machine Scale Set?

When you are hosting the applications on the IaaS you also have to ensure resiliency is taken care. Azure virtual machine scale sets let you create and manage a group of load balanced VMs. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule.

Keep reading

Monolithic Vs Microservices approach

For software developers, factoring an application into component parts is nothing new. Typically, a tiered approach is used, with a back-end store, middle-tier business logic, and a front-end user interface (UI). What has changed over the last few years is that developers are building distributed applications for the cloud.

These business needs are affecting how we build applications. In this article I talk about monolithic and microservices approach in detail.

Keep reading

What is Azure Guest Agent?

Azure Guest agent helps the virtual machines communicate with the underlying hosts or the Fabric controller. The Azure Fabric Controller functions as the kernel of the Azure operating system. It provisions, stores, delivers, monitors and commands the virtual machines (VMs) and physical servers that make up Azure.

Keep reading

What is Azure Dedicated Host?

Azure Dedicated Host is a service that provides physical servers – able to host one or more virtual machines – dedicated to one Azure subscription. Dedicated hosts are the same physical servers used in Microsoft data centers, provided as a resource. You can provision dedicated hosts within a region, availability zone, and fault domain. Then, you can place VMs directly into your provisioned hosts, in whatever configuration best meets your needs.

Keep reading

Availability set vs Availability zone in Azure.

Availability zones are similar in concept to availability sets. However, there is a distinct difference. While availability sets are used to protect applications from hardware failures within an Azure data center, availability zones, protect applications from complete Azure data center failures.

I should also note here that when you deploy virtual machines in an availability zone, they will be covered by a 99.99% VM uptime SLA whereas virtual machines placed in availability set will be covered by 99.95% Azure SLA.

Keep reading

What is Proximity Placement Group in Azure?

A proximity placement group is a logical grouping used to make sure that Azure compute resources are physically located close to each other. Proximity placement groups (PPG) are useful for workloads where low latency is a requirement.

Keep reading

What is the usual DevOps lifecycle?

As mentioned in my previous article, DevOps started off as a system that integrated Development and Operations teams to collaboratively work on a software development project, it has greatly evolved now. Today, DevOps cross-functional teams include people from QA, security, administrators, data engineers, analytics engineers, and business management.

In this article, I am going to talk about most of the areas covered as part of the usual DevOps lifecycle.

Keep reading

Still curious about DevOps?

If you are reading this article, I am sure this question has already popped up in your mind. You would have wondered what is this DevOps that everyone is talking about? How does it affect things? And should you really explore this? In this article, I try to answer most of the doubts or questions I often get asked about DevOps.

Keep reading

Difference between Service Principal and Managed Identity in Azure.

In this article, I explain the key differences between Service Principal and Managed Identity in Azure. This is in continuation to the series that covers the difference between similar Azure resources. If you have worked on Azure deployments, you would have heard these two terms in the discussions. As part of any typical Azure deployment or architecture, we have to deal with either of them.

Keep reading

Microsoft announces Azure Managed Grafana in preview.

Grafana is a popular open-source analytics visualization tool that allows users to bring together logs, traces, metrics, and other disparate data from across an organization, regardless of where they are stored.

Until recently if your organization wanted to use Grafana, you would have to go through manual installation and configuration. This requires managing an additional infrastructure component where Grafana would be hosted. Microsoft recently announced Azure Managed Grafana in preview. This lets you create Azure Managed Grafana in a few clicks.

Keep reading

Cloud services option for GCP, AWS and Azure

In my previous articles, I have mentioned how cloud computing has seen enormous growth in the last few years. Due to the increasing demand, cloud vendors have also started supporting a variety of services. But if you are planning to host your services on the cloud and are unsure about the vendor you should choose. This article will help you get a list of services provided by different vendors.

Keep reading

How to deploy Azure DevOps using Terraform?

Since Azure has seen an exponential growth in last few years. Azure DevOps has also become a standard since that helps organizations manage everything centrally.

In this article, I explain how you can automate Azure DevOps implementation with the help of Terraform.

Keep reading

Public Preview: On-demand capacity reservation with Azure Site Recovery safeguards VMs failover

Recently Microsoft announced Azure Site Recovery is now integrated with on-demand capacity reservation and available in public preview. With this integration, you can leverage the power of capacity reservations with Site Recovery to reserve compute capacity in the disaster recovery (DR) region and guarantee your failovers. When you assign a capacity reservation group (CRG) for your protected VMs, Site Recovery will failover the VMs to that CRG. Additionally, when on-demand capacity reservation reaches general availability, a compute SLA gets added to the existing Site Recovery’s Recovery Time Objective (RTO) SLA of 2 hours.

Keep reading

How to decide on compute option in Azure?

Since there are so many compute offerings provided by Azure, this can get a little tricky when you are trying to onboard a new application. The below flowchart explains how you can decide which compute option is best for your business and which one to use for better management and efficiency.

Keep reading

Automating LAMP deployment using Terraform and Ansible.

Infrastructure automation is the use of technology to perform tasks with a reduced human assistance in order to control the tasks we do day in and day out. There are a lot of tools available in the market which allows us to automate certain tasks. Terraform is such an Infrastructure tool that can be used to automate infrastructure deployments. And Ansible allows automation of configuration management. We can fully automate Infrastructure deployments along with the configuration changes if Terraform is integrated with Ansible. The purpose of this code is to automate LAMP deployment. I will be deploying sample MediaWiki Application for your reference.

Keep reading

How to Deploy AKS Application Gateway Ingress Controller using YAML file?

Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Application Gateway Ingress Controller (AGIC) is the Kubernetes application that makes it possible for AKS clusters. Ingress controller runs in its own pods and monitors Kubernetes resources for changes. Azure allows us to use Application Gateway as Ingress for AKS clusters which lets us use all the application gateway features like: SSL Offloading, path-based routing etc.

Keep reading

Azure Deployment using Terraform Series Part 1

IaC has revolutionized the way we implement our architecture. Terraform is one of the most widely used tool for implementing architecture. Terraform not only makes the implementation easy, but also helps us define modules which can be reused again and again for future deployments. In this series I will share the terraform code that I have written to deploy entire architecture.

Keep reading

How to configure a secure private Gitlab server?

Gitlab can be installed as an external package, but if you have been following my articles, I am an avid fan of containerization. I can’t talk enough about how containerization has revolutionized the way we package our applications. In this article, I will explain how you can setup a secure private Gitlab server. The summary of the steps are :

Keep reading

List of Deprecated Hosted Pipelines for Azure DevOps

Microsoft-hosted Pipelines provides images for the 2 latest versions of macOS, Windows & Ubuntu. In this blog post I want to update you on recent and upcoming changes for each of those operating systems. If you have pipelines that use ubuntu-16.04, macOS-10.14, macOS-latest, vs2017-win2016, or windows-latest, you will be impacted and this post contains important information for you to read.

Keep reading

How to setup secure Docker private registry along with GUI

Introduction Docker Registry is a server-side application and part of Docker’s platform-as-a-service product. It allows you to locally store all your Docker images in one centralized location. When you set up a private registry, you assign a server to communicate with Docker Hub over the internet. The role of the server is to pull and push…

Keep reading

How to Setup SSL Certificate for multiple ports using 1 domain name with the help of Nginx and LetsEncrypt

Having an SSL ensures that the sensitive data of your website’s visitors will be transferred over a secure network. Despite this important component of SSL, many end-users and organizations have delayed their adoption due to the price of the certificates and the complexity of implementation. Today, getting an SSL certificate is much easier because there are initiatives like LetsEncrypt that provide them for free and have made their installation super simple. You can follow my previous article for steps to set up Let’sEncrypt and get an SSL certificate for your website. In this article I explain how you can use Nginx as reverse proxy to setup SSL for multiple ports

Keep reading

What is htpasswd? And how to use it.

When it comes to sharing password or storing password, putting some form of password verification in place can be an essential part of sharing content with accredited users. Every application on the internet has some parts in it that an anonymous user should not access. In this article I explain everything about htpasswd.

Keep reading

How to install docker and docker-compose on Ubuntu

Docker can package an application and its dependencies in a virtual container that can run on any Linux, Windows, or macOS computer. This enables the application to run in a variety of locations, such as on-premises, in a public cloud, and/or in a private cloud. Use this script to install Docker and Docker Compose.

Keep reading

Why should you use Containers?

The way arrival of containers revolutionized the shipping industry, docker has also gained massive popularity since its launch in 2013. Here I explain how containers are different from traditional Virtual machines. And what made containerization so popular.

Keep reading

How to get Azure Active Directory P2 license with Free Azure Subscription

Premium Azure Active Directory features such as Privileged Identity Management (PIM), Conditional Access policy, Risk accounts detection, Access review are only available in AAD P2 license. If you are aiming for Azure Certification or you want to master the skill of managing resources using Azure Active Directory, you would need an active Azure Active Directory P2 license.

But most of us don’t want to pay for premium features while trying these things in our test labs, or creating a POC for our customers, which is why I have comup with a workaround that will allow you to use Azure free subscription with AAD premium license.

Keep reading

Everything about Azure Run As Accounts

In this blog, I will explain the concept behind azure run as account. Azure automation allows us to automate a task against azure resources by means of runbooks. These tasks can be anything like starting a virtual machine, pre or post-failover tasks. In runbooks, all such tasks that you create against azure resources using ARM or Powershell commandlets must authenticate to Azure using Azure Active Directory. For this purpose we have run-as-accounts.

Keep reading

Powershell Script to access Azure resources using Service Principal

Cloud security is a responsibility that is shared between the cloud provider and the customer. The security responsibilities that are always the provider’s are related to the safeguarding of the infrastructure itself, as well as access to, patching, and configuration of the physical hosts and the physical network on which the compute instances run and the storage and other resources reside.

In this guide, I will consider a real-life example where my API needs to access a BLOB container and fetch the data for further integration, instead of giving access to a user, I can simply create a service principal and assign read permission, this would ensure that I avoid any unwanted logins\access to my subscription.

Keep reading

Powershell script to integrate Azure Kubernetes Service with Azure Key Vault using Secrets store CSI driver

Kubernetes Secrets store CSI driver integrates secrets store with Kubernetes via Container Storage Interface (CSI) volume. The Secrets Store CSI driver secrets-store.csi.k8s.io allows Kubernetes to mount multiple secrets, keys, and certs stored in enterprise-grade external secrets stores into their pods as a volume. Once the Volume is attached, the data in it is mounted into the container’s file system.

Keep reading

All about cloud migration and where to find it.

Migrating to the cloud for an enterprise that has been running workloads on-premises for years can be very daunting. To be successful, a migration plan needs to factor in many different aspects relating to people, processes, and technology. If you are designing the migration, you need guidance and best practices to help steer you through this process.

Keep reading

Introduction to Confidential Computing on Azure

Microsoft has a unique offering on a (relatively) new technology in Azure to protect and encrypt data in use, called Azure Confidential Computing. If you are moving sensitive data to the cloud, you also want to encrypt it. Traditionally, you can do this for data in transit and data at rest, however, data in use is a challenge. Azure Confidential Computing addresses exactly that scenario and helps you to encrypt data in use, making your data as well as code opaque even to the environment (virtual machine and hosting provider).

Keep reading

Grafana or Azure Monitor

This article only compares Grafana with Azure Monitor. I will talk about configuration steps in my next blogs. Introduction Azure Monitor is the native Azure solution that most of us have been using to monitor Azure resource utilization or performance counters. What if I tell you that you can monitor all your resources at a…

Keep reading