Built-in Azure Monitor Alerts for Azure Backup is now generally available. With this solution, users receive default alerts for critical scenarios related to backup security and job failures, that are integrated with Azure Monitor. You can monitor these alerts at scale via either the Azure Monitor dashboard or via Backup center, and route these alerts to various notification channels of choice.Keep reading
A cloud budget is a financial strategy that projects how much an organization will spend on cloud computing services over a specific time frame. Forecasting and allocating funds for various cloud computing components are considered to be part of cloud budgeting. A cloud budget differs from an IT budget. All expenditures made by the IT department of the organization, including cloud services, are included in the IT budget. A Cloud Budget allots amount for the cloud component of software engineering, which is why it is important to avoid confusing them.
Microsoft Azure provides multiple options such as autoscaling, hybrid benefit, etc to plan cost optimization. But reserving the instances can help save your cloud cost significantly. In this article I talk about two available options for capacity reservation: On-demand capacity reservation and Reserved instances.Keep reading
In my previous article, I talked about key differences between Microservices and Monolithic architecture. In the last few years we have seen an immense growth in the available options to host our services. Cloud has definitely played a key role in accelerating the adoption to the microservices architecture and making it relatively easy. In this…Keep reading
Bastion provides secure RDP and SSH connectivity to all of the VMs in the virtual network in which it is provisioned. Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside world, while still providing secure access using RDP/SSH.Keep reading
Troubleshooting a virtual machine connectivity can sometimes be quite tricky since we don’t have complete control on the underlying hardware and restricted on the options available at the operating system level.
In this article I explain how you can troubleshoot you VM connectivity issue.Keep reading
Microsoft Azure provides different services to monitor and control network. Application Security Group (ASG) and Network security group (NSG) are two of those services. Though designed to serve entirely different purpose, the similarity in the name is often the point of confusion.
In this article I briefly talk about NSG and ASG along with key differences between them.Keep reading
In this article I will try to list down a few questions which can be used to test the logical understanding of Azure components.
Every interviewer has his/her way of judging the candidates, which means most of the interviews will have different questions, but if you familiarize yourself with these concepts you should be in a position to answer most of the questions.Keep reading
Azure Site Recovery is a DR solution offered by Microsoft. Contrary to this Azure Migrate is a tool used solely for cloud/Azure migration. This isn’t designed for DR because it doesn’t provide a failback option.
In this article I talk about these two options and try to point out major differences between the both.Keep reading
In today’s world where data is the new oil and almost everything revolves around data one way or another. This also means keeping data secure and resilient to failures should be one of the top priority.
Cloud vendors provide us different options such as IaaS, PaaS or SaaS to host our application. While hosting our application on IaaS we are more prone to failures since we are responsible for managing the infrastructure as well.
When you are hosting the applications on the IaaS you also have to ensure resiliency is taken care. Azure virtual machine scale sets let you create and manage a group of load balanced VMs. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule.Keep reading
For software developers, factoring an application into component parts is nothing new. Typically, a tiered approach is used, with a back-end store, middle-tier business logic, and a front-end user interface (UI). What has changed over the last few years is that developers are building distributed applications for the cloud.
These business needs are affecting how we build applications. In this article I talk about monolithic and microservices approach in detail.Keep reading
Azure Guest agent helps the virtual machines communicate with the underlying hosts or the Fabric controller. The Azure Fabric Controller functions as the kernel of the Azure operating system. It provisions, stores, delivers, monitors and commands the virtual machines (VMs) and physical servers that make up Azure.Keep reading
Azure Dedicated Host is a service that provides physical servers – able to host one or more virtual machines – dedicated to one Azure subscription. Dedicated hosts are the same physical servers used in Microsoft data centers, provided as a resource. You can provision dedicated hosts within a region, availability zone, and fault domain. Then, you can place VMs directly into your provisioned hosts, in whatever configuration best meets your needs.Keep reading
Availability zones are similar in concept to availability sets. However, there is a distinct difference. While availability sets are used to protect applications from hardware failures within an Azure data center, availability zones, protect applications from complete Azure data center failures.
I should also note here that when you deploy virtual machines in an availability zone, they will be covered by a 99.99% VM uptime SLA whereas virtual machines placed in availability set will be covered by 99.95% Azure SLA.Keep reading
Microsoft Azure now supports expanding data disks without requiring any downtime. In this article I explain the steps required to avail this feature. Please note this feature is currently in preview and only supports data disks.Keep reading
In this article I explain how to scan your Azure Container Registry-based container images with the integrated vulnerability scanner when they’re built as part of your GitHub workflows.Keep reading
In this article I explain how we can use enhanced policy to backup a virtual machine that has trusted launch enabled. Microsoft now lets you use Enhanced policy to configure Multiple Backups Per Day and back up Trusted Launch VMs with Azure Backup service.Keep reading
As mentioned in my previous article, DevOps started off as a system that integrated Development and Operations teams to collaboratively work on a software development project, it has greatly evolved now. Today, DevOps cross-functional teams include people from QA, security, administrators, data engineers, analytics engineers, and business management.
In this article, I am going to talk about most of the areas covered as part of the usual DevOps lifecycle.Keep reading
If you are reading this article, I am sure this question has already popped up in your mind. You would have wondered what is this DevOps that everyone is talking about? How does it affect things? And should you really explore this? In this article, I try to answer most of the doubts or questions I often get asked about DevOps.Keep reading
In this article, I explain the key differences between Service Principal and Managed Identity in Azure. This is in continuation to the series that covers the difference between similar Azure resources. If you have worked on Azure deployments, you would have heard these two terms in the discussions. As part of any typical Azure deployment or architecture, we have to deal with either of them.Keep reading
Grafana is a popular open-source analytics visualization tool that allows users to bring together logs, traces, metrics, and other disparate data from across an organization, regardless of where they are stored.
Until recently if your organization wanted to use Grafana, you would have to go through manual installation and configuration. This requires managing an additional infrastructure component where Grafana would be hosted. Microsoft recently announced Azure Managed Grafana in preview. This lets you create Azure Managed Grafana in a few clicks.Keep reading
In my previous article, I talked about Azure Managed Grafana and how we can use Azure Managed Grafana. Grafana integration with Azure Monitor provides the ability to pin Azure Monitor visualizations from Azure Portal to Grafana dashboards and new out-of-the-box Azure Monitor dashboards.Keep reading
I have been often asked about the difference between a Private Endpoint and a Service Endpoint. The other question I get asked is which option should you use? In this article, I answer a few questions regarding Private Endpoint and Service Endpoint.Keep reading
In my previous articles, I have mentioned how cloud computing has seen enormous growth in the last few years. Due to the increasing demand, cloud vendors have also started supporting a variety of services. But if you are planning to host your services on the cloud and are unsure about the vendor you should choose. This article will help you get a list of services provided by different vendors.Keep reading
Microsoft introduced an option to use a custom IP address prefix in Azure. Addresses from a custom IP address prefix can be used in the same way as Azure-owned public IP address prefixes.Keep reading
Since Azure has seen an exponential growth in last few years. Azure DevOps has also become a standard since that helps organizations manage everything centrally.
In this article, I explain how you can automate Azure DevOps implementation with the help of Terraform.Keep reading
Recently Microsoft announced Azure Site Recovery is now integrated with on-demand capacity reservation and available in public preview. With this integration, you can leverage the power of capacity reservations with Site Recovery to reserve compute capacity in the disaster recovery (DR) region and guarantee your failovers. When you assign a capacity reservation group (CRG) for your protected VMs, Site Recovery will failover the VMs to that CRG. Additionally, when on-demand capacity reservation reaches general availability, a compute SLA gets added to the existing Site Recovery’s Recovery Time Objective (RTO) SLA of 2 hours.Keep reading
Since there are so many compute offerings provided by Azure, this can get a little tricky when you are trying to onboard a new application. The below flowchart explains how you can decide which compute option is best for your business and which one to use for better management and efficiency.Keep reading
Infrastructure automation is the use of technology to perform tasks with a reduced human assistance in order to control the tasks we do day in and day out. There are a lot of tools available in the market which allows us to automate certain tasks. Terraform is such an Infrastructure tool that can be used to automate infrastructure deployments. And Ansible allows automation of configuration management. We can fully automate Infrastructure deployments along with the configuration changes if Terraform is integrated with Ansible. The purpose of this code is to automate LAMP deployment. I will be deploying sample MediaWiki Application for your reference.Keep reading
Microsoft recently announced trusted launch offering forGeneration 2 Azure Virtual machines and flexible scale sets. Trusted launch protects against advanced and persistent attack techniques with the help of several coordinated infrastructure technologies. Trusted launch can only be enabled while creating new virtual machines on the portal.Keep reading
Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Application Gateway Ingress Controller (AGIC) is the Kubernetes application that makes it possible for AKS clusters. Ingress controller runs in its own pods and monitors Kubernetes resources for changes. Azure allows us to use Application Gateway as Ingress for AKS clusters which lets us use all the application gateway features like: SSL Offloading, path-based routing etc.Keep reading
IaC has revolutionized the way we implement our architecture. Terraform is one of the most widely used tool for implementing architecture. Terraform not only makes the implementation easy, but also helps us define modules which can be reused again and again for future deployments. In this series I will share the terraform code that I have written to deploy entire architecture.Keep reading
Gitlab can be installed as an external package, but if you have been following my articles, I am an avid fan of containerization. I can’t talk enough about how containerization has revolutionized the way we package our applications. In this article, I will explain how you can setup a secure private Gitlab server. The summary of the steps are :Keep reading
Microsoft-hosted Pipelines provides images for the 2 latest versions of macOS, Windows & Ubuntu. In this blog post I want to update you on recent and upcoming changes for each of those operating systems. If you have pipelines that use ubuntu-16.04, macOS-10.14, macOS-latest, vs2017-win2016, or windows-latest, you will be impacted and this post contains important information for you to read.Keep reading
Introduction Docker Registry is a server-side application and part of Docker’s platform-as-a-service product. It allows you to locally store all your Docker images in one centralized location. When you set up a private registry, you assign a server to communicate with Docker Hub over the internet. The role of the server is to pull and push…Keep reading
How to Setup SSL Certificate for multiple ports using 1 domain name with the help of Nginx and LetsEncrypt
Having an SSL ensures that the sensitive data of your website’s visitors will be transferred over a secure network. Despite this important component of SSL, many end-users and organizations have delayed their adoption due to the price of the certificates and the complexity of implementation. Today, getting an SSL certificate is much easier because there are initiatives like LetsEncrypt that provide them for free and have made their installation super simple. You can follow my previous article for steps to set up Let’sEncrypt and get an SSL certificate for your website. In this article I explain how you can use Nginx as reverse proxy to setup SSL for multiple portsKeep reading
When it comes to sharing password or storing password, putting some form of password verification in place can be an essential part of sharing content with accredited users. Every application on the internet has some parts in it that an anonymous user should not access. In this article I explain everything about htpasswd.Keep reading
Docker can package an application and its dependencies in a virtual container that can run on any Linux, Windows, or macOS computer. This enables the application to run in a variety of locations, such as on-premises, in a public cloud, and/or in a private cloud. Use this script to install Docker and Docker Compose.Keep reading
The way arrival of containers revolutionized the shipping industry, docker has also gained massive popularity since its launch in 2013. Here I explain how containers are different from traditional Virtual machines. And what made containerization so popular.Keep reading
Premium Azure Active Directory features such as Privileged Identity Management (PIM), Conditional Access policy, Risk accounts detection, Access review are only available in AAD P2 license. If you are aiming for Azure Certification or you want to master the skill of managing resources using Azure Active Directory, you would need an active Azure Active Directory P2 license.
But most of us don’t want to pay for premium features while trying these things in our test labs, or creating a POC for our customers, which is why I have comup with a workaround that will allow you to use Azure free subscription with AAD premium license.Keep reading
In this blog, I will explain the concept behind azure run as account. Azure automation allows us to automate a task against azure resources by means of runbooks. These tasks can be anything like starting a virtual machine, pre or post-failover tasks. In runbooks, all such tasks that you create against azure resources using ARM or Powershell commandlets must authenticate to Azure using Azure Active Directory. For this purpose we have run-as-accounts.Keep reading
Cloud security is a responsibility that is shared between the cloud provider and the customer. The security responsibilities that are always the provider’s are related to the safeguarding of the infrastructure itself, as well as access to, patching, and configuration of the physical hosts and the physical network on which the compute instances run and the storage and other resources reside.
In this guide, I will consider a real-life example where my API needs to access a BLOB container and fetch the data for further integration, instead of giving access to a user, I can simply create a service principal and assign read permission, this would ensure that I avoid any unwanted logins\access to my subscription.Keep reading
Powershell script to integrate Azure Kubernetes Service with Azure Key Vault using Secrets store CSI driver
Kubernetes Secrets store CSI driver integrates secrets store with Kubernetes via Container Storage Interface (CSI) volume. The Secrets Store CSI driver secrets-store.csi.k8s.io allows Kubernetes to mount multiple secrets, keys, and certs stored in enterprise-grade external secrets stores into their pods as a volume. Once the Volume is attached, the data in it is mounted into the container’s file system.Keep reading
Microsoft now allows an option to streamline Personal access token creation using different policies under Azure DevOps. In this guide, I list down all the pre-requisites and the steps to create these policies and what these policies mean.Keep reading
In this guide, I’ll show you how to set up a self-signed SSL certificate for use with Nginx web server on Ubuntu machine hosted on Azure. You don’t need to purchase any domain or update DNS entries for this to work.Keep reading
Migrating to the cloud for an enterprise that has been running workloads on-premises for years can be very daunting. To be successful, a migration plan needs to factor in many different aspects relating to people, processes, and technology. If you are designing the migration, you need guidance and best practices to help steer you through this process.Keep reading
Microsoft has a unique offering on a (relatively) new technology in Azure to protect and encrypt data in use, called Azure Confidential Computing. If you are moving sensitive data to the cloud, you also want to encrypt it. Traditionally, you can do this for data in transit and data at rest, however, data in use is a challenge. Azure Confidential Computing addresses exactly that scenario and helps you to encrypt data in use, making your data as well as code opaque even to the environment (virtual machine and hosting provider).Keep reading
This article only compares Grafana with Azure Monitor. I will talk about configuration steps in my next blogs. Introduction Azure Monitor is the native Azure solution that most of us have been using to monitor Azure resource utilization or performance counters. What if I tell you that you can monitor all your resources at a…Keep reading