This is top of mind for everyone these days and Azure has many security features. Today we are going to explore the world of Network Security Groups (NSGs) and their use on Virtual Machines and traffic into and out of Virtual Networks.
A network security group (NSG) is a networking filter (firewall) containing a list of security rules allowing or denying network traffic to resources connected to Azure VNets. These rules can manage both inbound and outbound traffic. NSGs can be associated to subnets and/or individual Network Interfaces attached to ARM VMs and Classic VMs. Each NSG has the following properties regardless of where it is associated:
- Name for the NSG
- Azure region where the NSG is located
- resource group
- Rules either Inbound or Outboard defining what traffic is allowed or denied
When a NSG is associated to a subnet, the rules apply to all resources connected to the subnet. Traffic can be further restricted by also associating a NSG to a VM or NIC. NSGs that are associated to subnets are said to be filtering “North/South” traffic (in other words, packets flowing in and out of a subnet). NSGs that are associated to Network Interfaces are said to be filtering “East/West” traffic (in other words, how the VMs within the subnet connect to each other). Read More
Traditionally, Azure Virtual Machines (VMs) would use an Azure Storage Account to store the VM Disk Images for the VM. This required explicit management of what Storage Accounts contained which and how many VM Disks; both OS Disks and Data Disks. To simplify the management of the VM Disks, Microsoft released a newer feature (that is now the recommended best practice) called Azure Managed Disks. Managed Disks allow you to store the VM Disk imaged (both OS and Data disks) in Azure without the need to manage what Storage Accounts are used. You simple create Managed Disks, and the Azure platform takes care of all the management and scalability necessary.
When creating a Virtual Machine in Microsoft Azure, you can choose whether to use Managed Disks or not. Even though this can be chosen now at creating time, you may still have a number of Virtual Machines that are not using Managed Disks. Thankfully, Microsoft has provided tooling within the Azure CLI that enables you to easily Convert a VM to use Managed Disks.
Let’s take a look at this below… Read More
The Azure Cloud Shell has been out for some time now, as an embedded Bash and PowerShell command-line shell / terminal within the Azure Portal. It really great to be able to use Azure command-line tools (Azure CLI & Azure PowerShell) from absolutely anywhere; including a smartphone or tablet with the native Azure mobile app. Now, the Azure Cloud Shell has gotten it’s own website so you can use it all by itself! Read More
You can easily Start and Stop Virtual Machines (VMs) through the Azure Portal. Previously, I’ve written about the importance of Stopping unused VMs to save money and place them in a “Stopped (Deallocated)” state. While it’s easy and simple to do through the Azure Portal, it’s also time consuming if you have multiple VMs; especially if you have a dozen or more VMs. The following Azure CLI 2.0 tip will show you how you can easily use the Azure CLI to Start and Stop multiple VMs with a single command!
Before we get into how to Start, Stop and Deallocate Virtual Machines (VMs) in batches, we must first cover the basics of Starting, Stopping and Deallocating VMs one at a time. After those commands are defined and demonstrated, then you’ll have the foundation necessary to extend on that to do the batching. Please be patient as you read through as you’ll need to step through this to fully understand the end result. And, you’ll be glad you did once you get there as this will really enable you to be immensely more productive in your management of Azure Virtual Machines when it comes to Starting, Stopping, and Deallocating them. Read More
It can be extremely useful to use the Azure CLI to manage / manipulate your Azure resources from the command-line. However, many of the commands will output a large amount of JSON that can be extremely difficult to read at the command-line. When using the Azure CLI within the Bash shell, you can use a couple techniques to make the JSON output much more readable, and using these techniques will really increase your productivity at the command-line.
It’s very easy to spin up a Virtual Machine (VM) in Microsoft Azure. You can do it through the Azure Portal or with scripting tools such as the Azure CLI, Azure PowerShell cmdlets, and even ARM Templates. When you provision the new VM you need to set an Administrator username and password for the VM. You will use these login credentials to connect to and manage the VM. However, there are time when you either need to 1) change the password periodically, or 2) reset the password if you may have forgotten what it was. Thankfully, Azure makes the task of changing the password for a VM extremely easy to do from the management of your Azure Subscription. It can be done easily enough through the UI of the Azure Portal, however there are times when scripting and automation are necessary to fit your workflow best. Below you’ll find the simple, easy to use command to change / reset the password for a VM running in Azure. Both Windows and Linux VMs work the same way!
The Azure CLI is the cross-platform, command-line tool for managing and automating cloud resources in Microsoft Azure. The tool is supported across macOS, Linux, Windows, and more newly usable from within a web browser in the Azure Portal. While you can run it in the browser now, there are certainly benefit from being able to run the Azure CLI from your local machine. One of these benefits is to easily execute bash scripts locally to perform automation and other tasks. This article will guide you through the step-by-step process of installing the Azure CLI 2.0 on macOS. Read More
Azure Storage is a cloud service at the very center of Microsoft Azure. It provides the foundations for storing data in many services and systems within the Azure cloud platform. You can use Azure Blob Storage to store any binary data such as files, images, backups, .vhd’s, videos, and pretty much any other file. The Azure Blob Storage will secure all blobs / files by default where they can’t be access without a key. You can configure the service to allow anonymous access to blobs, however, there are many circumstances that you want to securely share a file with Azure Blob Storage.
The Azure SQL Database service allows you to set an Admin login and password when you provision a database server in the service. However, if you happen to forget the password for the Azure SQL Database server, it can be problematic. There is an option in the UI of the Azure Portal to reset this admin password. However, there may be times when you want to update the password from the command-line or in an automated fashion. Perhaps, you may want to automate the updating of the admin password for your Azure SQL Database servers periodically. Thankfully, there is a command in the Azure CLI 2.0 that does support updating or changing the password. Read More
All cloud resources created / provisioned in Microsoft Azure need to be associated with Resource Groups. This is one of the basic features of the Azure Resource Management model to cloud resource management, and it makes it far easier to manage groupings of resources that comprise full applications and workloads. The Azure Portal makes it extremely simple to create and delete Azure Resource Groups. This article takes a look at managing Azure Resource Groups form the cross-platform command-line using the Azure CLI 2.0. Read More