This is top of mind for everyone these days and Azure has many security features. Today we are going to explore the world of Network Security Groups (NSGs) and their use on Virtual Machines and traffic into and out of Virtual Networks.
A network security group (NSG) is a networking filter (firewall) containing a list of security rules allowing or denying network traffic to resources connected to Azure VNets. These rules can manage both inbound and outbound traffic. NSGs can be associated to subnets and/or individual Network Interfaces attached to ARM VMs and Classic VMs. Each NSG has the following properties regardless of where it is associated:
- Name for the NSG
- Azure region where the NSG is located
- resource group
- Rules either Inbound or Outboard defining what traffic is allowed or denied
When a NSG is associated to a subnet, the rules apply to all resources connected to the subnet. Traffic can be further restricted by also associating a NSG to a VM or NIC. NSGs that are associated to subnets are said to be filtering “North/South” traffic (in other words, packets flowing in and out of a subnet). NSGs that are associated to Network Interfaces are said to be filtering “East/West” traffic (in other words, how the VMs within the subnet connect to each other). Read More
Traditionally, Azure Virtual Machines (VMs) would use an Azure Storage Account to store the VM Disk Images for the VM. This required explicit management of what Storage Accounts contained which and how many VM Disks; both OS Disks and Data Disks. To simplify the management of the VM Disks, Microsoft released a newer feature (that is now the recommended best practice) called Azure Managed Disks. Managed Disks allow you to store the VM Disk imaged (both OS and Data disks) in Azure without the need to manage what Storage Accounts are used. You simple create Managed Disks, and the Azure platform takes care of all the management and scalability necessary.
When creating a Virtual Machine in Microsoft Azure, you can choose whether to use Managed Disks or not. Even though this can be chosen now at creating time, you may still have a number of Virtual Machines that are not using Managed Disks. Thankfully, Microsoft has provided tooling within the Azure CLI that enables you to easily Convert a VM to use Managed Disks.
Let’s take a look at this below… Read More
One of the largest gaps that Azure has had when compared to the competition has been the lack of high-availability options. The most glaring has been the lack of Availability Zones, which have been available in all the main providers such as AWS, Google and even Oracle.
Basically, Availability Zones allow cloud admins to deploy cloud resources to separate datacenters within a region. This ensures that applications will remain online even if one of the provider’s datacenters go down.
Microsoft has announced a public preview of their Availability Zones to help protect you from datacenter-level failures. These Availability Zones are located inside an Azure region, and each one has its own independent power source, network, and cooling. These zones are separate datacenters which are located “10’s of miles”, from each other. Microsoft has super-fast network connections between the zones, and have stated that they maintain very strict rules on the network latency between these datacenters. Read More
The Microsoft Azure Stack documentation team has released a new Azure Stack Capacity Planner. This planner is intended to help assist in the pre-purchase planning efforts for determining the appropriate capacity and configuration of Azure Stack hardware solutions.
It will help you make informed decisions in the following 2 ways:
- Selecting a hardware offering and attempting to fit a combination of resources
- Defining the workload that Azure Stack is intended to run to view available SKUs that can support it
The Azure Stack Capacity Planner is built out as an Excel spreadsheet that is intended to support the normal investigation and analysis during the planning phase of discovering what resources are necessary for an Azure Stack hardware solution. It’s important to keep in mind that this is not a replacement for the normal process, but a tool that is meant to help determine what is needed to be purchased. Read More
Some time back I wrote about doing Visual Studio development with an Azure Virtual Machine (VM). In that article, I showed how you can setup a Windows VM for Development purposes to extend your local development machine with the help of the cloud. In this article, I want to share some tips I’ve found in how to setup a Linux VM in Azure that you can use for similar purposes. Read More
A fact that went all but confirmed by both Microsoft and Apple is that Apple has been using Microsoft Azure cloud services to host their iCloud product since 2011. Apple wasn’t just using Microsoft Azure, but was also hosting iCloud with a Polynimbus (or multi-cloud) architecture utilizing Amazon AWS and Microsoft Azure. Read More
The last few years, RightScale has been surveying organizations and putting together the annual “State of the Cloud Report”. The survey includes data collected from 997 technical professionals across a broad cross-section of organizations, and focuses on gathering information about their adoption of the Cloud. Some of the metric included in the report show the percentage of organizations utilizing multiple cloud providers, which cloud services they’re using most, and many more very informative metrics. Read More
The Azure Cloud Shell has been out for some time now, as an embedded Bash and PowerShell command-line shell / terminal within the Azure Portal. It really great to be able to use Azure command-line tools (Azure CLI & Azure PowerShell) from absolutely anywhere; including a smartphone or tablet with the native Azure mobile app. Now, the Azure Cloud Shell has gotten it’s own website so you can use it all by itself! Read More
Studying for all certifications can be difficult, as all you have to go on is a short list of the exam objectives and the services/technologies covered. It’s nice to get some kind of targeted resources or training that is targeted towards the specific certification exam you’re studying for. The new Second Edition of the Exam Reference book from Microsoft Press for the 70-533 Implementing Microsoft Azure Infrastructure Solutions certification exam is now available. This book will guide you through all the different topic areas you need to know in order to take and pass the 70-533 exam, then become a Microsoft Azure certified IT Professional. Read More
The 70-537 Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack certification exam is now available. The exam was originally announced back in November 2017, has now finally been released. Plus, the full exam objectives have now been announced as IT Pros are able to start taking the certification exam. Read More