33 C
Dubai
Wednesday, April 30, 2025
Home Blog Page 8

Managing IP Address for Azure Services.

Santhosh M
-
0
Managing IP Address for Azure Services.
  • Azure provides Public IP addresses that allow resources within your Virtual Networks to communicate with the internet. These are typically used for services like virtual machines, load balancers, and application gateways.
  • When managing Public IPs, consider using Azure IP prefixes and service tags to control inbound and outbound traffic through Network Security Groups (NSGs).

Currently here I have a Virtual Machine with both Public IP and a Private IP.

Private IP : Private IP addresses are used within Virtual Networks for communication between Azure resources.

Public IP : Public IP helps in Inbound communication with the Virtual machine through internet.

Step 1 : Lets check the IP configuration of this Virtual Machine.

.

In IP configuration section we have options to convert our Private IP to Dynamic or Static. But there is no option for us to edit our Public IP SKU.

Step 2 : Dissociate the current Public IP and assign a new IP with a required SKU.

.
.

Step 3 : Now we have a Virtual Machine without a Public IP. So lets create a new Public IP with a different SKU.

We can select any region according to our requirement.

Now for selecting for SKU for IP addresses there are two SKU’s they are Standard and Basic.

For a Standard SKU we have option’s like Zone Redundant and tier’s for Regional or Global. All these options helps in increasing the availability of the Public IP. And for Basic SKU we don’t have any availability options.

.

Step 4 : Here lets go with Standard Plan and create a Public IP.

.

Step 5 : Once the Public IP is created, Lets assign it to the Virtual Machine. In Ip configuration part click on Associate public IP address to assign our new Public IP.

.

Select the required IP address and click on save.

.

Now the Virtual Machine is assigned with a new Public IP Address.

Deploy Bastion Host to connect to Virtual Machines.

Santhosh M
-
0
<strong>Deploy Bastion Host to connect to Virtual Machines.</strong>

A “Bastion Host” in Azure is a dedicated virtual machine that serves as a secure gateway for connecting to other virtual machines within an Azure Virtual Network. It plays a crucial role in enhancing the security and control of remote access to your Azure resources.

Security Enhancement:

  • A bastion host acts as a shield between your local computer and Azure VMs, reducing the exposure of VMs to potential security threats from the public internet. This intermediary approach adds an extra layer of security.

Network Isolation:

  • Typically, the bastion host is placed in a separate subnet within your Azure Virtual Network. This subnet is isolated from the public internet and other subnets, creating a secure environment.

Reduced Public IP Exposure:

  • Bastion host enables you to reduce the need for public IP addresses on your VMs, further minimizing potential attack vectors.

Cross-Platform Compatibility:

  • Azure Bastion supports both Windows and Linux VMs, ensuring a consistent experience for connecting to VMs regardless of the operating system.

Step 1 : Here currently we have two Virtual Machines in a Resource group.

Virtual Machine 1 – Windows VM

Virtual Machine 2 – Linux VM

Step 2 : Lets create Bastion service to connect to the two Virtual Machines we have.

Select the virtual network in which the two Virtual Machines are placed.

But here we will not be able to add the same Subnet, this is because a Bastion resides in a separate subnet. therefore we have to create a separate subnet for Bastion service

Step 3 : Create a subnet for Bastion in the Virtual network in which the Virtual machines are created.

Note: The name of the subnet should me as “AzureBastionSubnet“.

.

Step 4 : Now we a have a separate Subnet for Bastion. Lets add the subnet and create a Bastion.

Step 5 : We don’t need a Public IP to connect to the Virtual Machines. So we can Disassociate the Public IP.

Step 6 : Now lets connect to the Windows Virtual Machine. Click on connect and select Bastion.

Step 7 : Fill out the required credentials and click connect to login to the Windows Virtual machine.

.

Step 8 : Connection to Linux Virtual machine. We don’t need a Public Ip to connect to the Virtual Machines, so lets disassociate them.

Step 9 : Click on Connect and select Bastion. Now for Linux Virtual Machine browse for the Private Key and click on Connect.

.

Creating Snapshots of Data Disks in Azure

Santhosh M
-
0
Creating Snapshots of Data Disks in Azure

In Azure, “Snapshots of Data Disks” refer to the capability to create point-in-time backups of the data disks attached to your virtual machines. These snapshots capture the exact contents of the data disks at a specific moment, including the operating system and any data stored on them. Here’s a more detailed explanation:

  1. Backup Solution: Snapshots are a crucial component of your backup and disaster recovery strategy in Azure. They provide a way to protect your data and applications from accidental data loss, corruption, or system failures.
  2. Point-in-Time Copy: When you create a snapshot, it captures the data disk’s state at a specific point in time. This ensures that you have a consistent copy of your data and the operating system that you can revert to if needed.

Step 1 : Crete a Virtual Machine(VM1) and add a file in Data Disk Level, so that the file will not be deleted when the virtual machine is shutdown.

Here a Text file is added to the Added Data disk.

Step 2 : Create one more Virtual Machine(VM2) to which the snapshot will be converted to a Data Disk and be attached.

Step 3 : In Virtual Machine(VM1), click on Disk section. We can view both the OS disk and Data disk.

Step 4 : Click on the Data disk and Lets click on “Create snapshot” to create a snapshot of the data disk.

Step 5 : Create the snapshot of the Data disk with the required parameters.

Step 6 : Once we are ready with the Snapshot of the data disk, Now we can convert the snapshot into a Data disk. Search for snapshot and click on the one we have created and click “Create disk” to make a data disk out of the snapshot.

Step 7 : Give the required details to create a Data disk.

Step 8 : Once a Data disk is created from a Snapshot, now lets move to the Disk section of the Virtual machine(VM2) and add the Data disk.

Step 9 : Login to Virtual Machine(VM2) and check for the required data in the added Data disk.

Implementing ICMP (Ping) Access Control with Network Security Groups in Azure

Santhosh M
-
0
Implementing ICMP (Ping) Access Control with Network Security Groups in Azure

ICMP stands for “Internet Control Message Protocol.” It is a network layer protocol within the Internet Protocol (IP) suite, which is a set of protocols that govern how data is transmitted and received over the internet. ICMP is primarily used for communication between network devices to convey control and error messages.

  1. Network Reachability Testing: “Ping” is widely used to determine whether a remote host or network device is reachable over a network, including the internet. If a device responds to a “ping,” it indicates that it is online and accessible.
  2. Round-Trip Time Measurement: “Ping” is also used to measure the round-trip time (RTT) for a packet to travel from the sender to the target and back. This information helps assess network performance and latency.
  3. Network Troubleshooting: Network administrators and IT professionals use “ping” to diagnose connectivity issues. If a device does not respond to a “ping,” it may indicate a network problem or that the target device is down.

Step 1 : Lets create a Virtual machine to check Internet Control Message Protocol.

Step 2 : Checking ICMP with the ping Command from my Local machine. Following the Ping command paste the Public IP of the Virtual Machine.

Failed to get a response message from our Virtual Machine. This is due to Network Security Group present in the Virtual Machine.

Step 2 : Lets check the Network Security Group of the Virtual Machine for Inbound Traffic Rules. Here there is no Inbound Traffic Rules to allow ICMP request.

Step 3 : Now lets create a new Inbound Traffic Rule to allow Ping requests. Click on Add Inbound Rules and select ICMP, and save.

Step 4 : Now lets try sending a ping request to the Virtual Machine.

Again failed to get a response from the Virtual Machine even adding a Inbound Rule in the Network Security Group.

This use due to Firewall present in the Virtual Machine. Here the Network Security Group allows the Ping request but the Firewall in virtual machine block’s it.

Step 5 : Now we can connect to the virtual machine and add an Inbound Rules in the Firewall of the Virtual Machine.

Once we login in the VM, search for Windows Firewall and click on Windows Defender with Advanced Security.

Step 6 : Select Inbound Rules and add the ICMP rule.

.
.

Select Custom Rule.

.

Keep other setting as default and select ICMPv4 for Protocol Type.

Select Allow the Connection.

Provide a Name for the Firewall Rule and Click on Finish.

Inbound Rule is added to Windows Firewall of the Virtual machine.

Step 7 : Now let’s check for the Internet Control Message Protocol with the Ping connand.

Successfully got reply message from the Virtual Machine.

Azure AD User and Group Management using PowerShell

Santhosh M
-
0
Azure AD User and Group Management using PowerShell
  1. PowerShell, with the Azure AD module, allows you to create, update, and delete Azure AD user accounts, making user management more efficient.
  2. Group creation, membership management, and group-based access control can be easily automated and configured using PowerShell scripts.
  3. PowerShell is a valuable tool for bulk operations, enabling you to handle multiple users and groups simultaneously.
  4. It’s important to follow security best practices, protect credentials, and assign proper permissions when using PowerShell with Azure AD.

Step 1 :As a first step open your PowerShell Prompt in your Local machine and select run as Administrator.

Now type the following command

Set-ExecutionPolicy RemoteSigned

The command Set-ExecutionPolicy RemoteSigned is a PowerShell command used to set the execution policy for running scripts on a Windows system.RemoteSigned is one of the execution policies available in PowerShell. When you set the execution policy to RemoteSigned, it allows the execution of scripts that are local to your computer without requiring a digital signature.

Step 2: Lets install Azure modules to for running our scripts.


Step 3: Once all the required modules are installed lets connect to our Azure tenant.

Step 4: Lets get the list of users in the tenant

Step 5: Lets start creating users for this tenant by using PowerShell.

Type the flowing command below to create a user in Azure AD

New-AzADUser -DisplayName 'Test User01' -UserPrincipalName testuser01@domain-name.onmicrosoft.com -MailNickname test01 `
-Password (Read-Host "Enter the Password for user :" -AsSecureString)

We can also give additional information’s required for the user and run the script to view the user.

We can also provide additional settings, like force the user to change the password once they login.

Step 6: Other simple ways to create a user in Azure AD. Type the command New-AzADuser and fill the parameter’s in the console window.

Step 7: Lets edit the properties of a user.

Step 8: Lets start creating groups in Azure AD

Check for the available group that exist in your tenant.

Provide the following commands the create a group in your tenant.

New-AzADGroup -DisplayName Security -MailNickname Security

Adding members to the group

Step 9: We can also use other ways to create a group using PowerShell. Type New-AzADGroup and run the script, then fill the required parameters for the group.

Step 10: Removing or Deleting a group from Azure AD.

How to Deploy an Azure Kubernetes Service (AKS) cluster using the Azure portal

Premnath
-
0
How to Deploy an Azure Kubernetes Service (AKS) cluster using the Azure portal

Create an AKS cluster:

  1. Sign in to the Azure portal.
  2. On the Azure portal menu or from the Home page, select Create a resource.
  3. In the Categories section, select Containers > Azure Kubernetes Service (AKS).
  4. On the Basics page, configure the following options:
    • Project details:
      • Select an Azure Subscription.
      • Create an Azure Resource group, such as myResourceGroup. While you can select an existing resource group, for testing or evaluation purposes, we recommend creating a resource group to temporarily host these resources and avoid impacting your production or development workloads.
    • Cluster details:
      • Ensure that the Preset configuration is Standard ($$). For more details on preset configurations, see Cluster configuration presets in the Azure portal.
      • Enter a Kubernetes cluster name, such as myAKSCluster.
      • Select a Region for the AKS cluster, and leave the default value selected for Kubernetes version.
    • Primary node pool:
      • Leave the default values selected

Connect to the cluster :

To manage a Kubernetes cluster, use the Kubernetes command-line client, kubectl. kubectl is already installed if you use Azure Cloud Shell. If you’re unfamiliar with the Cloud Shell, review Overview of Azure Cloud Shell.

Open Cloud Shell using the >_ button on the top of the Azure portal.

Azure Powershell

STEP 1:

Open Cloud Shell using the >_ button on the top of the Azure portal.

STEP 2:

Configure kubectl to connect to your Kubernetes cluster using the Import-AzAksCredential cmdlet. The following command downloads credentials and configures the Kubernetes CLI to use them.

STEP 3:

Verify the connection to your cluster using kubectl get to return a list of the cluster nodes

kubectl get nodes

Output shows the single node created in the previous steps. Make sure the node status is

Ready:

NAMESTATUSROLES AGE VERSION
aks-agentpool-24431696-vmss000000Readyagent18hv1.26.6
aks-agentpool-24431696-vmss000000Readyagent18hv1.26.6

Step 4:

Deploy the application  

A Kubernetes manifest file defines a cluster’s desired state, like which container images to run.

In this quickstart, you will use a manifest to create all objects needed to run the Azure Vote application. This manifest includes two Kubernetes deployments:

  • The sample Azure Vote Python applications.
  • A Redis instance
  • Open editor using the >_ button on the top of the Azure cloud shell

Step 5

Two Kubernetes Services are also created:

  • An internal service for the Redis instance.
  • An external service to access the Azure Vote application from the internet.
  • In the Cloud Shell, open an editor and create a file named azure-vote.yaml.
  • Paste in the following YAML definition:
apiVersion: apps/v1
kind: Deployment
metadata:
  name: azure-vote-back
spec:
  replicas: 1
  selector:
    matchLabels:
      app: azure-vote-back
  template:
    metadata:
      labels:
        app: azure-vote-back
    spec:
      nodeSelector:
        "kubernetes.io/os": linux
      containers:
      - name: azure-vote-back
        image: mcr.microsoft.com/oss/bitnami/redis:6.0.8
        env:
        - name: ALLOW_EMPTY_PASSWORD
          value: "yes"
        resources:
          requests:
            cpu: 100m
            memory: 128Mi
          limits:
            cpu: 250m
            memory: 256Mi
        ports:
        - containerPort: 6379
          name: redis
---
apiVersion: v1
kind: Service
metadata:
  name: azure-vote-back
spec:
  ports:
  - port: 6379
  selector:
    app: azure-vote-back
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: azure-vote-front
spec:
  replicas: 1
  selector:
    matchLabels:
      app: azure-vote-front
  template:
    metadata:
      labels:
        app: azure-vote-front
    spec:
      nodeSelector:
        "kubernetes.io/os": linux
      containers:
      - name: azure-vote-front
        image: mcr.microsoft.com/azuredocs/azure-vote-front:v1
        resources:
          requests:
            cpu: 100m
            memory: 128Mi
          limits:
            cpu: 250m
            memory: 256Mi
        ports:
        - containerPort: 80
        env:
        - name: REDIS
          value: "azure-vote-back"
---
apiVersion: v1
kind: Service
metadata:
  name: azure-vote-front
spec:
  type: LoadBalancer
  ports:
  - port: 80
  selector:
    app: azure-vote-front

Step 6

Deploy the application using the kubectl apply command and specify the name of your YAML manifest:

kubectl apply -f azure-vote.yaml

Output shows the successfully created deployments and services:

 Step 7

Test the application

When the application runs, a Kubernetes service exposes the application front end to the internet. This process can take a few minutes to complete. To monitor progress, use the kubectl get service command with the --watch argument

kubectl get service azure-vote-front –watch

COPY EXTERNAL IP AND PASTE TO LOCAL HOST

To see the Azure Vote app in action, open a web browser to the external IP address of your service.

1...789...113Page 8 of 113

EDITOR PICKS

POPULAR POSTS

POPULAR CATEGORY

ABOUT ME

Satheshwaran Manoharan - Microsoft MVP - Award-winning Technology Leader with a wealth of experience running large teams and diversified industry exposure in cloud computing. From shipping lines to rolling stocks.In-depth expertise in driving cloud adoption strategies and modernizing systems to cloud native. Specialized in Microsoft Cloud, DevOps, and Microsoft 365 Stack and conducted numerous successful projects worldwide. Also, Acting as a Technical Advisor for various start-ups.

Contact : Info@Azure365Pro.com

FOLLOW US

© Azure365Pro.com

× How can I help you?