Thursday, January 16, 2020

API Management Service Overview

Azure provides comprehensive set of options for managing APIs. API Management Service is one of such that let you control the access granted to outside. Getting started with API Management Service is easy. The new API Management Service wizard will open up like this.

Once all the required fields are filled and validated, you can access the API Management Service (APIM) through the portal. In this article I will explain an overview of what are the sections available and what each section does as I am intending to write detailed specifics in some sections in coming articles. 

Wednesday, January 15, 2020

Setting Budget Alerts on Azure Resource Group

You can set cost alerts for Azure in order to be alerted if the spending is going out of control. This is an easy way to make sure your budgets are within the limit and not exceeded.

First, go to resource groups and select the resource group you need to set the alerts.

Sunday, January 12, 2020

How awesome is Azure Key Vault

Earlier I wrote an article on having Azure Key Vault and App Configuration together. I have been using it for a while. But in this article I will write specifics on the Azure Key Vault. Azure Key Vault is the central hub for storing secrets, keys and certificates. 

Imagine a scenario where you have a bunch of configuration keys need to go with your application. You do not need the developers to know about these key values that runs on production. Well you can simply have a Key Vault setup to do that. 

Tuesday, December 31, 2019

What is a Proximity Placement Group?

When you have a larger Virtual Machine architecture it is important to ensure they are located as close as possible. This will ensure the effective communication between resources by reducing the latency between the two VMs.

You can simply start creating a Proximity Placement Group on Azure via the portal.

Currently only India Central does not have support for creating Proximity Placement Groups.

Once the Proximity Placement Group is created, you can add Virtual Machines to it. When you go to the Advance tab of your new VM creation wizard, you can see an option for selecting the Proximity Placement Group.

Tuesday, December 24, 2019

.NET Code for Obtaining an Azure AD Bearer Token

Source: Azure Blog
Azure AD provides great ways to connect applications and worker roles so that they can be secured to outside while easily communicated with inside. Service principles are a great way to ensure the applications within the same subscription are communicating security. But you can claim a security token and communicate with the other applications that are hosted internally.

For example, imagine you have a publicly exposed API that gets you some data output. Now you need to secure the API such that only applications authorized via Azure AD is granted with data access.

You can simply secure this with the [Authorize] tag at either controller or the output HTTP method level. Also on the Api end, at the Startup.cs file's ConfigureService method you need to add Azure AD authorization with the following code.

Thursday, December 19, 2019

AKS with Confidential Computing. WHAAAT?

A lot of you might not know what confidential computing is. Yes, even I did not till a few weeks back when Microsoft introduced it for Azure Kubernetes. Confidential Computing Consortium is a community with contributions from leaders in the information technology industry. 

So what is really confidential computing?

At the storage level, data are secured by encrypting them. When you are transferring data, they can be encrypted by using secured channels and other protocols. But when an application actually uses your data, they are decrypted. 

Friday, October 4, 2019

Azure Key Vault and App Configuration Together

Azure App Configuration provides a great set of options for the people who would like to store the configuration on cloud and manage through a central location. On the other hand, Azure Key Vault is a service that lets you manage all your Secrets, Keys and Certificates. There is a hint of both being connected, but for the time being they are working as two separate services. Connecting them would be great as it will help storing secured app configurations. 

This article focus on how the each service is available as of now. 

Think of an application that is hosted on Azure and distributed across multiple regions. If it is a large scale application, you may have divided different worker roles across the regions. Eg: An App Service along with a Database separate for the East US. Then another for Australia, while the load balancer and metadata information are geo replicated.