Tuesday, December 31, 2019

What is a Proximity Placement Group?

When you have a larger Virtual Machine architecture it is important to ensure they are located as close as possible. This will ensure the effective communication between resources by reducing the latency between the two VMs.

You can simply start creating a Proximity Placement Group on Azure via the portal.

Currently only India Central does not have support for creating Proximity Placement Groups.

Once the Proximity Placement Group is created, you can add Virtual Machines to it. When you go to the Advance tab of your new VM creation wizard, you can see an option for selecting the Proximity Placement Group.

Tuesday, December 24, 2019

.NET Code for Obtaining an Azure AD Bearer Token

Source: Azure Blog
Azure AD provides great ways to connect applications and worker roles so that they can be secured to outside while easily communicated with inside. Service principles are a great way to ensure the applications within the same subscription are communicating security. But you can claim a security token and communicate with the other applications that are hosted internally.

For example, imagine you have a publicly exposed API that gets you some data output. Now you need to secure the API such that only applications authorized via Azure AD is granted with data access.

You can simply secure this with the [Authorize] tag at either controller or the output HTTP method level. Also on the Api end, at the Startup.cs file's ConfigureService method you need to add Azure AD authorization with the following code.

Thursday, December 19, 2019

AKS with Confidential Computing. WHAAAT?

A lot of you might not know what confidential computing is. Yes, even I did not till a few weeks back when Microsoft introduced it for Azure Kubernetes. Confidential Computing Consortium is a community with contributions from leaders in the information technology industry. 

So what is really confidential computing?

At the storage level, data are secured by encrypting them. When you are transferring data, they can be encrypted by using secured channels and other protocols. But when an application actually uses your data, they are decrypted.