Moving an existing CosmosDB database/collection to CosmosDB Serverless when using MongoDB

Introduction

If we go several years back, I already leveraged the instant scaling of CosmosDB… Recently a new plan has been introduced to cover this behavior, being the Consumption Based / Serverless option! For a new project I immediately started using this one, and I am very happy about it. Where I came to a point where I said to myself, let us migrate the other databases (where fit) to this option too. For today’s post, I will go into the differences I noticed… and hopefully save you some time looking up things. 😉 Though be aware that I have been leveraging the MongoDB API/endpoint.

Continue reading “Moving an existing CosmosDB database/collection to CosmosDB Serverless when using MongoDB”

See what your users are experiencing with Clarity!

Introduction

A while back Mike was telling me he discovered “Clarity” existed and that I should REALLY take a look at it. I remember in initially was a it sceptic also thinking about where the potential overlap was with “Application Insights“.

As I have been working on a new project, I decided to take it for a test spin, and I must say I am impressed! Clarity is a simple and free service that allows you to see what your users are seeing. Plain “simple”… nothing more, nothing less. It will provide you insights on the usage, heatmaps of your web app and session recordings of users going through your web app. Which will help like a lot when you want to refine your user experience!

Quick skim through the service

Once signed up you are prompted to create a new project ;

Continue reading “See what your users are experiencing with Clarity!”

Identity based security for LogicApp to LogicApp communication

Introduction

For today’s post we’ll go through a simple (yet powerful!) example that shows you how to securely communicate between two LogicApps. For this we will leverage the concept of managed system identity on the sender and access token validation on the receiver.

Conceptual

To get a bit of an idea of the flow, let us take a look at the drawing below…

The sender (LogicApp on the top left) is foreseen of a Managed System Identity in AAD. It will leverage this capability to get an access token from AAD. In addition, we will include a specific audience in the scope. This refers to an application object inside of the AAD tenant.
This token will then be included in the authorization header (as a JWT token) towards the receiver (LogicApp on the top right). The receiver will validate the JWT token by checking the public keys of the issues (AAD). Next up, it will check if the Issuer and Audience provided match the defined policy. If all is okay, then it will accept the request.

Continue reading “Identity based security for LogicApp to LogicApp communication”

Azure Serverless Compute Options

Introduction
A bit less than a year ago I blogged my opinion on “Cloud Native”, where the objective of today is to provide a bit more nuance to this previous post. Let us categorize it as “progressive insights”, due to having these type of discussions on a virtually daily basis. Therefore I wanted to share this with a broader audience, as I expect this is valuable to all. Where I will also try to make it a bit more tangible to link it to “Serverless” options in Azure.

Continue reading “Azure Serverless Compute Options”

Logic Apps ; When do I go for a consumption or a fixed pricing model?

Introduction

Today’s post is about the Logic Apps billing model. As you might know, the Integrated Service Environment has been generally available since May 2019. Since then, there is a consumption plan and a fixed price approach for Logic Apps. Lately I have noticed that this still remains confusing… Let us try to demystify this one then? 😉

 

Bibliography

Continue reading “Logic Apps ; When do I go for a consumption or a fixed pricing model?”

How to estimate the costs of your Azure Kubernetes Service (AKS) cluster?

Introduction

Aside from the variety of technical questions, a very common discussion around Azure Kubernetes Service (AKS) is … “What will it cost me?”. In today’s post we’ll dissect how the pricing dynamics work and how you can optimize the cost for your cluster(s). Where this might not be rocket science, I do have noticed some organizations struggling with this. So with this I hope to help those out… 😉

Continue reading “How to estimate the costs of your Azure Kubernetes Service (AKS) cluster?”

Cloud Native in the Enterprise ; What about outsourcing?

Introduction

At the beginning of the month Geert posted the following question on Twitter ;

Where the “depends” was a common word to be found in this thread. 😉 So let us delve into this today, shall we?

Continue reading “Cloud Native in the Enterprise ; What about outsourcing?”

Advanced meeting scheduling ; Let us compare various tools

Introduction

Scheduling meetings is not always easy… Trying to find agenda darts with multiple participants can be a process where a lot of mails are being sent from/to all directions. Over the course of time, I have tried out several tools to help me on this front ;

In today’s post, we’ll take a look at the various options and give you a bit of an insight into the workings of each.

Continue reading “Advanced meeting scheduling ; Let us compare various tools”

Microsoft Whiteboard anyone? Some additions…

Introduction

About half a year ago I made a post on some practical tips & tricks with “Microsoft Whiteboard“. In today’s post I’ll highlight some additional things that were not mentioned in that post.

 

More Microsoft Whiteboard anyone? 😉

In the last post we invited Satya to our whiteboard…

Which you can do by writing the name with your pen ;

Though I forgot to mention that you can also flip it to a keyboard… By pressing the keyboard sign.

And then you can type Satya’s name. 😉

 

Images!

Do know you can also import images into your whiteboard. Search for the image icon. If you do not see it in the bar, click on the “+” (plus) sign, where you can see it in the dropout menu.

 

Once you clicked on it, you can either do a bing search (similar flow to inviting someone), take a picture with your camera or search for a photo on your device.

So I went for my local device, and selected a screencap I made of a presentation ;

Now it appears in your whiteboard and you can tweak it a bit…

And there we have it… Inside of our whiteboard.

And now we can start drawing on it!

You might wonder in what use cases I use this? On a regular basis we do whiteboard design sessions. Here we ask organizations to provide some context from which we can start. Typically I take this information (in the form of a screencap, with consent given) and insert it into the whiteboard drawing. Where we can then start designing from… Which makes it a lot more tangible for the participants.

 

Bonus TIP ; Surface Book Drawing!

Did you know you can undock your screen and put it on backwards? Afterwards you can fold the book with the screen facing “outside” (or “up”). Below is a picture of my daughter showcasing how this can be done!

That being said… This is a very handy approach when doing these kind of whiteboard sessions. As otherwise your screen will “wiggle” way too much and give you an unsteady hand.

 

Closing Thoughts

I am an avid user of Microsoft Whiteboard! It is an awesome (and free!) tool that helps you virtually collaborate on whiteboarding. If you haven’t tried it out yet, try it out! 😉

Azure Networking ; Service endpoints, Private links and VNET Injection

Introduction

Today’s post is inspired by the combination of a twitter thread from earlier today… and having had the same conversation with a customer earlier today too! Truth be told, there are a variety of networking options when integration Azure Services with your VNET (Virtual Network). So let us go over them!

 

The different options

When you want to integrate PaaS services, you have several options on how to integrate them into your VNET ;

 

Now lets us take a look at the differences by using the following schematic ;

 

You will see that both the “SQL Managed Instance” and “Azure Kubernetes” service reside inside of the virtual network. This is what used to be called “VNET injection”, and where you deploy the service directly into the VNET. Typically you give each of those services their own subnet, without any other things inside of it to avoid interoperability issues. Though from then on you can leverage private traffic within your VNET and have hybrid integration scenarios (aka “Connect to On Premises”).

When looking towards the “Azure Storage”, you can see two colors ;

  • Purple indicates a “Private Link” & “Private Endpoint”. The private link is the line from the service to the dot. Where the dot is actually the private endpoint, which will have a private ip belonging to the range of the subnet (within the VNET) it belongs too. This means that the service will be able to connects you privately and securely to a service powered by Azure Private Link. The nuance difference between “VNET injection” and “Private Link” is that the first is used for resources dedicated to you (AKS Workers, SQL Managed Instance, …) and the latter is used for services that share resources underneath (AKS Master Nodes, Azure SQL DB, Azure Storage, …). This will also allow you to connect to services in a hybrid integration scenario.
  • The orange link depicts the concept of a service endpoint. It extends your virtual network private address space to a shared service. The endpoints also extend the identity of your VNet to the Azure services over a direct connection. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Traffic from your VNet to the Azure service always remains on the Microsoft Azure backbone network. If you want to understand more of the mechanics underneath, check the following post from when I took my first glance at them. Important to know is that the service will still have its public IP, and that you will leverage that to connect to it. It is used to connect from inside of the VNET to a public endpoint, while you can configure the firewall of the public service to filter on your private range. It cannot be used to connect to a service in a hybrid integration scenario.

 

Not all options work for all services!

Though be aware that not all services have all options available… Check the documentation of the services at hand and the above options. I know this makes it a bit complex at times. Though the capabilities are constantly evolving! And sometimes network integration is also only unlocked in premium editions of a service. For example, in the past you could only get a fully private scenario for App Service by leveraging the Isolated edition (or “App Service Environment”). This made it possible to inject the service into your VNET. Though it had a starting cost of about 1k USD… With the arrival of Private Link/Endpoint, this is not a requirement anymore. Where the API Management does still require either the Premium (Production) or Developer (Non-Production) variants of the service to unlock VNET integration.

 

Closing Thoughts

Things might be confusing at times. Though I hope this brief post helps you position the different options you have in terms of network integration.

  • Service Endpoints ; Connect in a hardened way from a VNET to a shared service
  • Private Link ; Give a shared service a private endpoint in your VNET
  • Deploy inside of a VNET (“VNET Injection”) ; Deploy a service privately for you into your VNET