Today I was setting up a deployment with two hosts ;
- One in West Europe (“WE”)
- One in North Europe (“NE”)
The objective was to have a shared mountpoint between both. So I created a storage account in the region West Europe. In this storage account I created a file share, and mounted it on to the VM located in WE. Though when using the exact same config in NE, I got the following error message ;
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
Continue reading “Azure File Share : Issue mounting outside of the Azure region from Ubuntu Linux”
Today I got the confirmation that my proposal on “Docker Orchestration on Azure with Rancher” got accepted! Below you can find some more information about the event. I hope to see all of you there! Be sure to register up front though… The (free) ticket sales might skyrocket due to my presence. 😉
The fourth Global Azure Bootcamp is around the corner! On April 16, the global Azure community gets together. In Belgium AZUG and RealDolmen have teamed up to organise a free day for Belgian enthusiasts. Join one of the sessions or hack away on the global lab! There’s something for everyone to enjoy.
|09:00 – 09:20
||Welcome + Lab instructions
|09:20 – 09:30
|09:30 – 10:00
||Not Steve, Just Jobs – Kris van der Mast
|10:00 – 10:15
|10:15 – 11:15
||Docker Orchestration on Azure with Rancher – Karim Vaes
|11:15 – 11:30
|11:30 – 12:30
||IOTing the cloud out of UWP – Nico Vermeir
|12:30 – 13:30
|13:30 – 14:30
||Hybrid Integration with the Azure Platform – Glenn Colpaert
|14:30 – 14:45
|14:45 – 15:45
||Polyglot Persistence in Microsoft Azure – Charalampos Karypidis
|15:45 – 16:00
|16:00 – 17:00
||Using Azure to simplify your disaster recovery strategy – Wouter Gevaert
|17:00 – …
||Closing speech, prize draw (sponsor giveaway)
Event date: Saturday, April 16, 2016 – full day, starts at 9:00 AM
A. Vaucampslaan 42
Also a bit shoutout to Azug for organising this event!
A bit more than two months back I posted about “Azure & Docker : Shared storage anyone?“. Here I was using a storage pattern called “Hosted Mapped Volume, backed by Shared Storage”. Today we’ll basically do the same thing, but we’ll be using a more clean way by using a basic volume. This volume is (in turn) backed by a shared storage (namely a File Share on an Azure Storage Account). To realise this, we need to have the “docker volume driver for azure file storage” in place.
So we’ll be installing the volume driver on each host. And connect that driver to our Azure Storage Account.
Continue reading “Docker & Azure : Testdriving the azure file storage volume driver”
A quick tip on hardening your SQL database in combination with an Azure Webapp. Browse to the properties of your webapp. Copy the “outbound ip addresses” to your text editor.
Now browse to the “SQL Server” you have provisioned in Azure. Click on “Show firewall settings” and enter the IP addresses you just noted down.
A small pointer ; You have to enter this an address at the time and save after each entry… Annoying as hell, though this is how the UI works.
Anyhow, let’s see how our webapp behaves…
As you probably do not believe my right off the bat. So let’s clear up the firewall rules…
and test again!
Now we notice that the access to the database was denied. The address listed there is the one that was present in the outbound ip addresses listing from earlier on.
Have fun hardening!
For those who have been test driving the autoscale on the virtual machines scale sets… You probably have run into the situation where you wanted to go beyond the quickstart examples!
A quick tip on how to find out which Metrics are available for your autoscaling ;
So now you have the list of metrics which you can use to tweak the vmss-autoscale templates (for example ; https://github.com/Azure/azure-quickstart-templates/blob/master/201-vmss-ubuntu-autoscale/azuredeploy.json )
In my last post I mentioned that the NSGs (Network Security Groups) had a serious impact on your deployment. So today I’ll be doing a quick demo a possible annoyance you might encounter.
The demo environment
About the same setup as the last time… One VNET, three subnets ; firewall in subnet 10.0.0.0/24, one server in 10.0.1.0/24 and another server in 10.0.2.0/24.
Continue reading “Azure Networking : Do not forget the impact of Network Security Groups!”
The last week I’ve been putting down a sweat on getting the following “basic” design working.
What do we see here? A virtual network with three subnets. The subnet “SUBNET000” will act as our “External DMZ”. We’ll put the Firewall (and other security related appliances) in here. The other subnets can fulfil different roles, as you want… Let’s imagine that the “SUBNET001” is our “Internal DMZ” and the “SUBNET002” is our “Server Network”.
And what do I want to achieve today? I want all traffic to flow through the firewall. This so I can control / inspect all flows and act accordingly. As a basic test, I want to be able to ping from 10.0.1.4 (subnet001) to 10.0.2.4 (subnet002) and I want to be able to browse to “www.kvaes.be” (internet) from 10.0.1.4 (subnet001). Both tests need to be performed with the firewall als virtual network appliance routing all traffic. This is needed, as otherwise the whole test is useless from a security perspective. 🙂 If I can do those two things, then I can prove that the you can control / inspect all traffic from your Azure network.
Continue reading “Azure Networking : Building a DMZ and adding Packet Inspection to all Traffic”
Today a quick post with the tip-of-the-week as provided by Joeri Van Hoof ;
If you want to quickly see if a network interface has IP Forwarding enabled in Azure Resource Manager, browse to the following website : https://resources.azure.com/
Now you can browse to the networkInterfaces resource and check if the setting is true/false.
If you need to enable it, you can still rely on the trustworthy powershell scripts off course…
$rgName = "MyResourceGroup"
$vmName = (Get-AzureRmVM -ResourceGroupName $rgName).Name | Out-GridView -Title "Select a VM to configure forwarding ..." -PassThru
$nicName = ((Get-AzureRmVM -ResourceGroupName $rgName -Name $vmName).NetworkInterfaceIDs).Split("/")[-1] | Out-GridView `-Title "Select a NIC to configure forwarding ..." -PassThru
$nicConfig = Get-AzureRmNetworkInterface -ResourceGroupName $rgName -Name $nicName
$nicConfig.EnableIPForwarding = $true
$nicConfig | Set-AzureRmNetworkInterface
Today we’ll be building further on the steps we took in the previous post ; “Autoscaling Docker hosts on Azure with Virtual Machine Scale Sets & Rancher“.
What will we be doing?
- Deploy our VMSS with a scale-up & a scale-down configuration
- Stress our VMSS so it will scale-up
- Remove the stress so our VMSS will scale-down
Continue reading “Autoscalling on Azure : Scale Up … & Down!”
A while back Mark Russinovich announced the public preview of the “Virtual Machine Scale Sets“;
VM Scale Sets are an Azure Compute resource you can use to deploy and manage a collection of virtual machines as a set. Scale sets are well suited for building large-scale services targeting big compute, big data, and containerized workloads – all of which are increasing in significance as cloud computing continues to evolve. Scale set VMs are configured identically, you just choose how many you need, which enables them to scale out and in rapidly and automatically.
So here we have a cloud service that would enable us to autoscale our hosts in terms of the load of the underlying systems. Now imaging combining this feature with Docker… I don’t know about your, but I’m excited about this premise! When combining this with Rancher, you could make your own Containers-as-a-Service (CaaS)! Today we’ll be delving into the matter to see how to implement this…
A quick extract from the ARM Resource Visualizer… when loading the ARM Template I have prepared for this deep dive.
Continue reading “Autoscaling Docker hosts on Azure with Virtual Machine Scale Sets & Rancher”