Azure File Share : Issue mounting outside of the Azure region from Ubuntu Linux

Today I was setting up a deployment with two hosts ;

• One in West Europe (“WE”)
• One in North Europe (“NE”)

The objective was to have a shared mountpoint between both. So I created a storage account in the region West Europe. In this storage account I created a file share, and mounted it on to the VM located in WE. Though when using the exact same config in NE, I got the following error message ;

mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

Continue reading “Azure File Share : Issue mounting outside of the Azure region from Ubuntu Linux” →

Public Speaking Engagement – Azure Bootcamp on 16/04/2016 – Docker Orchestration on Azure with Rancher

Today I got the confirmation that my proposal on “Docker Orchestration on Azure with Rancher” got accepted! Below you can find some more information about the event. I hope to see all of you there! Be sure to register up front though… The (free) ticket sales might skyrocket due to my presence. 😉

 

The fourth Global Azure Bootcamp is around the corner! On April 16, the global Azure community gets together. In Belgium AZUG and RealDolmen have teamed up to organise a free day for Belgian enthusiasts. Join one of the sessions or hack away on the global lab! There’s something for everyone to enjoy.

Sessions

09:00 – 09:20	Welcome + Lab instructions
09:20 – 09:30	Break
09:30 – 10:00	Not Steve, Just Jobs – Kris van der Mast
10:00 – 10:15	Break
10:15 – 11:15	Docker Orchestration on Azure with Rancher – Karim Vaes
11:15 – 11:30	Break
11:30 – 12:30	IOTing the cloud out of UWP – Nico Vermeir
12:30 – 13:30	Lunch
13:30 – 14:30	Hybrid Integration with the Azure Platform – Glenn Colpaert
14:30 – 14:45	Break
14:45 – 15:45	Polyglot Persistence in Microsoft Azure – Charalampos Karypidis
15:45 – 16:00	Break
16:00 – 17:00	Using Azure to simplify your disaster recovery strategy – Wouter Gevaert
17:00 – …	Closing speech, prize draw (sponsor giveaway)

Practical details

Event date: Saturday, April 16, 2016 – full day, starts at 9:00 AM
Event location:
RealDolmen
A. Vaucampslaan 42
1654 Huizingen
Belgium

 

Also a bit shoutout to Azug for organising this event!

Docker & Azure : Testdriving the azure file storage volume driver

Introduction

A bit more than two months back I posted about “Azure & Docker : Shared storage anyone?“. Here I was using a storage pattern called “Hosted Mapped Volume, backed by Shared Storage”. Today we’ll basically do the same thing, but we’ll be using a more clean way by using a basic volume. This volume is (in turn) backed by a shared storage (namely a File Share on an Azure Storage Account). To realise this, we need to have the “docker volume driver for azure file storage” in place.

 

Topology

So we’ll be installing the volume driver on each host. And connect that driver to our Azure Storage Account.

Continue reading “Docker & Azure : Testdriving the azure file storage volume driver” →

Azure : Basic Network Hardening between a Webapp & the SQL Database

A quick tip on hardening your SQL database in combination with an Azure Webapp. Browse to the properties of your webapp. Copy the “outbound ip addresses” to your text editor.

Now browse to the “SQL Server” you have provisioned in Azure. Click on “Show firewall settings” and enter the IP addresses you just noted down.

A small pointer ; You have to enter this an address at the time and save after each entry… Annoying as hell, though this is how the UI works.

Anyhow, let’s see how our webapp behaves…

As you probably do not believe my right off the bat. So let’s clear up the firewall rules…

and test again!

Now we notice that the access to the database was denied. The address listed there is the one that was present in the outbound ip addresses listing from earlier on.

Have fun hardening!

Azure : Finding out the available metrics for autoscaling virtual machine scale sets

For those who have been test driving the autoscale on the virtual machines scale sets… You probably have run into the situation where you wanted to go beyond the quickstart examples!

A quick tip on how to find out which Metrics are available for your autoscaling ;

• Open up the Azure Resource Explorer ; https://resources.azure.com/
• Browse to the virtual machine scale set and copy the “id”
  
• Use that id as input for the “Get-MetricDefinitions” cmdlet
  

So now you have the list of metrics which you can use to tweak the vmss-autoscale templates (for example ; https://github.com/Azure/azure-quickstart-templates/blob/master/201-vmss-ubuntu-autoscale/azuredeploy.json )

Azure Networking : Do not forget the impact of Network Security Groups!

Introduction

In my last post I mentioned that the NSGs (Network Security Groups) had a serious impact on your deployment. So today I’ll be doing a quick demo a possible annoyance you might encounter.

The demo environment

About the same setup as the last time… One VNET, three subnets ; firewall in subnet 10.0.0.0/24, one server in 10.0.1.0/24 and another server in 10.0.2.0/24.

Continue reading “Azure Networking : Do not forget the impact of Network Security Groups!” →

Azure Networking : Building a DMZ and adding Packet Inspection to all Traffic

Introduction

The last week I’ve been putting down a sweat on getting the following “basic” design working.

What do we see here? A virtual network with three subnets. The subnet “SUBNET000” will act as our “External DMZ”. We’ll put the Firewall (and other security related appliances) in here. The other subnets can fulfil different roles, as you want… Let’s imagine that the “SUBNET001” is our “Internal DMZ” and the “SUBNET002” is our “Server Network”.

And what do I want to achieve today? I want all traffic to flow through the firewall. This so I can control / inspect all flows and act accordingly. As a basic test, I want to be able to ping from 10.0.1.4 (subnet001) to 10.0.2.4 (subnet002) and I want to be able to browse to “www.kvaes.be” (internet) from 10.0.1.4 (subnet001). Both tests need to be performed with the firewall als virtual network appliance routing all traffic. This is needed, as otherwise the whole test is useless from a security perspective. 🙂 If I can do those two things, then I can prove that the you can control / inspect all traffic from your Azure network.

Continue reading “Azure Networking : Building a DMZ and adding Packet Inspection to all Traffic” →

Checking if IPFowarding is enabled on Azure without Powershell

Today a quick post with the tip-of-the-week as provided by Joeri Van Hoof ;

If you want to quickly see if a network interface has IP Forwarding enabled in Azure Resource Manager, browse to the following website : https://resources.azure.com/

Now you can browse to the networkInterfaces resource and check if the setting is true/false.

If you need to enable it, you can still rely on the trustworthy powershell scripts off course…

$rgName = "MyResourceGroup"
$vmName = (Get-AzureRmVM -ResourceGroupName $rgName).Name | Out-GridView -Title "Select a VM to configure forwarding ..." -PassThru
$nicName = ((Get-AzureRmVM -ResourceGroupName $rgName -Name $vmName).NetworkInterfaceIDs).Split("/")[-1] | Out-GridView `-Title "Select a NIC to configure forwarding ..." -PassThru
$nicConfig = Get-AzureRmNetworkInterface -ResourceGroupName $rgName -Name $nicName
$nicConfig.EnableIPForwarding = $true
$nicConfig | Set-AzureRmNetworkInterface

 

Autoscalling on Azure : Scale Up … & Down!

Introduction

Today we’ll be building further on the steps we took in the previous post ; “Autoscaling Docker hosts on Azure with Virtual Machine Scale Sets & Rancher“.

 

What will we be doing?

• Deploy our VMSS with a scale-up & a scale-down configuration
• Stress our VMSS so it will scale-up
• Remove the stress so our VMSS will scale-down

Continue reading “Autoscalling on Azure : Scale Up … & Down!” →

Autoscaling Docker hosts on Azure with Virtual Machine Scale Sets & Rancher

Introduction

A while back Mark Russinovich announced the public preview of the “Virtual Machine Scale Sets“;

VM Scale Sets are an Azure Compute resource you can use to deploy and manage a collection of virtual machines as a set. Scale sets are well suited for building large-scale services targeting big compute, big data, and containerized workloads – all of which are increasing in significance as cloud computing continues to evolve. Scale set VMs are configured identically, you just choose how many you need, which enables them to scale out and in rapidly and automatically.

So here we have a cloud service that would enable us to autoscale our hosts in terms of the load of the underlying systems. Now imaging combining this feature with Docker… I don’t know about your, but I’m excited about this premise! When combining this with Rancher, you could make your own Containers-as-a-Service (CaaS)! Today we’ll be delving into the matter to see how to implement this…

 

The Design

A quick extract from the ARM Resource Visualizer… when loading the ARM Template I have prepared for this deep dive.

Continue reading “Autoscaling Docker hosts on Azure with Virtual Machine Scale Sets & Rancher” →