Today I was setting up a deployment with two hosts ;
- One in West Europe (“WE”)
- One in North Europe (“NE”)
The objective was to have a shared mountpoint between both. So I created a storage account in the region West Europe. In this storage account I created a file share, and mounted it on to the VM located in WE. Though when using the exact same config in NE, I got the following error message ;
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
Continue reading “Azure File Share : Issue mounting outside of the Azure region from Ubuntu Linux”
Today I got the confirmation that my proposal on “Docker Orchestration on Azure with Rancher” got accepted! Below you can find some more information about the event. I hope to see all of you there! Be sure to register up front though… The (free) ticket sales might skyrocket due to my presence. 😉
The fourth Global Azure Bootcamp is around the corner! On April 16, the global Azure community gets together. In Belgium AZUG and RealDolmen have teamed up to organise a free day for Belgian enthusiasts. Join one of the sessions or hack away on the global lab! There’s something for everyone to enjoy.
|09:00 – 09:20
||Welcome + Lab instructions
|09:20 – 09:30
|09:30 – 10:00
||Not Steve, Just Jobs – Kris van der Mast
|10:00 – 10:15
|10:15 – 11:15
||Docker Orchestration on Azure with Rancher – Karim Vaes
|11:15 – 11:30
|11:30 – 12:30
||IOTing the cloud out of UWP – Nico Vermeir
|12:30 – 13:30
|13:30 – 14:30
||Hybrid Integration with the Azure Platform – Glenn Colpaert
|14:30 – 14:45
|14:45 – 15:45
||Polyglot Persistence in Microsoft Azure – Charalampos Karypidis
|15:45 – 16:00
|16:00 – 17:00
||Using Azure to simplify your disaster recovery strategy – Wouter Gevaert
|17:00 – …
||Closing speech, prize draw (sponsor giveaway)
Event date: Saturday, April 16, 2016 – full day, starts at 9:00 AM
A. Vaucampslaan 42
Also a bit shoutout to Azug for organising this event!
A bit more than two months back I posted about “Azure & Docker : Shared storage anyone?“. Here I was using a storage pattern called “Hosted Mapped Volume, backed by Shared Storage”. Today we’ll basically do the same thing, but we’ll be using a more clean way by using a basic volume. This volume is (in turn) backed by a shared storage (namely a File Share on an Azure Storage Account). To realise this, we need to have the “docker volume driver for azure file storage” in place.
So we’ll be installing the volume driver on each host. And connect that driver to our Azure Storage Account.
Continue reading “Docker & Azure : Testdriving the azure file storage volume driver”
A quick tip on hardening your SQL database in combination with an Azure Webapp. Browse to the properties of your webapp. Copy the “outbound ip addresses” to your text editor.
Now browse to the “SQL Server” you have provisioned in Azure. Click on “Show firewall settings” and enter the IP addresses you just noted down.
A small pointer ; You have to enter this an address at the time and save after each entry… Annoying as hell, though this is how the UI works.
Anyhow, let’s see how our webapp behaves…
As you probably do not believe my right off the bat. So let’s clear up the firewall rules…
and test again!
Now we notice that the access to the database was denied. The address listed there is the one that was present in the outbound ip addresses listing from earlier on.
Have fun hardening!
For those who have been test driving the autoscale on the virtual machines scale sets… You probably have run into the situation where you wanted to go beyond the quickstart examples!
A quick tip on how to find out which Metrics are available for your autoscaling ;
So now you have the list of metrics which you can use to tweak the vmss-autoscale templates (for example ; https://github.com/Azure/azure-quickstart-templates/blob/master/201-vmss-ubuntu-autoscale/azuredeploy.json )
In my last post I mentioned that the NSGs (Network Security Groups) had a serious impact on your deployment. So today I’ll be doing a quick demo a possible annoyance you might encounter.
The demo environment
About the same setup as the last time… One VNET, three subnets ; firewall in subnet 10.0.0.0/24, one server in 10.0.1.0/24 and another server in 10.0.2.0/24.
Continue reading “Azure Networking : Do not forget the impact of Network Security Groups!”
The last week I’ve been putting down a sweat on getting the following “basic” design working.
What do we see here? A virtual network with three subnets. The subnet “SUBNET000” will act as our “External DMZ”. We’ll put the Firewall (and other security related appliances) in here. The other subnets can fulfil different roles, as you want… Let’s imagine that the “SUBNET001” is our “Internal DMZ” and the “SUBNET002” is our “Server Network”.
And what do I want to achieve today? I want all traffic to flow through the firewall. This so I can control / inspect all flows and act accordingly. As a basic test, I want to be able to ping from 10.0.1.4 (subnet001) to 10.0.2.4 (subnet002) and I want to be able to browse to “www.kvaes.be” (internet) from 10.0.1.4 (subnet001). Both tests need to be performed with the firewall als virtual network appliance routing all traffic. This is needed, as otherwise the whole test is useless from a security perspective. 🙂 If I can do those two things, then I can prove that the you can control / inspect all traffic from your Azure network.
Continue reading “Azure Networking : Building a DMZ and adding Packet Inspection to all Traffic”