Azure File Share : Issue mounting outside of the Azure region from Ubuntu Linux

Today I was setting up a deployment with two hosts ;

  • One in West Europe (“WE”)
  • One in North Europe (“NE”)

The objective was to have a shared mountpoint between both. So I created a storage account in the region West Europe. In this storage account I created a file share, and mounted it on to the VM located in WE. Though when using the exact same config in NE, I got the following error message ;

2016-03-30 13_49_01-kvaes@rancherne0_ ~

mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

Continue reading “Azure File Share : Issue mounting outside of the Azure region from Ubuntu Linux”

Public Speaking Engagement – Azure Bootcamp on 16/04/2016 – Docker Orchestration on Azure with Rancher

Today I got the confirmation that my proposal on “Docker Orchestration on Azure with Rancher” got accepted! Below you can find some more information about the event. I hope to see all of you there! Be sure to register up front though… The (free) ticket sales might skyrocket due to my presence. 😉


The fourth Global Azure Bootcamp is around the corner! On April 16, the global Azure community gets together. In Belgium AZUG and RealDolmen have teamed up to organise a free day for Belgian enthusiasts. Join one of the sessions or hack away on the global lab! There’s something for everyone to enjoy.


09:00 – 09:20 Welcome + Lab instructions
09:20 – 09:30 Break
09:30 – 10:00 Not Steve, Just Jobs – Kris van der Mast
10:00 – 10:15 Break
10:15 – 11:15 Docker Orchestration on Azure with Rancher – Karim Vaes
11:15 – 11:30 Break
11:30 – 12:30 IOTing the cloud out of UWP – Nico Vermeir
12:30 – 13:30 Lunch
13:30 – 14:30 Hybrid Integration with the Azure Platform – Glenn Colpaert
14:30 – 14:45 Break
14:45 – 15:45 Polyglot Persistence in Microsoft Azure – Charalampos Karypidis
15:45 – 16:00 Break
16:00 – 17:00 Using Azure to simplify your disaster recovery strategy – Wouter Gevaert
17:00 – … Closing speech, prize draw (sponsor giveaway)

Practical details

Event date: Saturday, April 16, 2016 – full day, starts at 9:00 AM
Event location:
A. Vaucampslaan 42
1654 Huizingen


Also a bit shoutout to Azug for organising this event!

Docker & Azure : Testdriving the azure file storage volume driver


A bit more than two months back I posted about “Azure & Docker : Shared storage anyone?“. Here I was using a storage pattern called “Hosted Mapped Volume, backed by Shared Storage”. Today we’ll basically do the same thing, but we’ll be using a more clean way by using a basic volume. This volume is (in turn) backed by a shared storage (namely a File Share on an Azure Storage Account). To realise this, we need to have the “docker volume driver for azure file storage” in place.



So we’ll be installing the volume driver on each host. And connect that driver to our Azure Storage Account.


Continue reading “Docker & Azure : Testdriving the azure file storage volume driver”

Azure : Basic Network Hardening between a Webapp & the SQL Database

A quick tip on hardening your SQL database in combination with an Azure Webapp. Browse to the properties of your webapp. Copy the “outbound ip addresses” to your text editor.

2016-03-16 08_38_56-Properties - Microsoft Azure

Now browse to the “SQL Server” you have provisioned in Azure. Click on “Show firewall settings” and enter the IP addresses you just noted down.

2016-03-16 08_38_13-Firewall settings - Microsoft Azure

A small pointer ; You have to enter this an address at the time and save after each entry… Annoying as hell, though this is how the UI works.

Anyhow, let’s see how our webapp behaves…

2016-03-16 08_43_42-Welcome to CodeIgniter

As you probably do not believe my right off the bat. So let’s clear up the firewall rules…

2016-03-16 08_44_52-Firewall settings - Microsoft Azure

and test again! 2016-03-16 08_45_35-Database Error

Now we notice that the access to the database was denied. The address listed there is the one that was present in the outbound ip addresses listing from earlier on.

Have fun hardening!

Azure : Finding out the available metrics for autoscaling virtual machine scale sets

For those who have been test driving the autoscale on the virtual machines scale sets… You probably have run into the situation where you wanted to go beyond the quickstart examples!

A quick tip on how to find out which Metrics are available for your autoscaling ;

So now you have the list of metrics which you can use to tweak the vmss-autoscale templates (for example ; )

Azure Networking : Do not forget the impact of Network Security Groups!


In my last post I mentioned that the NSGs (Network Security Groups) had a serious impact on your deployment. So today I’ll be doing a quick demo a possible annoyance you might encounter.

The demo environment

About the same setup as the last time… One VNET, three subnets ; firewall in subnet, one server in and another server in

2016-03-14 20_08_17-Settings - Microsoft Azure

Continue reading “Azure Networking : Do not forget the impact of Network Security Groups!”

Azure Networking : Building a DMZ and adding Packet Inspection to all Traffic


The last week I’ve been putting down a sweat on getting the following “basic” design working.


What do we see here? A virtual network with three subnets. The subnet “SUBNET000” will act as our “External DMZ”. We’ll put the Firewall (and other security related appliances) in here. The other subnets can fulfil different roles, as you want… Let’s imagine that the “SUBNET001” is our “Internal DMZ” and the “SUBNET002” is our “Server Network”.

And what do I want to achieve today? I want all traffic to flow through the firewall. This so I can control / inspect all flows and act accordingly. As a basic test, I want to be able to ping from (subnet001) to (subnet002) and I want to be able to browse to “” (internet) from (subnet001). Both tests need to be performed with the firewall als virtual network appliance routing all traffic. This is needed, as otherwise the whole test is useless from a security perspective. 🙂 If I can do those two things, then I can prove that the you can control / inspect all traffic from your Azure network.

Continue reading “Azure Networking : Building a DMZ and adding Packet Inspection to all Traffic”

Checking if IPFowarding is enabled on Azure without Powershell

Today a quick post with the tip-of-the-week as provided by Joeri Van Hoof ;

If you want to quickly see if a network interface has IP Forwarding enabled in Azure Resource Manager, browse to the following website :

Now you can browse to the networkInterfaces resource and check if the setting is true/false.

2016-03-11 11_07_43-Resource Explorer

If you need to enable it, you can still rely on the trustworthy powershell scripts off course…

$rgName = "MyResourceGroup"
$vmName = (Get-AzureRmVM -ResourceGroupName $rgName).Name | Out-GridView -Title "Select a VM to configure forwarding ..." -PassThru
$nicName = ((Get-AzureRmVM -ResourceGroupName $rgName -Name $vmName).NetworkInterfaceIDs).Split("/")[-1] | Out-GridView `-Title "Select a NIC to configure forwarding ..." -PassThru
$nicConfig = Get-AzureRmNetworkInterface -ResourceGroupName $rgName -Name $nicName
$nicConfig.EnableIPForwarding = $true
$nicConfig | Set-AzureRmNetworkInterface


Autoscalling on Azure : Scale Up … & Down!


Today we’ll be building further on the steps we took in the previous post ; “Autoscaling Docker hosts on Azure with Virtual Machine Scale Sets & Rancher“.


What will we be doing?

  • Deploy our VMSS with a scale-up & a scale-down configuration
  • Stress our VMSS so it will scale-up
  • Remove the stress so our VMSS will scale-down

Continue reading “Autoscalling on Azure : Scale Up … & Down!”

Autoscaling Docker hosts on Azure with Virtual Machine Scale Sets & Rancher


A while back Mark Russinovich announced the public preview of the “Virtual Machine Scale Sets“;

VM Scale Sets are an Azure Compute resource you can use to deploy and manage a collection of virtual machines as a set. Scale sets are well suited for building large-scale services targeting big compute, big data, and containerized workloads – all of which are increasing in significance as cloud computing continues to evolve. Scale set VMs are configured identically, you just choose how many you need, which enables them to scale out and in rapidly and automatically.


So here we have a cloud service that would enable us to autoscale our hosts in terms of the load of the underlying systems. Now imaging combining this feature with Docker… I don’t know about your, but I’m excited about this premise! When combining this with Rancher, you could make your own Containers-as-a-Service (CaaS)! Today we’ll be delving into the matter to see how to implement this…


The Design

A quick extract from the ARM Resource Visualizer… when loading the ARM Template I have prepared for this deep dive.

2016-03-04 14_39_53-Azure Resource Visualizer

Continue reading “Autoscaling Docker hosts on Azure with Virtual Machine Scale Sets & Rancher”