Azure : A poor man’s SSL termination (by leveraging Cloudflare)

Introduction

A few weeks back I posted some posts about the Azure Application Gateway. Here I must say I ran into some issues in combination with Rancher. So I was forced to look for alternatives…

One of my requirements was to have a “zero-touch deployment”-capability. Meaning that I did not want to deploy a system where I had to manually change things to get it working.

 

High Level Blueprint

So how would a “poor man’s ssl termination on Azure” look? Basically I’m using Cloudflare as my DNS provider which then provides capabilities like CDN, various SSL options (like SSL Termination = Flexible SSL), WAF, etc. We can start with the free plan, where we can do a redirect to https and do SSL termination.

In addition, we’ll deploy an NSG (network security = basic azure firewall rule) that is configured to only allow the IP ranges from Cloudflare. This way we speak https on the outside world, and we have to accept that the traffic between Cloudflare and our hosts is unencrypted…

 

Continue reading “Azure : A poor man’s SSL termination (by leveraging Cloudflare)” →

Azure Active Directory Demystified

Introduction

Last year when I talked with customers during strategic roadmap exercises, I always portrayed one big message to them ;

“If you only have room in your budget for one project, then it’s <cloud identity>!”

The IT landscape is evolving at a pace none of us can manage… Really, you are not alone! Looking towards applications & cloud services, they are breeding faster then rats / mice / … Do you really want to manage one million (or more) directories? Because each application potentially has its own directory for authentication. Please forgive us if anyone would either join or leave the company? Then we, as IT, would need to make alterations to those one million directories… Ohhhh my! So you really need an identity strategy!

Continue reading “Azure Active Directory Demystified” →