Jump to content

proximagr

Moderators
  • Content Count

    227
  • Joined

  • Last visited

  • Days Won

    12

proximagr last won the day on October 3 2017

proximagr had the most liked content!

6 Followers

About proximagr

  • Rank
    IT Pro
  • Birthday 06/21/1982

Contact Methods

  • Website URL
    http://www.e-apostolidis.gr
  • Skype
    proximagr

Profile Information

  • Gender
    Male
  • Location
    Athens
  1. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  2. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  3. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  4. Securely scale your Web Apps with Azure Front Door There is a big buzz out there about Azure Front Door. Is it a Load Balancer? A CDN? A Traffic Manager? A Web Application Firewall ? A Reverse Proxy? An Application Gateway? So, what is Azure Front Door? Azure Front Door actually is all the above and more. It is a global service, that routes web traffic based on performance and availability. A Layer 7 multi-region load balancer with Web Application Firewall (WAF) capabilities, DDoS protection & CDN. Azure Front Door is the entry point, the edge, of all Microsoft’s WAN. All Microsoft services, like Office 365 & Bing, are using Azure Front Door. The services that Azure Front door provides are: Accelerate application performance Increase application availability with smart health probes URL-based routing Multi-site hosting URL redirection Session affinity SSL termination Custom Domain & certificate management Security via custom WAF rules DDoS protection URL rewrite IPv6 and HTTP/2 support At Azure Front Door documentation there is a paragraph that can help to understand the difference between Azure Front Door and other publishing / load balancing Azure solutions and where to use each. Azure provides a suite of fully managed load-balancing solutions for your scenarios. If you are looking for a DNS based global routing and do not have requirements for Transport Layer Security (TLS) protocol termination (“SSL offload”) or per-HTTP/HTTPS request, application-layer processing, review Traffic Manager. If you are looking for load balancing between your servers in a region, for application layer, review Application Gateway and for network layer load balancing, review Load Balancer. Your end-to-end scenarios might benefit from combining these solutions as needed. For pricing information, see Front Door Pricing. How to scale your web apps with Front Door Create two simple Azure Web apps. Check this guide for a simple guide on how to create Azure App Service: https://www.e-apostolidis.gr/microsoft/azure/azure-start-point-your-first-web-app/ One at West Europe: and one at North Europe: Using FTP, I deployed an one-page html site at both regions. I change the text of both site to say “This Web Site is located at North Europe Azure Datacenter” and “West Europe” to the other. Then create a Front Door. Search for Front Door at Azure marketplace and Create one. This is a high level diagram of the Front Door with two Web Apps design that we will create The “create a Front Door” wizard will start and we can configure it step by step. First we will create a Frontend host by clicking the + at the Step 1 At the frontend host we will create the URL that our apps will be available. I added the papostolidis.azurefd.net. of course later you can add your custom domain and add a CNAME to route the traffic to the Front Door. Then, at the Backend pools (Step 2), press the + to add the web apps. add a name for the backend pool, like “myapps” and press + ADD a backend to add the apps. Select host type, you can add app service, cloud service, storage and custom host (URL). I selected the app service. Select the subscription and the app service and add the correct ports for http and https traffic. The priority defines if the traffic will be routed to the host with the lower priority number (e.g. 1) and if that host fails will route to the next host with bigger priority number (e.g. 2). If you add the same priority to more than one host then it will follow the weight number. The weight number defines the percentage of requests that will be routed to each host. The same way add the second web app Finally select a path, protocol and interval for the probe that will do health checks to the app to define if it is active or not. The third step is to add the routing rules. At the routing rules you can specify: The accepted protocol, http or https. the frontend host for this rule the patterns that the route will accept, like www.e-apostolidis.gr/mysite/* or just /* ro root. Route type forward or redirect. The backend pool that this rule will direct the traffic The protocol that the traffic will be forwarded. Here we define the SSL Offload if we select HTTPs for frontend accepted protocol and HTTP for backend. URL Rewrite rules Caching, for static content caching like CDN. Once all steps are completed we can move on and create the Front Door When the Front Door is ready, we can see the URL at the Overview. And browse our web app using the Front Door URL: How to protect your web apps with Front Door Right now we scaled our web apps. If we use each app’s URL we can still access the app. The first security step is to lock the web apps to be accessed only through the Front Door URL. Checking the Azure Front Door FAQ page, https://docs.microsoft.com/en-us/azure/frontdoor/front-door-faq it lists the Front Door’s address rance. Front Door’s IPv4 backend IP space: 147.243.0.0/16 Go to the App Service, at the Networking section, select “Configure Access Restrictions” Add an allow access restriction with the IP range of the Front Door. Automatically a Deny rule will be created for everything else. Add the rule to both web apps and then try to access the apps with their direct links. Now on, we can access the apps only by using the Front Door URL: This is a high level diagram after the restrictions At the next article, we will see how to add Web Application Firewall (WAF) Rules to Front Door, Stay Tuned!! The post Securely scale your Web Apps with Azure Front Door appeared first on Apostolidis IT Corner.
  5. Securely scale your Web Apps with Azure Front Door There is a big buzz out there about Azure Front Door. Is it a Load Balancer? A CDN? A Traffic Manager? A Web Application Firewall ? A Reverse Proxy? An Application Gateway? So, what is Azure Front Door? Azure Front Door actually is all the above and more. It is a global service, that routes web traffic based on performance and availability. A Layer 7 multi-region load balancer with Web Application Firewall (WAF) capabilities, DDoS protection & CDN. Azure Front Door is the entry point, the edge, of all Microsoft’s WAN. All Microsoft services, like Office 365 & Bing, are using Azure Front Door. The services that Azure Front door provides are: Accelerate application performance Increase application availability with smart health probes URL-based routing Multi-site hosting URL redirection Session affinity SSL termination Custom Domain & certificate management Security via custom WAF rules DDoS protection URL rewrite IPv6 and HTTP/2 support At Azure Front Door documentation there is a paragraph that can help to understand the difference between Azure Front Door and other publishing / load balancing Azure solutions and where to use each. Azure provides a suite of fully managed load-balancing solutions for your scenarios. If you are looking for a DNS based global routing and do not have requirements for Transport Layer Security (TLS) protocol termination (“SSL offload”) or per-HTTP/HTTPS request, application-layer processing, review Traffic Manager. If you are looking for load balancing between your servers in a region, for application layer, review Application Gateway and for network layer load balancing, review Load Balancer. Your end-to-end scenarios might benefit from combining these solutions as needed. For pricing information, see Front Door Pricing. How to scale your web apps with Front Door Create two simple Azure Web apps. Check this guide for a simple guide on how to create Azure App Service: https://www.e-apostolidis.gr/microsoft/azure/azure-start-point-your-first-web-app/ One at West Europe: and one at North Europe: Using FTP, I deployed an one-page html site at both regions. I change the text of both site to say “This Web Site is located at North Europe Azure Datacenter” and “West Europe” to the other. Then create a Front Door. Search for Front Door at Azure marketplace and Create one. This is a high level diagram of the Front Door with two Web Apps design that we will create The “create a Front Door” wizard will start and we can configure it step by step. First we will create a Frontend host by clicking the + at the Step 1 At the frontend host we will create the URL that our apps will be available. I added the papostolidis.azurefd.net. of course later you can add your custom domain and add a CNAME to route the traffic to the Front Door. Then, at the Backend pools (Step 2), press the + to add the web apps. add a name for the backend pool, like “myapps” and press + ADD a backend to add the apps. Select host type, you can add app service, cloud service, storage and custom host (URL). I selected the app service. Select the subscription and the app service and add the correct ports for http and https traffic. The priority defines if the traffic will be routed to the host with the lower priority number (e.g. 1) and if that host fails will route to the next host with bigger priority number (e.g. 2). If you add the same priority to more than one host then it will follow the weight number. The weight number defines the percentage of requests that will be routed to each host. The same way add the second web app Finally select a path, protocol and interval for the probe that will do health checks to the app to define if it is active or not. The third step is to add the routing rules. At the routing rules you can specify: The accepted protocol, http or https. the frontend host for this rule the patterns that the route will accept, like www.e-apostolidis.gr/mysite/* or just /* ro root. Route type forward or redirect. The backend pool that this rule will direct the traffic The protocol that the traffic will be forwarded. Here we define the SSL Offload if we select HTTPs for frontend accepted protocol and HTTP for backend. URL Rewrite rules Caching, for static content caching like CDN. Once all steps are completed we can move on and create the Front Door When the Front Door is ready, we can see the URL at the Overview. And browse our web app using the Front Door URL: How to protect your web apps with Front Door Right now we scaled our web apps. If we use each app’s URL we can still access the app. The first security step is to lock the web apps to be accessed only through the Front Door URL. Checking the Azure Front Door FAQ page, https://docs.microsoft.com/en-us/azure/frontdoor/front-door-faq it lists the Front Door’s address rance. Front Door’s IPv4 backend IP space: 147.243.0.0/16 Go to the App Service, at the Networking section, select “Configure Access Restrictions” Add an allow access restriction with the IP range of the Front Door. Automatically a Deny rule will be created for everything else. Add the rule to both web apps and then try to access the apps with their direct links. Now on, we can access the apps only by using the Front Door URL: This is a high level diagram after the restrictions At the next article, we will see how to add Web Application Firewall (WAF) Rules to Front Door, Stay Tuned!! The post Securely scale your Web Apps with Azure Front Door appeared first on Apostolidis IT Corner.
  6. Securely scale your Web Apps with Azure Front Door There is a big buzz out there about Azure Front Door. Is it a Load Balancer? A CDN? A Traffic Manager? A Web Application Firewall ? A Reverse Proxy? An Application Gateway? So, what is Azure Front Door? Azure Front Door actually is all the above and more. It is a global service, that routes web traffic based on performance and availability. A Layer 7 multi-region load balancer with Web Application Firewall (WAF) capabilities, DDoS protection & CDN. Azure Front Door is the entry point, the edge, of all Microsoft’s WAN. All Microsoft services, like Office 365 & Bing, are using Azure Front Door. The services that Azure Front door provides are: Accelerate application performance Increase application availability with smart health probes URL-based routing Multi-site hosting URL redirection Session affinity SSL termination Custom Domain & certificate management Security via custom WAF rules DDoS protection URL rewrite IPv6 and HTTP/2 support At Azure Front Door documentation there is a paragraph that can help to understand the difference between Azure Front Door and other publishing / load balancing Azure solutions and where to use each. Azure provides a suite of fully managed load-balancing solutions for your scenarios. If you are looking for a DNS based global routing and do not have requirements for Transport Layer Security (TLS) protocol termination (“SSL offload”) or per-HTTP/HTTPS request, application-layer processing, review Traffic Manager. If you are looking for load balancing between your servers in a region, for application layer, review Application Gateway and for network layer load balancing, review Load Balancer. Your end-to-end scenarios might benefit from combining these solutions as needed. For pricing information, see Front Door Pricing. How to scale your web apps with Front Door Create two simple Azure Web apps. Check this guide for a simple guide on how to create Azure App Service: https://www.e-apostolidis.gr/microsoft/azure/azure-start-point-your-first-web-app/ One at West Europe: and one at North Europe: Using FTP, I deployed an one-page html site at both regions. I change the text of both site to say “This Web Site is located at North Europe Azure Datacenter” and “West Europe” to the other. Then create a Front Door. Search for Front Door at Azure marketplace and Create one. This is a high level diagram of the Front Door with two Web Apps design that we will create The “create a Front Door” wizard will start and we can configure it step by step. First we will create a Frontend host by clicking the + at the Step 1 At the frontend host we will create the URL that our apps will be available. I added the papostolidis.azurefd.net. of course later you can add your custom domain and add a CNAME to route the traffic to the Front Door. Then, at the Backend pools (Step 2), press the + to add the web apps. add a name for the backend pool, like “myapps” and press + ADD a backend to add the apps. Select host type, you can add app service, cloud service, storage and custom host (URL). I selected the app service. Select the subscription and the app service and add the correct ports for http and https traffic. The priority defines if the traffic will be routed to the host with the lower priority number (e.g. 1) and if that host fails will route to the next host with bigger priority number (e.g. 2). If you add the same priority to more than one host then it will follow the weight number. The weight number defines the percentage of requests that will be routed to each host. The same way add the second web app Finally select a path, protocol and interval for the probe that will do health checks to the app to define if it is active or not. The third step is to add the routing rules. At the routing rules you can specify: The accepted protocol, http or https. the frontend host for this rule the patterns that the route will accept, like www.e-apostolidis.gr/mysite/* or just /* ro root. Route type forward or redirect. The backend pool that this rule will direct the traffic The protocol that the traffic will be forwarded. Here we define the SSL Offload if we select HTTPs for frontend accepted protocol and HTTP for backend. URL Rewrite rules Caching, for static content caching like CDN. Once all steps are completed we can move on and create the Front Door When the Front Door is ready, we can see the URL at the Overview. And browse our web app using the Front Door URL: How to protect your web apps with Front Door Right now we scaled our web apps. If we use each app’s URL we can still access the app. The first security step is to lock the web apps to be accessed only through the Front Door URL. Checking the Azure Front Door FAQ page, https://docs.microsoft.com/en-us/azure/frontdoor/front-door-faq it lists the Front Door’s address rance. Front Door’s IPv4 backend IP space: 147.243.0.0/16 Go to the App Service, at the Networking section, select “Configure Access Restrictions” Add an allow access restriction with the IP range of the Front Door. Automatically a Deny rule will be created for everything else. Add the rule to both web apps and then try to access the apps with their direct links. Now on, we can access the apps only by using the Front Door URL: This is a high level diagram after the restrictions At the next article, we will see how to add Web Application Firewall (WAF) Rules to Front Door, Stay Tuned!! The post Securely scale your Web Apps with Azure Front Door appeared first on Apostolidis IT Corner.
  7. Securely scale your Web Apps with Azure Front Door There is a big buzz out there about Azure Front Door. Is it a Load Balancer? A CDN? A Traffic Manager? A Web Application Firewall ? A Reverse Proxy? An Application Gateway? So, what is Azure Front Door? Azure Front Door actually is all the above and more. It is a global service, that routes web traffic based on performance and availability. A Layer 7 multi-region load balancer with Web Application Firewall (WAF) capabilities, DDoS protection & CDN. Azure Front Door is the entry point, the edge, of all Microsoft’s WAN. All Microsoft services, like Office 365 & Bing, are using Azure Front Door. The services that Azure Front door provides are: Accelerate application performance Increase application availability with smart health probes URL-based routing Multi-site hosting URL redirection Session affinity SSL termination Custom Domain & certificate management Security via custom WAF rules DDoS protection URL rewrite IPv6 and HTTP/2 support At Azure Front Door documentation there is a paragraph that can help to understand the difference between Azure Front Door and other publishing / load balancing Azure solutions and where to use each. Azure provides a suite of fully managed load-balancing solutions for your scenarios. If you are looking for a DNS based global routing and do not have requirements for Transport Layer Security (TLS) protocol termination (“SSL offload”) or per-HTTP/HTTPS request, application-layer processing, review Traffic Manager. If you are looking for load balancing between your servers in a region, for application layer, review Application Gateway and for network layer load balancing, review Load Balancer. Your end-to-end scenarios might benefit from combining these solutions as needed. For pricing information, see Front Door Pricing. How to scale your web apps with Front Door Create two simple Azure Web apps. Check this guide for a simple guide on how to create Azure App Service: https://www.e-apostolidis.gr/microsoft/azure/azure-start-point-your-first-web-app/ One at West Europe: and one at North Europe: Using FTP, I deployed an one-page html site at both regions. I change the text of both site to say “This Web Site is located at North Europe Azure Datacenter” and “West Europe” to the other. Then create a Front Door. Search for Front Door at Azure marketplace and Create one. This is a high level diagram of the Front Door with two Web Apps design that we will create The “create a Front Door” wizard will start and we can configure it step by step. First we will create a Frontend host by clicking the + at the Step 1 At the frontend host we will create the URL that our apps will be available. I added the papostolidis.azurefd.net. of course later you can add your custom domain and add a CNAME to route the traffic to the Front Door. Then, at the Backend pools (Step 2), press the + to add the web apps. add a name for the backend pool, like “myapps” and press + ADD a backend to add the apps. Select host type, you can add app service, cloud service, storage and custom host (URL). I selected the app service. Select the subscription and the app service and add the correct ports for http and https traffic. The priority defines if the traffic will be routed to the host with the lower priority number (e.g. 1) and if that host fails will route to the next host with bigger priority number (e.g. 2). If you add the same priority to more than one host then it will follow the weight number. The weight number defines the percentage of requests that will be routed to each host. The same way add the second web app Finally select a path, protocol and interval for the probe that will do health checks to the app to define if it is active or not. The third step is to add the routing rules. At the routing rules you can specify: The accepted protocol, http or https. the frontend host for this rule the patterns that the route will accept, like www.e-apostolidis.gr/mysite/* or just /* ro root. Route type forward or redirect. The backend pool that this rule will direct the traffic The protocol that the traffic will be forwarded. Here we define the SSL Offload if we select HTTPs for frontend accepted protocol and HTTP for backend. URL Rewrite rules Caching, for static content caching like CDN. Once all steps are completed we can move on and create the Front Door When the Front Door is ready, we can see the URL at the Overview. And browse our web app using the Front Door URL: How to protect your web apps with Front Door Right now we scaled our web apps. If we use each app’s URL we can still access the app. The first security step is to lock the web apps to be accessed only through the Front Door URL. Checking the Azure Front Door FAQ page, https://docs.microsoft.com/en-us/azure/frontdoor/front-door-faq it lists the Front Door’s address rance. Front Door’s IPv4 backend IP space: 147.243.0.0/16 Go to the App Service, at the Networking section, select “Configure Access Restrictions” Add an allow access restriction with the IP range of the Front Door. Automatically a Deny rule will be created for everything else. Add the rule to both web apps and then try to access the apps with their direct links. Now on, we can access the apps only by using the Front Door URL: This is a high level diagram after the restrictions At the next article, we will see how to add Web Application Firewall (WAF) Rules to Front Door, Stay Tuned!! The post Securely scale your Web Apps with Azure Front Door appeared first on Apostolidis IT Corner.
  8. Securely scale your Web Apps with Azure Front Door There is a big buzz out there about Azure Front Door. Is it a Load Balancer? A CDN? A Traffic Manager? A Web Application Firewall ? A Reverse Proxy? An Application Gateway? So, what is Azure Front Door? Azure Front Door actually is all the above and more. It is a global service, that routes web traffic based on performance and availability. A Layer 7 multi-region load balancer with Web Application Firewall (WAF) capabilities, DDoS protection & CDN. Azure Front Door is the entry point, the edge, of all Microsoft’s WAN. All Microsoft services, like Office 365 & Bing, are using Azure Front Door. The services that Azure Front door provides are: Accelerate application performance Increase application availability with smart health probes URL-based routing Multi-site hosting URL redirection Session affinity SSL termination Custom Domain & certificate management Security via custom WAF rules DDoS protection URL rewrite IPv6 and HTTP/2 support At Azure Front Door documentation there is a paragraph that can help to understand the difference between Azure Front Door and other publishing / load balancing Azure solutions and where to use each. Azure provides a suite of fully managed load-balancing solutions for your scenarios. If you are looking for a DNS based global routing and do not have requirements for Transport Layer Security (TLS) protocol termination (“SSL offload”) or per-HTTP/HTTPS request, application-layer processing, review Traffic Manager. If you are looking for load balancing between your servers in a region, for application layer, review Application Gateway and for network layer load balancing, review Load Balancer. Your end-to-end scenarios might benefit from combining these solutions as needed. For pricing information, see Front Door Pricing. How to scale your web apps with Front Door Create two simple Azure Web apps. Check this guide for a simple guide on how to create Azure App Service: https://www.e-apostolidis.gr/microsoft/azure/azure-start-point-your-first-web-app/ One at West Europe: and one at North Europe: Using FTP, I deployed an one-page html site at both regions. I change the text of both site to say “This Web Site is located at North Europe Azure Datacenter” and “West Europe” to the other. Then create a Front Door. Search for Front Door at Azure marketplace and Create one. This is a high level diagram of the Front Door with two Web Apps design that we will create The “create a Front Door” wizard will start and we can configure it step by step. First we will create a Frontend host by clicking the + at the Step 1 At the frontend host we will create the URL that our apps will be available. I added the papostolidis.azurefd.net. of course later you can add your custom domain and add a CNAME to route the traffic to the Front Door. Then, at the Backend pools (Step 2), press the + to add the web apps. add a name for the backend pool, like “myapps” and press + ADD a backend to add the apps. Select host type, you can add app service, cloud service, storage and custom host (URL). I selected the app service. Select the subscription and the app service and add the correct ports for http and https traffic. The priority defines if the traffic will be routed to the host with the lower priority number (e.g. 1) and if that host fails will route to the next host with bigger priority number (e.g. 2). If you add the same priority to more than one host then it will follow the weight number. The weight number defines the percentage of requests that will be routed to each host. The same way add the second web app Finally select a path, protocol and interval for the probe that will do health checks to the app to define if it is active or not. The third step is to add the routing rules. At the routing rules you can specify: The accepted protocol, http or https. the frontend host for this rule the patterns that the route will accept, like www.e-apostolidis.gr/mysite/* or just /* ro root. Route type forward or redirect. The backend pool that this rule will direct the traffic The protocol that the traffic will be forwarded. Here we define the SSL Offload if we select HTTPs for frontend accepted protocol and HTTP for backend. URL Rewrite rules Caching, for static content caching like CDN. Once all steps are completed we can move on and create the Front Door When the Front Door is ready, we can see the URL at the Overview. And browse our web app using the Front Door URL: How to protect your web apps with Front Door Right now we scaled our web apps. If we use each app’s URL we can still access the app. The first security step is to lock the web apps to be accessed only through the Front Door URL. Checking the Azure Front Door FAQ page, https://docs.microsoft.com/en-us/azure/frontdoor/front-door-faq it lists the Front Door’s address rance. Front Door’s IPv4 backend IP space: 147.243.0.0/16 Go to the App Service, at the Networking section, select “Configure Access Restrictions” Add an allow access restriction with the IP range of the Front Door. Automatically a Deny rule will be created for everything else. Add the rule to both web apps and then try to access the apps with their direct links. Now on, we can access the apps only by using the Front Door URL: This is a high level diagram after the restrictions At the next article, we will see how to add Web Application Firewall (WAF) Rules to Front Door, Stay Tuned!! The post Securely scale your Web Apps with Azure Front Door appeared first on Apostolidis IT Corner.
  9. Securely scale your Web Apps with Azure Front Door There is a big buzz out there about Azure Front Door. Is it a Load Balancer? A CDN? A Traffic Manager? A Web Application Firewall ? A Reverse Proxy? An Application Gateway? So, what is Azure Front Door? Azure Front Door actually is all the above and more. It is a global service, that routes web traffic based on performance and availability. A Layer 7 multi-region load balancer with Web Application Firewall (WAF) capabilities, DDoS protection & CDN. Azure Front Door is the entry point, the edge, of all Microsoft’s WAN. All Microsoft services, like Office 365 & Bing, are using Azure Front Door. The services that Azure Front door provides are: Accelerate application performance Increase application availability with smart health probes URL-based routing Multi-site hosting URL redirection Session affinity SSL termination Custom Domain & certificate management Security via custom WAF rules DDoS protection URL rewrite IPv6 and HTTP/2 support At Azure Front Door documentation there is a paragraph that can help to understand the difference between Azure Front Door and other publishing / load balancing Azure solutions and where to use each. Azure provides a suite of fully managed load-balancing solutions for your scenarios. If you are looking for a DNS based global routing and do not have requirements for Transport Layer Security (TLS) protocol termination (“SSL offload”) or per-HTTP/HTTPS request, application-layer processing, review Traffic Manager. If you are looking for load balancing between your servers in a region, for application layer, review Application Gateway and for network layer load balancing, review Load Balancer. Your end-to-end scenarios might benefit from combining these solutions as needed. For pricing information, see Front Door Pricing. How to scale your web apps with Front Door Create two simple Azure Web apps. Check this guide for a simple guide on how to create Azure App Service: https://www.e-apostolidis.gr/microsoft/azure/azure-start-point-your-first-web-app/ One at West Europe: and one at North Europe: Using FTP, I deployed an one-page html site at both regions. I change the text of both site to say “This Web Site is located at North Europe Azure Datacenter” and “West Europe” to the other. Then create a Front Door. Search for Front Door at Azure marketplace and Create one. This is a high level diagram of the Front Door with two Web Apps design that we will create The “create a Front Door” wizard will start and we can configure it step by step. First we will create a Frontend host by clicking the + at the Step 1 At the frontend host we will create the URL that our apps will be available. I added the papostolidis.azurefd.net. of course later you can add your custom domain and add a CNAME to route the traffic to the Front Door. Then, at the Backend pools (Step 2), press the + to add the web apps. add a name for the backend pool, like “myapps” and press + ADD a backend to add the apps. Select host type, you can add app service, cloud service, storage and custom host (URL). I selected the app service. Select the subscription and the app service and add the correct ports for http and https traffic. The priority defines if the traffic will be routed to the host with the lower priority number (e.g. 1) and if that host fails will route to the next host with bigger priority number (e.g. 2). If you add the same priority to more than one host then it will follow the weight number. The weight number defines the percentage of requests that will be routed to each host. The same way add the second web app Finally select a path, protocol and interval for the probe that will do health checks to the app to define if it is active or not. The third step is to add the routing rules. At the routing rules you can specify: The accepted protocol, http or https. the frontend host for this rule the patterns that the route will accept, like www.e-apostolidis.gr/mysite/* or just /* ro root. Route type forward or redirect. The backend pool that this rule will direct the traffic The protocol that the traffic will be forwarded. Here we define the SSL Offload if we select HTTPs for frontend accepted protocol and HTTP for backend. URL Rewrite rules Caching, for static content caching like CDN. Once all steps are completed we can move on and create the Front Door When the Front Door is ready, we can see the URL at the Overview. And browse our web app using the Front Door URL: How to protect your web apps with Front Door Right now we scaled our web apps. If we use each app’s URL we can still access the app. The first security step is to lock the web apps to be accessed only through the Front Door URL. Checking the Azure Front Door FAQ page, https://docs.microsoft.com/en-us/azure/frontdoor/front-door-faq it lists the Front Door’s address rance. Front Door’s IPv4 backend IP space: 147.243.0.0/16 Go to the App Service, at the Networking section, select “Configure Access Restrictions” Add an allow access restriction with the IP range of the Front Door. Automatically a Deny rule will be created for everything else. Add the rule to both web apps and then try to access the apps with their direct links. Now on, we can access the apps only by using the Front Door URL: This is a high level diagram after the restrictions At the next article, we will see how to add Web Application Firewall (WAF) Rules to Front Door, Stay Tuned!! The post Securely scale your Web Apps with Azure Front Door appeared first on Apostolidis IT Corner.
  10. Securely scale your Web Apps with Azure Front Door There is a big buzz out there about Azure Front Door. Is it a Load Balancer? A CDN? A Traffic Manager? A Web Application Firewall ? A Reverse Proxy? An Application Gateway? So, what is Azure Front Door? Azure Front Door actually is all the above and more. It is a global service, that routes web traffic based on performance and availability. A Layer 7 multi-region load balancer with Web Application Firewall (WAF) capabilities, DDoS protection & CDN. Azure Front Door is the entry point, the edge, of all Microsoft’s WAN. All Microsoft services, like Office 365 & Bing, are using Azure Front Door. The services that Azure Front door provides are: Accelerate application performance Increase application availability with smart health probes URL-based routing Multi-site hosting URL redirection Session affinity SSL termination Custom Domain & certificate management Security via custom WAF rules DDoS protection URL rewrite IPv6 and HTTP/2 support At Azure Front Door documentation there is a paragraph that can help to understand the difference between Azure Front Door and other publishing / load balancing Azure solutions and where to use each. Azure provides a suite of fully managed load-balancing solutions for your scenarios. If you are looking for a DNS based global routing and do not have requirements for Transport Layer Security (TLS) protocol termination (“SSL offload”) or per-HTTP/HTTPS request, application-layer processing, review Traffic Manager. If you are looking for load balancing between your servers in a region, for application layer, review Application Gateway and for network layer load balancing, review Load Balancer. Your end-to-end scenarios might benefit from combining these solutions as needed. For pricing information, see Front Door Pricing. How to scale your web apps with Front Door Create two simple Azure Web apps. Check this guide for a simple guide on how to create Azure App Service: https://www.e-apostolidis.gr/microsoft/azure/azure-start-point-your-first-web-app/ One at West Europe: and one at North Europe: Using FTP, I deployed an one-page html site at both regions. I change the text of both site to say “This Web Site is located at North Europe Azure Datacenter” and “West Europe” to the other. Then create a Front Door. Search for Front Door at Azure marketplace and Create one. This is a high level diagram of the Front Door with two Web Apps design that we will create The “create a Front Door” wizard will start and we can configure it step by step. First we will create a Frontend host by clicking the + at the Step 1 At the frontend host we will create the URL that our apps will be available. I added the papostolidis.azurefd.net. of course later you can add your custom domain and add a CNAME to route the traffic to the Front Door. Then, at the Backend pools (Step 2), press the + to add the web apps. add a name for the backend pool, like “myapps” and press + ADD a backend to add the apps. Select host type, you can add app service, cloud service, storage and custom host (URL). I selected the app service. Select the subscription and the app service and add the correct ports for http and https traffic. The priority defines if the traffic will be routed to the host with the lower priority number (e.g. 1) and if that host fails will route to the next host with bigger priority number (e.g. 2). If you add the same priority to more than one host then it will follow the weight number. The weight number defines the percentage of requests that will be routed to each host. The same way add the second web app Finally select a path, protocol and interval for the probe that will do health checks to the app to define if it is active or not. The third step is to add the routing rules. At the routing rules you can specify: The accepted protocol, http or https. the frontend host for this rule the patterns that the route will accept, like www.e-apostolidis.gr/mysite/* or just /* ro root. Route type forward or redirect. The backend pool that this rule will direct the traffic The protocol that the traffic will be forwarded. Here we define the SSL Offload if we select HTTPs for frontend accepted protocol and HTTP for backend. URL Rewrite rules Caching, for static content caching like CDN. Once all steps are completed we can move on and create the Front Door When the Front Door is ready, we can see the URL at the Overview. And browse our web app using the Front Door URL: How to protect your web apps with Front Door Right now we scaled our web apps. If we use each app’s URL we can still access the app. The first security step is to lock the web apps to be accessed only through the Front Door URL. Checking the Azure Front Door FAQ page, https://docs.microsoft.com/en-us/azure/frontdoor/front-door-faq it lists the Front Door’s address rance. Front Door’s IPv4 backend IP space: 147.243.0.0/16 Go to the App Service, at the Networking section, select “Configure Access Restrictions” Add an allow access restriction with the IP range of the Front Door. Automatically a Deny rule will be created for everything else. Add the rule to both web apps and then try to access the apps with their direct links. Now on, we can access the apps only by using the Front Door URL: This is a high level diagram after the restrictions At the next article, we will see how to add Web Application Firewall (WAF) Rules to Front Door, Stay Tuned!! The post Securely scale your Web Apps with Azure Front Door appeared first on Apostolidis IT Corner.
  11. <h1 style="text-align: justify;">Azure Portal | Playing with Disk Snapshot</h1> <p style="text-align: justify;">Disk Snapshot is a powerful tool to manage Azure VMs. It’s simple to create and can help the administrators in various tasks. It’s a fast and efficient way to have a crash-consistent Disk of a Virtual Machine, before performing tasks, updates, configuration changes, application installations, etc. Of course the last line of defence is the Azure Backup, but using the Snapshot you don’t need to wait the whole Backup / Restore times. With snapshots there are two main options to recover the VM. One is using the “swap OS Disk” functionality, which gives you the ease to swap the Operating System disk with one click. The other option is to create a new VIrtual Machine. Beware, if you want to make Azure VM clones, you need to generalize the VM with Sysprep and Capture the VM. Using the Snapshot option you will have an identical VM, with the same IDs.</p> <h2 style="text-align: justify;">Snapshot</h2> <p style="text-align: justify;">The first step is to create a snapshot from the Virtual Disk. Open the Azure VM, go to Disks, select the OS Disk and press “Create Snapshot”. You don’t actually need to stop the VM. Windows Server operating system stays fully consistent, but no one can guarantee the consistency of any databases currently running. Think of it like the Hyper V CheckPoint functionality. We make checkpoints all the time and we revert to them even in production.</p> <p id="yLMWzuR" style="text-align: justify;"><img class="alignnone wp-image-2884 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8c4f41af1.png"alt="disk snapshot" width="773" height="359" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8c4f41af1.png 773w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8c4f41af1-300x139.png 300w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8c4f41af1-768x357.png 768w" sizes="(max-width: 773px) 100vw, 773px" /></p> <p style="text-align: justify;">The Create snapshot screen will open. Fill in a name and disk account type (Standard / Premium) and press create.</p> <p id="Cvnyhoo" style="text-align: justify;"><img class="alignnone wp-image-2885 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8c81cf6be.png"alt="disk snapshot" width="635" height="448" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8c81cf6be.png 635w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8c81cf6be-300x212.png 300w" sizes="(max-width: 635px) 100vw, 635px" /></p> <p style="text-align: justify;">At this point I will create a folder at the VM for revision</p> <p id="RNUFdnD" style="text-align: justify;"><img class="alignnone wp-image-2886 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8d0eef630.png"alt="disk snapshot" width="580" height="303" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8d0eef630.png 580w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8d0eef630-300x157.png 300w" sizes="(max-width: 580px) 100vw, 580px" /></p> <h2 style="text-align: justify;">Create a Disk</h2> <p style="text-align: justify;">To make the snapshot functional, we need to create a Managed Disk resource.</p> <p id="TCxcFbJ" style="text-align: justify;"><img class="alignnone wp-image-2888 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8dbd6c9fb.png"alt="disk snapshot" width="614" height="296" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8dbd6c9fb.png 614w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8dbd6c9fb-300x145.png 300w" sizes="(max-width: 614px) 100vw, 614px" /></p> <p style="text-align: justify;">At the Create managed disk wizard, select the Region that the Snapshot resides. Then select “Source type” Snapshot and select it. At the Size, select a disk size at least the same as the source disk.</p> <p id="CYKOnDl" style="text-align: justify;"><img class="alignnone wp-image-2889" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8e03cea11.png"alt="disk snapshot" width="638" height="656" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8e03cea11.png 833w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8e03cea11-292x300.png 292w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8e03cea11-768x789.png 768w" sizes="(max-width: 638px) 100vw, 638px" /></p> <h2 style="text-align: justify;">Swap OS Disk</h2> <p style="text-align: justify;">Now that we have created the managed disk, it’s time to use the Swap OS Disk functionality. We have proceeded with the Azure VM’s updates, software updates, configuration changes, and finally we need to roll back those changes. Go to the VM’s Disks and press “Swap OS Disk”</p> <p id="pzuGeyg" style="text-align: justify;"><img class="alignnone wp-image-2887" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8d3ca65c2.png"alt="disk snapshot" width="633" height="390" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8d3ca65c2.png 852w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8d3ca65c2-300x185.png 300w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8d3ca65c2-768x472.png 768w" sizes="(max-width: 633px) 100vw, 633px" /></p> <p style="text-align: justify;">at the “Swap OS Disk” wizard, select the managed disk that we created.</p> <p id="qmhobOc" style="text-align: justify;"><img class="alignnone wp-image-2890 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8e6658951.png"alt="disk snapshot" width="449" height="399" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8e6658951.png 449w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8e6658951-300x267.png 300w" sizes="(max-width: 449px) 100vw, 449px" /></p> <p style="text-align: justify;">In the background, the Azure Platform will stop, deallocate the VM and it will re-crate it with the selected OS disk. As you see at the next screenshot the OS disk is the managed disk that we created from teh snapshot.</p> <p id="JASxLxW" style="text-align: justify;"><img class="alignnone wp-image-2891 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8eda544ed.png"alt="disk snapshot" width="955" height="484" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8eda544ed.png 955w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8eda544ed-300x152.png 300w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8eda544ed-768x389.png 768w" sizes="(max-width: 955px) 100vw, 955px" /></p> <p style="text-align: justify;">I Started the VM and logged in. The folder I created after the snapshot of course is missing <img src="https://s.w.org/images/core/emoji/12.0.0-1/72x72/1f642.png"alt="?" class="wp-smiley" style="height: 1em; max-height: 1em;" /></p> <p style="text-align: justify;"><img class="alignnone wp-image-2892 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8f86e1d8a.png"alt="disk snapshot" width="507" height="258" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8f86e1d8a.png 507w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8f86e1d8a-300x153.png 300w" sizes="(max-width: 507px) 100vw, 507px" /></p> <h2 style="text-align: justify;">New Azure VM</h2> <p style="text-align: justify;">The other option is to create a new Virtual Machine using the Snapshot. As I wrote before, beware, if you want to make Azure VM clones, you need to generalize the VM with Sysprep and Capture the VM. Using the Snapshot option you will have an identical VM, with the same IDs.</p> <p style="text-align: justify;">To create a VM from the Snapshot, just open the Managed Disk that you created from the Snapshot and press Create VM.</p> <h2 id="YVnQUGo" style="text-align: justify;"><img class="alignnone wp-image-2893 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8fe63bbc2.png"alt="disk snapshot" width="764" height="401" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8fe63bbc2.png 764w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8fe63bbc2-300x157.png 300w" sizes="(max-width: 764px) 100vw, 764px" /></h2> <p style="text-align: justify;">The Create a virtual machine wizard will open, and at the Operating System Image section, it will have selected the image from the disk. This process is identical to creating a new Hyper V VM from an existing virtual disk.</p> <p id="agkkViV" style="text-align: justify;"><img class="alignnone wp-image-2899 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b9dee55885.png"alt="disk snapshot" width="875" height="838" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b9dee55885.png 875w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b9dee55885-300x287.png 300w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b9dee55885-768x736.png 768w" sizes="(max-width: 875px) 100vw, 875px" /></p> <p style="text-align: justify;">Follow the Create a virtual machine wizard exactly the same as creating any Azure VM.</p> <p>More e-apostolidis.gr posts about managed disks: <a href="https://www.e-apostolidis.gr/tag/managed-disks/">https://www.e-apostolidis.gr/tag/managed-disks/</a></p> <p style="text-align: left;">Read more at: <a href="https://docs.microsoft.com/en-us/azure/virtual-machines/windows/managed-disks-overview#managed-disk-snapshots">https://docs.microsoft.com/en-us/azure/virtual-machines/windows/managed-disks-overview#managed-disk-snapshots</a></p> <p> </p> <p><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fazure-portal-playing-with-disk-snapshot%2F&linkname=Azure%20Portal%20%7C%20Playing%20with%20Disk%20Snapshot"title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_print" href="https://www.addtoany.com/add_to/print?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fazure-portal-playing-with-disk-snapshot%2F&linkname=Azure%20Portal%20%7C%20Playing%20with%20Disk%20Snapshot" title="Print" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share#url=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fazure-portal-playing-with-disk-snapshot%2F&title=Azure%20Portal%20%7C%20Playing%20with%20Disk%20Snapshot" data-a2a-url="https://www.e-apostolidis.gr/microsoft/azure/azure-portal-playing-with-disk-snapshot/" data-a2a-title="Azure Portal | Playing with Disk Snapshot"><img src="https://static.addtoany.com/buttons/share_save_171_16.png" alt="Share"></a></p><p>The post <a rel="nofollow" href="https://www.e-apostolidis.gr/microsoft/azure/azure-portal-playing-with-disk-snapshot/">Azure Portal | Playing with Disk Snapshot</a> appeared first on <a rel="nofollow" href="https://www.e-apostolidis.gr">Apostolidis IT Corner</a>.</p> <a href="https://www.e-apostolidis.gr/microsoft/azure/azure-portal-playing-with-disk-snapshot/"class='bbc_url' rel='nofollow external'>Source</a>
  12. <p>Happy Friday! My blog post is featured at this week’s Friday Five!</p> <p>Check out this week’s <a href="https://techcommunity.microsoft.com/t5/Microsoft-MVP-Award-Program-Blog/Friday-Five-Azure-free-SMTP-relay-using-Sendgrid-Power-Platform/ba-p/894274">FridayFive section of the Microsoft MVP Award Program Blog!</a> My blog post about <a href="https://www.e-apostolidis.gr/microsoft/azure-free-smtp-relay-using-sendgrid/">using SendGrid for free SMTP relay from Azure</a> is featured !!!</p> <p id="swHBZZB"><img class="alignnone size-full wp-image-2880 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d97b481a29bb.png"alt="" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d97b481a29bb.png 1239w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d97b481a29bb-300x87.png 300w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d97b481a29bb-768x224.png 768w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d97b481a29bb-1024x298.png 1024w" sizes="(max-width: 1239px) 100vw, 1239px" /></p> <p><a href="https://techcommunity.microsoft.com/t5/Microsoft-MVP-Award-Program-Blog/Friday-Five-Azure-free-SMTP-relay-using-Sendgrid-Power-Platform/ba-p/894274">https://techcommunity.microsoft.com/t5/Microsoft-MVP-Award-Program-Blog/Friday-Five-Azure-free-SMTP-relay-using-Sendgrid-Power-Platform/ba-p/894274</a></p> <p><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fgeneral%2Fhappy-friday-my-blog-post-featured-at-this-weeks-friday-five%2F&linkname=Happy%20Friday%21%20My%20blog%20post%20featured%20at%20this%20week%E2%80%99s%20Friday%20Five%21"title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_print" href="https://www.addtoany.com/add_to/print?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fgeneral%2Fhappy-friday-my-blog-post-featured-at-this-weeks-friday-five%2F&linkname=Happy%20Friday%21%20My%20blog%20post%20featured%20at%20this%20week%E2%80%99s%20Friday%20Five%21" title="Print" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share#url=https%3A%2F%2Fwww.e-apostolidis.gr%2Fgeneral%2Fhappy-friday-my-blog-post-featured-at-this-weeks-friday-five%2F&title=Happy%20Friday%21%20My%20blog%20post%20featured%20at%20this%20week%E2%80%99s%20Friday%20Five%21" data-a2a-url="https://www.e-apostolidis.gr/general/happy-friday-my-blog-post-featured-at-this-weeks-friday-five/" data-a2a-title="Happy Friday! My blog post featured at this week’s Friday Five!"><img src="https://static.addtoany.com/buttons/share_save_171_16.png" alt="Share"></a></p><p>The post <a rel="nofollow" href="https://www.e-apostolidis.gr/general/happy-friday-my-blog-post-featured-at-this-weeks-friday-five/">Happy Friday! My blog post featured at this week’s Friday Five!</a> appeared first on <a rel="nofollow" href="https://www.e-apostolidis.gr">Apostolidis IT Corner</a>.</p> <a href="https://www.e-apostolidis.gr/general/happy-friday-my-blog-post-featured-at-this-weeks-friday-five/"class='bbc_url' rel='nofollow external'>Source</a>
  13. <h1>Azure Security Center</h1> <h2>Remediate security recommendations in 1 click</h2> <p>Azure Security Center provides unified security management and advanced threat protection across hybrid cloud workloads. Using advanced analytics, it helps you detect potentially malicious activity across your hybrid cloud workloads, and recommends potential remediation steps, which you can then evaluate, and take the necessary action.</p> <p id="DLQOMZB"><img class="alignnone size-full wp-image-2857 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d8ddac95fb1a.png"alt="" /></p> <p>One of the main features of Azure Security Center is that offers prioritized and actionable security recommendations so you can remediate security vulnerabilities before they can be exploited by attackers. To simplify remediation of security issues now allows you to remediate a recommendation on multiple resources with a single click.</p> <ul> <li>Quick access to 1-click fix<br />The 1-click fix label is shown next to the recommendations that offer this faster remediation tool.</li> <li>Logging for transparency<br />All remediation actions are logged in the activity log.</li> </ul> <p id="cYAerXE"><img class="alignnone size-full wp-image-2858 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d8ddaf03f635.png"alt="" /></p> <h2>How to use 1-click remediation</h2> <p>Look for the “1-click Fix !” Label at the recommendations!</p> <p id="aBGvMLk"><img class="alignnone size-full wp-image-2859 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d8ddb125f8f2.png"alt="" /></p> <p>Once you click the “1-click Fix !” Label, the recommendation information page will pen. Select the affected resources and click Remediate</p> <p id="ORTsWRv"><img class="alignnone size-full wp-image-2861 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d8ddfea3fdaa.png"alt="" /></p> <p>A final window will open that will inform you about the action that will be performed and what will affect. Check the information and if you agree click the final “Remediation” button</p> <p id="NiZsHKi"><img class="alignnone size-full wp-image-2863 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d8de03500959.png"alt="" /></p> <h2>Current 1-click remediation availability</h2> <p>Remediation is available for the following recommendations in preview:</p> <ul> <li>Web Apps, Function Apps, and API Apps should only be accessible over HTTPS</li> <li>Remote debugging should be turned off for Function Apps, Web Apps, and API Apps</li> <li>CORS should not allow every resource to access your Function Apps, Web Apps, or API Apps</li> <li>Secure transfer to storage accounts should be enabled</li> <li>Transparent data encryption for Azure SQL Database should be enabled</li> <li>Monitoring agent should be installed on your virtual machines</li> <li>Diagnostic logs in Azure Key Vault and Azure Service Bus should be enabled</li> <li>Diagnostic logs in Service Bus should be enabled</li> <li>Vulnerability assessment should be enabled on your SQL servers</li> <li>Advanced data security should be enabled on your SQL servers</li> <li>Vulnerability assessment should be enabled on your SQL managed instances</li> <li>Advanced data security should be enabled on your SQL managed instances</li> </ul> <p>Single click remediation is part of Azure Security Center’s free tier.</p> <p>Read more at: <a href="https://azure.microsoft.com/en-gb/blog/azure-security-center-single-click-remediation-and-azure-firewall-jit-support/">AzureSecurity Center single click remediation</a></p> <p>Sources:</p> <p><a href="https://azure.microsoft.com/en-gb/blog/azure-security-center-single-click-remediation-and-azure-firewall-jit-support/">AzureSecurity Center single click remediation</a></p> <p><a class="breadcrumbs__link" href="https://azure.microsoft.com/en-us/updates/one-click-remediation-for-security-recommendations/"data-event="global-navigation-body-clicked-breadcrumb" data-bi-area="content" data-bi-id="global-navigation-body-clicked-breadcrumb">Azure Security Center—1-click remediation for security recommendations is now available</a></p> <p><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fasc-remediate-security-recommendations-in-1-click%2F&linkname=ASC%20%7C%20Remediate%20security%20recommendations%20in%201%20click"title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_print" href="https://www.addtoany.com/add_to/print?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fasc-remediate-security-recommendations-in-1-click%2F&linkname=ASC%20%7C%20Remediate%20security%20recommendations%20in%201%20click" title="Print" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share#url=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fasc-remediate-security-recommendations-in-1-click%2F&title=ASC%20%7C%20Remediate%20security%20recommendations%20in%201%20click" data-a2a-url="https://www.e-apostolidis.gr/microsoft/azure/asc-remediate-security-recommendations-in-1-click/" data-a2a-title="ASC | Remediate security recommendations in 1 click"><img src="https://static.addtoany.com/buttons/share_save_171_16.png" alt="Share"></a></p><p>The post <a rel="nofollow" href="https://www.e-apostolidis.gr/microsoft/azure/asc-remediate-security-recommendations-in-1-click/">ASC | Remediate security recommendations in 1 click</a> appeared first on <a rel="nofollow" href="https://www.e-apostolidis.gr">Apostolidis IT Corner</a>.</p> <a href="https://www.e-apostolidis.gr/microsoft/azure/asc-remediate-security-recommendations-in-1-click/"class='bbc_url' rel='nofollow external'>Source</a>
  14. <h1>Azure Private Link | Private connection to Azure PaaS</h1> <p> </p> <p>Azure Private Link is a new service, currently in Preview, that provides private connectivity from a virtual network or an on-premises network with Site-2-Site VPN to Azure platform as a service (PaaS) Microsoft services. Azure Private Link makes the networking a lot more simple improving the security and eliminating the need for public access.</p> <p id="nAIxogs"><img class="alignnone size-full wp-image-2844 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d8145c21e8f8.png"alt="" /></p> <p> </p> <p><span style="font-size: 12px;">image from: <a href="https://azure.microsoft.com/en-us/services/private-link/">https://azure.microsoft.com/en-us/services/private-link/</a></span></p> <p>Azure Private Link is a Service mapped to Azure Virtual Networks through a private endpoint. This means that all traffic is routed internally, using private IPs and connectivity, eliminating the exposure to threats. Using Private Link helps an organization to meed the compliance standards.</p> <p>Azure Private Link is a Global service. It does not have regional restrictions. You can connect privately services from all the Azure Regions around the globe.</p> <h2>Lets Lab It!</h2> <p>Let’s see in practice how we can connect from an Azure VM and from our on-premises computer using VPN to an Azure SQL Database using private IPs. For the Lab I already have a Virtual Machine running Windows Server 2019 and an Azure SQL Database. The SQL Database is not connected to any networks.</p> <p>Open the Azure Portal, press New and search for “Private Link”, select it and press “Create”</p> <p id="wWRgRfz"><img class="alignnone size-full wp-image-2824 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d812bccdb08c.png"alt="" /></p> <p>A nice “Getting started page” will open. Click the “Build a private connection to a service”</p> <p id="YGbIKKC"><img class="alignnone size-full wp-image-2825 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d812c222bb50.png"alt="" /></p> <p id="hySxSQb"><img class="alignnone size-full wp-image-2826 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d812c2e18651.png"alt="" /></p> <p>The “Create a private endpoint” wizard will open. Select a name for the Private Link and a Region and press Next to go to the second step.</p> <p><code></code></p> <p id="vCwjsPb"><img class="alignnone size-full wp-image-2832 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d8130185f27f.png"alt="" /></p> <p>At the second step, select to connect to the azure resource in my directory, and select the subscription where the Azure SQL Database resides. Then select the SQL Server.</p> <p id="qmxqrJF"><img class="alignnone size-full wp-image-2833 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d81303297eff.png"alt="" /></p> <p>At the third step, select the VIrtual Network that the Private Link will be created. I selected the network where my Virtual Machine resides. If you don’t have your own DNS server select Yes to create an Azure private DNS zone.</p> <p id="nfoqivE"><img class="alignnone size-full wp-image-2835 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d813077e1d38.png"alt="" /></p> <p>At the final step, review the settings and create the Private Link</p> <p id="lHsjjBi"><img class="alignnone size-full wp-image-2836 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d81309adc037.png"alt="" /></p> <p>After the resource creation, you can check the DNS for the Azure SQL Server Private IP Address!</p> <p id="cSPyGGM"><img class="alignnone size-full wp-image-2837 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d81317ff3814.png"alt="" /></p> <p>And at the SQL Server, at the “Private endpoint connections” section you will see the new Private Link.</p> <p id="YnyPGra"><img class="alignnone size-full wp-image-2839 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d8132886dbdc.png"alt="" /></p> <p>Open a Remote Desktop Connection to the Azure VM, and run a nslookup for the SQL Server name. In my case the command is:</p> <p>PS C:> nslookup plsqlsrv.database.windows.net<br />Server: UnKnown<br />Address: 168.63.129.16</p> <p>Non-authoritative answer:<br />Name: plsqlsrv.privatelink.database.windows.net<br />Address: 10.0.2.5<br />Aliases: plsqlsrv.database.windows.net</p> <p id="zdWsPaP"><img class="alignnone size-full wp-image-2838 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d8131e47f882.png"alt="" /></p> <p>And it returned the Private IP address of the SQL Server.</p> <p>From my computer, i tried to connect to the Azure SQL Server, using the name plsqlsrv.database.windows.net and the connection failed since my Public IP Address is not allowed to access the server.</p> <p id="YMuBmUq"><img class="alignnone size-full wp-image-2840 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d813f72173a6.png"alt="" /></p> <p>From the Azure VM I managed to connect successfully and of course internally!</p> <p id="nVbBsVv"><img class="alignnone size-full wp-image-2841 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d813fab7a6a1.png"alt="" /></p> <p>After that, I added a Virtual Network Gateway to the Network and created a Point to Site VPN connection from my local computer to Azure. You can check my guide on how to do this: <a href="https://www.e-apostolidis.gr/microsoft/azure-start-point-point-to-site-vpn/"target="_blank" rel="noopener noreferrer">https://www.e-apostolidis.gr/microsoft/azure/azure-start-point-point-to-site-vpn/</a></p> <p>In order to connect to the Azure SQL you need to either use a local DNS server to map the SQl Server name to the Azure SQL IP or add an entry to the local host file for testing.</p> <p id="VbhUQVD"><img class="alignnone size-full wp-image-2849 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d8150b51c2d2.png"alt="" /></p> <h2>Conclusion</h2> <p>Azure Private Link is in Preview and currently supports Azure SQL Database and Storage accounts. Additional services coming in preview in next 3-6 months:</p> <ul> <li>· Cosmos DB</li> <li>· App Service Vnet Integration + App Service Environment</li> <li>· Azure Kubernetes Service</li> <li>· Azure Key Vault</li> <li>· PostgreSQL</li> <li>· MySQL</li> <li>· Maria DB</li> </ul> <p> </p> <p>Source:</p> <p><a href="https://azure.microsoft.com/en-us/services/private-link/">https://azure.microsoft.com/en-us/services/private-link/</a></p> <p><a href="https://azure.microsoft.com/en-au/blog/announcing-azure-private-link/">https://azure.microsoft.com/en-au/blog/announcing-azure-private-link/</a></p> <p> </p> <p><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fazure-private-link-private-connection-to-azure-paas%2F&linkname=Azure%20Private%20Link%20%7C%20Private%20connection%20to%20Azure%20PaaS"title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_print" href="https://www.addtoany.com/add_to/print?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fazure-private-link-private-connection-to-azure-paas%2F&linkname=Azure%20Private%20Link%20%7C%20Private%20connection%20to%20Azure%20PaaS" title="Print" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share#url=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fazure-private-link-private-connection-to-azure-paas%2F&title=Azure%20Private%20Link%20%7C%20Private%20connection%20to%20Azure%20PaaS" data-a2a-url="https://www.e-apostolidis.gr/microsoft/azure/azure-private-link-private-connection-to-azure-paas/" data-a2a-title="Azure Private Link | Private connection to Azure PaaS"><img src="https://static.addtoany.com/buttons/share_save_171_16.png" alt="Share"></a></p><p>The post <a rel="nofollow" href="https://www.e-apostolidis.gr/microsoft/azure/azure-private-link-private-connection-to-azure-paas/">Azure Private Link | Private connection to Azure PaaS</a> appeared first on <a rel="nofollow" href="https://www.e-apostolidis.gr">Apostolidis IT Corner</a>.</p> <a href="https://www.e-apostolidis.gr/microsoft/azure/azure-private-link-private-connection-to-azure-paas/"class='bbc_url' rel='nofollow external'>Source</a>
  15. <p style="text-align: justify;">ExpressRoute is a Microsoft Azure service that provides a private connection between an organization’s on-premises infrastructure and Microsoft Cloud services, such as Microsoft Azure, Office 365, and Dynamics 365.</p> <p style="text-align: justify;">Microsoft Azure ExpressRoute was general available back on 2014. To connect to Azure ExpressRoute you need a direct line with an ExpressRoute provider. Now Microsoft announced that Microsoft cloud services can be accessed with Azure ExpressRoute using satellite connectivity, breaking the direct line barriers, making it feasible to connect your data center directly to Microsoft Azure from all around the globe!</p> <p style="text-align: justify;"><img src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/6fc8736b-b6e9-4959-8692-c602e9d931e4.png"alt="Infographic of High level architecture of ExpressRoute and satellite integration" /></p> <p><span style="font-size: 10px;">image from <a href="https://azure.microsoft.com/en-us/blog/satellite-connectivity-expands-reach-of-azure-expressroute-across-the-globe/">https://azure.microsoft.com/en-us/blog/satellite-connectivity-expands-reach-of-azure-expressroute-across-the-globe/</a></span></p> <p id="JXlaLtf" style="text-align: justify;">Azure ExpressRoute Satellite connectivity is currently provided by three Microsoft partners, Intelsat, SES, and Viasat. Microsoft expands its already large connectivity, adding Satellite connectivity options at the 54 Regions worldwide making <a href="https://azure.microsoft.com/en-us/global-infrastructure/global-network/">Microsoft’sglobal network</a> one of the largest in the world.</p> <p style="text-align: justify;">Source:</p> <p style="text-align: justify;"><a href="https://docs.microsoft.com/en-us/azure/expressroute/expressroute-introduction">https://docs.microsoft.com/en-us/azure/expressroute/expressroute-introduction</a></p> <p style="text-align: justify;"><a href="https://azure.microsoft.com/en-us/blog/satellite-connectivity-expands-reach-of-azure-expressroute-across-the-globe/">https://azure.microsoft.com/en-us/blog/satellite-connectivity-expands-reach-of-azure-expressroute-across-the-globe/</a></p> <p><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fazure-expressroute-adds-satellite-connectivity%2F&linkname=Azure%20ExpressRoute%20adds%20Satellite%20connectivity"title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_print" href="https://www.addtoany.com/add_to/print?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fazure-expressroute-adds-satellite-connectivity%2F&linkname=Azure%20ExpressRoute%20adds%20Satellite%20connectivity" title="Print" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share#url=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fazure-expressroute-adds-satellite-connectivity%2F&title=Azure%20ExpressRoute%20adds%20Satellite%20connectivity" data-a2a-url="https://www.e-apostolidis.gr/microsoft/azure/azure-expressroute-adds-satellite-connectivity/" data-a2a-title="Azure ExpressRoute adds Satellite connectivity"><img src="https://static.addtoany.com/buttons/share_save_171_16.png" alt="Share"></a></p><p>The post <a rel="nofollow" href="https://www.e-apostolidis.gr/microsoft/azure/azure-expressroute-adds-satellite-connectivity/">Azure ExpressRoute adds Satellite connectivity</a> appeared first on <a rel="nofollow" href="https://www.e-apostolidis.gr">Apostolidis IT Corner</a>.</p> <a href="https://www.e-apostolidis.gr/microsoft/azure/azure-expressroute-adds-satellite-connectivity/"class='bbc_url' rel='nofollow external'>Source</a>
×
×
  • Create New...