Kategorie Ops
Various resources can be reserved in Azure, whereby use is guaranteed for 1 or 3 years. This can reduce the price of these resources by up to 72%. In the portal you can see these reduced costs for the reservations:… Weiterlesen →
The Defender for Cloud offers are used to receive notifications and alerts about Azure Services. To do this, it can be activated per subscription and per Azure Service (e.g. with Set-AzSecurityPricing or in the portal). However, what is not supported… Weiterlesen →
To set up a budget with warning in Azure, the Az.Billing PowerShell Module offers the cmdlets New-AzConsumptionBudget. Unfortunately, the PowerShell commands don’t seem to be implemented correctly in version 2.0.0 at the Az Module 8.3.0 or newer (currently 9.0.1): The… Weiterlesen →
As described in the previous article, private endpoints can be used to securely access Azure services. With App Services there is an additional possibility to control the outgoing traffic. Specifically, when configuring the app service in the network area, 2… Weiterlesen →
Most Azure services are accessible via a public URL. However, to provide a higher level of protection and a direct connection, various options are available in Azure. The two most common approaches are Service Endpoints and Private Endpoint/Private Link. Service… Weiterlesen →
“Blazor lets you build interactive web UIs using C# instead of JavaScript. Blazor apps are composed of reusable web UI components implemented using C#, HTML, and CSS.” The application can be run directly in the browser as a WebAssembly. It… Weiterlesen →
I had problems with the instructions from my post, because Lets Encrypt is switching from ACME API v1 to ACME API v2. So I switched to acme.sh to generate Let’s Encrypt certificates in manual DNS mode. The steps are simple… Weiterlesen →
Keycloak is a comprehensive and free open source identity provider. It is also offered in numerous Docker variants, which makes deployment very easy. Access to the shell is necessary for the configuration, e.g. if the first user has to be… Weiterlesen →
Lately people have been talking about Azure Landing Zones. This primarily refers to the environment in Azure into the workloads be migrated or new workloads are introduced. This means the preparation of the Azure environment. Specifically, the basic structure in… Weiterlesen →
VMs are often used in Azure because sometimes higher-quality services such as Platform Services are not suitable. For each VM, there is basic monitoring such as network traffic and corresponding visualizations (e.g. under Metrics) directly in the portal. Often, the… Weiterlesen →
Azure Automation can automatically send emails through alerts when a runbook fails. Unfortunately, these alert mails cannot be adjusted and it is often necessary to send further information. In this case SendGrid is a good alternative because the mail service… Weiterlesen →
Should files are uploaded or downloaded from an Azure Storage Account Blob, there are corresponding PowerShell commands. Specifically, Get-AzStorageBlobContent or Set-AzStorageBlobContent can be used. Both commands always require the specification of a local file. In some cases, however, it may… Weiterlesen →
Azure provides a good way with Cost Management to report the costs and consumption of Azure Services. It offers various filtering, aggregation and export options. In some cases, however, it is still necessary to call up and process the data… Weiterlesen →
Anyone who has activated the Premium Plan 2 role of Azure Active Directory, for example for using Privilaged Identity Management (PIM), starts with a free 30-day trial period. If period has expired, the emails shown above follow daily and there… Weiterlesen →
The Application Gateway v2 has considerable advantages over the v1. Support for autoscaling, zone redundant operation or use as an ingress in the AKS are just a few features from the list. The re-encryption of the back-end data traffic is… Weiterlesen →
The Azure Application Gateway is a load balancer with some additional features, such as path-based routing, a web application firewall or SSL termination. However, if the traffic to the backend has to be encrypted also, (it has to be re-encrypted),… Weiterlesen →
VPN tunnels are often set up between on-premises environments and Azure. Sometimes these break off regularly and have to be restarted. However, there is often an incorrect configuration between the Azure VPN gateway and the on-premises gateway. The following are… Weiterlesen →
For a special scenario, an Azure file share was integrated and used by several clients. However, a web portal should also be provided, through which the files can be downloaded. The IIS can reference directories as virtual directories and display… Weiterlesen →
There is often a requirement that workload be distributed across multiple Azure regions. If these are services that are publicly accessible from the Internet, the use of a firewall is recommended. The standard setup was usually the combination of a… Weiterlesen →
In some cases VMs have to be started / stopped in a certain order. Often, certain services have to run before the next VM can start. It may be necessary to set waiting times between the start of two VMs…. Weiterlesen →
There are various options for deploying Java applications on an App Service. The application can be deployed as a ZIP file or directly as a WAR file. There are different ways for each variant, for example with Azure CLI, FTP,… Weiterlesen →
The Scenario The diagram above shows two virtual networks in which several VMs are placed. All VMs require a local DNS server that can be reached via the VPN gateway. The network is accordingly peered (with Use Remote Gateway and… Weiterlesen →
If you need to reset a VPN-Gateway, an Azure Runbook is a good way of implementation. And the command to reset is very simple: Reset-AzVirtualNetworkGateway But if the runbook was called several times, for example from several alerts, the reset… Weiterlesen →
Sometimes I get the error message:docker.exe: Error response from daemon: driver failed programming external connectivity on endpoint infallible_kapitsa (c7baca25c4e65da8aa6e592e7fb9ed81c0f55a3f7891e93c62a79819007f4e61): Error starting userland proxy: listen tcp 0.0.0.0:1234: bind: Der Zugriff auf einen Socket war aufgrund der Zugriffsrechte des Sockets unzulässig. The… Weiterlesen →
Update December 2019:It is now possible to create an empty managed disk in Azure an upload a local VHD file directly in it. Therefore it is not necessary to upload the VHD in a storage account and deleting it afterwards…. Weiterlesen →
Update October 2019:Since March 2019, Azure Schedulers support the selection of weekdays. The article will still be available because weekday selections are only an example of custom control flows and parameters. Often the first workload in the cloud is a… Weiterlesen →
Many customers wonder how to protect the workload in Azure and whether everything is publicly accessible. I want to show how easy it is, to protect workload with network security groups.
In some scenarios it is not possible to generate a ServicePrincipal for automation in Azure, although this is the recommended way. In this case, credentials can also be stored and used in Azure Automation. In the following I used the… Weiterlesen →
For the automated start and stop of several VMs in Azure there are many possibilities. The most flexible is certainly the Automation Service. Any scripts can be created or obtained from galleries and executed on-demand or time-controlled. Especially for the… Weiterlesen →
I needed 2 subdomain certificates from Lets Encrypt. I had looked at some tools and found ACMESharp (https://pkisharp.github.io/ACMESharp-docs/Quick-Start, https://github.com/ebekker/ACMESharp/wiki/Quick-Start) the best. To get the certificate, the ACMEVault has to be set up once and the tool has to be installed… Weiterlesen →
