A Content Delivery Network, or CDN, is a globally distributed network for delivering, well, content. Content can include images, videos, CSS and any other asset used for providing web services. The advantages to a CDN include: caching data closer to the users to increase web site performance, improving reliability by leveraging a global caching network and reducing bandwidth by shifting traffic to the CDN.Continue reading “How to configure an Azure CDN”
My head is still swimming from all the information at Microsoft Ignite this year. In this post I’m going over three reoccurring topics that makes managing and compliance of an Azure environment easier. These are Management Groups, Policies and Blueprints.
The only constant is change. I noticed some new information came out this month while working on a project that requires encrypting disks. This information significantly changes how Azure Disk Encryption can be applied to Windows and Linux VM’s. This is an update to my previous article on Azure Disk Encryption with the intention of outlining the new, easier method of encrypting Azure disks. Continue reading “Azure Disk Encryption, V2”
I worked on a project recently that wrote data from PowerShell into a CSV file. The goal was to do real time trending based on the output, but I ran into an issue with file locks as PowerShell and the other program competed for access to the CSV. That’s when I got the idea to write to Azure Table Storage instead of to a CSV. The project didn’t work out for other reasons, but I did work out how to write data into Azure Table Storage instead from PowerShell. This post is about how I did that. Continue reading “Write Data from PowerShell to Azure Table Storage”
As of today, Microsoft has a few different ways of encrypting Azure data. The options for Azure Data Encryption on servers include Storage Service Encryption and Azure Disk Encryption. Below is a quick summery of each.
Storage Service Encryption (SSE)
This is at the storage account level and encrypts data at rest. Encryption takes place as the data is written to storage and decrypted when it’s read. Continue reading “Azure Data Encryption”
I recently worked on a project to deploy several VM’s in Azure. One of the requirements for this was to block all internet access from the Azure VM’s. This is a prudent step in securing an environment; preventing malicious code from web based threats.
Update 1/2018 – Microsoft has implemented NSG Service Tags for storage and Azure SQL. Information on that is located here. Additional information and the opportunity to vote on adding other services can be found here.
To accommodate this, a Network Security Group (NSG) was created and applied to the VM Subnet. Several rules were applied, including one similar to the picture below. The rule simply blocked traffic from the VirtualNetwork out to the Internet on any source or destination port.
After the rule was put in place and tested I began to setup the rest of the environment. Right away I ran into trouble, the VM’s took up to 30 minutes to deploy and errored out with the message “New-AzureRmVm : Long Running Operation Failed with status ‘Failed’. Continue reading “Azure VM and Internet Access”