Showing posts with label Azure. Show all posts
Showing posts with label Azure. Show all posts

Wednesday, August 25, 2021

Load balancing - help me choose (Preview) - Diagram

 Microsoft Azure provide various load balancing services such as Azure Front Door, Traffic Manager, Application Gateway, Azure Load Balancer.

For you to decide what is the best service for you depending on your scenario can be quite difficult, if you are not aware how each service work. Therefore we have created little wizard in Azure (i.e. Load balancing - help me choose) that will help you to pick the right service. This wizard ask you bunch of simple questions and determine what is best solution for you. You can use the Azure Load Balancing page in the Azure portal to help you guide to the right load-balancing solution for your business need.

I have created following decision flow diagram that is based on the very same wizard flow in Azure portal. You can visually see all options at the same time. I hope this would be helpful for you, you can even print it and have it handy when needed :)

Tuesday, June 1, 2021

Choosing Compute Services on Azure (AKS, Service Fabric, App Service)

If you are planning to move your services to cloud its important to understand what is the best candidate compute service for you. You don't want to over/under  provision your solution. So what is the best service we should pick, this is on of the question that i am asked often. While there is no single right or wrong answer it depends on what kind of workload and SLAs you have that will dictate what is best compute service for you.

Azure Compute Services offer following key workloads:

  • App Service: A managed service for hosting web apps, mobile app back ends, RESTful APIs, or automated business processes.
  • Azure Kubernetes Service (AKS):  A managed Kubernetes service for running containerized applications.
  • Batch : A managed service for running large-scale parallel and high-performance computing (HPC) applications 
  • Container Instances: The fastest and simplest way to run a container in Azure, without having to provision any virtual machines and without having to adopt a higher-level service. 
  • Functions: A managed FaaS service. 
  • Service Fabric: A distributed systems platform that can run in many environments, including Azure or on premises. 
  • Virtual machines: Deploy and manage VMs inside an Azure virtual network.

It is also important to understand following hosting models:
  • Infrastructure-as-a-Service (IaaS) lets you provision individual VMs along with the associated networking and storage components. Then you deploy whatever software and applications you want onto those VMs. This model is the closest to a traditional on-premises environment, except that Microsoft manages the infrastructure. You still manage the individual VMs. 
  • Platform-as-a-Service (PaaS) provides a managed hosting environment, where you can deploy your application without needing to manage VMs or networking resources. Azure App Service is a PaaS service. 
  • Functions-as-a-Service (FaaS) goes even further in removing the need to worry about the hosting environment. In a FaaS model, you simply deploy your code and the service automatically runs it. Azure Functions is a FaaS service

 Following chart show how best to pick candidate compute service for you:

You also need to look at aspects such as scalability, availability, security and how easily you can perform DevOps.

Ref: Microsoft Docs.

Friday, May 28, 2021

What is Bicep

Have you been writing ARM templates and didn't quite fancy the way ARM templates are written in JSON. Well Bicep is here that would help you author ARM templates with much cleaner syntax. Bicep give you abstraction the way ARM templates are now written. Its supported by Microsoft 100% free, very modular, state is stored in Azure no manual handling. 

You can get latest windows installer here or see all install options here: bicep/ at main · Azure/bicep (

You can also download Bicep Visual Studio Code extension.

Hello world sample Bicep file to spin up storage in Azure..

param location string = 'eastus'

param storageAccountName string = 'azmubistorageacc1' // must be globally unique

var storageSku = 'Standard_LRS' // declare variable and assign value

resource stg 'Microsoft.Storage/storageAccounts@2019-06-01' = {
  name: storageAccountName
  location: location
  kind: 'Storage'
  sku: {
    name: storageSku // reference variable

output storageId string = // output resourceId of storage account

Edit it in VS Code using Bicep extensions.

Deploy template using Bicep CLI (make sure to create resource group in Azure in advance e.g. bicep).

az deployment group create -f ./test.bicep -g bicep

Storage account created in Azure using Bicep.

Bicep Language specifications can be found here.

Bicep Azure DevOps Task is available here.

- task: BicepBuild@0
    process: 'single'
    sourceFile: '.\bicep_files\sample1.bicep'
    stdout: false # Note if stdout is true 'outputDirectory' will not be interpreted
    outputFile: '.\bicep_files\sample1.out.json' # Only when 'stdout' is false or not defined and 'outputDirectory' is empty or not defined

Bicep Build Actions (Github Action) is available to run the Bicep CLI to build ARM template more.

# Runs the bicep CLI action - individual files
- name: Run Bicep build
  uses: aliencube/bicep-build-actions@v0.3
    files: sample1.bicep sample2.bicep biceps/sample3.bicep biceps/sample4.bicep

# Checks the result
- name: Check the result
  shell: bash
  run: |
    shopt -s globstar
    ls -altR **/sample*.*

If you have existing ARM templates you can decompile them.

bicep decompile "path/to/MyARMTempateFile.json"

You can also export your Azure resource group to .bicep file.

step 1 - az group export --name "MY-Azure-Resource-Group" > MainARMTemplate.json
step 2 - bicep decompile MainARMTemplate.json

Learn more about Bicep here ..

Sunday, January 3, 2021

Azure Traffic Manager vs App Gateway vs Front Door vs Load Balancer


Some of the key features and difference between Azure Traffic Manager, App Gateway, Front Door and Load Balancer.

Traffic Routing methods.

Traffic Manager:
  • Priority (default and backup endpoints)
  • Weighted (distribute across endpoints)
  • Performance (nearest endpoint)
  • Geographic (geography controlled for GDPR etc)
  • Subnet (endpoints base don IP)
  • Multi-value (multiple ends available)

Front Door:
  • Latency (least latency endpoint)
  • Priority (primary then secondary)
  • Weighted (based on endpoint weight)
  • Session Affinity (same endpoint per session)

Application Gateway:
  • Multiple site hosting
  • URL routing
  • Redirection
  • Rewrite HTTP headers and URL

Decision Tree:

Reference Architecture Examples:

The following table lists various architecture reference articles based on the load-balancing services used as a solution.

Load BalancerLoad balance virtual machines (VMs) across availability zonesLoad balance VMs across availability zones helps to protect your apps and data from an unlikely failure or loss of an entire datacenter. With zone-redundancy, one or more availability zones can fail and the data path survives as long as one zone in the region remains healthy.
Front DoorSharing location in real time using low-cost serverless Azure servicesUse Azure Front Door to provide higher availability for your applications than deploying to a single region. If a regional outage affects the primary region, you can use Front Door to fail over to the secondary region.
Application GatewayIaaS: Web application with relational databaseLearn how to use resources spread across multiple zones to provide a high availability (HA) architecture for hosting an Infrastructure as a Service (IaaS) web application and SQL Server database.
Traffic ManagerMulti-tier web application built for high availability and disaster recoveryDeploy resilient multi-tier applications built for high availability and disaster recovery. If the primary region becomes unavailable, Traffic Manager fails over to the secondary region.
Azure Front Door + Application GatewayMultitenant SaaS on AzureUse a multi-tenant solution that includes a combination of Front Door and Application Gateway. Front Door helps load balance traffic across regions and Application Gateway routes and load-balances traffic internally in the application to the various services that satisfy client business needs.
Traffic Manager + Load BalancerMulti-region N-tier applicationA multi-region N-tier application that uses Traffic Manager to route incoming requests to a primary region and if that region becomes unavailable, Traffic Manager fails over to the secondary region.
Traffic Manager + Application GatewayMulti-region load balancing with Traffic Manager and Application GatewayLearn how to serve web workloads and deploy resilient multi-tier applications in multiple Azure regions, in order to achieve high availability and a robust disaster recovery infrastructure.

Thursday, September 3, 2020

Spin up virtual machine pre configured with WinRM access over https in Azure using Terraforms

Note: Basic knowledge of Terraforms is required.

If you are creating a VM in Azure and you want WinRM to be preconfigured for access over https and a certificate automatically created and linked with VM DNS see following steps.

Step 1: Download VM Terraforms sample from Github

You can download Terraforms sample from here and save it as e.g. (i needed one with the SQL):

Make sure to setup up the domain label, where var.dnsName is variable which you can declare in

domain_name_label = "${var.dnsName}winsqlhost"

Step 2: Add provisioner remote-exec:

To configure WinRM you need to add provisioner "remote-exec" to your Terraform, which triggers automatically once VM has spun up in the cloud.

resource "null_resource" "main" {
  triggers = {
    "after" = azurerm_mssql_virtual_machine.main.virtual_machine_id

  provisioner "remote-exec" {
    connection {

      type     = "winrm"
      user     = var.username
      password = var.pass
      https    = true
      insecure = true
      port     = 5986
      use_ntlm = true
      host     = "${var.dnsName}"


If you need to connect via http you don't need Step 3.

Step 3: Configure Key vault & Certificate with DSN name:

If VM is not on the domain and you need to connect through local machine you will have to setup Certificate for WinRM https access.

Download sample Terraform from here and save as e.g. (Generating a new certificate example)

Provide dns_names and CN equals to our DNS Name
     subject_alternative_names {
        dns_names = ["${var.dnsName}"""]

      subject            = "CN=${var.dnsName}"
      validity_in_months = 12

Link certificate with your VM in as follows:
  os_profile_secrets {
    source_vault_id =
    vault_certificates {
      certificate_url   = azurerm_key_vault_certificate.main.secret_id
      certificate_store = "My"

Now when you run Terraform your VM will be preconfigured with WinRM and ready to connect, you can connect WinRM over https port:5986 using DNS name.

Happy IaC! 😊

Thursday, September 12, 2019

Azure Blogs - Articles from 2-Sept-2019 to 8-Sept-2019

AI + Machine Learning
Covering: Azure Batch AI, Azure Bot Service, Microsoft Genomics, Machine Learning services, Machine Learning Studio, Cognitive Services, Bing APIs, Computer Vision API, Content moderator, Custom Services, Emotion API, Face API, Language Understanding (LUIS), Linguistic Analysis API, QnA Maker API, Speaker Recognition API, Text Analytics API, Translator Speech API, Translator Text API, Web Language Model API

Covering: Azure Databricks, HDInsight, Data Factory, Stream Analytics, Data Lake Analytics, Event Hubs, Power BI, Azure Analysis Services, Apache Spark for HDInsight, Apache Storm for HDInsight, R Server for HDInsight, Data Catalog

Covering: Virtual Machines, Functions, Batch, Service Fabric, Virtual Machine Scale Sets, Cloud Services, Linux Virtual Machines, SAP HANA on Azure Large Instances

Covering: Container Registry, Container Instances, Azure Kubernetes Service (AKS), Web App for Containers

Covering: Azure SQL Database, Azure Cosmos DB, SQL Data Warehouse, Redis Cache, SQL Server Stretch Database, SQL Server on virtual machines, Table storage, Azure Database for PostgreSQL, Azure Database for MySQL

Developer Tools
Covering: Visual Studio, Visual Studio Code, SDKs, Developer tool integrations, CLIs, Blockchain Workbench

Covering: Azure DevOps, Azure DevTest Labs, DevOps tool integrations, Azure Lab Services

Covering: Azure Active Directory, Multi-factor Authentication, Azure Active Directory Domain Services, Azure Active Directory B2C
No Links Available

Covering: Service Bus, Logic Apps, Event Grid, API Management, Blockchain

Internet Of Things
Covering: IoT Hub, IoT Suite, IoT Edge, IoT Central, IoT solution accelerators, Time Series Insights, Azure Maps, Azure Sphere

Management and Governance
Covering: Backup, Site Recovery, App Insights, Azure Advisor, Sceduler, Automation, Log Analytics, Azure Monitor, Security & Compliance, Protection & Recovery, Automation & Control, Insight & Analytics, Azure Service Health, Microsoft Azure portal, Azure Resource Manager, Cloud Shell, the Azure Resource Graph, Azure Policy, Cost Management, Azure Blueprints

Covering: Media services, Encoding, Live and On-Demand Streaming, Azure Media Player, Content Protection, Media Analytics, Video Indexer

Covering: Azure Database Migration Service, Azure Migrate, Data Box
No Links Available

Covering: App Service (Mobile), Notification Hubs, Mobile apps, API apps, Visual Studio App Centre, Xamarin

Covering: Content Delivery Network, ExpressRoute, Azure DNS, Firewall, Virtual Network, Traffic Manager, Load Balancer, VPN Gateway, Application Gateway, Network Watcher

Covering: Azure Information Protection, Key Vault, Security Center, Azure DDoS Protection, Azure Advanced Threat Protection
No Links Available

Covering: Storage, StorSimple, Data Lake Store, Blob Storage, Disk Storage, Managed Disks, Queue Storage, File Storage, Storage Explorer, Archive Storage

Covering: App Service (Web), API Management, Content Delivery Network, Azure Search, Web apps, Azure SignalR Service