Wednesday, June 2, 2021

Structured review of Azure architectures: A guide for web application review

 Invest a lot of effort to create a perfect architecture before construction should be avoided because this is unrealistic in software development. It is recommend investing in a little bit of architecture envisioning early to identify architecture options in high level, but details should emerge over time. Development team should ensure that architecture will be validated through functioning software, and will be reviewed frequently throughout the project to support optimal implementation. Moreover, emergent architecture should influence and correct intentional architecture.

Architecture review should be performed through out the project development. If you have web app work load in Azure or if you are thinking to move it to Azure, its recommend to perform structured architecture review on following key areas:

  • Availability
  • Scalability
  • Resiliency
  • DevOps
  • Security
  • Management Tools



Performing an Azure architecture review is no longer an activity limited to experts. This paper, by Mahesh Kshirsagar of the AzureCAT team, identifies review drivers and explains how to evaluate your current architecture against these drivers to detect and address current risks. Project teams of any size can self-start a review with this resource. Click download button below to get free PDF copy.



Ref: Microsoft Docs.

Tuesday, June 1, 2021

Choosing Compute Services on Azure (AKS, Service Fabric, App Service)

If you are planning to move your services to cloud its important to understand what is the best candidate compute service for you. You don't want to over/under  provision your solution. So what is the best service we should pick, this is on of the question that i am asked often. While there is no single right or wrong answer it depends on what kind of workload and SLAs you have that will dictate what is best compute service for you.

Azure Compute Services offer following key workloads:

  • App Service: A managed service for hosting web apps, mobile app back ends, RESTful APIs, or automated business processes.
  • Azure Kubernetes Service (AKS):  A managed Kubernetes service for running containerized applications.
  • Batch : A managed service for running large-scale parallel and high-performance computing (HPC) applications 
  • Container Instances: The fastest and simplest way to run a container in Azure, without having to provision any virtual machines and without having to adopt a higher-level service. 
  • Functions: A managed FaaS service. 
  • Service Fabric: A distributed systems platform that can run in many environments, including Azure or on premises. 
  • Virtual machines: Deploy and manage VMs inside an Azure virtual network.

It is also important to understand following hosting models:
  • Infrastructure-as-a-Service (IaaS) lets you provision individual VMs along with the associated networking and storage components. Then you deploy whatever software and applications you want onto those VMs. This model is the closest to a traditional on-premises environment, except that Microsoft manages the infrastructure. You still manage the individual VMs. 
  • Platform-as-a-Service (PaaS) provides a managed hosting environment, where you can deploy your application without needing to manage VMs or networking resources. Azure App Service is a PaaS service. 
  • Functions-as-a-Service (FaaS) goes even further in removing the need to worry about the hosting environment. In a FaaS model, you simply deploy your code and the service automatically runs it. Azure Functions is a FaaS service


 Following chart show how best to pick candidate compute service for you:


You also need to look at aspects such as scalability, availability, security and how easily you can perform DevOps.

Ref: Microsoft Docs.


Friday, May 28, 2021

What is Bicep

Have you been writing ARM templates and didn't quite fancy the way ARM templates are written in JSON. Well Bicep is here that would help you author ARM templates with much cleaner syntax. Bicep give you abstraction the way ARM templates are now written. Its supported by Microsoft 100% free, very modular, state is stored in Azure no manual handling. 

You can get latest windows installer here or see all install options here: bicep/installing.md at main · Azure/bicep (github.com)

You can also download Bicep Visual Studio Code extension.


Hello world sample Bicep file to spin up storage in Azure..

param location string = 'eastus'

@minLength(3)
@maxLength(24)
param storageAccountName string = 'azmubistorageacc1' // must be globally unique

var storageSku = 'Standard_LRS' // declare variable and assign value

resource stg 'Microsoft.Storage/storageAccounts@2019-06-01' = {
  name: storageAccountName
  location: location
  kind: 'Storage'
  sku: {
    name: storageSku // reference variable
  }
}

output storageId string = stg.id // output resourceId of storage account

Edit it in VS Code using Bicep extensions.


Deploy template using Bicep CLI (make sure to create resource group in Azure in advance e.g. bicep).

az deployment group create -f ./test.bicep -g bicep


Storage account created in Azure using Bicep.


Bicep Language specifications can be found here.

Bicep Azure DevOps Task is available here.

steps:
- task: BicepBuild@0
  inputs:
    process: 'single'
    sourceFile: '.\bicep_files\sample1.bicep'
    stdout: false # Note if stdout is true 'outputDirectory' will not be interpreted
    outputFile: '.\bicep_files\sample1.out.json' # Only when 'stdout' is false or not defined and 'outputDirectory' is empty or not defined

Bicep Build Actions (Github Action) is available to run the Bicep CLI to build ARM template more.

steps:
# Runs the bicep CLI action - individual files
- name: Run Bicep build
  uses: aliencube/bicep-build-actions@v0.3
  with:
    files: sample1.bicep sample2.bicep biceps/sample3.bicep biceps/sample4.bicep

# Checks the result
- name: Check the result
  shell: bash
  run: |
    shopt -s globstar
    ls -altR **/sample*.*


If you have existing ARM templates you can decompile them.

bicep decompile "path/to/MyARMTempateFile.json"

You can also export your Azure resource group to .bicep file.

step 1 - az group export --name "MY-Azure-Resource-Group" > MainARMTemplate.json
step 2 - bicep decompile MainARMTemplate.json

Learn more about Bicep here ..


Sunday, January 3, 2021

Azure Traffic Manager vs App Gateway vs Front Door vs Load Balancer

 


Some of the key features and difference between Azure Traffic Manager, App Gateway, Front Door and Load Balancer.


Traffic Routing methods.

Traffic Manager:
  • Priority (default and backup endpoints)
  • Weighted (distribute across endpoints)
  • Performance (nearest endpoint)
  • Geographic (geography controlled for GDPR etc)
  • Subnet (endpoints base don IP)
  • Multi-value (multiple ends available)

Front Door:
  • Latency (least latency endpoint)
  • Priority (primary then secondary)
  • Weighted (based on endpoint weight)
  • Session Affinity (same endpoint per session)

Application Gateway:
  • Multiple site hosting
  • URL routing
  • Redirection
  • Rewrite HTTP headers and URL


Decision Tree:



  
Reference Architecture Examples:

The following table lists various architecture reference articles based on the load-balancing services used as a solution.

Service(s)ArticleDescription
Load BalancerLoad balance virtual machines (VMs) across availability zonesLoad balance VMs across availability zones helps to protect your apps and data from an unlikely failure or loss of an entire datacenter. With zone-redundancy, one or more availability zones can fail and the data path survives as long as one zone in the region remains healthy.
Front DoorSharing location in real time using low-cost serverless Azure servicesUse Azure Front Door to provide higher availability for your applications than deploying to a single region. If a regional outage affects the primary region, you can use Front Door to fail over to the secondary region.
Application GatewayIaaS: Web application with relational databaseLearn how to use resources spread across multiple zones to provide a high availability (HA) architecture for hosting an Infrastructure as a Service (IaaS) web application and SQL Server database.
Traffic ManagerMulti-tier web application built for high availability and disaster recoveryDeploy resilient multi-tier applications built for high availability and disaster recovery. If the primary region becomes unavailable, Traffic Manager fails over to the secondary region.
Azure Front Door + Application GatewayMultitenant SaaS on AzureUse a multi-tenant solution that includes a combination of Front Door and Application Gateway. Front Door helps load balance traffic across regions and Application Gateway routes and load-balances traffic internally in the application to the various services that satisfy client business needs.
Traffic Manager + Load BalancerMulti-region N-tier applicationA multi-region N-tier application that uses Traffic Manager to route incoming requests to a primary region and if that region becomes unavailable, Traffic Manager fails over to the secondary region.
Traffic Manager + Application GatewayMulti-region load balancing with Traffic Manager and Application GatewayLearn how to serve web workloads and deploy resilient multi-tier applications in multiple Azure regions, in order to achieve high availability and a robust disaster recovery infrastructure.

Saturday, September 12, 2020

Visual Studio Codespaces is consolidating into GitHub Codespaces



Hello Developers :) 

If you have been using Visual Studio Codespaces Public Preview or thinking about using it, be aware of the up coming changes:

Existing users! 
Can continue accessing your codespaces via the current portal beyond the start of GitHub general availability.

Whats happening timeline!
  • September 4, 2020 – Current users can begin transitioning to the GitHub private beta.
  • November 20, 2020 – Creation of new plans and codespaces will be disabled, although existing codespaces may continue to be used. New users will only be able to sign up for Codespaces on GitHub.
  • February 17, 2021 – The Visual Studio Codespaces portal will be retired. All plans and codespaces remaining in the service will be deleted.

New users!
If you just heard about Codespaces and want to try We recommend requesting access to the GitHub Codespaces limited public beta.

See Codespaces cost here 

Thursday, September 3, 2020

Spin up virtual machine pre configured with WinRM access over https in Azure using Terraforms

Note: Basic knowledge of Terraforms is required.

If you are creating a VM in Azure and you want WinRM to be preconfigured for access over https and a certificate automatically created and linked with VM DNS see following steps.

Step 1: Download VM Terraforms sample from Github

You can download Terraforms sample from here and save it as e.g. main.tf (i needed one with the SQL):


Make sure to setup up the domain label, where var.dnsName is variable which you can declare in variables.tf:

domain_name_label = "${var.dnsName}winsqlhost"

Step 2: Add provisioner remote-exec:

To configure WinRM you need to add provisioner "remote-exec" to your Terraform, which triggers automatically once VM has spun up in the cloud.


resource "null_resource" "main" {
  triggers = {
    "after" = azurerm_mssql_virtual_machine.main.virtual_machine_id
  }

  provisioner "remote-exec" {
    connection {

      type     = "winrm"
      user     = var.username
      password = var.pass
      https    = true
      insecure = true
      port     = 5986
      use_ntlm = true
      host     = "${var.dnsName}winsqlhost.westeurope.cloudapp.azure.com"
       
    }

    
  }
}

If you need to connect via http you don't need Step 3.

Step 3: Configure Key vault & Certificate with DSN name:

If VM is not on the domain and you need to connect through local machine you will have to setup Certificate for WinRM https access.

Download sample Terraform from here and save as e.g. certificate.tf (Generating a new certificate example) https://www.terraform.io/docs/providers/azurerm/r/key_vault_certificate.html

Provide dns_names and CN equals to our DNS Name
     subject_alternative_names {
        dns_names = ["${var.dnsName}winsqlhost.westeurope.cloudapp.azure.com""domain.hello.world"]
      }

      subject            = "CN=${var.dnsName}winsqlhost.westeurope.cloudapp.azure.com"
      validity_in_months = 12

Link certificate with your VM in main.tf as follows:
  os_profile_secrets {
    source_vault_id = azurerm_key_vault.main.id
    vault_certificates {
      certificate_url   = azurerm_key_vault_certificate.main.secret_id
      certificate_store = "My"
    }

Now when you run Terraform your VM will be preconfigured with WinRM and ready to connect, you can connect WinRM over https port:5986 using DNS name.

Happy IaC! 😊




Monday, July 27, 2020

.Net 5.0 Preview 7

.Net 5.0 Preview 7 is now available for download.

When Microsoft announced .NET 5 at Microsoft Build 2019 in May, it marked an important step forward for developers working across desktop, Web, mobile, cloud and device platforms. In fact, .NET 5 is that rare platform update that unifies divergent frameworks, reduces code complexity and significantly advances cross-platform reach.

This is no small task. Microsoft is proposing to merge the source code streams of several key frameworks -- .NET Framework, .NET Core and Xamarin/Mono. The effort will even unify threads that separated at inception at the turn of the century, and provide developers one target framework for their work.

The result of this work is a unified platform with the .NET 5 framework executing on all platforms (desktop, Web, cloud, mobile and so on).

You can-- download .NET 5.0 Preview 7, for Windows, macOS, and Linux:

You need to use Visual Studio 2019 16.7 to use .NET 5.0. .NET 5.0 is now supported with Visual Studio for Mac. Install the latest version of the C# extension to use .NET 5.0 with Visual Studio Code.

Happy Coding!!!

Saturday, June 20, 2020

Fast track your DevOps process using Azure DevOps Labs!



Simplify and speed up the DevOps process with Azure DevOps services. The following labs will help you to get started with Azure DevOps services to automate software delivery and meet business needs. https://azuredevopslabs.com/




Tuesday, June 9, 2020

Azure DevOps vs Github - migration recommendations


The following is a summary of migration recommendations for common Azure DevOps capabilities. When you are able to migrate will depend on your requirements and feature usage. The migration tooling and guidance we are creating will provide more details, but in the meantime, please work with your GitHub and Microsoft account representatives for assistance.


Friday, March 6, 2020

Hello Developers! AZ-204 is here


Hi folks,

New version of AZ-203, AZ-204 is here from 24 Feb, 2020.You will be able to take AZ-203 exam until it retires on May 31, 2020.

Skills measured
AZ-203
AZ-204 (new)
  • Develop Azure Infrastructure as a Service compute solution (10-15%)
  • Develop Azure Platform as a Service compute solution (20-25%)
  • Develop for Azure storage (15-20%)
  • Implement Azure security (10-15%)
  • Monitor, troubleshoot, and optimize solutions (10-15%)
  • Connect to and consume Azure and third-party services (20-25%)

  • Develop Azure compute solutions (25-30%)
  • Develop for Azure storage (10-15%)
  • Implement Azure security (15-20%)
  • Monitor, troubleshoot, and optimize Azure solutions (10-15%)
  • Connect to and consume Azure services and third-party services (25-30%)



What’s in AZ-204
Audience Profile
Candidates for this exam are cloud developers who participate in all phases of development from requirements definition and design, to development and deployment, and maintenance. They partner with cloud DBAs, cloud administrators, and clients to implement solutions.
Candidates should be proficient in Azure SDKs, data storage options, data connections, APIs, app authentication and authorization, compute and container deployment, debugging, performance tuning, and monitoring.
Candidates must have 1-2 years professional development experience and experience with Microsoft Azure. They must be able to program in an Azure Supported Language.

Skills Measured

NOTE: The bullets that appear below each of the skills measured are intended to illustrate how we are assessing that skill. This list is not definitive or exhaustive.

NOTE: In most cases, exams do NOT cover preview features, and some features will only be added to an exam when they are GA (General Availability).

Develop Azure compute solutions (25-30%)

Implement IaaS solutions


·      provision VMs
·      create ARM templates
·      create container images for solutions
·      publish an image to the Azure Container Registry
·      run containers by using Azure Container Instance

Create Azure App Service Web Apps


·      create an Azure App Service Web App
·      enable diagnostics logging
·      deploy code to a web app
·      configure web app settings
·      implement autoscaling rules (schedule, operational/system metrics)

Implement Azure functions


·      implement input and output bindings for a function
·      implement function triggers by using data operations, timers, and webhooks
·      implement Azure Durable Functions

Develop for Azure storage (10-15%)

Develop solutions that use Cosmos DB storage


·      select the appropriate API for your solution
·      implement partitioning schemes
·      interact with data using the appropriate SDK
·      set the appropriate consistency level for operations
·      create Cosmos DB containers

Develop solutions that use blob storage


·      move items in Blob storage between storage accounts or containers
·      set and retrieve properties and metadata
·      interact with data using the appropriate SDK
·      implement data archiving and retention

Implement Azure security (15-20%)

Implement user authentication and authorization


·      implement OAuth2 authentication
·      create and implement shared access signatures
·      register apps and use Azure Active Directory to authenticate users

Implement secure cloud solutions


·      secure app configuration data by using the App Configuration and KeyVault API
·      manage keys, secrets, and certificates by using the KeyVault API
·      implement Managed Identities for Azure resources

Monitor, troubleshoot, and optimize Azure solutions (10-15%)

Integrate caching and content delivery within solutions


·      develop code to implement CDN’s in solutions


·      configure cache and expiration policies
·      store and retrieve data in Azure Redis cache

Instrument solutions to support monitoring and logging


·      configure instrumentation in an app or service by using Application Insights
·      analyze and troubleshoot solutions by using Azure Monitor
·      implement Application Insights Web Test and Alerts
·      implement code that handles transient faults

Connect to and consume Azure services and third-party services (25- 30%)

Develop an App Service Logic App


·      create a Logic App
·      create a custom connector for Logic Apps
·      create a custom template for Logic Apps

Implement API management


·      create an APIM instance
·      configure authentication for APIs
·      define policies for APIs

Develop event-based solutions

Note: Creating event models is in scope

·      implement solutions that use Azure Event Grid
·      implement solutions that use Azure Notification Hubs
·      implement solutions that use Azure Event Hub

Develop message-based solutions


·      implement solutions that use Azure Service Bus
·      implement solutions that use Azure Queue Storage queues