Tag: Microsoft Azure

How to Use Azure Policy for Better Cloud Management

When you work in the cloud, keeping things organised is very important. Azure Policy is a simple tool that helps enforce rules on your resources. In this post, I’ll explain what Azure Policy is and show you a basic example of using it to require a tag on all your resources.

What is Azure Policy?

Azure Policy lets you set rules for your cloud resources. For example, you might want every resource to have a tag called Cost Centre so you know which department it belongs to. If someone tries to create a resource without that tag, the policy can stop it from being created.

This tool is very useful because it helps everyone on your team follow the same guidelines and keeps your cloud resources well organised.

A Simple Example: Requiring a "Cost Centre" Tag

In this example, we’ll create a custom policy that requires every resource to have a Cost Centre tag. If the tag is missing, the resource won’t be allowed.

Overview of the Steps

  1. Create the policy rule file.

  2. Create the policy parameters file.

  3. Create the policy definition in Azure using the Azure CLI.

  4. Assign the policy to a scope.

  5. Check if your policy is working.

Continue reading “How to Use Azure Policy for Better Cloud Management”

Simplifying Azure Storage: Choosing the Right Type for Your Data

Azure Storage Types

As an Azure Solutions Architect, I often come across clients who find Azure’s wide range of storage options overwhelming. In this post, I’ll break down Azure Storage into simple terms, so you can make the right choice for your needs.

What is Azure Storage?

Azure Storage is a cloud service that provides scalable, durable, and secure storage solutions. Whether you need to store files, structured data, or backups, Azure Storage has an option for you.

Types of Azure Storage

Here are the main storage options and their typical use cases:

  1. Blob Storage
    Think of this as a place for large files—videos, images, backups, or any unstructured data.

    • When to Use: Hosting static website content, storing backups, or media streaming.
    • Cool Feature: Access tiers (Hot, Cool, and Archive) let you optimise costs based on how often you access the data.

  2. File Storage
    Like a network share in the cloud! Ideal for replacing on-premises file servers.

    • When to Use: Lift-and-shift applications that rely on file shares.
    • Cool Feature: It supports SMB and NFS protocols, so it integrates easily with existing systems.

  3. Table Storage
    A NoSQL store for lightweight, structured data.

    • When to Use: Logging, metadata storage, or applications requiring fast key-value lookups.
    • Cool Feature: It’s incredibly cost-effective and lightning-fast for specific use cases.

  4. Queue Storage
    A messaging store to decouple application components.

    • When to Use: When building distributed apps or processing background tasks.
    • Cool Feature: Works seamlessly with Azure Functions for event-driven architectures.

  5. Disk Storage
    Persistent storage for Virtual Machines (VMs).

    • When to Use: Running workloads like databases, where performance and durability matter.
    • Cool Feature: Options like Ultra Disks offer high throughput for demanding workloads.

Continue reading “Simplifying Azure Storage: Choosing the Right Type for Your Data”

How to Implement Azure Bastion to Securely Access Azure Virtual Machines

Bastion

When managing cloud-based virtual machines, ensuring secure access is critical. Exposing RDP/SSH ports over the internet introduces potential security vulnerabilities. Azure Bastion provides a secure, fully managed solution to connect to Azure VMs without needing to expose these ports to the public internet.

What is Azure Bastion?

Azure Bastion is a PaaS service that allows you to securely connect to your Azure Virtual Machines (VMs) using RDP or SSH, directly from the Azure Portal without the need to expose these ports via a public IP.

Minimum Required RBAC Roles for Azure Bastion Access

To connect to a VM using Azure Bastion, the user must have the appropriate permissions. At a minimum, they will need the following role assignments:

  1. Reader role on the target VM: This grants read access to the VM, allowing the user to see the VM’s configuration but not modify it.
  2. Reader role on the network interface (NIC) associated with the VM’s private IP address: This ensures the user can read network information for the VM.
  3. Reader role on the Azure Bastion resource: This grants access to the Bastion host itself, allowing the user to initiate connections through Bastion.

If the VM is in a peered virtual network (cross-VNet connections), the following additional role assignment is required:

  1. Reader Role on the virtual network (VNet) of the target VM: This is necessary if you are connecting to a VM across VNet peering.

Continue reading “How to Implement Azure Bastion to Securely Access Azure Virtual Machines”

Navigating the Transition from Azure Automation Update Management to Azure Update Manager: A Comprehensive Guide

update-manager-get-patches

As cloud technologies evolve, so too must the tools we rely on to maintain and secure our environments. Microsoft’s recent announcement regarding the retirement of Azure Automation Update Management is a prime example of this continuous evolution. By 31 August 2024, this service, along with the Log Analytics agent it uses, will be officially retired. Users will need to transition to the more advanced Azure Update Manager to ensure their virtual machines remain up-to-date and secure.

This blog post will explore the implications of this transition, the benefits of migrating to Azure Update Manager, and provide a detailed step-by-step guide for the most complex migration scenario—manual migration. This approach is ideal for those with intricate environments that require a high degree of customization and control.

The Shift to Azure Update Manager: What It Means for You

Azure Automation Update Management has been a reliable tool for managing the updates of virtual machines (VMs). However, with its retirement on the horizon, Microsoft is pushing for a transition to Azure Update Manager, a more integrated and feature-rich platform designed to offer greater flexibility, control, and scalability.

Why Migrate to Azure Update Manager?

Azure Update Manager is not just a replacement; it’s a significant upgrade. Here are some of the key improvements:

– Seamless Integration: Azure Update Manager is built natively into Azure’s infrastructure, providing zero-step onboarding for Azure VMs and Azure Stack HCI VMs, and easy integration with Azure Arc for managing non-Azure servers.

– Enhanced Control: With granular access control and role-based access control (RBAC), you can finely tune who has access to specific update management tasks, reducing the risk of unauthorized changes.

– Flexible Patching Options: Azure Update Manager offers advanced features such as customer-defined maintenance schedules, Azure-orchestrated automated patching, and hotpatching, which minimizes downtime by applying updates without requiring a reboot.

– Cost Efficiency: For managing Azure VMs and Azure Stack HCI VMs, Azure Update Manager is available at no extra charge. For Azure Arc-enabled servers, there’s a nominal fee of $5 per server per month.

Continue reading “Navigating the Transition from Azure Automation Update Management to Azure Update Manager: A Comprehensive Guide”

Deploying Your Own Agents (VMs) in Azure for Azure DevOps CI/CD Pipelines

AzDevops

Introduction

In the world of software development, Continuous Integration (CI) and Continuous Deployment (CD) practices are crucial for automating the testing and deployment of code. Azure DevOps provides a powerful platform for implementing CI/CD pipelines. While Azure DevOps offers hosted agents for running pipelines, there are scenarios where you might need to deploy your own agents in Azure. These scenarios can range from requiring a specific environment setup to needing to run pipelines on-premises or in a private network. This blog post guides you through the process of deploying your own agents in Azure to work with Azure DevOps CI/CD pipelines.

Why Deploy Your Own Agents?
  • Customization: You can customize your agents to have any software and configuration you need.
  • Performance: You can choose the size and performance characteristics of the VMs that host your agents.
  • Control: You have more control over the environment and can implement stricter security measures.

Continue reading “Deploying Your Own Agents (VMs) in Azure for Azure DevOps CI/CD Pipelines”