Azure Security Fundamentals: Azure SQL Database

27th of October, 2015 / / 2 Comments

Microsoft Azure has many Platform-as-a-Service (PaaS) features, with one of the oldest being Azure SQL Database (which has had many variations on that name in it’s time!)

Over the last few months Microsoft has released a raft of updates to Azure SQL Database that bolster its security chops. As a result I thought it would be good to cover off some basic best practices along with an overview of the new features and how they can help you improve your security stance when implemented.… [Keep reading] “Azure Security Fundamentals: Azure SQL Database”

Azure Security Fundamentals: Moving Co-Admins to RBAC

16th of October, 2015 / / 9 Comments

Anyone who has worked with Azure for long enough knows the raised eyebrow response you have gotten from security teams in the past when you describe how you can enforce separation of duties and least privilege when it comes to Azure subscription and service management. In a previously well-received blog post, one of my colleagues provided good guidance around subscription management as it applied to Azure at that time.

Essentially, the situation was:

  • Any Azure service management required full administrator or co-administrator access to a subscription which provided the user with full permission to do anything provisioned there-in.
[Keep reading] “Azure Security Fundamentals: Moving Co-Admins to RBAC”

Azure Internal Load Balancing – Setting Distribution Mode

23rd of June, 2015 / / 3 Comments

I’m going to start by saying that I totally missed that the setting of distribution mode on Azure’s Internal Load Balancer (ILB) service is possible. This is mostly because you don’t set the distribution mode at the ILB level – you set it at the Endpoint level (which in hindsight makes sense because that’s how you do it for the public load balancing too).

There is an excellent blog on the Azure site that covers distribution modes for public load balancing and the good news is that they also apply to internal load balancing as well.… [Keep reading] “Azure Internal Load Balancing – Setting Distribution Mode”

Tips on moving your Visual Studio Online from Microsoft to Organisational Accounts

11th of June, 2015 / / 2 Comments

If like me you’ve been a keen user of Visual Studio Online since it first came into existence way back in 2012 you’ve probably gotten used to using it with Microsoft Accounts (you know, the ones everyone writes “formerly Live ID” after), and when, in 2014, Microsoft enabled the use of Work (or Organisational) Accounts you either thought “that’s nice” and immediately got back to writing code, or went ahead and migrated to Work Accounts.

If you are yet to cutover your Visual Studio Online (VSO) tenant to use Work Accounts, here are a few tips and gotchas to be aware of as part of your switch.… [Keep reading] “Tips on moving your Visual Studio Online from Microsoft to Organisational Accounts”

Connection Options When Building An Azure Hybrid Cloud Solution

7th of April, 2015 / / 3 Comments

If your business is migrating workloads to Azure the chances are at some point you will probably want to create a form of private interconnect with Azure. There is more than one way to achieve this, so in this post I’ll take a look at what options you have and the most appropriate scenarios for each.

We’ll work through the connection types from simplest (and quickest to provision) to more complex (where you’ll need IP networking expertise and hardware).… [Keep reading] “Connection Options When Building An Azure Hybrid Cloud Solution”

Azure’s G Series VMs – Prime Compute Only One Click Away!

11th of March, 2015 / / 3 Comments

I’m going to start this blog post by making one thing clear. My intent in writing this post is light-hearted – I had some spare time on my hands over a lunch break and I wondered what I could do with it. The result was this blog post :).

Ever since Microsoft announced their G Series Virtual Machines for Azure I’ve been looking for a good reason to fire one up and kick the tyres. Today while I was skimming through my Twitter feed I came across a tweet showing the time it took to calculate the trillionth prime number on a 16 vCPU Linux instance running on GCP.… [Keep reading] “Azure’s G Series VMs – Prime Compute Only One Click Away!”

Azure SQL Database – Dynamic Data Masking Walkthrough

23rd of February, 2015 / / 1 Comment

siliconvalve

Microsoft recently announced the public preview of the Dynamic Data Masking (DDM) feature for Azure SQL Database that holds a lot of potential for on-the-fly data obfuscation that traditionally would have required either custom business logic or third party systems.

In this post I am going to take the opportunity to walk through how we can set this up for an existing database. For the purpose of this post I am going to utilise the AdventureWorks sample database for Azure SQL Database which you can download from Codeplex.… [Keep reading] “Azure SQL Database – Dynamic Data Masking Walkthrough”