Automating Azure Instrumentation and Monitoring – Part 2: Application Insights

Application Insights is a component of Azure Monitor for application-level instrumentation. It collects telemetry from your application infrastructure like web servers, App Services, and Azure Functions apps, and from your application code. In this post we’ll discuss how Application Insights can be automated in several key ways: first, by setting up an Application Insights instance in an ARM template; second, by connecting it to various types of Azure application components through automation scripts including Azure Functions, App Services, and API Management; and third, by configuring its smart detection features to emit automatic alerts in a configurable way.… [Keep reading] “Automating Azure Instrumentation and Monitoring – Part 2: Application Insights”

Automating Azure Instrumentation and Monitoring – Part 1: Introduction

Instrumentation and monitoring is a critical part of managing any application or system. By proactively monitoring the health of the system as a whole, as well as each of its components, we can mitigate potential issues before they affect customers. And if issues do occur, good instrumentation alerts us to that fact so that we can respond quickly.

Azure provides a set of powerful monitoring and instrumentation tools to instrument almost all Azure services as well as our own applications.… [Keep reading] “Automating Azure Instrumentation and Monitoring – Part 1: Introduction”

Creating Azure Storage SAS Tokens with ARM Templates

Shared access signatures, sometimes also called SAS tokens, allow for delegating access to a designated part of an Azure resource with a defined set of permissions. They can be used to allow various types of access to your Azure services while keeping your access keys secret.

In a recent update to Azure Resource Manager, Microsoft has added the ability to create SAS tokens from ARM templates. While this is a general-purpose feature that will hopefully work across a multitude of Azure services, for now it only seems to work with Azure Storage (at least of the services I’ve checked).… [Keep reading] “Creating Azure Storage SAS Tokens with ARM Templates”

Step-by-step: Using Azure DevOps Services to deploy ARM templates with CI/ CD – Part 2

In this blog (Part 2), I take you through on Enabling Continuous Integration (CI) / Continuous Deployment (CD), for the project created on Part 1.

To re-cap, I have made this entire post into two parts for easier understanding and we will focus on Part 2 here:

Part 1- Creating your first project in Azure DevOps (https://blog.kloud.com.au/2018/10/17/step-by-step-using-azure-devops-services-to-deploy-arm-templates-with-ci-cd-part-1/).
Part 2 – Enabling the first project in Azure DevOps for Continuous Integration (CI) / Continuous Deployment (CD).

Enabling the first project in Azure DevOps for Continuous Integration

    • Now, the next step is to enable continuous integration.
[Keep reading] “Step-by-step: Using Azure DevOps Services to deploy ARM templates with CI/ CD – Part 2”

Step-by-step: Using Azure DevOps Services to deploy ARM templates with CI/ CD – Part 1

In this blog, we will see how to get started with Azure DevOps for an Infrastructure background person.

We will familiarize ourselves with deploying your Azure resources with ARM templates by using Azure DevOps with Continuous Integration (CI) and Continuous Deployment (CD).

I have made this entire post into two parts for easier understanding:

Part 1: Creating your first project in Azure DevOps

Part 2: Enabling the first project in Azure DevOps for Continuous Integration (CI) / Continuous Deployment (CD).[Keep reading] “Step-by-step: Using Azure DevOps Services to deploy ARM templates with CI/ CD – Part 1”

Automatic Key Rotation for Azure Services

Securely managing keys for services that we use is an important, and sometimes difficult, part of building and running a cloud-based application. In general I prefer not to handle keys at all, and instead rely on approaches like managed service identities with role-based access control, which allow for applications to authenticate and authorise themselves without any keys being explicitly exchanged. However, there are a number of situations where do we need to use and manage keys, such as when we use services that don’t support role-based access control.… [Keep reading] “Automatic Key Rotation for Azure Services”

Azure Application Gateway WAF tuning

The Azure Application Gateway has a Web Application Firewall (WAF) capability that can be enabled on the gateway. The WAF will use the OWASP ModSecurity Core Rule Set 3.0 by default and there is an option to use CRS 2.2.9.
CRS 3.0 offers reduced occurrences of false positives over 2.2.9 by default. However, there may still be times when you need to tune your WAF rule sets to avoid false positives in your site.

Blocked access to the site

The Azure WAF filters all incoming requests to the servers in the backend of the Application Gateway.… [Keep reading] “Azure Application Gateway WAF tuning”

Office 365 URLs and IP address updates for firewall and proxy configuration, using Flow and Azure Automation

tl;dr

To use Microsoft Office 365, an organisation must allow traffic to [and sometimes from] the respective cloud services via the internet on specific ports and protocols to various URLs and/or IP addresses, or if you meet the requirements via Azure ExpressRoute.… [Keep reading] “Office 365 URLs and IP address updates for firewall and proxy configuration, using Flow and Azure Automation”

Deploying Azure Functions with ARM Templates

There are many different ways in which an Azure Function can be deployed. In a future blog post I plan to go through the whole list. There is one deployment method that isn’t commonly known though, and it’s of particular interest to those of us who use ARM templates to deploy our Azure infrastructure. Before I describe it, I’ll quickly recap ARM templates.

ARM Templates

Azure Resource Manager (ARM) templates are JSON files that describe the state of a resource group.… [Keep reading] “Deploying Azure Functions with ARM Templates”

Hub-Spoke communication using vNet Peering and User Defined Routes

Introduction

Recently, I was working on a solution for a customer where they wanted to implement a Hub-Spoke virtual network topology that enabled the HUB to communicate with its Spoke networks via vNet Peering. They also required the SPOKE networks to be able to communicate with each other but peering between them was NOT allowed.
Drawing1
As we know, vNet peering is Non-Transitive – which means, even though SPOKE 1 is peered with the HUB network and the HUB is peered with SPOKE 2, this does not enable automatic communication between SPOKE 1 and SPOKE 2 unless they are exclusively peered which in our requirement we were not allowed to do.… [Keep reading] “Hub-Spoke communication using vNet Peering and User Defined Routes”