Cloud Infrastructure – Page 13

Amazon QuickSight – An elegant and easy to use business analytics tool

9th of April, 2018 / Nivlesh Chandra / No Comments

First published at https://nivleshc.wordpress.com

Introduction

Recently, I had a requirement for a tool to visualise some data I had collected. My requirements were very simple. I didn’t want something that would cost me a lot, and at the same time I wanted the reports to be elegant and informative. Most of all, I didn’t want to have to go through pages and pages of documentation to learn how to use it.
As my data was within Amazon Web Services (AWS), I thought to check if AWS had any such offerings.… [Keep reading] “Amazon QuickSight – An elegant and easy to use business analytics tool”

Azure Update Management

7th of April, 2018 / Robin Frousheger / 1 Comment

How do you patch/update your infrastructure in Azure, AWS, On-Premises? There are many ways, of course, including manually, built-in scheduled update, Group Policy, locally scripted, ConfigMgr, custom Azure Automation, WSUS, and so on.
Somewhat recently, another option “Azure Update Management” has become available, and it is FREE*. This is an expanded offering of what used to be OMS Update Management, integrated into the main Azure Portal and visible on each VM under the “Update Management” node.… [Keep reading] “Azure Update Management”

Deploy VM via ARM template: Purchase eligibility failed

23rd of March, 2018 / AJ Bajada / No Comments

I recently tried to deploy a VM using an ARM template executed via PowerShell and I encountered the purchase eligibility failed error as seen below.
PurchaseEligibilityFailedError
As I have encountered this before I ensured I accepted marketplace terms for the VM image in question using the PowerShell commands:

Get-AzureRmMarketplaceTerms -Publisher PublisherName -Product ProductName -Name Name | Set-AzureRmMarketplaceTerms -Accept

I then reattempted to deploy my VM using my ARM template and still got the same error, I even waited 24 hours and tried again with no luck.… [Keep reading] “Deploy VM via ARM template: Purchase eligibility failed”

Azure ARM architecture pattern: a DMZ design with a firewall appliance

9th of March, 2018 / Lucian Franghiu / No Comments

Im in the process of putting together a new Azure design for a client. As always in Azure, the network components form the core of the design. There was a couple of key requirements that needed to be addressed that the existing environment had outgrown: lack of any layer 7 edge heightened security controls and a lack of a DMZ.

I was going through some designs that I’ve previously done and was checking the Microsoft literature on what some fresh design patterns might look like, in case anythings changed in recent times.… [Keep reading] “Azure ARM architecture pattern: a DMZ design with a firewall appliance”

Azure ARM architecture pattern: the correct way to deploy a DMZ with NSGs

9th of March, 2018 / Lucian Franghiu / No Comments

Isolating any subnet in Azure can effectively create a DMZ. To do this correctly though is certainly something that is super easy, but, something that can easily be done incorrectly.
Firstly, all that is required is a NSG and associating that with any given subnet (caveat- remember that NSGs are not compatible with the GatewaySubnet). Doing this will deny most traffic to and from that subnet- mostly relating to the tag “internet”. What is easily missed is not applying a deny all rule set in both the inbound and outbound rules of the NSG itself.… [Keep reading] “Azure ARM architecture pattern: the correct way to deploy a DMZ with NSGs”

Implementing a Break Glass Process with AWS Systems Manager

1st of March, 2018 / Bobbie Couhbor / No Comments

Modern day organisations rely on systems to perform critical, sometimes lifesaving tasks. As a result, a common requirement for many organisations is a break-glass process, providing the ability to bypass normal access control procedures when existing authentication mechanisms fail. The implementation of a break glass system often involves considerable effort to ensure the process is not open to malicious use and is auditable, yet simple and efficient. The good news is AWS Systems Manager (SSM) with AWS Key Management Service (KMS) can be leveraged to allow administrative users the ability to recover access to systems on-demand, without having to bake in privileged users with predefined passwords on systems.… [Keep reading] “Implementing a Break Glass Process with AWS Systems Manager”

AWS DeepLens – Part 1 – Getting the DeepLens Online

27th of February, 2018 / samzakkour / 1 Comment

Look what I got my hands on!

Today I will be taking you through the initial setup of the yet to be released AWS DeepLens. DeepLens is rumoured to be released globally in April 2018.

What is the AWS DeepLens?

Announced at AWS Re-Invent 2017, DeepLens is a marriage of:

HD Camera
Intel based computer with an on-board GPU
Ubuntu OS
AWS Greengrass
AWS IOT
AWS Lambda
AWS SageMaker

This marriage of technologies is designed to assist developers achieve Deep-Learning inference at the edge device.… [Keep reading] “AWS DeepLens – Part 1 – Getting the DeepLens Online”

Recommendations on using Terraform to manage Azure resources

6th of February, 2018 / Simon Waight / No Comments

On-demand, Scaleable VPN Access to AWS

3rd of February, 2018 / Zubin Boman / No Comments

Recent growth in our Managed Services business (driven in part by our acquisition by Telstra) has meant that a number of tools and processes that we have previously taken for granted have had to be re-assessed and re-architected to allow us to scale and maintain the same level of service at low costs.
One particular area that we’ve recently reworked is how we remotely access and administer workloads within customer’s AWS environments. Previous methods of access leveraged either static bastion hosts or VPN endpoints and they worked well up until a point, but after analysing at the overall footprint of resources used and costs incurred by doing so, it became clear to us that we needed to find a better way.… [Keep reading] “On-demand, Scaleable VPN Access to AWS”

Supercharge your CloudFormation templates with Jinja2 Templating Engine

26th of January, 2018 / Shariq Mustaquim / 1 Comment

If you are working in an AWS public cloud environment chances are that you have authored a number of CloudFormation templates over the years to define your infrastructure as code. As powerful as this tool is, it has a glaring shortcoming: the templates are fairly static having no inline template expansion feature (think GCP Cloud Deployment Manager.) Due to this limitation, many teams end up copy-pasting similar templates to cater for minor differences like environment (dev, test, prod etc.)… [Keep reading] “Supercharge your CloudFormation templates with Jinja2 Templating Engine”