Skip to main content

Posts

Showing posts from October, 2017

Isolate Web Application from public internet (App Service)

In this post, we will talk about web endpoint security. Let us start from a basic requirement and see what we need to fulfil it. The web application hosted inside App Services shall not be public available from internet. Context The requirement is simple and clear, but can give us headaches if the team does not cover it from the beginning. Microsoft Azure is offering two options to fulfil it: IP Restrictions App Service integration with VNET VNET with dedicated App Service Environment IP Restrictions App services is allowing us to specify a list of IPs that can access our web application. The feature is similar with the IP restriction functionality offered by IIS and can be configured inside web.config. The difference between this two is the location where these checked is done. Using IP Restrictions the check is done a layer before the IIS. Additional this, the configuration can be done from Azure Portal or using ARM templates. There is no need to modify the configurati...

Just deleted an Azure SQL Database by mistake! What's next?

There are times when you make mistakes, big mistakes like… …deleting an Azure SQL Database… In this post, we will take a look on what are the steps that needs to be done to recover and restore a deleted database. We are in the context where you have a Standard database, without any special features related to backups. Trigger I just realized that I deleted the wrong database and I do not have any custom backups mechanism configured. What should I do? Time is crucial  Time is one of the most important factors. The backups of deleted databases is stored for a limited time. The time window depends based on the instance type. In this time window, you can restore a deleted database without any kind of problems. The retention policies for backups is 7 days for Basic and 35 days for Standard and Premium. Azure SQL Server created automatically backups to your databases. These backups are used to restore a deleted database. Don’t forget that as for on-premises backups, things can g...

How to get your Azure Subscription Quotas and current Usage

In this post, we will talk about a simple problem inside Microsoft Azure: How I can see what my quotas are for Azure Subscription that I am using? Context When you start to use you Azure Subscription more than for playing you realize after a few weeks that you do not know what your current quotas limits are. Additional to this, it is not easy to count the number of instances for each resource. For example if you use multiple Azure Storage in different Resource Groups, how easily you can count the number of Storage accounts that you are using? To make the problem a little more complex, you should know that a part of these quotas are per Azure Region. For example, you have a default limit of 50 VNETs per Azure Region. It means that it would be pretty hard to calculate the total number of VNETs that you are using on each Azure Region. It is not impossible, but you would need to do some additional things. Usage + Quotas Inside Azure Portal, we have a dedicated tile that provide t...

[Post Event] Codecamp Timisoara, October 14, 2017

In October 14 I attended to Codecamp Timisoara . It was a great experience, where I met great people from Timisoara and other cities around Romania. At this conference I delivered a session about enterprise security and how you mitigate different security aspects when you want to migrate to Microsoft Azure. Below, you can find more information related to it. Title:  Enterprise security in Practice Abstract:  How does an enterprise looks like when you talk about security and cloud? Complicated, rigid and challenging to accept cloud based architectures. After working closely with security teams from different companies I identified different approaches and requirements that are standard for enterprises. In this session I want to discuss and share with you lessons learned on how we can map security requirements to Azure. Slides: Enterprise security in Practice from Radu Vunvulea

Migrating File Server (Share) to Azure

Let’s take a look on what are the current solution on Azure when we want to migrate our local file storage from on-premises to cloud. Context On the current system, let us imagine that we have Windows File Server that it is used to share filers inside the company. The File Server is fully integrated with our Active Directory server and based on roles we allow/restrict access to different folders/files. What we want to do? We want to migrate to Azure this solution in such a way that we don’t need to manage the File Server machines and also to be able to have control on file sharing permissions using user roles (Active Directory integration). Addition to this, we want to be able to attach as a shared folder or partition the shared content on the client machine. Azure Files An extremely powerful solution provided by Microsoft, which allow us to store our files in Azure and share them with others. The SMB protocol is fully supported, meaning that we can attach the shared on ou...

The real difference between an Azure VM with or without SSD

I want to talk about the real difference of an Azure VM with or without SSD. This is not a post with charts and artificial benchmarks; it is just a real story from the field. Context One of my fellows from my work came at me complaining about a performance issue related to SQL Server. On an Azure VM with Linux they used to have an SQL Server instance. The DB storage size was not to complex and the DB size was acceptable. Problem Every few hours a job has to be executed on the database. There is a lot of data processing inside it and it usually takes around 1 hour. From duration perspective this is not acceptable, there is a clear NFR that request the task to be executed under 30 minutes. An audit was done to the VM and database and it was pretty clear that there is a problem at read and write operations. Many actions were happening at that level, causing the memory and storage to be at high levels. Actions The DB specialists reviewed the database structure and the job. Unfortuna...

Using SQL security features to isolate sensitive data inside a PoC

When writing a PoC you need to keep it as simple as possible and prove that from a technology perspective the project vision is feasible and is the right one. One of the fundamentals rules of a PoC is that it needs to cover things that are not general truth (e.g. You don’t want to prove that ASP.NET MVC can render HTML or expose an REST API). Keeping a PoC as simple as possible can become a problem when you want to use customer data not only mocks data. When you have customer sensitive information, which should not be visible even to the development team you might end up in a strange situation. The problem is not related on how you can do this. The biggest problem is the effort that you need to invest to create the deployment scripts or the automation mechanism that would allow the customer to deploy the solution in an isolated environment, where development team would not have access. This effort might require extra development effort that you don’t want to include in a PoC. I...