I am writing this to provide Azure services architecture as the start of Azure Architecture series. The intention is purely educational, please ensure to engage Microsoft or professional consulting services for your environment and use cases. On top of that, Microsoft has provided various reference architecture from the official site. This model provides a model … Continue reading Azure Architecture Series: Services Architecture Reference Model
Security Challenge on Azure
There are few common security related questions when we start planning migration to Azure:
- How can we restrict the ingress and egress traffic on Azure ?
- How can we route the traffic on Azure ?
- Can we have Firewall kit, Intrusion Prevention System (IPS), Network Access Control, Application Control and Anti – Malware on Azure DMZ ?
This blog post intention is to answer above questions using following Azure features combined with Security Virtual Appliance available on Azure Marketplace:
- Azure Virtual Network (VNET)
- Azure Network Security Groups (NSGs)
- Azure Network Security Rule
- Azure Forced Tunelling
- Azure Route Table
- Azure IP Forwarding
- Barracuda NG Firewall available on Azure Marketplace
One of the most common methods of attack is The Script Kiddie / Skiddie / Script Bunny / Script Kitty. Script Kiddies attacks frequency is one of the highest frequency and still is. However the attacks have been evolved into something more…
View original post 1,387 more words
Microsoft Azure ExpressRoute provides dedicated, private circuits between your WAN or datacentre and private networks you build in the Microsoft Azure public cloud. There are two types of ExpressRoute connections – Network (NSP) based and Exchange (IXP) based with each allowing us to extend our infrastructure by providing connectivity that is:
- Private: the circuit is isolated using industry-standard VLANs – the traffic never traverses the public Internet when connecting to Azure VNETs and, when using the public peer, even Azure services with public endpoints such as Storage and Azure SQL Database.
- Reliable: Microsoft’s portion of ExpressRoute is covered by an SLA of 99.9%. Equinix Cloud Exchange (ECX) provides an SLA of 99.999% when redundancy is configured using an active – active router configuration.
- High Speed speeds differ between NSP and IXP connections – but go from 10Mbps up to 10Gbps. ECX provides three choices of virtual circuit speeds in Australia: 200Mbps, 500Mbps…
View original post 1,000 more words
Azure Sydney User Group for First 2015 Edition kicked-off with great start. Simon Waight, Andreas Wasita (me) and Scott Scovell was presenting at 11th Feb 2015. Simon and me had extensive experience with AWS especially on Enterprise space, Scott Scovell is master of integration with more than 5 years experience in Azure with AWS skills … Continue reading Azure Sydney User Group February 2015: Azure Eye for the AWS Guy
At TechEd Europe 2014, Microsoft announced the General Availability of Network Security Groups (NSGs) which add security feature to Azure’s Virtual Networking capability. Network Security Groups provides Access Control on Azure Virtual Network and the feature that is very compelling from security point of view. NSG is one of the feature Enterprise customers have been waiting for. What … Continue reading Secure Azure Virtual Network and create DMZ on Azure VNET using Network Security Groups (NSG)
At TechEd Europe 2014, Microsoft announced the General Availability of Network Security Groups (NSG) which add security feature on Azure Virtual Network (VNET). The feature is very compelling from security point of view. NSG is one of the Azure security feature I always use everytime I design solution using Azure. I have blogged this last … Continue reading Secure Azure Virtual Network (VNET) and Create DMZ on Azure using Network Security Groups (NSG) – Azure Security Part II
Public Cloud is all about trust which security is key pillar to keep the customer trust. There is a misconception about Cloud Security. This post will be part of my Azure Security blog post series. In this series we will dispell some of the myths and discuss how to mitigate the risks. Based on Gartner 2014 survey, … Continue reading Secure Azure VM from day Zero with Azure Security Extension – Azure Security Part 1
There are few ways to install the X-Plat CLI; using installer packages for Windows and OS X or combination of Node.js and NPM for Linux. Node.js and npm via nave Nave is a tool for handling node.js installations. Nave is to node.js just like RVM is to Ruby. It pulls directly from nodejs.org Follow … Continue reading Install Windows Azure X-Plat CLI
Before We discuss any further, You need to have Windows Azure account and enable Windows Azure Preview features. You need a x.509 v3 certificate to register your servers with backup vaults. The certificate must have 2048 key length , have valid Client Authentication EKU, validity period is no more than 3 years and reside at certificate … Continue reading Windows Azure Online Backup Step By Step
For PowerShell users out there. You can administer your Azure VM more fun with Windows Azure Powershell. Before We start our exporting and re-provisioning mission, We do need some preparations beforehand. 1. Please install Windows Azure Powershell either on your desktop or your bastion host. Download here. 2. Run Windows Azure Powershell with your … Continue reading Export and re-Provision your Azure VM with Azure PowerShell