Azure Active Directory

 What is Azure Active Directory?

Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources in:

• External resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications.

• Internal resources, such as apps on your corporate network and intranet, along with any cloud apps developed by your own organization. For more information about creating a tenant for your organization, see Quickstart: Create a new tenant in Azure Active Directory.

Reference: https://docs.microsoft.comwhatis

Continue Reading →

Azure SQL

 Azure SQL Database is a relational database-as-a-service (DBaaS) hosted in Azure that falls into the industry category of Platform-as-a-Service (PaaS).

• Best for modern cloud applications that want to use the latest stable SQL Server features and have time constraints in development and marketing.
• A fully managed SQL Server database engine, based on the latest stable Enterprise Edition of SQL Server. SQL Database has two deployment options built on standardized hardware and software that is owned, hosted, and maintained by Microsoft.

With SQL Server, you can use built-in features and functionality that requires extensive configuration (either on-premises or in an Azure virtual machine). When using SQL Database, you pay-as-you-go with options to scale up or out for greater power with no interruption. SQL Database has some additional features that are not available in SQL Server, such as built-in high availability, intelligence, and management.

Azure SQL Database offers the following deployment options:

• As a single database with its own set of resources managed via a logical SQL server. A single database is similar to a contained database in SQL Server. This option is optimized for modern application development of new cloud-born applications. Hyperscale and serverless options are available.
• An elastic pool, which is a collection of databases with a shared set of resources managed via a logical SQL server. Single databases can be moved into and out of an elastic pool. This option is optimized for modern application development of new cloud-born applications using the multi-tenant SaaS application pattern. Elastic pools provide a cost-effective solution for managing the performance of multiple databases that have variable usage patterns.

Reference: https://docs.microsoft.com, https://docs.microsoft.com/en-us/azure/, https://www.youtube.com

Continue Reading →

Azure App Services

 Azure App Service enables you to build and host web apps, mobile back ends, and RESTful APIs in the programming language of your choice without managing infrastructure. It offers auto-scaling and high availability, supports both Windows and Linux, and enables automated deployments from GitHub, Azure DevOps, or any Git repo. 

App Service not only adds the power of Microsoft Azure to your application, such as security, load balancing, autoscaling, and automated management. You can also take advantage of its DevOps capabilities, such as continuous deployment from Azure DevOps, GitHub, Docker Hub, and other sources, package management, staging environments, custom domain, and TLS/SSL certificates.

Besides App Service, Azure offers other services that can be used for hosting websites and web applications.

Deploy an ASP.NET Core web app: https://docs.microsoft.com/en-us/azure/app-service/

Deploy an ASP.NET web app: https://docs.microsoft.com/en-us/azure/

Reference: https://docs.microsoft.com, https://www.youtube.com

Continue Reading →

Autoscale in Microsoft Azure

 Autoscale allows you to have the right amount of resources running to handle the load on your application. It allows you to add resources to handle increases in load and also save money by removing resources that are sitting idle. You specify a minimum and maximum number of instances to run and add or remove VMs automatically based on a set of rules. Having a minimum makes sure your application is always running even under no load. Having a maximum limits your total possible hourly cost. You automatically scale between these two extremes using rules you create.

When rule conditions are met, one or more autoscale actions are triggered. You can add and remove VMs, or perform other actions. 

Azure Monitor autoscale applies only to Virtual Machine Scale Sets, Cloud Services, App Service - Web Apps, API Management services, and Azure Data Explorer Clusters.

Horizontal vs vertical scaling

Autoscale only scales horizontally, which is an increase ("out") or decrease ("in") in the number of VM instances. Horizontal is more flexible in a cloud situation as it allows you to run potentially thousands of VMs to handle load.

In contrast, vertical scaling is different. It keeps the same number of VMs, but makes the VMs more ("up") or less ("down") powerful. Power is measured in memory, CPU speed, disk space, etc. Vertical scaling has more limitations. It's dependent on the availability of larger hardware, which quickly hits an upper limit and can vary by region. Vertical scaling also usually requires a VM to stop and restart.

References: https://docs.microsoft.com

Continue Reading →

Azure backup (On Premise)

 Lab on Azure backup

Go to All Services> Storage > Recovery Services Vaults

Provide following information. Name, Subscription, RG, Location

After providing all information click on Create button. It will take some time to create your resource. when It is completed then open this service vault resource. 

Here you will see two option Backup and Site Recovery. So we will first learn Backup of on-premise file on cloud. Click on Backup link. 

In the Backup page, It will ask two question 

1- Where is your Workload running? 

    a- Azure  b- On-Premises   c- Azure-Stack

2- What do you want to backup? 

    (options depend on the above option selected)

So here I will select On-Promises in first drop down and Files and folders in second drop down. and click on Prepare Infrastructure button. 

Here we need to follow instructions given in this page. 

So lets download Recovery service agent and install it in our on-premise system.

download the second option also (Vault credentials).

Now open the Microsoft Azure Backup in your system. (Recovery service agent)

Click on Register Server option Right side Backup section. 

It will open a wizard. In Proxy Configuration nothing to do. click on Next. In Vault Identification tab browse the downloaded vault credential file. and click on Next button. 

In Encryption setting tab, You have to set passphrase. click on Generate Passphrase button. It will generate passphrase for you. you can save this passphrase in any location. finally click on Register button.

Now our system is synchronized with azure.

Now you can see, there is no backup scheduled. Lets schedule a backup. Click on Schedule Backup link. 

Select the files/folder to backup. 

Specify the backup schedule day/time. you can set maximum 3 times per day.

As of now you can skip retention policy.  Choose initial backup type 'Online'. Finally click on finish button. Backup schedule for 8PM per day has been created.

But here we will not wait till that time. So we will click on BackUp now link available on right side.

Backup will take some time based on file size. So you will have to wait. when processing will be done click on Finish button. Now backup is ready. 

Now We will delete all existing files which are backup. 

Now we will Recover the files which we backed Up. Click on Recover data link. select the red marked options below.

In the Select Volume and Date tab you will see the last backup date. select it and  click on Mount button.

It will take some time, till then you will have to wait. 

Finally you can see the data in my computer drive section. 

Continue Reading →

Azure Site Recovery and Backup

 As an organization you need to adopt a business continuity and disaster recovery (BCDR) strategy that keeps your data safe, and your apps and workloads online, when planned and unplanned outages occur.

Azure Recovery Services contributes to your BCDR strategy:

Site Recovery service: Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. Site Recovery replicates workloads running on physical and virtual machines (VMs) from a primary site to a secondary location. When an outage occurs at your primary site, you fail over to secondary location, and access apps from there. After the primary location is running again, you can fail back to it.

Backup service: The Azure Backup service provides simple, secure, and cost-effective solutions to back up your data and recover it from the Microsoft Azure cloud.

What can I back up?

• On-premises - Back up files, folders, system state using the Microsoft Azure Recovery Services (MARS) agent. Or use the DPM or Azure Backup Server (MABS) agent to protect on-premises VMs (Hyper-V and VMware) and other on-premises workloads
• Azure VMs - Back up entire Windows/Linux VMs (using backup extensions) or back up files, folders, and system state using the MARS agent.
• Azure Managed Disks - Back up Azure Managed Disks
• Azure Files shares - Back up Azure File shares to a storage account
• SQL Server in Azure VMs - Back up SQL Server databases running on Azure VMs
• SAP HANA databases in Azure VMs - Backup SAP HANA databases running on Azure VMs
• Azure Database for PostgreSQL servers (preview) - Back up Azure PostgreSQL databases and retain the backups for up to 10 years
• Azure Blobs (preview) - Overview of operational backup for Azure Blobs (in preview)

Azure Backup offers three types of replication to keep your storage/data highly available.

Locally redundant storage (LRS) replicates your data three times (it creates three copies of your data) in a storage scale unit in a datacenter. All copies of the data exist within the same region. LRS is a low-cost option for protecting your data from local hardware failures.

Geo-redundant storage (GRS) is the default and recommended replication option. GRS replicates your data to a secondary region (hundreds of miles away from the primary location of the source data). GRS costs more than LRS, but GRS provides a higher level of durability for your data, even if there's a regional outage.

Zone-redundant storage (ZRS) replicates your data in availability zones, guaranteeing data residency and resiliency in the same region. ZRS has no downtime. So your critical workloads that require data residency, and must have no downtime, can be backed up in ZRS. 

Reference: https://docs.microsoft.com

Continue Reading →

Azure Storage services

 The Azure Storage platform is Microsoft's cloud storage solution for modern data storage scenarios. Core storage services offer a massively scalable object store for data objects, disk storage for Azure virtual machines (VMs), a file system service for the cloud, a messaging store for reliable messaging, and a NoSQL store. The services are:

• Durable and highly available. Redundancy ensures that your data is safe in the event of transient hardware failures. You can also opt to replicate data across datacenters or geographical regions for additional protection from local catastrophe or natural disaster. Data replicated in this way remains highly available in the event of an unexpected outage.
• Secure. All data written to an Azure storage account is encrypted by the service. Azure Storage provides you with fine-grained control over who has access to your data.
• Scalable. Azure Storage is designed to be massively scalable to meet the data storage and performance needs of today's applications.
• Managed. Azure handles hardware maintenance, updates, and critical issues for you.
• Accessible. Data in Azure Storage is accessible from anywhere in the world over HTTP or HTTPS. Microsoft provides client libraries for Azure Storage in a variety of languages, including .NET, Java, Node.js, Python, PHP, Ruby, Go, and others, as well as a mature REST API. Azure Storage supports scripting in Azure PowerShell or Azure CLI. And the Azure portal and Azure Storage Explorer offer easy visual solutions for working with your data.

Core storage services

The Azure Storage platform includes the following data services:

• Azure Blobs: A massively scalable object store for text and binary data. Also includes support for big data analytics through Data Lake Storage Gen2.
• Azure Files: Managed file shares for cloud or on-premises deployments.
• Azure Queues: A messaging store for reliable messaging between application components.
• Azure Tables: A NoSQL store for schemaless storage of structured data.
• Azure Disks: Block-level storage volumes for Azure VMs.

Example scenarios

The following table compares Files, Blobs, Disks, Queues, and Tables, and shows example scenarios for each.

Description	When to use
Azure Files: Offers fully managed cloud file shares that you can access from anywhere via the industry standard Server Message Block (SMB) protocol. You can mount Azure file shares from cloud or on-premises deployments of Windows, Linux, and macOS.	You want to "lift and shift" an application to the cloud that already uses the native file system APIs to share data between it and other applications running in Azure. You want to replace or supplement on-premises file servers or NAS devices. You want to store development and debugging tools that need to be accessed from many virtual machines.
Azure Blobs: Allows unstructured data to be stored and accessed at a massive scale in block blobs.	You want your application to support streaming and random access scenarios. You want to be able to access application data from anywhere.
Azure Disks: Allows data to be persistently stored and accessed from an attached virtual hard disk.	You want to "lift and shift" applications that use native file system APIs to read and write data to persistent disks. You want to store data that is not required to be accessed from outside the virtual machine to which the disk is attached.
Azure Queues: Allows for asynchronous message queueing between application components.	You want to decouple application components and use asynchronous messaging to communicate between them.
Azure Tables: Allow you to store structured NoSQL data in the cloud, providing a key/attribute store with a schemaless design.	You want to store flexible datasets like user data for web applications, address books, device information, or other types of metadata your service requires.

References: https://docs.microsoft.com

Azure Storage redundancy

Azure Storage always stores multiple copies of your data so that it is protected from planned and unplanned events, including transient hardware failures, network or power outages, and massive natural disasters.

Redundancy in the primary region

Data in an Azure Storage account is always replicated three times in the primary region. Azure Storage offers two options for how your data is replicated in the primary region:

Locally redundant storage (LRS) copies your data synchronously three times within a single physical location in the primary region. LRS is the least expensive replication option, but is not recommended for applications requiring high availability.

Zone-redundant storage (ZRS) copies your data synchronously across three Azure availability zones in the primary region. For applications requiring high availability, Microsoft recommends using ZRS in the primary region, and also replicating to a secondary region.

Reference: https://docs.microsoft.com

Continue Reading →

Improve Website Response Using Traffic Manager

 This tutorial describes how to use Traffic Manager to create a highly responsive website by directing user traffic to the website with the lowest latency. Typically, the datacenter with the lowest latency is the one that is closest in geographic distance.

Steps to follow for this purpose: 

Create two Virtual network (one in East-Us and other in India)

Now Create two VM in each vnet.

Install IIS in both the VM. Create Index.html file within wwwroot folder in both VM.

Now create two more VM in both Vnet (one in each) for testing the website.

Now configure the DNS name in both VM server. (vmserver-eastUS, vmserver-india)

I provided the name vmserverus.eastus.cloudapp.azure.com in configuration. Same way create DNS for India server also.

Now create traffic manager profile. This time select Routing method as 'Performance'.

Now add endpoints for bothVM in Traffic manager profile. 

Now copy the DNS name from traffic manager profile http://mytmf.trafficmanager.net 

Now all steps are completed. This is the time for testing. 

Go to testing server of US and open the above url in IE. You will see web page from US server. same try to do with India testing server you will see data from India server.

Reference: https://docs.microsoft.com

Continue Reading →

Traffic Manager in Azure portal

 Azure Traffic Manager is a DNS-based traffic load balancer. This service allows you to distribute traffic to your public facing applications across the global Azure regions. Traffic Manager also provides your public endpoints with high availability and quick responsiveness.

Traffic Manager uses DNS to direct the client requests to the appropriate service endpoint based on a traffic-routing method. Traffic manager also provides health monitoring for every endpoint. The endpoint can be any Internet-facing service hosted inside or outside of Azure.

Traffic Manager routing methods

Azure Traffic Manager supports six traffic-routing methods to determine how to route network traffic to the various service endpoints. For any profile, Traffic Manager applies the traffic-routing method associated to it to each DNS query it receives. The traffic-routing method determines which endpoint is returned in the DNS response.

The following traffic routing methods are available in Traffic Manager:

• Priority: Select Priority routing when you want to have a primary service endpoint for all traffic. You can provide multiple backup endpoints in case the primary or one of the backup endpoints is unavailable.
• Weighted: Select Weighted routing when you want to distribute traffic across a set of endpoints based on their weight. Set the weight the same to distribute evenly across all endpoints.
• Performance: Select Performance routing when you have endpoints in different geographic locations and you want end users to use the "closest" endpoint for the lowest network latency.
• Geographic: Select Geographic routing to direct users to specific endpoints (Azure, External, or Nested) based on where their DNS queries originate from geographically. With this routing method, it enables you to be in compliance with scenarios such as data sovereignty mandates, localization of content & user experience and measuring traffic from different regions.
• Multivalue: Select MultiValue for Traffic Manager profiles that can only have IPv4/IPv6 addresses as endpoints. When a query is received for this profile, all healthy endpoints are returned.
• Subnet: Select Subnet traffic-routing method to map sets of end-user IP address ranges to a specific endpoint. When a request is received, the endpoint returned will be the one mapped for that request’s source IP address. 

All Traffic Manager profiles have health monitoring and automatic failover of endpoints. Within a Traffic Manager profile, you can only configure one traffic routing method at a time. You can select a different traffic routing method for your profile at any time. Your changes will be applied within a minute without any downtime. 

Here we will test a demo on priority basis. 

First create two web app in two different region.

In the same way you can create another web app (dotnetguru02) in different region. below is both web app. one is in East US and another is in central US.

Create a traffic manager profile with below information. 

Now my traffic manager profile is ready.

Now create endpoint inside traffic manager.

First we need to add primary end point. then we will create failover end point.

Now my both endpoints are ready. 

Now go to traffic manager profile > Overview : copy the DNS name and paste it in browser url. 

you will see the priority1 web app. now disable the priority1 web app and again refresh the browser. you will see the priority 2 web app. 

You can follow ms documents article for more info. https://docs.microsoft.com/en-us/azure/traffic-manager/quickstart-create-traffic-manager-profile

Continue Reading →

Zone Redundant Load Balancer

 Load Balancer and Availability Zones

Azure Load Balancer supports availability zones scenarios. You can use Standard Load Balancer to increase availability throughout your scenario by aligning resources with, and distribution across zones.

To create the Zone Redundant Load Balancer we need to follow the below url link. 

https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-standard-public-zone-redundant-portal

https://www.youtube.com/watch?v=9rVvZ1uj_Qg&list=PLBGx66SQNZ8ZS9VhxzfWpne4c3ces9IHA&index=21

Continue Reading →

Internal Load Balancer Demo

 The Internal Load Balancer is an Azure Load Balancer that has only an internal-facing Virtual IP. This essentially means users cannot apply an Internal Load Balancer to balance a traffic load coming from the Internet to internal input endpoints.

The Internal Load Balancer implements load balancing only for virtual machines connected to an internal Azure cloud service or a virtual network.

Internal load balancer directs traffic only to resources that are inside a virtual network or that use a vpn to access Azure infrastructure.

Create a Virtual network named (myvnet).

Now we need to create 3 Virtual machine (vm1, vm2, vm3) within created Virtual network. select availability set same in all VM's.

Now take RDP of all VM's and install Web server.

Now Create new Load Balancer. 

Now go to created Load balancer. 

Go to Backend Pool and create a new Backend pool and add vm1 and vm2 virtual machine in that backend pool.

Now Go-to Health prob and add new health prob with it's required information.

Now go-to Load balancing rule and add new load balancing rule. 

all configurations are done in Load balancer.

Now go to vm1 and vm2 server and create index.html file in wwwroot directory.  you can write some content in index.html file. I have written server name (vm1 and vm2)

Now we need to test load balancer. So here we are testing internal load balancer. for this we will send request from any VM in same network. 

First copy the private Ip of load balancer (10.0.0.7).

Take rdp of vm3 and open IE browser. now paste the ip of load balancer in IE browser and hit enter button. 

You will see the data coming from vm1 server. If you frequently refresh the page you will see data from same server. Now wait for at least 4 minutes and again refresh the page. load balancer will redirect the request to another vm (vm2).

So this is the complete demo of Internal load balancer testing in same region.

Continue Reading →

Azure Public Load Balancer Demo

 

Create two VM (webserver1, webserver2). 

In each VM select same availability set. for this you have to create new availability set. 

after creating two VM's we will create Load balancer for our VM's.

To create the Load balancers we will navigate to all services > networking > Load balancer

Click on Create Load Balancer button. 

Provide all the required information and click on Create button. Now our Load balancer is ready. 

Open this load balancer. here we need to do some changes. all fields which are marked in red needs to be changed one by one.

So, First click on Frontend IP configuration link on left side menu bar. here we have already provided Ip name. so we can skip this. 

Now go-to Backend pools.  add new backend pool. 

Select the created availability set. when you select the existing availability set then It will ask to set target virtual machine. you can add both created VM's in target to balance the load.

Now Go-to Health probes link. Add a new health probe. provide all information and click on Ok button.

Now go-to Load balancing rule link.  add new load balancing rule. provide all required information.

We have created all the required things for creating public load balancer. Now we will test this. 

Go-to both VM's by taking RDP connection and create IIS web server. 

After installing the web server on both VM, create html file named index.html under below dir. in both VM server.

Now copy the public Ip address of load balancer (lb-webserver) and paste it in any browser url and hit enter button.

You will see the data from VM2. after 4 minute(idle state) when you will refresh the page it will redirect to VM1.

Continue Reading →