Azure

Download as pdf or txt
Download as pdf or txt
You are on page 1of 45

INTRODUCTION TO MICROSOFT

AZURE
( TH E C LO U D C O M P U TING S TA C K )
Cloud Computing FUN!!!
What is Azure? | Pay-As-You-Go
Microsoft Azure is a cloud computing platform and infrastructure created by Microsoft for
building, deploying, and managing applications and services through a global network of
Microsoft-managed data centers.
Microsoft Azure is a growing collection of integrated cloud services—analytics, computing,
database, mobile, networking, storage, and web—for moving faster, achieving more, and saving
money.
Top 10 Cloud Computing Provider
1. Amazon Web Services
2. Microsoft Azure
3. IBM
4. Google Cloud Platform
5. Salesforce.com
6. Adobe
7. Oracle Cloud
8. SAP
9. Rackspace
10. Workday
Pros and Cons
PROS / High Availability, Security, Scalability, Cost-Effectiveness(Pay-as-you-go)
Windows Azure has a great feature set, is quite easy to use, and is one of a handful of cloud
hosts to support ASP.NET.
CONS / Requires Management, Requires Platform Expertise
It doesn’t explicitly support PHP or Ruby.
Some Best Features
1. Familiarity of Windows
2. 64-bit Windows VMs
3. Azure SDK
4. Azure Search in CRM
5. Azure Network Security Groups (ACLs)
6. Pay-as-you-go service
7. RDP, VM, SSD Storage, multi OS images etc.
Azure CRM Portal: Login Screen
Azure CRM Portal: Home Screen
Comparison: Azure App Service, Virtual
Machines, Service Fabric, and Cloud Services
App Service is the best choice for most web apps. Deployment and management are integrated
into the platform, sites can scale quickly to handle high traffic loads, and the built-in load
balancing and traffic manager provide high availability.
Service Fabric is a good choice if you’re creating a new app or re-writing an existing app to use a
microservice architecture.
Cloud Services is similar to Service Fabric in degree of control versus ease of use, but it’s now a
legacy service and Service Fabric is recommended for new development.
If you have an existing application that would require substantial modifications to run in App
Service or Service Fabric, you could choose Virtual Machines in order to simplify migrating to the
cloud. Azure Virtual Machines is Infrastructure-as-a-Service (IaaS), while App Service and Service
Fabric are Platform-as-a-Service (Paas).
SPI: SASS, PASS & IAAS
Software As A Service: SAAS
Software as a service (SaaS) is a software distribution model in which a third-party provider
hosts applications and makes them available to customers over the Internet.
SAAS Model − E-mail (Gmail, Yahoo, etc.)
Platform AS A Service: PASS
PaaS or platform as a service model provides you computing platforms which typically includes
operating system, programming language execution environment, database, web server.
technically It is a layer on top of IaaS as the second thing you demand after Infrastructure is
platform.

EX: OS, DB, IDE, Web Server etc.


Infrastructure as a Service: IAAS
IaaS provides the infrastructure such as virtual machines(VM) and other resources like virtual-
machine disk image library, block and file-based storage, firewalls, load balancers, IP addresses,
virtual local area networks etc. Infrastructure as service or IaaS is the basic layer in cloud
computing model.

Ex: VM, Storage, IPS, firewalls etc.


Azure PowerShell
Azure PowerShell is a set of modules that provide cmdlets to manage Azure with Windows
PowerShell.
PowerShell CMD: Login to Azure
CMD: Login-AzureRmAccount
Start, Stop, Restart, and Delete VMs in
Microsoft Azure with PowerShell
See available module: Get-Module –ListAvailable
Stop, Start & Restart:
Add-AzureAccount
Login-AzureRmAccount
$rgName = ‘YourGroupName‘
$vmName = ‘YourVSName‘
Stop-AzureRmVM -ResourceGroupName $rgName -Name $vmName
Start-AzureRmVM -ResourceGroupName $rgName -Name $vmName
Restart-AzureRmVM -ResourceGroupName $rgName -Name $vmName
Azure SDK: Using Web Platform Installer
Azure Cloud Service: ACS
Highly available, scalable n-tier cloud
apps with more control of the OS
Azure Cloud Service: ACS
Your application is divided into two parts, each served by a separate web or worker role; the
web role instances respond to HTTP requests and make your website faster by speeding up page
delivery times, web transaction processing and so on.
Worker role instances handle message and background job processing, such as asynchronous
processing of emails, large database transactions and computing-heavy tasks like data
processing and indexing.

Web Role: HTTP requests.


Runs Windows Server with your web app automatically deployed to IIS.
Worker Role: Background job processing.
Runs Windows Server without IIS.
Azure Cloud Service Apps files
.csdef, .cscfg & .cspkg
A cloud service is created from three components, the service definition (.csdef), the service
config (.cscfg), and a service package (.cspkg).
Both the ServiceDefinition.csdef and ServiceConfig.cscfg files are XML-based and describe the
structure of the cloud service and how it's configured; collectively called the model.
The ServicePackage.cspkg is a zip file that is generated from the ServiceDefinition.csdef and
among other things, contains all of the required binary-based dependencies. Azure creates a
cloud service from both the ServicePackage.cspkg and the ServiceConfig.cscfg.
Create ACS Applications in VS
01. First installed VS 2015.
02. Then Installed Azure SDk.
Create ACS Applications in VS
Generate Package: Deployment
Just right click into Azure cloud service project, then
Create New Azure Cloud Service
ACS: Publish-Update/Upload to Azure
Cloud services (classic)
Has two options: Staging and productions
Upload ACS Package
Have to select already created storage
Upload .cspkg file
Upload .cscfg file
ACS: Reserved IP
With the latest PowerShell release, Microsoft Azure allows you to reserve a public IPv4 address
in your Azure Subscription.
You can own these IP addresses for as long as you want in your subscription and also associate
them with your Cloud Service Deployments in the region of the Reserved IP addresses.
ACS: Reserved IP
.CSCFG:
<NetworkConfiguration>
<AddressAssignments>
<ReservedIPs>
<ReservedIP name="Group YourGroupName ReservedIPName" />
</ReservedIPs>
</AddressAssignments>
</NetworkConfiguration>
Access Control List (ACLs)
An endpoint Access Control List (ACL) is a security enhancement available for your Azure
deployment.
An ACL provides the ability to selectively permit or deny traffic for a virtual machine endpoint.
This packet filtering capability provides an additional layer of security. You can specify network
ACLs for endpoints only.
You can't specify an ACL for a virtual network or a specific subnet contained in a virtual network.
Access Control List (ACLs)
Selectively permit or deny incoming traffic based on remote subnet IPv4 address range to a
virtual machine input endpoint.
Blacklist IP addresses
Create multiple rules per virtual machine endpoint
Specify up to 50 ACL rules per virtual machine endpoint
Use rule ordering to ensure the correct set of rules are applied on a given virtual machine
endpoint (lowest to highest)
Specify an ACL for a specific remote subnet IPv4 address.
ACL: In Code
.csdef
<AccessControls>
<AccessControl name="ACL_Common">
<Rule action="permit" description="Des1" order="100" remoteSubnet="XXX.XX.XXX.XXX/32" />
<Rule action="permit" description="Des12" order="101" remoteSubnet="XXX.XXX.XX.XX/32" />
</AccessControl>
</AccessControls>

<EndpointAcls>
<EndpointAcl role="YourRole" endPoint="YourEndpoint" accessControl="ACL_Common" />
</EndpointAcls>
Create New VM
Create New VM
You have to select a resource group
Resource Group
A container that holds related resources for an Azure solution. The resource group can include
all the resources for the solution, or only those resources that you want to manage as a group.
You decide how you want to allocate resources to resource groups based on what makes the
most sense for your organization.
Benefits of using Resource Manager
You can deploy, manage, and monitor all the resources for your solution as a group, rather than
handling these resources individually.
You can repeatedly deploy your solution throughout the development lifecycle and have
confidence your resources are deployed in a consistent state.
You can manage your infrastructure through declarative templates rather than scripts.
You can define the dependencies between resources so they are deployed in the correct order.
You can apply access control to all services in your resource group because Role-Based Access
Control (RBAC) is natively integrated into the management platform.
You can apply tags to resources to logically organize all the resources in your subscription.
You can clarify your organization's billing by viewing costs for a group of resources sharing the
same tag.
Network security groups
A network security group (NSG) contains a list of access control list (ACL) rules that allow or deny
network traffic to your VM instances in a Virtual Network.
NSGs can be associated with either subnets or individual VM instances within that subnet. When
a NSG is associated with a subnet, the ACL rules apply to all the VM instances in that subnet.
In addition, traffic to an individual VM can be restricted further by associating a NSG directly to
that VM.
Network security groups
Add inbound security rule
Inbound and Outbound Rules
Inbound rules: These are to do with other things accessing your computer. If you are running a
Web Server on your computer then you will have to tell the Firewall that outsiders are allowed
to connect to it.
Outbound rules: These are so that you can let some programs use the Internet, and Block
others. You will want to let your Web Browser (Internet Explorer, Firefox, Safari, Chrome,
Opera...) have access to the Internet, so you will tell Windows Firewall that it's allowed.
Remote Desktop Protocol (RDP)
Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which
provides a user with a graphical interface to connect to another computer over a network
connection.
Remote Desktop Protocol (RDP)
In ACS you have to enabled it with
certificate.
So first you have to create certificate.
Recommendation References:
01. ABC:
http://www.tutorialspoint.com/microsoft_azure/
02. Cloud Services Documentation:
https://docs.microsoft.com/en-us/azure/cloud-services/
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-
documents/live/cloud-services.pdf
03. Azure App Service, Virtual Machines, Service Fabric, and Cloud Services comparison:
https://docs.microsoft.com/en-us/azure/app-service-web/choose-web-site-cloud-service-vm
04. Over View Azure Cloud Services:
https://docs.microsoft.com/en-us/azure/cloud-services/cloud-services-choose-me
Recommendation References:
05. Get started with Azure Cloud Services and ASP.NET:
https://docs.microsoft.com/en-us/azure/cloud-services/cloud-services-dotnet-get-started
06. Azure Cloud Service package:
https://docs.microsoft.com/en-us/azure/cloud-services/cloud-services-model-and-package
07. Enable Remote Desktop Connection for a Role in Azure Cloud Services:
https://docs.microsoft.com/en-us/azure/cloud-services/cloud-services-role-enable-remote-
desktop
08. Azure powershell:
https://docs.microsoft.com/en-us/azure/powershell-install-configure
https://github.com/Azure/azure-powershell
Recommendation References:
09. Access Control List (ACLs):
https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-acl/
10. Reserved IP addresses for Cloud Services & Virtual Machines:
https://azure.microsoft.com/en-us/blog/reserved-ip-addresses/
11. RDP:
https://docs.microsoft.com/en-us/azure/virtual-machines/virtual-machines-windows-classic-
connect-logon
12. Azure Resource Manager overview
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-overview
Recommendation References:
13. Network security groups
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-nsg
14. Azure Network Security Groups (NSG) – Best Practices
https://blogs.msdn.microsoft.com/igorpag/2016/05/14/azure-network-security-groups-nsg-best-
practices-and-lessons-learned/
THANK YOU
• R M Shahidul Islam Shahed
• Sr. Software Engineer, Atom AP Limited.

You might also like