Lately, I’ve been working with several organizations that need to selectively restrict outbound Internet access from within their Azure Virtual Networks (VNETs) to conform to their own internal security policies. However, at the same time, the applications within their VNET may need to legitimately access several other Azure services, such as Azure Storage, Azure SQL Database, and others, that live outside a VNET in the same Azure datacenter region.
In this article, we’ll walk through a process that can be leveraged to easily define and control outbound network access to Azure services in the same region as your VNET using Network Security Groups (NSGs). You can also download the complete set of code snippets referenced in this article from GitHub.
Does your organization use a web proxy server for securing outbound Internet access?
Do you use third-party tools, such as Fiddler, that rely on HTTP/HTTPS proxying?
If you’ve answered yes! to either of these questions, you’ll find that you’ll likely need to make a couple quick tweaks to your Azure PowerShell scripts for successful connectivity when communicating through a proxied connection.
In this article, I’ll provide 4 simple lines of code that you can add to the beginning of any Azure PowerShell scripts when you need to work with a proxy-based connection to the Microsoft Azure cloud ...
In a prior article, we walked through the process of scripted provisioning for V2 virtual networks and site-to-site connections using Azure Resource Manager (ARM) and Azure PowerShell together. Recently, a UI create experience was surfaced in the NEW Azure Portal to make it even easier to provision these scenarios directly from the portal.
In this article, we’ll step through building Site-to-Site VPN connections for V2 virtual networks using the NEW Azure Portal ...
A while back, I published an article that stepped through capturing diagnostic logs for v1 “Classic” virtual network gateways (aka VNET Gateways or VPN Gateways) on Azure via the Azure Service Management (ASM) API and PowerShell. Since then, the Azure team has released Azure Resource Manager (ARM) as our new management API along with new V2 virtual networks with an improved provisioning model.
In the article below, I’ve updated my original guidance to reflect the steps for capturing v2 VNET gateway diagnostic logs using Azure PowerShell 1.0.x and Azure Resource Manager.
UPDATE: A first-class management experience is now available on Azure for enabling volume encryption for Windows and Linux VMs via Azure PowerShell, the Azure Cross-Platform CLI, ARM templates, and REST API. Please reference the article linked below for more information, technical whitepapers, and detailed step-by-step instructions regarding this new feature.
The Microsoft Azure cloud platform has supported at-rest encryption of Windows Server VM data volumes via BitLocker for some time now, but I’ve found that there’s often a desire to completely automate the BitLocker configuration as part of virtual machine provisioning and startup tasks.
In this article, I’ll walk through the PowerShell steps to automate the provisioning of BitLocker and unlocking BitLocker-protected data disks as part of a virtual machine’s startup tasks.
Continuing their "Build Your Hybrid Cloud" series, Keith Mayer and Andy Syrewicze dive into Azure Resource Manager and show us we can deploy, organize and manage applications in our IT environment.
Learn more! 18 Steps for End-to-End IaaS Provisioning in the Cloud with Azure Resource Manager, PowerShell and DSC
Experience Microsoft's latest products with these FREE downloads! Build Your Lab! Download Windows Server 2012 R2, System Center 2012 R2 and Hyper-V Server 2012 R2 and get the best virtualization platform and private cloud management solution on the market. Try it FREE now!
Don't Have a Lab? Build Your Lab in the Cloud with Microsoft Azure Virtual Machines. Try Windows Azure for free with no cost or obligations, and use any OS, language, database or tool. FREE Download
If you're interested in learning more about the products or solutions discussed in this episode, click on any of the below links for free, in-depth information:
Websites & Blogs:
Custom IP routing topologies on Azure Virtual Networks have been available for several months via native User-Defined Routing (UDR) and IP Forwarding features. However, recently I’ve been receiving questions on how to configure IP forwarding and user-defined routes via the new Azure Resource Manager (ARM) API.
In this article, we’ll step through a set of PowerShell snippets that walk-through the entire end-to-end process of using the new Azure PowerShell 1.0 Preview module cmdlets for ARM to implement user-defined routing for the front-end subnet pictured above ...
In the past few articles, we’ve been focusing on provisioning end-to-end IaaS environments on the Microsoft Azure cloud platform using the new Azure Resource Manager API and PowerShell. In this article, we’ll be looking at several ways to manage these environments post-provisioning using some of the new capabilities, such as Resource Groups and Tags, that ARM provides.
As a follow-up to my original End-to-End IaaS scenario using Azure Resource Manager (ARM), PowerShell and DSC, this article expands our configuration to include a VNET-to-VNET connection between Azure Virtual Networks provisioned via the new v2 ARM stack.
VNET-to-VNET connections are useful for peering individual VNETs that may exist in separate Azure datacenter regions or subscriptions.
Now, let’s get started ...
Support for provisioning and managing Azure IaaS virtual machine environments via Azure Resource Manager (ARM) was recently launched as a Generally Available (GA) feature! There’s several HUGE advantages that ARM provides over the existing Azure Service Management (ASM) API, including simplifying complex configurations, repeatable deployments via declarative templates, resource tagging, role-based access control (RBAC) and more! You can learn more about the advantages of this new API at:
With the GA launch of ARM for Virtual Machine services, lots of us are exploring how to leverage this new API as part of an automated provisioning process. So, I thought I’d update my previous guidance on automated provisioning of IaaS environments for using the new Azure Resource Manager.
In this article, we’ll step through using the latest Azure PowerShell module, which is version 0.9.4 as of this article’s publication date, to perform end-to-end provisioning of a common IaaS VM scenario: load-balanced web applications. My goal in this article is to provide you with code snippets that can serve as “building blocks” for learning, demo'ing and beginning to create your own automated provisioning process using Azure Resource Manager, PowerShell and Desired State Configuration. To promote readability, I haven't included error handling in these snippets, so I'll leave that for you to incorporate with respect to the scenario that you're building.
In future articles, we’ll look at provisioning this same scenario using other tools and approaches, such as Azure Resource Manager Templates and also the Azure Cross-Platform CLI for Linux and Mac OSX ...
The Azure Billing REST API was recently made available as a Public Preview, and there’s been a ton of interest from customers in leveraging this API to collect and track usage of cloud services in their Microsoft Azure subscriptions.
UPDATE: Version 0.9.4 and later of the Azure PowerShell module now include new Azure Resource Manager cmdlets to query Azure usage data directly: Get-UsageAggregates and Get-UsageMetrics.
In this article, I’ll provide a simple script that leverages Azure PowerShell to call this API and export usage data from your Azure subscription to a CSV file for further analysis …
Keith Mayer is a Principal Technical Architect at Microsoft, focused on helping ISV partners leverage the Azure cloud platform. Keith has over 20 years of experience as a technical leader of complex IT projects, in diverse roles, such as Network Engineer, IT Manager, Technical Instructor and Consultant. He has consulted and trained thousands of customers and partners worldwide on design of enterprise technology solutions.
Keith is currently certified on several Microsoft technologies, including Azure, Private Cloud, System Center, Hyper-V, Windows, Windows Server, SharePoint, SQL Server and Exchange. He also holds other industry certifications from VMware, Amazon AWS, IBM, Cisco, Citrix, HP, CheckPoint, CompTIA and Interwoven.
You can contact Keith online at http://aka.ms/AskKeith.