Cloud Journey

Azure Public IP(s) are zone redundant free of cost natively - Generally Available Availability zone gives high availability to an application as well as information by forestalling the physical datacenter disappointments by involving replication of the asset in extra datacenter. Azure typically has 3 zones per region (and not all regions support zone). Thus, while setting up the environment we really want to pick the right region based on our usecase. Public IP helps to access a resource or an application publicly. Azure offers 2 types of SKU for public IP as below Basic Standard Only Standard SKU gives zone facility. Basic SKU is always non-zonal and this SKU also will be retired 09/2025. Standard public IP can be fell into any of the below category No Zone / Non-Zonal - No availability zone at all Zonal - Our services can be replicated in any one of selected zones from three zones. Zone redundant - Resource will be replicated in all 3 zones. It is opposite of...

𝗚𝗹𝗶𝗺𝗽𝘀𝗲 - 𝗔𝘇𝘂𝗿𝗲 𝗱𝗶𝘀𝗸 𝘂𝘀𝗲 𝗰𝗮𝘀𝗲𝘀 Hi Present days, Container based services/applications are growing than applications running from virtual machines. Even though container services evolving IT apps landscape, we could not boycott VM usage. Azure VM also requires and plays vital role for some scenarios. In this post, we are going to see just glimpse of azure disks of VM. This post is not about standard vs premium disk use case FYI. Azure VM can run with OS disk but it is not good practice. There are three types of disks. OS disk Data disk Ephemeral disk We need to know when to use what then only we can avoid performance bottleneck. 𝗗𝗮𝘁𝗮 𝗗𝗶𝘀𝗸 - If we install applications as well in OS disk, we could face performance issue. It is best to use OS disk to have OS infos and booting. The benefilt of Data disk is Easy maintanence Backup and disaster recovery Performance isolation (as it is far from OS acti...

Glimpse - GA - 𝗔𝘇𝘂𝗿𝗲 𝗕𝗹𝗼𝗯 𝗦𝘁𝗼𝗿𝗮𝗴𝗲 𝗟𝗶𝗳𝗲𝗰𝘆𝗰𝗹𝗲 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝗻𝗼𝘄 𝘀𝘂𝗽𝗽𝗼𝗿𝘁𝘀 𝗶𝗺𝗽𝗿𝗼𝘃𝗲𝗱 𝗰𝗼𝗻𝘁𝗿𝗼𝗹 𝗼𝗻 𝗮𝗿𝗰𝗵𝗶𝘃𝗶𝗻𝗴 #cloud #azure Azure/Microsoft releases a new feature in Lifecycle Management generally available for storage account. Below illustration will give you some insights and help you at that time of your project discussion. Hope this will be helpful 😊

Glimpse - Azure function migration from .net6 in-process to .net8 isolated Microsoft/Azure periodically announces the end of support for some services and ask us to migrate to a new version/release when they come up with a robust solution than the deprecated. In this post we are going to see a glimpse/UI configuration change of azure function 𝗺𝗶𝗴𝗿𝗮𝘁𝗶𝗼𝗻 𝗳𝗿𝗼𝗺 .𝗻𝗲𝘁𝟲 𝗶𝗻-𝗽𝗿𝗼𝗰𝗲𝘀𝘀 𝗺𝗼𝗱𝗲𝗹 𝘁𝗼 .𝗻𝗲𝘁𝟴 𝗶𝘀𝗼𝗹𝗮𝘁𝗲𝗱. Here, I'm not going to deep dive about the migration whereas going to see the illustration of changing .net version from UI. For learning, GUI is the best place to start. So, as a dev guy we would prefer azure portal mostly. Consider a scenario that, you're requested to migrate your existing .net6 function app to be migrated .net8 isolated, you would go to settings panel and try to change the version in configuration, but the option would be disabled, it was disabled for me initially. Shocking and Afraid! After some point of ...

Glimpse - Key Vault Vs App Configuration for App service In this post, we are jsut going to see glimpse of comparison between Keyvaukt and App Configuration for App services references. Why we are comparing these two? Recently App Configuration references on App Service become Generally Available and it can complements Keyvault. Let us consider a scenario that we need to have client-id and secret which will be used in an API call for authentication from Azure function app/ App service / Logic App standard, in a secure place. So, Here we come to know 2 azure native services are as follows Azure Keyvault Azure App Configuration Azure people(we) typically use keyvault to handle secrets in secure way whereas App Configuration also complements Azure Keyvault then which is better or in which scenario we can pick either of the one. According to me, We can go for keyvault when we need to handle secrets environment specific. Here, enviro...

Azure Devops Bypass policy when code push - Glimpse Devops is a culture most of the organizations embrace it. In this article let's see what is branch policy in Azure Devops (ADO). Before that, we need to know what is policy (aka) Branch policy in ADO Branch policy has set of policies to be applied on the branch typically main. By that we avoid accidental activity. Few are as Reviewers required to view the code change before move to main/master branch work item - ADO's user story / task / bug etc., any of the item number should be linked Consider a scenario that your organization's existing project has some policies like most recent code pusher can not push code again. Very rare case may happen or not, a senior developer needs a exclusion to fix an urgent pre-prod/production incident. So He/She does not want to be in that case. They want to push their code often when discussing with client manager or customer So, how can we override the bran...

Find your azure service/resource tab easily in chrome using an extension Irrespective of role like Azure devops, developer, network engineer, architect etc., we typically use azure portal primarily While working on issues and/or in presentation, we may require to have multiple azure tabs with different services Here consider a scenario that I am analysing an issue from logic app which uses azure function. So I need to visit logic app, function app and application insights if enabled. If we use single tab, it will take more time. So, we can have multiple tabs. Here logic app, azure function and application insights in each tab I would have. yes. It will save our time but consider that sometimes we would have more than 10 tabs at that time we may not know which tab has which resource because all browsers have A icon. So, while navigating, we may get annoyed. So, What's the solution when we use more tabs? Here we've a nice feature in chrome browser which provid...

Validating file and/or directory using if statement in Linux When we do admin related activities in linux via bash scripts, we may need to validate whether it is a file or directory. We can see in the below illustration how can we validate a file or directory.

Create tar archive file in Linux - Glimpse tar command is very useful to create archive files like zip and other formats in Linux when we work with terminals like PuttY In the below illustration, we can see an example / glimpse of tar command to create and extrat the content/file from the same tar.

Azure storage account new access tier - Glimpse Azure has introduced a new access tier for storage account called 𝐂𝐨𝐥𝐝. What is the use of it where we already have 3 access tiers as 𝐇𝐨𝐭, 𝐂𝐨𝐨𝐥 𝐚𝐧𝐝 𝐀𝐫𝐜𝐡𝐢𝐯𝐞? Let us take scenarios as below. When our document will get frequently accessed - 𝐇𝐨𝐭 When my document will be infrequently accessed (i.e Within 30 days, it can be accessed. - 𝐂𝐨𝐨𝐥 If my document will be accessed after 30 days, 𝐞𝐚𝐫𝐥𝐢𝐞𝐫 𝐰𝐞 𝐠𝐨 𝐟𝐨𝐫 𝐀𝐫𝐜𝐡𝐢𝐯𝐞 access tier but now When my document needs to be accessed within 90 days at any time - 𝐂𝐨𝐥𝐝 Data retrieval from Archive needs some process like rehydrating (i.e converting from Archive tier to (Hot or Cool) aka offline tier to online tier). To save some cost, we can go for cold tier which allows us to keep our data for 90 days instead of archive tier. Limitations and known issues. The change feed is not yet compatible with the cold tier. Object rep...

JIT VM Access - One way to reduce VM attack surface area When a cloud resource is publicly accessible, it means it also ready for attack. In this post, we will see how JIT helps azure virtual machine with public IP enabled securing briely. Organizations need a VM with public IP sometimes. In this kind of scenario, we need secure the VM from attacker. Just-In-Time (JIT) is one of the way to secure the VM in following ways. It can block RDP (3389) and SSH (22) ports. It allows to set specific port can be opened for a specific time for specific IP ranges. It can work with VMs only have private IP as well. Azure Bastion can be used to block traffic for a private IP VM until JIT access is enabled. To enable JIT VM access, Go to configuration and enable it.

Azure - Find hint about the IP address using KQL #cloud #azure Hi All! As we are in cloud, we may have a thought / necessitate to find about the public IP details like country, city. Consider a scenario that one of a storage account in your organization's azure subscription has the public network access as "Enabled from selected virtual networks and IP addresses" i.e. It can be accessed from the VNet/Subnet associated with and also included Firewall address range (Individual IP when you're working from home). Now, aforementioned storage account has some individual IP(s), you need to find the last/latest IP added details/Clue. Azure KQL offers a feature called geo_info_from_ip_address() to get some hint about the public IP like country, city, langtitude etc.. Above mentioned scenrio is just for an example but you can have different scenarios. Note: This feature is not giving you exact details about IP address You can got to Logs menu ...

Azure - Change custom lookback period for Azure Advisor VM/VMSS right-sizing recommendations #cloud #azure Hi All! Azure Advisor advises/recommeds us to optimize our cloud resources in various places like scaling, security, sizing, performace, cost etc., Now azure releases a new feature that changing lookback period for azure VM/VMSS to get right sizing. Let's consider a scenario that a company is running business and it has some workloads in either azure VM or VMSS. Some of the times VM's usage like CPU or memory is high. Due to this, application performace may be slower adnd user feels some bad experience. Company asks its azure admin to investigate it and when he/she viewd at azure advisor first, it recommends some solution based on last 7 days usage of VM. Here, Company needs the VM usage details biweekly or in someother pattern, not with the default 7 days. Here the new custom lookback period helps to achieve what the company wants. By this featur...

Azure - Cross region service endpoints for azure storage (GA) #cloud #azure Hi All! To bring an azure storage under virtual network and/or restrict storage account to be only accessed from VNet/not allowing to publicly accessible, we have private endpoint and service endpoint. We typically use either private endpoint or service endpoint. Herebefore azure has service endpoint for storage only allows to access/connect to VNet from the same or paired region. As per the latest feature Cross region service endpoints for azure storage generally available, service endpoint can be configured to allow access to an Azure Blob or Data Lake storage account from VNets in any region. The earlier service endpoint type is Microsoft.Storage The new service endpoint type is Microsoft.Storage.Global The only and main thing is we can't have both type of above service endpoint in a subnet at a time. (i.e. If Microsoft.Storage chosen, Microsoft.Storage.Global cannot be cho...

Azure Devops - work items bulk import-update-publish to Devops using Excel #cloud #azure #devops Hi All! As a azure devops guys and work on scrum or any other methodologies, we have many chances to update our tasks in devops. There are chances that project manager and/or project lead need to work on consolidated work items for presentation. We can update our task one by one individually which takes more time and Consider the below scenaio. Project lead or we need to modify the state of 100 work items. More than 15 work items title need to be modified. To achieve the above with minimal effort and time, we have Azure Devops Office Integration feature which will help us to work on excel and update the work items altogether from excel to Devops all at once. Here before, we used query in Devops and then we would export into CSV. Now with the help of above software, we can work in an excel for updation very easily. Please look into the below images. In th...

Azure - DDoS IP Protection #cloud #azure Hi All! Security is one of the main pillar and inevitable in cloud irrespective of providers (Microsoft, Amazon, Google). Attackers do attacks mostly on publicly accessible resources which all are easily reachable than private resources. There are many type of attacks. Azure gives us the IP Protection SKU Generally Available for DDoS Protection to defend our public IP(s) Let's recall what is DDoS attack? Attackers send request from multiple/various sources against our resource. So that resource would be flooded or overwhelmed by large amount of requests. By this attack, legitimate users could not access the system which is inaccessible. We can apply Azure DDoS IP protection on individual IP or organizational level (VNet). It incurs some cost. so before implement, we need to pay attention but it is fixed mostly per resource. Note: This feature is only available for Standard SKU , not for Basic as of now. Az...

🤠 ChatGPT - Use ChatGPT for cloud 🤠 #cloud #azure #chatGPT Hi All! ChatGPT is a nice tool/extension for learning. In this post we're not going to learn ChatGPT. Instead learn using ChatGPT. Let me share my experience that I used an extension called ChatGPT: write and improve code using AI in visual studio code. To survive in IT world, we need to update and upgrade our knowledge often and we could not say I won't do this one as I don't know. If we come out of it, we can miss a wonderful oppurtunity/growth of your future Here we should accept the challenge as well as learn parallely. Even though we could get KT from the team, we need to dig into the concept well to do better. Here ChatGPT appears infront of us to help. Consider a scenario that you joined in a company as cloud developer or deploying into new team in existing company and tasked of terraform or AKS or something else which is new to you. Let's say I...

Azure Generally Available(GA) missing 🧐 - Are you not able to see the latest release of an azure service? #cloud #azure Hi All! When we come to know an update from azure, we may need to implement in the existing resource or creating a new azure resource. For example, You have an azure app service running with Premium SKU which need to be upgraded to the latest released GA or need to create a new App service with latest release SKU. Let's take one of the latest GA of the below premium V3 (PV3) SKU. Premium SKU are good for web app / app services which are production based workloads. P0V3 - Cost effective P*mv3 - Memory optimized P1mv3 P2mv3 P3mv3 P4mv3 P5mv3 Ok. Let's jump into the topic Now you're trying to create an app service with either P0V3 or P1mv3 but you were not able to find that SKU even after multiple tries like changing resource groups or creating new resource groups, and changing some regions. At one point ...

Azure Logic app - When to choose which plan (Consumption vs Standard)? #cloud #azure Hi All! When we want to perform some workloads without worry about an environment in our hand and need serverless architecture (i.e Microsoft Managed), we can go for either Azure function App or Logic App. In both of Logic App and Function App, we need not to worry about the infrastructure. Microsoft will take care of it at that time of workload(s) running. i.e. for example, If we choose Azure function app .NET based, MS will take care of OS and its necessary packages installation to run etc.., One who likes code part can go for Function app and Some who likes visual designer to create flow/connectors can go for Logic App. In this article we will see which plan type we have to choose for our workloads. Azure Logic App service provides a way to automate workflow (i.e Workflow is a series of steps that defines a task, business process, or workload). We need to pay attention ca...

Azure - Shared Access Signature (SAS) - Account key vs User Delegation #cloud #azure Hi All! I would say Azure storage account is a long last service. Whatever the services overcome one another, azure storage stays active. For example, we can take a .NET web application which can be hosted in IIS of a Azure VM, App service with or without Docker, Function app for event based. Here based on requirements App service sometimes overcome VM and function app overcomes rest of others and so on. When we use any of the cloud service, security is one of the main pillar need to consider. Here we are going to talk about Blob storage account access granting to customer or somebody else who requires it. Consider a scenario that customer application place a file, it would be csv or JSON or XML what ever it may be but a single type. Let's take JSON here. We need to allow some people to access that file. Here we have two questions as below Who are those some people whether ...