Cloud and Automation Blog

Tag: Azure (page 1 of 1)

Satellite connectivity expands reach of Azure ExpressRoute across the globe

Staying connected to access and ingest data in today’s highly distributed application environments is paramount for any enterprise. Many businesses need to operate in and across highly unpredictable and challenging conditions. For example, energy, farming, mining, and shipping often need to operate in remote, rural, or other isolated locations with poor network connectivity.

With the cloud now the de facto and primary target for the bulk of application and infrastructure migrations, access from remote and rural locations becomes even more important. The path to realizing the value of the cloud starts with a hybrid environment access resources with dedicated and private connectivity.

Network performance for these hybrid scenarios from rural and remote sites becomes increasingly critical. With globally connected organizations, the explosive number of connected devices and data in the Cloud, as well as emerging areas such as autonomous driving and traditional remote locations such as cruise ships are directly affected by connectivity performance.  Other examples requiring highly available, fast, and predictable network service include managing supply chain systems from remote farms or transferring data to optimize equipment maintenance in aerospace.

Today, I want to share the progress we have made to help customers address and solve these issues. Satellite connectivity addresses challenges of operating in remote locations.

Microsoft cloud services can be accessed with Azure ExpressRoute using satellite connectivity. With commercial satellite constellations becoming widely available, new solutions architectures offer improved and affordable performance to access Microsoft.

Infographic of High level architecture of ExpressRoute and satellite integration

Microsoft Azure ExpressRoute, with one of the largest networking ecosystems in the public Cloud now includes satellite connectivity partners bringing new options and coverage.

8095 1

SES will provide dedicated, private network connectivity from any vessel, airplane, enterprise, energy or government site in the world to the Microsoft Azure cloud platform via its unique multi-orbit satellite systems. As an ExpressRoute partner, SES will provide global reach and fibre-like high-performance to Azure customers via its complete portfolio of Geostationary Earth Orbit (GEO) satellites, Medium Earth Orbit (MEO) O3b constellation, global gateway network, and core terrestrial network infrastructure around the world.

8095 2

Intelsat’s customers are the global telecommunications service providers and multinational enterprises that rely on our services to power businesses and communities wherever their needs take them. Now they have a powerful new tool in their solutions toolkit. With the ability to rapidly expand the reach of cloud-based enterprises, accelerate customer adoption of cloud services, and deliver additional resiliency to existing cloud-connected networks, the benefits of cloud services are no longer limited to only a subset of users and geographies. Intelsat is excited to bring our global reach and reliability to this partnership with Microsoft, providing the connectivity that is essential to delivering on the expectations and promises of the cloud.

8095 3

 Viasat, a provider of high-speed, high-quality satellite broadband solutions to businesses and commercial entities around the world, is introducing Direct Cloud Connect service to give customers expanded options for accessing enterprise-grade cloud services. Azure ExpressRoute will be the first cloud service offered to enable customers to optimize their network infrastructure and cloud investments through a secure, dedicated network connection to Azure’s intelligent cloud services.

Microsoft wants to help accelerate scenarios by optimizing the connectivity through Microsoft’s global network, one of the largest and most innovative in the world.

ExpressRoute for satellites directly connects our partners’ ground stations to our global network using a dedicated private link. But what does it more specifically mean to our customers?

  • Using satellite connectivity with ExpressRoute provides dedicated and highly available, private access directly to Azure and Azure Government clouds.
  • ExpressRoute provides predictable latency through well-connected ground stations, and, as always, maintains all traffic privately on our network – no traversing of the Internet.
  • Customers and partners can harness Microsoft’s global network to rapidly deliver data to where it’s needed or augment routing to best optimize for their specific need.
  • Satellite and a wide selection of service providers will enable rich solution portfolios for cloud and hybrid networking solutions centered around Azure networking services.
  • With some of the world’s leading broadband satellite providers as partners, customers can select the best solution based on their needs. Each of the partners brings different strengths, for example, choices between Geostationary (GEO), Medium Earth Orbit (MEO) and in the future Low Earth Orbit(LEO) satellites, geographical presence, pricing, technology differentiation, bandwidth, and others.
  • ExpressRoute over satellite creates new channels and reach for satellite broadband providers, through a growing base of enterprises, organizations and public sector customers.

With this addition to the ExpressRoute partner ecosystem, Azure customers in industries like aviation, oil and gas, government, peacekeeping, and remote manufacturing can deploy new use cases and projects that increase the value of their cloud investments and strategy.

As always, we are very interested in your feedback and suggestions as we continue to enhance our networking services, so I encourage you to share your experiences and suggestions with us.

You can follow these links to learn more about our partners Intelsat, SES, and Viasat, and learn more about Azure ExpressRoute from our website and our detailed documentation.

Source: https://azure.microsoft.com/en-us/blog/satellite-connectivity-expands-reach-of-azure-expressroute-across-the-globe

Microsoft Authenticator on Android gets cloud backup and recovery

Microsoft has made available to Android users the ability to do cloud backup and recovery for the Microsoft Authenticator app. Using this feature, Android users can more easily transfer their credentials to new devices when needed. 

Microsoft Authenticator is an app designed to help users sign into their accounts using two-factor authentication. It can enable passwordless sign-in; respond to a prompt for authentication after signing-in with username/password; or act as a code generator for any other accounts supporting authenticator apps.

Microsoft has been rolling this feature out gradually over the past few weeks. As of today, September 12, “it’s now 100% available for version 6.6.0+,” Microsoft’s blog post says. Credentials will remain updated even when users add, delete or edit accounts, officials said.

To turn on cloud backup, Authenticator users can go to settings and then, under “Backup,” set the cloud backup toggle to on. To recover account credentials on a new device, users can select “Begin Recovery” as an account option to be able to sign in using the same Microsoft account as was on their previous devices.

Microsoft Authenticator is available for iOS and Android devices. On iOS, users must have an iCloud account for the storage location. Both Android and iOS users need a personal Microsoft account to act as their recovery accounts. Only users’ personal and third-party account credentials are stored by Authenticator, meaning username and account verification code that’s required to prove identity. No other account information is stored, Microsoft officials say.

News Source: https://www.zdnet.com/article/microsoft-authenticator-on-android-gets-cloud-backup-and-recovery/

Azure Portal App – Preview

Microsoft has published a desktop client to access your Azure portal.

In the beginning, I thought to myself that this would be an app that only loads the web UI. However, after using it for a couple of days, it proved to be delivering much better response time for loading UI and blades than the Web-based portal. This app includes also the Azure shell.

This App still in preview and it’s available for download through the link below:
https://preview.portal.azure.com/app/Download

The download and setup process is so easy, click on download the Azure portal app and then follow the instructions.

Finally, log in to your Microsoft account.

Here’s a screenshot of the main interface

and another screenshot for the azure shell.

Till now, I haven’t noticed any bugs but feel free to add any comments in case you faced some issues so that we can report them to Microsoft. 🙂

Azure Bastion – Automation using ARM Templates

I have given, in my previous article, a quick guide to using the Azure Bastion Service.

In the new article, I will focus on how to automate the deployment on Azure bastion using not only ARM templates but also  Hashicorp Terraform.

So let’s get started with some definitions! 🙂

Azure Bastion, now in preview, is a managed PaaS that connects customers’ VMs via the Remote Desktop Protocol (RDP) and Secure Shell (SSH) network protocols, and it uses Secure Sockets Layer encryption in the process, Microsoft said. It’s inspired by bastion hosts and jump boxes, long a networking staple for companies that want to place dedicated gateways between the public internet and their private networks.

source: https://searchcloudcomputing.techtarget.com/news/252465418/Microsoft-Azure-Bastion-service-seeks-to-secure-VMs

What’s an ARM template?

ARM Templates, stands for Azure Resource Manager templates, are a way to declare the objects you want, the types, names, and properties in a JSON file which can be checked into source control and managed like any other code file. ARM Templates are what gives us the ability to roll out Azure “Infrastructure as code”.

source: https://www.red-gate.com/simple-talk/cloud/infrastructure-as-a-service/azure-resource-manager-arm-templates/

ARM template Syntax

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "",
  "apiProfile": "",
  "parameters": {  },
  "variables": {  },
  "functions": [  ],
  "resources": [  ],
  "outputs": {  }
}

$schema, content version, apiProfile, and resources are required elements. below is a description of different parts of the template

parameters: Values that are provided when deployment is executed to customize resource deployment.

variables: Values that are used as JSON fragments in the template to simplify template language expressions.

functions: User-defined functions that are available within the template.

resources: Yes Resource types that are deployed or updated in a resource group or subscription.

outputs: No Values that are returned after deployment.

For more information take a look at https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authoring-templates

Now, let’s move to the ARM template to build the Azure Bastion.

In my git repository below, I uploaded two files :

https://github.com/makramjenayah/AzBastionARM

The first one is the template file, which containsthe resources that will be created:

1- The public IP address.

2- The virtual network associated with the AZ bastion and its different subnets.

3- The Azure Bastion.

The second one, contains the parameters needed to deploy the resources and which need to be personalized..

Now, let’s deploy the template.

  1. To deploy a customized template through the portal, select Create a resource, search for a template. and then select Template deployment.
  2. Select Create.
  3. You see several options for creating a template choose to Build your own template in the editor: create a template using the portal template editor. The editor is capable to add a resource template schema.
  4. Select the Edit template to explore the portal template editor. The template is loaded in the editor.
  5. Make a minor change to the template. For example, update the  {{changeIT }} by adding your subscription id.
  6. Select Save. Now you see the portal template deployment interface. Notice the two parameters that you defined in the template.
  7. Enter or select the property values:
  • Subscription: Select an Azure subscription.
  • Resource group: Select Create new and give a name.
  • I agree to the terms and conditions stated above: (select)

Finally, click on purchase and your Azure Bastion will be deployed.

I hope this article gives you an overview and a quick-start to deploy ARM template. Stay tuned for my next article, I will focus on how to deploy the Azure Bastion using Terraform.

Azure Bastion – The Guide

You don’t want to assign a public IP to each virtual machine on Azure? You want a secure way to manage your VMS? This article will help you implement the brand new Azure service to get a private and fully managed service which will allow you to access VMS directly from the Azure portal using your browser over the SSL protocol.

So let’s start with some theoretical aspects, the Azure bastion is advantageous in many ways :

  • RDP and SSH sessions over SSL on port 443 via the Azure portal; so from any modern browser you will be able to access your VMS.
  • Azure Bastion is fully managed by Microsoft which means that you will no longer need to manage Network security groups (NSGs) and much more administrative tasks.
  • Your VMs will be protected against port scanning.
  • No need to assign Public IP to your Azure VMs.

The Architecture as designed by Microsoft:

Azure Bastion is currently in public preview and limited to some regions:

  • West Europe
  • West US
  • East US
  • South Central US
  • Australia East
  • Japan East

To participate, you can click on the link below :

https://aka.ms/BastionHost

After the theoretical part, let’s answer the question How to deploy the AZ Bastion?

First, you will need to deploy the service in your virtual network ( a subnet called AzureBastionSubnet with at least /27 must be created) :

Second, since it’s natively integrated, the platform will automatically detect if the Azure Bastion is deployed on the virtual network your virtual machine and in the connect menu you will get Bastion as a connection option.

Now you can enter your username and password to log in. This will open a web-based SSL RDP Session in the Azure Portal.

And as previously mentioned in this article, there is no need to have a Public IP address assigned to your virtual machine.

I hope this article gives you an overview of the azure bastion. If you want to know more check out the Microsoft documentation. If you have any questions or feedback, feel free to leave a comment or contact me.

In my next article, I will explain how to automate the deployment of the Azure Bastion using ARM template and terraform.