Ping uses ICMP protocol
RDP uses TCP protocol (how different is this from WinRM?)
Azure DevOps uses RDP/Winrm? (tasks such as: WindowsMachineFileCopy(uses Robocopy),
PowerShellOnTargetMachines)
What does AzCopy use to move files between storage account and VM?
What method does Azure Automation runbook use? (Clearly it is not what
DevOps use because I have hardened private VMs not accessible by Azure
DevOps but can be accessed to run scripts inside the VM with ease using Automation Runbooks)
Edit:
Hardened VM = registry settings forbidding the VM via firewall and winrm (disabled). So all connections coming into the VM is forbidden. Even a selfhosted agent fails. But automation runbook succeedes to connect to the VM.
What does AzCopy use to move files between storage account and VM? It uses the standard Azure Storage REST APIs( It relies on HTTP) which is based on TCP.
To copy files from git to the VM : You can use self hosted agents, which will initiate the connection from the VM, see https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/v2-windows?view=azure-devops It uses HTTPS
Related
We have an on-premises data centre that is connected to Azure via VPN.
There are some on-premises Jenkins jobs that need to run when code is pushed in the Azure repository, and there is an on-premises Nexus server to store artifacts from other Azure pipelines. The rest can and should run in Azure.
I know there is a possibility to use a self-hosted agent that is placed in the Azure virtual network which could then connect to on-premises, but we do not want to manage/pay for a self-hosted agent.
My question is, is there something like a virtual network integration for Azure DevOps? The idea is to let DevOps connect to on-premises resources via the Azure VNet and the VPN without self-hosted agents in between.
E.g., does the ARM Service Connection only allow to access resources like VMs for deployments or does it also allow to connect to a VNet and the via VPN connected resources on-premises?
Thanks in advance!
I have already created a service connection between DevOps and the Azure subscription. I cannot check weather the connection to on-premises works for internal reasons.
The Microsoft hosted agents for Azure DevOps only allow for public internet connections to other resources. VPN and Use of expressroute or other connections to the internal corporate network are not supported. See this section of the docs for reference.
I have been having trouble finding specific answers to my questions about Azure Backup Server. Basically, I have a client with a Hyper-V Host and two guests. All are running Server 2019. Does Azure Backup Server provide the mechanism to easily restore and spin up these servers in the Azure cloud for quarterly testing, or will I need to create an Azure cloud host to perform this testing?
You cannot restore a backup of a Hyper-V VM, stored in Azure, to Azure as an Azure VM. Because currently this is not a supported scenario. You can only restore to an on-premises host.
FAQ reference URL - https://learn.microsoft.com/en-us/azure/backup/backup-azure-dpm-azure-server-faq#can-i-restore-a-backup-of-a-hyper-v-or-vmware-vm-stored-in-azure-to-azure-as-an-azure-vm
We have code repositories on Azure Devops example url :https://dev.azure.com/myorg/myproject
We also have Azure VM created. Our Azure VM is windows 10. When we create a new VM on azure, Internet is enabled by default.
The VM will be shared with development team member. To secure code, developer should NOT be able to use personal email boxes and any other drives like dropbox, onedrive etc. So what i feel i need is we need is Internet disabled but only access to Azure DevOps repo. Is this possible? How to achieve this?
You can use Network Security Group resource in Azure. Set rules to allow traffic only to specified services (in your example Azure DevOps) and deny rest of the connections.
https://learn.microsoft.com/pl-pl/azure/virtual-network/security-overview
I'am using AzureDevOps to build and pack my docker application.
The goal is to execute docker-compose commands in Azure VM, which is behind the firewall and can be access only thru vpn connection or standard web-browsing ports.
You can use deployment groups to achieve that. Reason this will work, because it is a one way communication (from agent to Azure Devops), so you dont really need to open ports for the VM, the VM has to only be able to reach Azure Devops endspoints (more on this).
TLDR. Using agents will work, because its an outgoing connection from the agent, not from Azure Devops to the agent.
How can I see the alert rules in virtual machine ( using remote desktop) azure.
I have RDP credentials but not the azure login.
Kindly help
How can I see the alert rules in virtual machine ( using remote
desktop) Azure.
I think it is not possible, because alert rules work on Azure platform, used for manage Azure resources.
Azure VM is a resource of Azure platform, can't see the alter rules without Azure account.