I am working on project hosted in Azure, and that project uses Azure services under the hood, such as Device Provisioning Service and SignalR.
So, question is quite simple - how to mitigate DDOS attacks to Azure SignalR and Device Provisioning Service?
Azure provide DDOS protection service, but it's not support these services.
The Microsoft edge network provides DDOS protection against cloud services, DDOS protection as a service is available for network-based resources on virtual networks rather than those that are classed as platform-as-a-service.
Related
I am looking for alternative options to Azure DDoS protection for protecting my Azure hosted web applications. Azure DDoS is $2944/month which is too pricey for us.
We currently have several web apps hosted in Azure sitting behind an Azure App Gateway (with WAF). Would it be possible to add DDoS protection from a 3rd party vendor such as AWS Shield or Cloudflare without reconfiguring our web apps to use a new layer 7 gateway? Or is the only option to replace the Azure App Gateway with a different vendor gateway? Is the DDoS solution generally tied to whichever layer 7 gateway is being used?
Ideally I would like to be able to enable a DDoS layer of protection without having to restructure our Azure services if that's at all possible.
There are some enhancements and updates in the Azure network security portfolio, including Azure DDoS Protection, which will be announced in Microsoft Ignite 2022 from October 12 to 14.
There will be a public preview of latest Azure DDOS Protection SKU at Ignite (10/12/2022), and the pricing for that would be quite less. You can wait till the announcement and consider that.
Refer : https://techcommunity.microsoft.com/t5/azure-network-security-blog/microsoft-ignite-2022-explore-what-s-new-in-azure-network/ba-p/3645142
Alternatively – Azure Front Door with WAF and Cloudflare are also valid options.
You can enable Cloudflare DDoS layer of protection without having to restructure the existing Azure services. DDoS solution is not tied to whichever layer 7 gateway is being used.
We have some dedicated LOB application on-premise applications. Access to these apps is through the public Internet. Active Directory Domain Services is used to authenticate users.
In Azure, there are multiple ways to create high-availability; is there something similar for on-premise apps using Azure? By this I mean if one on-premise system is down, traffic is routed to another app.
I know there are some options such as Application Gateway, Traffic manager and Front-door including Azure LB, my question is - are these the right services we should use in an on-premise setting?
For your on premise environment, you can use Network Load balancing(NLB) feature of Windows Server. See details here, it has an Azure inspired feature too.
My Cloud Service (hosted in USEast) is pretty sluggish when used by customers who are not US based. I am looking for some quick win, that do not include deploying to multiple regions.
A quick google returned a document instructing I could Optimize network throughput for Azure virtual machines by using Accelerated Networking.
I would like to enable this option on my Cloud Service VMs, however I am not sure this is even possible as I do not really control the VMs, the network, or even the NICs.
Has anyone successfully enabled Accelerated Networking for their Cloud Service?
Yes it's possible.
Accelerated Networking (or Dynamic Network Acceleration) is essentially a CDN without the caching. It can be pointed at any web service, and it will provide the benefits of the Azure Network for all requests, not just requests suitable for caching.
Simply set the CDN origin to the Cloud Service's endpoint url.
I am using Azure Mobile Services for a production mobile application. I am looking into failover configuration in Azure portal and can't find anything about it.
There is the "Traffic Manager" as described in the Azure documentation. But in my understanding it only deals with VMs and Networking, not the Mobile Services.
My guess is: failover management is included in the mobile services by design. In other word, if one MS azure server crashes, my mobile service URL will be rerouted on another server automagically.
Am I right?
Availability SLAs are only guaranteed on the Standard and Premium tiers, see Support and SLA in: http://www.windowsazure.com/en-us/pricing/details/mobile-services/
An Azure Mobile Services is tied to a single Azure region. So if your Azure region fails, you need to manually migrate to another Azure region. Details can be found in Recover your mobile service in the event of a disaster.
We have a corporate web services with back end SAP, CRM etc. We would like to expose this web service (java web service) so that azure web role can connect to corporate intranet web services.
Could someone please suggest which of below technologies will fit and why:
1. Windows Service Bus
2. Windows Azure Connect
or 3. VPN (Virtual Network).
Service bus will require some effort to get working, but is a good solution if your corporate network overlords are very picky about exposing endpoints. Windows Azure Connect creates a VPN-like tunnel, but requires that specific software be installed, configured and maintained. I have an app that successfully uses virtual networking and utilises existing VPN gateways and skills - very understandable to the security and networking people.