vsts Build agent access to a specific team? - azure

In order to not be restricted to 4h of build /month, in VSTS we have bought an hosted build agent for us Team (We can see it in Azure portal).
But how restrict the access to the other teams ?
In the Agent Queues i see nothing to do that...

For the same team project, you can’t do it.
For different team projects, the user with Administrator role of agent pool and project collection can create new queue. So you can remove these permissions for others and delete the Hosted queue from related team project. With this way, they can’t use Hosted queue.
BTW, there isn’t the time restrict once buy a Hosted pipeline.

Related

Azure DevOps Agent pools - create for project only

When I create an Agent Pool in any of my DevOps projects I will see the pool also in the other projects in the same organization. How to disable this behaviour? I want each Agent Pool to be accessible only by the selected project.
for agent pool and self-hosted agent setting, both for Linux, mac and windows, you need to enter organization URL when configure the agent. So you need to go to organization settings->Agent pools->click the affected agent pool then go to Security, to limit other projects users' permission to read the agent pool.
Here in my example, if I remove other project\project valid users and only leave project A\project valid users as readers, only users in project A could see the affected pool in the organization level and other projects' agent pools.
Users in other projects will not be able to see the agent pool, unless you add the individual user as at least reader role in the security part.
I hope it could do some help.

What is the difference between Azure devops and VSTS

Last year i am integrating VSTS with our testing environment but with new Azure devops it is completely change my old account of VSTS is working with my integration but new account of Azure devops (VSTS) is not working. Why it is happen.
Could not find any reference that's shows me breaking changes.
Kindly help.
Thanks in advance.
On September 10, 2018, Microsoft renamed Visual Studio Team Services (VSTS) to Azure DevOps Services.
VSTS features are now separate services:
For the url's change. We've moved to the new dev.azure.com domain name as the primary URL for new organizations. (Specifically, it's https://dev.azure.com/{your organization}/{your project}.)
If you want to change your URL to be based on dev.azure.com as the primary, an organization administrator can change this from the organization settings page. We will also support redirects from visualstudio.com URLs so there will not be broken links.
For more information about this change, see Introducing Azure DevOps.
About the concept of collection in Azure DevOps, Default collection is no longer present in the URL for a long time. You could take a look at our PM's word:
One important note – we have been working for some time to enable
grouping multiple VSTS organizations together under a higher-level
artifact. We had been calling this artifact an organization in blog
posts
(https://blogs.msdn.microsoft.com/devops/2016/01/11/how-we-plan-to-enable-creating-multiple-collections-per-account/
and
https://blogs.msdn.microsoft.com/devops/2016/04/09/merging-the-concepts-of-account-and-collection/)
as well as in our communication with some users already trying it out
in private preview. The work here will continue, and we’ll be coming
up with a new name for these groupings of organizations.
For the url of REST API, the request URI, in the following form:
VERB https://{instance}[/{team-project}]/_apis[/{area}]/{resource}?api-version={version}
instance: The Azure DevOps Services organization or TFS server you're sending the request to. They are structured as follows:
Azure DevOps Services: dev.azure.com/{organization}
TFS: {server:port}/tfs/{collection} (the default port is 8080, and
the value for collection should be DefaultCollection but can be any
collection)
We do not use collection concept in Rest API of Azure DevOps, so you do not need to specify it in the url. Actually Azure DevOps organization is collection level, TFS is server level, they are not the same level, one TFS server could have multiple collections.

Can I link multiple Azure subscription to single Team Services accounts(VSTS)?

So I have a single Visual studio account with 3 project in it and I have three different azure subscription for deploying these projects. But I can able to link one of the subscription to VSTS. But other two are I am not able to do linking.
I did some searching on this stuff got a link saying that it is not possible : 1
So can anybody help me on this situation.
You can only link a single subscription to a VSTS account.
That is however for paying for services for VSTS. For deployment you can setup as many connections as you like on the Services tab in the administration.
You can add as many Service Endpoints as you like then use them in Tasks in both Build and Release.

Starting with azure development as a company

We are a small company and are still unsure how to start all this azure stuff.
Ok, we are clear on the technicalities like table storage and queues and all the that stuff, what we don't know about at all is how to set up the organization around developing for our developers. Which/how many azure accounts, shared or individual ones.
So far we've done classic windows development, so everyone has his environment, unit tests run either locally or on the build server (after pushing to mercurial or git), deployment from the build server.
The thing is that we want to use Azure not just as a hoster, but the full set, like blob/document/table storage, event hubs, storage queues, ReliableActors and everything. Things we can't do locally.
What's the appropriate way for azure then? There are about 20 to 30 developers and most have the enterprise msdn subscription.
What is a "company or organisation" account for? Should developers have their own accounts? Does DevOps need their passwords for all the bamboo or jenkins build stuff?
I went through this recently and I can share a few tips here since I'm also not aware of a DevOps specific platform to share this on StackExhange.
As far as organizing your subscriptions go look at Azure Pay-As-You-Go Dev/Test Subscriptions link
or Enterprise Dev/Test link if you are an Enterprise Agreement customer. These are aimed at development teams, you get discounted rates since you don't pay for software licenses that are already included in your MSDN subscription.
It is best to use individual developer subscriptions for exploration, POC etc while running your main dev workload in the Dev-Test subscription. It looks tempting to try and save a buck by spreading the work across multiple MSDN subscriptions to use the credits but I wouldn't recommend it. It becomes a pain to manage 20~30 subscriptions and they can run out of credits and things stop working. If you remove the spending limit on all the subscriptions you run the risk of racking up a huge bill accidently if multiple devs leave VMs on or add premium storage to VMs etc.
As far as DevOps go, use RBAC and Azure Active Directory to manage access and certificates for your DevOps tooling, build servers, release management etc don't use individual developer credentials for this.
And I agree with the other comments, get in touch with MS as well, this is just the tip of the iceberg but it will get you started.

How to publish a Web Application to another persons azure subscription

I currently have a Web Application and SQL Database instance published on my own personal Azure trial subscription. However the app is now finished and I want to hand ownership over to the person I am creating it for. So I want to publish it to his Azure subscription, so he can look after billing, monitor, and have ownership of the application etc.
I asked him to add me as a user to his account, and now I see his company name listed as a 'Directory' from the portals home page (along with my Default Directory, my Web App, and my SQL Database). I don't know how to proceed from here. I want to be able to Publish it from Visual Studio 2013 - then run my code first migrations to create the database, all to a location that his company and not me is responsible for.
Is my approach to this wrong? In a general sense, how do you develop a test application (and test it in Azure) and publish it for someone else on Azure?
The first comment on the question is sort of what I am trying to achieve:
Transfer all data from my account to another in the same Azure subscription
"What do you mean by from my account to another in the same Azure subscription? Normally I have seen folks want to move data from one subscription to another one (say from Dev Subscription to Prod Subscription)."
But if I just transfer the app I wouldn't be able to make changes in VS and re-publish it, for example.
EDIT:
I found this article on Migrating an enterprise web app to an Azure service. Would it be possible to Publish the app to my local dev machine (with local database), then use the Migration Assistance to move it to Azure? Obviously to do this I would need my clients Microsoft ID and password to log into his subscription which is not ideal.
You will first want to make sure that the subscription appears in your "Subscription list" in the top right corner and is selected.
I am assuming you have connected your VS with your Azure subscription and are able to publish your app to your subscription from here, and that the new subscription is "missing" from your selection. But now you have been added to a new subscription but have not updated VS. Remove and readd Azure Subscriptions from VS. This should require you to log into Azure, and should pull updated account information.
Now when you Deploy your app, you will be able to select which Subscription you want to deploy it into.

Resources