Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I have a VNET with two App Services and one Windows VM in Azure. They are in the same VNET using VPN point-to-site.
I want to protect this environment with a WAF and have read that I can use Application Gateway WAF instead of the very expensive setup with App Service Environment and Barracuda.
Could anyone please explain how I can achieve this? The closest I have found is https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-web-application-firewall-portal .
In case someone has the same question, starting from July 2017, the Azure Application Gateway with Web Application Firewall supports App Services deployed in the multi-tenant environment. As described here.
More information on how to configure it here.
Support for Azure Web Apps as backend pool member is not currently supported on Application Gateway. However for App Service Environment (ASE) there is a workaround possible. Refer to this blog post - http://sabbour.me/how-to-run-an-app-service-behind-a-waf-enabled-application-gateway/
You can use a NSG to lockdown the Internet calls and only allow calls from the AG to the ASE.
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 5 days ago.
Improve this question
I have an API Management instance provisioned, not within a virtual network (due to a cost constraint).
I am wanting to front API Management with Application Gateway to take advantage of the Web Application Firewall. Is this possible? I'm struggling to find any documentation that supports this (or similar) scenario.
I have routed traffic to a backend pool which points to the APIM FQDN to no success (502 errors).
APIM will use IP filtering to prevent non-AGW traffic from accessing the APIs.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 year ago.
Improve this question
I was looking into to how import an API hosted locally/on-premise withing a internal network.
I found Microsofts documentation on: "Using Azure API Management service with an internal virtual network", but the prerequisites for that (as i understood it) was to either have a Developer or Premium tier on the APIM Resource.
As we want to be able to use the APIM in production environment we cant use the Developer tier and Premium is not profitable at this moment.
What i want to do is to be able to expose the on premises API's endpoints by proxying the endpoints via API Management.
Is there any other ways of doing this?
There are a couple of alternatives you could consider to exposing on-premises data, taking into account that the other tiers of APIM can access resources on the internet.
Application Gateway + VPN Gateway
App Service + Hybrid Connection
Logic Apps + On-Premise Data Gateway
With these setup, you could set these up as backends to APIM.
Also, you would want to protect these services from the public internet by setting up one or more of the following
IP Restrictions, if available for the service
Mutual Certificate Authentication
OAuth / Managed Identity
Also, there is a feature request for supporting Hybrid Connections directly in APIM which you could up vote for it to gain traction.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 6 years ago.
Improve this question
I am quite confused with Amazon Web Services, all that I want to do is to create a Node Js server on amazon and running it. Which service I should use ?
Here the list of services
Shoud I use CloudFront ? EC2 ? Elastic Beanstalk or or other ?
Any help would be really appreciated
I would not be so categoric as "use ec2" or "use something else" ...
well clearly on AWS if you want to deploy a node application, you have 2 main choices:
ec2 : https://codeforgeek.com/2015/05/setup-node-development-environment-amazon-ec2/
The Infrastructure as a Service (IaaS) offering from Amazon, you're free to do what you want/need and you manage your own servers.
elasticbeanstalk : http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_nodejs.html
The Platform as a Service (PaaS) offering from Amazon, aws will provide you machines, sdk versions etc you will use to build your app and you manage only your app not the servers
each comes with their pros and cons. You can read this op about some of the differences.
Basically I will sum up like this:
If you're building a 'small' web app or want to concentrate purely on your app and do not use fancy 3rd party tool/libs go with ElasticBeanstalk, you develop your app you deploy your app and it works. aws will manage the servers, you can set up rules to scale automatically, you can connect to other aws services (mainly RDS for database, SNS for mail notification ...)
If you have access to IT resources who know how to setup and manage a server (including security ...) and need to develop an app with many additional services, lib that might not be supported by aws eb or other aws services (such as setting up a mongo db, there's no out of the box offering from rds or other so you will need to install on ec2 server or user another 3rd party services which provides this)
The topic is not to discuss all aws offering but just to complete on your question, cloud front is the CDN system of AWS so if you use a lot of static assets (JS, css, images ...) you should look into it, wether you use S3, eb or ec2 to deploy your app you will be able to use this service. It speeds up the delivery of static assets to your users by caching them on edge location closed to those users.
For Node js EC2 service should be used.
You have to install a software named putty configure it and run your node js script like you run on your localhost.
Here are some links to tutorials:
https://www.youtube.com/watch?v=WxhFq64FQzA
https://aws.amazon.com/developers/getting-started/nodejs/
To deploy files you can simply use FTP instructions given below:
Connect to Amazon EC2 file directory using Filezilla and SFTP
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
Will Azure Websites support virtual network in the future. To enable an Azure Website to connect to VM:s and Cloud Services using a local ip within Azure instead of needing to open up the servers and services to everyone by using the public IP.
Is that something that's actively being developed or is such a feature way into the future. Or both.
i think feature has been there for a while, please checkout below article
https://azure.microsoft.com/en-us/blog/azure-websites-virtual-network-integration/
Quote:
Azure Websites is happy to announce support for integration between
your Azure VNET and your Azure Websites. While you cannot place your
Azure Website in an Azure VNET, the Virtual Network feature grants
your website access to resources running your VNET. This includes
being able to access web services or databases running on your Azure
Virtual Machines. If your VNET is connected to your on premise network
with Site to Site VPN, then your Azure Website will now be able to
access on premise systems through the Azure Websites Virtual Network
feature. This feature is currently in Preview and will continue to be
improved on the road to GA.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I am doing some preliminary research on Windows Azure. The idea is to move 200+ ASP classic websites to Windows Azure. I am wondering if this is possible and feasible? Can I host that many websites on a single VM? Also note that each website needs to have its own set of email addresses.
There's absolutely no reason why you couldn't host all those sites on Azure VM (assuming you're talking about the preview Virtual Machine functionality). You get your own isolated machine, with its own IIS and IP. What you put on it is up to you, but it's no different than getting a VPS from any other company (rackspace etc.).
Obviously this is assuming that your sites are not very resource heavy and the memory etc. you get with different VM sizes can support the use.
Marek's answer isn't wrong, but please don't use "Virtual Machines" for this, and instead use Cloud Services (specifically, a web role). A web role lets you deploy just your code (in this case: websites) without having to mess with managing a full VM.
In short, PaaS is better than IaaS, as long as your app fits the model (which IIS-based websites do in Windows Azure).
I don't know what "each website needs to have its own set of email addresses" means or how it relates.