I have a couple of web applications deployed in Azure and I would like to move them to another subscription. The problem is that these apps are connected to the VPN gateway which cannot be moved. I suppose that if I will ask support stuff to move my applications, applications will be disconnected from the old VPN. Am I right and is there any better way to switch to the new subscription with minimal service interruption?
You have a good question. Actually, VPN gateways can be moved between subscriptions. However, the migration between subscriptions is all or nothing. If you want to migrate subscriptions, everything within that subscription will be migrated to the other.
Our support engineers will migrate everything, including VPN gateways, with minimal interruption. Please open a support ticket and our support engineers will be happy to take care of this migration for you.
Thanks,
Bridget [MSFT]
Related
I didnt have any idea what Azure IOT is. My manager told me that IOT is a new thing and we can replace IIS with Azure IOT but I couldnt find any such information. According to many articles I read and as per my understanding, IOT is used for duplex communication between the devices and services in a cloud environment.
Can anyone explain about Azure IOT nicely? Does it replace IIS? We want to move our product from normal servers to Azure Cloud servers. Do we still need IIS or IOT is there to replace it?
As always, it depends. If your current website is a gateway to communicate with IoT devices (IoT stands for Internet of Things, think temperate sensors, light sensors or more advanced devices) then it could. Otherwise I really doubt it.
Azure IoT is a managed service that allows device provisioning, device to cloud and cloud to device communication. It does not allow for hosting user interfaces like IIS does.
The most probable thing to do is to move to Azure Web Apps, which is basically IIS as a service. (There is a lot more to it obviously!)
And you definitely need to talk to your manager. Hearing the latest buzz words without knowing enough to be able to place them in your context can do a lot of harm.
I will start a new project on my company. This project consists in a TCP/IP socket integration between my company and a partner. The socket comunication is a restriction from the partner and this became a critical way for the project. We use azure as our main cloud services provider. That comunnication link will trafic approximately 5000 requests/min. I investigate a lot about how to do this in Azure and I discovered two ways:
Worker role on an Cloud Service
Use a Logic App
I'm not really full confortable with neither of the solutions yet. So, I just want an opinion about that solutions. If someone can give me some tips I will be really grateful. If there is another kind of solution, it will be welcome too.
Thanks a lot.
This is more one for curiosity and learning.
I currently have an Azure VM (Windows 2016 and SQL 2017) which I just use for R&D. The RDP port is enabled - no big deal as there is nothing top secret.
But just to learn more about Azure I wanted to create a VPN so I can connect via that. Googling, has left me a tad confused as how to go about this gateways, gateway subnet etc etc. I'm not sure if the articles I am reading are the right ones as whatever I try doesn't appear to work.
Does anyone know of any links that might help me start from scratch with VPN settings to connect?
You can try to set up a VPN type of P2S, you can make a Self-signed root certificate for free. And the steps are also simple. And you can follow the document Configure a Point-to-Site connection to a VNet using native Azure certificate authentication: Azure portal. I'm glad if this can help you.
I found these series of Microsoft training guides to be super helpful. (you can find them via the azure portal on the overview page of a virtual network resource)
https://learn.microsoft.com/en-us/learn/modules/introduction-to-azure-virtual-networks/
https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke?tabs=portal
https://learn.microsoft.com/en-us/learn/modules/design-implement-network-monitoring/
https://learn.microsoft.com/en-us/learn/modules/design-implement-network-security-monitoring/
https://learn.microsoft.com/en-us/learn/modules/integrate-vnets-with-vnet-peering/
https://learn.microsoft.com/en-us/learn/modules/design-a-hybrid-network-architecture/
We need to develop integration between ERP (Dynamics Nav) and cloud-based telephony provider.
The provider needs to have an endpoint published and accessible from internet but for security reasons it is not possible for us to allow inbound connections to our network. I think it should be possible to solve this by hosting small application in Azure which will serve as endpoint for telephony provider and to which ERP will connect as outbound persistent connection. The app will just forward requests to ERP.
Since I'm new to Azure the question is what of azure capabilities I could use to solve the task aside from hosting actual VM with application there?
I've just implemented the same using Azure Service Bus.
The VOIP system is putting a small JSON with call details after the end of the call and I'll get the messages from the Service Bus Queue from NAV.
The code is not complicated at all the whole solution is simple and cheap!
Let me know if you want to know more (= you need the code).
Cheers!
Azure AD has the concept of an "application proxy" that will open internal applications up using a connector that runs on prem. This doesn't require inbound ports and is protected by Azure AD authentication.
It's intended more as a user-facing way to get access to Legacy applications, although I don't see why it couldn't be used for integration as well.
https://learn.microsoft.com/en-us/azure/active-directory/application-proxy-publish-azure-portal
Otherwise, you could link an Azure Site to Site VPN up and use a service like API gateway to manage connections though this is more complicated.
We integrate with a third-party service where we can run queries which is right now secured using HTTPS encryption and username/password. We send our queries from a service running on the Windows Azure cloud.
The third-party provider wants to migrate towards better security and they have asked us to either
Setup a VPN - which is problematic because for we'd need to use Azure Connect and they'd have to install the client endpoint service on their part.
Provide some IP address where the queries will come from so they can filter out anyone else at the firewall level - which is problematic because AFAIK you cannot fix the IP addresses of the Windows Azure Compute nodes.
Suggest another secure alternative - the only thing I could think of is to set up the VPN with them on a non-Azure server and then tunnel the requests through using Azure Connect - which is obviously extra work for us and also defeats the point of hosting the service on a cloud if it depends on a non-cloud service.
Any ideas?
Can they install the Azure Connect endpoint on another server on their DMZ network? i.e. not the actual server which hosts their service?
Can we somehow provide them with static IPs for incoming queries?
Any other solution that is scalable?
Thanks
If I understand the scenario correctly, your Azure service is a client to a 3rd party service. This scenario may be solved through the use of the Windows Azure AppFabric Service Bus. You would need to install a proxy app in the 3rd party's datacenter that would be responsible for establishing the connection to the service bus. The connection comes from inside the 3rd party's datacenter, so no new incoming holes in the firewall. The connection can handle WCF connections with all its security strengths, and users can be authenticated with ACS.
Here is a starting point: http://msdn.microsoft.com/en-us/library/ee732537.aspx
There is a hands on lab in the Windows Azure Platform Training Kit that explains most of the details that you'll need.
IMHO, HTTPS is already very good; and I don't exactly see how a VPN would make the system any more secure. In particular, VPN is no silver bullet, if your VM is compromised then the VPN connection is compromised too (same for HTTPS). On the other hand, the IP restriction would indeed reduce the attack surface.
Then, using a server outside the cloud is a poor idea indeed. Not only it defeats most of the benefits of the cloud (been there, done that and suffered a lot), but also it also makes the whole thing less secure with more complexity and more attack surface.
Windows Azure does not provide anything that look like a static IP at this point. In our experience, IP addresses for a given service change once in a while even if the service is only upgraded (and never deleted). Static IP addresses have been an important feature request for a long time, Microsoft will probably provide it at some point, but it might still take many months.