Skip to main content

Posts

Showing posts with the label Azure

Collection of Traffic Logs in case of Azure Application Gateway

Centralized collection and storage of traffic logs is one of the most important pieces of any enterprise security environment and it is crucial to have the information about the source (resource requester). In most cases this is as simple as installing an agent on the server and / or forwarding the log files to the log collector / SIEM etc. However, in some cases, it is not so straight forward. Azure Application Gateway Consider an Internet facing application that you have hosted in you Azure infrastructure. Just a quick refresher, an Azure Application Gateway: is an OSI Layer-7 load-balancer is capable of performing an SSL termination is a reverse proxy (like any standard load balancer) is capable of performing health checks of the backend servers (which host the actual application content) and thereby ensure that if one of the backend servers goes down, it automatically stops sending the traffic to this bad server and thereby save you from an outage The following setup shows users en

Microsoft Azure - Naming Restrictions

One of the greatest issues that I have faced so far with Azure, is lack of an option to rename a resource, once it has been created. The only way to fix a typo or update the naming convention of the Azure resources seems to be deleting that resource and creating a new one.. The resources I couldn't rename so far are: VNET Subnet Resource Group Network Security Group Load Balancer etc. Note: Please correct me if I am wrong.. I would really love to be wrong on this one..!!

Microsoft Azure - Create Load balancer

Refer this article before starting the configuration Login to your Azure subscription using  portal.azure.com Click the Portal menu (hamburger icon on the top left of the screen) and locate Virtual Network 3. Click on Create load balancer button and configure the parameters as below: Select the correct subscription (if like me, you have more than one) Select the Resource group (Create new, if you don't already have one created) Name of the LB Region (Azure region where the LB would be created, physically) Type : Public OR Internal. (Azure states: You can use internal load balancers to balance traffic from private IP addresses. Public load balancers can balance traffic originating from public IP addresses.) I am going to use this LB, to access the backend resources via public Internet and hence I am selecting "Public". If I select "Internal", you just have to select the Virtual Network, in which the LB would exist. SKU : Basic or Standard (There are key differe

Microsoft Azure - Create a Virtual Network

Refer this article before starting the configuration Login to your Azure subscription using portal.azure.com Click the Portal menu (hamburger icon on the top left of the screen) and locate Virtual Network 3. Click on Create Virtual Network button and configure the parameters as below: VNET Name Address space ( The virtual network's address range in CIDR notation. ) Select the correct subscription (if you have more than one) Resource group (I didn't configure mine earlier, so I "Created New" Location (If you create resource group while creating VNET, both would belong to this location, which should be the case) Subnet Name Address range (Ensure that it belongs to the address space, defined earlier) Keep the other fields to their default values (for now) 4. Click Create, once you have entered all the values and refresh the "Virtual Networks" page. And.. that's it!