Azure Maps With nearly 200 000 views, my Azure Maps are quite popular. I have therefore updated them to reflect the latest evolution of the platform. To make it easy, I have created a new Map that points to all the others and the ones to come.

Azure Container Instances Magic

#Azure Container Instances Magic #cloud #compute #hpc

Azure Container Instances (ACI) are a very nice example of what organizations will never be able to do on-premises: scale high and pay peanuts. Let me tell you a real-world story where ACI came to the rescue.

Microsoft describes ACI like this: fast and easy containersand that is really what they are. I have recently been involved in analyzing an application suffering from scalability issues,…

View On WordPress

The Azure Architect Map

The Azure Architect Map

Hi,

Azure is so broad that it is sometimes difficult to find your way. Although a list of servicesalready exists, I tried to include extra decision factors helping to choose for a solution or another. For instance, if you were to design a Microservices architecture over containers and hesitate between AKS & Service Fabric Mesh, one differentiating factor is how these platforms handle service…

View On WordPress

From network-in-depth to defense-in-depth in the era of serverless architectures

From network-in-depth to defense-in-depth in the era of serverless architectures

A traditional way of implementing defense in depth is to rely heavily on the network. Traditional security architects are somehow obsessed by the network and consider it as the primary protection layer whatever asset they want to protect for whatever kind of architecture, to the extent that they transformed the defense in depth principle to a network in depth one.

The second pillar is usually…

View On WordPress

Enforcing security controls right from CI/CD pipeline with AzSK – Deep Dive

Enforcing security controls right from CI/CD pipeline with AzSK – Deep Dive

Azure Security Kit  aka AzSK is a framework that is used internally by Microsoft to control & govern their Azure Subscriptions. While some features are overlapping with Azure Security Center, I find a lot of value in the Kit, mostly in the following areas:

The attestation module allowing for a full traceability of security controls deviation and justification of why a given control was not…

View On WordPress

My top 10 guiding principles for a successful Cloud journey

My top 10 guiding principles for a successful Cloud journey

Hi,

Today, most companies have at least some workloads in the Cloud but sometimes at the cost of a long and tortuous journey. Here are some guiding principles that I think are important for a successful or at least, less painful journey. The below sequence is more or less logical but activities relating to different principles could be executed in parallel.

1. Understand well your business drivers.

View On WordPress

Enhancing the security of Azure Automation Webhooks in an Azure DevSecOps context

Enhancing the security of Azure Automation Webhooks in an Azure DevSecOps context

Hi,

Webhooks are a very convenient way to integrate APIs in general and to call Azure Automation runbooks but while they are very useful and easy to work with, they raise some security concerns. To give a concrete example, if you create a webhook against a runbook that leverages Azure Automation Hybrid Workers, causing this runbook to execute against on-premises machines and/or within your…

View On WordPress

Understand the impact of websockets on the Azure Application Gateway

Understand the impact of websockets on the Azure Application Gateway #azure #networking #oms

Hi,

websockets are admittedly not the most commonly used technology although they are very useful in every near “real-time” scenario. The thing is this may have a dramatic impact on the behavior of the Azure Application Gateway, mostly regarding the monitoring aspects.

While the gateway works perfectly with websockets, the associated diagnostics may seem wrong at first, especially when sharing a…

View On WordPress

IT/Dev Connections Highlights of my sessions

IT/Dev Connections Highlights of my sessions #devsecops #azuredevops #vsts

Hi,

#ITDevConnections is approaching. Join my sessions where I plan to make some exiting deep dive demos.

I’m going to have 3 talks on the following topics

Deep Dive into Azure DevOps Custom Extensions (1)

DevSecOps: Infrastructure as Code: Azure DevOps vs Azure Automation (2)

DevSecOps: Identity at the Heart of Automation (3)

These three talks can be attended separately or all together since…

View On WordPress

Azure Tools VSTS extension to bridge Dev & Ops a little more

#Azure Tools {VSTS extension to bridge Dev & Ops a little more

Hi,

I have just released the v1.0 of Azure Tools that is an open source initiative available on Github. The idea is to bring a set of tools to bridge VSTS with tools that are typically used by infrastructure and operational teams.

This first version comes with two tasks allowing to call Azure Automation Runbooks from VSTS in a very secure way since the webhook used to trigger the runbook is a…

View On WordPress

Azure API Management - VSTS - V2.0 release

#Azure #API Management - #VSTS - V2.0 release

Hi,

A while ago, I have published a free VSTS extension to automate deployments towards Azure API Management.

I got a rather good feedback and some change requests as well as the involvement of some external contributors on the GitHub Repo. In a nutshell, the purpose of this extension is to bring Azure API Management into VSTS as part of your release lifecyle. Whether you use API Management to…

View On WordPress

Azure policies & Azure firewall

Azure policies & Azure firewall

Hi,

I recently blogged about the new Azure Firewall that gives you the possibility to control outbound traffic from resources hosted inside of a VNET. At the time of writing, although the firewall is defined at VNET level, it does not apply automatically to all resources defined in that VNET. Indeed, routing is enforced through a route table that you have to associate to some or all subnets.

Howe…

View On WordPress