by Florin Loghiade | Jan 22, 2017
A friend of mine was having issues connecting to a couple of VMs that he provisioned using an ARM template. The template worked perfectly until he added the JSON block to add an NSG.
Every time he started a deployment with the NSG block in the ARM template, he wouldn’t be able to connect to the VMs in any way. The fun fact was that even deleting the NSG didn’t solve the issue, so he had to recreate the whole environment from scratch and trust me that took a while 🙂
So what was the problem, you may ask?
He was using a source TAG Internet which for some reason (I still haven’t figured this one out), killed the connectivity on the VMs on both sides (Private and Public IPs) and funnily enough, the logs didn’t show anything.
If you encounter a problem like this one, double check your NSG blocks to not have sourceAddressPrefix: Internet but sourceAddressPrefix: *
Problematic example:
| { "name": "default-allow-rdp-connections", "properties": { "description": "Allow RDP Connections", "protocol": "Tcp", "sourcePortRange": "*", "destinationPortRange": "3389", "sourceAddressPrefix": "Internet", "destinationAddressPrefix": "*", "access": "Allow", "priority": 1000, "direction": "Inbound" } } |
Working example:
| { "name": "default-allow-rdp-connections", "properties": { "description": "Allow RDP Connections", "protocol": "Tcp", "sourcePortRange": "*", "destinationPortRange": "3389", "sourceAddressPrefix": "*", "destinationAddressPrefix": "*", "access": "Allow", "priority": 1000, "direction": "Inbound" } } |
So far I haven’t been able to reproduce it, and I’m still looking into what’s causing the issue for that particular ARM template but if you encounter something similar, give it a try and let me know your findings 🙂
Have a good one!
by Florin Loghiade | Nov 20, 2016
Virtual network peering is a new mechanism in Azure Resource Manager that allows two virtual networks from the same region to be connected through the Azure backbone network. From a connectivity standpoint, this mechanism allows virtual machines in separate virtual networks to communicate with each other using private IP addresses. In this post, I will talk about what Virtual Network Peering is and how we can use it.
(more…)
by Florin Loghiade | Nov 5, 2016
In a previous post I was talking and demonstrating how to create Custom Role Based Access Controls which could be tailored comply with a company’s requirements. Another company requirement is compliance regarding data governance. Say you have one or multiple Azure Subscriptions and one of the company policies is that nobody should be able to create Azure resources outside a specific region. Some / all of the company’s contracts have a mandatory clause that all the data they produce and keep in the cloud should only reside in a specific geographical region. Microsoft has gone to great lengths to ensure that their cloud services (Azure or Office 365) comply with national, regional, and industry-specific requirements governing the collection and use of individual’s data.
(more…)
by Florin Loghiade | Sep 25, 2016
A friend of mine recently started working with Azure and loved it once he got the hang of it. I encouraged him to start using PowerShell to automate various Azure operations but it didn’t quite stick with him on the first try. He started automating Azure operations using the Azure CLI and while it’s not a bad tool, it’s quite lacking in features compared to PowerShell and I’m pretty sure that it will not be maintained much longer since Microsoft open sourced PowerShell and gave the Linux / Mac community a taste. The funny part of this story is that he’s a Windows user, uses Windows 10 and yet he’s still using Azure CLI.
Where am I going with this? While giving him some tips on how to deploy some production / staging environments in Azure, I saw how he was automating resource creation in Azure using the CLI. He basically created a golden image in a storage account and with 35 lines of Azure CLI code, he was provisioning the environments. That made me cringe and motivated me to teach him how to do it using ARM templates and custom scripts.
(more…)
by Florin Loghiade | Sep 16, 2016
These days I was doing some Azure work for a customer and I was asked if it was possible to create multiple custom RBAC roles for their Azure subscription because the existing ones don’t suit their needs. So I rubbed my hands together and said to client that’s a definite yes and to let me know the requirements so I can start working on the new roles 🙂
(more…)
