Whether you are using Microsoft Azure or using Amazon AWS, networking is fundamental aspect on how the cloud resources can communicate with each other. On this article, we want to show you the fundamental of virtual network management in the cloud. Although the sample will use Azure, it can be implemented in AWS. Let us get started!
VNET Peering
When you want to communicate between two different virtual networks can communicate each other. For example, you have two VM with separated virtual network. VNET Peering has some characteristics which are:
VNET peering can be done in same subscription, different region, or cross tenant (by using CLI)
VNET peering can't be overlapping IP Address
VNET is not transparent
VNET is limited to 100 VNET for one subscription
VNET can be transitive when connecting to Gateway or NVA
Network Interface
medianet_width = "600";
medianet_height = "250";
medianet_crid = "858385152";
medianet_versionId = "3111299";
Each cloud computing resource has one or more network interface. For example, a VM has one or more Network interface. Network interface can be defined as a main identity of the computing resources in cloud computing. Network interface characteristics are:
Network interface consists of public and private IP address
Network interface is part of subnet that created in VNET
Route table will help the network interface to communicate efficiently
NSG (Network Security Group)
Network security group will help the cloud computing resource secure their communication. NSG contains rule inbound or outbound of security rules.
Security rules are worked based on priority based. Lower mean higher priority.
There are inbound and outbound rules that can be applied differently. For example, you can block the port 80 for outbound, but allow the port 80 for inbound.
You can deploy a specific firewall to identify the port required and blocked for better NSG
VPN Gateway
VPN Gateway helps you to connect between cloud computing resources with the on-premise resources (private cloud).
VPN gateway is cost-effective version for connecting on-premise to cloud.
There is high performance connection such as Azure Express Route or AWS Direct Connect.
medianet_width = "600";
medianet_height = "250";
medianet_crid = "858385152";
medianet_versionId = "3111299";
The Fun Fact about the data
When we build anything, we use data. Start from structured data, unstructured data, and semi-structured data we store the data to retrieve it as information and knowledge. Despite of the data usage, we know that the data in our life is growing. And when we can't store the data in the local storage the cloud is the answer. The question is how we store and manage the data in the cloud. This article will discuss how we store and analyze the data in the cloud era. You can read the data concept here
The Data Store
You can store the data in two types relational data or non-relational data.
In non-relational data you will have Azure Cosmos DB, File, Blob, and many more. You can learn more here
In relational data you will have the power of SQL Azure, as well as MySQL, Maria DB and any others database. You can learn more here.
If you need high volume transaction without than the Non-relational data is for you. However, for small and tight relation between data you need the relational database such as SQL Server. You can learn more the consideration here.
The Data Analytics
medianet_width = "600";
medianet_height = "250";
medianet_crid = "858385152";
medianet_versionId = "3111299";
After the data is stored, you can analyze the data for more useful manner. This step knowns as analytics. According to Microsoft they have several products which are?
Azure Data Factory who take any data and convert it into format that you need. The ETL process heavily happen in this Azure Data Factory
Azure Data Lake who store raw data to ready to retrieve as fast as it can. Azure Data Lake is the main storage for Azure Data Factory
Azure Databricks is a tool to provide big data processing, streaming, and machine learning. It can use data lake as a data source
Azure Synapse Analytics is an analytics engine. It is designed to process large amounts of data very quickly. Azure Synapse Analytics supports two computational models: SQL pools and Spark pools.
Azure Analysis Services enables you to build tabular models to support online analytical processing (OLAP) queries. You can combine data from multiple sources from the data lake, cosmos DB, and off course SQL Azure
Azure HDInsight is a big data processing tool based on well-known platform Hadoop.
You can learn more about analytics here. After you have analytics you can pull it into dashboard or report by using Power BI.
medianet_width = "600";
medianet_height = "250";
medianet_crid = "858385152";
medianet_versionId = "3111299";
In a cloud computing solution, we can host our web application into three models: virtual machine (IAAS), managed server like Web app or EBS (PAAS), or serverless like ECS or Azure Container. So, which one do you choose?
The VM
If you do not want to spend time to migrate the VM is for you
If you need to communicate with the operating system service, the VM is for you
If you cannot find the managed server solution / like legacy application with specific framework the VM is for you.
The Web App
If you build the solution with the supported technology (current web app)
If you don't want to control the host OS
If you want the great scalability without additional configuration
medianet_width = "600";
medianet_height = "250";
medianet_crid = "858385152";
medianet_versionId = "3111299";
The Container.
If you want to build microservices architecture rather than monolithic
If you need a performance
If you want agnostic with a platform
You can see how easy to deploy this kind of publish setting in Azure with the Visual Studio
medianet_width = "600";
medianet_height = "250";
medianet_crid = "858385152";
medianet_versionId = "3111299";
Cloud as a cost center
When building solution in the cloud. You might be found that the cloud is a cost center. You can compare that the cloud computing cost you more than the traditional hosting. Therefore, you need to take care the 'go' or 'not go' in the cloud situation. You can answer these five questions.
Is my current hosting environment having a bottleneck in term capacity and performance?
Is my current solution needs a burst performance when needed or all the time?
Is my current solution depending on the on-premise infrastructure?
Does my current solution just need to run in seldom occasion?
Is my current solution should fulfill the compliance from the specific institution?
medianet_width = "600";
medianet_height = "250";
medianet_crid = "858385152";
medianet_versionId = "3111299";
If one of your answer is yes! That you might need cloud. If you do not find a yes answer, please stay on your current solution. However, cloud is costly, and you need take it seriously when designing a solution in the cloud. Because when you are doing improper design you will get inefficiency greater than the conventional hosting. This article will discuss five domain that you need to do when designing cloud computing solution.
Five principles when designing the cloud solution
Tips 1. Scalable, Resilient, and Manageable
This is the first thing you need to consider.
Your solution should be scalable by using the power of the cloud. The solution should be elastic so when there is no user you should slow down the computing power
Resilient when your solution is needed most, the solution should fulfill the need
Manageable the solution should be controlled by the organization with self-management model.
You can read these principles in here
Tips 2. Understand and Choosing the correct services
When building the cloud solution, you have a lot options to do the same things. For example, when you host a web application in Amazon Web Services you can host in LightSail, S3, EC2, or Beanstalks. You need to understand the topology of the product. You can visit Azure Architecture Center to understand the topology product
Tips 3. Designing with Cost Optimization
Whether you are doing in AWS or Azure, the cost optimization is a must have design. In order to deliver a cost-efficient solution, you should understand
Cost model
Cost monitoring
Budgeting
You can see a good checklist here
Tips 4. Designing with "Eliminate Waste"
When you are designing high performance solution in the cloud, please keep in mind that the cloud will have a lot of waste in the cost when you do not need it. To eliminate waste, please make sure that the high-performance solution is 'just enough' rather than overkill. Follow these three easy steps.
Choosing the correct compute solution. For example, VM vs Cloud App.
Starting with a free / shared tier to eliminate waste. In VM, you can start from the small instance.
Choosing the right storage. HDD vs SSD, Tables vs Blob, etc.
You can start the eliminate waste by understanding the fundamental of product here
Tips 5. Activating Runbooks or Automation
Azure has a good solution namely Azure Automation. It can help you to
shutdown the VM when you do not need it.
Reducing the cost of Cloud App by reducing the scale out.
Tracking and logging useful information for your justification and decision point
You read the automation here
Any others tip? Please share in the comment below!
medianet_width = "600";
medianet_height = "250";
medianet_crid = "858385152";
medianet_versionId = "3111299";
Building for cloud is different
Whether you are building for the Azure or for the AWS, you can see there are some difference between building the cloud solution and on-premises solution. There are three key differences when comparing cloud and on-premises which are:
Cloud is running in massive scale virtualization. Therefore, some of the key architecture such as cookie, session, and cache should be different between cloud and on-premises.
Cloud is providing platform tools. Cloud computing such as AWS or Azure is giving you some platform tools to more productive
Cloud is costly for some workload. Cloud computing is costly for some workloads. When comparing with the on-premises or conventional hosting, the cloud computing is costly for some workload configuration
medianet_width = "600";
medianet_height = "250";
medianet_crid = "858385152";
medianet_versionId = "3111299";
Based on that difference, we discuss three steps that you must do before building cloud solution.
Step 1. Learning the platform tools
After installing visual studio or visual studio codes you should download the platform tools for Azure or AWS.
For Azure, you can download and install Azure developments workload on Visual Studio Installer. You can download https://azure.microsoft.com/en-us/downloads/
For Aws, you can download The AWS toolkit https://aws.amazon.com/visualstudio/
Step 2. Start with the developer SKU
Both Azure and AWS has the developer SKU. It provides you better price for developer and testing purpose. Beside of that both platforms have 12 months free use for lightweight use.
For Azure, you have Dev Test Pricing. It clears enough to get started https://azure.microsoft.com/en-us/pricing/dev-test/
For AWS, you should register it first. You can get 70% reduced prices https://aws.amazon.com/pricing/?nc2=h_ql_pr_ln
Step 3. Learning the architecture for the Cloud
Next things that you can do is learning the recommended architecture in the cloud. By learning the recommended architecture, we can make sure that the proposed solution can be utilized and used for customer.
For Azure, you can read the cloud patterns by visiting https://docs.microsoft.com/en-us/azure/architecture/patterns/
For AWS, you can learn AWS well architecture format https://docs.aws.amazon.com/wellarchitected/latest/framework/welcome.html
medianet_width = "600";
medianet_height = "250";
medianet_crid = "858385152";
medianet_versionId = "3111299";
If you have a customer who want to develop Microsoft based solution in the AWS platform, this article is for you. In this article we discuss several options that can make your Microsoft Based solution work as expected.
What Microsoft Based Solution that can be developed in AWS
Basically, AWS is a cloud computing platform. Therefore, you can use any available Microsoft platform to the AWS. Although Azure is the primary option for Microsoft solution, you can use Amazon Web Services for many of Microsoft based solution. The real question what the best AWS platform for Microsoft Based Solution?
Running Windows on AWS Platform
//
Windows Server, Windows 10, and Windows Based Hosting can be placed in Amazon EC2. It equals with Microsoft Virtual Machine. AWS claims that the Windows platform on AWS platform is faster, cheaper, and better. You can see their claim here. My suggestion is creating the EC2 instance on AWS and VM instance on Microsoft Azure. And please comment what you found!
Running SQL Server on AWS Platform
SQL Server can be hosted in two ways. First way is deployed on EC 2 instance, the second way is deployed through RDS platform. For better flexibility you can use EC2 since you can manage operating system and its configuration. RDS is great when you have less complexity on the database usage. Typical of web application with single database can utilize the RDS.
For easier deployment and management for simple process you can use RDS
For better flexibility you can use EC2 instance
Running Cloud App on AWS Platform
If you need to deploy your codes, you can use AWS Code Deploy. You can host your codes in Elastic Beanstalk. Elastic beanstalk works just like Azure Cloud App. Code Deploy works just like a portion of Azure DevOps. You can see how to do that in this link. Off course you can create the serverless function based on ,NET platform with AWS Lambda. Fortunately, the Amazon provides you a AWS Toolkit for Visual Studio to make you more productive. You can download the toolkit here
Running on Azure or AWS
I can say, we can deploy it to both platforms. You can host asp.net in AWS or Azure. The question is which perform better? Have an experience about that? You can share the result in the comments.
//
Problem
One of our clients contact us. The CEO cannot access the website while he goes to another country. We checked in on our side. And we found everything alright. We check the NS discovery https://dnschecker.org/#NS/ourdomain.com
We found that some of the server cannot reach the domain. Therefore, we move the DNS to Azure simply because the Azure is cloud computing that have many data center region rather than our premise data center. However, we want to make the activity is quick and simple.
Requirements
Before we go to the solution, we need several software
Azure CLI. It is a command line interface to communicate with the Azure.
DNS Zone file. It a standard format that come from your previous DNS Server.
Azure Subscription. It a cloud subscription that can be used to manage your DNS Server
//
Solution
Create a resource group to handle several domains in one group
Create DNS Zone in Azure services
Run Azure CLI as shown in the video
Change the NS server from your domain panel
Delete the origin server after 1x24 hour.
//
Virtual Labs Decision Model
Although virtual lab is promising to deliver the hands-on experience to the student in massive and simple way. Virtual Labs is not a silver bullet for any situation.
Virtual Lab can be done if
There is no need with special hardware
There is no urgent need for specific physical skills / behavior
The hardware can be replaced by the simulator
The software can be obtained by the student / the organization
The safety and health environment protocol can be prepared and followed by the student
Virtual Labs Execution Model
Whether you are creating a lab for DevOps, professional development for your employer, or managing classroom / school lab for course. Virtual Lab might be an answer for delivering a practice experience to the students / participants. Today I will discuss how to setup the virtual lab by using Cloud Computing technology. There are two main scenarios for virtual labs. The scenario can be blended for specific need.
//
Self-Paced Virtual Lab. This is asynchronous model when student can learn and practice with their own hardware or organization hardware. The idea of this virtual lab is by giving the student guidance and the student can do hands-on-lab based on their prime time.
Remote Learning Virtual Lab. This is synchronous model when student can learn and practice with the assistance of a mentor / facilitator. The idea of this virtual lab is by giving student virtual classroom and assistance during the hands-on-lab.
Virtual Labs Infrastructure Option
There are two options when preparing the infrastructure
Bring your own device (BYOD) option. The student will prepare the hardware, the software, and the connection itself. The organization needs to prepare a guide / hands-on-lab module for the lab. This can be done when the software / hardware can be obtained easily (consumer computing platform)
Virtualization option. The organization will prepare the computing infrastructure and the simulator. The organization manages many aspect of the infrastructure the student only need to prepare the sufficient internet connection.
Virtual Lab Setup
The virtual lab can be setup based on the three previous steps above. To understand more, let's do some virtual lab implementation sample.
Virtual Labs Implementation Sample
Let us Imagine Contoso University will hold a virtual lab session for their object-oriented programming lab works (OOP Lab works).
Virtual Labs Decision Model
Yes, the virtual lab can be implemented because
OOP Lab works does not need special hardware
OOP Lab works only need computer and IDE (Integrated development environment)
OOP Lab works safety and health environment can be followed by student
Virtual Labs Execution Model
The OOP lab work has 6 units module, 5 practice sessions and one capstone project session. 5 units will follow the remote learning virtual labs, and one capstone unit will follow self-paced virtual lab.
Virtual Labs Infrastructure Option
After capturing the student hardware capability, the Contoso University choose the virtualization option. This is to make sure that every student will help similar experience with hardware and software configuration.
Virtual Lab Setup
On this setup, the organization already subscribe two cloud services
Office 365 subscriptions for education. It is a free subscription from Microsoft
Cloud Computing Subscription based on Microsoft Azure. You can start free here
Hardware Configuration
The organization creates the Azure Lab Services by following these steps
Campus admin creates the lab account
Instructor / facilitator creates the OOP lab here
Students will connect to the lab
Software Configuration
Microsoft Teams is created by following these steps
The hands-on lab module is created and deployed in Microsoft Teams
The assessment is created and deployed in Microsoft Teams
Assistant is enrolled to the Teams
Channel is configured and the students are enrolled
The VM is created by following Azure VM with Visual Studio 2019 on it.
The VM contains Microsoft Teams application from Office 365 subscription
Having idea to implement Virtual Lab for any other scenario, please share on the comment below.
//
Thank you for visiting this page, you can download the worksheet file here
Worksheet-Summer Course Cloud Crypt.pdf (141.71 kb)
You can see the slides hete
Summer course 2019 cloud cryptography from Ridi Fe
//
Security is one of the key foundations in the cloud computing. On this session, we will discuss about the related product and services in the cloud. The product and services will help you to setup the security in the cloud computing perimeters.
Security Center
Security center is just like anti-virus system in the cloud. It is a control center to manage security management and threat protection. Some scenario for the use of security center are:
Hybrid scenario
Ensure the VM is on top security list
Protecting data
Protecting the cloud app
Application Gateway
Application gateway is just like firewall in the cloud environment. It ensures web application firewall, sql injection protection, cross-site scripting, end-to-end SSL, Efficient SSL overload.
medianet_width = "600";
medianet_height = "250";
medianet_crid = "858385152";
medianet_versionId = "3111299";
Azure Active Directory
AAD is identity metasystem that integrated with the Azure to provide single sign on, resources access, and integrated modern authentication
DDOS Protection
This helps you to protect distributed DOS in the cloud environment.
Key vaults
medianet_width = "600";
medianet_height = "250";
medianet_crid = "858385152";
medianet_versionId = "3111299";
This helps you to manage the keys of your cryptography keys and distribute it seamlessly
Azure Information Protection
This helps you to manage email, documents and sensitive data that you share outside the company. It protects data based on sensitivity. It supports ease of deployment and data protection.