Azure App Service Certificates provide a convenient way to purchase SSL certificates and assign them to Azure Apps right from within the portal, but one question I see a lot is whether it is possible to use this certificate elsewhere, outside of the app service, particularly if you have purchased a wild-card certificate.
The certificate provided by App Service Certificates isn’t anything special, it’s a pretty standard SSL cert, the service just provides a nice easy way to provision it and assign it to your web service.
Following on from my post on joining Azure batch pools to a vNet, this leads on to a requirement to access resources on the vNet and this means credentials are needed. Rather than hard-coding these credentials in scripts, we want to obtain these from a secure storage location on demand and this is where Azure KeyVault comes in, providing a secure, encrypted storage location for our credentials.
Obviously there is no point putting your admin credentials in KeyVault, then hard-coding credentials to access KeyVault in your script, so the solution is to use a certificate to give your batch VM’s access to KeyVault.
User profile disks for RDP session hosts are VHD files used to store the users profile information so that it can roam with the user between session hosts. By default the UPD’s are mounted on the session hosts at login, and appear as symlinks under the C:\users folder so that applications can access them using standard profile paths, this all works fine without any setup required.
There may be some occasions where you need to change where these are mounted, for example in an Azure hosted RDS environment I needed to have these mounted under the temporary D drive so that access to the C drive could be completely locked down.
A recent update to Azure Batch added the ability to join a batch pool to a virtual network. By doing so it is possible for batch compute nodes to access resources inside a vNet (file servers, SQL servers etc.).
vNet Requirements There are some limitations on the vNet configuration if you wish to do this:
Only Cloud Services Configuration pools can be assigned a VNet. This is no longer the case The VNet must be: - In the same Azure region as the Azure Batch account.
I’ve seen a few forum questions lately from AWS users who want to (or have to) use Azure and whilst there are a lot of similar services in either platform, the new user experience and terminology can be very confusing if your used to AWS. This article is the first in a series of posts that I’m hoping will help users coming from AWS get to grips with Azure.
To be very clear, I’m not looking to argue about which platform is best or why you should use one or ther other, I’m simply providing the information an AWS user needs to quickly get a grasp of Azure and relate it to what they already know.
The AAD DS team has released new features that mean some of the limitations in this article are no longer present. Be sure to read my update on this service to get the latest information.
Azure AD has always been a little bit confusing to new users of Azure, the name implies it’s a cloud version of AD, but it quickly becomes clear to most that it very much is not.
Earlier last week I had a need to delete an Azure AD tenant, and this turned out to be a much more difficult task than I had originally anticipated so I thought I would document the steps I went through in case others encounter the same problems.
1. Disable AD Sync If your syncing your on-prem AD up to Azure AD you need to disable this from inside the Azure Portal so that it disconnects your users from the sync, otherwise you cannot delete your synced users.
At this weeks Ignite conference we’ve seen a number of new VM sizes either be announced or hinted at during the sessions. Here’s a quick update on the new machine types:
H Series Designed for High Performance Computing (HPC), the H series VM’s are available in public preview in the South Central US region today and will be rolled out to other regions soon. The H series contain the fastest processers of all Azure VM SKU’s as well having Infiniband networking.
//Build (henceforth known as just Build) is Microsoft’s annual developer conference held last week in San Francisco. As you might expect there were a large amount of announcements, including a lot of Azure ones. Many of the Azure ones where IoT and Analytics focused but there were quite a few IaaS announcements that I am going to summarise here. I’m sure I have missed some, and I won’t go into great detail here, expect upcoming posts on some of these areas.
Azure Resource Manager (ARM), the new V2 method for deploying Azure resources offers a new template based deployment method. Using JSON based templates it is quick and easy to build a repeatable deployment process. If you are just starting out with this new process then the resources below may help with your transition.
Azure Resource Manager Quick Start Templates https://github.com/Azure/azure-quickstart-templates
Microsoft has produced a huge range of pre-built templates using ARM that you can either deploy straight to Azure from the Github repository, or download and use as the basis for your own templates.
