Image credit
Embedded Files
Using Azure to Deploy and Manage Cloud Infrastructure
By Morgan Lucas
Older posts are here.
I am going along with the course here on Udemy by Thomas Mitchell; It has labs I'm going through and working through.
I will be skipping ahead in this recap, I know how to set up virtual machines (doing it via the GUI in this course was actually a refresher, as I usually use Terraform).
This was going to be two parts, but no.
Glossary:
Virtual Machine (VM): A computer hosted in the cloud.
Other terms will be described in-line.
Deploying Azure Bastion
Deploying Azure Bastion
What is Azure Bastion?
It's a service that allows you to connect securely over SSL over a private IP address.
I Deployed;
A secure, central, and remote access solution using Azure Bastion to establish private connectivity between virtual networks via peering - your private networks can talk to each other securely and you can reach one outside of the network securely via browser.
Load Balancers
Load Balancers
What is Load Balancing?
Load Balancers distribute traffic over multiple VMs so you don’t cause an outage by having only one do the work. Enhances scalability and fault tolerance - add more VMs if you like.
I created...
Health probes that monitor the VMs and make sure they’re up.
Rules that define how user traffic is routed between front and back end resources, such as Virtual Machines and Blob storage.
By configuring 2 Azure Load Balancers, uptime and reliability meets the 5 9's (99.999) of availability, reducing downtime risk during high periods.
Resiliency
Resiliency
What is an Availability Set (AS)?
Availability Sets are logical groupings of VMs in different fault domains to prevent something taking out all of them at once, and thus, your web app.
Basically, redundancy.
I created...
Availability sets attached to VMs in US-West and US-East that were added to load balancers
Network Interface Card (NIC) Network Security Group
Inbound security rule on port 80.
Installed Internet Information Services remotely thanks to Azure Bastion above using Powershell, minimizing attack surface.
What is Internet Information Services? (IIS)
It’s a Microsoft Web Server tool to serve HTML (web) pages. If you’ve never heard of it, nor me until I did this.
Storage with Azure Blob
Storage with Azure Blob
What is Azure Blob Storage?
A tool to hold unstructured data.
An important thing I did here was set the storage to anon access; But why?
Imagine if you sold clothing online. People want to see what they buy. Running an authentication conversation between services each time to load an image would make the process slow and uninviting. People will go elsewhere (Bounce rate).
Blob storage with anon access in the appropriate region means images load quickly to the end user.
Blob Replication copies the unstructured data in one blob to another. This way, the images in the US-West region are also copied to the storage in the US-East region! It support disaster recovery and replication. Think of it as backup.
I Automated content synchronization between storage accounts on opposite coasts - that's less time spent manually checking consistency while supporting disaster recovery and fault tolerance.
Azure Front Door and Content Delivery
Azure Front Door and Content Delivery
What is Azure Front Door (FD)?
Front Door distributes the content, not the VM, to improve latency, durability, and lower storage costs
I made a profile for FD; That consists of configuring a
Endpoint
Origin type host name
Catching and compression
Query String
Then I attached it to a Fully Qualified Domain Name;
Azure DNS zone
Name server records
Custom domain name to Content Delivery
CNAME record (which propagates to naming agencies)
Verify DNS
Fun fact: You can buy top- level domains through Azure. This one connected to a GoDaddy domain.
Strengthened fault tolerance resilience by dynamically redirecting image traffic in case of a regional outage.
Using Azure Traffic Manager to Manage the Flow of Traffic
Using Azure Traffic Manager to Manage the Flow of Traffic
Azure Traffic Manager points visitors in the direction of VM's that aren't overloaded, making visiting an app a quicker process.
In summary, I
Created a profile
Configured performance based routing
Regional endpoints
Custom DNS integration to allow access through company's branded URL
Set up health checks
Page updated
Google Sites
Report abuse