Azure Key Vault with Azure Service Endpoints and Private Link — Part 1

Azure Service Points (SE) and Azure Private Link (PL) are two pretty fundamental and essential services when we are talking about network security in Azure.

There are similarities and differences between these two services and sometimes, the behavior of these two are different on Azure service itself. So, as an solution architect, besides reading the office documents, the best way is to walk them through.

Therefore, I will do a series of SE and PL walk through on common Azure services such as SQL database, Redis cache, Key Vault, Storage account and MySQL.

The walk through procedure is simple and…


Dynamic VPN Routing Between Azure Virtual WAN and AWS Transit Gateway using BGP

Image:https://www.mobilise.cloud/azure-to-aws-vpn-with-dynamic-routing/
Image:https://jackstromberg.com/2021/03/establishing-an-aws-vpn-tunnel-to-azure-virtual-wan-active-active-bpg-configuration/

In the previous post, I wrote about Static Site-to-Site VPN Between Azure Vnet and AWS VPC. In this post, I will write about dynamic VPN routing between Azure and AWS using BGP protocol.

Assuming all necessary resources such as, Vnet, VM, vWAN, VPC, Transit Gateway etc are already built, this post will only focus on the key configurations.

Steps for whole process

  1. Build Azure vWAN
  2. Provide vHub with VPN Gateway
  3. Configure Azure VPN Gateway’s custom BGP IP
  4. Create AWS Transit Gateway
  5. Create AWS Transit Gateway Attachment
  6. Create AWS Customer Gateway
  7. Apply route to VPC
  8. Create AWS VPN Connection
  9. Create new Azure VPN…

Static Site-to-Site VPN Between Azure Vnet and AWS VPC

Image:https://github.com/ricmmartins/azure-vpn-aws

Okay.. believe it or not, it took me almost two days to figure out how to configure BGP and static VPN between Azure and AWS. That’s kinda frustrating but much relief and delighted when I finally did it!

I am also glad that I found articles on internet helped me solving my problems, thanks to the author of those articles! Now is my turn to write my own post for recording and as well as to help anyone in future who might just need it. Let’s get started!

Brief Introduction

We will build resources listed below for both Azure and AWS.


Azure Virtual WAN with Secured Virtual Hub

Image:https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-about

Recently one of my on going projects requires centralized routing, multi location connectivity, custom DNS settings and with security. The best solution is Azure Virtual WAN integrated with Azure Firewall. In my previous article, I have already talked about Azure Firewall with Custom DNS and DNS Proxy, so in this article, I will be talking securing Azure Virtual WAN with Azure Firewall.

What is Azure Virtual WAN?

Azure Virtual WAN is a networking service that brings many networking, security, and routing functionalities together to provide a single operational interface. …


Continue from the previous post, Azure Front Door Basic Walk Through, I will configure the followings on this post.

  • Restricts only AFD to your backend
  • Force HTTP to HTTPS
  • Configure your custom domain name
  • Setup HTTPS by using AFD managed SSL

In this demo, I have an Azure Frond Door and Linux client only. I have connected the AFD and Linux client already. Without further ado, let’s get started.

Restricts only AFD to your backend

From my NB, I can access the client directly cause I have allowed my source IP on the client’s FW.


Azure Firewall with Custom DNS and DNS Proxy

Image:https://docs.microsoft.com/en-us/azure/firewall/overview

One of my ongoing projects needs to forward DNS queries from resources within Azure to on-premise DNS and Azure Firewall with custom DNS and DNS proxy fulfills my requirement perfectly. Therefore, I am writing this blog for my recording as well as sharing it to you all.

What is Azure Firewall?

Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It’s a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.

You can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks.

Azure Firewall Features

Please refer here


Image:https://docs.microsoft.com/en-us/azure/frontdoor/front-door-overview

I am going to talk about Azure Front Door (AFD) today since I am using it for one of my projects. As far as I understand, in simple words, AFD is a combination of Load balancing, CDN and WAF services.

As usual, let the official does the explanation ; )

What is Azure Front Door?

Azure Front Door is a global, scalable entry-point that uses the Microsoft global edge network to create fast, secure, and widely scalable web applications.

Front Door works at Layer 7 (HTTP/HTTPS layer) using anycast protocol with split TCP and Microsoft’s global network to improve global connectivity. …


Azure Use Automation to Snapshot and Create Disk Periodically

Image:https://docs.microsoft.com/en-us/azure/automation/start-runbooks

What is Azure automation

Azure Automation delivers a cloud-based automation and configuration service that supports consistent management across your Azure and non-Azure environments. It comprises process automation, configuration management, update management, shared capabilities, and heterogeneous features. Automation gives you complete control during deployment, operations, and decommissioning of workloads and resources.


Sync Azure SQL Database to other SQL Database

Image:https://azure.microsoft.com/en-us/blog/announcing-the-general-availability-of-azure-sql-data-sync/

SQL Data Sync is a service built on Azure SQL Database that lets you synchronize the data you select bi-directionally across multiple databases, both on-premises and in the cloud.

What happend to me is that my customer uses their DB as OLTP in the beginning but later on, without acknowledge me, use the DB as OLAP as well. It causes the DB to run at 100% capacity 95% of the time which causing long response time to their ERP and POS system.

The solution is to split the DB by its purpose, SQL Data Sync happens to fit my…


Backup and Restore Kubernetes Etcd on the Same Control Plane Node

Image: https://etcd.io

Couple days ago I wrote an article about How to Change Kubernetes Kube-apiserver IP Address which involves keeping the original etcd data.

In this article I will go through the process of backing up and restroing etcd. Before we start, let’s do some basic understand of etcd first. From official, etcd is

a distributed, reliable key-value store for the most critical data of a distributed system.

Also,

etcd is open source, available on GitHub, and backed by the Cloud Native Computing Foundation.

OK, let’s get started with today’s topic. Please do note,

All commands are executed on control…

Yst@IT

AWS Certified SA, SysOps & Developer Associate, Alibaba Cloud certified SA. Focusing on Azure, Prometheus w/ Grafana, ELK and K8S now.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store