Azure VNET Connectivity Options

We can connect 2 VNET using following options:

  • VNET Peering
  • VPN Gateway

VNET Peering

VNET Peering is the best option as it gives fastest connectivity using the Microsoft backbone infrastructure using Private addresses.

There are 2 types of VNET Peering:

  • VNET Peering for same region connectivity
  • Global VNET Peering for different region connectivity

VPN Gateway

If you have one of the VNET in an On-Premise then you can choose the VPN Gateway option.  It also offers Encryption which could make a decision.

However VPN Gateway will be slower compared with Peering, More Configuration & More Setup Time overheads exists.

Comparison

Description VNET Peering VPN Gateway
Easy Setup Yes No
Encryption No Yes
Cross-Region Support Yes Yes
Pricing Less More
Speed High Low
Bandwidth Limit No Yes
Public IP No Yes
On-Premise Support Complicated Yes

References

https://azure.microsoft.com/en-us/blog/vnet-peering-and-vpn-gateways/

What are the Different Ways to connect from Azure to On-Premise SQL Server?

Here I would like to list down the different ways to connect from Azure to On-Premise SQL Server.

VPN

We can create a site-to-site VPN for connecting from Azure to On-Premise.  Here the VPN device on Azure takes care of transmitting the request to the On-Premise network.

https://docs.microsoft.com/en-us/office365/enterprise/connect-an-on-premises-network-to-a-microsoft-azure-virtual-network

Azure Data Factory

Azure Data Factory requires running an Integration Runtime service in the On-Premise machine to make the connectivity happen.  It also requires Outbound port opening from On-Premise machine if there is any Outbound connection required back to the Azure SQL.

https://azure.microsoft.com/en-us/services/data-factory/

Azure Hybrid Connections

Hybrid Connections are created within the App Service.

https://docs.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections

https://nishantrana.me/2018/02/19/using-azure-hybrid-connections-to-connect-to-sql-on-prem-database-from-azure-webjob/

Azure Service Bus Relays

Relays create endpoints on the On-Premise application which can be accessed by the Outside World.

Link: https://www.c-sharpcorner.com/article/overview-of-azure-service-bus-relay/

Express Route

Express Route is a highly secured option as it creates a new connectivity other than Public Internet.

https://docs.microsoft.com/en-us/azure/expressroute/expressroute-introduction

On-Premises Data Gateway

If you are using Logic Apps, Power BI then you can rely on On-Premise Data Gateway.  This involves installing the On-Premise Data Gateway on Azure & On-Premise too.

https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-gateway-install

https://www.codit.eu/blog/installing-and-configuring-on-premise-data-gateway-for-logic-apps/

Note

Depending on your Network Security guidelines choose the appropriate one.

How to Verify Custom Domain from GoDaddy.com in Azure Portal?

In this post we can see how to verify custom domain purchased from www.godaddy.com in Azure Portal.

Purchase Domain

You can visit www.godaddy.com to complete the domain purchase.

Azure Portal

You can open the Azure Portal > Azure Active Directory > Custom domain names blade as shown below.

image

Choose the Add custom domain option > Enter your name > Copy the following values.

image

Copy the values.

GoDaddy

Now go to the www.godaddy.com website

https://dcc.godaddy.com/domains/

Choose > Manage DNS from the Ellipssis

image

In the upcoming records page click the Add button.

image

In the appearing page choose TXT and enter the values from Azure Portal.

image

Now wait for 1 minute & Come back to Azure Portal & Click Verify

image

You will get it Verified!

Azure Certificate based Authentication from App Service to Access Key Vault

In this post I would like to demonstrate the usage of Certificate based Authentication from a deployed App Service in Azure & thereby accessing Azure Key Vault.

Control Flow

Following picture depicts the entire Control Flow.

image

Follow the steps for Certificate creation: LINK 1

  • Create Certificate
  • Export to .CER format
  • Export to .PFX format

Following are the App Service & App Registration activities LINK 2

  • Create App Service
  • Associate the .PFX Certificate
  • Create App Registration
  • Associate the .CER Certificate

Following are the Key Vault Activities LINK 3

  • Create Key Vault
  • Create Secret
  • Provide necessary permissions to the App Registration

Create the Code LINK 4

  • Create Web API Project
  • Load the certificate
  • Access the Key Vault
  • Deploy the Application

Test the application

image

Note This is a real-world scenario & hence steps & complexities are high.

Certificate vs Password

Certificate based Authentication is more secured than Password because:

  • Certificate is difficult to copy, re-generate & install – hence more security
    • Certificate based Authentication enforces that the Token is only provided to Certificate holder
  • Password can be copied easily & played back – hence less security

Common Errors

  • Forbidden – Add necessary permission for App Registration in the Key Vault
  • Not Found – This should be Key Vault Secret Name is invalid

Contact

For any information OR consulting please contact me through Linked-in.

References

https://docs.microsoft.com/en-us/azure/key-vault/key-vault-group-permissions-for-apps

Computer Vision API–Testing SRK Photo

Computer Vision API provides ready algorithms for processing images – It can classify a picture as object, animal etc.  It can also validate it with Celebrities – all through the machine learning infrastructure of Azure under the hood.

image

Azure Service

For testing this you need to create the Computer Vision service from Azure > Marketplace.

image

Choose the S1 tier as most of the capabilities are residing there.

image

Console Application in C#

Create a Console Application in C# and add the following Nuget package.

image

SRK

As a test I am going to upload above SRK picture & let the Computer Vision API identify him.

Output

The API is successfully identifying SRK! Smile

image

The Code

using Microsoft.Azure.CognitiveServices.Vision.ComputerVision;
using Microsoft.Azure.CognitiveServices.Vision.ComputerVision.Models;
using Microsoft.Rest;
using System;
using System.IO;
using System.Net.Http;

namespace ComputerVisionAPI
{
     class Program
     {
         static void Main(string[] args)
         {
             var features = new VisualFeatureTypes[] { VisualFeatureTypes.Tags, VisualFeatureTypes.Description };

            ComputerVisionClient computerVisionClient = new ComputerVisionClient(
                 new ApiKeyServiceClientCredentials(“YOUR KEY”),
                 new DelegatingHandler[] { }
                 )
             {
                 Endpoint = https://URL.cognitiveservices.azure.com/
             };

            using (var fs = new FileStream(@”C:\temp\ShahrukhKhan.png”, FileMode.Open))
             {
                 ImageAnalysis result = computerVisionClient.AnalyzeImageInStreamAsync(fs, features).Result;

                Console.WriteLine(“TAGS >> “);
                 foreach (string tag in result.Description.Tags)
                     Console.Write($” {tag} “);

                Console.WriteLine(Environment.NewLine + Environment.NewLine + “CAPTION >>”);
                 foreach (ImageCaption caption in result.Description.Captions)
                     Console.WriteLine($”{caption.Text} – Confidence: {caption.Confidence} “);

            }
         }
     }
}

References

https://azure.microsoft.com/en-us/services/cognitive-services/computer-vision/#product-overview

NCRONTAB Expression in Web Jobs

NCRONTAB is the library used in Web Jobs & Azure Functions to prepare Scheduled Execution.  Using the library we can schedule jobs like:

  • Every day
  • Every day at 10 AM
  • Every Monday
  • Every Monday at 10AM
  • Every Year
  • Every Year December 31st at 12 PM

NCRONTAB Format

{second} {minute} {hour} {day} {month} {day-of-week}

Please note that the last parameter is NOT year

Asterisk

Use * to denote repeat

Examples

0 5 * * * * Every 5th minute
0 */5 * * * * Every 5 minutes
0 0 * * * * Every hour
0 0 */2 * * * Every 2 hour
0 0 9-17 * * * Every hour from 9AM to 5PM
0 30 9 * * * At 9:30 AM everyday
0 30 9 * * 1-5 At 9:30 AM every weekday
0 30 9 * Jan Mon At 9:30 AM every January Monday

More

https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-timer?tabs=csharp#ncrontab-expressions