- Details
- Written by C M Raja
- Category: Technology
- Hits: 1097
1) Why do you want to upgrade your .NET application? Which .NET framework family should be the target one?
Microsoft keep upgrade their .NET framework families and also keep obsolete their older version of framework families and support for that. So you need to keep upgrade to their LTS (Long Term Support) version
2) Is there any harm in continuing to use an obsolete version of the .NET framework? ?
Its not really harm to live with obsolete framework of .NET application but it leads to technical debt and more maintenance cost
3) What is technical debt?
Continuing to use outdated technology increases technical debt, making future migrations and updates more complex and expensive
4) What benefit do I get by upgrade to .NET framework LTS version?
Simply to ensure your application remain secure (receive security updates), maintainable (get MS support if encounter any issues) and performant (recent improvements and optimizations).
Note: These will not be provided for obsolete versions announced by Microsoft
5) Has Microsoft provided any tool to upgrade my older framework to new framework ?
Yes, they provides tool called ".NET Upgrade Assistant" using this you can upgrade your old .NET framework to desired target .NET framework
.NET Upgrade Assistant Url: https://dotnet.microsoft.com/en-us/platform/upgrade-assistant
6) Can I claim my application is cloud native once I migrate to latest framework and deployed into cloud (ex: Azure)?
Simply upgrading and deploying to the cloud doesn't necessarily make an application "cloud-native". A cloud-native application typically follows specific principles and practices to fully leverage the cloud environment
7) Can you provide guide lines that should be adopted to turn an app as cloud-native?
Sure, listing below important key aspects to consider to turn your app as cloud-native
7.1) Microservices Architecture:
Decoupled Services: Break down the application into loosely coupled services that can be developed, deployed, and scaled independently.
API Communication: Use APIs or messaging protocols for inter-service communication.
7.2) Containerization:
Docker: Use Docker to containerize your application, making it portable and consistent across different environments.
Orchestration: Use Kubernetes or Azure Kubernetes Service (AKS) for managing and orchestrating containers.
7.3) Serverless and Managed Services:
Functions as a Service (FaaS): Leverage Azure Functions for event-driven and serverless compute.
Managed Services: Use Azure managed services for databases (Azure SQL, Cosmos DB), caching (Azure Cache for Redis), and messaging (Azure Service Bus).
7.4) DevOps and CI/CD:
Continuous Integration/Continuous Deployment: Implement CI/CD pipelines using Azure DevOps or GitHub Actions to automate building, testing, and deploying applications.
Infrastructure as Code: Use tools like Azure Resource Manager (ARM) templates, Terraform, or Bicep for defining and provisioning infrastructure.
7.5) Scalability and Resilience:
Auto-Scaling: Configure auto-scaling to handle varying loads.
Fault Tolerance: Design the application to gracefully handle failures and recover quickly.
Health Monitoring: Implement health checks and monitoring using Azure Monitor, Application Insights, and Log Analytics.
7.6) Security:
Identity and Access Management: Use Azure Active Directory for authentication and authorization.
Data Protection: Implement encryption at rest and in transit, and use Azure Key Vault for managing secrets.
Network Security: Secure your network using Azure Virtual Network (VNet), Network Security Groups (NSGs), and Azure Firewall.
7.7) Observability:
Logging and Tracing: Implement structured logging and distributed tracing to diagnose issues and understand application behavior.
Metrics: Collect and analyze performance metrics to optimize and maintain the application.
I'll be sharing real-time updates on an example, detailing the challenges encountered and the solutions implemented during the upgrade process
- Details
- Written by C M Raja
- Category: Technology
- Hits: 1126
1) Why Terraform?
Read article Infrastructure As Code (IaC)
2) What is terraform state?
Terraform state refers to a persistent data store that Terraform uses to keep track of the infrastructure resources it create and manages
3) Where and how this terraform state exists ?
Terraform state (resource information) is stored in a physical file in JSON format and it usually referred as state file (terraform.tfstate) and its by default stored in the same directory where you run
Terraform
4) Is it always mandatory to store it along with Terraform directory?
No, it can be stored remotely. Example, it can be stored in cloud storage like Azure blob storage, AWS S3 or HashiCorp workspace
5) What is the major benefit of storing the state file remotely?
For better collaboration, security and reliability. Example, when multiple team members are working on the same Terraform script there are more changes of concurrent modifications and in this scenario storing state file remotely will resolve this problem by locking and releasing while update by a team member
6) How to install Terraform in my local to start work on it?
You can download it from official HashiCorp portal by following simple steps Install Terraform
7) Can you give some important Terraform ?
terraform init : Initializes the working directory containing Terraform configuration files.
terraform plan : Compares the current state with the desired state defined in the configuration files and generates an execution plan.
terraform apply : Applies the changes required to reach the desired state.
terraform refresh : Updates the state file with the real-world state of resources.
terraform state : Commands for advanced state management, such as listing resources (terraform state list), showing details (terraform state show), moving resources (terraform state mv),
and removing resources (terraform state rm)
terraform destroy : Delete mentioned managed resources through Terraform script
8) Please detail Terraform script file structure by creating a simple Virtual Machine (VM) in Azure ?
Sure, I will try to provide it in a pictorial way for ease understanding
9) Can you provide me the content of each file given in your above example ?
backend.tf
terraform { backend "azurerm" { resource_group_name = "terraformTestVM" storage_account_name = "myterraformstorage" container_name = "tfstate" key = "terraform.tfstate" }}variables.tf
variable "location" { description = "The Azure region to deploy resources" default = "eastus"}variable "resource_group_name" { description = "The name of the resource group" default = "TerraForm-RG"}variable "vm_name" { description = "The name of the virtual machine" default = "terraformTestVM"}variable "vm_size" { description = "The size of the virtual machine" default = "Standard_B1s"}variable "admin_username" { description = "The admin username for the VM" default = "adminuser"}provider "azurerm" { features {}}resource "azurerm_resource_group" "rg" { name = var.resource_group_name location = var.location # Specify that the resource group already exists lifecycle { ignore_changes = [tags] # This prevents Terraform from attempting to modify tags } }resource "azurerm_virtual_network" "vnet" { name = "rajaVnet" address_space = ["10.0.0.0/16"] location = azurerm_resource_group.rg.location resource_group_name = azurerm_resource_group.rg.name}resource "azurerm_subnet" "subnet" { name = "mySubnet" resource_group_name = azurerm_resource_group.rg.name virtual_network_name = azurerm_virtual_network.vnet.name address_prefixes = ["10.0.1.0/24"]}resource "azurerm_network_interface" "nic" { name = "myNIC" location = azurerm_resource_group.rg.location resource_group_name = azurerm_resource_group.rg.name ip_configuration { name = "internal" subnet_id = azurerm_subnet.subnet.id private_ip_address_allocation = "Dynamic" }}resource "azurerm_network_security_group" "nsg" { name = "myNSG" location = azurerm_resource_group.rg.location resource_group_name = azurerm_resource_group.rg.name security_rule { name = "Allow_SSH" priority = 1001 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" destination_address_prefix = "*" }}resource "azurerm_network_interface_security_group_association" "nsg_association" { network_interface_id = azurerm_network_interface.nic.id network_security_group_id = azurerm_network_security_group.nsg.id}resource "azurerm_public_ip" "public_ip" { name = "myPublicIP" location = azurerm_resource_group.rg.location resource_group_name = azurerm_resource_group.rg.name allocation_method = "Dynamic"}resource "azurerm_virtual_machine" "vm" { name = var.vm_name location = azurerm_resource_group.rg.location resource_group_name = azurerm_resource_group.rg.name network_interface_ids = [azurerm_network_interface.nic.id] vm_size = var.vm_size os_profile { computer_name = var.vm_name admin_username = var.admin_username admin_password = "P@ssw0rd1234!" # Note: For production, use a more secure method for password management. } os_profile_linux_config { disable_password_authentication = false } storage_os_disk { name = "${var.vm_name}_osdisk" caching = "ReadWrite" create_option = "FromImage" managed_disk_type = "Standard_LRS" } storage_image_reference { publisher = "Canonical" offer = "UbuntuServer" sku = "18.04-LTS" version = "latest" } depends_on = [azurerm_network_interface_security_group_association.nsg_association] tags = { environment = "Terraform" }}output "public_ip_address" { value = azurerm_public_ip.public_ip.ip_address}location = "eastus"resource_group_name = "terraformTestVM"vm_name= "rajatestVM"vm_size = "Standard_B1s"admin_username = "adminuser"Step 2: In command prompt go to terraform script folder and run following commands
terraform apply -var-file="variables.tfvars"Acquiring state lock. This may take a few moments...azurerm_resource_group.rg: Refreshing state... [id=/subscriptions/91ec4999-9cd6-4d56-86d4-dxxx209d7be6/resourceGroups/terraformTestVM]Terraform used the selected providers to generate the following execution plan. Resource actions are indicated withthe following symbols:+ createTerraform will perform the following actions:# azurerm_network_interface.nic will be created+ resource "azurerm_network_interface" "nic" {+ applied_dns_servers = (known after apply)+ dns_servers = (known after apply)+ enable_accelerated_networking = false# azurerm_network_interface_security_group_association.nsg_association will be created+ resource "azurerm_network_interface_security_group_association" "nsg_association" {+ id = (known after apply)+ network_interface_id = (known after apply)+ network_security_group_id = (known after apply)}# azurerm_network_security_group.nsg will be created+ resource "azurerm_network_security_group" "nsg" {+ id = (known after apply)+ location = "eastus"+ name = "myNSG"+ resou# azurerm_public_ip.public_ip will be created+ resource "azurerm_public_ip" "public_ip" {+ allocation_method = "Dynamic"+ ddos_protection_mode = "VirtualNetworkInherited"+ fqdn = (known after apply)+ id = (known after apply)+ idle_timeou# azurerm_virtual_machine.vm will be created+ resource "azurerm_virtual_machine" "vm" {+ availability_set_id = (known after apply)+ delete_data_disks_on_termination = false+ delete_os_disk_on_termination = false+Plan: 7 to add, 0 to change, 0 to destroy.Changes to Outputs:+ public_ip_address = (known after apply)Do you want to perform these actions?Terraform will perform the actions described above.Only 'yes' will be accepted to approve.Enter a value: yes (I confirmed by typing 'yes' here after deliberately reviewed above listing from TF)azurerm_virtual_network.vnet: Creating...azurerm_public_ip.public_ip: Creating...azurerm_network_security_group.nsg: Creating.............................zurerm_virtual_machine.vm: Creation complete after 19s [id=/subscriptions//91ec4999-9cd6-4d56-86d4-dxxx209d7be6/resourceGroups/terraformTestVM/providers/Microsoft.Compute/virtualMachines/rajatestVM]Releasing state lock. This may take a few moments...Apply complete! Resources: 7 added, 0 changed, 0 destroyed.Outputs:public_ip_address = ""
terraform destroy -var="resource_group_name=terraformTestVM"Acquiring state lock. This may take a few moments...
azurerm_resource_group.rg: Refreshing state... [id=/subscriptions/91ec4999-9cd6-4d56-86d4-dxxx209d7be6/resourceGroups/terraformTestVM]
azurerm_virtual_network.vnet: Refreshing state... [id=/subscriptions/91ec4999-9cd6-4d56-86d4-dxxx209d7be6/resourceGroups/terraformTestVM/providers/Microsoft.Network/virtualNetworks/rajaVnet]
azurerm_public_ip.public_ip: Refreshing state... [id=/subscriptions/91ec4999-9cd6-4d56-86d4-dxxx209d7be6/resourceGroups/terraformTestVM/providers/Microsoft.Network/publicIPAddresses/myPublicIP]
azurerm_network_security_group.nsg: Refreshing state... [id=/subscriptions/91ec4999-9cd6-4d56-86d4-dxxx209d7be6/resourceGroups/terraformTestVM/providers/Microsoft.Network/networkSecurityGroups/myNSG]
azurerm_subnet.subnet: Refreshing state... [id=/subscriptions/91ec4999-9cd6-4d56-86d4-dxxx209d7be6/resourceGroups/terraformTestVM/providers/Microsoft.Network/virtualNetworks/rajaVnet/subnets/mySubnet]
azurerm_network_interface.nic: Refreshing state... [id=/subscriptions/91ec4999-9cd6-4d56-86d4-dxxx209d7be6/resourceGroups/terraformTestVM/providers/Microsoft.Network/networkInterfaces/myNIC]
azurerm_network_interface_security_group_association.nsg_association: Refreshing state... [id=/subscriptions/91ec4999-9cd6-4d56-86d4-dxxx209d7be6/resourceGroups/terraformTestVM/providers/Microsoft.Network/networkInterfaces/myNIC|/subscriptions/91ec4999-9cd6-4d56-86d4-dxxx209d7be6/resourceGroups/terraformTestVM/providers/Microsoft.Network/networkSecurityGroups/myNSG]
azurerm_virtual_machine.vm: Refreshing state... [id=/subscriptions/91ec4999-9cd6-4d56-86d4-dxxx209d7be6/resourceGroups/terraformTestVM/providers/Microsoft.Compute/virtualMachines/rajatestVM]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with
the following symbols:
- destroy
Terraform will perform the following actions:
# azurerm_network_interface.nic will be destroyed
- resource "azurerm_network_interface" "nic" {
- applied_dns_servers = [] -> null
- dns_servers = [] -> null
- enable_accelerated_networking = false -> null
- enable_ip_forwarding = false -> null
- id = "/subscriptions/91ec4999-9cd6-4d56-86d4-dxxx209d7be6/resourceGroups/terraformTestVM/providers/Microsoft.Network/networkInterfaces/myNIC" -> null
- internal_domain_name_suffix = "unmumh1g1gyedfjdy5e10qsb2h.bx.internal.cloudapp.net" -> null
- location = "eastus" -> null
- mac_address = "00-0D-3A-1C-A9-E0" -> null
- name = "myNIC" -> null
- private_ip_address = "10.0.1.4" -> null
- private_ip_addresses = [
- "10.0.1.4",
] -> null
- resource_group_name = "terraformTestVM" -> null
- tags = {} -> null
- virtual_machine_id = "/subscriptions/91ec4999-9cd6-4d56-86d4-dxxx209d7be6/resourceGroups/terraformTestVM/providers/Microsoft.Compute/virtualMachines/rajatestVM" -> null
# (4 unchanged attributes hidden)
Error: deleting Resource Group "terraformTestVM": the Resource Group still contains Resources.
│
│ Terraform is configured to check for Resources within the Resource Group when deleting the Resource Group - and
│ raise an error if nested Resources still exist to avoid unintentionally deleting these Resources.
│
│ Terraform has detected that the following Resources still exist within the Resource Group:
│
│ * `/subscriptions/91ec4999-9cd6-4d56-86d4-dxxx209d7be6/resourceGroups/terraformTestVM/providers/Microsoft.Compute/disks/rajatestVM_osdisk`
│ * `/subscriptions/91ec4999-9cd6-4d56-86d4-dxxx209d7be6/resourceGroups/terraformTestVM/providers/Microsoft.Storage/storageAccounts/myterraformstorage`
│
│ This feature is intended to avoid the unintentional destruction of nested Resources provisioned through some
│ other means (for example, an ARM Template Deployment) - as such you must either remove these Resources, or
│ disable this behaviour using the feature flag `prevent_deletion_if_contains_resources` within the `features`
│ block when configuring the Provider, for example:
│
│ provider "azurerm" {
│ features {
│ resource_group {
│ prevent_deletion_if_contains_resources = false
│ }
│ }
│ }
│
│ When that feature flag is set, Terraform will skip checking for any Resources within the Resource Group and
│ delete this using the Azure API directly (which will clear up any nested resources).
│
│ More information on the `features` block can be found in the documentation:
│ https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/features-block
│
│
│
╵
Releasing state lock. This may take a few moments...
- Details
- Written by C M Raja
- Category: Technology
- Hits: 89167
How many deployment options do we have in Azure?
There are three options
1) SQL Virtual Machines - best for migrations and applications requiring OS-level access
2) Managed instances - best for most lift-and-shift migrations to the cloud
3) Databases - best for modern cloud applications. Hyperscale and server-less options are available
What is elastic database pool?
Allow us to share resources among multiple instances and databases and optimize your costs
Does elastic database pool support in all 3 deployment option?
No, its available for managed instance and database deployment options
What is SQL managed instance pools?
Its an elastic database pool in managed instance deployment option. It allow us to host many databases within a single set of provisioned SQL Database resources. This option is ideal for a software as a service (SaaS) application or provider because you can manage and monitor performance in a simplified way for many databases.
What is SQL database elastic pools?
Again its an elastic database pool used in SQL Database deployment option. It allow us to host multiple managed instances and share resources. Doing so can reduce overall deployment time to make migrations easier. You can also host smaller managed instances in an instance pool than you can in a single managed instance. This offer is currently in public preview.
What are all the SQL purchasing models available in Azure?
The Azure SQL purchasing model provides two options:
1) Based on virtual cores (vCore-based)
2) Based on database transaction units (DTU- based) (NOT available for Azure SQL Managed instance)
vCore-based model is recommended one as it allows us to independently select compute and storage resources.
How database transaction units (DTU) measured?
The DTU-based model is a bundled measure of compute, storage, and I/O resources.
In the vCore model, you pay for:
1) Compute resources. (The service tier + the number of vCores and the amount of memory + the generation of hardware.)
2) The type and amount of data and log storage.
3) Backup storage location. (Read-access geo-redundant storage (RA-GRS), Zone-redundant storage (ZRS), or locally-redundant storage (LRS)).
What is service tier?
DTU-based purchase model are differentiated by a range of compute sizes with a fixed amount of included storage, fixed retention period for backups, and fixed price and named as service tier
What are all the service tiers available in Azure to launch SQL?
1) General Purpose: Suitable for most business workloads. Offers budget-oriented, balanced, and scalable compute and storage options.
2) Business Critical: Suitable for business applications with low-latency response requirements. This tier is the only one that can use In-Memory OLTP to improve performance.
3) Hyperscale: Suitable for business workloads with highly scalable storage (100 TB+) and read-scale requirements. From a performance and cost perspective, this tier falls between General Purpose and Business Critical. Hyperscale is currently available only for single databases in Azure SQL Database.
What is Compute tier? (if you choose vCore model then have one more control to customize your cost)
~~~~~~~~~~~~
Provisioned compute - is meant for more regular usage patterns with higher average compute utilization over time, or for multiple databases that use elastic pools. Fixed price regardless of usage. We need to define sizing of compute resources for your workload.
Serverless compute - is meant for intermittent, unpredictable usage with lower average compute utilization over time. automatic compute scaling. billed only for the amount of compute used. Serverless also supports automatic pausing and resuming to help further price optimize. When your database is paused, you pay only for storage.
Hardware
~~~~~~~~~
The default hardware generation at this time is referred to as Gen5 hardware. If you choose General Purpose within SQL Database and want to use the serverless compute tier, Gen5 hardware is currently the only option. It can currently scale up to 40 vCores. Fsv2-series (compute-optimized), M-series (memory-optimized), and DC-series (confidential computing) hardware options recently became available for SQL Database.
The purchasing model, service tier, and hardware selections you make will have a significant impact on the performance, availability, and cost of your deployment.
Management interfaces for Azure SQL
====================================
1) Azure portal
2) SQL Server Management Studio
3) Azure Data Studio
4) CLI
Reference: https://docs.microsoft.com/en-in/learn/modules/azure-sql-intro/3-deployment-options
- Details
- Written by C M Raja
- Category: Technology
- Hits: 5045
1) What is IaC?
Its an acronyms formed from the sentence Infrastructure As Code
2) What is the use of IaC?
Its the concept of defining or provisioning required infrastructure to deploy your developed applications on cloud platform
3) What do you mean "required infrastructure" here?
Let me explain thru an example. You have developed a web application using ReactJS, NodeJS and PostgreSQL database in your local.
Now you want to deploy your code into AWS platform. You want to create an EC2 instance with required security group and configure web server and deploy your code
Here EC2, SG, NGINX (its one of the web server) are required infrastructure for your code
4) Are there implemented tools for IaC ?
As said above IaC is a concept and there any many tools available in market which implements this concept. Some popular tools are heavily used in industries are
1) Terraform (TF)
2) Azure Resource Manager (ARM)
3) Cloud Formation Template (CFT)
4) Google Cloud Deployment Manager (GCDM)
5) Why these many implemented tools ?
Each cloud vendor created their own proprietary IaC tool using that you can define required infrastructure for your application
Example:
If you want to deploy your application into Azure Cloud Platform then you can use ARM
If you want to deploy your application into Amazon Web Service (AWS) then you can use CFT
If you want to deploy your application into Google Cloud Platform (GCP) ) then you can use GCDM
6) Do we have any IaC tool which allows us to define required infrastructure one time and it should be used across any cloud platform ?
Yes, Terraform (TF) by HashiCorp tool allows you define your requirement that can be used across all cloud platform
7) What benefit do we get when you go with neutral IaC tool for all cloud platform?
You can easily transform your infrastructure from one cloud platform to another simply by running the developed TF code in the required cloud platform
Stay tuned...will continue my post and walk you through Terraform tools in details with more practical way :)
- Details
- Written by C M Raja
- Category: Technology
- Hits: 20724
This section shares modern security approaches implemented across different technologies
- You are here:
-
Home
-
Cloud
-
SSL Implementation
-
SSL Implementation Part 2 (Load Balancer, Route 53, Certificate Manager)
- Technology