Skip to main content

Posts

The Cloud Migration Gotchas..

All leading cloud providers have a well defined Cloud Adoption Framework that will help you shape up your cloud migration strategy. Customers would eventually end up with one of the 5 'R's of rationalization - Rehost(Lift&shift) , Refactor, Rearchitect, Rebuild or Replace.  Once you have identified the approach , next steps would be planning and execution. However the best  plans laid out by  a professional services team can be driven off the track by  customer specific environment challenges. If you are helping customers with cloud migration, here are few things that you might want to think through again and prepare for before you go all in . 1.Start with stakeholder buy in The first step called out in Azure Cloud Adoption Framework is Strategy  or rather the motivation of the organization to move to cloud. Though this would usually be done in the presales phase and might have the buy in of the C-Suite, it is very important that this acceptance trickles down to stakeholde
Recent posts

Azure Arc integrated Kubernetes cluster

Multi and Hybrid cloud deployments have become more of a norm than exception and how seamlessly you can manage resources deployed across multiple environments would determine the success of your digital transformation. Azure Arc enables this by providing a solution that enables consistent management of workloads across environments. It helps onboard resources from  heterogeneous deployments  and manage them using familiar premises of Azure Resource Manager. Azure Arc currently supports VM, Kubernetes clusters(preview) and databases(preview) , and you can monitor and manage them from Azure irrespective of where it is deployed. Azure Arc can  be used for centralized monitoring and management of k8s clusters deployed across different cloud environments or on-premises. This service is currently in preview. As part of my weekend tinkering , I explored Azure Arc enabled Kubernetes cluster. The process for setting it up for a lab is pretty straight forward, and you will get most of this infor

AKS-managed Azure AD : How to integrate your AKS cluster with Azure AD

AKS is evolving at a dizzying pace and there have been quite  a number of changes since I wrote about AKS namespace isolation and AAD integration . The major update is in terms of creating and Azure AD integrated AKS cluster. You no longer need to create and manage the server and client application, it is handled by the AKS resource provider.  There are few limitations with this approach though before you get started   - You cannot disable the AKS-managed Azure AD integration once it is enabled   - Process is supported only for RBAC enabled clusters   - Azure AD tenant once integrated cannot be switched to a different one Lets start with creating an Azure AD group. You can also use an existing one if you want to. Note that creating an Azure AD group would need Global administrator rights I am executing these steps from Azure cloud shell , where all the required tools like Azure CLI and Kubectl are preinstalled 1. Create the Azure AD group for your cluster administrators. Note down the

Kubernetes best practices in Azure: AKS name space isolation and AAD integration

Once you have decided to run your workloads in AKS service in Azure, there are certain best practices to be followed during design and implementation. In this blog we will discuss two of these recommended practices and the practical aspects of their implementation- Azure AD integration and name space isolation While AAD helps to authenticate users to your AKS cluster using the existing users and groups in your Azure AD, name space isolation provides logical isolation of resources used by them. It is useful in multi tenant scenarios where the same cluster is being used by different teams/departments to run their workloads. It is also useful in running say a dev, test and QA environment for organization in the same cluster. Combining AAD integration with name spaces allow users to login to their namespace using their Azure AD credentials AAD integration with AKS : The following Microsoft document will get you started  with AAD integration of AKS cluster.: https://docs.microsof

Introducing Azure Firewall

Azure firewall is the latest addition to Azure security features portfolio. It was announced in preview last week along with Azure virtual WAN. Along with other features such as NSG and WAF , Azure Firewall enables additional protection for your applications hosted in Azure. We know that NSG offers network level protection(L3) and helps in implementing restrictions on incoming and outgoing traffic at network layer. WAF enables inbound security for web applications at Layer 7.Azure Network firewall provides outbound network layer(L3-L4) and application level (L7) protection for Http and Https traffic. There are two types of rules that can be created in Azure Firewall. Application rule and Network rule. As name indicates Network rule can be used to allow/deny traffic at network layer by defining the source IP & protocol + Destination IP& protocol. Application rules can be created to allow or restrict outbound traffic to specific FQDNs. If you want to play around with Azu