DevOPs – IaaS – Azure – Resources

Posted: May 25, 2018 in devops, Uncategorized
Tags: , ,
Subscription <= VNets <= SubNets <= VMs <= Virtual Disks (in SA)
  • RG, NSGs, SA, AS, Routing Tables, IPs, NICs, LBs, DNS
  • vnet (virtual network) => Logical collection of subnets => Complete Isolation of IP addresses, dns settings, security policies, routing table
    • no cost charged for using it
    • different VNets can have same IP addresses (CIDR address blocks – Classless Inter-Domain Routing notation) across dev / testing & production environments.
    • It can have it’s own DNS server and configure VNet to use that DNS=> generally it is managed by ISP (Internet Service Provider who provided internet)
    • We can use DNS server of Azure => so that we wud have everything in one place
    • It can connect to on-prem data centers => we have to use side by side VPN or express connection
  • subnet – logical collection of VMs (range of IP addresses) in a VNet
    • Mainly for better organization & security  No additional configuration needed for resources communication between 2 subnets of a VNet.
    • We can also configure route tables & NSGs to a subnet
    • Based on no.of machines in a network, a subnet mask will be set
  • vm – virtual machine
    • All IaaS VMs & PaaS role instances in a VNet can access public internet by default. Access can be controlled using NSGs.
    • Access between VMs within same VNets of same or different subnets can happen using Private IPs
    • Access between VMs across VNets need to happen using Public IPs
    • Internal name resolution been provided by Azure within VNet
    • Before setup VMs VNet arch + subnets need to be planned
  • nsg – network security group => plays the role of firewall providing security => define rules to control inbound/outbound traffic => create/associate with subnets
    • Rules can be defined to control the traffic at NICs, VMs & SubNet + VNets
    • Rules are based on source IP + port <=> destination IP + port
  • pip – public ip / VPN gateway
    • Assigned to VM
  • nic – network interface card
    • VMs communicate with other VMs / resources on network using Virtual NICs
    • Virtual NICs configure VMs with private/optional public IP address
    • VMs can have one or more NICs for different network configurations
  • lb – load balancer (public facing / internal)
    • External load balancer => to provide high availability for public internet
    • Internal load balancer => for within network
    • Need to configure availability set
  • azure dns => an Azure’s hosting service => enables clients to resolve user-friendly FQDNs to IP address
    • Hosts our own domains with Azure apps
    • We can manage our DNS records through Azure subscription
    • DNS zone => hosts the dns records for a particular domain => (first we need to buy the domain name from domain providers like godaddy.com)
      • Ex: For domain xyz.com => mail.xyz.com, www.xyz.com are the dns records
      • The name of the zone must be unique within the resource group
      • Same zone name can be reused in different resource groups or in different azure subscriptions
      • When multiple zones share same name, each instance will be assigned different name server addresses & only one instance can be delegated from the parent domain.
  • rg – resource group
  • as – availability set
    • High availability set
  • sa – storage account
    • Virtual disk storage account
  • rs – record set (domain name record set)
  • azure storage account – provides 3 types of storage services Blobs, Files, Tables & Queues. One per customer + provides isolation of the data between customers + 500 TB storage per storage account
  • azure files – for shared file system between app servers
    • As shared filesystem =>one per campaign cell thru autofs framework. No SFTP any more.
  • azure storage explorer – access mech for clients to put/get files to be used in Adobe Campaign
  • azure os disks – prepared vhd blobs as OS disks.
  • azure data disks – linux raid/md (aggregate multiple individual disks in a logical single disk to distribute the load). Provisioned via LVM for on the fly easy future expansion
  • azure managed disk – new feature that simplifies the provisioning of VMs + simplifies implementation of HA policies for resources.
IaaS steps to provision a server
  • Create VNet with CIDR (IP Address) + default subnet with IP masks + new resource group
  • Create more subnets with IP masks
  • Create NSGs and associate them to subnets
  • Create VM by selecting Virtual Machine based on OS (windows/linux/centos)
    • configuration (CPU/Memory)
    • virtual hard drive -> stored as Blob in a storage account
    • IP – dynamic/static – For web servers dynamic is fine as users will be accessing load balancer based IPs. For backend servers select None.\
      • For db server ex: sql server, select options like authentication type, admin uid/pwd, automatic patching, backup, Azure Key Vault integration, R services for advanced analytics
      • For web server: after installing configure IIS
        • Since IP is dynamic you can get to see it and you can access it from browser.
        • You can configure the DNS name instead of using IP from the web server configuration option – change DNS name label to <app name>.eastus.cloudapp.azure.com
    • Do not create NSG (select None) .. .default it takes subnet based NSGs
    • Configure hight availability set (with update – 10/fault domains – 3)
    • Monitoring / guest OS monitoring selections
  • dns
    • Buy domain name from sites like godaddy.com
    • Create dns zone
    • Get the nam server address from azure and configure it on control panel of the register like console panel of godaddy.com
      • Name server resolves domain name to the underlying IP configured with domain name record set.
    • Create record set in azure => record set maps domain to the azure resource IP.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s