AWS
Quick guide on aws for beginners Understanding network concepts in aws How to achieve CI/CD in aws CI/CD in aws managed resources with Jenkins Push Image to aws ECR Using GitHub Actions Setup an EventBridge Rule in aws How ECS & ECR works in aws EKS with Fargate Profile Launch EKS using eksctl in aws Container insight for EKS-Fargate in cloudwatch Deploy aws resources with CloudFormation AWS secrets scanning by GitHub Setup Site to Site VPN Connection in AWS
AZURE
Gateways in Azure Understanding network concepts in Azure Ingress in Azure Kubernetes Service
GCP
Architecting hybrid infrastructure with Anthos

ANSIBLE
Ansible a configuration management tool Runbook Automation tool for playbooks
DOCKER
Docker a containerization Tool Networking in Docker Multi-stage build in Docker what is docker-compose All about Docker swarm
GITHUB
CLI instruction to work with GitHub Integrating Jenkins with GitHub Push Image to ECR Using GitHub Actions
JENKINS
Jenkins a continuous integration tool Acheive CI/CD using Jenkins in AWS Configuring weblogic deployer plugin in Jenkins
KUBERNETES
Kubernetes an orchestration framework Launch kubernetes cluster in Different ways Debugging your kubernetes cluster Certificates renewal of kubernetes cluster Deploying application on Kubernetes cluster api versions to use in manifest file RBACs in Kubernetes Health check of containers in Kubernetes Rancher a cluster management platform Understanding ISTIO as a service mesh
TERRAFORM
Deploying IaC using Terraform Terraform module EKS cluster using Terraform

APACHE
Things to know in Apache How to Configure Apache-httpd Server Setup httpd as os-service on OL8 SiteMinder and its Integration with WebServer Apache SSL Installation Instructions NO_RESOURCES Errors in APACHE with WLS
WEBLOGIC
Installing WebLogic 12.1.3 without GUI WebLogic Server as a managed Azure service WLS domain extension to include JRF template All about OPatch in WLS How to define WorkManager in Weblogic Some known Weblogic exceptions Different OutOfMemory issues Some known Weblogic exceptions Play with WLST Persistent store in WLS Configuration of NodeManager

JAVA
JAVA_OPTIONS Study on JAVA_HEAP Native OOM in Java Heap Types of Threads Various Java-options to use in Java apps How to run Java Flight Recorder dbping a java-weblogic utility
SSL
When & why to use SSL certificates SSLv3 to TLS1.* SHA2 on Oracle https Server Weblogic SSL Renewal Steps
CHEATSHEETs
Linux Cheatsheet Linux Log parsing cheetsheet SSL Cheatsheet MySQL Cheatsheet PostgreSQL Cheatsheet WebLogic Cheatsheet Python Cheatsheet Kubernetes Cheatsheet Terraform Cheatsheet Hashicorp-vault Cheatsheet GCP Cheatsheet
OTHER
All about Messaging Queue small guide on Python WLSDM monitoring agent in WLS Register driver for MSSqlServer Understanding YAML

11 May 2020

Gateways in Azure

There are different gateways in public cloud networking that helps you to connect with different systems.

Virtual Network Gateway a.k.a VPN Gateway 
Azure VPN Gateway connects your on-premises networks to Azure through Site-to-Site VPNs in a similar way that you set up and connect to a remote branch office. The connectivity is secure and uses the industry-standard protocols Internet Protocol Security (IPsec) and Internet Key Exchange (IKE).

In simple terms, azure VPN Gateway provides a secure and reliable networking solution for connecting on-premises infrastructure to Azure virtual networks over the internet.

there are different configurations available for VPN gateway connections
  1. Site-to-site VPN
  2. Point-to-site VPN

Site-to-site VPN
A Site-to-site (S2S) VPN gateway connection is a connection over IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. S2S connections can be used for cross-premises and hybrid configurations. A S2S connection requires a VPN device located on-premises that has a public IP address assigned to it.

ExpressRoute Gateway
It provides a dedicated, private connection between on-premises infrastructure and Azure data centers.

NAT Gateway 
A NAT (Network Address Translation) Gateway in Azure is a service that enables outbound internet connectivity for resources deployed in a virtual network. NAT Gateway provides a static public IP address for resources within the virtual network to communicate with resources outside the network.

In Azure, NAT Gateway is used to translate private IP addresses used by resources within the virtual network to a public IP address that can be accessed over the internet. This allows resources in the virtual network to securely communicate with services outside of the network, such as Azure services, internet resources, or on-premises resources connected via a VPN or ExpressRoute.

Application Gateway is as=as WAF in AWS
Azure Application Gateway is a service that helps manage and scale traffic to multiple web applications running in your Azure virtual network. It acts as a traffic cop, routing requests to the appropriate server based on your defined rules. It can also help improve the performance and security of your web applications.

No comments:
Labels: ,

28 April 2020

Understanding network concepts as they relate to Azure

Things to remember in Azure Networking

You should not directly access a Virtual Machine placed in a harmonized VNET instead, it has to be accessed via a Bastion instance which is secure & is the recommended method.

When connecting a VM from Bastion-instance the VM will only have internet access if a NAT-Gateway is attached to the VNET of the Virtual Machine or if a public IP is assigned to it.


But, if you are unable to access the Internet even after setting up NAT-Gateway -

start troubleshooting based on the possible scenarios

As depicted above, consider you have set up a NAT Gateway under the vnet test-vnet-uksouth-00a5cfe as shown above,
you are using both the single IP and IP prefix/31 under the NAT Gateway configuration.
Even after the NAT Gateway configuration, you cannot access the internet from your VM client-machine.
This could be possible because - The subnet test-sn-0 under the vnet might have a route table applied test-sn-0-uksouth-rt.
And the route table might have a route entry with 0.0.0.0/0 and the next hop is virtual appliance 10.x.x.4.
Because of this route, the NAT Gateways' default route is not getting preference over your custom route table, 
Once we remove the 0.0.0.0/0 from under the route table test-sn-0-uksouth-rt, your VM will be able to access the internet.

Regarding the SSH access to the VM, note that NAT Gateway is for outbound traffic requests and its return traffic. Kindly refer- https://learn.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-gateway-resource#coexistence-of-outbound-and-inbound-connectivity

For incoming traffic requests for SSH, you can have individual instance public ip assigned on VM nic and have NSG access allowed. Instance IP will also allow you the outbound access to the internet.
No comments:
Labels: