Actually, I really like the visual studio code online!
Prerequisites
For using the Visual Studio Code Online an Azure subscription in necessary, because the IDE is being hosted on the Azure and a resource group is created for it.
After sign-in to vs code, an environment must be created or the existing environment can be used. By creating an environment the URL to GitHub repository can be enter in the Git Repository field. The git is cloned in workspace once the IDE is hosted.
For the next time is not necessary to create an environment again, and the existing one can be used.
Experiences
I used the following tooling or extensions on the vs code online:
I installed the power shell 7 and developer the power shell scripts.
Connected the IDE to Azure and executed the power shell scripts.
I installed the azcli extension and developed the .azcli scipts.
Docker is available by default on the IDE machine.
I installed the docker-composer and ran the docker-composer file.
Installed the Azure App Service extension and deployed the docker image from local on the Azure App Service.
Hybrid, multi-cloud management platform for APIs across all environments. Nowadays, enterprises are API producer and they expose their services to their customers via APIs.
With Azure API Management Service enterprises can selectively expose their services to their partners, consumers in a secure manner.
Enterprise level benefits of Azure API Management
Exposing the services/APIs in a secure manner.
A Framework for API Management can be approved by compliance gate and teams can use it without repeating the same compliance gate process.
A list of exposed APIs/Services are always for monitoring available for CTO.
Must haves at enterprise level implementation for Azure API Management :
Define a secure framework for API Management
On-board teams to be able to use this framework
Support and monitor the Teams activities
Enterprise Level limitation
If an enterprise level decides to use the custom role assignment must pay attention to 2000 RBAC assignment per subscription.
Framework for Azure API Management
In the framework document we must define at least two teams and the functional and non-functional requirement must be clarified and explained in great detail.
Service Provider Team : is the team who define the framework and perform the compliance gate process for the service, they want to provide
Consumer Team : uses the provided service, because
They need this service in their solution.
They receive an On-Boarding and start technically easier with this service.
They can use the support of this service instead of using their resources
They don’t need compliance gate process for this service
Functional requirements
Non-functional requirements
By which cloud provider?
How teams can request this service?
Is it private or public cloud?
How they can get on-boarding?
How can have access to resources?
How they can get support?
How to determine the dev/QA/prod environments?
How are the SLA?
How team can access his resources?
What are the service provider team’s responsibilities?
How they can add/remove/config their resources?
What are the consumer team’s responsibilities?
Is their any automated flow? if yes, what are they?
How the automated flow can be considered in CI/CD? (if necessary for consumer team)
Application Programming Interface Management (API Management), consists of a set of tools and services that enable developers and companies to build, analyse, operate, and scale APIs in secure environment.
Azure
AWS
GCP
Service
API Management Service
Amazon API Gateway
– API Gateway – Developer Portal
– API Access Control – API Protection – API Creation and design – Support for hybrid models – High performance – Customizable developer portal
???
API Management tools overview
API Management can be delivered on-premises, through the could, or using a hybrid on-premises – SaaS (Software as a Service) approach.
For migration from On-Prem to Cloud we have the following possibilities on different platforms.
Azure
AWS
GCP
Lift and shift
Yes
Yes
Lift and shift It means a virtual machine is taken from a hyper-visor and migrated to cloud with the same configuration as it had on-prem. An app will be migrated to the cloud without refactoring or changing architecture.
The Azure Migration Service can be used for assessment. This document explains how to use Azure Migration to assess an on-premises Hyper-v-based environment.
I had only non-domain Windows Servers on Hyper-v. For the credentials I added the credentials for Windows Servers and Hyper-v Host. I used the Username and Password of the servers. For the Hyper-v Host I used a local admin user.
Username: hyper-v-host-machine-name\local-admin-username (ex. del0074\parisaadmin) Password: The password
To discovery source the following values are required.
IP Address/FQDN: hyper-v-host-machine-name(ex. del0074) Map credentials: host
The Azure Virtual Network (VNet) is like a container that provide traffic isolation and segmentation.
An Azure virtual network (VNet) is a representation of your own network in the cloud. You can control your Azure network settings and define DHCP address blocks, DNS settings, security policies, and routing. You can also further segment your VNet into subnets and deploy Azure IaaS virtual machines (VMs) and PaaS role instances, in the same way you can deploy physical and virtual machines to your on-premises datacenter. In essence, you can expand your network to Azure, bringing your own IP address blocks.
The termes which are used in VNet are as follows:
Virtual Network
Virtual Network Subnet
Gateway Subnet
Virtual Network Gateway
Viurtual VPN Gateway
Network Security Group (NSG) -> Can be assigned to
Virtual Network
Virtual Machine
Sunbet -> at subnet level would be prefered.
User Defined Routing (UDR) -> for customizing traffic.
We can have one to many VNets but of course there’s subscription limitation. All VNets are isolated boundries. But there’s different types of connectivity available between VNets according to the scenario.
Connectivity types
VNets Peering
There’s two different VNets peering: – Global Peering – VNets Peering -> the VNets must be in the same region.
VPN Gateway/ Tunnel
The VPN Gateway is used for different types of connectivity: – VNet-to-VNet (Microsoft Doc) – Site-to-site -> On-premises env to Azure VNet (Microsoft Doc) – Point-to-site -> Laptop to Azure VNet
Express Route
Virtual Network Security
Provide network security with using
Network security group
Using attack simulation to access protection and detection capabilities of azure web application firewall (WAF)
Network Security Group (NSG)
The Network Security is applied to the network via Network Security Groups (NSGs) and it has the following features:
It has a stateful firewalll for inbount and outbound traffic.
– Built-in high availability and auto scale – Network and application traffic filtering – Centralized policy across VNets and subscriptions
Complete VNET protection
Filter Outbound, Inbound, Spoke-Spoke and Hybrid Connections traffic (VPN and ExpressRoute)
Centralized logging
Archive logs to a storage account, stream events to your Event Hub, or send them to Log Analytics or Security Integration and Event Management (SIEM) system of choice.
Best for Azure
DevOps integration, FQDN tags, Service Tags, Integration with ASE, Backup and other Azure Services.
Azure Firewall Premium
Next-Gen Firewall features, including TLS inspection, IDPS, and URL Categories.
Service bus is available on azure platform with three different messaging possibilities:
Service Bus Queue
Service Bus Topic
Service Bus Relay
Service Bus Queue
It’s available for Basic Price Tier.
Service Bus Topic
It’s available for Standard / Premium Price Tier.
Service Bus Relay
Service Bus is usually for the enterprise level solutions, where the following items must be considered in the solution:
Multi components communicate with each other via brokered messaging
Communication is discrete.
A broker is needed to distribute the messages between components.
The message order is important (FIFO).
The application can have multi-tier architecture.
The application is hybrid (partially on-prem and partially cloud-based).
The applicaions of different departments must communicate with each other.
Service bus is created as a namespace and the message streamings are defined in the namespace and the price tier is defined at namespace level.
With Premium price tier is possible to define the Message Units. The message unit, isolate the workload processing in CPU and Memory. therefore, the partitioning option is removed from Create Queue and Topic blade. Two are features for premium are:
Event -> for automation
Firewall and virtual networks
Bus Service Overview
It’s available in Premium Price Tier
Shared Access Policies: in this blade we access the primary & secondary key & connection.
This is available in premium price tier
Queues: Add serveral queues.
Topics: Add several topics.
Secure Acceess
Uses the Shared Access Signature (SAS) with full access. This is generated by creating the service bus namesapace.
For Developers
The development has two parts
Sending message to the service bus queue
Handling/ process the messages in the service bus queue
Multi Cloud Solutions 