Untitled

Amazon EventBridge

Azure Kubernetes Service – Application Deployment(Part 2)

This blog is in continuation to AZURE KUBERNETES SERVICE – MICROSERVICES APP (PART 1). In this blog we will be covering details around building K8s Deployment YAML configuration files which will be deployed on AKS. We will also quickly look at how you can containerize the application we discussed earlier design as below. And also how can we push the containers to Azure Container Registry from…

Azure Network & Firewall

Azure Networking is core prerequisite for onboarding Azure. As setting the network architecture is fundamental building block, to migrate and build your workloads in Azure. Azure networks at the core revolves around Virtual Networks (VNET)SubnetRoute TablesFirewall Public / Private IPDNS… and much more With this blog I want to share a video I produced to explain how you can intercept and…

Azure Kubernetes Service – Microservices App (Part 1)

Kubernetes has been talk of the town in recent time. There are different school of thought’s on K8s, as we all know K8s has been in the market for not too long. But the impact it has created is ground breaking. But considering the duration of its inception, it is still maturing and getting build at same pace as it is being adopted.

K8s Boom

Some of the most surprising and eye opening…

Load testing is fundamental for success of any API project. With this blog I am trying to share free load testing tool artillery.io

In the fast moving microservices/API driven world, as important it is to design and build the API. It is getting more important to load test your APIs to get a benchmarking of how much stress can the API’s bear before falling apart. This is crucial as if you don’t know the benchmarking for your API’s, you will not be able to make a quantifiable commitment for:

What types and how many…

SQL Container on Azure Kubernetes Service (AKS)

In the new app. world, containers are playing a crucial part.  There is no more debate on whether or not to use containers. Containers and deeply engrossed in application development, deployment, and management in short ALM. The trend around application development these days has been more shifted on the microservice architecture model.

I won’t go in the debate of what a purist microservice…

Building Alexa Skills with Azure – Part 3

Building Alexa Skills with Azure – Part 1

Building Alexa Skills with Azure – Part 2

In this part, I would like to give a brief walkthrough of the IoT code. Referring to the Architecture diagram we will discuss about the devices in the house.

The solution uses the below components:

ESP8266 Node MCU

Relay Switch

OLEDB

The code is…

Building Alexa Skills with Azure – Part 2

Building Alexa Skills with Azure – Part 1

Building Alexa Skills with Azure – Part 3

This blog is in continuation of my previous blog Building Alexa Skills with Azure – Part 1 where I discussed Alexa skill setup. In this blog, I will talk about API endpoint which will be serving the intents coming from Alexa skill.

There are…

Building Alexa Skills with Azure – Part 1

Building Alexa Skills with Azure – Part 2

Building Alexa Skills with Azure – Part 3

It’s no more a matter of discussion that voice-enabled systems are future. In or to keep up in the game it’s always good to understand the technology and try your hands on it.

To get my hands dirty, I tried to build a solution using Alexa and a couple of other components. The endstate is the user can speak to…

Azure AD B2C is a Microsoft offering where a customer can use their current identity which can be with any of the listed provider’s Facebook, Google, Amazon, Twitter, etc to authenticate the business applications. B2C works on the ideology that there is no mandate for the customer to create his identity locally to access applications, customer can use their existing providers which they would be using for business or personal use to validate their identity.

With this model, the customer profile information such as Personal Identity Information PII, credential management stays with the customer trusted provider listed below. B2C service just leverages the provider to validate the customer to confirm “the customer is the one, he is claiming to be”.

Identity providers – Federation settings for:

Social identity providers like Facebook, LinkedIn, or Twitter that you want to support in your applications.

External identity providers that support standard identity protocols like OAuth 2.0, OpenID Connect, and more.

Local accounts enable users to sign up and sign in with a username (or email address or other ID) and password.

Below are quick steps on how you can set up and test B2C in Azure:

Login to Azure Portal, click Create a Resource –> Search Azure AD B2C

Next, you can create a B2C tenant or link and existing tenant

For this blog, I will create a new tenant “aldhanb2c” which  will also become sub-domain of onmicrosoft.com

Once the tenement is setup if you check Directory + subscription menu on Azure portal you can see the new tenant

Select the new tenant to navigate to Azure AD B2C instance

The primary configuration we need to setup is around Application

Create a new Application, in the configuration section, there is one important attribute which you need to set Reply Url. Reply Url is the callback URL where the B2C service will post user claims.

You can use https://jwt.ms as one of the entry, this will help in testing B2C service from Azure portal itself

Provide your application endpoint where the claims should be posted. This can be added later if you do not have details upfront

Generate an application key and save it this will be required while configuring a B2C application

Configuring the identity provider is core to enable Azure AD B2C service. There is a wide range of identity providers that can be enabled for your instance. List of identity providers are as below

Social identity providers like Facebook, LinkedIn, or Twitter that you want to support in your applications.

External identity providers that support standard identity protocols like OAuth 2.0, OpenID Connect, and more.

Local accounts enable users to sign up and sign in with a username (or email address or other ID) and password. To enable any of the listed identity providers some setup is also required to be done on the identity provider side such as Google, Facebook, etc Detailed steps for what is needed to be done for each identity provider is available @MSDocs For this blog, I have enabled Google and Local account

Azure AD B2C also provides the capability to capture custom attributes that may/may not be provider by the selected identity provider. Using the User Attribute option you can select attributes from a predefined list or can also create your own custom attribute

User flow is instrumental in orchestrating all the components we discussed in the above steps. User flow is the policy orchestration option where you can select what policies a user should experience when he/she tries to access application enabled with Azure AD B2C. In this blog I will discuss Sign up & signin policy, but you can also enable Profile edit, Password reset policy as well.

This slideshow requires JavaScript.

Once you select sign up and sign in policy, in the create screen you need to

provide a name

You can select one or more identity provider

You can select to enable Multifactor Authentication

You can select user attributes to be part of the claim

This slideshow requires JavaScript.

 Once you have created a policy you can further configure signin claims using the Application claim option. These claims will be returned by Azure AD B2C on successful signin

Under the customize segment you can select a Page layout from the options available. This layout will be presented to the user when the application navigates this user to the Azure AD B2C service.

The service is all set now an can be tested using the Run user flow option. As you can see when we click Run user flow, a wizard open in the right corner, also Settings are displayed and under the identity provider AladhanGoogleIdentity is listed.

In Step 7 earlier I explained to use https://jwt.ms, this reply URL will be used for testing.

Once Run is executed user is navigated to Azure AD B2C page layout. As you can see in items 15, for this policy I have google as well as the email identity provider. Hence on B2C page layout, I can see the same

 I will select Google login which navigates me to google oAuth page

Provide correct credentials, once validated by google auth server. Google replies to the claims to Azure AD B2C service which then propagates the claims to https://jwt.ms as we select that in item 16. In real work, Azure AD B2C will return claims to your application endpoint which can use the claims to process the user request

Azure – Service Bus Relay – In Action

The Azure Relay service enables you to securely expose services that run in your corporate network to the public cloud. WCF Relay works with the full .NET Framework and for WCF. You create a connection between your on-premises service and the relay service using a suite of WCF “relay” bindings. The relay bindings map to new transport binding elements designed to create WCF channel components…

Azure SQL - Geo-Replication

Part 3 : Azure HDInsight – Kafka (.NET Solution)

This blog is a continuation of past 2 blogs:

Part 1: Azure HDInsight – Kafka

Part 2: Azure HDInsight – Kafka

In this blog, I have tried to present more real-world solutions using HDInsight Kafka. The solution high-level architecture is presented below.

            Major components in the solution are as below:

Producer App:This is a mock console application that generates messages with text Event…

Part 2 : Azure HDInsight – Kafka (Provisioning)

This blog is a continuation of Part 1: Azure HDInsight – Kafka

In this blog, we will walk you through how you can set up a new Kafka instance in Azure, with a mere couple of clicks. There are several benefits of provisioning Kafka with Azure HDInsight few of which are as below:

Kafka instance suitable for Enterprise

Provision Kafka cluster in a couple of clicks

Microsoft – fully manage the…

Part 1 : Azure HDInsight – Kafka (Overview)

What is HDInsight?

This is an Azure PaaS offering where you can run popular opensource Apache frameworks as below. Apache Software Foundation is an American non-profit corporation to support Apache software projects. HDInsight quickly spins up big data clusters on-demand, scale them up or down based on your usage needs and pay only for what you use.

Apache Hadoop

Apache Spark

Apache Kafka

Apach…

Containers and Images are vital artifacts for any project in the new world. Recently enterprises have also embrace containers with open arms, so now it’s vital to find the most efficient and optimal way to manage and persist images. Docker hub since the very inception provided the capability to persist images as a private or publicly accessible artifact. Since all the big cloud providers are coming with cloud-based container service as below, these providers also have provider-native registry which has the number of benefits I will discuss later in the post.

AWS

Azure

Google

Some of the fundamental benefits of using a cloud native registry is :

Manage images for all types of containers

Manage a single registry across multiple regions/zones

Keep container images close to your deployment geography to reduce deployment delay

Expand registry security functionality by adding cloud provider security model on top of image security

Since images have been in existence for a while and these container registries are new service enabled by the cloud provider. Hence one of the challenges is how we can quickly and seamlessly move our old images which may be in Docker Hub to one of these cloud-native registries. In this post, I want to present how quickly you can migrate image from Docker Hub to Azure Container Registry.

Download hellow-world image from Docker Hub

az acr import --name myregistry --source docker.io/library/hello-world:latest --image hello-world:latest

az --> Azure acr --> Azure Container Registry import --> Command to identify import is requested --name --> name of your ACR --source --> Source from where you want to download image eg Docker Hub --image hello-world:latest --> Name of image in ACR once imported

Import from non-Azure private container registry

az acr import --name myregistry --source docker.io/sourcerepo/sourceimage:tag --image sourceimage:tag --username --password

az acr import --name myregistry --source docker.io/sourcerepo/sourceimage:tag --> Private registry --image sourceimage:tag --username --> User Id for private registry --password --> Password for private registry

 Happy Coding …..