2-647.mix.pptx

Building Network Aware Applications Using Azure Rapid Prototyping (RP)

1.0x

2-647.mix.pptx

Created 2 years ago

Duration 0:00:00
lesson view count 123
Building Network Aware Applications Using Azure Rapid Prototyping (RP)
Select the file type you wish to download
Slide Content
  1. Yousef Khalidi & Stephen Malone

    Slide 1 - Yousef Khalidi & Stephen Malone

    • Azure Networking
    • Building Network Aware Applications Using Azure Resource Provider (RP)
    • 2-647
    • //build/ content is being presented by Microsoft Office Mix The video for this session will be available shortly
  2. Slide 2

    • Why do you care about Networking?
    • Azure Resource Manager (ARM) 101
    • Azure Core RPs Public Preview
    • Hands-on Azure Networking APIs
    • Demo – let’s code some networks!
    • Network Aware Applications
    • Agenda slide
  3. DevOps

    Slide 3 - DevOps

    • You own the E2E solutions including infrastructure!
    • The hidden costs of physical hardware
    • Lost weeks and $$$ due to hardware delivery/config lead times
    • Specialist per-device or per-vendor expertise required
    • Software Defined Networking (SDN) becoming the new norm
    • Programmable networks using standardized interfaces
    • Create, configure and deploy network solutions in minutes
    • Consistent troubleshooting across device types
    • Deliver projects faster and cheaper
    • Deliver predictability and repeatability
    • Networking – Why should developers care?
    • Internet
    • VM1
    • VM2
    • LB
    • Microsoft Azure
    • Public IP
    • 151.2.3.4
    • Private IP
    • 10.0.1.4
    • Private IP
    • 10.0.1.5
  4. Slide 4

    • Azure components as Resources through Resource Providers (RP) and REST APIs
    • Orchestrates changes across Azure Resource Providers
    • Consistent interface for Azure Resources
    • Azure Resource Manager (ARM) 101
    • Resource
    • Providers
  5. Resource Groups – manage collections of diverse Resources as atomic units

    Slide 5 - Resource Groups – manage collections of diverse Resources as atomic units

    • Consistent management interface between Azure and on-premises with Windows Azure Pack
    • Role-Based Access Control (RBAC) and Tagging on any resource
    • Regionalized Management
    • ARM – Key Customer Benefits
    • RESOU
    • R
    • CE G
    • R
    • OUP
  6. Manage your Compute, Storage & Networking on Azure using new ARM RPs

    Slide 6 - Manage your Compute, Storage & Networking on Azure using new ARM RPs

    • Model dependencies between VM, Network and Storage in declarative models
    • Imperatively manage disparate resources using consistent REST APIs and experiences (portal, PowerShell, cross-platform CLI)
    • Azure core RPs Public PreviewCompute, Storage & Network RPs
    • New for
    • //Build 2015
  7. Service consumers

    Slide 7 - Service consumers

    • (Internet)
    • The Big (Network) Picture
    • On premises Datacenter
    • Backend Connectivity
    • S2S & P2S
    • Azure
    • Virtual Network
    • Front-End Network Access
    • Public IP addresses (VIPs) with direct, Internet-facing TCP/UDP ports
    • Load-balanced by Azure Software Load Balancer (SLB)
    • ACL for restricting inbound access
    • WATM for DNS-based service balancing
    • DDoS protection
    • Virtual Network
    • “Bring Your Own Networks” – Specify your address spaces & subnet topology in Azure
    • Backend Connectivity
    • S2S and P2S – Secure cross premise connectivity over the Internet
    • Direct- / Carrier-based dedicated, high-bandwidth connectivity into Azure*
  8. Wire up your Azure Networks as you want them

    Slide 8 - Wire up your Azure Networks as you want them

    • Standalone VMs or Load Balanced (LB) VMs
    • Create internal or external Load Balancers by attaching a Public IP
    • Lock down your networks with ACLs you define
    • Declarative and imperative management
    • Supports Virtual Networks, Network Interfaces, Public IP Addresses, Load Balancers, Traffic Manager and Network Security Groups
    • Scale up/out your Azure Networks dynamically
    • Network Resource Provider (NRP) Public Preview
    • New for
    • //Build 2015
    • External load balancer
    • Web frontend tier
    • Logic tier
    • Customer Virtual Network
    • Internal
    • load balancer
    • Back end
    • Front end
    • Microsoft Azure
    • Internal VIP
    • Public VIP
    • Internet
  9. Core RP – Conceptional Object Model

    Slide 9 - Core RP – Conceptional Object Model

  10. Managing ARM and Core RP Resources

    Slide 10 - Managing ARM and Core RP Resources

  11. Looking Closer – Network Security Groups

    Slide 11 - Looking Closer – Network Security Groups

  12. Request

    Slide 12 - Request

    • {
    • "location": "East US",
    • "tags": { },
    • "properties": {
    • "securityRules": [
    • {
    • "name": “ssh_rule",
    • "properties": {
    • "description": "Allow SSH",
    • "protocol": "Tcp",
    • "sourcePortRange": "*",
    • "destinationPortRange": “22",
    • "sourceAddressPrefix": "*",
    • "destinationAddressPrefix": "*",
    • "access": "Allow",
    • "priority": "100",
    • "direction": "Inbound"
    • }
    • }
    • ]
    • }
    • }
    • Create a Network Security Group with REST
    • Response
    • { "name": "DevNSG",
    • "location": "East US",
    • "id": “{Unique Resource URI}",
    • "etag": "W/\"e74f63d5-d816-4a6c-8c66-619f5117f088\"",
    • "properties": {
    • "provisioningState": "Succeeded",
    • "securityRules": [ {
    • "name": “ssh_rule",
    • "id": “{Unique Resource URI}",
    • "etag": "W/\"e74f63d5-d816-4a6c-8c66-619f5117f088\"",
    • "properties": {
    • "provisioningState": "Succeeded",
    • "description": "Allow SSH",
    • "protocol": "Tcp",
    • "sourcePortRange": "*",
    • "destinationPortRange": “22",
    • "sourceAddressPrefix": "Internet",
    • "destinationAddressPrefix": "*",
    • "access": "Allow",
    • "priority": 100,
    • "direction": "Inbound"
    • } } ],
    • "defaultSecurityRules": [ ... ]
    • } }
    • Method
    • Url
    • PUT
    • https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkSecurityGroups/{NSGName}?api-version={api-version}
  13. Create a Network Security Group with C#

    Slide 13 - Create a Network Security Group with C#

    • // Get the JWT token for the subscription
    • string jwt = ARMHelper.GetAuthorizationResult(tenantId: ARMHelper.GetSubscriptionTenantId(ConfigHelper.SubscriptionID), alwaysPrompt: false);
    • // Create the creds for the request
    • TokenCloudCredentials tcCreds = new TokenCloudCredentials(ConfigHelper.SubscriptionID, jwt);
    • // Create the NRP client for the request
    • Microsoft.Azure.Management.Network.NetworkResourceProviderClient nrpclient = new NetworkResourceProviderClient(tcCreds);
    • // Create a Security Rule for allowing SSH
    • SecurityRule nsrSSHRule = new SecurityRule() {
    • Name = “ssh_rule",
    • Description = "Allow SSH",
    • Protocol = "Tcp",
    • SourceAddressPrefix = "*",
    • SourcePortRange = "*",
    • DestinationAddressPrefix = "*",
    • DestinationPortRange = “22",
    • Direction = "Inbound",
    • Priority = 100,
    • Access = "Allow"
    • };
    • // Create a Network Security Group containing the allow RDP rule
    • NetworkSecurityGroup nsg = new NetworkSecurityGroup("East US")
    • {
    • SecurityRules = new List<SecurityRule>()
    • };
    • nsg.SecurityRules.Add(nsrSSHRule);
    • // Create the Put request for the new object
    • nrpclient.NetworkSecurityGroups.CreateOrUpdate("Dev", "DevNSG", nsg);
  14. Create a Network Security Group with PowerShell

    Slide 14 - Create a Network Security Group with PowerShell

    • PowerShell Command
    • $ssh_rule = New-AzureNetworkSecurityRuleConfig `
    • -Name “ssh_rule" `
    • -Description "Allow SSH" `
    • -Protocol Tcp `
    • -SourcePortRange "*" `
    • -DestinationPortRange “22" `
    • -SourceAddressPrefix "*" `
    • -DestinationAddressPrefix "*" `
    • -Access Allow `
    • -Priority "100" `
    • -Direction Inbound
    • New-AzureNetworkSecurityGroup `
    • -Name "DevNSG" `
    • -ResourceGroupName "Dev" `
    • -Location "East US" `
    • -SecurityRules $ssh_rule
    • PowerShell Output
    • Name : DevNSG
    • ResourceGroupName : Dev
    • Location : eastus
    • Id : {Unique URI}
    • Etag : W/"db726436-0d63-4a72-9635-6d9724d60a4d"
    • ProvisioningState : Succeeded
    • Tags :
    • SecurityRules : [
    • {
    • "Description": "Allow SSH",
    • "Protocol": "Tcp",
    • "SourcePortRange": "*",
    • "DestinationPortRange": “22",
    • "SourceAddressPrefix": "*",
    • "DestinationAddressPrefix": "*",
    • "Access": "Allow",
    • "Priority": 100,
    • "Direction": "Inbound",
    • "ProvisioningState": "Succeeded",
    • "Name": “ssh_rule",
    • "Etag":
    • "W/\"db726436-0d63-4a72-9635-6d9724d60a4d\"",
    • "Id": "{Unique URI}"
    • }
    • ]
    • DefaultSecurityRules : [ ... ]
    • NetworkInterfaces : []
    • Subnets : []
  15. Network Security Group REST operations

    Slide 15 - Network Security Group REST operations

    • Action
    • Verb
    • Relative URL
    • Request
    • Response
    • Create or Update NSG
    • PUT
    • /networkSecurityGroups/{NSGName}
    • JSON
    • JSON
    • Get NSG
    • GET
    • /networkSecurityGroups/{NSGName}
    • None
    • JSON
    • List NSGs
    • GET
    • /networkSecurityGroups
    • None
    • JSON
    • Delete NSG
    • DELETE
    • /networkSecurityGroups/{NSGName}
    • None
    • Status Code
    • Create Rule within NSG
    • PUT
    • /networkSecurityGroups/{NSGName}/securityRules/{SRName}
    • JSON
    • JSON
    • Get Rule within NSG
    • GET
    • /networkSecurityGroups/{NSGName}/securityRules/{SRName}
    • None
    • JSON
    • List Rules within NSG
    • GET
    • /networkSecurityGroups/{NSGName}/securityRules
    • None
    • JSON
    • Delete Rule from NSG
    • DELETE
    • /networkSecurityGroups/{NSGName}/securityRules/{SRName}
    • None
    • Status Code
  16. Download Network Security Group Audit Logs

    Slide 16 - Download Network Security Group Audit Logs

    • PowerShell Command
    • Get-AzureSubscriptionIdLog -StartTime $start -end $end
    • PowerShell Output
    • Authorization:
    • Scope: /subscriptions/953/resourceGroups/users1/providers
    • /microsoft.network/networkSecurityGroups/user1nsg2
    • Action: microsoft.network/networkSecurityGroups/write
    • Role: Subscription Admin
    • Caller: user1@yourcompany.com
    • EventSource: Microsoft.Resources
    • EventTimestamp: 3/12/2015 3:16:58 AM
    • OperationName: microsoft.network/networkSecurityGroups/write
    • ResourceGroupName: user1RG1
    • ResourceId: /subscriptions/953/resourceGroups/user1/providers
    • /microsoft.network/networkSecurityGroups/user1nsg2
    • CorrelationId: {Unique URI}
    • Status: Succeeded
    • SubscriptionId: 953
    • SubStatus: Created
    • Available also via Portal
  17. Template file

    Slide 17 - Template file

    • {
    • "$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
    • "parameters": { … },
    • "variables": { … },
    • "resources": [
    • {
    • "type": "Microsoft.Storage/storageAccounts",
    • "name": "[parameters('newStorageAccountName')]",
    • "location": "[resourceGroup().location]",
    • "properties": { … }
    • },
    • {
    • "type": "Microsoft.Network/virtualNetworks",
    • "name": "[parameters('virtualNetworkName')]",
    • "location": "[resourceGroup().location]",
    • "properties": { … }
    • },
    • {
    • "type": "Microsoft.Network/networkInterfaces",
    • "name": "[parameters('networkInterfaceName')]",
    • "location": "[resourceGroup().location]",
    • "dependsOn": [
    • "[concat('Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]"
    • ],
    • "properties": { … }
    • },
    • {
    • "type": "Microsoft.Network/loadBalancers",
    • "name": "[parameters('loadBalancerName')]",
    • "location": "[resourceGroup().location]",
    • "dependsOn": [
    • "[concat('Microsoft.Network/networkInterfaces/', parameters('networkInterfaceName'))]",
    • "[concat('Microsoft.Network/publicIpAddresses/', parameters('publicIpAddressName'))]"
    • ],
    • "properties": { … }
    • },
    • {
    • "type": "Microsoft.Compute/virtualMachines",
    • "name": "[parameters('vmName')]",
    • "location": "[resourceGroup().location]",
    • "dependsOn": [
    • "[concat('Microsoft.Storage/storageAccounts/', parameters('newStorageAccountName'))]",
    • "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaceName'))]"
    • ],
    • "properties": { … }
    • }
    • ]
    • }
    • Creating applications with ARM JSON templates
    • PowerShell
    • New-AzureResourceGroup -Name 'NRP-DemoRG' –TemplateFile 'C:\sampletemplate.json' -Location 'West US‘ `
    • -NamedParameter1 “value” `
    • -NamedParameter2 “value”
  18. Demo - let’s code some networks!

    Slide 18 - Demo - let’s code some networks!

  19. Back to the start – why should you care?

    Slide 19 - Back to the start – why should you care?

    • Liberate your development & testing with Azure
    • Model your solutions in templates, abstracting variance as parameters
    • Repeatable and predictable creation of your Dev/Test environments
    • Best of class infrastructure with consistent interfaces, fast provisioning and massive scale
    • Network Aware Applications
  20. And not to forget – manage the way you want

    Slide 20 - And not to forget – manage the way you want

    • X-Plat cli
    • sudo npm install azure-cli-[version].tgz –global
    • Azure login –u <your email address>
    • Azure config mode arm
    • azure network vnet create …
    • Java SDK
    • import com.microsoft.azure.storage.*;
    • import com.microsoft.azure.storage.table.*;
    • import com.microsoft.azure.storage.table.TableQuery.*;
    • Node.JS
    • var azure = require('azure-storage');
    • var blobSvc = azure.createBlobService();
    • blobSvc.createContainerIfNotExists ...
  21. Attend these talks to learn more

    Slide 21 - Attend these talks to learn more

    • Wed 11:30 – 12:30pm – 3-618 - The Next-Generation Azure Compute Platform with Mark Russinovich
    • Wed 5:00 – 6:00pm – 2-646 - Introduction and What’s New in Azure IaaS
    • Thu 11:30 - 12:30pm - 2-667 – Lessons from Scale: Building Applications for Azure
    • Fri 12:30 – 1:30pm - 2-688 – Azure Virtual Machines Deep Dive
    • Try out the new ARM Core Resource Providers
    • And take control of your networks!
    • Call to Action
  22. Improve your skills by enrolling in our free cloud development courses at the Microsoft Virtual Academy.

    Slide 22 - Improve your skills by enrolling in our free cloud development courses at the Microsoft Virtual Academy.

    • Try Microsoft Azure for free and deploy your first cloud solution in under 5 minutes!
    • Easily build web and mobile apps for any platform with AzureAppService for free.
    • Resources