Give me security; WordPress&MySQL!

This is a follow-up on a previous blog post of mine. I don’t like to leave the security of the solution hanging as we are exposing the MySQL database to the internet up in the cloud. There exist a possibility to use Azure internal virtual network, though for that your web site must use a more expensive tier. So therefore I will address how to set up a secure connection from the WordPress frontend to the MySQL backend.

First you will need to download OpenSSL (I’m using the Windows lite version found here). read more

Give me more datadisks

With lower tier VM’s in Azure you have a limit on how many data disk you can attach. As an example an A1 can only have 2 datadisks of 1 TB each attached. So if you just want to use Azure for storing a lot of data like backup you are kind of out of luck. You would either need to get a higher tier VM that allows for more datadisks or use a service like Azure Backup instead.

Let me give you one more option, Azure Files Shares.
Now, I hear a lot of you say; “you can’t use a share as a local disk”. And you would be correct, you can’t. Though let’s be a bit sneaky, and get around that limitation. read more

AzureRM WordPress migrate to Docker MySQL complete story

Wanted to document my journey to get this blog up and going in Azure. This was a experiment as much as anything. Though the result was not too shabby.

First we start by creating a new Azure WordPress Web App. Press New and search for WordPress

AzureRMNew

Choose the WordPress web app and accept the terms.

WordpressWebApp

Fill out the details needed. Create a resource group to hold your application.AzureRMWPConfig

Also create a service plan and choose the resources you want to use.

AzureRMWPAppServicePlan

Then choose the details for the MySQL database. I am using the default name, though I highly recommend to change this to something else. It will make the database retrieval easier later. Choose the free Mercury tier. read more

Creating Site to Site VPN in Azure Resource Manager

This will be a short post, just wanted to have all Powershell code needed to create a connection between a network outside Azure and your ARM resources in one place.

I tried to set this up with my local TMG server, though this did not work as it did with ASM. Check this page for supported configurations.

Even if it does not work for my setup, the code is nice to have in one place.

To create the bits needed:

To test the connection(more):

To remove what was created ( remember to remove all resources in the ARM network beforehand):

Note: With all the changes in resent Azure Powershell modules, there can be some inconsistencies. This was done on 1.0.1. read more

Azure Automation and logs in OMS

In this installment, we will look closer at some aspects of automation especially in the era of Azure Automation. I am a monitor person of hearth, and firmly believe that every piece of software running out there should adhere to the principal “more information the better”. By that, I mean that every piece of running code should as a minimum log what it does logically. By this I mean if you are using New-ADUser cmdlet to create a new user, as a minimum one should log what parameters are used in creating this user. I am also a firm believer of using multiple sources, and one of those sources should be a monitoring solution. For creating a new user, I would typically do this when it comes to logging. For me this is good practice, but your mileage may vary.

So the logic aspect of it, creating the user and the values for the attributes, are logged to an outside source. In this case, both the Automation database and the local computers event log. The eventlog is used so a monitoring system like SCOM (System Center Operations Manager) can pick up the information and make it available through views for administrators to check. Monitoring systems are usually very powerful when it comes to visualization of what is happening in the different logical layers of the infrastructure, so it is good practice to feed these with additional data to give the possibility of drawing a more complete picture of what is happening. Not just for problems, but also to see that there is a matchup of what the business logic dictates, and what the actual code logic does. read more