Azure Security – Security methods overview

There are many ways to make your cloud system more secure, here is a little overview of the most common and useful techniques to achieve safe cloud infrastrucutre

Account Shared Access Signature

The account -SAS is a Signature, that enables the client to access resources in one or more of the storage services. Everything you can do with service SAS you can do with account SAS as well. So basically the account SAS is used for delegating access to a group of services

Service Shared Access Signature

The Service SAS is a Signature which is used to delegate access to exactly one resource.

Stored Access Policy

A stored acess policy gives you more fine tunes control over service SAS on the server side. The stored acess policy (SAP) can be used to group shared access signatures and to provide additional restrictions for signatures that are bound by that policy. You can use SAP on Blob containesr, File Shares, Qoues, and Tables.

Role Based Access controll (RBAC)

RBAC lets you distribute resource access much more fine-grained than with the other methods.

Things I wish I knew, before working with Azure- Everything you should know about, before starting with Microsoft Azure!

  • What are resource groups in Azure?
    • What is a resource?
      • Any manageable item that you can rent through Azure is considered a resource. For example, virtual machines, storage accounts, web apps, databases functions and more, basically anything you create and manage in Azure
    • What is a resource provider?
      • Resource providers are the services, that supplies Azure with resources on demand. For example, Microsoft.Compute provides virtual machines. Microsoft.Storage is providing storage as the name implies. The provider gives access to operations on the resources he is providing.
    • What is a resource manager template?
      • The resource manager template defines which resources to deploy to a resource group. With templates, you can define how resources will be made available consistently and also how and which resources to release, when the system is in a critical predefined state.
    • What is a resource group?
      • Resource Groups describe a collection of all building blocks you have defined for your app. If you want to share data between apps or functions, it makes often sense to put them in the same groups, as it also makes exchanging data between them easier.
    • What does deploying a web app mean in azure context?
      • When we deploy a web app in Azure, all we do is just tell Microsoft to rent out a few computer parts for us to run our server! We can define our web app locally and then just upload it to the cloud servers, which will serve our content worldwide!
  • What are the Azure functions
    • Serverless functions in Azure can be defined very simply and connected to any app with minimal effort! The code for the function is stored on azures servers and only invoked when it is triggered by one of the many trigger mechanism. They consist of a trigger, input bindings and output binding which we will explain in detail later on
  • What are Azure Logic apps
    • Logic apps enable you to automate and orchestrate tasks. They are one of the main tools to automate processes and save you precious time! Logic apps even let you combine and concatenate multiple different apps into one! Connect everything with everyone is the motto of this set of features.
  • What is a storage account and why do I need one in Azure?
    • A storage account is a reference to all the data object stored for your account like blobs, files, ques, tables, disks and so on.
  • Redis Cache
    • Instead of renting the normal data storage or the distributed Hadoop storage, you can also rent super fast Redis Cache, which is basically just RAM and highly cachable data storage. Depending on your use case, this can be very valuable for time and efficiency critical operations
  • Power Shell / Bash Shell
    • Microsoft provides a great CLI interface to manage your cloud infrastructure
  • What are the containers?
    • A container is basically a virtualized software. Instead of having to care about the hardware and the operating system, you just ask for a container and in that one, your software project will run. The great thing about containers is, that they are hardware and OS independent, so you can just share your app container with someone and they can run your app with any issues, saving a huge amount of time when deploying software! Using such a container-based design yields more efficient architectures. Containers also let your team work faster, deploy more efficiently and operate at a much larger scale. Using a container also mean, you do not have to set up a whole VM, it is just everything you need to contain the app! This means containers are much more lightweight than VM’s This basically means, your software is decoupled from the hardware and OS, which leaves many developers with much less headache! It also makes for a clean split between infrastructure management and software logic management
  • What are Azure function triggers?
    • Since functions in Azure are serverless, we need to define a trigger, which tells Azure when to call our function. There are many possible triggers we could use, the most common ones get triggered by any changes to the Cosmos DB, the blob storage, the queue storage, and the timer.
  • What are Azure function bindings?
    • Azure function bindings basically define the input and output arguments of any function in Azure.
  • What does serverless mean? Serverless function?
    • In the context of Azure, the are serverless functions and serverless logic apps. But they still run on a server, so how are they related to serverless? The real meaning behind serverless is, that developers do not worry about the servers, it all happens automagically in the backend implemented by Microsofts engineers
  • BONUS : What is the difference between a VM and a container?
    • You can imagien the VM as virtualizing the hardware and a container is virtualizing the software

Things I wish I knew about Azure functions , before working with Azure

Every function in Azure consists of a trigger, input and output bindings and the code defining the function of course!

What are Triggers?

Triggers are mechanisms that trigger the execution of your function. You can setup triggers for a HTTP request, a database update or almost anything.

What are bindings?

The bindings define which resources our function will have access to. It will be provided as a parameter to the function

How to configure bindings and triggers?

Every function is accompanied with a function.json, whcih defines the bindings, the directions and triggers. For compiled languages, so any non scripting language, we do not have to create the function.json file ourselves, since it can be automatically generated from the function code. But for scirpting languages, we must define the function.json ourselves.

What are Durable Functions?

Durable Functions extends Azures classical functions with functions that can have a state AND are still in a serverless enviroment! Durable Functions are also nessecary, if you want to create an Orchestrator Function. The Durable Functions made up of different classical Azure Functions.

What are some Durable Function patterns?

Often, one common pattern for the Durable function is that you chain together a bunch of normal functions and their output it piped to the next function, this together. There are also Fan-out/fan-in patterns, which runs a bunch of functions in parallel and waits for all of then to finish, to return the final result. Then there is Async HTTP Api calls and liek the name implies, it enables us to make API calls that are not synchronous. Also, there is one pattern to program a human in the loob, called human interaction . You can check for more patterns the offical docs here