Introduction: This is a continuation of the previous article on Firewalls, Network Virtual Appliances on Microsoft Azure public cloud. There are many choices to make for the appropriate use and security of the services and applications hosted on this public cloud especially given that a variety of devices can be onboarded as products from networking companies. This article continues the discussion with an emphasis on the Azure TrafficManager.
Description: Endpoints, virtual networks, ip addresses and ports are some of the key assets on which allow/disallow decisions need to be made. The endpoints are best served by the traffic manager because it has a variety of methods to choose from. These methods determine whether a particular endpoint can be allowed or not for the incoming traffic. In certain cases, these can even be diverted which is demonstrated by the program below.
Sample Program to divert traffic:
using Microsoft.Azure.Management.AppService.Fluent;
using Microsoft.Azure.Management.Fluent;
using Microsoft.Azure.Management.ResourceManager.Fluent;
using Microsoft.Azure.Management.ResourceManager.Fluent.Core;
using Microsoft.Azure.Management.ResourceManager.Fluent.Core.ResourceActions;
using Microsoft.Azure.Management.TrafficManager.Fluent;
using Microsoft.Azure.Management.TrafficManager.Fluent.TrafficManagerProfile.Definition;
using Microsoft.Rest.Azure;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
namespace TrafficManagerZoneDownSimulator
{
class Program
{
static void Main(string[] args)
{
var credentials = SdkContext.AzureCredentialsFactory.FromFile(Environment.GetEnvironmentVariable("AZURE_AUTH_LOCATION"));
var azure = Azure
.Configure()
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.Authenticate(credentials)
.WithDefaultSubscription();
//============================================================
// Creates a traffic manager profile
string tmName = SdkContext.RandomResourceName("jsdktm-", 20);
string rgName = "ravirajamani-test-rg";
string privateEndpointResourceId1 = "ravirajamani-private-ep-test-1";
string privateEndpointResourceId2 = "ravirajamani-private-ep-test-2";
List<string> privateEps = new List<string>() { privateEndpointResourceId1, privateEndpointResourceId2 };
Console.WriteLine("Creating a traffic manager profile " + tmName + " for the web apps...");
IWithEndpoint tmDefinition = azure.TrafficManagerProfiles
.Define(tmName)
.WithExistingResourceGroup(rgName)
.WithLeafDomainLabel(tmName)
.WithPriorityBasedRouting();
ICreatable<ITrafficManagerProfile> tmCreatable = null;
int priority = 1;
foreach (var ep in privateEps) {
tmCreatable = tmDefinition.DefineAzureTargetEndpoint(ep)
.ToResourceId(ep)
.WithRoutingPriority(priority)
.Attach();
priority++;
}
var trafficManagerProfile = tmCreatable.Create();
Console.WriteLine("Created traffic manager " + trafficManagerProfile.Name);
Console.WriteLine(trafficManagerProfile);
//============================================================
// Prioritizes endpoints
Console.WriteLine("Enabling endpoint...");
trafficManagerProfile = trafficManagerProfile.Update()
.UpdateAzureTargetEndpoint(privateEndpointResourceId1)
.WithTrafficDisabled()
.Parent().Apply();
trafficManagerProfile = trafficManagerProfile.Update()
.UpdateAzureTargetEndpoint(privateEndpointResourceId2)
.WithTrafficEnabled()
.Parent()
.Apply();
//============================================================
// reloads the policy
trafficManagerProfile.Update()
.WithProfileStatusDisabled()
.Apply();
trafficManagerProfile.Update()
.WithProfileStatusEnabled()
.Apply();
// finally
azure.TrafficManagerProfiles.DeleteById(trafficManagerProfile.Id);
}
}
}
x
No comments:
Post a Comment