Cluster computing

Monday, August 2, 2021

.SYNOPSIS

This script is used to create, update and delete resources using Azure REST methods.

This is helpful to make deployments idempotent which is a requisite for Azure.

param (

[Parameter(Mandatory=$true)][string]$TenantId,

[Parameter(Mandatory=$true)][string]$SubscriptionId,

[string]$ClientId = "1b730954-1685-4b74-9bfd-dac224a7b894", # PowerShell Client Id

[string]$ClientSecret = "",

[string]$Resource = "https://management.core.windows.net/",

[string]$environment = "AzureCloud",

[string]$RequestAccessTokenUri = "https://login.microsoftonline.com/$TenantId/oauth2/token"

)

function getPayload() {

$encoded=[System.Web.HttpUtility]::UrlEncode($ClientSecret)

$payload = "grant_type=client_credentials&client_id=$ClientId&client_secret=$encoded&resource=$Resource"

return $payload

}

function getToken(){

$payload = getPayload

$Token = Invoke-RestMethod -Method Post -Uri $RequestAccessTokenUri -body $payload -ContentType 'application/x-www-form-urlencoded'

Write-Host "Print Token $Token" -ForegroundColor Green

return $Token

}

function getResourceGroups(){

$Token = getToken

# Get Azure Resource Groups

$ResourceGroupApiUri = "https://management.azure.com/subscriptions/$SubscriptionId/resourcegroups?api-version=2017-05-10"

$Headers = @{}

$Headers.Add("Authorization","$($Token.token_type) "+ " " + "$($Token.access_token)")

$ResourceGroups = Invoke-RestMethod -Method Get -Uri $ResourceGroupApiUri -Headers $Headers

Write-Host "Print Resource groups $ResourceGroups" -ForegroundColor Green

Write-Output $ResourceGroups

return $ResourceGroups

}

Write-Host TenantId=$TenantId SubscriptionId=$SubscriptionId ClientId=$ClientId ClientSecret=$ClientSecret

getResourceGroups

<# Sample output

value

-----

{@{id=/subscriptions/<obfuscated>/resourceGroups/cloud-shell-storage-southcentralus; name=cloud-shell-storage-southcentralus; location=southcentralus; properties=}, @{id=/subscriptions/<obfuscated>/resourceGroups/SFQuickstartRG; name=SFQuickstartRG; location=southc...

Sunday, August 1, 2021

Azure Reservation Management:

Introduction: this article is a continuation of a series of articles on Azure services beginning with the signal R that was written earlier than this. In this article, we explore assure resource reservations available for cost management and billing. One of the advantages of using Azure public cloud is that it provides complete visibility into the building and cost aspects of requesting resources from its portfolio of services and the usages are also continuously monitored which helps both plan and predict for future expenses using Microsoft cloud businesses can now trim their inefficiencies an analyze manage and optimize the costs on workload by workload basis this suite of services helps ensure that the organization can take advantages of the benefits provided by the cloud some of the cost management and billing features include conducting administrative tasks such as paying the bill, managing the billing access to costs, downloading the costs and usage data, proactively applying data analysis to cause, setting spending threshold set, identifying opportunities for workload changes and many such others.

A sure cost management and best practice involves a virtuous cycle of visibility accountability and optimization in saving costs this cycle can be better understood when we review the features from the actions that can be taken on the billing account when the billing account is created at the time of signing up to Azure it begins to accumulate invoices payments and cost tracking measurements. There can be more than one billing accounts. Some accounts begin with the pay as you go billing model it can account for resource usage is and allow the option for users to terminate resources when a threshold is exceeded. Other accounts fall under enterprise and customer agreements and they are typically signed business to business or in the latter case when the organization signs up for a customer agreement with Microsoft billing differs from cost management altogether while billing is the process of invoicing customers for goods or services and managing the commercial relationship cost management is an operational practice it identifies costs and usage patterns that can be provided with advanced analytics and reports based on the negotiated prices and factors in reservations it can provide even discounts the reports on internal and external costs based on usages and marketplace charges can be collectively presented via cost management features these reports help understand the drilldown on spending as well as the breakouts under different categories some predictive analytics are also available which help identify the resources that cost more than others. One such feature is a reservation and as your resource reservation helps save money by committing to a one year or three year plan for multiple products this commitment gets some discount on the resources despite their usage it can significantly reduce resource costs and in some cases up to 72% of paid pay as you go prices when they play discount they don't alter the runtime state of the resources so it's merely a policy the total cost of upfront and monthly reservations is the same and we don't pay any extra fee when we choose to go monthly there are some advantages to buying preservations such as an immediate reservation discount not being charged for resources on a continuous basis and tolerating fluctuations. certain attributes for reservations determine the resource to be purchased choices between SKUs and regions wherever applicable and scope can change the instance being reserved determining what to purchase is one of the key decisions in cost management and any such decision can be applied on an hourly basis well it's easy to buy reservations online via the Azure portal the same can be done via API's PowerShell is decays and command line interfaces the billing for a reservation proceeds from a subscription but the reservation can even be applied two different subscription. Reservation can also be split into two reservations if the assured result virtual machine instance is purchased then a reservation discount can be applied to that resource. at the time of purchase there are two objects created a reservation order and reservation actions such as split merge partial refund or exchange created new reservations are included under the reservation order it can be viewed by selecting the reservations and navigating to the order ID. The reservation scope determines the set of resources to which the reservation applies the billing contest is dependent on the subscription used to buy the reservation if the reservation scope is changed from shared to single then only the owner can select this some of their subscriptions for the reservation scope, but enterprise agreement and Microsoft customer agreement billing contributors can manage hold reservations for their organizations. there are two ways to go about sharing this privilege first access management can be delete-delegated for an individual reservation order by assigning the owner role to the individual at the resource scope of the reservation order the other way is to use a user as a billing administrator to an agreement backed reservation. all users go to the shore portal to manage their costs from the cost management and billing section of the portal. There are some extended features available for self-service exchanges and refunds for Azure reservations, but the reservations must be similar for their users to take advantage of these features exchanges can work both ways from downsizing to upscaling also service features are available from the portal.

Saturday, July 31, 2021

Introduction: This is a continuation of a series of articles on Azure services starting with the SignalR service mentioned here. The Azure analysis service is next in the portfolio of Azure cloud services we started to review. This is a fully managed platform-as-a-service that provides enterprise-grade data models in the cloud. It uses advanced mashup and modeling features to combine data from multiple data sources, define metrics, and secure the data in a single trusted tabular semantic data model. The data model provides an easier and faster way for users to perform ad-hoc data analysis using tools like PowerBI and Excel.

Azure analysis service is different from other services in that, it provides a one-stop-shop for all tabular data models across hybrid data sources and even at higher compatibility levels than others. Tabular models are key concepts of relational modeling and are articulated by definitions in tabular model scripting language as well as tabular object models. With the help of tables we can define partitions views row-level security bidirectional relationships and translations. Since the data can be accumulated across cloud and on-premises data sources, it provides a consistent and enterprise-grade semantic data model which can be used with power tools like power BI and excel.

Performance of analysis services is well known by virtue of its support for partitioning enables loads to be increased incrementally, queries to be run parallelly and, memory to be consumed in an efficient manner. There are also advanced data modeling features like calculated tables and all DAX functions. Regardless of the size of the data that is transferred to the server, the analysis service supports in-memory models that can be refreshed with cache data or data directly from the sources. It offers support for recognizing Azure logged-in users and service principals so that querying and analysis can be run under their security context which enables all the auditing benefits. Background operations and unattended refresh can be automated, it offers a variety of languages to integrate with its SDK, REST APIs, and PowerShell cmdLets. In comparison to a standalone SQL Server analysis service, this cloud service offers unprecedented virtualization of both relational databases as well as warehouses, which makes querying and analysis quite easy.

The service is hosted on a single server, and it can scale to several servers with simple deployment techniques that are common to many Azure services where the infrastructure can be provisioned declaratively using ARM resource templates. The Azure analysis service is supported in regions throughout the world with varying types of SKUs and pricing options. With the help of replicas, this Azure service can scale-out queries in a distributed manner and still maintain relatively low latency in query responses. It does this by creating a query pool with up to seven additional query replicas and these replicas would be assigned to the same region, it is quite possible to dramatically increase performance with premium and higher sizes of the deployments.

The analysis service stands out by itself among its peers of analysis services and pipelines produced from a combination of heterogeneous products by being a native cloud service. It conforms to the strict and stringent demands from the cloud computing provider and thus meets industry standards and government compliance requirements in terms of privacy, security, and data protection.

Friday, July 30, 2021

Introduction: This article is a continuation of the previous articles on Azure services. In this article we talk about content delivery network on Azure. This is a distributed network of servers that deliver web content to users typically resources for the web pages such as JavaScript, Stylesheet and HTML that are downloaded from content delivery network. CDNs that are closest to the application or clients are used so that there is little or no latency. Azure CDN can also accelerate dynamic content which cannot be cached, by leveraging networking optimizations such as the Point-of-Presence (POP) location and the route optimization via border gateway protocol benefits of using Azure CDN include better performance, large scaling and distribution of user requests.

The design of Azure CDN is very similar to that of object storage. Both perform geo-replication and automatic synchronization between virtual datacenters which is a term used to denote shared-nothing collection of servers or clusters. Both leverage some form of synchronization with the help of say, message-based consensus protocol. Azure storage is also a service that provides BLOB storage, but the CDN is hosted as its own service and comes with its arm resource that can be used to provision one or more CDNs. As with all Azure services the CDN service also provisions an Azure resource backed by an Azure resource manager template. When the resource is provisioned, it can be used to download content from the network. ARM templates are infrastructure-as-a-code and policy-as-a-code so they can be used for achieving a desired state of the infrastructure and for orchestration.

Azure CDN is used for a variety of purposes suggest the following:

1) delivering static resources for client applications as described earlier for websites

2) delivering public static and shared content to devices

3) serving entire websites that consist only of public static content

4) streaming video files to clients on demand

5) enabling faster access to public resources from Azure CDN POP locations

6) Improving the experience for users who are further away from data centers

7) supporting the Internet of Things by scaling to a huge number of devices that can access content

8) handling traffic surges without requiring the application to scale

Some of the challenges involved when planning CDN involve deployment considerations about where to deploy CDN and a few others. For example, these include versioning and cache control of the content testing of the resources independent of the publications search engine optimizations and content security in addition CDN service must provide disaster recovery and backup options so that the data is not lost and is highly available system engineering design looks down upon CDN because of the costs involved if it is easier to scale the servers without requiring the planning of content delivery network which saves costs because the resources are co-located and there are easier options to scale. The customer would integrate the publication of their content which can be done with the help of the CDN

Thursday, July 29, 2021

Introduction: This article is a continuation of a series of articles on Azure services starting with the signal R service we described earlier. The Azure communication service is a cloud-based service that allows communication into your application communication in the form of voice and video calling rich text chat and SMS. The applications are relieved from knowing the media encodings and real-time networking requirements of using these communication technologies in a do-it-yourself approach and are instead onboarded to a welcoming SDK. Custom client endpoints, services, and even publicly switched telephone networks can be connected to this communications application. Even phone numbers can be acquired directly. Services can make use of Session Initiation Protocol (SIP) and session border controllers which connect PSTN carriers

Applications that make use of the Azure communication services client libraries leverage one of the following two common scenarios: 1) business to consumer scenario and the 2) consumer to consumer scenario. The B2C scenario is focused on voice, video, and text chat available from a custom browser or mobile application for individuals’ interaction with a business. It operates with a voice response system as well as integration with Microsoft Teams which is a communication and collaboration tool that facilitates employees of an organization to communicate with one another. The consumer-to-consumer scenario is built on engaging social spaces with voice video and rich text chat. As with all Azure services, the communication services also provision an Azure resource declared via an Azure resource manager template. When the resource is provisioned, it can be used to get a phone number or to send an SMS from the application. The first user access token allows the clients to authenticate. Afterward, it's just renewed. The use of an arm resource template helps with the standardization of this resource in the Azure service portfolio. Like other services, it provides connection strings and a resource object to manage and use. The resource group name and the subscription are required for this resource to be provisioned settings may vary but they can be specified as parameters to the template. Cleanup is as easy as removing the resource group to which the resource belongs and for the removal of all dependencies.

When the application is used to get a phone number the provisioned resource allows the selection of a number type and the capabilities associated with the number and the geographies and toll-free are two types of numbers. A toll-free number helps with the outbound calling and inbound and outbound SMS features and is slightly more expensive than the geographies number type. Phone numbers can be customized and even purchased. Registration of phone number, its lookup, and reverse lookup could be tried via the Azure portal.

The application can also send SMS messages. A simple object model can be used to represent the resource in the CSharp language, and the SMS client can be instantiated with the help of a connection string and authenticated with the server, then it is a matter of justice calling the send method on the SMS client to send a direct message. It is also possible to broadcast a message by including multiple phone numbers as a parameter to the send method.

Integration with other applications such as Microsoft Teams makes this service uniquely appealing for collaboration and communication scenarios. For example, this application can be joined to a team meeting with a UI control that declares a text box on a form to take the team's meeting link. With a click of a button, the application can connect to the team's meeting. JavaScript callbacks can be registered for events such as isRecordingActive, changed state, and others. The benefits of voice, video, and rich text chat cannot be overemphasized in gaining user attention.

Wednesday, July 28, 2021

The following section details some of the benefits of the ARM resource which includes

1) repeatable results: The templates define the desired state, so the invocations are idempotent and deterministic. Entire Azure infrastructures can be described by ARM templates.

2) orchestration: Operations can be ordered and resources can be deployed in parallel. The deployment can occur with one-touch rather than a sequence of imperative commands.

3) Modular files: These break the template into smaller reusable components so that the costs are driven down in favor of composition and reusability.

4) Extensibility: The deployment script is an extension of the templates so a variety of automation can be introduced into the workflow.

5) Testing: The ARM test tool kit can validate the templates with the execution of a PowerShell script. This reduces error and saves time.

6) Tracked deployments: The history of the deployment as well as the parameter passing can be reviewed. This makes it easy to troubleshoot.

7) Governance: A policy as a code framework allows enforcement of policies and provides remediations for non-compliant resources. The templates support this.

8) Export: Templates can be exported allowing the same resource to be provisioned in different regions or even cloud types.

9) Integration with pipelines: CI/CD can be supported by the integration of pipelines that facilitate application and infrastructure updates.

Tuesday, July 27, 2021

When the product is a foundational service, a term used to refer to a service hosted in the base of a public cloud provider, the concerns for claim provisioning, token service, managed service identities, secrets management and security configuration dashboards must be addressed in modules dedicated to this layer. Any service that sits on top of the foundational service has the luxury of utilizing the cloud provider published resource manager templates and can use them interchangeably for different technologies representing these functionalities of an IAM. The choice of technologies used in the foundational layer become rather restricted and almost a Do-it-yourself approach. The services built in the cloud, on the other hand, experience rich functionalities and interchangeable with those from competing vendors. The costs of DIY approach are known to be high, but the flexibility and resource efficiency are undeniable. We review some of the essential functions that these technologies must implements and the support for their automations.

With an identity claim model, an application or web service is no longer responsible for the following: 1) authenticating users 2) storing user accounts and passwords, 3) calling membership providers like enterprise directories to lookup user information 4) integrating with identity systems from other organizations and 5) providing implementations for several protocols to be compliant with industry standards and business practice. All the identity related decisions are based on claims supplied by the user. An identity is a set of attributes that describe a principal. A claim is a piece of identity information. The more slices of information an application receives, the more complete the pie representing the individual. Instead of the application looking up the identity, it merely serializes them to the external system. A security token is a serialized set of claims that is digitally signed by the issuing authority. It gives the assurance that the user dd not make up the claim. An application might receive the claim via the security header of the SOAP envelope of the service. A browser-based web application arrives through an HTTP POST from the user’s browser which may later be cached in a cookie if a session is enabled. The manner might vary depending on the clients and the medium, but the claim can be generalized with a token. Open standards including some well-known frameworks are great at creating and reading security tokens. A security token service is the plumbing that builds, signs and issues security tokens. It might implement several protocols for creating and reading security tokens but that is hidden from the application.

The relying parties are the claim-aware applications and the claims-based applications. These can also be web applications and services, but they are usually different from the issuing authorities. When it gets a token, the relying parties extract claims from the tokens to perform specific identity related tasks

A claim is a combination of a claim type, right, and a value. A claim set is a set of claims issued by an issuing authority. A claim can be a DNS, email, hash, name, RSA, sid, SPN, system, thumbprint, Uri, and X500DistinguishedName type. An evaluation context is a context in which an authorization policy is evaluated. It contains properties and claim sets and once the evaluation is complete, it results in an authorization context once authorization policies are evaluated. An authorization policy is a set of rules for mapping a set of input claims to a set of output claims and when evaluated, the resulting authorization context has a set of claims sets and zero or more properties. An identity claim in an authorization context makes a statement about the identity of the entity. A group of authorization policies can be compared to a machine that makes keys. When the