-
Managed identity
A common challenge for developers is the management of secrets, credentials, certificates, and keys used to secure communication between services. Manual handling of secrets and certificates are a known source of security issues and outages. Managed identities eliminate the need for developers to manage these credentials. Applications can use managed identities to obtain Microsoft Entra…
-
Azure virtual NAT
Virtual Network Address Translation (NAT) is a feature of a VNet that allows outbound internet communication from VMs and other resources connected to the VNet. When you enable NAT, the VNet assigns a public IP address to the VM or resource, which can then communicate with the internet using that IP address. Azure NAT is a feature that enables…
-
hub-spoke network topology
The hub and spoke network topology is an excellent choice for enterprises seeking to strike a balance between isolating workloads and sharing crucial services such as identity and security. This configuration centers around an Azure virtual network, serving as a central point of connectivity – the hub. Surrounding this hub are the spokes, which are virtual networks linked…
-
Virtual network diagram
The following diagram shows the planned implementation of the virtual networks and subnets.
-
Naming conventions
Effective naming includes the most relevant information for the resource type; for example, if we consider a public IP address, we can have the following information: The following example shows the naming convention for a public IP address:
-
Application security groups
Instead of creating NSGs and defining policies on explicit IP Addresses, Application Security Groups or ASGs can help you group virtual machines and define network security policies based on those groups. For example, you can have a group of web servers and a group of database servers and then create rules that allow only the web servers to communicate with the…
-
Microsoft Entra
Microsoft Entra comprises a set of multiple components, including the following:
-
Dubbo + Nacos
Using Apache Dubbo with Nacos as the service registry is a common setup in modern microservice architectures. Nacos provides dynamic service discovery and configuration management, while Dubbo handles the RPC communication between services. The provider registers itself in Nacos, and Nacos regularly checks provider health. When one VM goes down, its instance will automatically be…
-
Application Gateway
Azure Application Gateway is a web traffic (OSI layer 7) load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer (OSI layer 4 – TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port.