please clarify on below points:
what should be the endpoint type for Azure search service in traffic manager?
how can we perform a health probe for Azure search service in traffic manager? what if we have enabled RBAC or API Key based authenticaion?
We are using "SearchClient" object from namespace "Azure.Search.Documents", to connect to
search service from code, this object only expects https endpoint. How do we configure
https endpoint, if we are serving traffic through traffic manager?
Related
I'm currently trying to implement openvpn server authenticated with keycloak.
This part is actually working well with user added in keycloak but now I want to authenticate my openvpn user with azure AD.
I made the configuration to be able to authenticate user with keycloak and azure AD has identity provider so this part work well but not I want to conbine both
I would like that my user will be authtenticated with azure AD throw keycloak when they execute OpenVPN client.
I have 1 realm. The account clients work properly with Azure AD and I have a Clients for OpenVPN but How to link both
• As per the described query, you want to authenticate with Azure AD through Keycloak while connecting with OpenVPN client. Thus, accordingly, you will have to configure the VPN client for P2S OpenVPN protocol connection in Azure AD first. For that purpose, kindly follow the below documentation link which describes the steps to be followed for registering and configuring ‘Azure VPN’ as an application in Azure AD and further configuring the VPN configuration settings on it as well: -
https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-point-to-site-azure-ad
• Once, the above-mentioned steps are done as stated, then you will have to register an application as a client service principal in your Azure AD, create a client secret for it and register the same in keycloak administration console as mentioned in the below link. This will ensure that your keycloak integration with Azure AD is complete and working fine as well as the authentication for your Azure AD users through keycloak is possible over OpenVPN client such as Azure VPN client.
https://blog.hcltechsw.com/versionvault/how-to-configure-microsoft-azure-active-directory-as-keycloak-identity-provider-to-enable-single-sign-on-for-hcl-compass/
The above document states for ‘HCL Compass’ as the target application to be connected via keycloak via Azure AD identity but you can configure the same as per your own SaaS application to be integrated.
I have an app engine standard (2nd gen) service in europe-west1. I also have a GKE service behind a load balancer in us-central1. To hit the load balancer I setup a VPC connector in europe-west1 and updated the app engine service's app.yaml with the necessary VPC connector config however the service cannot hit the load balancer. Request's fail with a timeout error.
Is there a zone/region limitation with serverless VPC connectors? I am able to successfully hit the load balancer from a serverless function in the same region with another VPC connector in that same region.
The question has more to do with outbound traffic from the VPC connector and not inbound traffic to the connector from the serverless service. The answer incorporates comments in the question.
The VPC connector firewall doesn't appear to restrict outbound traffic to the region the connector is in so the issue may be with the load balancer's firewall restricting inbound traffic to the region it's in.
What was confusing is even though the VPC connector and app engine service are in the same region the request to the connector fails with a timeout, indicating that the connector couldn't be hit. That interpretation is likely wrong and rather the connector was hit but timed out forwarding the request to the load balancer because of the load balancer's firewall restriction
I'm almost giving up here - how do I connect a Logic App to a Service Bus WCF Relay running on-prem?
Following an (incomplete) tutorial on MSDN/MS Docs, I've successfully create a host and client app that communicate with each other via an Azure WCF Relay. Now, I want a Logic App to communicate with the host on my dev box.
How do I do this?
Here is how to connect to on-prem data sources:
If the services are accessible over the internet then you call service endpoint over HTTP or HTTPS from azure logic apps. This article will help you with details steps to be followed: https://learn.microsoft.com/en-us/azure/connectors/connectors-native-http
If it is not accessible over the internet then this article will help with step by step process: https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-gateway-connection
Before you can access data sources on premises from your logic apps, you need to create an Azure resource after you install the on-premises data gateway on a local computer. Your logic apps then use this Azure gateway resource in the triggers and actions provided by the on-premises connectors that are available for Azure Logic Apps.
Also check this
I would like to know if it's possible to use Active Directory integrated security within Azure Webapp Standard version to access Azure VM SQL Server.
We have an Azure VM with SQL Server installed and joined into an Azure Directory Domain Services. The VM/SQLServer is being restricted to be accessed only within the VNet, so this VM has no Public IP.
The Webapp is connected via VNet Integration to the VNet of the AD DS and VM's.
if someone could explain me if that possible/not possible to implement such a solution and what are the options that I havein AZure to use the integrated security.
Edit: Regarding managed identity in AZure Web App, only certain Azure Resources that can have a Managed Identity assigned, which here the Web App is one of them.
And to be able to access a resource using MI that resource needs to support Azure AD Authentication, this is limited to specific resources:
Source: Services that support managed identities for Azure resources
- Azure Resource Manager
- Azure Key Vault
- Azure Data Lake
- Azure SQL
- Azure Event Hubs and Service Bus
- Azure Storage
The Azure vm SQL Server is not listed as one of the resources that can be accessed through AD managed identity.
if someone could explain me if that possible/not possible to implement such a solution and what are the options that I havein AZure to use the integrated security.
Yes, it's possible. You could configure your App Service app to use Azure Active Directory to access Azure VM sql server.
Work Flow:
The VNet Integration feature is built on top of point-to-site VPN technology. Apps in Azure App Service are hosted in a multi-tenant system, which precludes provisioning an app directly in a VNet. The point-to-site technology limits network access to just the virtual machine hosting the app. Apps are restricted to only send traffic out to the internet, through Hybrid Connections or through VNet Integration.
For more details, you could refer to this article.
When having some on-premises data sources that one wants to access from Azure, is the "best practice" to create a data gateway, or is this becoming an outdated approach? I ask because I notice it relies on the "Gateway Cloud Service" which as I understand it is on its way out.
The actual requirement for me is only to be able to do a query from a functions app to the on-premises sql server. I'm not even sure this is possible through the data gateway.
Any and all feedback appreciated.
Take a look at hybrid connections: https://learn.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections
They are designed for what you want to do:
Basically, a tunnel is created between the SQL endpoint in your on-premise environment and a target endpoint for your Azure Function in the Azure environment. It uses HTTPS traffic, so it is easy on the on-premise firewall. To create the SQL endpoint, you'll need to install an agent called the 'Hybrid Connection Manager', which will act as a proxy between the Azure endpoint and the SQL server.
After the endpoints are established, you can connect to the Azure endpoint with your function, and it will be tunneled to the on-premise SQL (using the HCM).
Bear in mind that this will only work with SQL accounts, not with AD accounts. Also, the Azure Function must be hosted by a dedicated App Service Plan, not the consumption plan (alas).