I need to put together a logic app. The trigger in that if/when a new file comes to a blob storage the new file will be moved to a new location say 'XYZ'.
The way the file will move to new location XYZ is, the logic app in actions will connect to virtual machine which will run azcopy tool and pick file from the blob storage and put it in the new location XYZ
And I am new to logic apps connecting to Virtual machines and somehow trigger azcopy command within a virtual machine when the logic app runs.
Blob storage, virtual machine and logic apps are all in the same resource group, same subscription.
Would really appreciate some pointers.
I heard that I need to create a ISE in order for the logic app to work with virtual machine but I am not sure if I really need this. This is the article that I saw.
https://learn.microsoft.com/en-us/azure/logic-apps/connect-virtual-network-vnet-isolated-environment
Is that the only way?
2) How would I run AZCopy command within a virtual machine from logic app?
Thanks so much for your help.
In theory, the Logic App can connect to Azure VM with the public IP or FQDN assigned to the VM over the Internet. If you only intend to connect from a VNet, you need ISE for the logic APP.
As far as I know, It's not easy to run scripts within the Azure VM from Azure logic App, you may invoke the API with an HTTP connector from the logic App, refer to this answer for more details.
Finally, If you just want to move the blob files in the Azure storage account, it would be easier if using the Azure function with a blob storage trigger. You could search the similarities like this.
Related
Our AppEngine app is connecting to a remote service which requires a VPN and also required me to add entries to the hosts file on my local machine in order to connect to their endpoints.
e.g.
10.200.30.150 foo.bar.com
This is working fine when running the app locally, but I can't figure out how to set this up on Google Cloud to work once deployed.
I can't use the IP addresses directly because it errors that the IP is not on the cert's list.
How do I map the host names to the IPs in Google Cloud so that AppEngine can use them?
From the error mentioned in the comment I suspect connecting directly through the IP fails because the certificate doesn't recognize the IP to DNS mapping as valid and therefore the secure connection setup breaks. Based on the requirements of connecting to the API by VPN and tweaking the hosts mapping there are few things you may try.
The simplest approach that may work would be using a Google Compute Engine VM instance, since there you would able to manipulate the etc/hosts file and replicate the local machine setup. This VM could be used either as the main app service or as a proxy from App Engine to the 3rd party API endpoint. To go that route I would suggest taking a look at these two posts which explain how to change the etc/hosts file on GCE (Changing the file once wouldn't work as the VM periodically overrides it, see the posts for cronjob like workaround).
Separately, as your app runs in App Engine flexible environment there is the chance to provide a docker container with the app packaged. It may be possible to set the workaround above in the docker file and have it working in App Engine too.
I have already
1. Searched on google
2. Here on stackoverflow
3. Some recommendations for me on my posts, that not to use direct connections free text statements from App to SQL Server, rather than to use mostly recommended REST API services.
Overview
I find SQL Server connection very smooth in Xamarin Forms development. My major projects are web based asp.net c# and desktop based vb.net which use same Hosted MS SQL Server 2012 Express (Virtual Private Server and not shared server) Database.
In Desktop we have option such encrypting the app.Config file where we can store the database connection secure credentials.
In Web-based we have web.config file where we say its secured way to put credentials there.
(If wrong please correct me)
Frankly I tried at initial stage REST API Services including Microsoft Azure but it looks very complex or some or other limitations for me in approach or pay strucure. (Or say may be I totally am now flexible in c# regular statements).
As I am having own Hosting Server I don't want to choose again any other.
Finally to my query
Now I store in Xamarin Forms Class folder in .cs all secure credentials.
/------------------------------------------
//Connection String
//------------------------------------------
public static string appNutri_connection_string = #"data source=<IP ADDRESS>;initial catalog=<Database_Name>;user id=<user_name>;password=<pass_word>;Connect Timeout=600"
And I use this appNutri_connection_string throughout project for connections.
Also when we compile the Package we are opted first to enter password before distribution.
Not only that before we upload it on Google Play, it rechecks Hash Key credentials respective package name, then only it publish the apk.
So please let me know how is not safe for APK to store credentials in .cs file. Secondly , most important is there any other solution to encrypt the credentials file? So that I do not need to break my so smooth trend going on all platforms.
This is a very crucial stage for me to go further as still I am in very initial stage of product live implementation. So do not want to go further with any loop holes or wrong perception. Data (Client's especially) Security and Privacy is my major Task. Cannot compromise on that anytime. So please suggest me best way to achieve this task.
(Once again may be a possible duplicate question but frankly I did not found a detailed explanation or information nor here nor on any google search)
As you are in very initial stage of your product lifetime, PLEASE CHANGE YOUR ARCHITECTURE!
Never, nerver connect directly to a sensitive database from outside - put at least a front-end layer (eg. API) between public clients and your database.
We have an Azure function with html UI right inside the function. The Azure function app has VNET access to servers inside our firewall. Possible to build an Azure Function that authenticates into the server/file share and allows a browser user to download a secure network file?
If so, Possible without creating new files?
If your Azure Function is configured to be on a VNET that gets you the network access you need to the servers behind your firewall then it's possible, but the question is what protocol are you expecting to use to access those files? Azure Functions run inside the App Service "Sandbox" which has restricted outbound network port access which would prevent the standard file sharing protocols from working. If you exposed the on-prem files over HTTP in some way, then you'd be in business.
One dirt simple way might be to mount the file share as an IIS virtual directory. You do still have to consider security though. You won't be able to use Windows Authentication, but you could change the IIS virtual directory to use something like Basic Authentication and then your function would be configured with the necessary credentials to access it. Then you get into transport level security and realize you'll want to use HTTPS which implies setting up some certificates as well.
Another solution would actually be to look into using Azure Files to actually synchronize the on-prem files into the cloud as a completely separate integration and then systems like your functions app here actually only worry about accessing the files via Azure Files and don't even have to necessarily be bound to the VNET at all at that point.
I'm not sure what you mean by "possible without creating new files" though. Can you elaborate on your scenario a little more? You would probably need other functions in your app to perform the individual responsibilities of file transfers (e.g. handle POSTs, GETs, etc) if that's what you mean.
Q1: Where do you think is the right place to put a SQLite database file (database.sqlite) in Azure Web App file system? For example:
D:\home\data\database.sqlite
D:\home\site\database.sqlite
D:\home\site\wwwroot\database.sqlite
other?
Q2: What else should be taken into consideration in order to make sure that the database file won't be accessible to public users as well as not being accidentally overwritten during deployments or when the app is scaled up/down? (The Web App is configured for deployments from a Local Git Repository)
Q3: Where to learn more about the file system used in Azure App Service, the official source URL? E.g. how it's shared between multiple VMs within a single Web App, how does it work when the App is scaled up/down, what's the difference between D:\home (persistent) vs D:\local (non-persistent)...
Note that SQLite does not work in Azure Blob Storage, so that one is not an option. Please, don't suggest alternative storage solutions, this question is specifically about SQLite.
References
Appropriate Uses For SQLite
In a Web App, your app is deployed to d:\home\site\wwwroot. This is the area where you may write files. As an example, the ghost deployment writes its SQLite database to d:\home\site\wwwroot\content\data\ghost.db. (easy to see this, if you open up the kudu console via yourapp.scm.azurewebsites.net):
This file area is shared amongst your web app instances. Similar to an SMB file share, but specific to web apps (and different than Azure's File Service).
The content under wwwroot is durable, unless you delete your app service. Scaling up/down impacts the amount of space available. (I have no idea what happens if you scale down and the smaller size has less disk space than what you're consuming already).
I would say the best location would be app_data folder in the site/wwwroot folder. Create the folder if it doesn't exist.
Web Apps can connect to storage accounts so you can in fact use blob storage and connect that to your web app. So in terms of learning more about it then you need to be looking at the appropriate page of documentation.
In your Web App settings you can then select which storage account to use. You can find this under Settings > Data Connections where you can select Storage from the drop down box.
Is it possible to create a google app engine program that would route http requests to a server on a local network?
What would be the best way to build a program like this?
I am trying to get away from buying a server from a hosting provider and simply use a local network server instead, and use google apps as a sort of proxy. The firewall would be configured to allow access to the server from the google app engine servers only.
If this has been done before in an open source project that would be excellent, but I have not been able to find one.
If all you want is a domain name that points to your dynamic IP address, you could give Dynamic DNS a try. It's designed for your use case, and you won't need to write any code; you just need either a router that supports it or a server with cron. There are lots of providers, but I've had good experiences with Dyn DNS, specifically their Remote Access plan.