Windows Azure - Web Role and Virtual Machines Securely Communicating - sql-server

I am attempting to deploy an app to Windows Azure and I am having some trouble figuring out how I can achieve my optimal configuration because of lack of documentation and newness of the Azure infrastructure. I need to have two virtual machines configured (One Linux box and one Windows Server with SQL Server) to communicate with one Web Role Instance. The Web Role should have the only end point accessible from the outside world. It should be able to communicate with SQL Server and the Linux machine (these machines don’t need to communicate with each other). I can achieve this if I open up endpoints on the VM (for example Port 1433 on the Windows machine and the same port in the VM’s firewall), however I am concerned about the security risk of doing this and would rather have the Web Role communicate directly with my virtual machine WITHOUT opening up an endpoint (using the Azure Portal). I have read some examples that refer to deploying the items as a cloud service, but none include a Web Role AND a CUSTOMIZED Virtual Machine. I have seen references made to using a Virtual Network, but no examples. I have looked everywhere for a solution to no success. This seems like a common scenario, so I don’t think it should be this difficult. Am I missing something?

Well you have 2 options here: use Windows Azure Connect or use Virtual Networks. Since you're really trying to make a network of different machines I would suggest to use a Virtual Network (I think this is the most flexible option). And connecting your Virtual Machines to your Cloud Services is pretty easy:
Create a Virtual Network as described here: Create a Virtual Network in Windows Azure
Add your Virtual Machines to that network as described here: Add a Virtual Machine to a Virtual Network
Modify the ServiceConfiguration.cscfg of your cloud service to connect to your Virtual Network. The schema is available on MSDN or you can follow the blog post on Michael Washam's blog.

I marked the answer above as correct, because it does provide the answer especially if you are only creating a virtual network with MS products. What they fail to point out in the majority of their documentation, is that VN functionality is limited for Linux machines while VMs and VNs are in their current preview. However, this does not mean you can't add a Linux VM to a VN. After searching for sometime and piecing information together, Linux machines can be added to an existing VN rather simply by using PowerShell and cmdlets. The following generic script can be run from a PowerShell ISE with your own information in order to create and add a Linux VM in your VN.
$vm = New-AzureVMConfig -Name $vmname -InstanceSize ExtraSmall -ImageName $img |
Add-AzureProvisioningConfig -Linux –LinuxUser $user -Password $pass |
Set-AzureSubnet -SubnetNames $subnet
New-AzureVM -ServiceName $cloudSvcName -AffinityGroup $affinitygroup -VNetName $vnetname -VMs $vm
Hope this helps someone from pulling their hair out.

Related

Change the 10.20.20.1 network to my VMware network

I installed MicroStack in Ubuntu for the virtual machine. My instance floating IP is 10.20.20.238. I want to access my instance from Windows cmd,only can ping 172.21.10.13, but can't ping 10.20.20.238,so I want to change the 10.20.20.1 network to my own network. What should I do?enter image description here
Stackoverflow is about code development, not IT management. serverfault.com would be a more appropriate forum, or perhaps superuser.com.
microstack "fakes" the external network. It's not really external, but only exists on br-ex, the external bridge. It doesn't look like you can create a microstack cloud with a different external network CIDR, but you can try adding a subnet to the external network, inserting ens33 in br-ex and adding IP address 172.21.10.13 to br-ex . I have not tried this.
However, if your only requirement is to access the instance from the PC, you can create a tunnel or add a route. What makes sense in your case depends on the virtual machine hypervisor you are using (yours seems to be VMware - I can't comment on that) and the operating system on which this hypervisor runs.

What is the difference between NRDP vs NCPA

I am very familiar of using Nagios with NRDP, NRDP I use for remote server traps handling! but am unable to understand what is NCPA can any one explain me? for what this NCPA is required in actual?
I have seen in below Nagios user agent comparison link that NCPA is the best among the other agents like NRDS,NSClient,NRPE.
Iam unable to understand what is NCPA from below mentioned official definition.
NRDP
Nagios Remote Data Processor (NDRP) is a flexible data transport mechanism and processor for Nagios. It is designed with a simple and powerful architecture that allows for it to be easily extended and customized to fit individual users' needs. It uses standard ports protocols (HTTP(S) and XML) and can be implemented as a replacement for NSCA.
NCPA
NCPA is a cross-platform monitoring agent that runs on Windows, Linux/Unix, and Mac OS/X machines. Its features include both active and passive checks, remote management, and a local monitoring interface.
You should compare NCPA with NSClient++, they are both agents that can run on servers and actively or passively execute checks through commands over different protocols, scuh as NRPE, NSCA and NRDP.
Agents: NSClient++, NCPA
Protocols - Active:
NRPE => https://docs.nsclient.org/reference/windows/NSClientServer/
Protocols - Passive:
NSCA => https://docs.nsclient.org/reference/client/NSCAClient/
NRDP => https://docs.nsclient.org/reference/client/NRDPClient/
Fyi, imho NSClient++ is much better then NCPA, as it has amongst other features integrated real-time eventlog monitoring.

Connecting to MSMQ, the "proper" way?

I'm trying to connect to MSMQ and send some messages. Unfortunately, there is "previous art" in the project on how this is done and I'm supposed to mimick it. The way this previous app is connecting is the following:
if (MSMQ in workgroup mode)
{
connect via FormatName;
}
else
{
if (connected to network)
connect via PathName;
else
connect via GUID (as FormatName)
}
Is all this really necessary? Shouldn't a proper FormatName be enough to connect to a queue?
Additionally, the "connected to network" is detected by calling NetGetDCName() which is marked as obsolete in my MSDN, adding to my confusion on why is the app connecting this way.
TL;DR: Is the above logic for connecting: wrong, obsolete or correct? Can I simplify this by simply using FormatName to connect in all cases?
That code is determining whether the domain is available by looking for the domain controller. If the domain is not available then MSMQ is assumed to be working in non-domain - or workgroup - mode.
Domain mode allows the use of public queues and pathname addressing.
Workgroup mode instead uses private queues and formatname addressing (although this is a simplification).
So the code is really determining the mode of message addressing to be used.
There is not enough information about the environment to say if you can just use formatname for all cases.
Cheers
John Breakwell

Find machine name and IP address in OOB SL5 app

How can I obtain the client machine name and IP address when running my Silverlight 5 application out-of-browser (i.e. installed on the local machine and NOT running via the web)?
It looks like there's no way to gather this information using just Silverlight. You'd have to do something like this. The short version is you use an AutomationFactory to create an unmanaged object which contains that information (in this case, a WMI Win32_NetworkAdapterConfiguration object). That means this probably won't work on a Mac. If you need something truly cross platform, it seems like the way is to create a really simple web service that simply returns the requestor's IP and hostname.
I dont know what is your exact requirement .We had similar requirement some time back to get the local ip address to call a local service which is supposed to be present in client machine.
In that case we just built the local service url by hard coding the loopback address.ie localhost.

Save Data using Dynamic C

I am using Rabbit single board computer. I would like to save the data I/O which is connected to another Rabbit single board computer through a wireless connection. Is it able to save the data inside the PC in a .txt file for example?
If you can establish a connection to a PC, and the PC is running some server to log data, yes, you could save to a PC. For example, the PC could run a TFTP server or FTP server on the same wireless network, and you could connect to it from the rabbit SBC and save whatever data you need to.
Yes, this is possible.
There are two parts to this scenario. Your embedded app needs to know how to connect to a server application running on the PC or network, and you must, of course, have said server application running on the target machine.
If you're sending entire files, FTP, as bdonlan suggested, is a good way to go. The protocol is well-understood and you can probably find a library to wrap it for you.
If you need to log data real-time, you'll need to have some sort of application which can receive messages or accept a socket connection, and a protocol to get the text across the wire(less). A web server may be a good way to do this, because you can POST chunks of data to the server with a simple HTTP request, and the server app can decide how to organize and store the information. Once you have a web server running, you may find it beneficial to build some pages that provide basic reporting functionality, so you can see the logged data from any web browser.
This could be less restrictive than FTP, but will require some web development expertise on your part.
Any reasonable solution is going to require that you already have a connection to the wireless network with a correctly-configured and functioning IP stack. Without that, you're probably out of luck connecting to any networked resources.

Resources