Encryption on Azure

What is encryption?

Encryption is the process of making data unreadable and unusable to unauthorized viewers. To use or read the encrypted data, it must be decrypted, which requires the use of a secret key. 

There are two different type :-

  • Symmetric encryption :– Which mean you will use same key  to encrypt and decrypt the data
  • Asymmetric encryption :– Which mean you will use different key , for example Private and public key.

both of these two type having two different ways :-

  • Encryption at rest which mean data stored in a database, or data stored in a storage account.
  • Encryption in transit which means  data actively moving from one location to another.

So, there are different type of Encryption provided by Azure:-

  • Encrypt raw storage
    • Azure Storage Service Encryption :-  encrypts your data before persisting it to Azure Managed Disks, Azure Blob storage, Azure Files, or Azure Queue storage, and decrypts the data before retrieval.
    • Encrypt virtual machine disks low-level encryption protection for data written to physical disk
  • Azure Disk Encryption : this method helps you to encruypt the actually windows or Linux disk, the best way to do this is h Azure Key Vault.
  • Encrypt databases
    • Transparent data encryption :- helps protect Azure SQL Database and Azure Data Warehouse against the threat of malicious activity. It performs real-time encryption and decryption of the database.

The best way to do this which is Azure Key Vault,  cloud service for storing your application secrets. Key Vault helps you control your applications’ secrets by keeping them in a single, why should i use it :-

  • Centralizing the solutions.
  • Securely stored secrets and keys.
  • Monitor access and use.
  • Simplified administration of application secrets.

There are also two different kind of certificate in Azure which will helps you to encrypt for example the website or application, you need to know that Certificates used in Azure are x.509 v3 and can be signed by a trusted certificate authority, or they can be self-signed.

Types of certificates

  • Service certificates are used for cloud services
  • Management certificates are used for authenticating with the management API

Service certificates

which is attached to cloud services and enable secure communication to and from the service. For example, if you deploy a web site, you would want to supply a certificate that can authenticate an exposed HTTPS endpoint. Service certificates, which are defined in your service definition, are automatically deployed to the VM that is running an instance of your role.

Management certificates

allow you to authenticate with the classic deployment model. Many programs and tools (such as Visual Studio or the Azure SDK) use these certificates to automate configuration and deployment of various Azure services. However, these types of certificates are not related to cloud services.

Be noted that you can use Azure Key Vault to store your certificates.

Cheers

Osama

Azure CLI For Beginners

What is Azure CLI ?

The Azure command-line interface (Azure CLI) is a set of commands used to create and manage Azure resources. The Azure CLI is available across Azure services and is designed to get you working quickly with Azure, with an emphasis on automation.

Documentation here

Create a Linux VM with the Azure CLI

The Azure CLI includes the vm command to work with virtual machines in Azure. We can supply several subcommands to do specific tasks. The most common include:

Sub-commandDescription
createCreate a new virtual machine
deallocateDeallocate a virtual machine
deleteDelete a virtual machine
listList the created virtual machines in your subscription
open-portOpen a specific network port for inbound traffic
restartRestart a virtual machine
showGet the details for a virtual machine
startStart a stopped virtual machine
stopStop a running virtual machine
updateUpdate a property of a virtual machine

Create new VM Using AZ CLI :-

az vm create --resource-group [resource group name] --location westus --name OsamaVM 
  --image UbuntuLTS --admin-username osama--generate-ssh-keys --verbose 

After creating the vmware , Public IP is assigned to create VM, to check the Public IP

Another way to check the IP by using the below command :-

az vm list-ip-addresses -n OsamaVM -o table

You could ports using AZ CLI for example

az vm open-port --port 80  --resource-group learn-9c22c502-355e-437b-9682-eb54b8c48e1c  --name OsamaVM

You can connect SSH to the VM Using the below command :-

There are pre defined image avaliable from Azure you can check them by :-

Or you can check the Avaliable Images in certain location, here you could find different between locations :-

For example also, the below command shows the images that has been created only By Microsoft :-

az vm image list --publisher Microsoft --output table --all

One More thing , To resize a VM, we use the vm resize command. For example, perhaps we find our VM is underpowered for the task we want it to perform. We could bump it up to a D2s_v3 where it has 2 vCores and 8 GB of memory. Type this command in Cloud Shell:

az vm resize --resource-group test-7223198d-cbdf-4fb7-bfd9-b609eaca3671 --name OsamaVM--size Standard_D2s_v3

Cheers

Enjoy

Osama