If you ever worked with cloud and configured different subnet, there will be public and private subnet, both having a different number of servers, for the public or even private have you also wonder how to access the environment without associate the VM to Public IP, in this post I will show you how.
For the figure shows one of the simple example of that, In this post you will learn how to connect to an instance that is hosted in a private subnet
This blog post is one of that kind that took much time and consume so much energy, to complete this post it took me around ten days to make sure that I will cover most of the available services and make it readable for people, Be sure the services can change while you are reading this post ; if you have any comments,or add something to this post, please send me an email – using contact us page or by comments below.
I am writing this post to share a different cloud providers services and the comparison between each one of them, this will show various naming services for each one of them.
Earlier we used to store our data to H.D.D or USB flash, Cloud Computing services have replaced such hard drive technology. Cloud Computing service is nothing but providing services like Storage, Databases, Servers, networking, and software through the Internet.
Cloud Computing is moving so fast, in 2020 the cloud now is more mature, going multi-cloud, and likely to become more focused on vertical and a sales ground war as the leading vendors battle for market share.
Notes :
GCP : Google Cloud Provider
OCI :- oracle cloud infrastructure
None : not meaning the services is not available necessarily by cloud provider but i didn’t look deeper into this or i didn’t use it before.
Just quick post to show and share what services for each cloud provider, be notice that the services can be change while we are talking now, and this is not a complete list of services but it’s only shows the basic one.
A load balancer distributes traffic evenly among each system in a pool. A load balancer can help you achieve both high availability and resiliency.
Say you start by adding additional VMs, each configured identically, to each tier. The idea is to have additional systems ready, in case one goes down, or is serving too many users at the same time.
Azure Load Balancer is a load balancer service that Microsoft provides that helps take care of the maintenance for you. Load Balancer supports inbound and outbound scenarios, provides low latency and high throughput, and scales up to millions of flows for all Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) applications. You can use Load Balancer with incoming internet traffic, internal traffic across Azure services, port forwarding for specific traffic, or outbound connectivity for VMs in your virtual network.
When you manually configure typical load balancer software on a virtual machine, there’s a downside: you now have an additional system that you need to maintain. If your load balancer goes down or needs routine maintenance, you’re back to your original problem.
Azure Application Gateway
If all your traffic is HTTP, a potentially better option is to use Azure Application Gateway. Application Gateway is a load balancer designed for web applications. It uses Azure Load Balancer at the transport level (TCP) and applies sophisticated URL-based routing rules to support several advanced scenarios.
Benefits
Cookie affinity. Useful when you want to keep a user session on the same backend server.
SSL termination. Application Gateway can manage your SSL certificates and pass unencrypted traffic to the backend servers to avoid encryption/decryption overhead. It also supports full end-to-end encryption for applications that require that.
Web application firewall. Application gateway supports a sophisticated firewall (WAF) with detailed monitoring and logging to detect malicious attacks against your network infrastructure.
URL rule-based routes. Application Gateway allows you to route traffic based on URL patterns, source IP address and port to destination IP address and port. This is helpful when setting up a content delivery network.
Rewrite HTTP headers. You can add or remove information from the inbound and outbound HTTP headers of each request to enable important security scenarios, or scrub sensitive information such as server names.
What is a Content Delivery Network (CDN)?
A content delivery network (CDN) is a distributed network of servers that can efficiently deliver web content to users. It is a way to get content to users in their local region to minimize latency. CDN can be hosted in Azure or any other location. You can cache content at strategically placed physical nodes across the world and provide better performance to end users. Typical usage scenarios include web applications containing multimedia content, a product launch event in a particular region, or any event where you expect a high-bandwidth requirement in a region.
DNS
DNS, or Domain Name System, is a way to map user-friendly names to their IP addresses. You can think of DNS as the phonebook of the internet.
How can you make your site, which is located in the United States, load faster for users located in Europe or Asia?
network latency in azure
Latency refers to the time it takes for data to travel over the network. Latency is typically measured in milliseconds.
Compare latency to bandwidth. Bandwidth refers to the amount of data that can fit on the connection. Latency refers to the time it takes for that data to reach its destination.
One way to reduce latency is to provide exact copies of your service in more than one region, or Use Traffic Manager to route users to the closest endpoint, One answer is Azure Traffic Manager. Traffic Manager uses the DNS server that’s closest to the user to direct user traffic to a globally distributed endpoint, Traffic Manager doesn’t see the traffic that’s passed between the client and server. Rather, it directs the client web browser to a preferred endpoint. Traffic Manager can route traffic in a few different ways, such as to the endpoint with the lowest latency.
This post provide steps for downloading and installing both Terraform and the Oracle Cloud Infrastructure Terraform provider.
Terraform Overview
Terraform is “infrastructure-as-code” software that allows you to define your infrastructure resources in files that you can persist, version, and share. These files describe the steps required to provision your infrastructure and maintain its desired state; it then executes these steps and builds out the described infrastructure.
Infrastructure as Code is becoming very popular. It allows you to describe a complete blueprint of a datacentre using a high-level configuration syntax, that can be versioned and script-automated, Terraform can seamlessly work with major cloud vendors, including Oracle, AWS, MS Azure, Google, etc
Download and Install Terraform
In this section, i will show and explain how to download and install Terraform on your laptop/PC Host Operating System, you can download using the below link :-
After you download the terraform, Unzip the Terraform to whatever location you want to run it from. Then, add that location to your OS PATH.
Windows : By adding to Path –> environment variables
Linux : Profile –> export Path
You can check by run the CMD and check the version:-
Check Terraform commands
Download the OCI Terraform Provider
Prerequisites:-
OCI User credentials that has sufficient permission to execute a Terraform plan.
Required keys and Oracle Cloud Infrastructure IDs (OCIDs).
The correct Terraform binary file for your operating system
Installing and Configuring the Terraform Provider
In my personal opioion about this section (The title of the section same as Oracle Documentation) I found it wrong, i worked with Terraform in different cloud vendor, AWS, Azure and OCI so Terraform will recognize it and automatically install the provider for you.
to do that, all of you have to do is create folder , then create file “variables.tf” that only contains
provider "oci" {<br>}
and run terraform command
terraform init
Now Let’s Talk small examples about OCI and Terraform, First you have to read “Creating Module” to understand the rest of this post here.
I will upload to my Github here Small Sample for OCI Terraform to allow you underatand how we can use it instead of the GUI and make it easy for you.
I upload to my github example of Terraform for OCI Proiver, In the this example i will create autonomous database but not using the GUI,
to work with Terraform, you have to understand what is the OCI Provider and the parameters of it.
The Terraform configuration resides in two files: variables.tf (which defines the provider oci) and main.tf (which defines the resource).
Terraform configuration (.tf) files have specific requirements, depending on the components that are defined in the file. For example, you might have your Terraform provider defined in one file (provider.tf), your variables defined in another (variables.tf), your data sources defined in yet another.
The provider definition relies on variables so that the configuration file itself does not contain sensitive data. Including sensitive data creates a security risk when exchanging or sharing configuration files.
Variables in Terraform represent parameters for Terraform modules. In variable definitions, each block configures a single input variable, and each definition can take any or all of three optional arguments:
Type (Optional): Defines the variable type as one of three allowed values: string, list, and map. If this argument is not used, the variable type is inferred based on default. If no default is provided, the type is assumed to be string
Default (Optional) : Sets the default value for the variable. If no default value is provided, the caller must provide a value or Terraform throws an error.
Description (Optional) : A human-readable description of the variable.
Output variables provide a means to support Terraform end-user queries. This allows users to extract meaningful data from among the potentially massive amount of data associated with a complex infrastructure.
output "InstancePublicIPs" {
value = ["${oci_core_instance.TFInstance.*.public_ip}"]
}
Resource Configuration
Resources are components of your Oracle Cloud Infrastructure. These resources include everything from low-level components such as physical and virtual servers, to higher-level components such as email and database providers, your DNS record.
To create your first server/VM on Azure cloud, you have different ways to do that :-
Azure Resource Manager
Azure PowerShell
Azure CLI
Azure REST API
Azure Client SDK
Azure VM Extensions
Azure Automation Services
The Azure portal is the easiest way to create resources such as VMs, i will describe each one of them,
The first way which is The Portal here, to do this it’s very simple :-
Click on the Create a resource option in the top-left corner of the portal page.
Use the Search the Marketplace search bar to find “Ubuntu Server” for example.
Press on Create , then new page will be open.
Configure the VM, by enter the name, the region, The Subscription,Availability options
There are several other tabs you can explore to see the settings you can influence during the VM creation. Once you’re finished exploring, click Review + create to review and validate the settings.
On the review screen, Azure will validate your settings. You might need to supply some additional information based on the requirements of the image creator.
This is was the first way to create the VM which is consider the easiet one also.
Azure Resource Manager
assumig you want to create a copy of a VM with the same settings. You could create a VM image, upload it to Azure, and reference it as the basis for your new VM,Azure provides you with the option to create a template from which to create an exact copy of a VM.
You can do this, after create the VM –> Setting –> export template.
Azure PowerShell
Azure PowerShell is ideal for one-off interactive tasks and/or the automation of repeated tasks, note that PowerShell is a cross-platform shell that provides services like the shell window and command parsing.
The Azure CLI is Microsoft’s cross-platform command-line tool for managing Azure resources such as virtual machines and disks from the command line. It’s available for macOS, Linux, and Windows, this is also found in Different cloud vendor for example For Amazon it’s called aws cli, for Oracle it’s Called OCI-CLI and Google it’s called GCP-CLI.
az vm create --resource-group TestResourceGroup --name test-wp1-eus-vm --image win2016datacenter --admin-username osama --admin-password anything
Programmatic (APIs)
This is no my expertise so i will no go deep dive with it, But we were talking about Azure CLI and powershell, you can install something called Azure REST API and start using differen programing language to deal with Azure, i did this with python for AWS using Boto3 module, i post about it before here.
The same can be done for Azure or any Cloud vendor.
Azure VM Extensions
Azure VM extensions are small applications that allow you to configure and automate tasks on Azure VMs after initial deployment. Azure VM extensions can be run with the Azure CLI, PowerShell, Azure Resource Manager templates, and the Azure portal.
When the company will move to the cloud, the biggest question to ask , how much it will cost ? there are different ways to determine your IaaS cost, but at first you need to know that PaaS and IaaS much cheapter than IaaS, Each cloud vendor having their own calculator so at least you can estimate the value for one year or understand how much it will cost ? which is good.
Azure
Let’s Start with Azure for example ( since i post a lot about it recently )
When you are estimate the price for any cloud you should take different factors in your mind such as the following :-
Region
Tier it’s free , Basic … etc
How will the clinet/customer pay ? monthly , Yearly , Pay as you go .. etc
Supprot for the cloud which option you will choose
The deployement princing for example in Azure Dev/test .. etc
Now Azure provides the client with real pricing calculator that allow people to estimate the cost, From here.
to use the portal you should know what services you will choose, and some esstinal information such as How many VM, Database, networking, after you add all the information the report will be generated depends on the period of paying.
But what if i want to move from On Premis to the cloud , is this tool will work ? Total Cost of Ownership or TCO from here
The TCO Calculator helps you understand the cost areas that affect your applications today, such as server hardware, software licenses, electricity, and labor by Define the following :-
Servers : -details of your current on-premises
Databases :- on-premises database infrastructure
Storage :- on-premises storage infrastructure
Networking :- on-premises environment
The Genterated report will be like this :-
Amazon
As i already mentioned each Cloud vendor having different apporach of Cloud Pricing but it’s all the same, in AWS you can access the pricing from here , also they have somthing called SIMPLE MONTHLY CALCULATOR From here.
When you generate an estimate, you can either add services directly to your estimate or create a group and add the services to your group.
The AWS Pricing Calculator is an estimation tool that provides an approximate cost of using AWS services based on the usage parameters that you specify. The AWS Pricing Calculator is not a quote tool, and does not guarantee the cost for your actual use of AWS services. The cost estimated by the AWS Pricing Calculator may vary from your actual costs for a number of reasons. Common reasons the estimate may be different from your actual cost include different thing such as Actual Usage, Region used, Change in price, Taxes ( depends on the Region ) .. etc
Oracle
From Oracle , the portal is very simple to use, you can estimate everything using this portal here from Infrastcure cost, database, Application, … etc .
Encryption is the process of making data unreadable and unusable to unauthorized viewers. To use or read the encrypted data, it must be decrypted, which requires the use of a secret key.
There are two different type :-
Symmetric encryption :– Which mean you will use same key to encrypt and decrypt the data
Asymmetric encryption :– Which mean you will use different key , for example Private and public key.
both of these two type having two different ways :-
Encryption at rest which mean data stored in a database, or data stored in a storage account.
Encryption in transit which means data actively moving from one location to another.
So, there are different type of Encryption provided by Azure:-
Encrypt raw storage
Azure Storage Service Encryption:- encrypts your data before persisting it to Azure Managed Disks, Azure Blob storage, Azure Files, or Azure Queue storage, and decrypts the data before retrieval.
Encrypt virtual machine disks low-level encryption protection for data written to physical disk
Azure Disk Encryption : this method helps you to encruypt the actually windows or Linux disk, the best way to do this is h Azure Key Vault.
Encrypt databases
Transparent data encryption :- helps protect Azure SQL Database and Azure Data Warehouse against the threat of malicious activity. It performs real-time encryption and decryption of the database.
The best way to do this which is Azure Key Vault, cloud service for storing your application secrets. Key Vault helps you control your applications’ secrets by keeping them in a single, why should i use it :-
Centralizing the solutions.
Securely stored secrets and keys.
Monitor access and use.
Simplified administration of application secrets.
There are also two different kind of certificate in Azure which will helps you to encrypt for example the website or application, you need to know that Certificates used in Azure are x.509 v3 and can be signed by a trusted certificate authority, or they can be self-signed.
Types of certificates
Service certificates are used for cloud services
Management certificates are used for authenticating with the management API
Service certificates
which is attached to cloud services and enable secure communication to and from the service. For example, if you deploy a web site, you would want to supply a certificate that can authenticate an exposed HTTPS endpoint. Service certificates, which are defined in your service definition, are automatically deployed to the VM that is running an instance of your role.
Management certificates
allow you to authenticate with the classic deployment model. Many programs and tools (such as Visual Studio or the Azure SDK) use these certificates to automate configuration and deployment of various Azure services. However, these types of certificates are not related to cloud services.
Be noted that you can use Azure Key Vault to store your certificates.
Database administrator job has been changed and it’s not like before any more, In the past The DBA responsibility was limited within database which mean troubleshooting, backup , Performance tuning, high availability .. etc after few years new layer has been added to the responsibility which is application server layer for example weblogic ,Oracle embedded the weblogic with most of their products such as enterprise manager cloud, E-business suits, as i remember after three years another layer added to DBA knowledge which is virtualization and regarding to this virtualization made the DBA life more easier and not like before, solution providing another layer of backup and server management.
However now everything has been changed and the market working under new term which is CLOUD including different vendor AWS, Azure, and Oracle, As DBA your knowledge shouldn’t stop by only Database, within cloud there is new tools that can help the DBA with their daily Job and it’s called Devops.
DBA usually review each change request to ensure that it is well thought out,They are in charge of monitoring their databases and keeping them available and high-performing, manage access to and the overall security of the platform.
Database automation frees the DBA from the bottleneck of the past that delayed application releases since there is different environment production, Pre-Production, Development or Testing, the DevOps Automation relieved of the pressures of constantly having to juggle and merge various teams’ database changes, are now free to help their organisations take bigger steps forward in ongoing innovation.
But what is the Devops ? And How can i use to make my Job Easier
DevOps is the combination of cultural philosophies, practices, and tools that increases an organization’s ability to deliver applications and services at high velocity: evolving and improving products at a faster pace than organizations using traditional software development and infrastructure management processes. This speed enables organizations to better serve their customers and compete more effectively in the market.
Benefits of DevOps
Speed
Rapid Delivery
Reliability
Scale
Security
DevOps Practices
Continuous Integration
Continuous Delivery
Microservices
Infrastructure as Code
Monitoring and Logging
Communication and Collaboration
DevOps practices for DBA and Data Team focus on the Tools, practices and techniques that are useful for the Data team to use for Development activities, Testing setup and execution, Collaboration techniques and Deployment tools and techniques. The aim of this site is to further the practice and help the DBA’s and Data team to use these practices to become productive and become part of the delivery team and embrace the devops movement.
DevOps Tools
Docker
Jenkins
Ansible
Puppet
Nagios
Monit
Behat
Chef
There is more tools for sure each one of these tools having it’s own purpose for example Docker is one of the powerful container solutions, A container image is a lightweight, stand-alone, executable package of a piece of software that includes everything needed to run it: code, runtime, system tools, system libraries, settings Available for both Linux and Windows based apps, containerized software will always run the same, regardless of the environment. Containers isolate software from its surroundings, for example differences between development and staging environments and help reduce conflicts between teams running different software on the same infrastructure.
