Configure managed identities for Azure resources - azure-managed-identity

I have a few services with two deployment kinds: Virtual Machine Scale Set and RDFE based deployments.
I want to add managed identities to those services, but I'm a bit puzzled about how to do so for the second type of deployment (RDFE-based).
I've looked at this Microsoft document.
It stated that using MSI extension would be deprecated in 1.19 but it doesn't seem like IMDS supports PaaS deployments.
How should I add the managed identities to RDFE deployment and what endpoint should I use?

Managed identities are not supported on RDFE deployments, since we depend on Azure Resource Manager for configuration of the identity.

Related

Change my existing Azure function App URL(Login/landing page url) with static (which i want to get redirected to previous one) one?

I have seen the Azure portal for the same and referred various sources. It was mentioned to do the changes from Proxies section in Azure function App.
Please let me know how it can be achieved?
According to this Document, Versions 1.x to 3.x of Azure Functions support proxies and In-portal editing is not supported by all languages and operating systems.
In such cases you can opt either for Azure API Management for your application or create a proxies.json file in the root of your function app manually.
Alternatively, you can create a function app in .net 3.7 runtime version to enable proxies settings from portal.
REFERENCES:
Work with proxies in Azure Functions
Azure Functions runtime versions

How to deploy Azure Fabric service on IIS?

I have developed a Azure Service Fabric service .Net core 2.2 which contains a controller and some API methods inside it. I deployed the service on local cluster and its working fine. I am able to access the api endpoints.
But now I need to deploy it on local IIS too. I published the service project that contains my controller, and when I try to deploy it on local IIS as we usually do while deployment of other apps, I get an error "HTTP Error 500.0 - ANCM In-Process Handler Load Failure". I am googling for this and trying to find solution but no success yet.
Is there any particular setting or process that needs to be followed to deploy Azure Service Fabric service on IIS ? I am unable to figure out what I am missing.
Any suggestions or ideas?
When you create a Service Fabric service, the runtime need to talk to the Service Fabric System Services at startup. If you deploy it to IIS, it does not have a cluster to talk to.
If you want to make an API flexible to be hosted either on Service Fabric or IIS, you need to decouple the hosting logic from the API.
In this case, you can either create two different hosts, or:
in the host entry point, check if you are running inside SF, if yes you start the Service Fabric Service otherwise you start a self-hosted or IIS version.
There are quite a few questions in SO with examples like this, worth a search to check which one fits your needs.

Deploy to an Azure WebRole without Visual Studio

Is there a way I can deploy my entire website/webapp to an Azure WebRole without the need of Visual Studio?
Context: We have a test environment where there's an IIS hosted web app where our testers test (of course). The thing is, we want to grab that exact tested web app folder and deploy it "as is" to a WebRole.
Please avoid commenting on our procedure, we have been looking at it and we will eventually change it if we have to, I just need a 'simple' yes(how)/no answer.
IIS Web Deploy can be used to package/migrate/restore IIS applications. It can be enabled while deploying a web role as described in this article and allows to update the web role with the application as deployed in your test environment.
Be aware that only single instance cloud services are supported and that in case of a maintenance operation by the fabric controller, your service will be rolled back to the state created by the initial azure package deployment. (There once was a tool for syncing between multi-instance web deployments but sadly that did not work out too well and is no longer supported. Do not attempt to use or rebuild it.)
Installing and Configuring Web Deploy shows the steps to get web deploy for your local testing IIS while articles on using web deploy like this one show examples for calling the tool.
Another option to evaluate are azure websites and git deployment. This could provide you with a documented and reproducible form of deployment that is not prone to unwanted rollbacks while allowing the service to scale to multiple instances. This option might not work out if the application it too tied to the web roles infrastructure or contains code not suitable for the more restricted web sites environment.
A third option to look at is using CSPack as presented in this article. You basically create a service definition and package up the webapp manually without building it in Visual Studio or TFS.
Yes - make sure you have enabled Remote Access on your webrole. Then copy your web app from your local IIS folder to F:\sitesroot\0 (NOTE - may be E:\sitesroot\0 on same web roles).
Yes, you can write a programmatic interface against Web Deploy from your C# code. If you're deploying to Azure Web Sites, you could also use the Windows Azure Management Libraries to spin up new web sites or clouand deploy them.

Difference Between Azure Web Site and Azure Cloud Service

I'm about to migrate several separate ASP.NET 4.0 Web Forms applications to Azure. Several are apps using SQL Server 2008. I'm seeing "conflicting" tutorials for this:
Deploying an ASP.NET Web Application to a Windows Azure Web Site and SQL Database
vs
Deploying an ASP.NET Web Application to a Windows Azure Cloud Service and SQL Database
This StackOverflow question goes some way towards explaining this. However, there have been several changes to Azure in recent months and I'm not sure how up to date the information is.
I want as simple a migration process as possible because of the number of sites I have to migrate. Is there a situation where I would have to use the Cloud Service route?
Aside from what the linked-to answer provides: You have to go the Cloud Service route if there are apps you need to install (e.g. an MSI, COM object, etc.). There's simply no facility to do this with Web Sites. In Web Sites, you cannot alter the VM instance at all. With Cloud Services, you have lots of flexibility to install software, alter IIS behavior, pretty much anything you need to do (as long as the installs can be automated).
One point which can be very valuable if you consider migration of ASP.NET 4.0 Web Forms applications - Microsoft Azure Websites do no support SSL for custom domains yet. That might be a blocker for your migration work to the Websites service.
Note that Windows Azure is very dynamic environment with great number of new features coming every new release. In order to be up-to-date I would suggest following ScottGu's Blog to find out about new features and their release dates.
EDIT
Windows Azure Website supports SSL for custom domains now. SSL Certificates and SSL bindings can be configured in Configure tab.
You can also read more about SSL configuration for Azure Website at Configuring an SSL certificate for a Windows Azure web site.

Deploy web site to azure and traditional IIS

I currently work with a legacy asp.net web application and one of the requirements going forward is that it be deployable to windows azure.
I would like to know how difficult it will be to manage deployment to both Azure and a traditional IIS web server.
Azure seems to require a specific customized version of a web applicaiton project is it possible to deploy the customized web application to a standard IIS instance once it has been converted.
EDIT:
It is a ASP.NET Web Application rather than a Web Site (compiles everything into one dll)
UPDATE:
In the end due to the amount of work involved in converting the application to work in Azure and the cost of Azure compared with other cloud solutions it was decided to go with a traditional Cloud hosted virtual server.
And thank you for the really good answers.
Whether or not you can deploy your application to Azure almost as is depends a lot on how your application works. Azure pretty much requires your application be stateless. If it's a plain vanilla web application that stores data in the session or application cache only and saves data to a database only, then you can deploy it to Azure.
If you have stateful services running like background threads (which is bad anyways), or if you save data to the file system (besides temporary caching), then you may have issues. Really, the issues moving to Azure are really the same as moving to any multi-server load balanced solution. One caveat is permanent storage.
If you need to store data in a place other than the database, then you're best off working with Azure's storage solution which has an API and client library for storing binary data, key/value data (they call it tables, but really, it's not tables), and queues. They also do have a transparent blob-as-file-system option for compatibility. If you want to use these in your app that also is used outside of Azure then you need to write an extra layer between your code and the Azure client library that supports both Azure services and standard local service. Azure SDK does include emulators for Azure services, but they're definitely not meant for production use.
As far as the mechanics of Azure-specific projects, that is actually not that difficult. Yes, you need to create an Azure-specific project in your solution that defines the Web Role and what gets deployed, but it will reference your existing Web Application, not the other way around. You can deploy the Azure Web Role to Azure or you can continue to deploy the existing application to IIS normally and concurrently.
Web Site, Web Application, MVC, really doesn't make much of a difference. Actually doesn't have to be .NET either. Can be PHP or Java or whatever you want to put on your VM. It'll all work the same as far as Azure is concerned.
MS likes to push Azure as a Platform-as-a-Service (Paas) solution where they have a ton of services they offer and you run apps on their standard platform, and contrasts that with Amazon AWS which they call Infrastructure-as-a-Service (Iaas) which is "just" a Virtual Machine. However, MS is really just as much a IaaS solution as AWS, perhaps even more so. The only difference between AWS and Azure is AWS allows you to choose what to install on your VM and with Azure you have to use Windows Server 2008 R2 as the basis for your VM (but you can customize the VM image to install custom software on top of windows). With both Azure and AWS, the hosts offer additional PaaS services you can take advantage of for data storage and message routing. AWS also offers tons of extra services like video streaming.
Also note that with Azure (and AWS I think) you can use the services they offer even in a non-hosted application. If you want to use Azure's data storage from a non-Azure application, you can do that, it's just HTTP REST calls to get/put data. The only differences you pay for data in/out between datacenter and your non-datacenter-hosted application which would be free if the app was also inside the datacenter (just the data in/out is free in-datacenter, you still have storage and transaction fees).
A few things:
Samuel Neff's answer mentioned mounting a file system in a blob (a Cloud Drive). Only one instance may lock this cloud drive for writing, so it does not behave like a network file share. You'll need to plan for this.
You'll need to integrate with the Windows Azure diagnostics subsystem, to gain visibility into your app's run state (e.g. performance counters, trace logs, etc.).
If there are 3rd-party apps that your web app depends on, you'll need to install these. These actually get installed as part of the role instance's boot process, either via your OnStart() event handler or as a startup task. The latter allows for admin-level installs (including registry changes, COM component installations, etc.). You'll need to carefully manage these installations, as they impact the boot time of the instance.
For an asp.net app, you'll need to think about session state. In-proc session state won't work, because each instance will have its own state store in memory. The SQL Azure session state provider doesn't have background cleanup agents, so you'll need to build this into your web or worker role instance (see this blog post by the SQL Azure team for the implementation). The best option is to use the AppFabric Cache, a new service that just went into production. This cache-as-a-service provides an custom session state provider for asp.net as well. Note: As of today, the AppFabric Cache service is only accessible via a .NET interface; there's no REST interface for it (all other storage services - tables, blobs, queues - have a REST interface). .NET, Java, and PHP all have storage client libraries. Ruby has one from the open source community.
You'll have to manage scaling out to more than one instance, when the need arises. This is not a built-in service today, but there are 3rd-party services such as ParaLeap's AzureWatch. There's also Microsoft's System Center Operations Manager, which now has Windows Azure monitoring support. You'll also need to handle scale-back situations, where you reduce the number of server instances.
I have some additional details in an answer for a similar StackOverflow question, here.
I have not tried Windows Azure Migration Scanner personally, but if it works as advertised, this would really come in handy.

Resources