from https://www.serverless360.com/blog/azure-blob-storage-vs-file-storage Microsoft offers several options to store data on the cloud. Each option has its unique purpose for serving different business needs. One of the significant capabilities that Microsoft Azure provides is the agility to migrate to different storage options if required. There are various options available in the Azure Storage Account for storing user data. Blob Storage File Storage Table Storage Queue Storage Disk This blog tries to differentiate between Azure Blob Storage and File Storage which is available in Azure Storage Account. Introduction Blob Storage Azure Blob Storage is an object storage solution for the cloud. Blob Storage allows you to store a massive amount of unstructured data. The unstructured data need not be of the specific data model. File Storage Azure Files offer fully managed File shares in the cloud that are accessible via the industry-standard SMB. Azure File shares can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and macOS. It can be cached on Windows servers with Azure File Sync for faster access. When to Use Blob Storage Azure Blob Storage was designed to serve specific needs. If your business use case needs to store unstructured data like audio, video, images, etc then you should probably go with this option. The objects which are being stored in Blob does not necessarily have an extension. The following points describe the use case scenarios: Serving images or documents directly to a browser Storing Files for distributed access Streaming video and audio Writing to log Files Storing data for backup, restore, disaster recovery and archiving Storing data for analysis…

UPDATE: The code in this article has been updated to reflect changes in more recent versions of Kubernetes.) Watch a recording of author Nick Chase in a webinar on Kubernetes Deployments using YAML. In previous articles, we’ve been talking about how to use Kubernetes to spin up resources. So far, we’ve been working exclusively with the CLI, but there’s an easier and more useful way to do it: creating configuration files using kubernetes YAML. In this article, we’ll look at how YAML works and use it to define first a Kubernetes Pod, and then a Kubernetes Deployment. YAML Basics It’s difficult to escape YAML if you’re doing anything related to many software fields — particularly Kubernetes, SDN, and OpenStack. YAML, which stands for Yet Another Markup Language, or YAML Ain’t Markup Language (depending who you ask) is a human-readable text-based format for specifying configuration-type information. For example, in this article, we’ll pick apart the YAML definitions for creating first a Pod, and then a Deployment. When defining a Kubernetes manifest, YAML gives you a number of advantages, including: Convenience: You’ll no longer have to add all of your parameters to the command line Maintenance: YAML files can be added to source control, such as a Github repository so you can track changes Flexibility: You’ll be able to create much more complex structures using YAML than you can on the command line YAML is a superset of JSON, which means that any valid JSON file is also a valid YAML file. So on the one hand, if you know JSON and you’re only ever going to write your…

In short: Docker service is used mostly when you configured the master node with Docker swarm so that docker containers will run in a distributed environment and it can be easily managed. Docker run: The docker run command first creates a writeable container layer over the specified image, and then starts it using the specified command. That is, docker run is equivalent to the API /containers/create then /containers/(id)/start source: https://docs.docker.com/engine/reference/commandline/run/#parent-command Docker service: Docker service will be the image for

Introduction   Docker privileged is one of many useful features of this powerful virtualization platform. Before you start working in privileged mode, make sure you understand how it works. In this tutorial, you will learn what privileged Docker containers are, when to use them, and whether it is a good option for you. What is Docker Privileged Mode?   Docker privileged mode grants a Docker container root capabilities to all devices on the host system. Running a container in privileged mode gives it the capabilities of its host machine. For example, it enables it to modify App Arm and SELinux configurations. With the host’s kernel features and device access, you can even install a new instance of the Docker platform within the privileged container. Essentially, this mode allows running Docker inside Docker.   Note: Learn more about Docker containers and how they differ from Docker images in Docker Image Vs Container: The Major Differences. How to Check if a Container is Privileged?   To check whether you are running a container in privileged mode, use the command: docker inspect --format='{{.HostConfig.Privileged}}' [container_id] If the container is privileged, the output responds with true, as in the image below.

There are some options to create a Virtual Machine Scale Set with the diagnostics extension to perform in-guest monitoring and collect metrics from inside your virtual machines. On the other hand, if you have an existing Virtual Machine Scale Set without such extension, there’s a way to enable them. This is what I’ll show in this post in a detailed way explaining how to configure each one of the parameters required. How do I know if I have diagnostics extension deployed or not? The first thing to notice if you are looking to monitor your guest VMs in a VM Scale Set is if you already have the extension deployed or not. This is easy to be accomplished by going to the VMSS page in the Azure Portal and clicking on Metrics. If there are no metrics available in the Guest section this means there’s no diagnostic extension installed and only metrics provided at the Host level, captured by the virtualization layer are available. The picture bellow shows this scenario: Checking if guest diagnostics extension is enabled or not So, as there’s no Guest metrics available, we can conclude that the extension is not installed and we can install it. Storage Account To hold diagnostics data we need a storage account provisioned, you can provision a new storage account or use an existing one. Getting the Default Config The first step to work with Azure VM Scale Set diagnostics is to get the default config. This is a template file we use to enable the diagnostics extension and also we can customize…

Lets explore the relationship between the “Container Host” and the “Container OS” and how they differ between Linux and Windows containers. Some Definitions: Container Host: Also called the Host OS. The Host OS is the operating system on which the Docker client and Docker daemon run. In the case of Linux and non-Hyper-V containers, the Host OS shares its kernel with running Docker containers. For Hyper-V each container has its own Hyper-V kernel. Container OS: Also called the Base OS. The base OS refers to an image that contains an operating system such as Ubuntu, CentOS, or windowsservercore. Typically, you would build your own image on top of a Base OS image so that you can take utilize parts of the OS. Note that windows containers require a Base OS, while Linux containers do not. Operating System Kernel: The Kernel manages lower level functions such as memory management, file system, network and process scheduling. Now for some pictures: In the above example The Host OS is Ubuntu. The Docker Client and the Docker Daemon (together called the Docker Engine) are running on the Host OS. Each container shares the Host OS kernel. CentOS and BusyBox are Linux Base OS images. The “No OS” container demonstrates that you do not NEED a base OS to run a container in Linux. You can create a Docker file that has a base image of scratch and then runs a binary that uses the kernel directly. Check out this article for a comparison of Base OS sizes. In the above example The Host OS is Windows 10 or Windows Server. Each container shares…

https://techcommunity.microsoft.com/t5/azure-security-center/validating-azure-key-vault-threat-detection-in-azure-security/ba-p/1220336 Azure Security Center includes advanced threat protection for Azure Key Vault. Security Center detects unusual and potentially harmful attempts to access or exploit Key Vault accounts based on behavior analysis using machine learning. To use this threat detection capability, you need to enable the Key Vault threat bundle in Azure Security Center pricing tier as shown below:     The validation steps that follows are going to help you to simulate an action that will trigger an alert in Azure Security Center. This action may be benign in some cases, but it could also indicate that the Key Vault has been accessed by someone using the TOR IP anonymization system to hide their true source location. Follow the steps below to perform this simulation:

Key Vault Keys: Keys in Azure Key Vault are 'Cryptographic keys' used to encrypt information without releasing the private key to the consumer(users\Service). It acts like a black box to encrypt and decrypt content using the RSA algotithm. The RSA algorithm, involves a public key and private key. The public key can be known to everyone; it is used to encrypt messages. Messages encrypted using the public key can only be decrypted with the private key. Scenario: Assume you have to store the customer CreditCard, the secure way to keep it in your DB is to store it encrypted, during the software design and business requirements it is perfect clear that you should encrypt it, what most people don't real

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community. At Ignite Azure Security Center team announced many  features and capabilities in the CSPM and the CWPP segments. The entire list can be found in this blog post. One out of many areas that the product team invested a lot of resources and innovation is the containers 

Azure Security Center gives you complete visibility and control over the security of hybrid cloud workloads, including compute, network, storage, identity, and application workloads. Azure Security Center (ASC) has two mains value proposition: Cloud Security Posture Management (CSPM) – Help you prevent misconfiguration to strengthen your security posture for all different types of cloud workloads and resources in Azure (IaaS, PaaS, and SaaS). Cloud Workload Protection Platform (CWPP) – Protect against threats for servers whether they are running in Azure, on-premises or in different clouds such as Amazon AWS or Google GCP, in additional to cloud-native workloads such as Web Apps, Kubernetes, Key Vaults, as well as for SQL databases (PaaS/VM) and storage accounts. Azure Defender for Containers is one of many features that is included in Azure Security Center that falls under the Cloud Workload Protection Platform (CWPP) which is something you must consider for your containers running on Microsoft Azure. Azure Security Center (ASC) is expanding its support in the container space to one of the fastest-growing services in Azure – Azure Kubernetes Service (AKS). In November 2019, Microsoft announced the public preview for threat protection for Azure Kubernetes Service (AKS) support in Security Center. The good news is, on March 25th, 2020 the Azure Kubernetes Services integration with Security Center became Generally Available (GA). Kubernetes is quickly becomi