1.Open the interactive shell and make sure that it's set to PowerShell. Click on cloud shell icon appears next to global search as depicted in image below: 2.Run the following command to install IIS on the virtual machine: Azure PowerShellCopy ***************************************************** $publicSettings = @{ "fileUris" = (,"https://raw.githubusercontent.com/Azure/azure-docs-powershell-
OSI model = Open Systems Interconnection model Physical Layer The lowest layer of the OSI Model is concerned with electrically or optically transmitting raw unstructured data bits across the network from the physical layer of the sending device to the physical layer of the receiving device. It can include specifications such as voltages, pin layout, cabling, and radio frequencies. At the physical layer, one might find “physical” resources such as network hubs, cabling, repeaters, network adapters or modems. Data Link Layer At the data link layer, directly connected nodes are used to perform node-to-node data transfer where data is packaged into frames. The data link layer also corrects errors that may have occurred at the physical layer. The data link layer encompasses two sub-layers of its own. The first, media access control (MAC), provides flow control and multiplexing for device transmissions over a network. The second, the logical link control (LLC), provides flow and error control over the physical medium as well as identifies line protocols. Network Layer The network layer is responsible for receiving frames from the data link layer, and delivering them to their intended destinations among based on the addresses contained inside the frame. The network layer finds the destination by using logical addresses, such as IP (internet protocol). At this layer, routers are a crucial component used to quite literally route information where it needs to go between networks. Transport Layer The transport layer manages the delivery and error checking of data packets. It regulates the size, sequencing, and ultimately the transfer of data between systems…
1) { } 大括号,表示定义一个对象,大部分情况下要有成对的属性和值,或是函数。 如:var LangShen = {"Name":"Langshen","AGE":"28"}; 上面声明了一个名为“LangShen”的对象,多个属性或函数用,(逗号)隔开,因为是对象的属性, 所以访问时,应该用.(点)来层层访问:LangShen.Name、LangShen.AGE,当然我们也可以用数组的方式来访问,如:LangShen["Name"]、LangShen["AGE"],结果是一样的。 该写法,在JSON数据结构中经常用,除此之外,我们平时写函数组的时候,也经常用到,如: var LangShen = { Name = function(){ return "LangShen"; }, Age = function(){ return "28"; } } 调用方式差不多,因为是函数组,所以要加上(),如:alert( LangShen.Name() ); 2) [ ]中括号,表示一个数组,也可以理解为一个数组对象。 如:var LangShen = [ "Name","LangShen","AGE","28" ]; 每个值或函数,都是独立的,多个值之间只用,(逗号)隔开,因为是数组对象,所以它等于: var LangShen = Array( "Name","LangShen","AGE","28" ); 访问时,也是和数组一样,alert( LangShen[0] ); 3) { } 和[ ] 一起使用,我们前面说到,{ } 是一个对象,[ ] 是一个数组,我们可以组成一个对象数组,如: var LangShen = { "Name":"Langshen", "MyWife":[ "LuLu","26" ], "MySon":[{"Name":"Son1"},{"Name":"Son2"},{"Name":"Son3"}] } 从上面的结构来看,是一个对象里面的第一项是个属性,第二项是一个数组,第三个是包含有多个对象的数组。调用起来,也是一层一层访问,对象的属性用.(点)叠加,数组用 [下标] 来访问。 如:alert( LangShen.MySon[1].Name ) ;
For the difference between Keys, Secrets, and Certificates, please refer to Azure Key Vault documentation, under Object Types: https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#object-types Think of Secrets as passwords and connection strings. Keys are cryptographic keys that can be generated using various algorithms. And Certificates are keys (or key pairs) with optional policies such as auto rotation. There is an advantage in authenticating using a certificate instead of a secret. The advantage is a certificate has a private and a public key part. The recipient of your API call can authenticate who you are using only the public portion of your certificate, while you safely safeguard the private part in your key vault. Secrets are shared between calling and called parties and are transmitted over the wire, and therefore there are more opportunities for them to leak.
# PS C:\> . .\CreateAzAutomationRunAsAccount.ps1 -ResourceGroup '<ResourceGroupName>' -Location '<AzureRegion>' -AutomationAccountName '<AutomationAccountName>' -ApplicationDisplayName '<AzureADApplicationName>' -SubscriptionId '<VSSubscriptionID>' -SelfSignedCertPlainPasswd '<SomeStrongPassword>' -SelfSignedCertNoOfMonthsUntilExpired 12 # To run the script you must pass parameters # -ResourceGroup, name of the Resource Group to create # -Location, Azure region to create Resource Group in, to get a list of available regions use Get-AzLocation # -AutomationAccountName, name of Automation Account to create # -ApplicationDisplayName, name of Azure AD application to create # -SubscriptionId, the Subscription ID of your Visual Studio subscription # -SelfSignedCertPlainPasswd, a strong password for the self-signed certificate # -SelfSignedCertNoOfMonthsUntilExpired, the number of months the self-signed certificate is valid, this is optional and if not passed this will default to 12 months. #Requires -RunAsAdministrator Param ( [Parameter(Mandatory = $true)] [string] $ResourceGroup, [Parameter(Mandatory = $true)] [string] $Location, [Parameter(Mandatory = $true)] [string] $AutomationAccountName, [Parameter(Mandatory = $true)] [string] $ApplicationDisplayName, [Parameter(Mandatory = $true)] [string] $SubscriptionId, [Parameter(Mandatory = $true)] [string] $SelfSignedCertPlainPasswd, [Parameter(Mandatory = $false)] [int] $SelfSignedCertNoOfMonthsUntilExpired = 12 ) # Helper functions function CreateAutomationCertificateAsset { [CmdletBinding()] param ( [Parameter()] [string] $ResourceGroup, [Parameter()] [string] $AutomationAccountName, [Parameter()] [string] $CertifcateAssetName, [Parameter()] [string] $CertPath, [Parameter()] [string] $CertPlainPasswd, [Parameter()] [bool] $Exportable ) [securestring] $CertPassword = ConvertTo-SecureString $CertPlainPasswd -AsPlainText -Force Remove-AzAutomationCertificate -ResourceGroupName $ResourceGroup ` -AutomationAccountName $AutomationAccountName ` -Name $CertifcateAssetName ` -ErrorAction SilentlyContinue New-AzAutomationCertificate -ResourceGroupName $ResourceGroup ` -AutomationAccountName $AutomationAccountName ` -Path $CertPath ` -Name $CertifcateAssetName ` -Password $CertPassword ` …
Introduction Azure Automation provides a cloud-based automation and configuration service that provides consistent management across your Azure and non-Azure environments. Azure Automation helps to automate frequent, time-consuming, and error-prone cloud management tasks. It consists of process automation, update management, and configuration features. Azure Automation helps you to save time, reduce cost & errors and increase efficiency. Refer to this link to learn more about pricing details. Refer to my previous article to learn how to perform the following activities: Create an Automation Account Create Credential Asset – To store the credentials which will be used by PowerShell for authentication. Import PowerShell Module – Import Microsoft Teams PowerShell Cmdlets module in order to access Teams Cmdlets. Create PowerShell runbook – Script to create a new team Test and publish the runbook In this article, you will see how to provision a team using PowerShell runbook which will be called by webhook from Power Automate when users submit the request in the SharePoint list. A webhook allows an external service to start a particular runbook in Azure Automation through a single HTTP request. Refer to this link to learn more about the automation webhook. Design Flow
from: https://www.sqlchick.com/entries/2016/9/18/overview-of-azure-automation Azure Automation is a cloud service in Microsoft Azure which let you schedule execution of PowerShell cmdlets and PowerShell workflows. Azure Automation uses the concept of runbooks to execute a set of repeatable, repetitive tasks via PowerShell. Consistency in execution, reduction of errors, and of course saving time, are all key objectives - which makes DBAs and system admins happy, eh? Examples of How You Could Use Azure Automation Shut down a virtual machine in a development environment on a schedule to avoid charges when it's not being used Pause Azure SQL Data Warehouse on a schedule to avoid compute charges during the time it's not serving queries or processing data loads Check size of an Azure resource to determine if it's close to reaching its threshold for scaling up Scale Azure resources up or down on a predefined schedule Deployment of resources from Dev to Test en
#region Sign in with Azure CLI 各种方法总结 # https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli #region ok 1) 使用aad user 登录 portal # 1) - 1 >> OK 使用网页认证画面登录 # az login # >> You have logged into Microsoft Azure! # >> You can close this window, or we will redirect you to the Azure CLI documents in 10 seconds. # 1) - 2 >> OK 使用hard code 用户名密码登录 # $curLoginUserName = "xxxx@zzz.hotmail.onmicrosoft.com" # $curLoginPsw = "yyyyy" # $AzCred = New-Object System.Management.Automation.PSCredential($curLoginUserName, $(ConvertTo-SecureString $curLoginPsw -AsPlainText -Force)) # az login -u $AzCred.UserName -p $AzCred.GetNetworkCredential().Password #endregion ok 1) 使用aad user 登录 portal #region OK 2) 使用 service principal 登录 portal # Service principals are accounts not tied to any particular user, which can have permissions on them assigned through pre-defined roles. # Authenticating with a service principal is the best way to write secure scripts or programs, # allowing you to apply both permissions restrictions and locally stored static credential information # az login --service-principal -u <app-url> -p <password-or-cert> --tenant <tenant> # code start ↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓ # OutInfoLog "Sign in with a service principal." # $Application_ID_URI = "http://servicePrincipal1-for-aks-cluster1" # $servicePrincipal1_password = "xxxxxxxxxxxxxxxxxxxxxxx" # az login --service-principal -u $Application_ID_URI -p $servicePrincipal1_password --tenant "xxx-yyy-zzz-eee-xxx" # OutInfoLog "az group list." # # 可以取得具有权限的资源列表 # az group list # # 因为当前spn只有acrpull/acrpush权限,所以无法获得acr信息.赋予reader权限后,可以取得acr信息 # az acr list -o table # code start ↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑ #endregion OK 2) 使用 service principal 登录 portal #region…
$ip = Invoke-RestMethod http://ipinfo.io/json | Select -exp ip $ipinfo = Invoke-RestMethod http://ipinfo.io/json $ipinfo.ip $ipinfo.hostname $ipinfo.city $ipinfo.region $ipinfo.country $ipinfo.loc $ipinfo.org
AKS即Azure Kubernetes,ACR即Azure Container Registry ,ACI即Azure Container Instance,这篇文章将详细讲解这三者的基本概念。 Azure Kubernetes Service (AKS) Azure Kubernetes Service是由微软提供的一个PaaS版本的Kubernetes服务(以下简称AKS),微软的AKS为我们提供了简单的部署方式与管理操作界面。其主要具有一下几个特点: 使用者无需担心升级与故障修复问题,AKS提供简单的升级方式和自动的故障修修复 AKS服务具有高度可用性 AKS具有高度的可扩展性,可以通过命令行或UI快速的进行扩展 AKS提供API Server监控机制 AKS可以通过AAD以及RBAC来管控群集的存取安全性 AKS的服务(Master节点)由Azure进行托管并免费对用户提供使用,用户只需承担worker node的费用 这里要和大家简单的说一下,因为AKS是一款PaaS的服务,所以不需要用户去构建并维护Master节点,只需要通过Kubernetes API Endpoint使用相关的命令行工具来管理AKS。使用 AKS 配合 Azure 服务 Helm, Azure DevOps Project, ACR, ACI, Azure Monitor 提供从开发到生产环境的完整解决方案。 Azure Container Registry (ACR) 相信各位对共有的docker镜像存储仓库docker hub都很熟悉,对ACR却很陌生,其实ACR是微软提供的可以用来存储所有容器部署类型的映像,我们可以把它理解成一个私有的容器镜像仓库,这个仓库可以使用docker registry相同的命令来对其进行管理。 ACR包括一下几个主要的概念: Registry: 一个Azure订阅可以创建多个Container registries,可以通过webhook与Azure AD登录管理image,根据不通的registry类型,提供本机存储或者异地复制的使用情况。每个registry名称都是以FQDN的方式呈现的,如:REGISTRY_NAME.azurecr.io Repository:每个registry包含一个以上的repository,以群组的方式进行存储管理,并且支持多层命名空间 Image:存储于respository中,当不需要使用时,可以使用docker命令将image从repository去除 Azure Container Instance (ACI) Azure 容器执行个体 Azure Container Instance (ACI), 是不需要管理虚拟机器而提供容器应用程式执行的服务, 具有快速启动的优点, 并且提供公用 IP 以及完整网域名称 (FQDN), 可以直接由网际网路存取应用程式. 此外 ACI 具有应用程式相依性隔离和资源控管, 等同于虚拟机器的安全性管理. 如下图, ACR 提供容器的储存, 并且可以将 Image 取出到 ACI 中