Friday, December 3, 2021

AzUpdate S03E17: AKS, Azure VPN, Audit logs and more

Hello folks!

I am back from a long-overdue vacation (if you believe my boss and my wife).  But I am back and ready to roll!

 

This week Jay Gordon (@Jaydestro) and I are back at it, and we will discuss a few news items from the mothership.  We will cover new capabilities to create AKS clusters without local user accounts, new capabilities in Azure VPN Gateways, new agent extension for Linux SQL VMs, and Audit Logs of Azure Monitor log queries.

 

Read-on!  Or better yet join us on the live stream

 

 

Create AKS clusters without local user accounts

 

PierreRoman_0-1638511810238.png

 

Azure Kubernetes Service (AKS) feature to allow for Azure Active Directory (AAD) integrated clusters to be created without any local admin user account is now generally available.  By default, when you create a Kubernetes cluster, access to the cluster is through a local admin account.  This is not desirable for security reasons as anyone can use a local account.  It is also harder to manage such local accounts.

 

AKS-managed Azure AD integration simplifies the Azure AD integration process.  Previously, users were required to create a client and server app and required the Azure AD tenant to grant Directory Read permissions. In the new version, the AKS resource provider manages the client and server apps for you.

 

With AAD integration, there is no need for local accounts.  You can now disable local accounts when you setup AAD with your AKS cluster.

 

You can learn more here

 

Azure VPN NAT (Network Address Translation)

 

PierreRoman_1-1638511879275.png

 

NAT defines the mechanisms to translate one IP address to another in an IP packet. There are multiple scenarios for NAT:

  • Connect multiple networks with overlapping IP addresses
  • Connect from networks with private IP addresses (RFC1918) to the Internet (Internet breakout)
  • Connect IPv6 networks to IPv4 networks (NAT64)

Organizations commonly use private IP addresses defined in RFC1918 for internal communication in their private networks.  When these networks are connected using VPN over the Internet or across private WAN, the address spaces must not overlap otherwise the communication would fail.  To connect two or more networks with overlapping IP addresses, NAT is deployed on the gateway devices connecting the networks.

 

Azure VPN NAT now supports overlapping address spaces between your on-premises branch networks and your Azure Virtual Networks.  NAT can also enable business-to-business connectivity where address spaces are managed by different organizations and re-numbering networks is not possible.

 

Check out the following document for additional information

 

SQL Server IaaS Agent extension for Linux SQL VMs

 

PierreRoman_2-1638511921636.png

 

Microsoft is making the capabilities of SQL Server IaaS Agent extension available to Linux platforms, starting with Ubuntu with plans for other distributions in time

 

If you are already running SQL Server on Azure using an Ubuntu Linux Virtual Machine, the SQL Server IaaS Agent extension now enables you to leverage integration with the Azure portal and unlocks the following benefits for SQL Server on Linux Azure VMs:

 

  • Compliance: The extension offers a simplified method to fulfill the requirement of notifying Microsoft that the Azure Hybrid Benefit has been enabled as is specified in the product terms.  This process negates needing to manage licensing registration forms for each resource.
  • Simplified license management: The extension simplifies SQL Server license management, and allows you to quickly identify SQL Server VMs with the Azure Hybrid Benefit enabled using the Azure portal, Azure PowerShell, or the Azure CLI:

Check out the following document for additional information

 

Audit Logs of Azure Monitor log queries

 

PierreRoman_3-1638511949878.png

 

Azure Monitor logs allows you to collect data across your entire ecosystem including application and OS level telemetry, security logs, network logs, diagnostic logs from Azure resources, and custom logs. All this data can be queried with the powerful KQL query language to gain deep insights across patterns, correlations, and more.

 

We now have the ability to audit Azure Monitor log queries. When enabled through the Azure Diagnostics mechanism, you will be able to collect telemetry about who ran a query, when the query was run, what tool was used to run the query, the query text, and performance stats around the query execution.

 

This telemetry, as with any other Azure Diagnostics-based telemetry, can be sent to an Azure Storage Blob, Azure Event Hub, or into Azure Monitor logs

 

Check out the following document for additional information

 

MS Learn Module of the Week

PierreRoman_4-1638511980779.png

 

 

Considering we had an announcement regarding SQL Server on Linux, we thought it would be a good idea to look at the Introduction to SQL Server on Linux.

 

This learn module will step you through the benefits of installing SQL Server on Linux. 

 

Have a great weekend and we’ll see you online. 

 

Cheers!

 

Pierre

Posted at https://sl.advdat.com/3xOQ8yA