AzureTalk-Networking Part 4: Azure DNS, Application gateway, Traffic Manager, Load balancer

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

yes thank you good morning good afternoon good evening everybody my name is Nitish Kumar and I am lead Azure cloud architect I've been conducting as you talk for quite a while now I think I have conducted more than 15 sessions on either part and this is in continuation to our in a previous dispersion of presentations that we had on networking and you know we covered express out VPN and in a different connectivity model now today we are going to talk about actual DNS you know four components of I finish working either DNS which is named solution service for my shirt and then traffic manager will also talk about application gateway and I should load balancer and after all lays we will you know straight away dive into the demo and today I have invited Lolita Robert who is cloud technical specialist and he is going to you know go ahead and cover this topic that I talked about you so you know please welcome Lalit on our I should talk Molly whew thanks thank me just thanks for this introduction and I literally tear I'll be starting this session for and it's really a proceeding leaders screaming a chance to just go ahead and do this isn't for me and so just I'll just start the session here and actually talk about what the differences between as your DNS and on-ramp DNS and how we go ahead and configure it and what could be the the possibilities and the benefits of duration or the limitations would be there so basically also TLS as the DNS name it saves as a DNS name server which is this is used to dissolve name to the IP address or are the web transferred over the public IP address on the websites and and it is it is hosted in Azure so we can say as a software is a services as well and apart from that it has the features which does your DNS which provides a reliability performance and the seamless integration just you have to click and then you will be able to just guard and create the things so suppose solid yes we have problem with your voice is that the problem with everybody or it's just we shall now I have so stable or one issue they'll advise as noisy too much noise it slowly can you check your microphone notice right right in here since Becker all right let's good continue yes so these are the these are the major features and if you comes with the security or have more securities things over there and apart from that at the dns jones limitation for ISO subscription you can just go ahead and create the 100 Jones per subscription and 5,000 records and that 20 sets sets of records per record and basically if we just just come about the diagram over here and if the user if the a you self wanted to just if you need to browse in www.flu.gov than how it will be perform first of all when when this user wanted to connect from your laptop the particular websites out will go the first of all it just into the local DNS over and which is we there in your then it will just if the DNS server has a case then it just sort the cast and outer - they own that size if it is not then it just go to the good domain here and the root domain server will guide you where and the witch website has to be it so the first it just go to a collect data from your DNS server which is here and then send back there it goes to the user and then from your computer it just disappear so little where's the address and then it will just go ahead and connect to the are valid here so basically this is the photo would be there and Azure and the similarly if you just going and creating the things in on-premises you need in hardware and then the software you need to install as your DNS so DNS on that and you have to create that records the primary - Mary - yes see I can just add on to here so as your DNS is like you know is an offering from Microsoft which helps you to host any you know internet based domain or zones that you you know you would purchase from any of the domain registrar today you know Microsoft Azure DNS doesn't allow you to purchase a public domain name you have to buy from other public registrar but once you have bought that name like in my case I bought cloud easy calm I can configure as your DNS manage you know delegation also manage you know that zone for me and I can set up delegation so in that case all my you know query will get redirected to a DNS server and from a DNS server you know those records will get translated into IP and as you know DNS is naming our a governance DNS is a domain naming system which helps you translate a human readable name like you know website name like double double cloud easy.com or double double cantos or come to the public piety or to the IP and this is this is a job of a DNS server so as your DNS it does it for you in a public domain that you have on on to internet plus also it also provides name resolution if you have virtual machines within the same Vedic however when you come on Prem you will have to set up your own DNS server you can set that up in a Windows 2012 or 2016 has a DNS service which runs on you know Windows operating system and you can configure that so that will take care of name resolution within your organization so you know and you can have internal DNS server which will result service internally then you can have you know the external DNS server which is your this DNS ur which is on the public domain which will resolve any of the public resources or you know public URL on to Internet so this as your DNS is an offering from Microsoft which is meant for managing your public domain name and the records inside that and again you cannot register your own domain name via a short DNS but once you have registered it you can come and manage those zones inside the azure DNS server lecture on it is this so apart from that I'll just show you one diagram how out Alma so basically this is a diagram over here if the user 1 user is there then it just search into the local T in a server and then it will go to the root name server and the root name server suppose you are squaring to www.ge.com and it does not find any case he or any name over here then this local DNS server were routed to the root domain server which is root dementia was nothing but like a shot comm dot n dot neck and the similar way it has seven or eight roots so was dotnet so it just find it out this is go to the dot-com I was not able to find that cloud is U dot cloudy sitcom then the dot-com say ok that IP address the public IP address has changed or probably it is not with you then it just sent ok this is the IP address or the packet or are probably I practice then it will good it will be coming into the local DNS server and the local DNS server will send that request to your internet name server well it can you just quicken can you maximize this window thank you yeah good spigot so so the local DNS Ubu will just go ahead and connect to your internet dotnet so a name so which will just find it up okay this IP address has been assigned to this particular address and then send it back to your local DNS over and then local DNS over then send out okay is has all the details and will be routed to your as your DNS button either it is hosted into the azure or whatever the like probably primary the secondary and on let's just send it across to your Akash and find out the NS record or the a record a record is nothing but it's just the address record which is associated with your deal with your web sites and then it will be finding out through DNS and the NS record is a name server record which is used for their suppose you have a cloud easy.com and and that IP address would be associated with it and it will finally validate all the things and then send the information to the user and add a direct connect to your cloud as you calm so the DNS server would be working in this way so like you know that the way to work is to keep it really simple so you have a user he wants to he or she wants to resolve a name now you know you don't know whether it is your internet resource or if it's an internet resource so you know first your user will talk to your local DNS server you know which is running on a domain controller if it is actually if it is Active Directory integrated and if it is a local user name resolution that should happen so the local DNS server itself will resolve and provide the result to user but it's in if it's not a local resource and it's on internet so let's say it's cloudy is the WWDC calm so this local DNS server will forward that request to the internet root server so root servers like a host at the top-level domain we have called TLD we have called SLE TLD is your so you know calm so calm is your top-level domain and then cloud easy your s LD we the second-level domain so first it will go either your local DNS server you forward it to the root name server which you see on the right side of the top you know which serves the comm top-level domain and then you know that guy will say that hey I I don't have the record for cloud easy but I do know who has you know hosts of this so that will send it to you know cloud easy calm and you know it will come - so in my case I have body from go daddy.com so it will go to GoDaddy DNS server and from GoDaddy DNS and say that hey I see that you know this domain is configured as a delegated zone - as your DNS server so please go in talk to the azure DNS server and you know Microsoft has for a name servers and then it will forward that query to your actual DNS server and then from there it will you know serve the record for you know your domain name so that's how it works so it works in like you know in harmony so you have local DNS server and then you have root beer you know DNS servers and then you have you know the your internet provider name server which host your domain name and then you have you know your answer DNS so that's how you know it works in complete packet I think oh thank you like no you just just completed a DNS server and let's move to the onshore traffic manager and basically as a source with its theme is the traffic manager it's used to manage the traffic known I call it the slice has not refreshed you have to minimize yeah all right so let's move on to the next slide yes no night there yeah great good so the actual traffic manager other traffic manager assistance with his name is a traffic manager who just managed that drafted in your on-premises network or in the and I assured how the way you won't read it so the traffic manager just without the traffic which is coming to your broad or the bear applications or the your VMs or the external endpoints you have so basically it's just manage the traffic and route the traffic to the different applications or the load balancer applications so in one particular applications or one particular VMs or the server's does not have much load so it is just hang out order just got dressed basically sisters marriage the all the traffic within your production or into the US you so the traffic manager is is has its works for in a threeway like a direct point and external endpoint and the nested point other end points of the way you configured in the azure endpoints is just only work for the issue whatever the application or the cloud services or the Mammoth's you have configured in either so you can just configure the traffic manager survey okay you need to just manage the things in either but the external endpoints if you want view the external inputs which is allow your application as your plus on-premises to just your balance and the route the traffic over the internet and the nested movies use in the more flexible environment suppose you have a bunch of services and assure and the bunch of services and your on-premises and just have a complex network and you just need to route the traffic between over the Internet and you don't want your products and application to be harmed or the hampered and such environment you just use mr. data point so it may be your environment will be flexible and work accordingly without harming anything's and it has a couple of features which just it will help you to maintain your downtime and it will allow your on-premises and that cloud applications based routing traffic and you can make it manage and maintain your cloud availability through as you profit and if you can just just look out this so lonely that I have one question about our Traffic Manager so I mean do we know you know when when we will use as you traffic manager or what are you know the in points that it supports so the Traffic Manager which will be use for the basically at least we use for the production applications and the end points which is support it's a clouds or the IP address based or the cloud endpoints if you have anything or the BMP the cloud services is supporting basically okay so if suppose we load balancer if you have a load balancer or the VM the application gateway you can consider it just one question for from my settle it you know a little confused because when I studied the traffic method concept so are there any profiles that we have to maintain for traffic manager like for example I have web apps being deployed in two different regions for example Southeast Asia and somewhere in Gulf so by any means I want there to be a load balancing situation to come into picture so do I have to create some edge or Traffic Manager profiles or like just like endpoints that we have in ilb so what what should be the procedure in this case is just a profile or an endpoint would be required to do that similarly the things this are the two better sabertooth of you Tiberius rate so you need to create the Traffic Manager and then you have to create the azure endpoint and you have to just just add both the applications while continuing the elements that may be a dyke an IV saying in the demo yeah I can I can take that question so I mean that's that's a very intelligent very excellent question so like you know Traffic Manager obviously it helps you to route the traffic now you know we know it helps you route the traffic but how and what would decide you know the routing method so as a traffic manager has it you know as you said it's a profile or in some time I also called you know routing method that you can configure and it supports four methods and depending on how you want you can configure that so it has waited in a profile where you know you can assign a certain width and you can route your traffic if you put fifty fifty percent of weight then you know if the traffic will be cool assured then you have active passive weight and you can say that it's a priority it says that this is minus priority and this is second if first is sound and only go to the second side the third option that you have is you can set it on the geography so you can say then hey I want the users only from India clicks as this application so please restrict the traffic to in depths so that's that's option so I mean the it supports for a different option so it has performance which is look local location based it's closest to geography then it has waited you know you can split the weight then you have you know IP which is based on the geography in the location so in total it supports for profile or you know routing the methodology and irrespective whether it's a virtual machine or a web app or just the web apps could be used a I mean just in case if it is not there is there a way to tweak it to use it for a VM I mean just so you can I mean you can decide yeah it's a public IP you can use it mmm-hmm so it supports for you know VM with a public IP and I need to see if it is I mean public IP is must but you know it certainly supports VM if you have public IP web app anyway supported plus cloud service which is the old model and then you can support not only that it also supports external endpoints external impulse let's say you have DMZ application sitting on primer and it is a public IP you can do that so you know suddenly it's all supported then as long as they have public eye you know because as you said a public IP so instance level IP address is there in the error model you know so you can have like right so you can have public IP and private IP ports right so you can assign so if you have assigned public IP you can use as a traffic manager as far as I know I don't know about the private IP I really have to confirm that term obviously that is mapped with the public IP itself because the reason I raise this question is recently we had a I'm sorry to interrupt Alice in the middle in the middle but I just just in case we had a problem where we could not reach up to the VMS from the office network and an RDP session so we created an ILP so that you know we could map it to a different port which is other than a 33 8 9 port and we could just do an RDP yeah so I lb is different than the add your traffic - right I mean just here the question came out of that on the neeraj I want to add something sure traffic manager basically introduced to route the traffic between two different zones either it is 0 to Azure or on consistency and it will not work with the private IP it only work with Bobby and char but Chuckie anyways a public IP is masking your private IP anyways so obviously we will not end up using any private eye peas in the VMS itself but until unless there is some requirement of some security issue I mean I don't see any other problem in not using aldomet the typical use case would be you have as your traffic manager at the top level and that proxy of your internet load balancer ilb you know which I mean and that internal load balance our interns talk to your privately and VMs with privatizes that's how you know you can configure considered correct current connectors and you don't need to give public IP to your VMs if you use internet load balancer yeah absolutely and one more thing is since this is going to work on being a cname record so I don't think it will work for private IP as our engine mentioned yeah good point all right let's let's proceed Lally suppose another diagram is just walk on and suppose you just wanted to just configure the cantos or comments email would be the content at a traffic manager comb or also received comment then he had just put your all the sides or the three different sides into the traffic manager and configure it so here you need to just provide the endpoint public IP address for us you and asia-pacific and it will the way you configured your traffic manager like it would be a performance based or the regional waste and probably in other ways so based on that we'll just salt your traffic so this is daikon this source yep that's a good example so you can see here like you know your use case would be you have a us in point you have European point and then you have a packing 24 crew ball organization your web app can be hosted in two different locations and then you configure performance as your SEO traffic manager profile or your load balancing you know routing method so in that case what will happen user will hit one in a global in point that will be a virtual traffic manager and you will create a cname record basically at you and your name will be something like your application in traffic manager dotnet and then on top of that you create a cname record you know into your website into your DNS server and from there you will resolve a traffic manager no traffic magneri depending and if the user is coming from us it will hit the US website if the user is coming from Europe it will get routed to the Europe website and then you know if a user is coming from a pack Asia India or Singapore it will hit the attack in point and one thing has to keep in mind that you know all these three web app has to be in sync in your code and all in front unless you want to render different pages to three you know for people you know from different geography otherwise you know you have the same good your recursive DNS search for this particular website and based you configuration and just sorted to the traffic management and left traffic manager has to choose there has to or out the traffic if it is the performance based or the region based and just route route the traffic all to the particular websites or it could be that if you are if you are using any external uses then just go over there so it will be just coming over here and then I'm going to the client directly and selecting to the end point not through the traffic manager so basically this diagram is so the based on your requirement and how you configure your of traffic manager based on that it's just route the things over there so let's just move to the next slide once I have been conscious of it we can't because this traffic community okay so yes article yeah I have a vulnerable position it has been altered in the address line Europe Italy and Austria so if go to the complication of this topic vinegar red actually be suspended so you will go on I'll take that question for you so what I understood is we have three application in two different region and then on top of that you want to configure your traffic manager and would you do that right so you will create a so traffic manager in agile portal so I think you know Lolita has the demo so you go and as your portal and from there you create as a traffic manager and once the traffic manager is created you can go into the property and the setting of how your traffic manager and you can you know include your into points if it is a web app you can add all the three web apps if it is your all owned in point which has public IP you can add those public heipiess and then you can also configure the you know performance as is traffic manager profile so all those settings you have to do through the agile portal okay just out of the question yes we are not in the others there are ability is another application you guys anyways calendar to create easy okay very soon so you will get couldn't before yeah yeah so you will need a like it now as your subscription at least you can sign up for like you know trial you can sign up for pay-as-you-go model and you can just consume eyes your Traffic Manager so this this has to be consumed out of a support you can't have your own standalone and if we have a option in your traffic manager to add an external endpoints to so in this case we can add through we can select as an external endpoint and you can mention your endpoint name or and it will edge of traffic manager automatically will detect the endpoint for you and it will show you to as an online if it is connected okay all right well okay let's move more valid let's move to the other application gateway so as your application gateway so is a seven-layer of load balance method we just secured your applications completely well lolly lolly let I have one more question on traffic manager before moving the application directly is that fine yeah good a little job how Nestor the traffic manager will work here but that's that that's an advanced level sprouting that happens right so maybe you can have a use case for example within so let's in u.s. you can have a web app in u.s. you you can have web app in Brazil so on top of these you can put in a traffic manager right and then in Europe you can have one web app in UK and one web app in let's say in Europe West you can put in traffic manager on top of that then in epic you can have one web app in India and one way web in Singapore on top of that you can put in traffic manager and then finally now you have three traffic manage it you can put in another traffic manager which will load the load balance or you know rather you know DNS balance all these three traffic managers so you can create that nested profile like Mayaka yeah yeah got it thank you wait yes so as your please just this is a just this kind of the load balancer you can say as a family civilian protection layer which is providing for your applications and for your VMs the beverage the products and apps and it has the future of windows WI windows Application Firewall we just you know this just of secured your applications and it has a couple of features which has the application web application firewall and it is load balance your HTTP and cookie based decisions suppose you have already cookies and then this is allow users and then you can just configure the SSL things over here and just you can monitor the health and then it will redirect the requests as well an apartment that you that advanced level of diagnose diagnostic things while when you just consider the azure application gateway twill Babur's or the VMS or or you're basically apps applications and how the application gate we will walk suppose if you have and use if you haven't if you haven't this user and just external user and you're connecting through HTTP to the application gateway and this three server you have already and that is all that the applicant gave you is already considered then that this this user will send that request to the application gateway and from the application gateway based on your rule and firewall in the port or the IP address which you are allowing to connect based on that it will just head to the those three servers and router traffic is suppose if the unknown traffic or also the malware Reuter or some someone wants to hack your environment and that that and your busiest block those IP address or it is not considered that it all the things would be stopped over here and it won't out your request to all the VMS over there the similar way the another another another speaker over here and if you just consider the traffic manager on the top of the application gateway so how it will walk so that request will be is out into the traffic manager and then traffic manager has to decide but based on the reasons in which regions it has to route the request either the region one or the region two and then basically like if you have a container and they have a lot pics or the videos or other pools so then application gateway will decide okay uses requesting for the same pic or probably the video then it just sought your request to the particular a spool and then the possibility processed further miss so maybe I can just add on to you know into it so as your application gateway works at layer seven so most of the people you know if you're working on production environment you would have heard of reverse proxy so like you know you can say it's a reverse proxy for you so it has two features one it act as the reverse proxy plus additionally Microsoft Hall also you know included the Web Application Firewall feature in it so as a being a reverse proxy it can help you with SSL termination and SSL offloading so that you don't your web app doesn't have to do the actual SSL you know termination and which will save a lot of CPU cycle for your web app and you know application gateway can handle that SSL termination for you and you know it you can offload your SSL or you can have into in encryption with your where you want and some of the you know the benefits that you have if user application gateway is as Allah lead pointed out that you can have in different regions on top of that you can put in a Traffic Manager and that way you know you can load balance and you can rocks the traffic with the closest location it also supports you know URL based routing or content based routing what that means that means that you know you can have a pool of servers one server hosting other images once who server hosting your video so based on the either URL so let's say firecloud easy.com slash image it can go to one pool and you know where location firewall can sorry the application gateway can recognize that and send it to that pool number one and if I have cloudy sitcom slash videos it can recognize that there is no extra URL and it will send to the pool number two so that wait you can also configure that and that that's on the you know the reverse proxy side but it also has web application firewall which protects your you know which protective website that you have hosted and you can basically it's a firewall for your web application it will monitor traffic and you can consider the rules what rules so they are a wash the rule open web standard in a vulnerability which are there it's already pre-configured you can configure those out of the box and you can also configure your own rules if you want to so it will monitor all the traffic if it finds anything analysis it will drop those packets if you know traffic is inspected and in a traffic found to be good then only it gets forwarded to the backend server so it's sitting in the front in and monitoring all the traffic just one question quickly just one question quickly so this is about the URL based routing just material content based routing so does that mean that if we have a particular URL here will it help us to route the content to the destination I mean is it like some kind of a logic that defines based on that URL where it should be routed to yes so in application great way suring you can define that and you can configure those rules and you can say that in our image should go to back in pool number one and we should go to package pool on picture okay actually need one question for myself yeah yeah so news you mentioned this as an application gateway is also equipped with Web Application Firewall yeah so does that mean it also helps in fighting against the DDoS kind of attacks yeah that that's certainly one of the point right so as I said it protects your website it protects your endpoints so anything you know coming towards malicious code are trying to for example sequel injection is also one of the cases and in the trying to hack into your website it will protect you against ants so certainly if a party for DDoS RAF must be your in your tool kit ok ok ok so RushCard has a question about SSL so risker I don't know if I'm pronouncing your name correct so SSL elimination so you have like you know secure socket layer these are the HTTPS when you access any website it goes over SSL so when you don't have any application gateway in between your SSL termination will be handled by the web app so that what that means that means you know it will receive the encrypted packet and then it will decrypt it and then you know reduce content so that included that in our receiving cryptic packet and decrypting it requires CPU cycle you know the decryption of that packet but if you use application gateway you are offloading the task of decrypting that to your application gateway so application gateway will have the certificate install and it will take the you know traffic coming from you know internet from all places it will you know decrypt it inspect it and then if it finds it send this back to the backing pool so you are not you know you're back in pool or the server doesn't have to spend CPU cycle to decrypt that traffic hopefully I answered your question Driscoll okay let's move on to the next case yes that slide would be the other load various services over final one over here and the load balancers delivers the high availability and the network performance and is a based on layer for live layers for applications and and it just manage and balance your pH your applications and to route the traffic either the internal load balancer or the external load balancer which which protects your applications and maintain the availability of your VMs your networks and apart from that on the things would be fallen over here so suppose if we can say suppose if if you have you have been okay so once we have an public IP address it's just this is just coming to your DNS server and we just configure and load balance over here then that this load balancers decide based on your configuration how you configure the performance or the network or how how the circle just is out you're on the traffic to between 3vm so whenever the accusers hits more into the one VM then it just automatically route the thanks to the another takes to the another VM and then to the third one so suppose an user or the computer or the user is just requested okay these are the things would be there I just need this need to access this particular website or the IP address so how it will work so if the user would be here and then it's requested then it will just ask you the source IP and the destination IP which protocol you use the port number and once that all the Packers and the node well and service identify is everything and the trusted then only to just go ahead and route to your private IP or the port and which is there in your these VMs through your cloud applications or your over the Internet over here so let's just move up to the demo anybody has any questions over here so maybe I'll let me add on something onto it right so we talked about the actual traffic manager we talked about the you know application gateway and we talked about you know application gateway traffic manager and answered load balancers so as your load balancer is at layer 4 where is application gateways layer 7 I think we have a next slide where we talk about the differences between all these 3 components but they understand you know you you can have internal load balancer and Internet load balancers so internet load balancer is when you want to access these VMs with private IPS from public from Internet in that case you will go with the internet load balancer and the top figure which you see on the left side is depicting the internet load balancer whereas if you don't have any like you know intern external endpoints and you really want to be on the accessing it from intranet in that case you can configure the internal load balancer and that IP can only be accessed via VPN and you know through internal sources so that you can do it and here you know what you see there is a camper comparison chart between you know these three components as you load balanced application click on traffic manager as you can see the agile load balancer works at layer 4 which is transport layer TCP layer application gateways layer 7 it only supports HTTP HTTPS and WebSocket it doesn't support FTP or any other protocol it only supports HTTP HTTPS and WebSocket finally you have traffic manager which works as the DNS level which works as the name resolution it's intelligent brain behind you know resolving it to the right endpoint and it does it depending on what profile you considered the protocol so that I supported as I said that in case of load balance and any protocol is supported anything which is on the TCP layer will work whereas application gateway it's only TT pista TPS and WebSocket and the traffic manager side any HTTP endpoint you know or will work for you for monitoring similarly at the we need support that you can do so like you know only load balancer and application gateway can be deployed in V net but traffic manager cannot be deployed inside the Winnett the endpoints that are supported for a load balancer you can have back in your agile regions and cloud service and for application gateway you can have any actual internal IP which is the private IP and public internet then you obviously can have the rival medium and also that that's what you know is in nutshell the differences between different load balancers and application gear to in traffic manager I I just have I just had a question because this was asked about the Geo traffic managers role in ASR so I was little confused I've heard in past also that as your traffic manager does play a part in a sir so can n it just can be a brief idea about does it actually play any role in ASR so it's just yeah I mean you and make a rule for it in your ASR plan so you know basically in SL what you have you have you know your on-prem and you have you know club now sr you know can be used to replicate your vm workloads from on-prem into a gelatinous trimming that and you can use a razor Traffic Manager to point your your website to the internal sorry to the IP which is hosted on your DMC and you know when the ASR you're using a side and there is a plant failover and if there is a dr situation and you want to failover you failover into a show and then in the edge of Traffic Manager you can go and flip the IP that it is pointing to instead of your on-prem IP it will point to the IP public IP which is hosted in action so suddenly it will play a role for your answer okay thank you image so now just we're just going and moving to the demo and then the first demo would be are you showing at how we can create an azure DNS and so to create a your DNS first of all you just have to log in to the portal todashev calm and then click on the first sign and then go to the networking in the network and you just go ahead and select the DNS and provide that our DNS name I'll just come and I have already had a source manager with me where does this all the settings and everything would be going in and saving over there and I'll just add and create one and the meanwhile are the TRS servers getting deployed and configure we'll just go ahead and create the Traffic Manager as well so basically for the traffic managers you have to follow the same system else this DNS traffic manager and Azul load balances applicant get behind the part of networking so whenever you just need and create anything related to the network just go to those Sciences just click it over here and just give it the name and the method which we are talking about and working on how the method will evoke the performance based method why default interesting the performance based if you have the 10 application or the 5 or 10 applications so based on the performance is out the traffic and the priority if you just select ok that Asia region is the priority or or this disk graphics or that these websites with the priority based on that to just route your traffic and the geographic is a region with either is in the ACA US UK and and other so based on that you just just go ahead and you know unselect it and configure it and we can modified after creating if it is needed go ahead and clear the traffic manager let me just give you a brief in DNS services already created so the overview you see the resource manager and the name server over here and how can you set that record and probably the whenever the DNS server will be created it will be having automatically these URLs I record the name servers of course and the DNS reports and the entry and the expired date and the detailed time for this particular TS server and if you just wanted to go ahead and set the report over here suppose are we having an another web applications on a VM we just need to route through this DNS server suppose you can say on CLD and then another applications or the soul census we need to create an airport which is address record or the triple a record which is used for the IP version 6 and a report is used for IP version 4 so make sure that whatever the IP are using you will choose that the 6 IP version 6 would be here and the area code would show the I to version 4 so don't confuse us on it and apart from that the cname record which we already talked about the senior God which is use your the content name references associated with you services and the MX record and the name resolution record and so I will buy a max record which will be used for the exchange if you have an exchange over and you just wanted to resolve your accessible name to this DNS server you just click over here and type your mails over them and the preferences over here and the tittle time title will time could be always in our minute second days and week how much time you want that server or the applications to be routed or to be ended so the detailed until that maybe just just try to Ellis's for one are for two also for 30 seconds if it is not message to the 30 seconds less routed to the different network on or just give you a result so basically it's just just consumer the way you configure these records in your on-premises the similar way you just go ahead and create all the records over here I'll just start that one more the court took the random IP address suppose I have a hot girl Soho or our fee LD the another of all the applications over here just wanted to add this IP address over here I just don't have to do anything and it's being just added over and similar we can add up to 5,000 records and the per record set is just add around 20 or more than that single if you come all the properties we just wanted to look at about the properties you just come to know like where and how this resources has been deployed and the VIS resource group and and the subscription and another part even though the lock is a new security feature in as you so if you wanted to add a lock so no one can delete your resource or the people doesn't have access they just read the information don't make a change and all and apart from that to diagnose it as the sole problem they just help you to understand how to solve the problems with basic scenarios of the DNS server if it is not functioning properly what are the settings and the things you have to take care of manager so it will just so over here let's just basically source the basic scenarios which you usually see over here I can't give that DNS over the solve a recording apart from that color and let's let's move out to the azure minute and also we need how you are going and setting up the DNS server so one DNS server which we are using which is that volt provided by the archer but the service the server which I created that issue one service that means that you're bringing you own server or the on phone service to the usher and you can set up the custom DNS server over here and suppose you have a public or DNS server domain register and the actual the public probably the godaddy.com or other other domain providers and it is routable over the domain or just wanted to configure you just add your DNS server over here and save it and and it will be muscle whenever you just going and deploying any VM or any applications that is connecting to your on-premises environment which will just resolve your hostname and you can just you know take that remote using the hostname but for this demo I will be just using the ticks over here that default is will provided DNS is opportune what do you want anything no I think you dropped off okay so anybody any has any questions yes sir I have a question yes see when you're showing of the lock options over there right so considers and are you aware you are the network admin or you are the person who is configured all right and you configure the items and you left the company right so will that be will that be possible for someone else to make any changes or will that be possible for someone else to make any modifications yes so the the subscription owner has as can change based on those are back rule or the contributor has an permission to change those things it's okay so that yes so basically when you just create and subscription you will be providing an a service administrator account and that has probably if some monies is the guy who is suppose you see a manager who just set up the subscription with his name and he left out the organisation and didn't tell anything to anybody so you how you can proceed further basically the euro since this so how we can process for the like we can just go ahead and create a subscription take it and change the ownership to the current one or if you have the contributor or the owner then you can just go ahead and just just delete that user but you can modify it but you cannot change the server segments and meseta serve assessment system of the subscription transfer would be done with the Microsoft support ticket ology because they will be playing out and I have I can add to this here I can just access this tell it it's a very important question and we take into consideration lot of things before we do all this stuff in the production or we design this stuff with it as we know we cannot have a single point of failure over here they could be a position not just he left or maybe he is sick or he is not there and he is not in a position to share anything right even in those situations we would still require somebody else to fall back on so I would rather take a position where I will have more than one users doing it rather than depending on just one user or one ID only so I would say the ideal way will be to have a prevention but you know better than cure situation where we will have more than one person doing it rather than relying on just one single point of failure please correct me if I'm wrong will it does the best structures emit yes it's always the best best practice not make one the service atmosphere will be one but you can at the global administrator owners and the contributors based on your are back rules so suppose you fall so if you have a two or three managers or or the team please you just keep the access 10 so they can see is modified accordingly omit to add more on this side so we will have our subscription we will have one account administrator and one service administrator and we can add 200 coordinators so in this case I'm normally an enterprise level so most of the users will be added as a coordinator or a contributor or a wonderful site so so here we will have a less chances to whatever you mentioned that I think if he further without were the person configured and left organization total my question my suggestion was here it was actually from someone else the question so is this morning putting across your window there when we designed that we will have not have just one man or one person or one identity handling this here you please go on yes yes I mentioned so only coordinator can create and they can also put the logs and everything even when they quad measure the left there is no impact here so only thing is when service administrator or when an account administrator is changing the company during that time there is an changes of required so during that time we have an option if it is service admin left the company account admin can change the service name or service administrator itself till the contracting theater we have so the best practices whenever you are taking and subscription as an enterprise level I always prefer and recommend even to Microsoft rickman you have to you just go ahead and create one as your account a demo account or probably the production account or the service account in your organization and put that and that account has access to all so if anybody leaves go out doesn't matter because this is the organization owned account suppose you have an organization like cloud comm XYZ cloud.com I just created well it's at the rate xyz.com and added over there so I have the ownership of this account and after me who over the manager and everyone come he has the bonus over this even though you can change the password randomly if you need it to manage it so the best practice whenever you're taking a subscription apart from the testing environment best way to just go ahead and create what Enterprise we will account we will just go out and manage all the subscription so the matter is closed who came through bad at all but apart from that if in case B we just find out okay this is the vs. similarity on this then yes always we just change the subscription to that different service and mystery really the question yeah the question was for the loss rate so I want to add one thing see either you are as a service account or owner or owner account or co-ed means anyone can modify the log and the log is introduced to just to restrict the deletion any modification you cannot do any modification in the subscription unless or you remove the log so anyone can modify the log either is a co-ed mean service owner or account admin ever they have almost a single right okay so yeah yeah this is rigid I'm the one who asked that question however I don't want to deviate from the topic I do have another question the reason is like when we are creating the co-administration the respective of whatever the whatever the items which we have it in our plate you are getting the similar permission across your subscription which you are assigned to right right like yeah in normal enterprise scenario you won't give for administrator account permissions for all the all the patches that you have like network there would be a network admin and that would be a storage admin that would be like their their designations with respect to their their portfolio has been already designed but when you create here at the administrator whether it does matter which which area or which area of your enterprise you manage you are getting the permissions for everything right yeah so is there any way like we will discuss that one because otherwise it will go you will go to a different direction at the end we will we will pass this question right now we will discuss at the end once you consider done with this issue so let's just move it out further on as your traffic then the traffic demo so it is Jesus overview just shows the routing routing that code over here and if you just come out and configuration part now you can just just change and modify our own based on done things the best way to just you understand in a in a situation suppose you don't know what the performance method this you have to click the Maxima to mark and it just shows you they use the matter whether the end point is a friend with you graphical region and the priority waste matter you want the method you want you to use the various methods and that TTL would be DNS time-to-live like how many times how many seconds they just trying and target those things if you having an endpoint with an STP or HTTPS or not TCP how you are going in and setting up those based on you know creation and the port number which you wanted to follow over here and the path suppose you have to dump them to you dot gog.com on our cloud comm slash blog or then you just just specify the path over here if you want if you want to hit it into the specific URL apart from that you have a drawing interval call it number of times both times so so basically this is the health box and one times you just configure internally so just just configure your either could be the tan or Broly the failover time will be in seconds or ten of the thirty seconds the voice what would be the thirty seconds and the tolerate time number time you just just increase oh it's a three - you get increase number of ten times or 15 times and the similarly would be the folk timeout and how we are going and configuring and point over here as we already discussed if you have an azure endpoint over here we have already two VM switches besides this I'll just give you the services or the public IP I just say the public IP address over here I'll just select a one public IP let me quickly add another public like a here [Music] let me correct me if I'm wrong the endpoint has to be private IP right the register phone should be public IP Republican please don't use services the services you are using the cloud service is used for the old model the classing order and the app services is there if you created a web server places on an application service a lot application service a lot which is just used for a deployment model like to forego into the production then you just create and three Pro or best the deployment you just wanted to route it over and test it of course over the traffic manager is just use that so basically we have two public IP address resurgence created for the VN and once it's just check the enforcement will be confident and is there in the properties all of the rest Celtics would be the same [Music] also basically just ask you to provide the public vibrator the load balancer house just going in creating all the straps it would be the same over here and then you just go to the give it the name and that you need n a public IP address to configure the load balancer either you can select the static public IP whatever the public IP you are over giving over here and just give it the name or the tandem-type' clear displaces the dynamic IP addresses just what change automatically moves as we started I'll just take it there and I'll just give it the name I'll just use my recreated source manager and creating over here and similar which is just just tilted I'm suing and creating I'll just go ahead and create the application gateway so basically here you just have to choose either need to go for the standard or the Web Application Firewall and put or the size you need to select how many instances would be here the subscription if you just just going and selecting over this and just click over here it will ask a couple more settings the which virtual network do you want to connect I'll say ok I just wanted to select my bus you let go and once you select the virtual network the subnet I paired this which is associated with the virtual network would be automatically selected and as we could have the private IP address we just choose the public IP address where we are just going and creating the another public IP address so the load balancer for the place and gateway and then here the listen up on three is a listener contributions nothing but I just your HTTP I or you need an HTTP if you select the SDK - yes you need a valid pfx certificate with with the name and the password so as we don't have just you select over the port number 80 you just need to go ahead and configure this applications I will just select ok and you can upgrade any time these applications to the WFA or you can just just migrate it over till the time our the application gateway is getting configured but let us take 30 minutes so I have already created an application gateway for you NS is ready for a demo the application gateway is for the monitoring and it is a configuration part and again if you choose this you can already told that how you can just you know move out to the applications or to them and even though you can just increase the instances if you need it and it will be like going for 15 instances max here and then if you just click on the web application firewalls ad is this it is non upgraded if you just wanted an upgraded to Buffalo firewall it just asked the which mode you need to be tried exit detection or prevention so whenever and even just shifts to your sequel or the web applications so how it will be preventing and these are the routes the goose was and over here just you can select one if you just wanted to configure other one okay these are the things over here I will just there's a default rule okay you just just wanted to allow these as IP address or you just need to deny or or so someone cannot access so basically these are network configurations just you go ahead and and select over there and the backend rule is an important rule we're just going and configure confusing your applications VM and adding accordingly suppose if I just wanted to add an IP address or a virtual machine say a virtual machine suppose I have a personal machine of this I'll just say an another virtual machine cloud easy now let's just save the settings over here I'll just go ahead and save it and it's just saving these things so how the application gateway will walk forever beer oh here these are the bed up to you Sylvia small crowd or so and this the another one is this and you just go ahead and select a publicly pair this over here and now this two solvers we just put it to the bag applications and let's say this server is just stopped take something and this application is not moving so how it will be headed [Music] [Music] [Music] [Music] just go Hardin and browse this and it will be just sorting to this server and [Music] that then we just talk about the application settings over here over the HTTP settings will be there is other now that is the TV settings for the copy waste citizen is just disabled so if you just wanted to enable the Pookie bear session and runtime and the port number under HTTP let's just use just go ahead and you can use the custom Poe as well if you just need it to then come to the front end IP configuration is suspended IP continuations nothing but it's just the first one is just your public IP address and the private IP address the private private IP adresses is not considered you wanted to choose an IP address and add it to your web application since it will just go ahead and just routed to your public IP address and that if someone is trying to head to your public or private IP address it just saw the biggest order private IP address and come to the listener and here you need in the basic s3b listener or the multi-site multi-site suppose you have the 10 or the 15 sites which you just wanted to add over here you just go ahead and add those all the applications into a front-end and choose the host name and the HTTP IP so from this website if you have enough that we users from the different different reason whenever they just hit and then this gateway we're taking care and routing your applications to work your web apps either you can just just go ahead and you know configure the rules the rule which is the basic and Department the basic rule are always for like it will be the listener port or the listener services you just need to configure over here as we don't have any anyone and we don't have anything to be created over here so we just having on this this settings over here but for path based just basically just go ahead and then unit is providing the path of your application and the port or the listener port and then your selecting this slash Phyllis Basel is blog.com and just the backend tool and that's TTP settings we're just go ahead and hit over the Internet and then it's just routed over there and what were the things is just need to block or just you need to read out 2,000 different things over there and the health probe is a static purchase it is used to check your applications or the web applications health and you can just toured over the name and the protocol which protocol or ITP or the HTTPS and hostname and the path and the intern world timeout and are unhealthy threshold if your application is unhealthy for three seconds or three minutes I just go ahead and you know just routed to them say okay sin Phi zero three error or the fortieth year they just send out and results and the properties will be the same apart from that you just configure the alert and the diagnosed and you can check the back and health into the web applications let's quickly come to the load balancer frontend IP would be the same as hazardous working with the web applications so if you wanted to just just check out the properties of this it will be always your the public IP address would be here and which is the this IP addresses is not enough and I paired this only will be taking over here and if you just go and check the backend pool and here you just go ahead add your virtual machine and associated with the availability set so the best practice is always or if you just going in continuing the load balancers should be an availability set so it has the proper properly configured and and then your VM is continuously running without any interruption and and your products environment won't be harmed at all so just and select over here and the name so I have a this I already created two vs with the availability set I'll just say load balance one I'll just put the heading you can ask as number of SVM's over here so they will be load balanced you know now about distances been added and similar way as for the AL probe as the load balancer rules this is just you need to you just just set the front end IP address on de and then you you just want those obligations or the rules as with heading to the port at D and the port 80 and the backend IP address and the backend rule and session should we persist you can now can at the rule like that and involve net rule which is just used to you know just use for your hydrogen for the custom rules or the board risk you just wanted to allow the FTPS ssns ntp port as HTTP I am PS and and apart from that to cover a couple of more the dynamics pores you just wanted to allow your dynamics applications to be broke on or the sequel pores or the SMTP force Bob theory and apart from that the whatever the pores could be they're just you just added over here and just you have to assign it assign it to here and associate it with your applications and then it when you walked out and parts of that they we just don't give minutes more so it is completed the saucer here and if you have an ago says is for another for 10 minutes 5 to 10 minutes please ask okay thank you let it this is the same question which I asked earlier so I'm just picking it up from where we stopped so regarding the service area the coordinator we have multiple called instead of coming up so wide afford the car instructor will be share the same scale of permissions which we have if that is the case is there any way where we can create coordinate with respect to the departments if it belongs to and unassigned permissions or revoke permission so that they won't mess up with this situation yes you can get a certificate always a sander word mister based on the department's basically the administrator features is used in in classic model we just just go ahead and go to the settings and then we'll just select the permission tab or the atmosphere it'll just add it apart from the first admin system is died County used to create the subscription that will be the default and message of the solution listed and you get this and hundred and we'll go at my sitter to there is a subscription but if you just just go ahead and you can you just use you guys over here the subscription so this is it and another topic so just you get toward the permission is a contribute permission over here let me know what is the question the question is can he add with the separate departments administrator and gives us the permission so they can manage departments correct yeah you are right because basically that would be the way where you can you can you can protect the product the scales over here right yes you can and apart from that eat up the west Fisher is you just use the all back office which is over here q is a school and click on the subscription come over here are en let me sue all the rules and you can add this organization ID and select the rules based on your requirement and even though you can select the rule application waste so basically if you are providing so basically if you are providing Co admin access to the users and the categorize into the different departments the axis label is same for all so you can categorize by using a group in the ad a create a group in the ad like this is for storage team and this is for networking team and provide IMX access is by using IX existent rule but it should be in a surety yeah that is the problem so when we have India's rating natural ready it would be possible but from on-prem you won't be able to explore those accounts and bring it over here no I think I think andis we can still do that so if you bring in identity management to the picture then absolutely there is a way to do it see when I said in the beginning that we need to plan in advance when we say Co admins are giving more than one access right so this is one where but that is definitely not the structured way of doing it right please correct me whenever I'm wrong in going wrong in this direction so what I believe is that we would have to sync up our local ad with a jury if we have the intention of managing different aspects different resources in the ad because what happens is there are two requirements here number one the requirement is that we would require it to be managed in different emissions right we'll give different permissions to different people the second requirement is that we require those people to use their on-prem IDs so when we are constructing such a resource I would really believe and strongly believe that we should definitely have an edge already there in place so what does it do that it gives you the Liberty to use your on-prem accounts to manage this stuff right there Anna sure whether it's not I mean people what the build what people have an assumption is that its entirety is just for the sake of custom apps on the shore but that is not true it can definitely be utilized in this direction where you can give them the access which is required to touch base or the permissions that you require to handle certain levels here right this is one way the other way I believe I am sure that would be then plays there is a surety domain services can be utilized in this situation as well right so the idea here is if you wish to use your on-prem IDs let's use Azure ad think of with the edge already using edge already connect or federated access to the edge already connect to the on-prem ad and then definitely people using their own accounts can easily do in the list of their and I can have a example just to give you an example of this is a wonderful example Azure stack so when you create Azure stack normally it also creates in it is your Active Directory account there in your reserve so why is it so because you could actually manage two things in the hybrid structure so eventually it's the hybrid structure that you're doing so I believe this would be the right approach if anybody wants to add yeah a great Amit so there is there is a challenge which comes up in some of the areas basically some customers are not ready to get their area up today or they just want to see how the permissions model works how it is working of it it can be contrasted TOC initially it is pointing evaluates to the for saying that hey this is a trusted solution where we can go in and they they basically wanted to understand from a permission permissions and roles perspective to see how a time how we can revoke sign all those water permutation combinations which we can think about their broad they bring up everything big absolutely absolutely yes yes so that is the time how do we like one question one person definitely they will say hey coordinates that everybody has all the permission so why do we say that right so how other at a high level how do we define it and how like there could be something I should not use this word but actually using it there will be some cream cheese which says a day this is the permission model or this these are the general public available roles and rules we can use so if we have someone if someone has something similar to that that would be great so hey Excel for this this this is the road this is a permission and these are the roads which we can we can use it for assigning permissions for these groups yes so isn't it basically for this you just go ahead and useful rule based on our webinar soon you can just in the application level you just provide the permissions and the contributors permissions can be used your team leads or between the manager and the owner if you wanted to be a project manager owner or the VP you just added or or you could be the owner and it you can do stuff on so you can add those permissions so you can disturb others do not do modify create and delete anything and apart from that the Security Center there is a good future which is called as a pimp this is services has a yet just-in-time utility which that's what you have to configure so which will allow your users the ad users to audit and the and allow the NSG or the rules accepted or rejected during this particular time frame and when someone is trying and connecting or from your PC's to the usher or your network just allow the takes over here and even though you can see what user is doing while continuing the beam you can see which user has done what activity what he has deleted what is going good when I read correctly what time is login why is login either is login during the office hours or out of the office hours you can see lot more things so these are the comes into the security centers so the fixes you have all in place in Azure but the things is just we are elaborating a bit is over here yeah I think I think it just opens up a very good debate here because you know while you were explaining it I was just visualizing the entire environment over here let's see when you say we can do that see I what I have actually just made up in my mind is we have a security group which is made up in AD right so Ranjit I would also like you to come in right okay so I'm just explaining in this way is that we have an ad group created in the environment which is specifically to target certain things in the azure and they are the team who are supposed to work in Azure on V for example right so created that group there or global or whatever the local domain group or group global group is there so we created that group security group for the people there so these people are there in this group now we have also created a ninja ad which is actually sinking that group and has these members in the egde already now there are two things right now one thing is that you have that group there in the Asia already which is synced and is there and replicating and this is non-microsoft calm account that is already created there you have your own custom domain you you you actually map it to the custom domains we have that same domain ID there so what you do is you have a delegate not delegate but federated access right so that members of that group are replicated to that one right and they are the ones who have the access and in the role based access where you have contributed and all you can add those IDs then right so what eventually is happening is you are not doing anything extra or we are not maintaining another list of ID's there apart from your own you know on purim IDs we're just shooting they're using their own your own inframan IDs to actually access it now it is not just for the sake of ease of access for ease of doing opera it is also maintaining the security which is because only is one set of people who is doing it on top of it as well it had explained about the security center I would add on to this and use the edge already reporting features where you have lot of options to audit things and you are auditing there itself right so you are providing another layer of security and the consistency with the same group of people who are actually doing in a designated to do that stuff so now next features of you know securing the entire network is a difference different story but if you take in terms of the permissions I think you create the permissions are back permissions there with a certain IDs and those ideas are actually synced up with your own parameters or run put um accounts which are part of a security group there in your activity so Ranjit can you just put some right here or probably you see how do you see that cig yeah so I appreciate for your for your suggestion however see the problem realizes or or the constraint which we hit here is a singing up our acid repertoire sure so most of the customer wherever I have gone then they want to they don't want to do that right away they are consistent to do that right away and they want to see hey we can we can spend some dollars and we can send some money to bring up the usher you show as you create the VM you create whatever you are go now I'm going to say it here just do it and show us so then then that that being the test case for them and they want to evaluate for one month two months or statements or something that is a rate coming up so what I have seen nobody is right everybody - hey okay let us just get them here facility connected waterward ready and bring it over left in story hybrid truck today absolutely they they are not ready to do it they want to evaluate first and then go for it that is the time where we have to showcase the capabilities of posture to make sure that it serve the purpose for the company then jabil they will open up thing the okay let's go to the next day it's ever play stupid so everything will come on so that is the place where I'm trying to see hey actually or we can single it's beautiful it's done one one-stop solution but it's not is not there then how do we how do we assign the permissions create the rules we had them create the roles and rules on on give it give it back to them saying and now you play around and hear that this person can do anything different later than what we suggested or what we defined correct I think I think still there is a way as I said the other option of 80 domain services which was entirely managed domain controller and that is actually hosted in the door and it's definitely not required that you should sync up your existing ad environment to ensure so I mean why I'm you know every time using this concept of the the ad is because it said in build the hierarchical permission structure in architecture so we don't have to do much head banging on on this and if you have a T domain not just a jority just just let's leave it already out of the picture right now so if you have permissions you have contributors and all ideas already created so so you can have the azure ad domain services right hosted in Azure which is primarily to just host C as your domain controller on manage domain controller probably created IDs there and could be used to be a part of the contributors or service-oriented administrators in the Arabic role or the arabic arabic hierarchy and then probably be used further as a security measure because c r-- indeed i give you another example of this and it's not exactly the way that you have brought up but is on the similar lines it is the example of an inshore app which the developers did develop and has the same apprehension of security concerns so the idea was that they would use some sort of an ad or some sort of security architecture mechanism where they will authenticate the web app and then go to the your storage to fetch the details and then no work on it however the other challenge was over the keys that there and the storage are there which are consistent so they introduced another automation to do a key role over which is stored in the new world and then the affliction will go to the world to fetch the keys access the storage but before all doing all that stuff it has to authenticate with the edge or edema or some 80 structural mechanism so there they introduced this aspect that probably you can either use is already completely edge already not sinking with the on-prem at all not at all singing with the on-prem you create your rigidity there is a directory structure create an ID their user ID also there in the our Beck structure or else you have a surety domain services great IDs there use the same ID to have a contributor access or a service administrator access there and probably use this so Lolita images can you just you know see if one of the options are still has some loopholes in it oh no I don't think there's any beautiful because uh even though from the different domain that domain services which is supported like are we the people from the external organization I see the couple of customer using our domain services basis along Facebook or Google IDs on the other oddities other boom is to do you know just security alert looks we can use an N in such a way so it will be always secure and invoke it for the people and and it will be like if the customer or the users like we've done couple of offices in migration so that cannot be done without migrating to the users but there's a thing since we just need to inform to the customer how secure that ad is and how you can make more secure your users because in a first-time if you ask anybody no one is going to know where you know just believe okay why should i because I have a non primitive secure so no one is going to put or here we just need to make understand the customer okay so your data order services would be what we secure over here so an in such a way the customer will be angry because just this we need to just give up give up a little bit knowledge of the features which is getting the less price and and in the security yep so yeah that that would be that would be the um like futuristic bond of not futuristic point I should say now say that that would be the ideal world to start off yes it's like even is a couple of customers concerned about the security and original but they still they are migrating to the office successfully and then small small organisation which is comes from the US UK and then other countries they just wanted to learn assure or micro to the and they're integrating their Active Directory services over this the things is just yeah you're right to use right well it why I say because I was a part of that oath assist for migration even I could see they were achieving the 1 million mailbox or target in a very short span of time so the way I'm taking this example is because see you know if somebody is doing it and there are lot of people are following that thing so you definitely get an idea because right now at this point in time as you're is is a is kind of a ripe fruit right so people don't have to be skeptical about tasting this fruit so they have some stories already there in place to look for so I mean it's not that tough when you started as you're right it's not that tough right now to convince people number one number two obviously I know I know what from where you're coming Ranjit you know no I having those experiences of security there are certain people there are certain enterprises who are a little more cynical and more concerned about you know their security issues and the problems that they might come across because especially when this sure thing is there on the internet obviously I mean we cannot suggest them to use an Express route in this scenario just because to secure their stuff or just we cannot state away you know you know you head them towards the VP instruction or not because obviously the first thing that I would I would also agree with the Ranjit and will it also that our IDF is first to convince them on the base of security because that will reduce the impact that they might come into what they meant experience because they would have to use other majors and networking to secure their environment so obviously that has to be taken into consideration I mean I'm just the example that I quoted I am just visualizing in my head whether how good they these examples would be how good these examples would be how feasible these examples would be in a situation where we can avoid the customers to take up the options of express routes or the the options of VPN where you know in case the VPN you're compromising on performance in case of expresser you're compromising on cost so these two options I mean obviously if you have to avoid those we would have to definitely look into other options of security I am just still searching for them but these are the one that I had in my mind I wanted to visualize them I am just just walking on this part of the security part even though you can you can encrypt your disk VNC storage account lock it out now I have an security center when I just one year back as an owners part you have just come on eating but now you can add it each and everything what's going in your environment including automation so that's a separate part which we just just took over to the own essence as you already have been two hours to the call and one all we exceed I would like to end up the call and it finally him and um it you know I I miss it so I'm just having this win one arm or more than one arm judges let's see our stand of a call and let's say happens every time nowadays yes and I really love to you know enjoy this discussion and really appreciate those courses because thank you thank you live it really we all have to contribute to make it successful yeah yep show before yeah before we let it animate before we wind up I just want to show that question for the talk since you brought up this point so yeah when we when we bring up the Security Center income Isis and when we bring up the the structure for recovery and all those that there are there are some some limitations right now with respect to the the manage disk and non-managed is this it is also playing a crucial role in the VM and all those self so this is listed the support for it right now so I have those positions I have those challenges in front of me so I can share it I can share it in the in our forums forums okay - good how do we how do we bring those things like as you said the storage storage permission storage keys and storage assignment where our unmanaged disk is not possible to convert it in a - this case it is in security encryption has been done with sodium Gyptians has been done so there are some some areas which I do I don't want to force it so we will discuss it in the forum and thanks for this election last fall under your hands for your session and see you for a bump it's like you just saw this ping us commit me India study if you have specific course or hour as you're tough for me you always a good you know just ask assess here we have sub T and we have because and because Lily the thing is yes let me just think is that you know it's little difficult to type all the time in the mobile world as your telegram is difficult you know when people ask questions is a long answer and I'm really sort of things you know I try and find I am most of the times I end up writing wrong spellings so I actually have to listen and say you know I try to see if I can send a voice message and Stern would have to send a voices every time so that's why I use this platform to ask questions on Finance my thing is going to be each each and every session from the next and would be interval and then we have more questions and I really appreciate all of you whose you I know tension and recording would be amused and probably in in one also so I'll just along with bounteous and thank you so much hanji ululation thank you everyone again thanks everyone defining such a wonderful our great day YouTube thank you bye bye bye

Info

Channel: AzureTalk

Views: 15,813

Rating: 4.1111112 out of 5

Keywords: AzureTalk, Azure Talk, Azure, Azure DNS, Azure Application gateway, Azure traffic manager, Azure load balancer, internal load balancer, internet load balancer

Id: ezIsW_6GcVg

Channel Id: undefined

Length: 106min 15sec (6375 seconds)

Published: Mon Jul 31 2017