Running a VM in Azure is simple. Create it and it just works.
But if you need an RDP or SSH connection to it, you have to know about the security implications.
Enabling RDP or SSH on a VM will open an inbound port for the communication. And this is an invitation for hackers to try to get in using these ports.
A temporary solution is creating a really difficult password/key to get in or changing the port number on which the SSH/ RDP service is listening. But still, this is ‘like playing with fire’. Smart hackers can work around this.
What we need is some kind of terminal session to the VM without opening inbound ports.
Luckily, Microsoft offers a few solutions for this.
First of all, you can make use of the serial console page of the VM instance (as seen in a previous blog).
This is a simple solution but the console form factor is not that great and sometimes random logging messages are written over your shell access which makes it hard to do actual, serious work in this pane.
Recently, Microsoft offers a new and better solution called Azure Bastion.
Bastion enables seamless secure RDP/SSH connectivity to Azure Virtual Machines in your Azure Virtual Networks directly in your web browser and without the need of public IP on your Virtual Machines.
The relationship with VMs looks like this:
VM’s are made part of a virtual network containing a subnet called ‘AzureBastionSubnet’. Next to the VMs this Azure Bastion resource is running and that one makes it possible to create a secure SSH connection.
Note: you need to create an Azure portal connection ‘as a second channel’.
The holy grail of IoT Edge compute is zero-touch configuration and monitoring.
If we look at the life cycle of an edge device, these are the phases where the device is rolled out to production:
The only time when we want to have a person near that edge device is during the initial deployment (Plan, Register), during decommission (Retire) and during physical changes or while repairing the device.
To make zero-touch possible we first need to have a secure cloud connection that supports both sending telemetry to the cloud and retrieving commands from the cloud. And that is supported by Azure IoT Edge by default.
But still, we also need a second communication channel to log-in remotely in a secure way. This is typically done by hand to look at local settings, to check logging, to check connections, or to make repairs to eg. the operating system or the Azure IoT Edge runtime. This could be done using SSH and/or a Remore Desktop connection (RDP). Because this is typically an outbound connection, this is usually provided using a ‘jump box’ or a VPN connection so the connection is set up in a more secure way.
As said, this is done by hand… so far for zero-touch.
Now, if we look at what tasks are performed on the IoT Edge device using an SSH connection:
Checking the log of running modules
Restarting modules if their performance is not thusted or to force picking up settings
Checking the cloud connectivity
What if exactly these three tasks could be performed from the cloud? What if these task could automated?
As seen in the last couple of blogs, Azure IoT Edge is useful as a deployment vehicle for Docker containers.
The idea is that the default available edgeAgent module makes an outbound connection with the cloud so it can retrieve updated deployment manifests.
Once such a manifest is received, it will pull new or updated containers from their container repository (eg. hub.docker.com or your own Azure Container Registry).
Relying on Docker modules is smart: it’s flexible and reliable.
But there is one drawback: the size of containers. Containers on their own can have substantial sizes, one hundred megabytes in size is not uncommon.
Docker is a little bit smarter to cope with these sizes. Docker makes use of layers. Layers already downloaded are not downloaded again.
But still, if you are limited in the daily communication size (like on a satellite channel) or if you have to pay for the transfer of files over a metered network (like 3G/4G), it would be nice if you could ‘side-load’ these images to your Edge device.
The easiest way to side-load is during the assembly of your edge device while it’s made ready for shipping to the production site. Next to installing the Azure IoT Edge runtime and the moby container logic, you can already try to pull your containers as much as possible.
Once shipped, your containers are already in the local repository.
After that, you are NOT on your own.
Azure IoT Edge has a nice setting for controlling the pull mechanism.
In my previous blog, I showed how regular Docker containers can be rolled out using Azure IoT Edge.
But what about databases, can these be deployed too?
Yes, I showed how to deploy and connect to SQL Server in the past and it works very well if you like SQL Server.
But what about MySql, can we connect to this database too?
Many of the world’s largest and fastest-growing organizations including Facebook, Google, Adobe, Alcatel Lucent, and Zappos rely on MySQL to save time and money powering their high-volume Web sites, business-critical systems, and packaged software.
Welcome to the “Intelligent Cloud, Intelligent Edge”
[english version below]
Update: door de nieuwe corona regelgeving vanaf 23 maart 2020 zijn wij helaas genoodzaakt deze bijeenkomst te annuleren. De #GlobalAzure organisatie heeft wel een virtueel evenement opgezet. Ik nodig u graag uit daar kennis te nemen van de nieuwste informatie over Azure.
De Global Azure Bootcamp is een wereldwijd evenement welke plaats vindt op meer dan 250 locaties op één dag. Hierbij krijgen geïnteresseerden inzicht in wat de Azure Cloud voor hen kan bieden en leren zij hoe ze kunnen beginnen met software-ontwikkeling in de Cloud.
Atos organiseert, in samenwerking met de Nederlandse Azure IoT Community, voor inmiddels de vierde keer de Global Azure Bootcamp op haar hoofdkantoor te Amstelveen.
Traditioneel ligt bij ons de focus op de combinatie van Azure en Internet of Things. Kom naar onze locatie als je geïnteresseerd bent in IoT en als je wilt weten welke mogelijkheden de Microsoft Azure IoT je biedt.
Er worden naast prikkelende presentaties ook verschillende workshops van diverse niveaus gegeven.
Een voorbeeld is de door ons ontwikkelde workshop waarbij jouw laptop in een IoT Edge gateway verandert. Hierbij krijgt je de kans om op eenvoudige wijze data uit een industrieel Modbus device naar de Cloud te brengen.
En we hebben wederom de workshop rond LoRa en Azure op het programma staan.
Onze Atos Azure IoT platform experts zijn aanwezig voor IoT whiteboard sessies. Of je nu vragen hebt over domotica, LoRa, open source, CI/CD, protocollen of industriële IoT: we gaan samen op zoek naar het juiste antwoord op al jouw vragen. Dus breng je eigen projecten en usecases mee, daag ons uit!
Onze Global Azure Bootcamp dag is gratis toegangkelijk!
De agenda voor de dag ziet er als volgt uit:
9.00 Inloop + ontvangst
10.00 Opening
12.00 Lunch
16.30 Tombola + Afsluiting met een hapje en drankje
Tussendoor zijn er dus meerdere labs, workshops en natuurlijk presentaties over IoT (op de Eventbrite wordt deze agenda nog verder aangevuld).
Neem dus je laptop mee zodat je actief mee kunt doen. Voor de labs en workshops is een installatie van Visual Studio 2019 of Visual Studio Code nodig. Wie nog geen Azure account heeft krijgt zonder verdere verplichtingen de beschikking over een Azure pass.
Neem een geldig legitimatiebewijs mee voor toegang tot ons kantoor
Update: due to the new corona regulation starting March 23, 2020 we have to cancel this event. The #GlobalAzure organisation has already started this virtual event. Go to this location where you can find the newest information about Azure.
The Global Azure Bootcamp is a global event that takes place at more than 250 locations in one day. Attendees will get the latest insights about what Azure Cloud can mean for them and they learn how they can start with software development in the Cloud.
Atos proudly presents, together with the Dutch Azure IoT Community,, for the fourth time, the Global Azure Bootcamp at its headquarters in Amstelveen.
Traditionally, our focus is set on the combination of Azure and the Internet of Things. Come to our location if you are interested in IoT and if you want to know what Microsoft Azure IoT can bring you.
Both interesting presentations and workshops. on several levels, are offered.
One example is the workshop we created on how to turn your laptop into a IoT Edge gateway. You get a chance to extract data from an industrial Modbus device in a simple way and send it to the cloud.
As usual, we also offer our popular workshop with LoRa and Azure.
Our Atos Azure IoT platform experts are available for IoT whiteboard sessions. All questions about either domotica, LoRa, open source, CI/CD, protocols or industriële IoT can be asked: Together we find out the best fitting answer for all your questions. So bring your own projects and usecases, challenge us!
Access to our Global Azure Bootcamp event is free!
The agenda for this day:
9.00 Entrance
10.00 Opening of the day
12.00 Lunch
16.30 Tombola + drinks
Multiple labs, workshops and presentations about IoT are made available during the day (we update our agenda at our Eventbrite site regularly). If needed, we can offer English spoken presentations.
So do not forget to bring your laptop with you to participate actively. For most of the labs and workshops an installation of Visual Studio 2019 or Visual Studio Code is required. If you do not have an Azure account yet, an Azure pass will be offered without obligations.
