Best DevOps

Azure Insights: Keda; Teams, Azure AD; VPN Gateway; 10 years of Azure

Azure pros share their thoughts on installing keda, controlling Teams with Azure AD, configuring Azure VPN Gateway, and the platform’s evolution.

Deploying Keda
In a recent blog post on Pixel Robots, Richard Hooper explored the role of keda, short for Kubernetes-based Event Driven Autoscaler. Using custom resources such as ScaledObjects and TriggerAuthentication, it generates YAML files with parameters for scaling containers in a Kubernetes cluster. YAML files help to inform horizontal pod autoscalers. According to Hooper, users can install keda with either YAML files or Helm charts.

He directed fellow users to a GitHub repo and advised on connecting to the Kubernetes cluster. From there, Hooper explored the process for different versions of Helm. “I am currently using keda for all of my kubernetes scale needs as I am using RabbitMQ as my message broker,” he added.

Controlling Teams creation with Azure AD
On 2 Azure, Cor den Boer noted that by default anyone within an organization can create a new team within Microsoft Teams. But from a security and control standpoint, many admins may want to limit this. He advised admins to install the Azure Active Directory PowerShell module for Graph, run two simple commands and via the Azure portal create a new security group.

When the script runs, it should output updated settings with EnableGroupCreation listed on the very last line. By switching the value to true and running the script, admins impose a new security group.

Configurations with Azure VPN Gateway
Thomas Thornton explained that always on VPN is recommended to replace Microsoft DirectAccess and supports constant VPN connections to a particular network. The offering relies on a routing-based configuration and depends on certificate-based authentication for device tunneling. In his example, Thornton used self-signed certificates but recommends verified certificates in production deployments.

He used PowerShell for a point-to-site configuration, created a VPN profile and updated to specific routes for the VPN connection to access. Thornton added that other users should store certificates in a personal-TrustRoot device store.

Ten years of Azure
Dan Sheridan interviewed three MVPs: Azure Stack consultant Mark Scholman, ICT security expert Charbel Nemnom and Microsoft senior cloud advocate Thomas Maurer about the 10th anniversary of Azure for an article on the Nigel Frank blog. Back in 2011, when Scholman began using Azure it only had stateless VMs and SQL database as storage options. Nemnom noted the initially non-user friendly portal which wasn’t replaced until 2015 and his initial hesitations about cloud security. In the early days, the three MVPs found its PaaS offering easy to use for cloud-native apps, but easier with the introduction of IaaS to migrate workloads into the cloud—and they all agreed that Azure has gone through tremendous evolution.

Maurer stated:

For me, it has exceeded my wildest expectations. I would never have imagined the global scale, security and services that are available in Azure today. Today, Azure offers over 600 services from IaaS and PaaS, including container and serverless technologies. Microsoft didn’t just focus on new cloud native technologies, but also improved the way we think about classic workloads on Azure IaaS.

Each of the three MVPs identified different major turning points in Azure’s development, ranging from release of Azure Stack and Azure Arc to Hybrid Cloud Management, and shared their thoughts on the future of Microsoft’s cloud.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.