I am working with an EU based client and we are using Azure environment
Now, since tools like ADF and Databricks are browser based and can be used to display/download data outside the EU -- we need to find a way to control such access.
Suggestions are welcome.
If there are any approaches using VPN/client provided VMs, those are welcome too.
Unfortunately , with the current scope it is not possible to restrict the ADF access via Vnet. It can be accessed from anywhere but this request is currently in MSFT backlog with many employees requesting the same feature
I am not sure of ADB though
a similar thread : https://learn.microsoft.com/en-us/answers/questions/1034267/azure-data-factory-portal-is-accesible-over-intern.html
Even after setting up the connect via private endpoint, Azure Data Factory remains accessible over the Internet?
Related
This is what I would like to build. A hosted web/api project built on APB where tenants can use the web application to define "Scan Definitions" that run inside their network. A scan definition would just contain a target IP Address to be scanned with WMI. They would download and install a windows service that would run periodically in their network. The service would communicate with the APB web API to retrieve scan definitions, then run the scan and upload the resulting scan data into the APB web API. Then the users would be able to view that scan data within the web app.
My question is with the CORS access in place, how can I make it so that the windows service is allowed to talk with the API. Also what is the best way to authenticate the service with api such that the service would know which tenant it should be using so that it pulls down the correct scan definitions and uploads the data to the correct tenant as well.
Thanks in advance for any help or guidance.
I was able to get a service up and running by following the abp sample found here: https://github.com/aspnetboilerplate/aspnetboilerplate-samples/tree/master/ConsoleRemoteWebApiCall/CallApiFromConsole
I still have things to work through, but it's gotten me to a spot where I can access the api from a console application
Our customer using Alibaba cloud to deploy their application. They rented dozens of VMs/instances. We are asked to using API to get instance configuration (i.e. number of core, memory, network bandwidth, SSD, disk type, zone and etc) by program. We have found Ali open APIs in github./1/
Could someone point out which exact API could we call to get instance configuration?
/1/ https://github.com/aliyun/aliyun-openapi-java-sdk/
You can use the DescribeInstanceAttribute API. I feel it's very helpful to use the APIExplorer to debug APIs. You don't need to install SDKs, CLIs, write any code, and configure access keys etc. Just login your Alibaba Cloud account, fill in some inputs, and click the Send Request. Everything is there!
Security is not my area of expertise. I am working on a lightweight administrative Laravel web app for internal use by company (small) employees:
The app is intended to be used only by the employees
Remote work (from home) is not uncommon
Smartphones and laptops are usually used when working remotely
I would like to secure it as much as possible - beyond authentication, access controls or 2FA. I am trying to think of ways to make it virtually invisible to the public, but still available for the employees. Defining proper rules for crawlers might make it a bit more obscure but I think more could be done. Network based restrictions would limit the employee flexibility.
Based on this I got the idea that the app could be made available only if the request is made by an authorized device. I am not sure however whether or not this is a good approach. Neither do I know how to tackle the problem of authorizing the various devices and making that information available to the server during communication.
i.e. How would I tag a device as authorized so that I only have to do it once and can reliably validate the information in a web app? Regular authentication as well as role based access would still be in place but the app could return a 404 response if the accessing device is not whitelisted.
Is there a way to achieve something like this while not making it too restrictive for the users or painful to set up? Or is there a better method for achieving the same result?
Consider a VPN?
If you are hosting the device on an internal network, you could see if the IT dept. can set up VPN access to work remotely (in most cases, this is already in place) and then it does not need to be accessed over the internet via a URI. Instead you can simply navigate to the internal address once you're in the network through the VPN - no public access and no need to worry about pesky web crawlers!
It also makes it easier to moderate your application. For example, if an employee leaves the company you can simply revoke their VPN access and they'll no longer be able to access the application.
I was looking at Azure SDK for ruby and after comparing the API available there with the list of Azure's services, I noticed that the SDK does not have API for achieving many of the tasks related to various services. Are the API mentioned on SDK's github homepage the only API available ?
Eg: It has API to create a virtual machine, but no API to add DNS server.
The SDK has API to create Virtual network which can take params or XML file.
I also want to know whether we can configure other services using XML files and if yes, where can I find the XML data structure to configure those services.
The azure documentation is huge and I am unable to find proper reference for the XML data structure and list of services which can be configured using Ruby SDK.
FYI : I am on Ubuntu machine and cannot use Azure's other tools which are specific to only Windows.
I wrote an Azure API client (that despite my best efforts, has remained closed source) in ruby that my company uses, and I can relate to how much of a beast their API can be. You will find the best resources here, which will document all of the XML that can be configured. It might also be relevant to note that the official cross platform SDK is actually their Node.js client, which is available at github, which will definitely work on Ubuntu, better than the Ruby SDK.
Following is the list of services configurable by the azure-sdk-for-ruby
Base Management Service (creating affinity group, listing locations)
Cloud Service
Storage Management Service (Blob, Queue, Table)
Service Bus Service (Queue, Topic) - Could not make it work.
SQL Database Management Service
Virtual Machine Management Service
Virtual Image & Disk Management Service
Virtual Network Management Service
I have created a quick reference of available methods and short description of various Azure entities.
Is there any way through which I can exchange data between two organization.
I want to do my coding in Plugin only. Can we write a code in plugin by which it accesses/manipulates the data of a different org through web services only and not directly hitting its database.
In know the orgs are different worker groups. Just wanted to know if its possible or if there is any other technique.
Thanks in advance.
The data for each CRM organisation is exposed via web services which differ slightly for CRM 2011 and CRM 4. The best thing to do is download the latest version of the SDK for the target platform as there are several examples in there for plugins and service based operations.
From your plugin you will be able to access the other organisation via this service and a connection to the service for the "local organisation in which the plugin is running will be available from the IExecutionContext parameter passed to your plugin. Any operations you carry out across both orgs will not be transactional though.
Also be sure to take a look at the sync and async options available for the plugins. If their use is appropriate for your scenario consider using an async plugin for the updates to the target org to minimise their effect on the source org.
Plug-ins will work. Hitting the database directly is actually not a supported model anyways. You can also think of using BizTalk as the middleware.