Azure Backup allows you to use your own encryption keys to secure backup data. This feature is available for Recovery Services Vaults and is enhanced for Backup Vaults. Customer Managed Keys (CMK) can be used to create a new backup vault or to adjust the encryption parameters of an existing vault. The encryption key that…
Read More →An AKS cluster’s egress can be tailored to meet certain needs. AKS will automatically supply a standard SKU load balancer for egress setup and use. However, if public IP addresses are blocked or extra hops are needed for egress, the default configuration might not be sufficient for every circumstance. Limitations Setting outboundType requires AKS clusters with a vm-set-type of VirtualMachineScaleSets and load-balancer-sku of Standard….
Read More →What are process groups? The five process groups are the following: Each of the process groups describes the actions that the project team will take to formally kick-off a project, plan for the needs of the project, execute the work, and update as needed until the deliverables are approved and the project or phase can be…
Read More →Solutions for installation errors with the AKS Backup Extension Scenario 1 Error message: Cause: The extension has been installed successfully, but the pods aren’t spawning. This happens because the required compute and memory aren’t available for the pods. Resolution: To resolve the issue, increase the number of nodes in the cluster. This allows sufficient compute and memory…
Read More →You may apply granular backup and retention settings with ease by using the Azure VM restoration point APIs. For virtual machines (VMs) running Linux or Windows, VM restoration points offer file system consistency and application consistency, respectively. The APIs allow you to establish restore points for your source virtual machine in different regions or in…
Read More →You may gather Syslog events from Linux nodes in your Azure Kubernetes Service (AKS) clusters using Container Insights. One feature of this is the ability to gather logs from components of the control plane, such as Kubelet. Prerequisites How to make Syslog active Using the Azure website– Locate your cluster by navigating. Select your cluster’s…
Read More →When a managed disk is at rest, Azure encrypts all of the data. Default encryption for data uses keys managed by Microsoft. You can provide customer-managed keys to encrypt data disks and the operating system of your AKS clusters while they are at rest, giving you greater control over encryption keys. The prerequisites are There…
Read More →There could be security risks with these images due to potential flaws. To remove security risks in your clusters, you can clean these unreferenced images. Manually cleaning images can be time intensive. Image Cleaner performs automatic image identification and removal, which mitigates the risk of stale images and reduces the time required to clean them…
Read More →The AKS releases are referred to as AKS initiated maintenance. These releases are your clusters’ weekly rounds of bug fixes, feature updates, and component upgrades. The kinds of routine maintenance that you carry out are cluster auto-upgrades and Node OS automatic security updates. Prior to starting Setting up a time for maintenance To create a maintenance window,…
Read More →You can now restore your Azure VMs to another subscription within the same tenant of the subscription where source VM is present, provided you have the relevant permissions to restore in that secondary subscription. By default, restore happens in the same subscription where the source virtual machine is present. This feature is only allowed if…
Read More →Using private endpoints, Azure Private Link enables you to securely connect Azure PaaS services to your virtual network. You only need to set up one endpoint per resource for several services. As a result, you may use Azure Arc to connect your on-premises or multi-cloud servers and send all traffic through a site-to-site VPN connection…
Read More →The open-source node provisioning and management project Karpenter will now support Windows, according to an announcement from AWS (starting with v0.29.0). Customers may now swiftly scale their Windows-based Amazon EKS clusters with appropriately scaled Amazon EC2 instances using Karpenter in reaction to shifting application load. Without manually altering the compute capacity of their clusters, overprovisioning…
Read More →The geo-redundant High Availability scenarios that can be enabled using Azure Standard Load Balancing include: Your cross-region load balancer’s frontend IP setup is static and advertised in the majority of Azure regions. A list of participating regions There are limitations: A cross-region (global) load balancer can only be deployed to a home region. Make sure…
Read More →You can use container image signing to help ensure the use of approved images inside your organization, which can help you meet your security and compliance requirements. You can sign and verify container images anytime during the development or deployment phases. You begin by creating a signing profile, a unique AWS Signer identity, to cryptographically…
Read More →The cluster nodes are deployed into an Azure Virtual Network (VNet) subnet when using Azure CNI Overlay, but IP addresses for pods are obtained from a private CIDR that is logically separate from the VNet hosting the cluster nodes. The Overlay network is used for pod and node traffic inside the cluster, while Network Address…
Read More →#AWS is excited to announce that you can now use Amazon EKS and Amazon EKS Distro to run Kubernetes version 1.26. You can create new 1.26 clusters or upgrade your existing clusters to 1.26 using the Amazon EKS console, the eksctl command line interface, or through an infrastructure-as-code tool. Release of Kubernetes v1.26!This release includes…
Read More →You must establish a connection to the private AKS cluster either through the cluster virtual network, a peer network, or a configured private endpoint in order to access the cluster. Required prerequisites Run a single command with command invoke As an example: If you want to run a command on your cluster, run az aks…
Read More →For the #Azure Database for PostgreSQL Flexible server, data encryption with customer-managed passwords is configured at the server level. The data encryption key for the service is encrypted for a specific server using a customer-managed secret known as the key encryption key (KEK). (DEK). An encrypted key called the KEK is kept in a customer-owned…
Read More →AWS App Runner simplifies the process of deploying new versions of their code or image repository. They can easily push their code to the repository, and App Runner will automatically take care of the deployment process. On the other hand, for operations teams, App Runner allows for automatic deployments every time a new commit is…
Read More →However, after the creation of the VPC, the diagram that was available during the creation experience that many of our customers loved was no longer available. Today we are changing that! With VPC resource map, you can quickly understand the architectural layout of the VPC, including the number of subnets, which subnets are associated with…
Read More →Amazon Elastic Container Services (Amazon ECS) customers have several solutions for service-to-service, but each one comes with some challenges and complications:1) Elastic Load Balancing (ELB) needs to carefully plan for configuring infrastructure for high availability and incur additional infrastructure cost.2) Using Amazon ECS Service Discovery often requires developers to write custom application code for collecting…
Read More →A supported Windows Remote Desktop client and session host can establish a direct UDP-based connection by using the RDP Shortpath functionality of Azure Virtual Desktop. To activate RDP Shortpath, you must first fulfill the requirements. For your situation, choose one of the tabs below. Prerequisites Public Networks scenario If networks and firewalls permit the traffic…
Read More →Amazon Elastic Kubernetes Service to orchestrate, scale, and deploy Nitro Enclaves from a Kubernetes pod. Kubernetes is an open source platform for container orchestration. The following diagram provides a conceptual overview of how Nitro Enclaves integrates with Amazon EKS. All pods and containers in the same Amazon EKS node or Amazon EC2 instance that has the…
Read More →With vSphere 7.0, VMware launched a feature called vSphere Lifecycle Manager Images (vLCM), which uses a declarative model, to holistically define the desired state of the ESXi host image, including the target ESXi version, firmware & drivers. This feature enables all the ESXi hosts, to adhere to the desired state; by enforcing consistency across the…
Read More →