Forum Widgets
Latest Discussions
Issue in access eventgrid using private end point
Hi experts, I need help in the below situation 1. Created a event grid topic( dynamic up for the url (https://sample-interviewupdates.westeurope-1.eventgrid.azure.net/api/events) that is generated) 2. Vnet created with a subnet ( ex10.1.0.10) https://l.facebook.com/l.php?u=https%3A%2F%2F10.1.0.10%2F16%3Ffbclid%3DIwAR0qTBHUzpEM6v8sqUSC08QKQy1UoE7KamgQUuPQ4b2FEkrbbKYISz69cKs&h=AT1mHNPFBvTAk31Bo3LXJWE8psz96GioQsS39LRUOXANUOo4irW7HrHiwO_1jfBzftyjdPR1BRXp0pQzsaKj6T4t3YKDSFkIl2FY6CaPLAwDL5SRUe-6DmJ0IuX_4D45pxQ&__tn__=-UK-R&c[0]=AT0WnODKMPlOmcVtvGahWZAws61W5GIAet-hYmP3DE9eWKFqJ-OQlJL2RUZtVMJrMvC9I6IEgpuPPIUzc4L3ng4-Mf_43i3eRDLmoap28zb-E3lWxF_nK4UsghUNCxGTLH57Yd4a5d5xpGiOcLbf8RjfXy-CGFjv0CriktGRUez2M3Lbd7_IY3_29KZspuTYBbk3BVR2SfM_ 3. Virtual network gateway for vnet 4. I have on premise vpn with firewall 5. Local network gateway with above vpn network details(ex 198.1.1.1) 6. Created private endpoint for event grid by mapping above vnet. (https://sample-interviewupdates.westeurope-1.privatelink.eventgrid.azure.net/api/events) and ip mapping https://l.facebook.com/l.php?u=https%3A%2F%2F10.1.0.10%2F16%3Ffbclid%3DIwAR0qTBHUzpEM6v8sqUSC08QKQy1UoE7KamgQUuPQ4b2FEkrbbKYISz69cKs&h=AT1mHNPFBvTAk31Bo3LXJWE8psz96GioQsS39LRUOXANUOo4irW7HrHiwO_1jfBzftyjdPR1BRXp0pQzsaKj6T4t3YKDSFkIl2FY6CaPLAwDL5SRUe-6DmJ0IuX_4D45pxQ&__tn__=-UK-R&c[0]=AT0WnODKMPlOmcVtvGahWZAws61W5GIAet-hYmP3DE9eWKFqJ-OQlJL2RUZtVMJrMvC9I6IEgpuPPIUzc4L3ng4-Mf_43i3eRDLmoap28zb-E3lWxF_nK4UsghUNCxGTLH57Yd4a5d5xpGiOcLbf8RjfXy-CGFjv0CriktGRUez2M3Lbd7_IY3_29KZspuTYBbk3BVR2SfM_ 7. Client applications which is in vpn network trying to access the event grid with its url not working. Tried to ping url it’s showing dynamic of event grid not the private end point. Do you have any clue what could be the reason?? It seems local @firewall has an issue or routing issue?? Thankyou in advance
App Service restore backup to a different database
App[ Service restore functionality on the portal allows restoring to different target slot/app service. However the database (if it's included in the restore) can only be restored to the original database (overwrite). I talked to Microsoft support and they confirmed that this is by design but I doesn't make sense to allow changing the target for the site but not the database.
Can I merge the ADF_Publish branch to a different branch ?
We are designing a branching strategy for an data application which uses ADF and Data Brick . Question is if one can merge the ADF_publish branch to the release branch and then from the release branch run the deployment . Is it possible or we must use default created ADF_Publish branch .
Deny public access for PostgreSQL.
Hello All, I have a postgreSQL single server on Azure, and as part of security best practice, I want to deny public access over that server. But the problem is that when I deny public access, I cannot access it the database through "pgadmin" nor can the APIs of the applications so, the applications also do not work. Fortunately, I'm able to solve the problem of me not able to access the server by the configuration of P2S-VPN and private endpoint and I was successful. However, the APIs still cannot access the database. After escalating this matter to technical support I learned that APIs access the server through the Internet NOT through MS Private network, and therefore, when public access is denied, they won't work since all access from the Internet is denied. Currently, I'm waiting for technical support for more than 45 days now for a meeting with MS devops technical support engineer, but they seem to be very busy and we cannot schedule. Finally, I have been spending some time over this matter. and this is significant for me to be done. I'm wondering, is there a way that I can deny public access yet still enable the applications to access the database??? And if yes, how so??? I really appreciate your help. Regards, Hazem
Azure SQL DTU or vCore
Hello everyone, I have a windows server with SQL Server 2016 standard edition which contains 11 databases of various sizes (some of a few gigabytes and others reaching 150Gbytes), the windows server has 4vCore + 16Gbytes of ram and being a test environment we don't have big problems use it with those resources. Taking into account that on that server: 1) few users are connected and only for some days of the week 2) we use SQL Agent service, DB Mail, linked server and integrated authentication in AD (synchronized with AAD) I have looked at the Azure cost calculator but I have doubts (and above all a little confusion!) regarding the type of PaaS service that would be better to use, I would certainly choose serverless but there are two types: SQL Database and SQL Managed instances For Azure SQL Database there is the "Single Database" or "Elastic Pool" typology and for both the purchase model is for DTU or vCore. I would therefore like to have your opinion to understand the best solution to adopt while keeping the costs as low as possible being a test environment. Thank you!
CMK and Customer Certificate support for TDE - Azure SQL PAAS
hi experts, I need bit of clarity as both CMK is supported for Azure SQL TDE ( Server and DB ) and also Certificate for protecting the DEK. How these 2 concepts are different in protecting the DEK in Azure SQL PaaS. CMK - https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql-mi Certificate - https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/transparent-data-encryption?view=sql-server-ver16 Does it mean I can protect the DEK with both Custom Customer Certificate as well as CMKs ? Thank you
Azure SQL Database : Can I use same primary key column and foreign key column for multiple tables?
CREATE TABLE Table1( PRIMARY KEY (Table1ID), Column2 int ); CREATE TABLE Table2( PRIMARY KEY (Table1ID), Column2 int, FOREIGN KEY (Table1ID) REFERENCES Table1(Table1ID) ); CREATE TABLE Table3( PRIMARY KEY (Table1ID), Column2 int, FOREIGN KEY (Table1ID) REFERENCES Table1(Table1ID) );Azure Logic App workflow (Standard) Resubmit and Retry
Hello Experts, A workflow is scheduled to run daily at a specific time and retrieves data from different systems using REST API Calls (8-9). The data is then sent to another system through API calls using multiple child flows. We receive more than 1500 input data, and for each data, an API call needs to be made. During the API invocation process, there is a possibility of failure due to server errors (5xx) and client errors (4xx). To handle this, we have implemented a "Retry" mechanism with a fixed interval. However, there is still a chance of flow failure due to various reasons. Although there is a "Resubmit" feature available at the action level, I cannot apply it in this case because we are using multiple child workflows and the response is sent back from one flow to another. Is it necessary to utilize the "Resubmit" functionality? The Retry Functionality has been developed to handle any Server API errors (5xx) that may occur with Connectors (both Custom and Standard), including client API errors 408 and 429. In this specific scenario, it is reasonable to attempt retrying or resubmitting the API Call from the Azure Logic Apps workflow. Nevertheless, there are other situations where implementing the retry and resubmit logic would result in the same error outcome. Is it acceptable to proceed with the Retry functionality in this particular scenario? It would be highly appreciated if you could provide guidance on the appropriate methodology. Thanks -SriHow to Restrict Subscription in Azure Application Gateway Private Link Shared with Another tenant
Hello Team, We are currently facing a challenge with implementing cross-subscription private link connections in Azure, specifically subscription restriction and auto-approval features. We have a managed service running inside AKS and are utilizing an application gateway for it. Our goal is to leverage the private link feature available in the application gateway, allowing Azure customers from other tenants to securely connect to it as a private endpoint. However, we require to restrict access to only allowed subscriptions for this resource ID and enable auto-approval for private endpoint connections from those specified subscriptions. We have explored Azure Policy as a solution, but unfortunately, we have not been successful in finding a suitable policy definition that meets our needs. We attempted to utilize the policy definition available at http://prevent-cross-subscription-private-link-azurepolicy.json which aims to prevent cross-subscription private link connections. Despite our efforts, it appears that this policy did not effectively achieve the desired outcome. Currently, anyone can use the resource ID and establish a private endpoint connection, which is not aligned with our security requirements. Therefore, we kindly request your assistance in reviewing our current approach and providing guidance on how we can enforce subscription restrictions and enable auto-approval for private endpoint connections from specific subscriptions only. Any insights, recommendations, or alternative solutions you can offer would be greatly appreciated.
