Select Page

NSG in ARM Template – Little nugget to be careful of

A friend of mine was having issues connecting to a couple of VMs that he provisioned using an ARM template. The template worked perfectly until he added the JSON block to add an NSG.

Every time he started a deployment with the NSG block in the ARM template, he wouldn’t be able to connect to the VMs in any way. The fun fact was that even deleting the NSG didn’t solve the issue, so he had to recreate the whole environment from scratch and trust me that took a while 🙂

So what was the problem, you may ask?

He was using a source TAG Internet which for some reason (I still haven’t figured this one out), killed the connectivity on the VMs on both sides (Private and Public IPs) and funnily enough, the logs didn’t show anything.

If you encounter a problem like this one, double check your NSG blocks to not have sourceAddressPrefix: Internet but sourceAddressPrefix: *

Problematic example:

Working example:

So far I haven’t been able to reproduce it, and I’m still looking into what’s causing the issue for that particular ARM template but if you encounter something similar, give it a try and let me know your findings 🙂

Have a good one!

Azure Virtual Network Peering – What is it and how to use it

Virtual network peering is a new mechanism in Azure Resource Manager that allows two virtual networks from the same region to be connected through the Azure backbone network. From a connectivity standpoint, this mechanism allows virtual machines in separate virtual networks to communicate with each other using private IP addresses. In this post, I will talk about what Virtual Network Peering is and how we can use it.

Azure Resource Policies – What they are and how to use them

In a previous post I was talking and demonstrating how to create Custom Role Based Access Controls which could be tailored comply with a company’s requirements. Another company requirement is compliance regarding data governance. Say you have one or multiple Azure Subscriptions and one of the company policies is that nobody should be able to create Azure resources outside a specific region. Some / all of the company’s contracts have a mandatory clause that all the data they produce and keep in the cloud should only reside in a specific geographical region. Microsoft has gone to great lengths to ensure that their cloud services (Azure or Office 365) comply with national, regional, and industry-specific requirements governing the collection and use of individual’s data.

Enrolling Azure VMs in Operations Management Suite

In a previous post I talked about Operations Management Suite aka Log Analytics and how it can help you achieve a better understanding of what’s happening on your on-premise and cloud resources. In this blog post I will show you how to enroll your Azure VMs in OMS.

ARM Template – Creating NGINX Webfarm with Custom Script Extension

A friend of mine recently started working with Azure and loved it once he got the hang of it. I encouraged him to start using PowerShell to automate various Azure operations but it didn’t quite stick with him on the first try. He started automating Azure operations using the Azure CLI and while it’s not a bad tool, it’s quite lacking in features compared to PowerShell and I’m pretty sure that it will not be maintained much longer since Microsoft open sourced PowerShell and gave the Linux / Mac community a taste. The funny part of this story is that he’s a Windows user, uses Windows 10 and yet he’s still using Azure CLI.

Where am I going with this? While giving him some tips on how to deploy some production / staging environments in Azure, I saw how he was automating resource creation in Azure using the CLI. He basically created a golden image in a storage account and with 35 lines of Azure CLI code, he was provisioning the environments. That made me cringe and motivated me to teach him how to do it using ARM templates and custom scripts.

Pin It on Pinterest