Devops – Robert Smit MVP Blog

Distributed Application Runtime Dapr version 1.0 #Dapr #Azure #Kubernetes #DevOps #Developers #Microservices #AzOps

Dapr is an open source, portable, event-driven runtime that makes it easy for developers to build resilient, microservice stateless and stateful applications that run on the cloud and edge. Dapr embraces the diversity of all programming languages and developer frameworks and simplifies building applications.

Dapr building blocks

Service Invocation – Resilient service-to-service invocation enables method calls, including retries, on remote services wherever they are running in the supported hosting environment.
State management – With state management for key/value pairs, long running, highly available, stateful services can be easily written, alongside stateless services in the same application. The state store is pluggable and can include Azure Cosmos or Redis, with others such as AWS DynamoDB on the component roadmap.
Publish and subscribe messaging between services – Publishing events and subscribing to topics between services enables event-driven architectures to simplify horizontal scalability and make them resilient to failure.
Event driven resource bindings – Resource bindings and triggers build further on event-driven architectures for scale and resiliency by receiving and sending events to and from any external resources such as databases, queues, file systems, blob stores, webhooks, etc. For example, your code can be triggered by a message on an Azure EventHub service and write data to Azure CosmosDB.
Virtual actors – A pattern for stateless and stateful objects that make concurrency simple with method and state encapsulation. Dapr provides many capabilities in its virtual actor runtime including concurrency, state, life-cycle management for actor activation/deactivation and timers and reminders to wake up actors.
Distributed tracing between services – Easily diagnose and observe inter-service calls in production using the W3C Trace Context standard and push events to tracing and monitoring systems.

You can read more about Dapr at http://dapr.io, get started with code and samples at https://github.com/dapr/dapr and reach out on gitter.im/Dapr or Twitter @daprdev.

Getting started with Dapr is easy and you can start with a few steps described below

How to get up and running with Dapr in minutes

The following steps in this guide are:

Install the Dapr CLI
Initialize Dapr
Use the Dapr API
Configure a component
Explore Dapr quickstarts

powershell -Command "iwr -useb https://raw.githubusercontent.com/dapr/cli/master/install/install.ps1 | iex"

Important is to close the powershell window and reopen this. Else the module won’t be active

type dapr

Open Powershell

type dapr

dapr

         __
    ____/ /___ _____ _____
   / __ / __ ‘/ __ \/ ___/
/ /_/ / /_/ / /_/ / /
\__,_/\__,_/ .___/_/
              /_/

======================================================
A serverless runtime for hyperscale, distributed systems

Usage:
dapr [command]

Available Commands:
completion     Generates shell completion scripts
components     List all Dapr components
configurations List all Dapr configurations
dashboard      Start Dapr dashboard
help           Help about any command
init           Setup dapr in Kubernetes or Standalone modes
invoke         Invokes a Dapr app with an optional payload (deprecated, use invokePost)
invokeGet      Issue HTTP GET to Dapr app
invokePost     Issue HTTP POST to Dapr app with an optional payload
list           List all Dapr instances
logs           Gets Dapr sidecar logs for an app in Kubernetes
mtls           Check if mTLS is enabled in a Kubernetes cluster
publish        Publish an event to multiple consumers
run            Launches Dapr and (optionally) your app side by side
status         Shows the Dapr system services (control plane) health status.
stop           Stops multiple running Dapr instances and their associated apps
uninstall      Removes a Dapr installation

Flags:
-h, –help help for dapr
–version version for dapr

Use “dapr [command] –help” for more information about a command.
subcommand is required

dapr init

PS C:\Windows\system32> dapr init
Making the jump to hyperspace…
Downloading binaries and setting up components…
Unable to find image ‘openzipkin/zipkin:latest’ locally
latest: Pulling from openzipkin/zipkin
docker: no matching manifest for windows/amd64 10.0.17763 in the manifest list entries.
See ‘docker run –help’.

Quickstarts and Samples

See the quickstarts repository for code examples that can help you get started with Dapr.
Explore additional samples in the Dapr samples repository.

You can try out the Dapr quickstarts right here to begin your own personal journey into Microservices on Azure.

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google : Robert Smit MVP profile

Secure DevOps Kit for Azure (AzSK) With Security Monitoring #Devops #Azure #AzSK #Security #LogAnalytics #PowerShell

The Secure DevOps Kit for Azure is a collection of scripts, tools, extensions, automations.

The kit is based on Powershell and can be extended to Azure log analytics with some nice dashboarding. But if you have a large subscription the Powershell query can take some time. With this toolkit Devops teams using extensive automation and smoothly integrating security into native Devops workflows helping accomplish secure Devops with these 6 focus areas:

Secure the subscription: A secure cloud subscription provides a core foundation upon which subsequent development and deployment activities can be conducted. An engineering team should have the capabilities to deploy and configure security in the subscription including elements such as alerts, ARM policies, RBAC, Security Center policies, JEA, Resource Locks, etc. Likewise, it should be possible to check that all settings are in conformance to a secure baseline
Enable secure development: During the coding and early development stages, developers should have the ability to write secure code and to test the secure configuration of their cloud applications. Just like build verification tests (BVTs), we introduce the concept of security verification tests (SVTs) which can check for security of various resource types in Azure
Integrate security into CICD: Test automation is a core tenet of devops. We emphasize this by providing the ability to run SVTs as part of the VSTS CICD pipeline. These SVTs can be used to ensure that the target subscription used to deploy a cloud application and the Azure resources the application is built upon are all setup in a secure manner
Continuous Assurance: In the constantly changing dev ops environment, it is important to move away from the mindset of security being a milestone. We have to treat security as a continuously varying state of a system. This is made possible through capabilities that enable continuous assurance using a combination of automation runbooks, schedules, etc.
Alerting & Monitoring: Visibility of security status is important for individual application teams and also for central enterprise teams. We provide solutions that cater to the needs of both. Moreover, the solution spans across all stages of dev ops in effect bridging the gap between the dev team and the ops team from a security standpoint through the single, integrated views it generates
Cloud Risk Governance: Lastly, underlying all activities in the kit is a telemetry framework that generates events capturing usage, adoption, evaluation results, etc. This allows us to make measured improvements to security targeting areas of high risk and maximum usage before others.

Keep in mind that The OMS portal will is retired on January 15, 2019. You can continue to use your existing services and licensing in the Azure portal.

Even in the Azure portal you can still connect to OMS

Complete feature set of Secure DevOps Kit for Azure

Feature Area	Secure DevOps Kit Feature
Secure the subscription	Subscription Health Check Subscription Provisioning Alerts Configuration ARM Policy Configuration Azure Security Center Configuration Access control (IAM) Hygiene
Enable secure development	Security Verification Tests (SVT) Security IntelliSense- VS Extension
Integrate security into CICD	AzSK VS Extension-executes SVTs in a CICD pipeline
Continuous Assurance	Security scanning via Azure Automation Runbooks
Alerting & Monitoring	OMS Solution for AzSK containing: Security dashboard views covering security state/actions Alerts with pertinent search queries
Cloud Risk Governance	Control/usage telemetry through Insights

Setting up Secure DevOps Kit for Azure (AzSK)

First make sure you have the right Azure modules installed, I noticed the automation module failed So I added this manualy.

Import-Module AzureRM.Automation

Get-AzSKAzureServicesSecurityStatus -SubscriptionId

Installing the Secure DevOps Kit for Azure (AzSK)

Install-Module AzSK -Scope CurrentUser

Now that the Powershell modules are installed we can start the (AzSK) Scan

Get-AzSKAzureServicesSecurityStatus –SubscriptionId ID

In this subscription there are 44 items that are been checked

Items are been checked on the security issues

Nice detailed overview is shown. Also a log folder is been created with all the issues. per resource Item.

As you can see I have some failed items and with a High, so I need to take a good look at this and fix this.

This maybe one of the best Items here an excel sheet with al the issues listed with the solution mentioned and if this can be automated.

If needed there is an URL that points you to the right solution.

As Azure log analytics is great and it can be integrated with some OMS (Azure monitoring Dashboards)

The OMS portal will be retired on January 15, 2019. You can continue to use your existing services and licensing in the Azure portal. So the current documentation need some updating.

Pressing the OMS button in the Azure portal brings you to the OMS portal but then nothing. As it is now all Azure portal.

Setting up the dashboards failed on me during the first installation but when I did run this a second time the dashboard was there. (Timing)

Creating the OMS default dashboard we need to run some powershell scripts.

$omsSubId =”id” #subscription hosting the OMS workspace

$omsWSId =’OMS ID’

$omsRGName =’omsrsg’ #RG where the OMS workspace is hosted

$azSkViewName = ‘MVP_AzSK_view’ #This will identify the tile for AzSK view in OMS.

#This command will deploy the AzSK view in the OMS workspace.
Install-AzSKOMSSolution -OMSSubscriptionId $omsSubId `

-OMSResourceGroup $omsRGName `

-OMSWorkspaceId $omsWSId `

-ViewName $azSkViewName

Note:

1) The blades of the OMS view created by this command will start populating only after AzSK scan events become available in the corresponding OMS workspace.

To understand how to send AzSK events to an OMS workspace see https://aka.ms/devopskit/oms.

2) The OMS view installed contains a basic set of queries over DevOps Kit scan events. Please feel free to customize them once you get familiar with the que

ries.

We also periodically publish updated/richer queries at: https://aka.ms/devopskit/omsqueries.