Say we are using ACR premium-tier with geo-replication enabled and “docker push” image1:tag1 to the registry from East US 2 region. What happens when we try to “docker pull” image1:tag1 from Southeast Asia region before the replication is finished?
According to the “Considerations for using a geo-replicated registry”, Azure Traffic Manager is used internally by the registry to redirect the request to the registry in the closest region. …
We look at the following three approaches, but other approaches like VPN and VNet-to-VNet are also possible:
In this article, we look at a scenario where Azure Managed Application publisher (aka Independent Software Vendor or ISV) needs to be able to use their publisher identity to create/delete secrets (e.g. connection string) in Azure Key Vault that is in the Managed Resource Group (MRG) in the customer’s Azure subscription so that other resources (e.g. Web Apps, VMs) running in the MRG can use these secrets.
Azure Key Vault resource and its data-plane access policies are tied to a specific Azure Active Directory tenant (i.e. there is a tenantId property in Azure Key Vault resource) and resources deployed in the managed resource group in the customer subscription need to be able to use the secrets in Azure Key Vault. …
If you are new to Azure Managed Applications, please see this article.
When developing and testing Azure Managed Applications, I usually use the “az managedapp definition create” Azure CLI command to create the service catalog definition in my Azure subscription for testing prior to publishing in Azure Marketplace. Currently, this CLI command does not provide a way to explicitly specify the Deployment Mode (i.e. …
This is my initial work-in-progress collection of useful resources related to implementing multi-tenant applications on Azure.
If you are a developer, engineer, architect, or product manager working for an ISV (Independent Software Vendor) or a Startup and are tasked with creating or migrating your solution to Azure platform or publishing it as an “offer” in Azure Marketplace, you may find the following links and resources useful in your journey.
Microsoft Ignite 2020 is in full swing Tuesday September 22 through Thursday September 24, 2020. This year it is an all-digital event and attendance is FREE.
Below are just a few of the pre-recorded on-demand sessions that I really liked in the Azure Core (IaaS) category.
In this video, we look at how to refresh Azure Managed Application permissions (e.g. Owner, Contributor, or Customer Allowed Actions) and how, as a publisher, to obtain access token using the Managed Application’s Managed Identity.
If you are new to Azure Managed Applications, you may first want to watch the two videos in “Simple Azure Managed Application: creating, testing, and publishing in Partner Center”.
Reminder: When building your Azure Application ARM templates for submission to Azure Marketplace, please make sure to carefully follow all of the guidelines and best practices described here and be ready to make fixes and changes based on manual review feedback. …
In the following series of four videos, we look at a more advanced and “experimental” Azure Managed Application that deploys Azure Kubernetes Service (AKS), Azure Managed Identity, and performs some cross-resource group role assignments. We also walk through with using Azure Instance Metadata Service and AKS Pod Identity to obtain access tokens for interacting with Azure Data Lake Storage and ARM REST APIs.
Before diving into the videos below, you may first want to watch the two videos in “Simple Azure Managed Application: creating, testing, and publishing in Partner Center”.
You can see most of the sample commands and ARM templates used in the videos at https://github.com/arsenvlad/azure-managed-app-aks-managed-identity. …
In the following two videos, we look at how to create and test a simple “Hello World”-style Azure Managed Application in the developer’s Azure subscription, and how to publish the same application in the Partner Center and deploy its “preview” in an end-customer Azure subscription under a different Azure Active Directory tenant.
In subsequent videos, we may go deeper and look at Azure Managed Application that includes an AKS resource, managed identities, deployment-time role assignments, etc.
You can see the sample code used in the videos below here.
Important: When building your Azure Application ARM templates for submission to Azure Marketplace, please make sure to carefully follow all of the guidelines and best practices described here and be ready to make fixes and changes based on manual review feedback. …