1.2 Azure management libraries for .NET offers additional security and storage service encryption. The other benefits include network watcher service, search service, the creation of users in Azure Active Directory, and management service identity. After the downloading the 1.2 library, you need to create a virtual machine using define() … create() method chain.
IVirtualMachine virtualMachine = azure.VirtualMachines.Define(“myLinuxVM”)
.WithRegion(Region.USEast)
.WithNewResourceGroup(rgName)
.WithNewPrimaryNetwork(“10.0.0.0/28”)
.WithPrimaryPrivateIPAddressDynamic()
.WithNewPrimaryPublicIPAddress(pipName)
.WithPopularLinuxImage(KnownLinuxVirtualMachineImage.UbuntuServer16_04_Lts)
.WithRootUsername(“tirekicker”)
.WithRootPassword(password)
.WithSize(VirtualMachineSizeTypes.StandardDS2V2)
.WithOSDiskCaching(CachingTypes.ReadWrite)
.WithManagedServiceIdentity()
.WithRoleBasedAccessToCurrentResourceGroup(BuiltInRole.Contributor)
.Create();
Follow the below-mentioned example to add a new user in the Active Directory.
IActiveDirectoryUser user = authenticated.ActiveDirectoryUsers .Define(“tirekicker”) .WithEmailAlias(“tirekicker”) .WithPassword(“StrongPass!12”) .Create();
If you want to activate storage service encryption at a storage account level then use the a define() … create() method chain:
IStorageAccount storageAccount = azure.StorageAccounts .Define(storageAccountName) .WithRegion(Region.USEast) .WithNewResourceGroup(rgName) .WithEncryption() .Create();
Deploy() method can be used to deploy Web apps and it’s respective functions.
// Create a Web appIWebApp webApp = azure.WebApps.Define(webAppName) .WithExistingWindowsPlan(plan) .WithExistingResourceGroup(rgName) .With.NETVersion(.NETVersion.V8Newest) .WithWebContainer(WebContainer.Tomcat8_0Newest) .Create();// Deploy a Web app using MS DeploywebApp.Deploy() .WithPackageUri(“link-to-bin-artifacts-in-storage-or-somewhere-else”) .WithExistingDeploymentsDeleted(true) .Execute(); / Create a function app IFunctionApp functionApp = azure.AppServices.FunctionApps .Define(functionAppName) .WithExistingAppServicePlan(plan) .WithExistingResourceGroup(rgName) .WithExistingStorageAccount(app3.StorageAccount) .Create();// Deploy a function using MS DeployfunctionApp.Deploy() .WithPackageUri(“link-to-bin-artifacts-in-storage-or-somewhere-else”) .WithExistingDeploymentsDeleted(true) .Execute();
It also allows the users to create network watchers and initiate packet capturing y creating and starting a packet captureusing a define() … create() method chain.
// Create a Network WatcherINetworkWatcher networkWatcher = azure.NetworkWatchers.Define(nwName) .WithRegion(Region.USEast) .WithNewResourceGroup(rgName) .Create();
// Start a Packet CaptureIPacketCapture packetCapture = networkWatcher.PacketCaptures .Define(packetCaptureName) .WithTarget(virtualMachine.Id) .WithStorageAccountId(storageAccount.Id) .WithTimeLimitInSeconds(1500) .DefinePacketCaptureFilter() .WithProtocol(PcProtocol.TCP) .Attach() .Create();
By using the Azure Management Libraries, you can verify the allowed traffic and get the hop type and IP address. The topology of a resource group can be retrieved and one can also analyze the virtual machine security. Checking the network security and applying the security rules are some other options offered by the Azure Management Libraries.
define() … create()method chain lets you create a managed cloud search service and you can programmatically manage query keys and regenerate primary and secondary keys.
ISearchService searchService = azure.SearchServices.Define(searchServiceName) .WithRegion(Region.USEast) .WithNewResourceGroup(rgName) .WithStandardSku() .WithPartitionCount(1) .WithReplicaCount(1)
.Create();