DEV Community: Izuabueke Davidson Anujulu

Node.js DevOps Pipeline – Docker, CI/CD, Kubernetes, Azure

Izuabueke Davidson Anujulu — Tue, 16 Sep 2025 01:36:54 +0000

Introduction
Prerequisites
Set Up Git for Version Control
Build the Node.js Web App
Testing Setup
CI/CD with GitHub Actions
Docker Configuration
Essential Configuration Files
Development with Docker Compose
Test Everything Locally
Docker Run
CI/CD with Deployment
Kubernetes Deployments
Complete Deployment Workflow
Hosted on Azure Web App

This project demonstrates a complete end-to-end DevOps workflow by building and deploying a modern Node.js web application. It covers the full lifecycle of application development, from writing and testing code, to containerizing with Docker, automating pipelines with GitHub Actions, and deploying workloads to Kubernetes environments for both staging and production.

As part of this implementation, the application is also hosted on Azure Web App, showcasing how cloud-native platforms can be leveraged for scalable and reliable application delivery. By combining local development with containerization and CI/CD automation, and extending deployments into Kubernetes clusters and Azure services, this project provides a practical demonstration of modern DevOps practices.

Key features of this project include:

Building a Node.js application with testing (Jest, Supertest) and linting (ESLint).
Containerizing the app using Docker and orchestrating services with Docker Compose.
Automating builds, tests, and deployments with GitHub Actions CI/CD pipelines.
Deploying to Kubernetes clusters for staging and production environments.
Hosting the application on Azure Web App to ensure scalability, availability, and cloud integration.

This project serves as a comprehensive learning resource for understanding how software development integrates with DevOps tools and cloud-native deployment strategies.

1. Prerequisites

Install these tools before starting:

Node.js (v18 or higher)

Download LTS (20.x as of 2025): Node.js
Verify installation:

  node --version    # Should show v18.x+ or v20.x+
  npm --version     # Should show 9.x+ or 10.x+

Git

Download: Git
Verify installation:

    git --version      # Should show 2.34+

Docker Desktop

Download: Docker Desktop
Verify installation:

    docker --version          # Should show 24.x+
    docker-compose --version

GitHub Account

Code Editor (Optional)

Visual Studio Coderecommended

Verify Everything is Installed

  node --version    # Should show v18.x+ or v20.x+
  npm --version     # Should show 9.x+ or 10.x+
  git --version     # Should show 2.34+ 
  docker --version  # Should show 24.x+

2. Set Up Git for Version Control

What this step does: Configures Git on your machine so it knows who you are when you make commits, and sets up proper project tracking.
One-time Git Configuration

  git config --global user.name "Your Name"
  git config --global user.email "you@example.com"
  git config --global init.defaultBranch main

Create and Initialize Project

  mkdir nodejs-devops-azure
  cd nodejs-devops-azure
  git init

3. Build the Node.js Web App

What this step does: Creates a web application using Node.js that can serve web pages and API endpoints

Initialize Project
What this step does: Creates a package.json file that describes your project and manages dependencies.

  # Create package.json with default settings
  npm init -y

This creates a package.json. Update it as follows:

      {
        "name": "nodejs-devops-azure",
        "version": "1.0.0",
        "description": "DevOps learning project with Node.js",
        "main": "app.js",
        "scripts": {
            "start": "node app.js",
            "test": "jest",
            "dev": "node app.js",
            "lint": "eslint ."
        },
        "keywords": ["devops", "nodejs", "docker"],
        "author": "Your Name",
        "license": "MIT",
        "engines": { "node": ">=18.0.0" },
        "devDependencies": {
            "jest": "^29.7.0",
            "eslint": "^8.57.0",
            "supertest": "^7.1.4"
        }
    }

click on the package.json and replace the content with the code above.

Create Application File

 # Create the main application file
  touch app.js

Copy the app.js code into this file.

const http = require('http');
const url = require('url');
const port = process.env.PORT || 3000;
const environment = process.env.NODE_ENV || 'development';

let requestCount = 0;
const startTime = Date.now();

// Enhanced Web Server
const server = http.createServer((req, res) => {
  requestCount++;
  const timestamp = new Date().toISOString();
  const { pathname } = url.parse(req.url, true);

  console.log(`${timestamp} - ${req.method} ${pathname} - ${req.headers['user-agent'] || 'Unknown'}`);

  // CORS headers
  res.setHeader('Access-Control-Allow-Origin', '*');
  res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE');
  res.setHeader('Access-Control-Allow-Headers', 'Content-Type');

  // Security headers
  res.setHeader('X-Content-Type-Options', 'nosniff');
  res.setHeader('X-Frame-Options', 'DENY');
  res.setHeader('X-XSS-Protection', '1; mode=block');

  // Route handling
  switch (pathname) {
    case '/':
      res.statusCode = 200;
      res.setHeader('Content-Type', 'text/html');
      res.end(`
        <!DOCTYPE html>
        <html>
        <head>
          <title>DevOps Lab 2025</title>
          <style>
            body { font-family: Arial, sans-serif; max-width: 800px; margin: 50px auto; padding: 20px; }
            .header { background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); color: white; padding: 20px; border-radius: 8px; }
            .endpoint { background: #f8f9fa; padding: 15px; margin: 10px 0; border-radius: 5px; border-left: 4px solid #007bff; }
          </style>
        </head>
        <body>
          <div class="header">
            <h1> Node.js DevOps Pipeline – Docker, CI/CD, Kubernetes, Azure </h1>
            <h2>Built by Izuabueke</h2>
            </div>
            <p>This project demonstrates a complete end-to-end DevOps workflow by building and deploying a modern **Node.js web application**. It covers the full lifecycle of application development, from writing and testing code, to containerizing with **Docker**, automating pipelines with **GitHub Actions**, and deploying workloads to **Kubernetes** environments for both staging and production.

As part of this implementation, the application is also **hosted on Azure Web App**, showcasing how cloud-native platforms can be leveraged for scalable and reliable application delivery. By combining local development with containerization and CI/CD automation, and extending deployments into Kubernetes clusters and Azure services, this project provides a practical demonstration of modern DevOps practices.</p>

<p>**Key features of this project include:**

- Building a Node.js application with testing (Jest, Supertest) and linting (ESLint).

- Containerizing the app using Docker and orchestrating services with Docker Compose.

- Automating builds, tests, and deployments with GitHub Actions CI/CD pipelines.

- Deploying to Kubernetes clusters for staging and production environments.

- Hosting the application on Azure Web App to ensure scalability, availability, and cloud integration.</p>

<p>This project serves as a comprehensive learning resource for understanding how software development integrates with DevOps tools and cloud-native deployment strategies.</p>
            <p>My appreciation goes to my mentor [Raphael Gab-Momoh(MVP)](https://www.linkedin.com/in/rgmh/)[Olalekan OLADIRAN](https://www.linkedin.com/in/oladiranolalekan/)for the time they’ve invested in sharing their knowledge, providing clarity when things seemed complex, and pushing me to keep improving. Your support has made a real difference, and I’m grateful to have learned from such dedicated and inspiring coaches.</p>
            <p>Thank you for being part of this journey — I’m excited to keep building on what you’ve taught me.</p>


          <h2>Available Endpoints:</h2>
          <div class="endpoint">
            <strong>GET /</strong> - This welcome page
          </div>
          <div class="endpoint">
            <strong>GET /health</strong> - Health check (JSON)
          </div>
          <div class="endpoint">
            <strong>GET /info</strong> - System information
          </div>
          <div class="endpoint">
            <strong>GET /metrics</strong> - Prometheus metrics
          </div>
          <p>Environment: <strong>${environment}</strong></p>
          <p>Server time: <strong>${timestamp}</strong></p>
          <p>Requests served: <strong>${requestCount}</strong></p>
        </body>
        </html>
      `);
      break;

    case '/health':
      res.statusCode = 200;
      res.setHeader('Content-Type', 'application/json');
      res.end(JSON.stringify({
        status: 'healthy',
        timestamp: new Date().toISOString(),
        uptime: process.uptime(),
        environment: environment,
        version: '1.0.0',
        node_version: process.version,
        requests_served: requestCount
      }, null, 2));
      break;

    case '/info':
      res.statusCode = 200;
      res.setHeader('Content-Type', 'application/json');
      res.end(JSON.stringify({
        platform: process.platform,
        architecture: process.arch,
        node_version: process.version,
        memory_usage: process.memoryUsage(),
        environment: environment,
        pid: process.pid,
        uptime: process.uptime()
      }, null, 2));
      break;

    case '/metrics':
      res.statusCode = 200;
      res.setHeader('Content-Type', 'text/plain');
      res.end(`# HELP http_requests_total Total HTTP requests
# TYPE http_requests_total counter
http_requests_total ${requestCount}

# HELP app_uptime_seconds Application uptime in seconds
# TYPE app_uptime_seconds gauge
app_uptime_seconds ${process.uptime()}

# HELP nodejs_memory_usage_bytes Node.js memory usage
# TYPE nodejs_memory_usage_bytes gauge
nodejs_memory_usage_bytes{type="rss"} ${process.memoryUsage().rss}
nodejs_memory_usage_bytes{type="heapUsed"} ${process.memoryUsage().heapUsed}
nodejs_memory_usage_bytes{type="heapTotal"} ${process.memoryUsage().heapTotal}
nodejs_memory_usage_bytes{type="external"} ${process.memoryUsage().external}
`);
      break;

    default:
      res.statusCode = 404;
      res.setHeader('Content-Type', 'application/json');
      res.end(JSON.stringify({
        error: 'Not Found',
        message: `Route ${pathname} not found`,
        timestamp: new Date().toISOString()
      }, null, 2));
  }
});

// Graceful shutdown
process.on('SIGTERM', () => {
  console.log('Received SIGTERM, shutting down gracefully');
  server.close(() => {
    console.log('Server closed');
    process.exit(0);
  });
});

process.on('SIGINT', () => {
  console.log('Received SIGINT, shutting down gracefully');
  server.close(() => {
    console.log('Server closed');
    process.exit(0);
  });
});

// Start server
server.listen(port, () => {
  console.log(`🚀 Server running at http://localhost:${port}/`);
  console.log(`Environment: ${environment}`);
  console.log(`Node.js version: ${process.version}`);
});

// Export server for testing
module.exports = server;

Install Dependencies

  # Install testing and development tools
  npm install --save-dev jest eslint supertest

  # Install all dependencies (creates node_modules folder)
  npm install

4. Testing Setup

Create Test Folder and File

  # Create a folder for your tests
  mkdir tests
  # Create the main test file
  touch tests/app.test.js

Copy the test code into this file.

const request = require('supertest');
const server = require('../app');

describe('App Endpoints', () => {
  afterAll(() => {
    server.close();
  });

  test('GET / should return welcome page', async () => {
    const response = await request(server).get('/');
    expect(response.status).toBe(200);
    expect(response.text).toContain('DevOps Lab 2025');
  });

  test('GET /health should return health status', async () => {
    const response = await request(server).get('/health');
    expect(response.status).toBe(200);
    expect(response.body.status).toBe('healthy');
    expect(response.body.timestamp).toBeDefined();
    expect(typeof response.body.uptime).toBe('number');
  });

  test('GET /info should return system info', async () => {
    const response = await request(server).get('/info');
    expect(response.status).toBe(200);
    expect(response.body.platform).toBeDefined();
    expect(response.body.node_version).toBeDefined();
  });

  test('GET /metrics should return prometheus metrics', async () => {
    const response = await request(server).get('/metrics');
    expect(response.status).toBe(200);
    expect(response.text).toContain('http_requests_total');
    expect(response.text).toContain('app_uptime_seconds');
  });

  test('GET /nonexistent should return 404', async () => {
    const response = await request(server).get('/nonexistent');
    expect(response.status).toBe(404);
    expect(response.body.error).toBe('Not Found');
  });
});

Create Jest Config

  # Create Jest configuration file
  touch jest.config.js

Copy the Jest Config code into this file.

  module.exports = {
  testEnvironment: 'node',
  collectCoverage: true,
  coverageDirectory: 'coverage',
  testMatch: ['**/tests/**/*.test.js'],
  verbose: true
    };

5. CI/CD with GitHub Actions

Create workflow folder and file:

  # Create the GitHub Actions directory structure
  mkdir -p .github/workflows
  # Create the workflow file
  touch .github/workflows/ci.yml

Copy the pipeline code into this file:

name: CI/CD Pipeline

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main ]

env:
  NODE_VERSION: '20'
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}

jobs:
  test:
    name: Run Tests
    runs-on: ubuntu-latest

    strategy:
      matrix:
        node-version: [18, 20]

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Setup Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v4
        with:
          node-version: ${{ matrix.node-version }}
          cache: 'npm'

      - name: Install dependencies
        run: npm ci

      - name: Run linting
        run: npx eslint . --ext .js --ignore-pattern node_modules/
        continue-on-error: true

      - name: Run tests
        run: npm test

      - name: Run security audit
        run: npm audit --audit-level=moderate || true

  build:
    name: Build Docker Image
    runs-on: ubuntu-latest
    needs: test
    if: github.event_name == 'push'

    permissions:
      contents: read
      packages: write

    outputs:
      image-digest: ${{ steps.build.outputs.digest }}
      image-tag: ${{ steps.meta.outputs.tags }}

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Log in to Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Extract metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
          tags: |
            type=ref,event=branch
            type=sha,prefix={{branch}}-
            type=raw,value=latest,enable={{is_default_branch}}

      - name: Build and push Docker image
        id: build
        uses: docker/build-push-action@v5
        with:
          context: .
          platforms: linux/amd64,linux/arm64
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=gha
          cache-to: type=gha,mode=max

  deploy-staging:
    name: Deploy to Staging
    runs-on: ubuntu-latest
    needs: build
    if: github.ref == 'refs/heads/develop'
    environment: staging

    steps:
      - name: Deploy to staging
        run: |
          echo "🚀 Deploying to staging environment..."
          echo "Image: ${{ needs.build.outputs.image-tag }}"
          echo "Would deploy to staging server here"
          # In real scenario, you'd use:
          # - kubectl apply -f k8s/staging/
          # - docker-compose -f docker-compose.staging.yml up -d
          # - ssh staging-server "docker pull $IMAGE && docker-compose up -d"

  deploy-production:
    name: Deploy to Production
    runs-on: ubuntu-latest
    needs: build
    if: github.ref == 'refs/heads/main'
    environment: production

    steps:
      - name: Deploy to production
        run: |
          echo "🎯 Deploying to production environment..."
          echo "Image: ${{ needs.build.outputs.image-tag }}"
          echo "Image digest: ${{ needs.build.outputs.image-digest }}"
          echo "Would deploy to production server here"
          # In real scenario, you'd use:
          # - kubectl apply -f k8s/production/
          # - terraform apply
          # - ansible-playbook deploy.yml

  security-scan:
    name: Security Scan
    runs-on: ubuntu-latest
    needs: build
    if: github.event_name == 'push' && github.ref == 'refs/heads/main'

    steps:
      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: 'ghcr.io/anujulu/my-devops-project:latest'  # Note lowercase
          format: 'sarif'
          output: 'trivy-results.sarif'
    env:
      TRIVY_USERNAME: ${{ github.actor }}
      TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}

6. Docker Configuration

Create Dockerfile


  # Create the Dockerfile (no extension needed)
  touch Dockerfile

Copy the Dockerfile code into this file.

# Fixed and Verified Multi-stage build for optimized image
FROM node:20-alpine AS dependencies

# Update packages for security (Alpine 3.19+ automatically)
RUN apk update && apk upgrade --no-cache

WORKDIR /app

# Copy package files first for better caching
COPY package*.json ./

# Install only production dependencies
RUN npm ci --only=production && npm cache clean --force

# Production stage  
FROM node:20-alpine AS production

# Update packages and install necessary tools
RUN apk update && apk upgrade --no-cache && \
    apk add --no-cache curl dumb-init && \
    rm -rf /var/cache/apk/*

# Create non-root user with proper permissions
RUN addgroup -g 1001 -S nodejs && \
    adduser -S nodeuser -u 1001 -G nodejs

WORKDIR /app

# Copy dependencies from previous stage with proper ownership
COPY --from=dependencies --chown=nodeuser:nodejs /app/node_modules ./node_modules

# Copy application code with proper ownership
COPY --chown=nodeuser:nodejs package*.json ./
COPY --chown=nodeuser:nodejs app.js ./

# Switch to non-root user
USER nodeuser

# Expose port
EXPOSE 3000

# Health check with proper timing for Node.js startup
HEALTHCHECK --interval=30s --timeout=10s --start-period=15s --retries=3 \
  CMD curl -f http://localhost:3000/health || exit 1

# Use dumb-init for proper signal handling in containers
ENTRYPOINT ["dumb-init", "--"]

# Start application
CMD ["npm", "start"]

Step 7: Essential Configuration Files

What this step does: Creates configuration files that tell various tools what to ignore, how to behave, and what settings to use.

Create .dockerignore

What this file does: Tells Docker which files to ignore when building the container image (similar to .gitignore).

How to create the file:

  # Create Docker ignore file
  touch .dockerignore

Copy this content into .dockerignore

node_modules 
npm-debug
.log* 
.git 
.github 
.env 
.env.local 
.env.*.local 
logs 
*.log 
coverage 
.nyc_output 
.vscode 
.idea 
*.swp 
*.swo 
.DS_Store 
Thumbs.db 
README.md 
tests/ 
jest.config.js 
.eslintrc*

(coverage .nyc_output .vscode .idea *.swp .swo .DS_Store Thumbs.db README.md tests/ jest.config.js .eslintrc)

Create .gitignore
What this file does: Tells Git which files to ignore and not track in version control (like temporary files, dependencies, etc.).

How to create the file:

  touch .gitignore

Copy this content into .gitignore

  # Dependencies
node_modules/
npm-debug.log*

# Runtime data
pids
*.pid
*.seed
*.pid.lock

# Coverage
coverage/
.nyc_output

# Environment variables
.env
.env.local
.env.*.local

# Logs
logs
*.log

# IDE
.vscode/
.idea/
*.swp
*.swo

# OS
.DS_Store
Thumbs.db

(Dependencies node_modules/ npm-debug.log* *.pid .seed .pid.lock coverage/ .nyc_output .env .env.local .env..local logs *.log .vscode/ .idea/ *.swp *.swo .DS_Store Thumbs.db)

Create environment template
What this file does: Shows other developers what environment variables your application needs, without exposing actual secrets.

How to create the file:

   # Create environment template file
  touch .env.example

Copy this content into .env.example

# Server Configuration 
PORT=3000 
NODE_ENV=production  
# Logging 
LOG_LEVEL=info

Create ESLint configuration
What this file does: Configures ESLint to check your JavaScript code for errors and maintain consistent coding style.

How to create the file:

  # Create ESLint configuration file
  touch .eslintrc.js

module.exports = {
  env: {
    node: true,
    es2021: true,
    jest: true
  },
  extends: ['eslint:recommended'],
  parserOptions: {
    ecmaVersion: 12,
    sourceType: 'module'
  },
  rules: {
    'no-console': 'off',
    'no-unused-vars': ['error', { 'argsIgnorePattern': '^_' }]
  }
};

8. Development with Docker Compose

What this step does: Creates a Docker Compose file that makes it easy to run your application and any supporting services (like databases) with a single command.

  # Create Docker Compose configuration file
  touch docker-compose.yml

Copy the docker-compose.yml code into this file.

version: '3.8'

services:
  app:
    build: .
    ports:
      - "3000:3000"
    environment:
      - NODE_ENV=development
      - PORT=3000
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 10s

9. Test Everything Locally

Local Run

  # Install all dependencies from package.json (including latest versions)
  npm install
  # Run your test suite to make sure everything works
  npm test
  # Start the application server
  npm start

What you'll see:

Tests should pass with green checkmarks: ✓ GET / should return

welcome page
Server starts and shows: 🚀 Server running at http://localhost:3000/

Test endpoints:

  # In a new terminal window, test the endpoints:
  curl http://localhost:3000/         # Homepage
  curl http://localhost:3000/health   # Health check JSON
  curl http://localhost:3000/info     # System info JSON
  curl http://localhost:3000/metrics  # Prometheus metrics

10.Docker Commands

  # Build image
  docker build -t nodejs-devops-azure:latest .
  # Run container
  docker run -d -p 3000:3000 --name my-devops-container nodejs-devops-azure:latest
  # Check container status
  docker ps

  # Test health check
  curl http://localhost:3000/health

  # Stop container
  docker stop my-devops-container
  docker rm my-devops-container

Docker Compose Run

What these commands do: Use Docker Compose to manage multiple services together with a single command.

  # Start all services defined in docker-compose.yml
  docker-compose up -d
  # View real-time logs from all services
  docker-compose logs -f
  # Stop all services and clean up
  docker-compose down

11. CI/CD with Deployment

Initial commit

What this does: Takes a snapshot of all your files and saves it in Git history.

How to commit your code:

  # Add all files to Git staging area
  git add .

  # Create your first commit with a descriptive message
  git commit -m "Initial commit: Complete DevOps setup with working CI/CD"

Connect to GitHub

What this step does: Links your local Git repository to a remote GitHub repository and uploads your code.

How to connect and push:

  # Set main as the default branch
  git branch -M main

  # Connect to your GitHub repository (replace yourusername with your actual GitHub username)
  git remote add origin https://github.com/yourusername/my-devops-project.git

  # Push your code to GitHub for the first time
  git push -u origin main

What to expect: Your code will be visible on GitHub, and the CI/CD pipeline will automatically begin executing.

12. Kubernetes Deployments

Create environment folders:

  mkdir -p k8s/staging k8s/production

Create Staging Deployment
Create k8s/staging/deployment.yml:

  touch k8s/staging/deployment.yml

Copy the staging deployment.yml code into this file.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: devops-app-staging
  namespace: staging
spec:
  replicas: 2
  selector:
    matchLabels:
      app: devops-app
      environment: staging
  template:
    metadata:
      labels:
        app: devops-app
        environment: staging
    spec:
      containers:
      - name: app
        image: ghcr.io/Anujulu/nodejs-devops:develop-latest
        ports:
        - containerPort: 3000
        env:
        - name: NODE_ENV
          value: "staging"
        - name: PORT
          value: "3000"
        resources:
          requests:
            cpu: "100m"
            memory: "128Mi"
          limits:
            cpu: "500m"
            memory: "256Mi"
        livenessProbe:
          httpGet:
            path: /health
            port: 3000
          initialDelaySeconds: 30
          periodSeconds: 10
        readinessProbe:
          httpGet:
            path: /health
            port: 3000
          initialDelaySeconds: 5
          periodSeconds: 5
---
apiVersion: v1
kind: Service
metadata:
  name: devops-app-service-staging
  namespace: staging
spec:
  selector:
    app: devops-app
    environment: staging
  ports:
  - protocol: TCP
    port: 80
    targetPort: 3000
  type: LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
  name: devops-app-service-staging
  namespace: staging
spec:
  selector:
    app: devops-app
    environment: staging
  ports:
  - protocol: TCP
    port: 80
    targetPort: 3000
  type: LoadBalancer

Create Production Deployment
Create k8s/production/deployment.yml:

  touch k8s/production/deployment.yml

Copy the production deployment.yml code into this file.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: devops-app-production
  namespace: production
spec:
  replicas: 3
  selector:
    matchLabels:
      app: devops-app
      environment: production
  template:
    metadata:
      labels:
        app: devops-app
        environment: production
    spec:
      containers:
      - name: app
        image: ghcr.io/Anujulu/nodejs-devops:develop-latest
        ports:
        - containerPort: 3000
        env:
        - name: NODE_ENV
          value: "production"
        - name: PORT
          value: "3000"
        resources:
          requests:
            memory: "128Mi"
            cpu: "100m"
          limits:
            memory: "256Mi"
            cpu: "200m"
        livenessProbe:
          httpGet:
            path: /health
            port: 3000
          initialDelaySeconds: 30
          periodSeconds: 10
        readinessProbe:
          httpGet:
            path: /health
            port: 3000
          initialDelaySeconds: 5
          periodSeconds: 5
---
apiVersion: v1
kind: Service
metadata:
  name: devops-app-service-production
  namespace: production
spec:
  selector:
    app: devops-app
    environment: production
  ports:
  - protocol: TCP
    port: 80
    targetPort: 3000
  type: LoadBalancer

Step 13: Complete Deployment Workflow

What this step does: Shows you how to use the complete CI/CD pipeline with proper branching strategy for staging and production deployments.

Branch-based Deployment Strategy

develop branch → Automatically deploys to staging environment
main branch → Automatically deploys to production environment
Pull requests → Run tests only (no deployment) Deploy Changes Deploy to staging:

  # Create and switch to develop branch
  git checkout -b develop
  # Make your changes, then commit and push
  git add .
  git commit -m "Add new feature"
  git push origin develop

What happens: GitHub Actions automatically runs tests and deploys to staging.

Deploy to production:

  # Switch to main branch
  git checkout main

  # Merge changes from develop
  git merge develop

  # Push to trigger production deployment
  git push origin main

What happens: GitHub Actions runs full pipeline and deploys to production.

Monitor Deployments

  # Check GitHub Actions status
   Visit: https://github.com/Anujulu/nodejs-devops-azure/actions

  # Check your container registry
   Visit: https://github.com/Anujulu/nodejs-devops-azure/pkgs/container/nodejs-devops-azure

  # Test your deployed applications (once you have URLs)
  curl https://your-staging-url.com/health      # Staging health  check
  curl https://your-production-url.com/health   # Production health check

Step 14: Deploy to Azure Web Apps via Azure Portal

After building our Node.js app, containerising it with Docker, and setting up CI/CD with GitHub Actions, we deploy it to Kubernetes, now we’re ready to deploy to Azure Web Apps, a fully managed PaaS that runs our app in the cloud without managing servers or clusters.

App service plan

Step-by-step guide to create an App service plan

On the Azure portal, in the search bar, type App Services plan.

Click on it, then select create.

Basics tab

Fill in the basics:

Subscription – pick your active subscription.

Resource Group – choose or create a new one (Nodejs-app-rg).

Name – must be globally unique (Nodejs-app).

Operating System – Linux.

Region – pick the closest to your users. I will choose UK South.

Plan (Pricing tier):

Free (F1) → dev/test only.

Basic/Standard (B1/S1) → simple production apps.

Premium (P1v3) → better performance, scaling, VNET integration.

Click on Explore pricing plans, change size → pick one (e.g., Standard S1).

for this demo, I will choose S1

Tags

It is the best practice to tag your resource
Name: Project
Value: Nodejs-app

Review + create

App Services

On the Azure portal in the search bar, type “App Services” and click it.

Click + Create → Web App.

Basics tab

Fill in the basics:

Subscription – pick your active subscription.

Resource Group – I will choose the resource group I used for the app service plan (Nodejs-app).

Name – must be globally unique (Nodejs-app).

Publish – I will choose Code because I will deploy Node from my GitHub repo

Runtime stack – choose Node version 22 LTS.

Operating System – Linux.

Region – I will choose my resource group region (UK South).

Pricing plans – It will choose the plan for my app service plan

Deployment settings

Because I want CI/CD integration now:

I will toggle Enable Continuous deployment.

I will choose my organisation, which is my GitHub account

I will connect my repo, which will choose my default branch (main).

Networking: for now, I will use the default Network setting

Monitor and secure

Enable Application Insights

I have Defender for App Service already activated in my subscription

Choose the Same region to avoid extra cost.

Tags
Always remember is the best practice to tag your resource
Name: Project
Value: Nodejs-app

Review + Create

Go to resource

Select Browse or copy the URL to access the application in your browser

Here is the application running in the browser:

Thanks for reading till the end, hope you learn something.
you can put your comment, Like and Share with your friends.

Configure secure access to your workloads using Azure networking

Izuabueke Davidson Anujulu — Tue, 17 Jun 2025 12:37:55 +0000

Introduction
Create and configure virtual networks
Configure a peer relationship between the virtual networks
Create and configure network security groups
Create Application Security Group
Create and Associate the Network Security Group
Create and configure Azure Firewall
1. Create Azure Firewall subnet in our existing virtual network
2. Create an Azure Firewall
3. Add an application rule
4. Add a network rule
Configure network routing
1. Create a route table
2. Add the route table
3. Associate the route table to the subnets
4. Create a route in the route table
Create DNS zones and configure DNS settings
1. Create a private DNS zone
2. Create a virtual network link to your private DNS zone
3. Create a DNS record set

Introduction

Networking is the process of connecting computers and other devices together so they can communicate, share data, and access resources like the internet, printers, or files. In this article we will see how we can do all this in a secured way without any security vulnerabilities

Create and configure virtual

Virtual networks
A Virtual Network (VNet) is a software-defined network in the cloud that allows Azure resources (like virtual machines, databases, apps) to communicate securely with each other, with the internet, and with on-premises networks

Key Features of a Virtual Network

Isolation: Each VNet is private and isolated from others.
Subnets: Divide the VNet into smaller sections for organization and security.
Communication: Resources in the same VNet can communicate directly with each other.
Internet Access: Public IP or NAT Gateway lets resources access the internet.
On-Premises Connection Connect to your physical network using VPN or ExpressRoute.
Security: Use firewalls and Network Security Groups (NSGs) to control traffic.

Steps on creating hub and spoke virtual networks and subnets

a. *First, we have to sign in to the Azure portal: * https://portal.azure.com

b. On the Azure portal, search and select the virtual network

c. Select + Create and complete the configuration of the App-VNet. This virtual network requires two subnets, frontend and backend. We will use the following properties and values below.
On the basics, select Resource group = RG1,
Virtual network name = app-vnet, Region = East US,

On the IP addresses use address space below
IPv4 address space = 10.1.0.0/16, then on the subnet, click edit and provide information for the frontend and save it.
Subnet name = frontend, Subnet address range = 10.1.0.0/24,

after that, click on add a subnet at the top left corner and provide information for the backend and save it
Subnet name = backend, Subnet address range = 10.1.1.0/24

Note: Leave all other settings as their defaults. When finished, select “Review + create and then Create.

d. Create the Hub-vnet virtual network configuration. This virtual network has the firewall subnet. We will use the following property and value provided below.
Resource group = RG1, Name = hub-vnet, Region = East US
IPv4 address space = 10.0.0.0/16,
Subnet name = AzureFirewallSubnet,
Subnet address range = 10.0.0.0/26
On the basics select Resource group = RG1, Name = hub-vnet, Region = East US

On the IP address use the IP space below
IPv4 address space = 10.0.0.0/16
Then, on the subnet, click Edit; for the subnet purpose, choose firewall; the subnet name will change to AzureFirewallSubnet. On the starting address, make sure it is 10.0.0.0/26, then save it and review and create.

e. Once the deployments are complete, search for and select your virtual networks.

f. Verify your virtual networks and subnets were deployed.

Configure a peer relationship between the virtual networks.

Peering is a way of allowing secure, private communication between Vnets across accounts or regions.
To peer app-vnet and hub-vnet we will follow the steps below

a. Search for and select the app-vnet virtual network.

b. In the Settings blade, select Peerings.

c. + Add a peering between the two virtual networks.
we will use below properties and values
Remote peering link name = app-vnet-to-hub
Virtual network = hub-vnet
Local virtual network peering link name = hub-to-app-vnet

Note: Leave all other settings as their defaults. Select “Add” to create the virtual network peering.

d. Once the deployment completes, verify the peering status is connected.

Create and configure network security groups.

We will need two Virtual machines VM1 and VM2, to achieve that, we will use Azure Cloud Shell and run the following code below by copying and past then hit enter

   $RGName = "RG1"

   New-AzResourceGroupDeployment -ResourceGroupName $RGName -TemplateUri https://raw.githubusercontent.com/MicrosoftLearning/Configure-secure-access-to-workloads-with-Azure-virtual-networking-services/main/Instructions/Labs/azuredeploy.json

Note, if your Resource group name is not RG1 make sure you use the correct resource group

In the portal search for and select virtual machines. Verify both vm1 and vm2 are Running.
vm1

vm2

Create Application Security Group

a. In the portal, search for and select Application security groups.

b. Select + Create and configure the application security group.
We will use the following properties and values below to create an application security group.

Subscription Select your subscription
Resource group = RG1, Name = app-frontend-asg
Region East US

c. Select Review + create and then select Create.

Note: You are creating the application security group in the same region as the existing virtual network.

Associate the application security group to the network interface of the VM

a. In the Azure portal, search for and select VM1.

b. In the Networking blade, select Application security groups and then select Add application security groups.

c.** Select the app-frontend-asg and then select Add.**

Create and Associate the Network Security Group

a. In the portal, search for and select Network security group.

b. Select + Create and configure the network security group.

We will use the following properties and values below to create network security group
Subscription Select your subscription
Resource group = RG1, Name = app-vnet-nsg,
Region = East US

c. Select Review + create and then select Create.

Associate the NSG with the app-vnet backend subnet.

a. Select Go to resource or navigate to the app-vnet-nsg resource.

b. In the Settings blade select Subnets.

c. Select + Associate

d. Select app-vnet (RG1) and then the backend subnet. Select OK.

Create Network Security Group rules

a. In the search box at the top of the portal, enter** Network security groups**. Select Network security groups in the search results.

b. Select app-vnet-nsg from the list of network security groups.

c. *In the Settings blade, select Inbound security rules.
*

d. Select + Add and configure an inbound security rule.
We will use the following properties and values below to configure an inbound security rule

Source = Any, Source port ranges = *
Destination = Application Security group,
Destination application security group = app-frontend-asg,
Service = SSH, Action = Allow, Priority = 100
Name = AllowSSH

Create and configure Azure Firewall

Azure Firewall is a cloud-native network security service provided and managed by Microsoft Azure. It helps in filtering and monitoring inbound and outbound network traffic based on security rules.

Create Azure Firewall subnet in our existing virtual network

a. In the search box at the top of the portal, enter Virtual networks. Select Virtual networks in the search results.

b. Select app-vnet.

c. Select Subnets.

d. Select + Subnet.

e. Enter the following information and select Save.

Name = AzureFirewallSubnet,Address range = 10.1.63.0/26
Note: Leave all other settings as default.

Create an Azure Firewall

a. In the search box at the top of the portal, enter Firewall. Select Firewall in the search results.

b. Select + Create.

c. Create a firewall by using the values in the following below. For any property that is not specified, use the default value.
Resource group = RG1, Name = app-vnet-firewall,
Firewall SKU = Standard,
Firewall management = Use a Firewall Policy to manage this firewall,
Firewall policy select = Add new, Policy name = fw-policy,
Region = East US, Policy Tier = Standard,
Choose a virtual network = Use existing,
Virtual network = app-vnet (RG1),
Public IP address = Add new: fwpip

d. Select Review + create and then select Create.

Update the Firewall Policy
In the portal, search for and select Firewall Policies.

Select fw-policy.

Add an application rule
a. In the firewall policy click on policy we created, then click Rules blade, select Application rules and then Add a rule collection.

b. Configure the application rule collection and then select Add.
Use the following properties and values.
Name = app-vnet-fw-rule-collection,
Rule collection type = Application, Priority = 200,
Rule collection action = Allow,
Rule collection group = DefaultApplicationRuleCollectionGroup,
Name = AllowAzurePipelines, Source type = IP address,
Source = 10.1.0.0/23, Protocol = https,
Destination type = FQDN,
Destination = dev.azure.com, azure.microsoft.com,

Note: The AllowAzurePipelines rule allows the web application to access Azure Pipelines. The rule allows the web application to access the Azure DevOps service and the Azure website.

Add a network rule
a. In the firewall policy click on policy we created, then click Rules blade, select Network rules and then Add a network collection.

b. Configure the network rule and then select Add.
Use the following properties and values.
Name = app-vnet-fw-nrc-dns,
Rule collection type = Network, Priority = 200,
Rule collection action = Allow,
Rule collection group = DefaultNetworkRuleCollectionGroup,
Rule = AllowDns, Source = 10.1.0.0/23,
Protocol = UDP, Destination ports = 53,
Destination addresses = 1.1.1.1, 1.0.0.1,

Verify the firewall and firewall policy status
a. In the portal search for and select Firewall.

b. View the app-vnet-firewall and ensure the Provisioning state is Succeeded. This may take a few minutes.

c. In the portal serach for and select Firewall policies.

d. View the fw-policy and ensure the Provisioning state is Succeeded. This may take a few minutes.

Configure network routing

Create a route table
Record the private IP address of app-vnet-firewall

a. In the search box at the top of the portal, enter Firewall.
Select Firewall in the search results.

b. Select app-vnet-firewall.

c. Select Overview and record the Private IP address.

Add the route table

a. In the search box, enter Route tables. When Route table appears in the search results, select it.

b. In the Route table page, select + Create and create the route table.
using the properties and values below

Resource group = RG1, Region = East US,
Name = app-vnet-firewall-rt

c. Select Review + create and then select Create.

d. Wait for the route table to deploy, then select Go to resource.

Associate the route table with the subnets
a. In the portal, continue working with the route table, select app-vnet-firewall-rt.

b. In the Settings blade, select Subnets and then + Associate.

c. ** Configure an association to the frontend subnet, then select OK.**
use the properties and values below.
Virtual network = app-vnet (RG1), Subnet = frontend,

d. Configure an association to the backend subnet, then select OK.
use the properties and values below.
Virtual network = app-vnet (RG1), Subnet = backend,

Create a route in the route table
a. In the portal, continue working with the route table, select app-vnet-firewall-rt.

b. In the Settings blade, select Routes and then + Add.

c. Configure the route, then select Add.
use the properties and values below.
Route name = outbound-firewall,
Destination type = IP addresses,
Destination IP addresses/CIDR range = 0.0.0.0/0
Next hop type = Virtual appliance
Next hop address = private IP address of the firewall
Note on the next hop address , the IP address of the firewall is should use will be the private IP address of the app-vnet-firewall.

Create DNS zones and configure DNS settings

Create a private DNS zone
a. On the Azure portal, search for and select Private dns zones.

b. Select + Create and configure the DNS zone.
use the following properties and values.
Resource group = RG1, Name = private.contoso.com,
Region = East US.

c. Select Review + create and then select Create.

Wait for the DNS zone to deploy, and then select Go to resource.

Create a virtual network link to your private DNS zone
a. In the portal, continue working on the private.contoso.com DNS zone.

b. In the DNS Management blade, select + Virtual network links

c. Select + Add” and configure the virtual network link.
use the following properties and values.
Link name = app-vnet-link, Virtual network = app-vnet,
Enable auto registration = Enabled.

d. Select Create and wait for the deployment to finish. If necessary, Refresh the page.

Create a DNS record set
a. In the portal, continue working on the private.contoso.com DNS zone.

b. In the DNS Management blade, select + Recordsets.

c. Notice that two A records have automatically been created for each of the virtual machines.

d. Select + Add and configure a record set. When finished select Add.
use the following properties and values.
Name = backend, Type = A, TTL = 1, IP address = 10.1.1.5,
Note: This record set implies there is a virtual machine in app-vnet with a private IP address of 10.1.1.5.

Thanks for reading till the end, hope you learn something.
you can put your comment, Like and Share with your friends.

HOW TO CREATE A WEB SERVER AND INSTALL SERVER ROLE ON A WINDOWS VIRTUAL MACHINE

Izuabueke Davidson Anujulu — Sat, 07 Jun 2025 18:18:05 +0000

Create a Windows Virtual Machine
1. Configure Basics
2. Configure Disks
3. Configure Networking
Connect to Your VM via RDP
Install Web Server Role (IIS)
Increase the VM memory
Remove the Windows Server IIS

Step-by-Step Guide.

Step1:

Create a Windows Virtual Machine in Azure

To create a Windows Virtual Machine, in the search bar, type and select Windows Server.

On the page, click Create and select Virtual Machine.

Configure Basics

Project details: I will choose my subscription and resource group (or create a new one).
In this case, I will create a new one with the name RG
Instance details:
VM name (e.g., WebServerVM)
Region (I will choose the closest location )
Availability options: Leave default
Image: Windows Server 2025 Datacenter, which is the latest
Size: Choose an appropriate size (e.g., Standard B1s for testing)
Note If you use Standard B1s, there will be an error in the installation of the IIS Web Server. There are two ways to solve this challenge, first, from the creation choose the size from Standard_DS1_v2 and above.
Second, after creation, from the VM settings, increase the memory.

Configure Basics

Administrator account
This is where I will provide my login details, which will include
Username and Password
Confirm password
Inbound port rules
Select which virtual machine network ports are accessible from the public internet. You can specify more limited or granular network access on the Networking tab.
Public inbound ports:
None
Allow selected ports

Select inbound ports: You can select one or more.
RDP (3389) HTTP (80) HTTPS (443)
SSH (22)
This will allow all IP addresses to access your virtual machine. This is only recommended for testing. Use the Advanced controls in the Networking tab to create rules to limit inbound traffic to known IP addresses.

Configure Disks

Use defaults unless you have special requirements.
OS disk
OS disk size: The choice of disk size is dependent on your needs. but the Image default is(127 GiB)
OS disk type: This disk type is dependent on your workload, for the purpose of this web server i will use Standard SSD (locally-redundant storage).

Data disks for WebServerVM
You can add and configure additional data disks for your virtual machine or attach existing disks. This VM also comes with a temporary disk.

Create and attach a new disk.
To create a new disk, all you have to do is click on Create it will open another page where you can file Name
WebServerVM_DataDisk_0, choose Source type, then click on change size to choose the Size you need and select ok.

Attach an existing disk
When you click on attach, it will show you the list of existing disks you one

Configure Networking

A Virtual Network (VNet) is a software-defined network in the cloud that allows Azure resources (like virtual machines, databases, apps) to communicate securely with each other, with the internet, and with on-premises networks.
I will discuss more about Networking later.
Virtual network: New or existing
Subnet: Default
Public IP: Create new (name like webserverpublicip)
NIC network security group: Choose Basic or Advanced
If using basic, allow HTTP (Port 80) and RDP (Port 3389) by checking the boxes below.

Review and Create
Click Create

Step 2:

Connect to Your VM via RDP

Go to the VM Overview page

Once deployment is complete, click Connect > RDP
Download the RDP file.

From the Download, open the file and click connect

Once you are connected to your machine using remote desktop protocol(rdp) file and you are now on the desktop page, you can test your virtual machine for web server by copying the the public ip address and running it on a browser.

Note this may fail because of two things: one web server has not been installed, which is true in this case.
Two, if HTTP Inbound port rules have not been created or are set to deny.

Step 3:

Install Web Server Role (IIS)

Open Server Manager
When you log in to the VM, the Server Manager will open automatically after login, but if it does not, search for Server Manager in the search bar and click it.
Add Roles and Features
On Server Manager, in the top right corner, click on Manage, Add Roles and Features.

Follow the Wizard
Before You Begin : Next
Select installation type : Role-based or feature-based installation → Next

Select destination server : Pick your server → Next

Select server roles : Check Web Server (IIS)

A popup appears; accept adding required features
Select features : Leave default unless you need something specific
Confirm installation selections : Next
Install

Wait while IIS installs.

Note: The installation failed while installing it through the server manager because of low memory in the VM.

Likewise, installation through PowerShell

I install it through PowerShell, on the search bar type PowerShell, right click on it and select Run as administrator.

Once the PowerShell pane opens, type in the following code: Install-WindowsFeature Web-Server.

Note that it is case sensitive.
The start installation will be displayed

After the installation, you will see this

Note This installation failed because in the Instance details section on Size I Choose Standard B1s which have low memory.
As I said before, there are two ways to solve this challenge, first, from the creation choose the size from Standard_DS1_v2 and above.
Second, after creation, from the VM settings, increase the memory.

Increase the VM memory
Type PC and right-click on This PC/My Computer, click on Properties

On the next page, scroll to Advanced system settings and click it.

Under the Advanced tab → click Settings under Performance.

Go to the Advanced tab again → click Change under Virtual memory.

Uncheck Automatically manage paging file size for all drives .
Select the system drive (usually C:) → choose Custom size .
Set a larger Initial size (MB) and Maximum size (MB) .

Click ok on all the pop-ups, on the last one after clicking ok then click close.

I have increased my VM memory. I will restart the VM and go to the server manager and click on Manage, then Add Role and Feature, complete the steps, and this is the result

Remove the Windows Server IIS

From the Server Manager, select Manage, click Remove Roles and Features.

On Before you begin, click Next and Next

On the server Role, uncheck the box and click next and next

On the Confirmation, click Remove

The removal will be initiated

Removal completed

Now that I have increased the VM memory, let's install Windows Server IIS through PowerShell

I will install it through PowerShell again. In the search bar, type PowerShell, right click on it and select Run as administrator.

Once the PowerShell pane opens, type in the following code: Install-WindowsFeature -name Web-Server -IncludeManagementTools.

Note that it is case sensitive.
The start installation will be displayed

After the installation, you will see this.

Step 4:

Test the Web Server

copying the public IP address

searching it on a browser

Thanks for reading till the end, hope you learn something.
you can put your comment, Like and Share with your friends.

Active Directory Domain Services (Part 2)

Izuabueke Davidson Anujulu — Fri, 06 Jun 2025 21:59:21 +0000

Organizational Units (OUs)
Step by step guide to create Organizational Units (OUs)
Nested OUs
Create Users
Account Expiration
Create the User Admins group
Configure a user as a Protected User
Delegate Security Permissions
Configure City Attribute for a User
Configure Domain Password Policy
Configure Fine-Grained Password Policy
Enable Active Directory Recycle Bin
Configure security settings
Audit User Account Management in USA
Deny Log On As a Service

Organizational Units (OUs)
Organizational units are containers within a domain that are used to organize and manage objects like users, groups, computers, and other OUs. They are important in structuring and managing an Active Directory environment by allowing administrators to apply specific policies, delegate administrative tasks, and logically group objects.

Step by step guide to create Organizational Units (OUs)

On the top right side, locate Tools and click on it; on the drop-down, click on Active Directory Users and Computers.

once you open the Active Directory Users and Computers you will see your domain. If you click on it, you will now see a drop-down with some default OUs like built-in, Computer, Users etc.

Now let's create our own OUs
There are two ways you can create an OU.
First, you can create it by right-clicking on your domain name, select New, and then click on Organizational Unit and providing a name for your OU and click OK.

The second way is by highlighting your domain and go to the top and click on "Create a new organizational unit in the current container." You will see a pop-up; prove your OU name and click OK.

Nested OUs
The next thing we will do is to create three (3) nested OUs inside USA, which are Computer, Users, and Server.

I will use the same steps above to create two more UOs, which are the UK and France.

Create Users
To create a user, right-click on users, go to New, select user, provide the user's first name, last name, and user logon name.
select Next, provide password.
and click Finish.

I will use the same steps above to create two more users, one in the UK (Oliver Smith) and the other in France (Sophie Martin).

Account Expiration Date
You can set an expiring date for a user account if you are creating an account for a user that have a contract with an end date, it will be best to set the expiring date to the contract end date.

What Happens When a User Account Expires?

Authentication Fails :
The user will not be able to log in to any domain-joined computers.
They cannot access domain resources like shared folders, printers, or applications requiring domain authentication.
Mail Access (if using Exchange) :
If the user has an Exchange mailbox, they won’t be able to send or receive emails unless the mailbox is reconnected to another active account or accessed via delegation.
Access Revoked :
Any permissions or group memberships associated with the account are still present in AD, but the user can't use them until the account is re-enabled or the expiration date is updated.
To set account expiration, select the user OU. In the user OU, double-click the John white user account. In the Account tab, in the Account expires section, select End of: and set the date to Jan 1, 2030. Click OK.

Note: To log on as a user, you have to provide your user logon name and password, which at first you will change.

These two ways of creating both OUs, users, groups, etc., are ok; you can even use them to create nested OUs, etc. But I will recommend that you use the first method if you are a beginner. For instance, if you want to delegate control with the second method, you will highlight and then select the Action at the top before you see delegate, but with the first, you will just right click and select delegation of control

Create the User Admins group
Groups
There are three (3) scopes of groups, but we will focus on two: universal and global.

Universal Groups: This group covers all accounts from the domain in the same forest, including global groups in the same forest; for example, if you have two or three domains or even more in the same forest, both universal and global, and you create an IT group with the scope of universal, it will manage all the domains.
Global Groups: When you create a group with the scope of global, it will only apply to the domain where you created it in the same forest.

Group Types

There are two types of groups, which are security groups and distribution groups.

Distribution groups: It is used to create email distribution lists to send an email to a collection of users by using an email application like Exchange Server.
To create this group, right-click on users, go to New, select group, provide the group name, ensure distribution is selected, and click Ok.

Security groups: This group is used to assign permissions.
To create this group, right-click on users, go to New, select group, provide the group name (IT Admin), select Universal in group scope and ensure security is selected, and click Ok.

In the User OU, double-click the John White User account. In the Member Of tab, click Add.
Type IT Admin.
Click Check Names.
Click OK,

then click OK.

Configure a user as a Protected User
In this task, you configure the John White user account as a protected user.
** steps:**
In Demom.local, open Active Directory Users and Computers (or Administrative Center).
Navigate to the USA OU, select Users and double-click the John White User account. In the Member Of tab, click Add.
Type Protected Users. Click Check Names. Click OK,

then click OK.

Delegate Security Permissions to an OU to a security group

In this task, I will delegate the ability to reset passwords and force password change to the IT Admin group over accounts in the USA OU.
Steps:
Open Active Directory Users and Computers, In Demom.loca .
Right-click the USA OU and click Delegate Control.

On the Welcome page of the Delegation of Control Wizard, click Next.
Click Add and type IT Admin. Click Check Names. Click OK

and click Next.

On the Tasks to Delegate page, select the Reset user passwords and force password change at next logon option. Click Next.

Click Finish.

Configure City Attribute for a User

In this task, I will configure a city attribute for a user account and then use the Find attribute to verify that the user is present.

Open Active Directory Users and Computers, In Demom.loca.
Select the USA OU, select Users and right-click the John White user account, and click Properties.

In the Address tab of the John White properties, set the City field to USA and click OK.

In Active Directory Users and Computers, right-click Demom.local and click Find.

In the Advanced tab of the Find Users, Contacts, and Groups dialog box, select Field, then User, then City. Set Condition to Is (exactly). Set Value to USA. Click Find Now.
Click Yes on the Find in the Directory pop-up.

Verify that user John White is listed in the Search results.
Close the Find Users, Contacts, and Groups dialog box.

Disable the Oliver Smith User

In this task, I will disable the Oliver Smith user
Open Active Directory Users and Computers, in Demom.local. and then open the UK OU.
In the UK OU, select users and right-click Oliver Smith and click Disable Account.

Click OK.

Reset the password of the Sophie Martin User

In this task, you reset the password of the Sophie Martin user.
Open Active Directory Users and Computers, in Demom.local. and then open the France OU. select users and Right-click the Sophie Martin user and select Reset Password.

On the Reset Password dialog box, type the password Pa66w.rdPa66w.rd twice and select OK.

Click OK again in the dialog that notifies you that the password has been changed.

Configure Domain Password Policy

In this task, I will configure the domain password policy.
In the search bar of your Windows Server, Type Group Policy management. You will see a pop-up; click on Group Policy management.

In the Group Policy Management console, expand the Demom.local forest, the Domains folder, and the Demom.local domain, then Right-click Default Domain Policy and click Edit.

In the Group Policy Management Editor, navigate to Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy. Double-click the Minimum password length policy item, change the minimum number of characters to 14, click Ok, and then close the Group Policy Management Editor window.

Configure Fine-Grained Password Policy

In this task, I will configure a fine-grained password policy and apply it to the Domain Admins group.
In the search bar of your Windows Server, Type Active Directory Administrative Center. You will see a pop-up; click on Active Directory Administrative Center.

Under Overview, Click Demom (local).
In the Demom (local) pane, open the System container.
In the System container, open the Password Settings Container.

Right-click the Password Settings Container, click New, and then click Password Settings.

In the Name field, type Domain Admin Password Policy. Set the Precedence field to 1.
Set minimum password length to 16.
Click OK.

Open the new policy Domain Admins Password Policy.
In the Directly Applies to section, click Add, then type Domain Admins. Click Check Names and click OK.

Click OK.

Enable Active Directory Recycle Bin

In this task, I will enable the Active Directory Recycle Bin
In the search bar of your Windows Server, Type Active Directory Administrative Center. You will see a pop-up; click on Active Directory Administrative Center.

Click Demom (local) in the left pane.
In the right pane, select Enable Recycle Bin.
Click OK to dismiss the warning.

Click OK to dismiss the warning about replication latency.

Configure security settings

In this exercise, I will configure settings related to security, including disabling NTLM authentication for domain accounts, auditing account management activity, and denying log on as a service for members of a security group.

Restrict NTLM Authentication

In this task, I will restrict NTLM authentication.
In the search bar of your Windows Server, Type Group Policy management. You will see a pop-up; click on Group Policy management.

In the Group Policy Management console, expand the Demom.local forest, the Domains folder, and the Demom.local domain, then Right-click Default Domain Policy and click Edit.

Navigate to Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options.
Select and double-click Network security: Restrict NTLM: NTLM authentication in this domain.

Click the Define this policy setting check box.
Select the value Deny all and click OK.

Click Yes in the Confirm Setting Change dialog box.
Close the Group Policy Management Editor.

Audit User Account Management in USA

In this task, I will enable auditing of User Account Management in the USA OU
In the search bar of your Windows Server, Type Group Policy management. You will see a pop-up; click on Group Policy management.

Navigate to the USA OU, right-click and select Create a GPO in this domain, and link it here….

Name the new GPO UsaOUPolicy.
Click OK

Right-click UsaOUPolicy and select Edit.

Browse to Computer Configuration\Policies\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Account Management.
Select and double-click Audit User account management.

Click the Configure the following audit events check box.
Select the Success and Failure values and click OK.
Close the Group Policy Management Editor

Deny Log On As a Service

In this task, I will configure the Deny Log On As A Service security option.
In the search bar of your Windows Server, Type Group Policy management. You will see a pop-up; click on Group Policy management.

Browse to the USA OU and right-click UsaOUPolicy. Select Edit.

Browse to Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment.
Select and double-click the Deny Log on as a service policy.

Select the Define this policy setting.
Click Add User or Group.
Click Browse, click Advanced,

and then click Find now.
Select IT Admin group.
Click OK

Keep clicking on OK until dialogue boxes are closed (it may require four or five acknowledgements).

Thanks for reading till the end

Active Directory Domain Services (Part 1)

Izuabueke Davidson Anujulu — Wed, 16 Apr 2025 19:34:19 +0000

Active Directory Domain Services
Installing VMware Pro
Windows server ISO download
Creating New Virtual Machine inside VMware
Installing Active Directory

Active Directory Domain Services

Active Directory Domain Services is the backbone of a Windows-based network; it's a powerful tool for managing and securing a networked environment. It simplifies the administration of users, computers, and other resources while ensuring everything runs smoothly and providing robust security features to protect sensitive data.

Installing VMware Pro

VMware Workstation Pro (VMware Pro) is powerful virtualization software. It allows users to create, manage, and run multiple virtual machines (VMs) on a single physical machine. Each virtual machine operates as if it were a separate, independent computer with its own operating system (OS), applications, and resources.
Step by step installation of VMware Pro

Click on the link below https://knowledge.broadcom.com/external/article?articleNumber=368667
Scroll down to Resolution after clicking on the link follow the instruction for the registration

Windows server ISO download

What is an ISO file?
An ISO file is a type of disk image file that replicates the contents of a physical CD, DVD, or Blu-ray disc. It contains everything from the operating system files to installation scripts, tools, and other necessary components. You can use this file to create a bootable USB drive, burn it onto a DVD, or mount it directly in virtual machines like VMware Workstation Pro or Hyper-V.

Steps to download the ISO file.
You can download it by clicking on the link below
https://www.microsoft.com/en-us/evalcenter/download-windows-server-2022

Another way is by searching Windows Server 2022 on your Chrome browser and click on the first link

On the next page, click on download the ISO

It will take you to the next page, where you will register by filling out the form and clicking on Download.

Finally, click on ISO downloads
64-bit edition, download and finish the installation.

Creating a New Virtual Machine inside VMware

On your device, you will see VMware. Double-click on it, or click on the search bar and search for VMware and open it
When it opens, you will see create a new virtual machine Click on it and select Typical and click next
On the next page, select the installer disc image file and click on browse .4 This time, it will take the location where you downloaded your ISO file. If not, move to the directory, select the file, and click next to open it.
At this point, you have to choose the version of Windows Server you want to install, which is Windows Server 2022 Datacenter, then fill in your name and password and click on next and next.
On this page, you will choose the disc size you want depending on your device capacity, then select Split Virtual Disc, click on next and click finish
The next thing you will see is an error message that says, "Windows can not find the Microsoft Software License Terms. Make sure the installation sources are valid and restart the installation." Click OK and shut down by right-clicking on the Windows Server 2022 at the top left; you will see a drop-down. Go to Power, then Shut Down Guest.
the next Click Edit Virtual Machine setting Go to the floppy drive, uncheck Connect at power on, then select OK and power the machine on.
When you power the machine on Click next Next install now Choose the operating system you want to install.

Select next accept the term and select next

Custom: Install Microsoft Server Operating System only and select next on the new page, select next and allow it to install

At this point after you are done with the installation and restart the server, create your password and select finish

it will now show you new system where you will login as administrator with the password you created

On this page, make sure you allow your PC to be discoverable by other PCs and devices on this network by selecting Yes.

Installing Active Directory

To install Active Directory, go to Manager at the top right side, click it, and select Add Roles and Features.

On the next page, from before you begin to server selection, click next

when you get to server Roles, check Active Directory Domain Services, then click add features

On the features, make sure that Group Policy Management is selected. On AD DS select next then on Confirmation click install and wait for the installation to finish

After installation promote to domain controller

Deployment Configuration
In this configuration, we will add a new forest. on the root domain name add your preferred domain name make sure you add suffix (eg .local, .com etc) if you did not add the suffix, you will get an error

Domain Controller Options
on this page create a password and click next

DNS Options
on the DNS Options select next

From the Additional options, Paths, Review option select next when you get to Prerequisites Check select install.

After the installation, you will see a pop-up; close it. When you close it, the system will restart, and then you will have to sign in with your administrative password.

This is where I will stop on part 1. In part 2, I will continue from organization units (OUs) and others, but note: I used Windows Server 2022, but you can use the latest version. For virtualization, I used VMware; you can use your preferred one.
I will appreciate it if you can leave a comment and a like.

Let's dive into AWS, and understand the concepts of EC2, and create an instance to deploy our first application

Izuabueke Davidson Anujulu — Thu, 12 Dec 2024 10:32:36 +0000

WHAT IS EC2?

EC2 (Elastic Cloud Compute) is one of the most widely used and one of the most popular services that AWS provides. It allows users to rent virtual computers on which to run their own computer applications; it is elastic in nature, and because of that, it allows scalable deployment of applications by providing flexible and on-demand computing capacity.

EC2 instance types and their primary use cases:

General Purpose: These instances offer a balanced mix of compute, memory, and networking resources, making them suitable for a wide range of applications, such as web servers and databases. Examples include:
- M4, M5, M5n, M5zn, M6a, M6g, and M6i
Compute Optimized: These instances are designed for workloads that require high-performance processing, such as batch processing, scientific simulations, and high-traffic web servers. Examples include:
- C4, C5, C5n, C5a, C6a, C6g, and C7g
Memory Optimized: These instances are ideal for workloads that require large amounts of memory, such as databases, data analytics, and caching. Examples include:
- R4, R5, R5b, R5n, X1, X1e, and z1d
Storage Optimized: These instances are designed for workloads that require high-performance storage, such as databases, data warehouses, and file systems. Examples include:
- I3, I3en, D2, and H1
Accelerated Computing: These instances use hardware accelerators, such as GPUs, FPGAs, or ASICs, to accelerate specific workloads, such as machine learning, scientific simulations, and data analytics. Examples include:
- P2, P3, P4, G4, F1, and Inf1

Some key features of EC2:

Virtual Machines: EC2 provides virtual machines, known as instances, which can be used to run applications.
Scalability: EC2 allows users to scale up or down to handle changes in workload or traffic.
Flexibility: EC2 provides a range of instance types, including different sizes, types, and configurations.
On-demand: EC2 provides on-demand computing capacity, allowing users to quickly deploy and terminate instances as needed.
Security: EC2 provides a secure environment for running applications, with features such as firewall rules, access controls, and encryption.
Integration: EC2 integrates with other AWS services, such as S3, RDS, and VPC, to provide a comprehensive cloud computing platform.

EC2 instances use case:

Web servers: Running web servers, such as Apache or Nginx.
Databases: Running databases, such as MySQL or PostgreSQL.
Application servers: Running application servers, such as Tomcat or JBoss.
Batch processing: Running batch processing jobs, such as data processing or scientific simulations.
Machine learning: Running machine learning workloads, such as training models or making predictions.

Step-by-step guide to creating and deploying application

Log into the browser and search for AWS Console.
Create your account.
Log into the account after the creation. You will see something like the environment below.
in the search box, search for EC2 and select Virtual Servers in the Cloud.
To create an instance, you will see Launch instance at the top right side or scroll down, You will see Launch instance, then click on it.
click the box and give your instance a name e.g my "project"
click the Add additional tags button to add a tag to the instance. Tags are important and a good practice for identification.
below is the display of the tag box information
on the top right side you will see Stockholm click on it and choose Region.

Note: Why choose Region and availability zones The choice of region is important because of these
Company/government policy: the company may have a restriction that they don't want to put their data outside their country or zone
Latency: Latency is the time it takes for the request to reach an application and for the application and server to send a response back to you, if there is a delay that means there is high Latency, if there is no delay it means there is low Latency. For low Latency, creating your instance in the nearest availability zone is recommended.
Availability zone: to avoid downtime it is recommended to put your application in two availability zones so that if one is down the other will be working.
Scroll to the Application or OS image region to select the type of Image suitable for your operation

Select the kind of Instance that won't cost so much

Create a Key Value Pair by clicking on create and provide a name Note: The key-value pair or key pair is the most important thing and this key pair is the one that helps us to log into the instance, by default when you create an instance AWS does not provide your password, the password authentication to the instance is disabled by default the only way you can log into the instance is using key-value pair, what is key-value pair, it is the combination of the public-private key which you used to log into a specific instance, so the instance has a public key you will have the private key, using the private key you will log into the instance.
On the Network Security, Select Allow HTTP from the internet
On the Configure Storage, you can increase the memory.
Click the Launch icon.
It has successfully launched.
Click on RDP Client Icon.
Click on Download Remote Desktop file.
Go to the Desktop file to open it up.
Click on the Get password.
Click on upload a private key file.

Click on the Key Pair Downloaded and Open.
After the Download of the Key Pair, Decrypt the Password.
The Password after being Decrypt. Copy it, and Go to RDP File that has been downloaded to connect the EC2 Instance.

This is your instance environment.
on the search bar search for PowerShell in the EC2 instance environment, and run it as an Administrator.
On the PowerShell terminal install IIS webserver by running install-WindowsFeature -Name Web-Server -IncloudeManagementTools
Return to the instance you created copy your Public IP address and paste it into Browser.
The environment of the Browser.

Conclusion
By completing the steps in this guide, you have successfully set up a Windows EC2 instance on Amazon Web Services (AWS) and installed the Internet Information Services (IIS) web server. This accomplishment showcases the versatility and capabilities of AWS, providing a solid groundwork for hosting web applications in a cloud environment. With your IIS server now operational, you can proceed to customize configurations, deploy websites, and scale your instance as needed to accommodate increasing demands

Create a Linux VM Work on the IP & Connect

Izuabueke Davidson Anujulu — Tue, 15 Oct 2024 16:42:50 +0000

Setting up a virtual machine (VM) in the cloud is an important skill for system administrators, developers, and anyone looking to manage applications in a scalable and flexible environment. In this guide, I will walk you through the process of creating a virtual machine(VM) on Linux, dissociating the IP address, associating the IP Address, and also installing Node.js on the VM after connecting.

Step-by-Step Guide to Creating a Virtual Machine on (VM) Linux

Search for Virtual Machine and select it.
Create a new virtual machine (VM). Note when you click the create button choose the virtual machine hosted by Azure
Create a resource group, a resource group container that holds our virtual machine.
let's give our VM the name of mylinux, you can select a Region or use the default.
choose an Image. Note The image is important because it is what defines the type of VM we are creating, so we will choose Ubuntu Server 24.04 LTS
Create an Administrator Account. There are two types of accounts, account with SSH public key and account Password, we will Use account Password and use Azureuser for the username and Password1234 for the password.
Select Inbound Port Rules. Select SSH and HTTP (80), with SSH you will connect a Linux VM through window powershell or command line interface (CLI), but with HTTP you will access it through the browser.
Then select Review + Create. if there is no omission or error it will show Validation passed
Then select Create.

Step-by-step guide to dissociating the IP address and associating the IP Address.
Selete go to resource to access your virtual machine (VM)
this is your virtual machine and IP address

Before we start dissociating the IP address and associating the IP Address back Note that when dissociating a dynamic IP address it will go back to the Azure IP pool and the risk is that when you want to associate it back you will not be assigning the same IP address so it will result in creating new IP, then you will lose the configurations on your virtual machine. So The first thing you will do is to make sure that your IP is a static IP address.
Search and click on public IP address
Select your IP address
locate dissociate click and confirm it
locate associate click on it Resource type select the network interface on the network interface select your IP and confirm it

Connect to the Linux Virtual machine

On your virtual machine (VM) locate and copy your public IP address
Open PowerShell on your system and type ssh username@IP click enter to connect your VM

go to your VM locate your public IP click on it and expand the Idle timeout to 30 so that you will not be timedout and save changes
On your PowerShell, you will be asked if you are sure you want continue to connecting Enter yes and then your password (password will not be visible while typing in Linux).
Change your directory to root using the command - sudo su.
Run the following commands to ensure the package list is up-to-date: sudo apt update Install Node.js on a Linux Server
Type the command sudo apt install apt nodejs npm after some update you will be asked do you want to continue enter yes(y)
Congratulations you have installed Node.js, to Verify the installation: type node -v npm -v

By following these steps, you’ve successfully created a Linux VM in Azure, dissociated the IP address, associated the IP Address, and installed Node.js. This setup is ready for hosting web apps, APIs, microservices, real-time applications, and more. You can integrate it with Azure’s ecosystem of services for databases, networking, storage, and monitoring while enjoying the flexibility of scaling your solution as needed.

Provide storage for the public website

Izuabueke Davidson Anujulu — Mon, 30 Sep 2024 12:47:10 +0000

What do we mean by public storage

Let us first understand what storage is: it is a container where data are stored and controlled, the data can be structured, unstructured, or semi-structured and the data can be either public or private.
When storage is public it means that anyone can access the data in it without needing permission, requiring customers to login or being restricted

The aim is for anyone who has access to the website or clicks on the URL can view all the data on the website without restriction.

Create a storage account with high availability.

LET ME SHOW YOU STEP BY STEP

Create a storage account to support the public website.
In the portal, search for and select Storage accounts.

Select + Create.

For resource group select new. Give your resource group a name and select OK
Set the Storage account name to publicwebsite. Make sure the storage account name is unique by adding an identifier.
Take the defaults for other settings: meaning all other settings should remain the way they are. -Select Review and then Create.
Wait for the storage account to deploy, and then select Go to resource 2 . This storage requires high availability if there’s a regional outage. Additionally, enable read access to the secondary region, Learn more about storage account redundancy
In the storage account, in the Data management section, select the Redundancy blade.
Ensure Read-access Geo-redundant storage is selected.
Review the primary and secondary location information. 3 . Information on the public website should be accessible without requiring customers to login.
In the storage account, in the Settings section, select the Configuration blade.
Ensure the Allow blob anonymous access setting is Enabled. The reason for enabling Allow blob anonymous access is to make it accessible to all without restriction and this is what makes the storage public, so if you miss it will no longer be public storage but rather private.
Be sure to Save your changes.

Create a blob storage container with anonymous read access
1 . The public website has various images and documents. Create a blob storage container for the content.

In your storage account, in the Data storage section, select the Containers blade -Select + Container.
Ensure the Name of the container is public
Select Create 2 . Customers should be able to view the images without being authenticated. Configure anonymous read access for the public container blobs.
Select your public container.
On the Overview blade, select Change access level.
Ensure the Public access level is Blob (anonymous read access for blobs only). Select OK Practice uploading files and testing access. 1 . For testing, upload a file to the public container. The type of file doesn’t matter. A small image or text file is a good choice.
Ensure you are viewing your container
Select Upload.
Browse to files and select a file. Browse to a file of your choice.

Select Upload.
Close the upload window, Refresh the page and ensure your file was uploaded. 2 . Determine the URL for your uploaded file. Open a browser and test the URL.
Select your uploaded file
On the Overview tab, copy the URL.
Paste the URL into a new browser tab.
If you have uploaded an image file it will display in the browser. Other file types should be downloaded.

Configure soft delete
1 . It’s important that the website documents can be restored if they’re deleted. Configure blob soft delete for 21 days.

Go to the Overview blade of the storage account.
On the Properties page, locate the Blob service section.
Select the Blob soft delete setting.
Ensure the Enable soft delete for blobs is checked.

Change the Keep deleted blobs for (in days setting is 21).
Notice you can also Enable soft delete for containers.
Don’t forget to Save your changes 2 . If something gets deleted, you need to practice using soft delete to restore the files.
Navigate to your container where you uploaded a file.
Select the file you uploaded and then select Delete.
Select OK to confirm deleting the file.
On the container Overview page, toggle the slider Show deleted blobs. This toggle is to the right of the search box.
Select your deleted file, and use the ellipses on the far right, to Undelete the file.
Refresh the container and confirm the file has been restored.

Configure blob versioning
1 . It’s important to keep track of the different website product document versions.

Go to the Overview blade of the storage account.
In the Properties section, locate the Blob service section
Select the Versioning setting
Ensure the Enable versioning for blobs checkbox is checked.

Notice your options to keep all versions or delete versions after. Don’t forget to Save your changes. 2 . As you have time experiment with restoring previous blob versions.
Upload another version of your container file. This overwrites your existing file.
Your previous file version is listed on Show deleted blobs page. These are just simple steps on how we achieve the task of creating storage for the public website. Note that what makes any public storage public is enabling blob anonymous access.

Provide storage for the IT department testing and training

Izuabueke Davidson Anujulu — Fri, 27 Sep 2024 12:50:37 +0000

What is Azure storage?

Azure Storage, offered by Microsoft Azure, is a cloud storage solution that provides a range of services for storing and controlling data in the cloud. It is compatible with various forms of data, such as structured, unstructured, and semi-structured data, and is built for superior availability, durability, and scalability.

Below are the essential elements of Azure Storage:

Blob Storage: Employed to store vast quantities of disorganized data, like pictures, films, and backups. It provides different access tiers to help with managing costs.
Data Storage: Offers completely managed file shares in the cloud, accessible through the SMB (Server Message Block) protocol. This is beneficial for applications requiring shared file storage.
Queue Storage: A service that stores and retrieves messages between application components, enabling asynchronous communication.
Table Storage: An NoSQL key-value database for partially-structured information, offering quick retrieval and expansion for high-performance storage needs.
Storage for Disks: Utilized for virtual machine (VM) disks, providing both managed and unmanaged disks for Azure VMs.
Azure Data Lake Storage is a dedicated service designed for big data analysis, offering a hierarchical namespace and enhancements for extensive analytics tasks.

Azure Storage is connected with various Azure services, allowing users to create applications that can scale and withstand challenges. It provides features such as encryption, redundancy choices, and access control to guarantee data security and compliance.

Here are the steps to set up storage for the IT department's testing and training activities:

Step 1. Create a resource group and a storage account.
A resource group is a container used to organize and manage related resources in cloud computing environments.

In the Azure portal, search for and select Resource groups.

Select + Create.
Give your resource group a name. For example, storagerg.

Select a region. Use this region throughout the project.
Select Review and Create to validate the resource group.

Select Create to deploy the resource group.

Step 2. Create and deploy a storage account to support testing and training.

In the Azure portal, search for and select Storage accounts.

Select + Create.

On the Basics tab, select your Resource groups
Provide a Storage account name. The storage account name must be unique in Azure.

Set the Performance to Standard.

Select Review, and then Create.

Wait for the storage account to deploy and then Go to the resource.

Configure simple settings in the storage account.

Step 1 The data in this storage account doesn’t require high availability or durability. A lowest cost storage solution is desired.

In your storage account, in the Data management section, select the Redundancy blade.
Select Locally-redundant storage (LRS) in the Redundancy drop-down.
Be sure to Save your changes.
Refresh the page and notice the content only exists in the primary location. Step2. The storage account should only accept requests from secure connections.
In the Settings section, select the Configuration blade.

Ensure the Secure transfer required is Enabled.

Step3. Developers would like the storage account to use at least TLS version 1.2.

In the Settings section, select the Configuration blade.

Ensure the Minimal TLS version is set to Version 1.2

Step 4. Until the storage is needed again, disable requests to the storage account. Learn more about disabling shared keys.

In the Settings section, select the Configuration blade

Ensure Allow storage account key access is Disabled.
Be sure to Save your changes.

Conclusion

Setting up Azure Storage for the IT department's testing and training needs provides a secure, scalable, and cost-effective environment that supports learning and development activities in a real-world cloud context. Through this guide, we've walked through the essential steps to configure a customized storage solution using Microsoft Azure — from creating a resource group to deploying and securing a storage account with tailored settings.

By selecting Locally Redundant Storage (LRS) , we ensured minimal costs while maintaining sufficient durability for non-production use. Enforcing secure transfer and setting the minimum TLS version to 1.2 helped align the configuration with modern security standards. Disabling shared key access added an extra layer of control, allowing the team to manage access effectively and disable it when the storage is not in use.

This setup not only meets the immediate requirements of the IT department but also serves as a practical learning tool for understanding Azure’s cloud capabilities, making it highly relevant for professionals aiming to grow in #devops, #cloud, and broader #career paths. It reinforces best practices around resource organization, security, and cost management, all of which are crucial skills in today’s cloud-driven IT landscape.

In summary, this article demonstrates how to efficiently deploy and configure Azure Storage to support internal training and testing, while also contributing to long-term skill development and operational readiness in cloud environments.

Concepts in cloud computing

Izuabueke Davidson Anujulu — Wed, 25 Sep 2024 13:15:47 +0000

What is cloud computing?

Cloud computing is a technology that allows users to access and store data, applications, and services online, removing the need for physical servers or personal computers. This makes things more flexible, scalable, and convenient, enabling businesses and individuals to use resources like computing power, storage, and apps whenever needed, without relying on physical hardware.

Key Features:

On-Demand Access: Users can use services when needed without needing assistance from the provider.
Access Across Devices: Services can be accessed via the Internet on smartphones, tablets, and laptops.
Shared Resources: Cloud providers distribute resources across multiple users, adjusting them dynamically as needed.
Scalability: Users can easily increase or decrease their resources depending on their needs.
Pay-as-You-Go: Cloud usage is tracked, and users only pay for the amount of service they use.

Types of Cloud Services:

Infrastructure as a Service (IaaS): Provides online access to virtual computing resources like storage and networking. Examples include Amazon Web Services (AWS) and Microsoft Azure.
Platform as a Service (PaaS): Offers a platform for developers to create, test, and launch applications without managing infrastructure. Examples include Google App Engine and Heroku.
Software as a Service (SaaS): Delivers software applications over the internet, which users can access through their browsers without installing anything. Examples include Gmail, Dropbox, and Salesforce.

Cloud Deployment Models:

Public Cloud: Services are provided over the public internet and shared among various organizations, managed by companies like AWS, Microsoft, or Google.
Private Cloud: This model is reserved for one organization, offering greater control and security. It can be hosted either internally or by a third party.
Hybrid Cloud: A combination of public and private clouds, allowing data and applications to move between the two. It allows businesses to keep sensitive data private and use public resources for less critical needs.

Benefits of Cloud Computing:

Cost-Efficiency: Reduces the need for heavy investment in physical hardware.
Scalability: Resources can be quickly scaled up or down depending on demand.
Reliability: Cloud services often include backup and disaster recovery solutions.
Flexibility: Accessible from any location with an internet connection.
Security: Advanced security protocols are often implemented by cloud providers.

Cloud computing has revolutionized industries by promoting faster innovation, lowering costs, and allowing businesses to focus more on their core activities rather than managing IT systems.

What is Virtualization?

Virtualization is a technology that lets you create virtual versions of physical hardware, like servers, storage, or networks. Instead of one physical machine doing a single job, virtualization allows that machine to run multiple virtual machines (VMs) at once, each with its own operating system and apps, as if they were separate computers.

A special software called a hypervisor helps split a computer's resources into these independent environments. This way, businesses can get more out of their hardware, save money, and be more flexible, as different tasks or applications can run on the same server without any issues.

In summary, virtualization turns one physical computer into several "virtual computers," making IT systems more efficient and adaptable.

Scalability

Scalability is the ability of a system to expand or contract in response to demand or needs. In a nutshell, it refers to how easily a system—be it an application, network, or company—can handle higher workloads or user counts when necessary or reduce resources when demand drops.

For example, with cloud computing, the system may handle an unexpected spike in website traffic by adding more servers. When the amount of traffic decreases, it can scale down to require fewer servers. This guarantees that the system runs smoothly and that no resources are wasted.

Agility

Agility is the capacity to adjust and swiftly change positions as required. In the business world or in the realm of technology, it entails being adaptable and quick to react to changes, such as adapting to fresh customer needs, market shifts, or technological progressions. The key is to make quick decisions, swiftly implement changes, and remain flexible in a dynamic environment.

For instance, an agile business may quickly modify its plans, tactics, or workflows to meet new demands and stay ahead of the curve.

High Availability

high availability is when a system, application, or service is consistently operational, minimizing any potential downtime. It guarantees that in case of an issue such as a server crash or network problem, the system will still function with minimal disruptions. This is frequently achieved by having backups or additional resources prepared to replace any failed components, ensuring seamless operation.

Fault Tolerance

Fault tolerance refers to a system's ability to keep running smoothly even when part of it fails or encounters problems. In other words, if something goes wrong, like a server breaking down or a software error, the system can still function without crashing or losing data. This feature is essential for creating strong and dependable cloud solutions, ensuring consistency and reducing downtime.

Global Reach

This refers to the capability of reaching out to users globally and providing services or applications. By having data centers located in multiple countries and regions, cloud providers allow businesses to easily reach customers no matter their location.

The main distinction between elasticity and scalability in cloud computing is in their approach to managing resources according to demand.

1 Scalability is the system's capacity to manage growing workloads through the addition of resources, whether by improving current hardware (vertical scaling) or incorporating additional machines (horizontal scaling). Typically, scalability is carefully orchestrated for the future. It guarantees that the system can expand to accommodate rising demands without facing any performance problems.

Example: A business expands gradually and increases the number of servers to accommodate its increasing user population.

2 Elasticity refers to the capacity to adjust resources in response to live demand. It is a process that is more active and self-regulating, occurring in response to changes in workload. The system immediately adapts to fluctuations in demand to prevent resources from being wasted during periods of low demand.

Example: A sudden increase in web traffic during a sale prompts the e-commerce site to automatically allocate additional resources to manage the higher load. After the sale is over, it decreases in size to cut expenses.

In conclusion:

Scalability involves increasing or decreasing capacity in a strategic manner to accommodate future needs.
Elasticity refers to the ability to automatically adapt resources in order to meet sudden shifts in demand.

DEV Community: Izuabueke Davidson Anujulu

Node.js DevOps Pipeline – Docker, CI/CD, Kubernetes, Azure

Table of Contents

1. Prerequisites

2. Set Up Git for Version Control

3. Build the Node.js Web App

4. Testing Setup

5. CI/CD with GitHub Actions

6. Docker Configuration

Step 7: Essential Configuration Files

8. Development with Docker Compose

9. Test Everything Locally

Test endpoints:

10.Docker Commands

Docker Compose Run

11. CI/CD with Deployment

12. Kubernetes Deployments

Step 13: Complete Deployment Workflow

Step 14: Deploy to Azure Web Apps via Azure Portal

App service plan

App Services

Configure secure access to your workloads using Azure networking

Table Of Contents

Introduction

Create and configure virtual

Configure a peer relationship between the virtual networks.

Create and configure network security groups.

Create Application Security Group

Create and Associate the Network Security Group

Associate the NSG with the app-vnet backend subnet.

Create Network Security Group rules

Create and configure Azure Firewall

Configure network routing

Create DNS zones and configure DNS settings

HOW TO CREATE A WEB SERVER AND INSTALL SERVER ROLE ON A WINDOWS VIRTUAL MACHINE

Table Of Contents

Step-by-Step Guide.

Create a Windows Virtual Machine in Azure

Configure Basics

Configure Basics

Configure Disks

Configure Networking

Connect to Your VM via RDP

Install Web Server Role (IIS)

Remove the Windows Server IIS

Test the Web Server

Active Directory Domain Services (Part 2)

Table Of Contents

Step by step guide to create Organizational Units (OUs)

Delegate Security Permissions to an OU to a security group

Configure City Attribute for a User

Disable the Oliver Smith User

Reset the password of the Sophie Martin User

Configure Domain Password Policy

Configure Fine-Grained Password Policy

Enable Active Directory Recycle Bin

Configure security settings

Restrict NTLM Authentication

Audit User Account Management in USA

Deny Log On As a Service

Active Directory Domain Services (Part 1)

Table of Contents

Active Directory Domain Services

Installing VMware Pro

Windows server ISO download

Creating a New Virtual Machine inside VMware

Installing Active Directory

Let's dive into AWS, and understand the concepts of EC2, and create an instance to deploy our first application

WHAT IS EC2?

Create a Linux VM Work on the IP & Connect

Step-by-Step Guide to Creating a Virtual Machine on (VM) Linux

Provide storage for the public website

What do we mean by public storage

Create a storage account with high availability.

Provide storage for the IT department testing and training

What is Azure storage?

Here are the steps to set up storage for the IT department's testing and training activities:

Configure simple settings in the storage account.

Conclusion

Concepts in cloud computing