DEV Community: kasi suresh

RAG

kasi suresh — Mon, 21 Jul 2025 17:59:31 +0000

What is RAG in Gen AI — and Why Should You Care?

RAG = Retrieval-Augmented Generation

It’s a game-changer when it comes to combining LLMs + real-time data.
Instead of just relying on pre-trained knowledge, RAG allows your AI to fetch relevant context from your data (PDFs, docs, databases) before answering a question.

Example:

You ask: “What’s our Azure cost trend last quarter?”
Traditional LLM: “I don’t have real-time data.”
RAG-powered LLM: Fetches your cost reports → reads them → gives a context-aware answer.

How It Works (Simplified):

User Question →
Retrieve relevant chunks from your data using embeddings →
Feed into LLM as context →
LLM generates a much more accurate + personalized response

Why It Matters:
Keeps LLMs up-to-date
Reduces hallucinations
Makes GenAI enterprise-ready

Want to explore RAG with a practical lens?
Check out the full post: kasdevtech.com/ai/rag

Azure Private Endpoints for Secure Networking

kasi suresh — Thu, 17 Jul 2025 18:21:56 +0000

What is a Private Endpoint?#

A Private Endpoint in Azure allows you to connect to Azure services (like Storage, SQL, CosmosDB, etc.) over a private IP inside your Azure Virtual Network (VNet), instead of using the public internet.

Think of it as a private IP address for an Azure service. This ensures:

No traffic goes over the internet
Improved security (zero public exposure)
You can apply NSG, firewall, and custom routing
When to Use Private Endpoints?

Scenario Private Endpoint Recommended?
Critical data (PII, financial, healthcare) Yes
Internal line-of-business apps Yes
Public APIs serving global customers No — consider public endpoint
Hybrid network (on-premises + Azure) Yes
Regulatory/compliance (GDPR, HIPAA, PCI) Yes
Common Use Cases:

Azure Storage Account
Azure SQL Database
Azure Cosmos DB
Azure App Services (via Private Link)
Azure Key Vault
Step-by-Step Example: Secure a Storage Account with Private Endpoint

a) Prerequisites

Azure Subscription
Existing Virtual Network (VNet)
Existing Storage Account
b) Architecture Diagram

Azure VNet → Subnet (10.0.1.0/24) → Private IP (e.g. 10.0.1.5) for Storage Account → Private Endpoint → VNet

c) Step 1: Create a Private Endpoint

CLI Example:

Variables

RG_NAME="demo-rg"
VNET_NAME="demo-vnet"
SUBNET_NAME="demo-subnet"
STORAGE_NAME="mystorageaccountxyz"

Create Private Endpoint

az network private-endpoint create \
--resource-group $RG_NAME \
--name pe-storage \
--vnet-name $VNET_NAME \
--subnet $SUBNET_NAME \
--private-connection-resource-id $(az storage account show --name $STORAGE_NAME --query id -o tsv) \
--group-id blob \
--connection-name pe-conn-storage

d) Step 2: Create Private DNS Zone

az network private-dns zone create \
--resource-group $RG_NAME \
--name "privatelink.blob.core.windows.net"

Link the DNS zone with your VNet

az network private-dns link vnet create \
--resource-group $RG_NAME \
--zone-name "privatelink.blob.core.windows.net" \
--name "dns-link-storage" \
--virtual-network $VNET_NAME \
--registration-enabled false

Add A record for Storage Account

az network private-dns record-set a create \
--name $STORAGE_NAME \
--zone-name "privatelink.blob.core.windows.net" \
--resource-group $RG_NAME
Tip: Auto-managed if you use Azure Portal Private Link center.

e) Step 3: Restrict Public Network Access
az storage account update \
--name $STORAGE_NAME \
--resource-group $RG_NAME \
--default-action Deny
Now, only traffic from the private endpoint in VNet is allowed!
Testing with Private IP Only

a) From VM inside VNet

nslookup should resolve to private IP

nslookup mystorageaccountxyz.blob.core.windows.net

Test connectivity

curl https://mystorageaccountxyz.blob.core.windows.net
b) From outside VNet (should fail)

From your laptop or public IP

curl https://mystorageaccountxyz.blob.core.windows.net

Expected: Access denied or timeout

Summary

Private Endpoints help you securely access Azure services inside your VNet
No public IP needed
Great for internal, sensitive, or regulated workloads
Works across Azure Storage, SQL, CosmosDB, Key Vault, App Services, and more

When DNS Broke Our Azure App — and Everything Looked Healthy

kasi suresh — Thu, 17 Jul 2025 18:16:35 +0000

When DNS Broke Our Azure App — and Everything Looked Healthy

This one was sneaky.
Azure App Gateway — healthy
App Service — running
AFD probes — green
Logs — clean

But users were timing out. Pages were loading slow. Something was off.

The Issue with ?
Private DNS Zone wasn’t linked to the right VNet.
Our backend API (moved behind a Private Endpoint) couldn’t resolve the FQDN.
No error — just quiet timeouts.

Fix Applied:
Linked the right Private DNS Zone to staging VNet
Cleared stale records
Restarted the App Service to reset DNS cache

Learnings:
In Azure, DNS issues don’t always throw errors — sometimes they just break user experience silently.
Always double-check:
DNS zone links
NSG + UDR routing
App-level DNS caching
Have you been bitten by DNS in the cloud? Let’s share battle scars

Azure #KasdevTech #DNSIssue #PrivateEndpoints #AzureWorld #MicrosoftCloud #AppService #DevOps #CloudNetworking #Troubleshooting