CloudOps Camp

Monday, January 13, 2025

Azure Networking Advanced

Azure provides advanced networking services that enhance traffic management, security, and connectivity for your cloud applications and infrastructure.

1. Azure Application Gateway & Web Application Firewall (WAF)

Azure Application Gateway is a web traffic load balancer designed for managing and routing traffic to web applications, with built-in protection via the Web Application Firewall.

Key Features:

Load Balancing: Distributes incoming HTTP/HTTPS traffic across multiple backend servers to prevent overload.
SSL Termination: Offloads SSL decryption/encryption to the gateway, improving backend server efficiency.
Web Application Firewall (WAF): Protects applications from common web vulnerabilities like SQL injection, cross-site scripting, and other OWASP threats.

2. Azure Load Balancer

Azure Load Balancer handles distributing network traffic to ensure availability and responsiveness for your services.

Key Features:

Load Balancing Algorithms: Supports round-robin, least connections, and other algorithms to efficiently distribute traffic.
Integration with Availability Sets: Works with availability sets to ensure high availability of applications.
Inbound and Outbound Traffic: Balances both incoming and outgoing network traffic.

3. Azure DNS

Azure DNS is a scalable and reliable DNS hosting service that uses Azure’s global infrastructure.

Key Features:

Domain Hosting: Hosts domain names and resolves DNS queries within Azure.
Seamless Integration: Works easily with other Azure services such as App Service and Traffic Manager.
Global Reach: Provides low-latency DNS responses worldwide due to Microsoft’s global network.

4. Azure Firewall

Azure Firewall is a fully managed, stateful firewall service designed to secure your Azure Virtual Network.

Key Features:

Stateful Inspection: Monitors and filters traffic based on established connections and rule sets.
Application FQDN Filtering: Allows filtering based on fully qualified domain names (FQDNs) for enhanced control.
Threat Intelligence: Integrates threat intelligence feeds to detect and block traffic from known malicious IP addresses and domains.

5. Virtual Network Peering & VNet Gateway

Virtual Network Peering

Virtual Network Peering connects two Azure VNets, allowing them to communicate as if on the same network.

Global VNet Peering: Supports peering across Azure regions.
Low Latency: Traffic flows directly between VNets without routing over the internet.
No Bandwidth Bottlenecks: Uses Azure backbone for fast, secure connectivity.

VNet Gateway

VNet Gateway enables secure communication between Azure VNets and on-premises networks.

Site-to-Site VPN: Establishes an encrypted VPN tunnel for connecting on-premises networks to Azure.
Point-to-Site VPN: Allows individual clients to securely connect to Azure resources remotely.

6. Azure VPN Gateway

Azure VPN Gateway provides secure, scalable VPN connectivity between on-premises networks and Azure.

Key Features:

IPsec/IKE Protocols: Ensures encrypted and secure communication over the internet.
High Availability: Supports active-active and active-passive gateway configurations.
BGP Routing: Supports Border Gateway Protocol for dynamic routing between networks.

Summary Table

Service	Purpose	Key Benefits
Application Gateway & WAF	Web traffic load balancing + protection	SSL offload, WAF protection
Azure Load Balancer	Network traffic load balancing	High availability, multiple algorithms
Azure DNS	Domain hosting and DNS resolution	Global reach, integration with Azure
Azure Firewall	Managed network security	Stateful filtering, threat intelligence
Virtual Network Peering	Connects VNets for seamless communication	Low latency, global peering
VNet Gateway	Secure connectivity between Azure and on-premises networks	Site-to-site and point-to-site VPN
Azure VPN Gateway	VPN connectivity with encryption and dynamic routing	Secure IPsec tunnels, BGP support

Friday, January 10, 2025

Azure Networking provides the foundational infrastructure to connect, secure, and manage communication between Azure resources and on-premises systems. A core component of this is the Virtual Network (VNet), which enables private, secure communication in the cloud.

1. Virtual Network (VNet)

A Virtual Network in Azure is a logically isolated section of the Azure cloud. It allows Azure resources like virtual machines (VMs) and services to securely communicate with each other, the internet, and on-premises environments.

Key Features of VNets:

Isolation: VNets are isolated from each other, allowing complete control over your networking environment.
Subnetting: Divide VNets into subnets to organize resources and control traffic flow.
Address Space: Each VNet is assigned an IP address range using CIDR (Classless Inter-Domain Routing) notation.

2. Subnets and CIDR

Subnets

Subnets are segments of a Virtual Network, used to:

Organize resources by function or application tier (e.g., web, app, database).
Control traffic routing and security boundaries.

CIDR (Classless Inter-Domain Routing)

CIDR notation defines the IP address range of a VNet or subnet.
Example: 10.0.0.0/16 for a VNet, and 10.0.1.0/24 for a subnet within it.

3. Routes and Route Tables

Routes

Routes determine how network traffic is directed within Azure networks or to external destinations.

A route includes a destination prefix and a next hop (such as a virtual appliance, VPN gateway, or internet).

Route Tables

Collections of user-defined routes.
Associated with subnets to override default Azure routing and implement custom traffic flows.

4. Network Security Groups (NSGs)

NSGs are used to control inbound and outbound traffic to Azure resources at the subnet or NIC (network interface) level.

Key Features:

Security Rules: Each rule defines traffic allowance or denial based on source/destination IP, port, and protocol.
Default Rules: NSGs include default rules to allow traffic within the VNet and restrict internet access.
Associations: NSGs can be applied to subnets and/or individual NICs for granular control.

5. Application Security Groups (ASGs)

ASGs provide a more scalable and manageable approach to applying security rules.

Key Features:

Simplified Rule Management: Group VMs by application role (e.g., web servers, database servers) instead of IP addresses.
Dynamic Membership: VM membership in ASGs can be managed using tags or other attributes.
Flexible Rule Assignment: NSG rules can reference ASGs directly, allowing for cleaner and scalable security policies.

Summary

Component	Purpose
VNet	Creates isolated network environments in Azure
Subnet	Segments the VNet for logical grouping and traffic control
CIDR	Defines IP address range using prefix notation
Route Table	Customizes traffic routing between subnets and outside Azure
NSG	Secures network traffic using access rules
ASG	Groups VMs by role for simplified NSG rule management

Wednesday, January 8, 2025

Types of Virtual Machines on Azure

Azure offers a wide range of Virtual Machine (VM) types to support various workloads and performance needs. Each VM series is tailored with specific configurations for compute, memory, storage, or GPU-intensive tasks.

1. General Purpose VMs

Example: Standard_D2s_v3
Description: These VMs offer a balanced ratio of CPU to memory, suitable for everyday workloads and general tasks.
Use Case: Ideal for web servers, small to medium databases, application servers, and development/testing environments.

2. Compute Optimized VMs

Example: Standard_F2s_v2
Description: Designed for compute-heavy workloads, these VMs offer high CPU performance relative to memory.
Use Case: Suitable for batch processing, gaming servers, data analysis, and any CPU-intensive applications.

3. Memory Optimized VMs

Example: Standard_E16s_v3
Description: These VMs provide a high memory-to-CPU ratio, making them ideal for memory-demanding applications.
Use Case: Perfect for in-memory databases, caching solutions, and data analytics workloads.

4. Storage Optimized VMs

Example: Standard_L8s_v2
Description: Built for high disk throughput and low latency, these VMs are optimized for heavy I/O operations.
Use Case: Ideal for big data applications, large-scale databases, data warehousing, and log processing.

5. GPU VMs

Example: Standard_NC6s_v3
Description: Equipped with one or more Graphics Processing Units (GPUs), these VMs are used for parallel processing and graphic-intensive workloads.
Use Case: Best suited for machine learning training, AI model inference, 3D rendering, and video editing.

6. High-Performance Compute (HPC) VMs

Example: Standard_H16r
Description: These VMs are engineered for workloads requiring high throughput and low latency with large-scale parallel processing capabilities.
Use Case: Ideal for scientific simulations, engineering workloads, and financial modeling that demand high computational power.

7. Burstable VMs

Example: B1s
Description: These VMs offer a low-cost option with baseline CPU performance and the ability to burst for higher workloads when needed.
Use Case: Great for small websites, microservices, low-traffic apps, or development/testing where CPU usage is variable.

Choosing the Right VM Type

When selecting a VM in Azure, consider:

Workload Type: Choose based on whether your application is compute, memory, storage, or GPU-intensive.
Performance Requirements: Identify whether you need consistent performance or occasional bursts.
Budget Constraints: Use burstable VMs for cost-effective solutions with intermittent usage patterns.
Scalability Needs: Ensure your selected VM type supports scaling vertically (changing size) or horizontally (adding more VMs).

Tuesday, January 7, 2025

Virtualization: An In-Depth Explanation

Background

Traditionally, a physical server runs a single operating system with applications installed directly on it. This model has limitations such as underutilized hardware, complex management when handling many servers, and difficulty scaling.

Virtualization solves these problems by adding a layer of abstraction between physical hardware and the operating system. It allows multiple virtual instances, each running its own OS and applications, to coexist on a single physical server. This technology is foundational in modern data centers and cloud computing.

Components of Virtualization

1. Hypervisor (Virtual Machine Monitor):

The hypervisor is the software layer that manages the physical hardware and allocates resources to multiple virtual machines (VMs).
There are two types of hypervisors:
- Type 1 (Bare-metal): Runs directly on the physical hardware (e.g., Microsoft Hyper-V, VMware ESXi).
- Type 2 (Hosted): Runs on top of an existing operating system (e.g., VMware Workstation, Oracle VirtualBox).

2. Virtual Machines (VMs):

VMs are the isolated virtual instances created by the hypervisor. Each VM acts like an independent computer with its own virtual CPU, memory, storage, and networking.
Multiple VMs can run simultaneously on a single physical server, maximizing resource use.

Key Concepts in Virtualization

Server Virtualization:
A physical server is divided into multiple VMs, each running its own OS, improving hardware utilization and simplifying server management.
Resource Pooling:
Physical resources such as CPU, memory, and storage are pooled and dynamically assigned to VMs based on demand.
Isolation:
VMs run independently, ensuring that faults or security issues in one VM do not impact others.
Snapshotting and Cloning:
Snapshots capture the state of a VM at a specific time for easy backup and recovery. Cloning allows rapid duplication of VMs for scaling or testing.

Benefits of Virtualization

Server Consolidation:
Run multiple VMs on a single physical machine, reducing hardware costs and improving energy efficiency.
Flexibility and Scalability:
Easily create, modify, or scale VMs to meet changing workload demands.
Disaster Recovery:
Quickly restore VMs from snapshots or backups to minimize downtime during failures.
Resource Optimization:
Allocate or free resources dynamically based on workload, ensuring efficient hardware use.
Testing and Development:
Provide isolated environments to develop and test applications without affecting production systems.

Monday, January 6, 2025

🔷 Azure Resources

Azure resources are the fundamental building blocks of your cloud infrastructure in Microsoft Azure. These include services such as virtual machines, databases, storage accounts, and many others. Each resource is an individual manageable entity that you can provision, configure, and monitor.

Resource Groups in Azure

Definition:
A Resource Group is a logical container that holds related Azure resources which share the same lifecycle, permissions, and policies.

Key Points about Resource Groups:

🔄 Lifecycle Management:
Manage deployment, updates, and deletions of all resources within a group as a single unit.
Example: You can delete an entire resource group to remove all associated resources like VMs, storage, and networking components together.
📂 Resource Organization:
Organize resources based on projects, environments (e.g., dev, test, prod), or applications for better clarity and control.
Example: Group all resources for a web application in a “WebApp-Prod” resource group.
🔐 Role-Based Access Control (RBAC):
Apply permissions and access policies at the resource group level to control who can manage or modify resources inside it.
Example: Assign the “Contributor” role to developers only on the “Dev” resource group, limiting their access to production resources.

Azure Resource Manager (ARM) Overview

Definition:
Azure Resource Manager is the deployment and management service for Azure resources. It provides a consistent management layer allowing declarative, repeatable resource provisioning.

Key Features of Azure Resource Manager:

📄 Template-Based Deployment:
Use JSON-based ARM templates to describe and deploy your infrastructure and configurations consistently.
Example: Deploy an entire environment—including VMs, databases, and networking—in one automated deployment using a single ARM template.
🔗 Dependency Management:
ARM automatically manages dependencies between resources, ensuring they deploy in the correct sequence.
Example: ARM ensures a virtual network is created before deploying VMs that connect to it.
↩️ Rollback and Roll-forward:
If deployment fails, ARM can automatically roll back to the previous stable state or roll forward to a known good configuration.
Example: Prevent partial deployment issues by reverting changes if an error occurs during resource provisioning.
🏷️ Tagging and Categorization:
Add tags (key-value pairs) to resources for better categorization, billing, and management.
Example: Tag all resources used by the marketing team with Department=Marketing for cost tracking.

Note: Understanding how to work with Azure resources, organize them into resource groups, and automate deployment using Azure Resource Manager is essential for efficient cloud infrastructure management.

Sunday, January 5, 2025

☁️ IaaS vs PaaS vs SaaS Models in Azure

Infrastructure as a Service (IaaS)

Definition:
IaaS provides virtualized computing resources like servers, storage, and networking over the internet. In Azure, this includes services such as Azure Virtual Machines, Azure Storage, and Virtual Networks.

Key Characteristics of Azure IaaS:

📈 Scalability:
Easily scale resources up or down to meet workload demands.
Example: Spin up additional VMs during traffic spikes and shut them down when not needed.
⚙️ Full Control:
Users manage the operating system, middleware, runtime, and applications while Azure manages the physical hardware.
Example: You install and configure your own web server and database on Azure VMs.
🔧 Flexibility:
Supports a wide range of operating systems and software stacks, perfect for custom or legacy applications.
Example: Run Windows Server, Linux, or containerized workloads on VMs.

Platform as a Service (PaaS)

Definition:
PaaS provides a managed platform to develop, run, and manage applications without dealing with infrastructure management. Azure PaaS offerings include Azure App Service, Azure SQL Database, and Azure Functions.

Key Characteristics of Azure PaaS:

🚀 Simplified Development:
Developers focus on writing code and business logic while Azure handles infrastructure.
Example: Deploy a web app using Azure App Service without worrying about the underlying servers.
⚖️ Automatic Scaling:
Built-in scaling adjusts resources automatically based on demand.
Example: Azure Functions scale out instantly when events trigger more requests.
🛠️ Reduced Maintenance:
Azure handles patching, updates, backups, and security maintenance.
Example: Azure SQL Database automatically manages backups and software updates.

Software as a Service (SaaS)

Definition:
SaaS delivers fully managed software applications accessible over the internet via a browser or app, requiring no installation or infrastructure management. Azure’s SaaS examples include Microsoft 365, Dynamics 365, and many third-party apps available through Azure Marketplace.

Key Characteristics of Azure SaaS:

🌐 Accessibility:
Use applications from any internet-connected device without installation.
Example: Access your Outlook email or Excel spreadsheet online via Microsoft 365.
🔒 Managed by Providers:
The SaaS provider takes care of maintenance, security, and upgrades.
Example: Microsoft handles all backend updates for Teams and SharePoint Online.
💳 Subscription-Based:
Pay-as-you-go or subscription pricing models make SaaS cost-effective and scalable.
Example: Subscribe monthly to Microsoft 365 licenses based on user count.

🧭 Choosing the Right Azure Model

Consider the following when selecting between IaaS, PaaS, and SaaS:

🛠️ Development Needs:
- Use PaaS for rapid development and deployment with less infrastructure worry.
- Use IaaS if you need full control over the OS and software stack.
- Use SaaS for ready-to-use software solutions with minimal setup.
🔧 Maintenance Preferences:
- Choose PaaS or SaaS to reduce maintenance overhead.
- Choose IaaS if you want to manage and customize maintenance.
🕹️ Resource Control:
- Select IaaS if you require full control of virtual machines and network settings.
💰 Cost Considerations:
- Evaluate your workload, scale, and budget to decide which model is most cost-effective.

Thursday, January 2, 2025

🌍 Exploring Regions and Availability Zones in Azure

Azure Regions

Definition:
An Azure region is a geographical area containing one or more data centers. Each region is designed to provide low-latency, reliable access to Microsoft Azure services and resources.

Key Features of Azure Regions:

🌐 Global Presence:
Azure has over 60 regions worldwide, covering continents like North America, Europe, Asia, and Australia.
Example: Azure has regions like UK South, East US, Southeast Asia, and Australia East.
🔁 Region Pairing:
Microsoft pairs each Azure region with another within the same geography for business continuity and disaster recovery.
Example: UK South is paired with UK West to replicate data and services in case of a regional outage.
📜 Compliance & Data Residency:
Organizations can select regions to meet data residency and compliance needs based on laws like GDPR.
Example: A financial services company in Germany can choose the Germany West Central region to ensure data stays within the country.

Azure Availability Zones

Definition:
Availability Zones (AZs) are physically separate locations within an Azure region, each with independent power, cooling, and networking. They help achieve high availability and fault isolation.

Key Features of Availability Zones:

✅ High Availability:
Deploying resources across multiple AZs increases uptime. If one zone goes down, others remain unaffected.
Example: A mission-critical web app hosted in East US can use Availability Zones 1, 2, and 3 to stay online during a failure in one zone.
🧱 Fault Isolation:
Since AZs are isolated, failures like power outages or hardware issues in one zone don’t affect others.
Example: A database in Zone 1 remains intact even if there's a network issue in Zone 2.
🏢 Multi-Data Center Architectures:
Availability Zones allow for building resilient applications that span multiple physical data centers.
Example: You can set up a zone-redundant SQL Database to automatically replicate across zones.

🧭 How to Choose Azure Regions and Availability Zones

When planning Azure deployments, consider the following:

📍 Proximity to Users:
Select a region close to your end-users to reduce latency and improve performance.
Example: If your users are in the UK, deploying in UK South offers better performance than using East US.
⚖️ Compliance Requirements:
Choose regions that adhere to regulatory standards for your industry or location.
Example: Healthcare apps needing HIPAA compliance can choose certified regions like East US.
🛡️ High Availability:
For critical applications, distribute resources across multiple Availability Zones in a single region.
Example: Deploy your app services and databases in three AZs in West Europe for higher reliability.
🔄 Disaster Recovery:
Use paired regions to create disaster recovery plans that replicate your environment across geographically separated regions.
Example: Back up VMs in UK South to UK West to restore services quickly after a disaster.

Wednesday, January 1, 2025

Cloud Computing Vocabulary

Virtualization

Definition: Virtualization is the process of creating a virtual version of physical resources such as servers, storage, or networks.
Example: Instead of using three physical servers, a company can use one powerful server with virtualization software like VMware or Hyper-V to create three virtual machines, each acting as an independent server.

Virtual Machine (VM)

Definition: A Virtual Machine is a software-based emulation of a physical computer that runs its own operating system and applications independently.
Example: A developer can run Windows and Linux simultaneously on a Mac using VMs created with VirtualBox or VMware.

API (Application Programming Interface)

Definition: An API is a set of rules and protocols that enables different software applications to communicate and interact with each other.
Example: A weather website uses the OpenWeatherMap API to fetch live weather data and display it to users.

Regions

Definition: Regions are physical locations around the world where cloud providers like AWS, Azure, or GCP have data centers.
Example: Microsoft Azure has a "UK South" region in London and a "West Europe" region in the Netherlands.

Availability Zones

Definition: Availability Zones are isolated data centers within a region, each with separate power, cooling, and networking, to ensure high availability.
Example: AWS’s "us-east-1" region (Virginia) has multiple availability zones like us-east-1a, us-east-1b, etc., to spread resources and reduce the risk of downtime.

Scalability

Definition: Scalability is the ability of a system to grow and handle increased demand by adding resources.
Example: An e-commerce site can scale its infrastructure during Black Friday by adding more servers to handle the spike in traffic.

Elasticity

Definition: Elasticity refers to the automatic scaling of resources up or down based on real-time demand.
Example: A cloud-based video streaming service like Netflix adds more servers during peak hours and reduces them when traffic decreases.

Agility

Definition: Agility is the ability to quickly adapt and respond to changes or deploy new features rapidly.
Example: A startup can use Azure DevOps to deploy new versions of its app weekly instead of waiting months, thanks to the agility provided by cloud tools.

High Availability (HA)

Definition: High Availability ensures that systems remain operational with minimal downtime, typically 99.9% uptime or higher.
Example: Hosting a web application in multiple availability zones helps ensure it remains online even if one zone fails.

Fault Tolerance

Definition: Fault Tolerance is the ability of a system to continue functioning even when some components fail.
Example: A banking system using a redundant database cluster can still serve customers even if one database server crashes.

Disaster Recovery (DR)

Definition: Disaster Recovery includes processes and technologies used to restore systems and data after catastrophic events.
Example: A company backs up its data to Azure Backup, so it can restore files and virtual machines if a ransomware attack corrupts the primary data.

Load Balancing

Definition: Load Balancing distributes incoming network traffic across multiple servers to ensure no single server is overwhelmed.
Example: A web application uses an AWS Elastic Load Balancer to route requests to multiple EC2 instances, keeping the application fast and responsive.

Tuesday, December 31, 2024

Basics of Cloud Computing

What is the Cloud?

Think of the cloud like a powerful computer you can use over the internet.
It’s a place where you can store files, run apps, and use services—without needing to own or manage the actual hardware.

What is Cloud Computing?

Cloud computing means using the internet to get access to computing services like storage, software, and servers.
Instead of buying and managing your own computers, you use resources provided by others (like Google, Amazon, or your own company).

These services are run from data centers all over the world, and you can access them from anywhere with an internet connection.

Types of Cloud

Public Cloud

Who Uses It: Anyone – individuals, companies, or organizations.
What It's Like: A shared online space that anyone can use.
Example: Google Drive, Microsoft Azure, Amazon Web Services (AWS).

Private Cloud

Who Uses It: Only one organization or company.
What It's Like: A private digital space only you and your team can access.
Example: A company using its own servers in a secure network.

Hybrid Cloud

Who Uses It: Businesses that need both private and public options.
What It's Like: A mix – you use your private space for sensitive stuff, and the public cloud when you need more space or power.
Example: Storing important data in a private cloud but using public cloud services for emails or backups.

In Short:

Public Cloud: Shared space for everyone.
Private Cloud: Private space just for you.
Hybrid Cloud: A mix of both, depending on what you need.

Thursday, October 31, 2024

Ubuntu Server as a VPN Gateway

To connect multiple Ubuntu devices (clients) to one central Ubuntu server and share the connection securely over a VPN, here’s a detailed, step-by-step guide.

Step 1: Set Up the Ubuntu Server as a VPN Gateway

This server will act as the central point, allowing other devices to connect to it.

1.1 Install OpenVPN on the Server

Log into your central Ubuntu server.
Update package lists:
```
sudo apt update
```
Install OpenVPN:
```
sudo apt install openvpn -y
```

1.2 Set Up Easy-RSA for Key and Certificate Management

OpenVPN requires certificates and keys for secure connections.

Install easy-rsa to help with certificate creation:
```
sudo apt install easy-rsa -y
```
Create a new directory for the PKI (Public Key Infrastructure):
```
make-cadir ~/openvpn-ca
cd ~/openvpn-ca
```
Initialize the PKI:
```
./easyrsa init-pki
```
Build the CA (Certificate Authority) and follow the prompts:
```
./easyrsa build-ca
```
Generate the server certificate and key:
```
./easyrsa gen-req server nopass
```
Sign the server certificate:
```
./easyrsa sign-req server server
```
Generate Diffie-Hellman parameters:
```
./easyrsa gen-dh
```

Copy the keys and certificates to OpenVPN’s directory:


sudo cp pki/ca.crt pki/private/server.key pki/issued/server.crt /etc/openvpn/
sudo cp pki/dh.pem /etc/openvpn/dh2048.pem

1.3 Configure the OpenVPN Server

Create a configuration file for the server:
```
sudo nano /etc/openvpn/server.conf
```

Paste the following configuration into server.conf:


port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

1.4 Enable IP Forwarding for Internet Sharing

Open /etc/sysctl.conf:
```
sudo nano /etc/sysctl.conf
```
Find or add the line below to enable IP forwarding:
```
net.ipv4.ip_forward = 1
```
Apply the change immediately:
```
sudo sysctl -p
```

1.5 Set Up Firewall Rules for OpenVPN

Allow OpenVPN traffic through the firewall:
```
sudo ufw allow 1194/udp
```
Enable NAT (Network Address Translation) to allow VPN clients to reach the internet through the server:
```
sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
```
Replace eth0 with your server’s network interface if it differs.

1.6 Start and Enable the OpenVPN Service

Start the OpenVPN service:
```
sudo systemctl start openvpn@server
```
Enable it to start at boot:
```
sudo systemctl enable openvpn@server
```

Step 2: Set Up VPN Clients (Each of the 10 Ubuntu Devices)

Each client needs its own certificate and configuration to connect securely to the VPN server.

2.1 Create a Certificate for Each Client

On the server:

Go back to the ~/openvpn-ca directory:
```
cd ~/openvpn-ca
```
Generate a certificate and key for each client (e.g., client1, client2, etc.):
```
./easyrsa gen-req client1 nopass
./easyrsa sign-req client client1
```
Copy the client’s certificates and keys to a separate directory to transfer them:
```
cp pki/ca.crt pki/issued/client1.crt pki/private/client1.key ~/client1
```

2.2 Create Client Configuration File

On the server, create a client configuration file for each client (e.g., client1.ovpn):
```
nano ~/client1/client1.ovpn
```

Add this configuration, replacing your_server_ip with the server's public IP address:


client
dev tun
proto udp
remote your_server_ip 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
verb 3

<ca>
# Paste contents of ca.crt here
</ca>
<cert>
# Paste contents of client1.crt here
</cert>
<key>
# Paste contents of client1.key here
</key>

2.3 Install OpenVPN on Each Client Device

On each Ubuntu client:

Install OpenVPN:


sudo apt update
sudo apt install openvpn -y

Copy the client1.ovpn configuration file from the server to each client.

2.4 Connect Each Client to the VPN

On each client device, use the configuration file to connect:


sudo openvpn --config /path/to/client1.ovpn

To run this automatically on boot, copy the configuration to /etc/openvpn/client/ as client.conf and enable the OpenVPN service:


sudo cp /path/to/client1.ovpn /etc/openvpn/client.conf
sudo systemctl enable openvpn-client@client

Step 3: Testing and Sharing Data Across Clients

Verify VPN Connectivity: From each client, ping the VPN server to ensure the connection.
```
ping 10.8.0.1
```
Enable File Sharing (Optional): Use SSH/SCP or set up an NFS shared folder on the VPN server to allow clients to access shared data.

By following these steps, you will connect 10 Ubuntu devices through a VPN to a central Ubuntu server, securely sharing resources and internet access across the network.

Monday, October 14, 2024

Git Commands

Initiate a repository:

# initialize an existing directory as a Git repository
$ git init

# retrieve an entire repository from a hosted location via URL
$ git clone [url]

Stage your files:

# Show modified files in working directory, staged for your next commit
git status

# Add a file as it looks now to your next commit (stage)
git add [file path]

# If you need to add ALL the modified files at once
git add .

# Unstage a file while retaining the changes in working directory
$ git reset [file]

# Difference of what is changed but not staged
$ git diff

# Difference of what is staged but not yet commited
$ git diff --staged

# Commit your staged content as a new commit snapshot
$ git commit -m "descriptive message"

# Add files and Commit your staged content as a new commit snapshot
$ git commit -a

Manage branch & merge:

# list your branches. a * will appear next to the currently active branch
$ git branch

# create a new branch at the current commit
$ git branch [branch-name]

# switch to another branch and check it out into your working directory
$ git checkout

# One line command to checkout a new branch
$ git checkout -b [branch-name]

# merge the specified branch’s history into the current one
$ git merge [branch]

# show all commits in the current branch’s history
$ git log

# Git branch rename
$ git branch -m <new_branch_name>

# Delete branch
$ git branch -d [branch name]

Inspect branch & compare

# Show the commit history for the currently active branch
$ git log

# Show the commits on branchA that are not on branchB
$ git log branchB..branchA

# Show the commits that changed file, even across renames
$ git log --follow [file]

# Show the diff of what is in branchA that is not in branchB
$ git diff branchB...branchA

# Show any object in Git in human-readable format
$ git show [SHA]
$ git show [commit]

# used to give tags to the specified commit.
$ git tag [commitID]

Share & Update:

# add a git URL as an alias
$ git remote add [alias] [url]

# fetch down all the branches from that Git remote
$ git fetch [alias]

# merge a remote branch into your current branch to bring it up to date
$ git merge [alias]/[branch]

# Transmit local branch commits to the remote repository branch
$ git push [alias] [branch]

# Push commits to all branches in your repository
$ git push –all [variable name]

# fetch and merge any commits from the tracking remote branch
$ git pull

Tracking path changes

# delete the file from project and stage the removal for commit
$ git rm [file]

# change an existing file path and stage the move
$ git mv [existing-path] [new-path]

# show all commit logs with indication of any paths that moved TEMPO
$ git log --stat -M

Rewrite history

# apply any commits of current branch ahead of specified one
$ git rebase [branch]

# clear staging area, rewrite working tree from specified commit
$ git reset --hard [commit]

Temporary Commits

# Save modified and staged changes
$ git stash

# list stack-order of stashed file changes
$ git stash list

# write working from top of stash stack
$ git stash pop

# discard the changes from top of stash stack
$ git stash drop

Ignoring patterns

# system wide ignore patern for all local repositories
$ git config --global core.excludesfile [file]

Tuesday, October 8, 2024

About Azure Boards

What is Azure Boards:

Azure Boards is a service within Azure DevOps that helps teams plan, track, and manage software development projects. Key features include:

Work Item Tracking: Manage user stories, tasks, and bugs.

Agile Tools: Supports Scrum and Kanban methodologies.

Boards and Backlogs: Visualize and manage tasks using Kanban boards.

Queries and Reporting: Create custom queries and track project progress.

CI/CD Integration: Links with Azure Repos and Pipelines for seamless workflows.

Customization: Tailor fields, workflows, and processes to fit team needs.

Collaboration: Enhance team communication with comments and notifications.

Overall, Azure Boards improves project management and collaboration in software development.

Azure Boards hubs:

Azure Boards features several hubs that provide specific functionalities to help teams manage their projects effectively. Here’s a brief overview of each hub:

Work Items: Central hub for creating, viewing, and managing work items like user stories, tasks, bugs, and features. It allows users to track the status and details of each item.

Boards: Visual hub that displays work items in a Kanban board format. Teams can move items across columns to reflect their current status and progress.

Backlogs: A prioritized list of work items organized by iteration or area. It helps teams manage their product backlog and plan sprints effectively.

Sprints: Focused on managing and tracking work during specific time frames. Teams can view sprint progress, burndown charts, and allocate tasks for upcoming sprints.

Queries: A hub for creating and managing custom queries to filter and view work items based on specific criteria. It helps teams track work and generate reports.

Dashboards: Provides customizable dashboards that display key metrics and project insights through various widgets, helping teams monitor progress and performance at a glance.

Delivery Plans: Visualize and manage work items across teams and iterations, providing a timeline view of project delivery.

These hubs collectively enhance project visibility, collaboration, and management, allowing teams to streamline their software development processes.