Category Archives: Infrastructure

How to set access policy on Key Vault in another subscription aka How to deploy to resource group in another subscription using ARM template?

The model for my Service Fabric infrastructure consists of two major parts: Data Center (think Azure region) Scale Unit (think Service Fabric cluster and its child resources) But today due to the limitation around AAD first party application we decided … Continue reading

Posted in Infrastructure | Tagged , | Leave a comment

How to split array into string for Service Fabric cluster ARM template

In order to use a certificates for Service Fabric cluster issues by custom, non publicly trusted CA you’d need to supply a list of thumbprints of intermediate CAs. In a form of a comma-separated string. What means if you have … Continue reading

Posted in Infrastructure | Tagged , | Leave a comment

How to deploy Traffic Manager to a Sovereign cloud using ARM template

On other day I tried to deploy Azure Traffic Manager profile to a sovereign aka national aka government cloud but got an error: Code: BadRequestMessage: A policy with the requested domain name could not be created because the name example.trafficmanager.net … Continue reading

Posted in Infrastructure | Tagged , , | Leave a comment

How to combine Key Vault access policy for AAD application and user-assigned managed identity in single ARM template

On other day I was exploring how to grant access for a user-assigned managed identity to a key vault. But here’s a more advanced scenario: let’s say legacy code uses an AAD application to access the key vault and modern … Continue reading

Posted in Infrastructure | Tagged , , | Leave a comment

How to create user-assigned managed identity, Key Vault, assign access policy using ARM template

There is already a plenty of materials about managed identities in Azure. But how to create a user-assigned managed identity and grant it the access to a key vault using an ARM template? I tried to find any references but … Continue reading

Posted in Infrastructure | Tagged , | 2 Comments

How to find out the latest ARM api version for given resource type

If you’d like to find this out, for instance, for Service Fabric applications, then use this query: which would yield this result: 2017-07-01-preview2016-09-012016-03-01 what means that you now can go to the GitHub repo with all ARM schemas and find … Continue reading

Posted in Infrastructure | Tagged , , | Leave a comment

How to deploy Service Fabric application using ARM template

You can deploy a Service Fabric application using an ARM templat with a number very different mechanisms, whichever you’d like: PowerShell the CLI the Portal But first you need the actual ARM template. Here’s an example of an application consisting … Continue reading

Posted in Infrastructure | Tagged , | 21 Comments

How to package Service Fabric application into SFPKG using custom MSBuild task

This task wouldn’t require much efforts but: Service Fabric doesn’t support packaging its “package” (which is not a real package but just a directory) into .sfpkg out-of-the-box. Only suggests to use ZipFile.CreateFromDirectory. MSBuildTasks doesn’t support .NET Core so we can’t … Continue reading

Posted in Infrastructure | Tagged , , | 1 Comment

How to extract private key from pfx and remove passphrase using OpenSSL

When I tried to enable SSL for BitTorrent Sync installed on my new NAS Synology 215j it turned out it requires not pfx but private and public keys separately in base64 encoded form. Here’s the command to extract certificate itself. … Continue reading

Posted in Infrastructure | Tagged | Leave a comment

How to support different domain names in SSL behind reverse-proxy in IIS ARR

When you don’t want to enable SSL offloading so both internet facing web site and the one behind reverse proxy are access over SSL you will receive domain name mismatch. The solution is simple. Either: enable SSL Offloading enable Require … Continue reading

Posted in Infrastructure | Tagged , | Leave a comment