da Agency

More resource policy aliases

Aliases in resource policies enable you to restrict what values or conditions are permitted for a property on a resource. If you are already familiar with policy aliases, you know they are a crucial part of managing your Azure environment.

We want to keep adding new policy aliases, so you can more easily govern what gets deployed in your environment. In this blog, I would like to share most recent aliases we have enabled.

First, let’s review how aliases are integrated into user requests. Each policy alias maps to paths in different API versions for a given resource type. During policy evaluation, when the policy engine retrieves the value of a particular field, it looks at the API version of the request and gets the path for that version. The diagram below shows how policy alias works during policy evaluation time.

Custom Image for virtual machines

For security reasons, lots of customers want to make sure only custom images from the central IT team are deployed in their environment. The IT team approves a set of managed images, and puts them in a resource group. To ensure VMs are created from these images, you implement a resource policy. For implementation, you can either specify the resource group which contains the images or explicitly specify the images.

We added the Microsoft.Compute/imageId alias to enable this scenario. You can use it for virtual machines or virtual machine scale sets by modifying the type condition.

The examples below show what the policies look like.

Example1: (use images from certain resource group)

{
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"not": {
"field": "Microsoft.Compute/imageId",
"contains": "resourceGroups/testImage"
}
}
]
},
"then": {
"effect": "deny"
}
}

Example2: (use specific images) 

{

"field": "Microsoft.Compute/imageId",

"in": ["<imageId1>","<imageId2>"]

}

Microsoft.Compute/imageId is the new alias we enabled. You can also use it for virtual machines scale set by modifying the type condition.

Platform Images

We introduced a set of aliases that can be used across resource types. These cross resource type aliases enable you to restrict platform images for virtual machines, virtual machine scale sets, and managed disks. For example, the alias Microsoft.Compute/imagePublisher doesn’t have a resource type name, and can work across different resource types. The linked example shows how to use these aliases.

Use Managed Disk

With the release of managed disk, lots of customers want to require that only managed disks are deployed for VMs. With resource policy, you can now restrict your VM and scale set to use only managed disks. The policy requires that fields related to managed disks are present in user request. Those fields are shown in the linked example. By looking for these fields, you can determine whether managed disks are used with the VM or scale set.

VM Extension Types

Organizations may want to forbid usage of certain type of extensions. For example, a VM extension may not be compatible with certain custom VM images. Or, for security reasons, you don’t want users to reset password for a VM. The example below shows how to block a specific VM extension. It uses publisher and type to determine which extension to block.

{
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines/extensions"
},
{
"field": "Microsoft.Compute/virtualMachines/extensions/publisher",
"equals": "Microsoft.Compute"
},
{
"field": "Microsoft.Compute/virtualMachines/extensions/type",
"equals": "VMAccessAgent"

}
]
},
"then": {
"effect": "deny"
}
}

Azure Hybrid Use Benefit

When you have proper on-premise license, you can save the license fee on your virtual machines. When you don’t have the license, you should forbid the option. The following policy forbids usage of Azure Hybrid Use Benefit (AHUB).

{
"if": {
"allOf": [
{
"field": "type",
"in":[ "Microsoft.Compute/virtualMachines","Microsoft.Compute/VirtualMachineScaleSets"]
},
{
"field": "Microsoft.Compute/licenseType",
"exists": true
}
]
},
"then": {
"effect": "deny"
}
}

Summary

To do a quick recap, this blog explains how policy alias works and what you can govern through resource policies. Try them and let us know what new things you want to govern!
Quelle: Azure

da Agency

HDInsight tools for IntelliJ & Eclipse June updates

HDInsight tools June release has been released! In this release, you can choose SBT as a build tool in addition to Maven when creating Spark projects in IntelliJ. With improvements to Spark job view and job graph in IntelliJ and Eclipse, more job info and statistics are now provided. You can also view job logs including driver stderr, stdout, and directory info easily in Spark job view.

Summary of key updates

Improved Spark job view and job graph in IntelliJ and Eclipse

In Azure Explorer (View > Tools window > Azure Explorer in IntelliJ), go to HDInsight node, select the Spark cluster, and then click Jobs as shown below.

The left pane of Spark job view shows all the Spark applications that ran in the cluster. Select one Spark job to view more details.

By hovering over the job graph, it will show the job run information. When clicking on job graph, it dives into the stage graph and shows the statistics of the job. You can also open Spark history UI or Yarn UI by clicking the respective link at the top of the Spark job view.

Improved Spark log view in IntelliJ and Eclipse 

In the same Spark job view pane, click the Log tab to view the frequently used logs including driver stderr, driver stdout, and directory info, as shown below.

SBT build tool support when creating Spark project in IntelliJ

As shown below, you can now choose SBT as a build tool in addition to Maven when creating a new Spark project in IntelliJ.

Following the wizard to create a Spark project, after it is done, a new build.sbt file is generated which contains the build description for the project. Then you can author, submit, or debug the Spark job following the Spark job submission/debugging instructions.

How to install/update

HDInsight Eclipse plugin: Eclipse will prompt you for latest update if you have the plugin installed before, or you can get the latest bits by going to the Eclipse repository and searching “Azure Toolkit for Java”.

HDInsight IntelliJ plugin: IntelliJ will prompt you for latest update if you have the plugin installed before, or you can get the latest bits by going to the IntelliJ repository and searching “Azure Toolkit for IntelliJ”.

For more information, check out the following:

HDInsight Visual Studio plugin (Demo video)
HDInsight Eclipse plugin (Demo video)
HDInsight IntelliJ plugin (Demo video)

Learn more about today’s announcements on the Azure blog and Big Data blog, and discover more Azure service updates.

Feedback

We look forward to your comments and feedback. If there is any feature request, customer ask, or suggestion, please send us a note to hdivstool@microsoft.com. For bug submission, please open a new ticket using the template.
Quelle: Azure

da Agency

No Driverless Cars On India's Roads, Says Country's Transport Minister

An Uber self-driving car drives down 5th Street in San Francisco, California.

Justin Sullivan / Getty Images

India will not allow driverless cars on its roads, the country’s federal transport minister, Nitin Gadkari, told reporters on Monday.

“How can we allow such vehicles when we already have a huge number of unemployed people” Gadkari asked.

Silicon Valley tech firms are aggressively testing autonomous vehicles in the United States. Last year, a self-driving truck from Otto, a startup that was acquired by Uber, drove a trailer of 2,000 cases of Budweiser more than 120 miles across Colorado. Uber’s rival Waymo, owned by Alphabet, is testing self-driving trucks too. Meanwhile, Uber, Waymo, GM, Apple and others are testing self driving cars in places like San Francisco, Scottsdale, Arizona and Pittsburgh, Pennsylvania.

But the technology is far from ready to go mainstream, and Silicon Valley executives have repeatedly said that India will be one of the last countries to get autonomous vehicles thanks to the country’s poor public infrastructure and erratic traffic conditions.

That hasn’t stopped Indian technology companies from working on autonomous vehicle tech, however. India’s $133 billion Tata Group has reportedly been testing drivers vehicles outside Bangalore since 2014.

BuzzFeed News has reached out to Uber and the Tata Group for comment.

Quelle: <a href="No Driverless Cars On India's Roads, Says Country's Transport Minister“>BuzzFeed

da Agency

Go serverless with R Scripts on Azure Function

Serverless is all the rage, now you can get in on the action using R! Azure Function supports a variety of languages (C#, F#, js, batch, PowerShell, Python, php and the list is growing). However, R is not natively supported. In the following blog we describe how you can run R scripts on Azure Function using the R site extension.

Azure Functions can be used in several scenarios because of the broad choice of triggers offered:

Timer trigger, executes a Function on a schedule.
Http trigger, execute a Function after an HTTP call.
Azure Queue Storage, Service Bus, Blob Storage, triggers the function when a new object or message is received.

Why would you want to run R scripts on Azure Function?

A typical use-case would be replacing your R jobs currently scheduled with cron for example. Using Azure Function you can set up a timer trigger that triggers your R script on a periodic basis. You get a fully managed solution where you can get alerted on errors and access to the logs or edit the scripts directly from the browser. If you choose the consumption plan, then it is very cost-effective, only paying per use and the underlying storage. (There is a free grant for the 1st million calls on the consumption plan).

The following tutorial will walk you through the steps to create a twitter bot posting a ggplot of the temperature forecast for the next 5 days using only R and Azure Functions:

Running R scripts on Azure Function Tutorial

Go ahead and try it now, it is simpler than you think! Give us some feedback and let us know what you are using it for.
Quelle: Azure