Data Sources

Data sources available for use by the ICS community

Platforms

ICS supported platforms.

Teams

ICS Teams


Menu Button Menu Button

Resource Group: wusm-prod-rg-cumulus

Overview

The resource group wusm-prod-rg-cumulus is designed to host a virtual machine (VM) and associated resources for production workloads. The primary use-case for this resource group is to run a Linux-based server utilizing Ubuntu, with connectivity to storage and network resources configured for security and redundancy.

Resources

1. Snapshots

  • Type: Microsoft.Compute/snapshots
  • Name: wusm-prod-cumulus-vm_disk2_d42b827fcb21460eb492a5f397101f1e-snapshot
  • Details: This resource creates a snapshot of a VM disk, enabling point-in-time backups of the data. The snapshot is a copy of the disk with a size of 100 GB, using Standard Locally Redundant Storage (LRS) and supports encryption at rest.
  • Relationship: It is linked to the VM’s disk, serving as a backup solution.

2. SSH Public Keys

  • Type: Microsoft.Compute/sshPublicKeys
  • Name: cumulus-vm-key
  • Details: This resource holds the public SSH key used for accessing the VM securely without passwords.
  • Relationship: Associated with the virtual machine’s SSH configuration, allowing secure administrative access.

3. Network Security Group (NSG)

  • Type: Microsoft.Network/networkSecurityGroups
  • Name: wusm-prod-cumulus-vmNSG
  • Details: The NSG defines security rules for controlling inbound and outbound traffic. The key rule enables SSH access (port 22), allowing traffic from all sources.
  • Relationship: It is applied to the network interface of the VM, governing its traffic.

4. Storage Account

  • Type: Microsoft.Storage/storageAccounts
  • Name: wusmprodstorage
  • Details: This is a general-purpose storage account configured to store data, with a hot access tier and a replication strategy of RA-GRS (Read-Access Geo-Redundant Storage). Public access is enabled.
  • Relationship: Related to resources storing data such as VM disks, blobs, and files.

5. Virtual Machine

  • Type: Microsoft.Compute/virtualMachines
  • Name: wusm-prod-cumulus-vm
  • Details: This resource represents the main virtual machine powered by a Linux distribution (Ubuntu 22.04 LTS). It has a SCSI disk controller and is provisioned with a size of Standard_DS12-1_v2. The VM is set to use SSH for secure access with password authentication disabled.
  • Relationship: Depends on the network interface and storage account. The VM's OS and data disks are tied to the storage account.

6. VM Extension for Enhanced Access

  • Type: Microsoft.Compute/virtualMachines/extensions
  • Name: wusm-prod-cumulus-vm/enablevmAccess
  • Details: This VM extension allows for management tasks such as resetting passwords for SSH, adding users, etc.
  • Relationship: It is deployed on the VM, enhancing its accessibility and management flexibility.

7. Network Interface

  • Type: Microsoft.Network/networkInterfaces
  • Name: wusm-prod-cumulus-vmVMNic
  • Details: This resource allows the VM to connect to the network. It has a primary private IP address of 10.25.47.142, and is assigned to the subnet AuxSubnet.
  • Relationship: It ties together the VM with the NSG, controlling the inbound and outbound traffic.

Data Storage

Data is stored primarily in the storage account wusmprodstorage, which is configured to support multiple services including blobs, files, queues, and tables. This is critical for data persistence and redundancy, offering high availability through geo-redundancy features. The VM's disks (OS and data disks) are also hosted in this storage account, linking it directly to the VM for operational storage needs.

Networking

The network configuration within the resource group includes:

  • Virtual Network: Part of a pre-existing virtual network located at /subscriptions/de62d23b-2ad9-4262-9fbe-d735cb07e9df/resourceGroups/wusm-prod-rg-main/providers/Microsoft.Network/virtualNetworks/wusm-prod-vnet-main, with the subnet named AuxSubnet.
  • IP Addressing: The VM is connected with the private IP address 10.25.47.142. The NSG allows inbound SSH traffic which can be accessed from any source due to its broader security rule configuration.

Security Overview

The security setup features an NSG that allows inbound SSH access from any IP address, which can pose significant risks. Recommendations to mitigate potential security issues include:

  • Restrict IP Access: Limit the source IP addresses in the NSG to only trusted sources, enhancing security.
  • Monitor NSG Rules: Regularly review NSG rules to ensure compliance with least privilege access.
  • Enable Encryption: Ensure all data at rest and in transit is properly encrypted.
  • Use Strong SSH Keys: Implement strong password policies and use SSH public keys instead of passwords.

Other Information

This resource group is essential for hosting Linux-based workloads in production. It is scalable and can accommodate additional resources or dependencies as needed. Users should monitor the compute and storage consumption to manage costs effectively and adjust billing options as the size and usage of resources change. Regular backups and maintenance of the VM snapshots should be planned for operational continuity.

Note: This document was generated using the Azure Assistants script and an LLM

Table of Contents

Updated on October 29, 2024