Introduction to Managed Identities in Azure, what they are and how they work. Also goes through what services they can be used with in Azure, how you can use services without any keys or secrets.
Zero Credential Development with Managed IdentitiesJoonas Westlin
Keys are always needed to access services in Azure and beyond. Storing and managing keys presents many problems, for example rotating and disabling them. Keys often also allow blanket access to the service with no way to limit it. Sometimes there is only one key that needs to be shared by services, so you won't have any way to disable access from one individually. In this talk we will go through Managed Identities for Azure Resources, how they work, and how you can use them to use Azure services in a secure way without having to manage any keys yourself. We will go through a demo application which uses various Azure services through a managed identity, removing the need to use keys entirely. The source code will be available to the audience so they have samples that they can use to implement managed identities in their own applications.
Zero Credential Development with Managed Identities for Azure resourcesJoonas Westlin
Introduction to Managed Identities in Azure, what they are and how they work. Also goes through what services they can be used with in Azure, how you can use services without any keys or secrets.
Building a document e-signing workflow with Azure Durable FunctionsJoonas Westlin
Durable functions offer an interesting programming model for building workflows. Whether you need to sometimes split and do multiple things or wait for user input, a lot of things are possible. They do present some challenges as well, and the limitations of orchestrator functions can make working with Durable seem very complicated.
In this talk we will go through the basics of Durable Functions along with strategies for deploying and monitoring them. A sample application will be presented where users can send documents for electronic signature. A Durable Functions workflow will power the signing process.
My presentation from the 8th meeting of Finland Azure User Group where I went through basic and intermediate concepts of Azure Active Directory for software developers.
Develop enterprise-ready applications for Microsoft TeamsMarkus Moeller
Develop enterprise-ready applications for Microsoft Teams with Azure resources such as Azure App Config and Azure Key Vault authenticated by Managed Identity and on modern web technologies
Azure Static Web Apps allows you to develop modern full-stack web apps quickly and easily with a static front-end and dynamic back end powered by Serverless APIs with custom routing, security including authentication/authrization, custom domains, private endpoint, etc. Azure Static Web Apps offers cost-effective pricing from hobby to production apps.
Zero Credential Development with Managed IdentitiesJoonas Westlin
Keys are always needed to access services in Azure and beyond. Storing and managing keys presents many problems, for example rotating and disabling them. Keys often also allow blanket access to the service with no way to limit it. Sometimes there is only one key that needs to be shared by services, so you won't have any way to disable access from one individually. In this talk we will go through Managed Identities for Azure Resources, how they work, and how you can use them to use Azure services in a secure way without having to manage any keys yourself. We will go through a demo application which uses various Azure services through a managed identity, removing the need to use keys entirely. The source code will be available to the audience so they have samples that they can use to implement managed identities in their own applications.
Zero Credential Development with Managed Identities for Azure resourcesJoonas Westlin
Introduction to Managed Identities in Azure, what they are and how they work. Also goes through what services they can be used with in Azure, how you can use services without any keys or secrets.
Building a document e-signing workflow with Azure Durable FunctionsJoonas Westlin
Durable functions offer an interesting programming model for building workflows. Whether you need to sometimes split and do multiple things or wait for user input, a lot of things are possible. They do present some challenges as well, and the limitations of orchestrator functions can make working with Durable seem very complicated.
In this talk we will go through the basics of Durable Functions along with strategies for deploying and monitoring them. A sample application will be presented where users can send documents for electronic signature. A Durable Functions workflow will power the signing process.
My presentation from the 8th meeting of Finland Azure User Group where I went through basic and intermediate concepts of Azure Active Directory for software developers.
Develop enterprise-ready applications for Microsoft TeamsMarkus Moeller
Develop enterprise-ready applications for Microsoft Teams with Azure resources such as Azure App Config and Azure Key Vault authenticated by Managed Identity and on modern web technologies
Azure Static Web Apps allows you to develop modern full-stack web apps quickly and easily with a static front-end and dynamic back end powered by Serverless APIs with custom routing, security including authentication/authrization, custom domains, private endpoint, etc. Azure Static Web Apps offers cost-effective pricing from hobby to production apps.
Azure Functions creates a “serverless” event-driven experience, meaning that they run based on associated and configure events, or “triggers”. For example, an Azure Function could be triggered by a simple timer, such as running a process in a certain interval or triggered by an event in an external system. Azure Functions can also respond to Azure-specific events, such as an image added to a Storage Blob or a notification arriving in a Message Queue.
Office Development Licensing, Deployment and ALMEric Shupps
An introduction to the concepts, options, restrictions and use of the licensing API's, deployment mechanisms and automated lifecycle management options in Office and SharePoint development.
Azure SignalR Service simplifies the process of adding real-time web functionality to applications over HTTP. Eliminates the need for polling and provides high availability, resiliency, and disaster recovery.
Windows Azure Active Directory presentation will show you how to set up your Azure AD account and how to connect existing ASP.NET MVC Web Application with Azure Active Directory to provide Single-Sign-On
Azure security guidelines for developers Ivo Andreev
Azure security baselines and benchmarks, Security Maturity Model, Industrial Internet Consortium IIC , Certification, Web Application Firewall, API Management Service
Good Bye Credentials in Code, Welcome Azure Managed IdentitiesKasun Kodagoda
This presentation was conducted at the Global Azure Bootcamp 2019 - Sri Lanka as part of the Developer Track . It describe what is Managed Identities for Azure Resources and dives in to details about the types of Managed Identities, How they work behind the scenes, and a demonstrations of using Managed Identities with Azure App Service and Azure Key Vault
Azure Active Directory (AD) is a directory as a service on Microsoft Azure. More than the cloud identity Azure AD provides a platform to build cloud applications with multi tenancy support. A flexible authentication systems which enables developers to leverage the cloud identity model and develop applications at ease. The session will walk you through on the basics of Azure AD and how to develop .NET applications using Azure AD.
Azure Key Vault with a PaaS Architecture and ARM Template DeploymentRoy Kim
This is a presentation I held at a local Azure user group. The session abstract: Azure Key Vault is a tool for securely storing and accessing secrets. We will go through a popular Azure PaaS Architecture pattern using Key Vault to store a password. I will demo and walk through the general configuration of a dedicated Azure Function app, Azure SQL and Key Vault that was deployed with automation. I will then go through fairly advanced techniques and best practices on how to deploy Azure Key Vault and a password secret with ARM templates. Finally, a very brief look at my Azure DevOps Pipeline to deploy the ARM template. You will come away with an understanding of an applied use case of leveraging Azure Key vault for a PaaS solution in better managing a password secret.
Zero Credential Development with Managed IdentitiesJoonas Westlin
Keys are always needed to access services in Azure and beyond. Storing and managing keys presents many problems, for example rotating and disabling them. Keys often also allow blanket access to the service with no way to limit it. Sometimes there is only one key that needs to be shared by services, so you won't have any way to disable access from one individually.
In this talk we will go through Managed Identities for Azure Resources, how they work, and how you can use them to use Azure services in a secure way without having to manage any keys yourself.
We will go through a demo application which uses various Azure services through a managed identity, removing the need to use keys entirely. The source code will be available to the audience so they have samples that they can use to implement managed identities in their own applications.
Zero Credential Development with Managed IdentitiesJoonas Westlin
Keys are always needed to access services in Azure and beyond. Storing and managing keys presents many problems, for example rotating and disabling them. Keys often also allow blanket access to the service with no way to limit it. Sometimes there is only one key that needs to be shared by services, so you won't have any way to disable access from one individually.
In this talk we go through Managed Identities for Azure Resources, how they work, and how you can use them to use Azure services in a secure way without having to manage any keys yourself. We will go through a demo application which uses various Azure services through a managed identity, removing the need to use keys entirely.
Azure Functions creates a “serverless” event-driven experience, meaning that they run based on associated and configure events, or “triggers”. For example, an Azure Function could be triggered by a simple timer, such as running a process in a certain interval or triggered by an event in an external system. Azure Functions can also respond to Azure-specific events, such as an image added to a Storage Blob or a notification arriving in a Message Queue.
Office Development Licensing, Deployment and ALMEric Shupps
An introduction to the concepts, options, restrictions and use of the licensing API's, deployment mechanisms and automated lifecycle management options in Office and SharePoint development.
Azure SignalR Service simplifies the process of adding real-time web functionality to applications over HTTP. Eliminates the need for polling and provides high availability, resiliency, and disaster recovery.
Windows Azure Active Directory presentation will show you how to set up your Azure AD account and how to connect existing ASP.NET MVC Web Application with Azure Active Directory to provide Single-Sign-On
Azure security guidelines for developers Ivo Andreev
Azure security baselines and benchmarks, Security Maturity Model, Industrial Internet Consortium IIC , Certification, Web Application Firewall, API Management Service
Good Bye Credentials in Code, Welcome Azure Managed IdentitiesKasun Kodagoda
This presentation was conducted at the Global Azure Bootcamp 2019 - Sri Lanka as part of the Developer Track . It describe what is Managed Identities for Azure Resources and dives in to details about the types of Managed Identities, How they work behind the scenes, and a demonstrations of using Managed Identities with Azure App Service and Azure Key Vault
Azure Active Directory (AD) is a directory as a service on Microsoft Azure. More than the cloud identity Azure AD provides a platform to build cloud applications with multi tenancy support. A flexible authentication systems which enables developers to leverage the cloud identity model and develop applications at ease. The session will walk you through on the basics of Azure AD and how to develop .NET applications using Azure AD.
Azure Key Vault with a PaaS Architecture and ARM Template DeploymentRoy Kim
This is a presentation I held at a local Azure user group. The session abstract: Azure Key Vault is a tool for securely storing and accessing secrets. We will go through a popular Azure PaaS Architecture pattern using Key Vault to store a password. I will demo and walk through the general configuration of a dedicated Azure Function app, Azure SQL and Key Vault that was deployed with automation. I will then go through fairly advanced techniques and best practices on how to deploy Azure Key Vault and a password secret with ARM templates. Finally, a very brief look at my Azure DevOps Pipeline to deploy the ARM template. You will come away with an understanding of an applied use case of leveraging Azure Key vault for a PaaS solution in better managing a password secret.
Zero Credential Development with Managed IdentitiesJoonas Westlin
Keys are always needed to access services in Azure and beyond. Storing and managing keys presents many problems, for example rotating and disabling them. Keys often also allow blanket access to the service with no way to limit it. Sometimes there is only one key that needs to be shared by services, so you won't have any way to disable access from one individually.
In this talk we will go through Managed Identities for Azure Resources, how they work, and how you can use them to use Azure services in a secure way without having to manage any keys yourself.
We will go through a demo application which uses various Azure services through a managed identity, removing the need to use keys entirely. The source code will be available to the audience so they have samples that they can use to implement managed identities in their own applications.
Zero Credential Development with Managed IdentitiesJoonas Westlin
Keys are always needed to access services in Azure and beyond. Storing and managing keys presents many problems, for example rotating and disabling them. Keys often also allow blanket access to the service with no way to limit it. Sometimes there is only one key that needs to be shared by services, so you won't have any way to disable access from one individually.
In this talk we go through Managed Identities for Azure Resources, how they work, and how you can use them to use Azure services in a secure way without having to manage any keys yourself. We will go through a demo application which uses various Azure services through a managed identity, removing the need to use keys entirely.
Zero credential development with managed identitiesJoonas Westlin
Introduction to Managed Identities in Azure, what they are and how they work. Also goes through what services they can be used with in Azure, how you can use services without any keys or secrets.
Key less access to Azure Services using AD Authentication using Managed Identity, User Managed Identity or Service Principal. Some samples include Cosmos DB, Azure Storage, Application Insight, Key Vault, etc.,
GlobalLogic .NET Webinar #2 “Azure RBAC and Managed Identity”GlobalLogic Ukraine
24 листопада відбувся вебінар від .NET Community – “Azure RBAC and Managed Identity”.
Спікер: Євген Павленко – Senior Software Engineer, GlobalLogic.
Розповіли, що таке Azure RBAC (Role Base Access Control) і як він працює, для чого нам Azure Managed Identity та як звільнитись від використання паролів-секретів при використанні Azure.
Деталі заходу: https://bit.ly/3GSBvRx
Відкриті .NET-позиції у GlobalLogic: https://bit.ly/3ilJYCq
Долучитись до .NET Community у Facebook: https://www.facebook.com/groups/communitydotnet
Working with credentials for Azure resources, you want to avoid storing your credentials in repositories when possible. In this session, we will talk about some of the options for working with credentials in Azure development without checking them into repositories - including managed identities, DefaultAzureCredential, and ChainedTokenCredential.
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultTom Kerkhove
It is not a secret that it is hard to manage sensitive information. Azure Key Vault allows you to securely store this kind of information ranging from secrets & certificates to cryptographic keys.
Great! But how do you use it? How do I authenticate with it and how do I build robust applications with it?
Come join me and I'll walk you through the challenges and give you some recommendations.
Strategies to automate deployment and provisioning of Microsoft Azure.HARMAN Services
Hear Michael Collier, Principal Cloud Architect at Aditi Technologies talk about the key automation strategies for success in Microsoft Azure, followed by a quick demo of Brewmaster, an automated provisioning and deployment tool for Azure.
Learn how to leverage various tools to quickly and consistently create full environments in minutes.
Like most things in life, there's an easy way and a hard way. The same holds true when working in cloud environments such as Microsoft Azure. The Azure management portal and Visual Studio can be great for relatively simple projects, but quickly become tedious when trying to create the multiple resources that often make up a real-world solution. This session will demonstrate how to leverage various tools, such as PowerShell, Azure Resource Manager, Azure Automation, and the Azure Management Library, to quickly and consistently create full environments in minutes.
You will learn:
- How to use Azure Management Library to create various Azure assets
- How to use Azure PowerShell cmdlets to query Azure services, deploy VMs and Cloud Services
- How to leverage Azure Automation to reduce operating costs and other management tasks
Microsoft Azure is Microsoft's cloud computing platform which enables rapid development of great solutions using its compute, storage, network and application services. The presentation focuses on how to get started with Azure and on fundamentals of some of the core features of Azure which every developer needs to know like Virtual Machines, SQL Database, App Services, Storage accounts and so on. The session will also include some quick demos, best practices, and tips for Azure Development. There will be something for everyone who is looking for advancing their technical skills with Microsoft Azure.
IglooConf 2019 Secure your Azure applications like a proKarl Ots
In this session, Karl will introduce Secure DevOps Kit for Azure (AzSK), a hidden gem in the Microsoft Security offering. Come and learn how you can use AzSK to improve the security of your Azure applications, regardless of how you currently use Azure.
As presented in IglooConf 2019
The breath and depth of Azure products that fall under the AI and ML umbrella can be difficult to follow. In this presentation I’ll first define exactly what AI, ML, and deep learning is, and then go over the various Microsoft AI and ML products and their use cases.
Similar to Zero credential development with managed identities (20)
Your Digital Assistant.
Making complex approach simple. Straightforward process saves time. No more waiting to connect with people that matter to you. Safety first is not a cliché - Securely protect information in cloud storage to prevent any third party from accessing data.
Would you rather make your visitors feel burdened by making them wait? Or choose VizMan for a stress-free experience? VizMan is an automated visitor management system that works for any industries not limited to factories, societies, government institutes, and warehouses. A new age contactless way of logging information of visitors, employees, packages, and vehicles. VizMan is a digital logbook so it deters unnecessary use of paper or space since there is no requirement of bundles of registers that is left to collect dust in a corner of a room. Visitor’s essential details, helps in scheduling meetings for visitors and employees, and assists in supervising the attendance of the employees. With VizMan, visitors don’t need to wait for hours in long queues. VizMan handles visitors with the value they deserve because we know time is important to you.
Feasible Features
One Subscription, Four Modules – Admin, Employee, Receptionist, and Gatekeeper ensures confidentiality and prevents data from being manipulated
User Friendly – can be easily used on Android, iOS, and Web Interface
Multiple Accessibility – Log in through any device from any place at any time
One app for all industries – a Visitor Management System that works for any organisation.
Stress-free Sign-up
Visitor is registered and checked-in by the Receptionist
Host gets a notification, where they opt to Approve the meeting
Host notifies the Receptionist of the end of the meeting
Visitor is checked-out by the Receptionist
Host enters notes and remarks of the meeting
Customizable Components
Scheduling Meetings – Host can invite visitors for meetings and also approve, reject and reschedule meetings
Single/Bulk invites – Invitations can be sent individually to a visitor or collectively to many visitors
VIP Visitors – Additional security of data for VIP visitors to avoid misuse of information
Courier Management – Keeps a check on deliveries like commodities being delivered in and out of establishments
Alerts & Notifications – Get notified on SMS, email, and application
Parking Management – Manage availability of parking space
Individual log-in – Every user has their own log-in id
Visitor/Meeting Analytics – Evaluate notes and remarks of the meeting stored in the system
Visitor Management System is a secure and user friendly database manager that records, filters, tracks the visitors to your organization.
"Secure Your Premises with VizMan (VMS) – Get It Now"
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
Worried about document security while sharing them in Salesforce? Fret no more! Here are the top-notch security standards XfilesPro upholds to ensure strong security for your Salesforce documents while sharing with internal or external people.
To learn more, read the blog: https://www.xfilespro.com/how-does-xfilespro-make-document-sharing-secure-and-seamless-in-salesforce/
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ?
Venez le découvrir lors de cette session ignite
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Hivelance Technology
Cryptocurrency trading bots are computer programs designed to automate buying, selling, and managing cryptocurrency transactions. These bots utilize advanced algorithms and machine learning techniques to analyze market data, identify trading opportunities, and execute trades on behalf of their users. By automating the decision-making process, crypto trading bots can react to market changes faster than human traders
Hivelance, a leading provider of cryptocurrency trading bot development services, stands out as the premier choice for crypto traders and developers. Hivelance boasts a team of seasoned cryptocurrency experts and software engineers who deeply understand the crypto market and the latest trends in automated trading, Hivelance leverages the latest technologies and tools in the industry, including advanced AI and machine learning algorithms, to create highly efficient and adaptable crypto trading bots
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Advanced Flow Concepts Every Developer Should KnowPeter Caitens
Tim Combridge from Sensible Giraffe and Salesforce Ben presents some important tips that all developers should know when dealing with Flows in Salesforce.
Why React Native as a Strategic Advantage for Startup Innovation.pdfayushiqss
Do you know that React Native is being increasingly adopted by startups as well as big companies in the mobile app development industry? Big names like Facebook, Instagram, and Pinterest have already integrated this robust open-source framework.
In fact, according to a report by Statista, the number of React Native developers has been steadily increasing over the years, reaching an estimated 1.9 million by the end of 2024. This means that the demand for this framework in the job market has been growing making it a valuable skill.
But what makes React Native so popular for mobile application development? It offers excellent cross-platform capabilities among other benefits. This way, with React Native, developers can write code once and run it on both iOS and Android devices thus saving time and resources leading to shorter development cycles hence faster time-to-market for your app.
Let’s take the example of a startup, which wanted to release their app on both iOS and Android at once. Through the use of React Native they managed to create an app and bring it into the market within a very short period. This helped them gain an advantage over their competitors because they had access to a large user base who were able to generate revenue quickly for them.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
13. Where can I use it?
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/services-support-
managed-identities
Virtual
Machines
VM Scale SetsFunctions
Data Factory API Management Blueprints Container
Registry Tasks
Logic Apps
Container
Instances
Preview
App Services
Preview
Service Fabric
Stream
Analytics
Preview
14. What can I access with it?
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/services-support-
managed-identities
Azure SQL
Database
Key Vault Data Lake Blob Storage Queue Storage
Event Hubs Analysis Services ARM API MS Graph API Any API supporting
AAD auth*
Service Bus
18. Local development
• Services like SQL and Storage can be run locally
• Must get access tokens differently
• No Managed Identity
• Can use user identity
• Or use client credentials
19. https://www.nuget.org/packages/Azure.Identity/
• .NET / Java / JavaScript / Python
• Managed Identity
• Shared Token Cache (used by e.g. Visual Studio)
• AZ CLI
• Client id + secret
• Client id + certificate
• Username + password
• Interactive user authentication
20. Suggestions for local development
• Use DefaultAzureCredential for user authentication
• Specify SharedTokenCacheTenantId to be your AAD tenant
• Or AZURE_TENANT_ID env var
• Specify SharedTokenCacheUsername if necessary
• Or AZURE_USERNAME env var
• Local AAD accounts seem to work best with shared token cache
• Supposed to support MSA/Guest accounts too, but found it varies
• Use ClientSecretCredential or CertificateCredential for service
authentication
• Or specify them as environment variables
https://github.com/Azure/azure-sdk-for-
net/tree/74f0ae1d265eb6ea2e5b537bcc4a0c5243cd7fd7/sdk/identity/Azure.Identity
21. Advanced: Usage against custom APIs
• Register at least 1 application permission
• Assign the permission(s) to managed identity
• Use e.g. api://some-guid-here/.default as the scope
• If app ID URI specified for API
• You can also use your-api-client-id/.default
25. Takeaways
• Using Managed Identity is seriously recommended if
your app runs on Azure
• Access any service that supports Azure AD authentication
in a secure way
• Free service that can remove all secrets from your code
• Use the Azure Identity library
• Local development requires some effort