As per the requirement – Source Oracle Netsuite Database – will have its integration platform that can POST this data. Which needs to be saved in an Azure SQL database.

So as you can see the POST is being done to a Logic App which will be storing this in an Azure SQL Database.

Content-Type –

application/json

Create a Logic App

Choose the Appropriate SQL Connection

Insert Row

Respond Success if Status Code is 200

You can see it getting stored in Azure SQL Database, You need to install SQL Management Studio and Create the Tables, I just imported the tables using a plain text file.

Import tables Columns using Flat File

Let’s implement Web Application Gateway with Web Application Firewall, Assuming the backend is an App Service which is my case, the Custom domain is added to the in-app service with SNI SSL. See Restricting App Service through Application Gateway

The following Naming Convention is used as per Microsoft’s Recommendations, You can always make it flexible in the way you interpret and understand it better.

az – Denotes Azure
vp – Project Reference
uaen – UAE North
appgw – Application Gateway

• az-vp-np-uaen-appgw
• az-vp-np-uaen-appgw-be (Backend )
• az-vp-np-uaen-appgw-rule
• az-vp-np-uaen-appgw-listener
• az-vp-np-uaen-appgw-be-settings
• az-vp-np-uaen-appgw-hb (Health Probe)
• az-vp-np-uaen-appgw-ssl-profile

Let’s create an Application Gateway – Using a Dedicated Subnet for my Application Gateway

Associate a Public IP from a Public IP Prefix

Add a backed Pool

Add Backend pool

Add a routing rule attaching a pfx file (Ideally from Key Vault)

Choose backend Targets – Use Well know CA Certificate

Frontends – Routing Rules and Backend Pools are configured now

Create the Application Gateway

Add Custom Health Probe – Apply Host with backend custom domain

Now the site is up using Application Gateway – The A Record is pointing to Application Gateway. As to have better HA ( High Availability ) you need to use traffic manager or Azure Front Door with CDN for different scenarios. Azure Front door is peace of mind as SSL can be managed and renewed automatically.

Enable WAF V2 – Prevention

OWASP 3.0 is used in this case

Create SSL Profile with TLS 1.3

Update SSL profile in Listener (The one we created above)

Now you can see the CIPHERS are hardened.

• Excellent Article Reference from Microsoft on Protecting GCP Applications (Google Cloud Platform) using Azure WAF
• Excellent Article Reference from Microsoft on Protecting AWS Applications (Amazon Web Services) using Azure WAF

Let’s restrict app service to connect only through the app gateway, Considering Custom Domain is Added with SSL
Choose Networking and Configure Outbound Traffic with VNet Integration. See Application Gateway Web Application Firewall Configuration if needed

Choose the Appropriate Subnet for Outbound Traffic.

Outbound Traffic with VNet Integration is enabled

Now choose Unmatched Rule Action to Deny

Add and Allow only Application Gateway Subnet to work

Choose Continue

Traffic to unmatched rules to the main site will be denied.

Now Access Restrictions are in Place for Inbound and Outbound Traffic only through Application Gateway.

Now you can see App Service is Accessible only through the Application gateway and not direct (Error 403 – Forbidden)

Configuring SUSE Enterprise Linux for SAP Business One in this case on Microsoft Azure. Am describing a sample preparation using public IP assigned on Suse Linux. but in real-world scenarios. Either use bastion or a jump box or secured VPN to connect to the instance.
Using SUSE Enterprise Linux 15 SP4 with 24×7 Support

Create a new virtual machine and click on select from all images and search for suse from your marketplace.

Create a new virtual Machine. Choose the Image.

To Elevate

sudo su -

Install xrdp for Remote Desktop or VNC. I have covered both.

zypper install xrdp

Configured xrdp

service xrdp start
chkconfig --set xrdp on
systemctl start xrdp
systemctl enable xrdp

Now Remote Desktop Working as expected.

After RDP enter the linux password via xrdp.

It’s working as expected

Now let’s see how to install vnc

zypper install xorg-x11-Xvnc

Enter

vncpasswd

Configure the vncserver and set boot at startup. You may need to re-run it to set auto start.

vncserver :1

It’s working as expected. It works on 5901 – and the NSG rule has to be allowed in order to use it.

Lets install GUI Gnome

zypper -n install -t pattern x11 gnome_basic

Lets edit this file and sent default_VM=”gnome”

vi /etc/sysconfig/windowmanager

Shift i

esc and :wq to save and exit

cat to view

cat /etc/sysconfig/windowmanager

Set Graphical Target as default

ln -fs /usr/lib/systemd/system/graphical.target /etc/systemd/system/default.target

reboot

GUI is up via vnc and xrdp

To Reset root password

Reset root password
sudo passwd root

Sample NSG rules allowing xrdp and vnc and ssh

Let’s migrate a Phpmysql site from Godaddy to Azure App Service and Mysql

Go to Marketplace; let’s create a resource group

Web App + Database

Lets use PHP run time stack

It auto-creates MySQL with the wizard with proper private DNS zone

Generated resources after creation

App service is online now

Created Windows 10 VM and Installed SQL Workbench in the same vNet to connect to MySQL and App service FTP easily

You can download SSL and connection information from here.

Connect using MySQL Workbench

Enter the obtained password

Import your old database using .SQL export and import

Choose Target schema

Now DB is imported.

Now you can see Tables have been created.

You can see appropriate tables populated

Let’s load a test PHP file to test DB connectivity , You can see the FTP Credentials

Connect to App Service using FTP

if you are using WinSCP

Placed this file to test mySQL connectivity.

<?php
$servername = "azure365pro-com-server.mysql.database.azure.com";
$username = "izmayfiuav";
$password = "8EHW56653KRSH5MZ$";
$database_name =  "azure365pro-com-database";

// Create connection
$conn = new mysqli($servername, $username, $password, $database_name);

// Check connection
if ($conn->connect_error) {
  die("Connection failed: " . $conn->connect_error);
}
echo "Connected successfully";
?>

Connection failed: Connections using insecure transport are prohibited while –require_secure_transport=ON.

if you turn off secure transport

if you turn off secure transport

or use SSL from the PHP side (Recommended)

<?php
$servername = "azure365pro-com-server.mysql.database.azure.com";
$username = "izmayfiuav";
$password = "8EHW56653KRSH5MZ$";
$database_name =  "azure365pro-com-database";
$options = array(
    PDO::MYSQL_ATTR_SSL_CA => '/DigiCertGlobalRootCA.crt.pem'
);
// Create connection
$conn = new mysqli($servername, $username, $password, $database_name, $options);

// Check connection
if ($conn->connect_error) {
  die("Connection failed: " . $conn->connect_error);
}
echo "Connected successfully";
?>