Purely Cloud Podcast - CBS on Azure Technical Deep Dive
Together with vjirovsky we hosted a podcast episode where we discussed CBS on Azure architecture and best practices. Have a listen here: https://soundcloud.com/user-917746545/purely-cloud-guest-series-cbs-on-azure-technical-deep-dive-and-deployment-best-practicesAzure lovers, you'll like this one...
☁️ Did everyone catch the big cloud news at last week's Accelerate? Pure Storage Cloud for Azure Native is now GA! Thats right - it's here! You can now tap into Pure's block storage directly inside azure-no extra layers, no hassle. It works just like the rest of your Azure services but with the simplicity and efficiency you expect from Pure Storage. If you are thinking about how to get more out of Azure, definitely give 👉 this blog a read.Using Azure Resource Locks with Pure Storage Cloud Dedicated
In any cloud environment, human error is a significant risk to the stability of production systems. A mistaken click in the portal or a misconfigured script can lead to the accidental deletion of critical infrastructure, causing downtime and potential data loss. This is the exact problem that Azure Resource Locks are designed to solve. Think of them as a simple but powerful safety net for your most important Azure resources. When applied to a Pure Storage Cloud Dedicated (PSC Dedicated) managed application, these locks are an essential governance tool. A PSC Dedicated array isn't a single resource but rather a collection of virtual machines, managed disks, and network components working together. Accidentally deleting or altering any part of this managed application could compromise the entire storage array and the applications that rely on it. By applying a lock, you create an intentional barrier, forcing administrators to consciously remove it before making a destructive change. This simple step helps safeguard your mission-critical data, prevent service interruptions, and ensure the operational integrity of your storage environment. Understanding Azure Resource Locks A resource lock prevents users from accidentally deleting or modifying your Azure resources. Even users with the Owner role for a subscription cannot delete or modify a resource if it has a lock applied. There are two main types of resource locks: CanNotDelete (often shown as Delete in the Azure Portal): This lock means that authorized users can still read and modify a resource, but they can't delete it. This is the recommended lock level for the PSC Dedicated managed application. ReadOnly: This lock is more restrictive. Authorized users can only read a resource; they cannot modify or delete it. This lock is generally not recommended for PSC Dedicated, as it can interfere with normal management and scaling operations performed by the Pure Storage support team or by automated processes. Please refer to the Microsoft Learn documentation for more information. How to Apply a Lock to Your PSC Dedicated Managed Application While you can apply locks to individual resources, the best practice for PSC Dedicated is to apply the lock to the entire managed resource group. This ensures all components are protected. Method 1: Using the Azure Portal (The Easiest Way) Navigate to your PSC Dedicated Managed Application: In the Azure Portal, search for and select your Pure Storage Cloud Dedicated instance. Go to the Locks Blade: In the left-hand menu for your PSC Dedicated resource, find and click on Locks. Add a New Lock: Click the + Add button at the top of the Locks blade. Configure the Lock: Lock name: Give your lock a descriptive name (e.g., PSCDedicated-DoNotDelete-Lock). Lock type: Select Delete. Notes: It's a good practice to add a note explaining why the lock is in place. Save the Lock: Click OK to apply the lock to your managed application. Review the Lock is in place Try to delete the PSC Dedicated managed application See that an error message appears, confirming the Lock is in place and does prevent accidental deletion of the Managed application of the PSC Dedicated array Method 2: Using Azure PowerShell For those who prefer a command-line interface, Azure PowerShell provides a straightforward way to manage locks. To apply the lock using Azure PowerShell, use the New-AzResourceLock cmdlet. You will need the following information: New-AzResourceLock -LockName "PSCDedicatedLock" ` -LockLevel CanNotDelete ` -ResourceName "YourPSCDedicatedInstanceName" ` -ResourceType "Microsoft.Solutions/applications" ` -ResourceGroupName "YourApplicationResourceGroup" To remove the lock later, you can use the Remove-AzResourceLock command. Method 3: Using Azure CLI The Azure Command-Line Interface (CLI) is another popular method for managing Azure resources. The process here would be: az lock create --name "PSCDedicatedLock" \ --lock-type "CanNotDelete" \ --resource-group "YourApplicationResourceGroup" \ --resource-name "YourPSCDedicatedInstanceName" \ --resource-type "Microsoft.Solutions/applications" \ --notes "Prevent accidental deletion of PSC Dedicated Managed Application" To remove the lock, you would use the az lock delete command. Final Thoughts Applying an Azure Resource Lock is a simple, no-cost action that adds a powerful layer of protection to your Pure Storage Cloud Dedicated deployment. It's a fundamental step in good cloud governance that helps ensure your critical storage infrastructure remains secure and available. By taking a few moments to configure a CanNotDelete lock, you can prevent a costly mistake and maintain the operational integrity of your environment.
