Time
14 hours 28 minutes
Difficulty
Intermediate
CEU/CPE
15

Video Transcription

00:00
Hello, Siberians. Welcome to lessen 6.3 Off model seeks off, Discuss stated. Is that receiver one Microsoft Azure architect design?
00:11
So here are the tasks that will be completing in this particular demo.
00:16
We'll start by creating a new FBI management instance of service
00:21
who then import and publish an existent back and AP high into the service.
00:28
We'll go to the press of transforming the AP. I using an outbound policy
00:34
who go through the process of protecting the AP High is in an impound policy,
00:41
wouldn't create on a P I a revision so that we'll see how revision walks.
00:46
So let's get into this.
00:49
The first thing that I'll be showing you is the creation off a new epi, a management service, and this is what I currently have. I have a conference, a p I, which is all stayed on as your hop service, which is the back and a P I.
01:02
And then I'll be creating on a p. I am Sivits. Let's go to the other a portal to do this.
01:07
Here I am in the azure Pato, So to create a new AP am service at Lincoln Creators us.
01:15
Andi I was set for a P I management.
01:19
There you go. I select that
01:21
on Dhe. It gives me the option to create that. So I'll click on Create,
01:26
and I can specify some details. First, I need to give it a name,
01:30
so I'll call these
01:32
Is that true? Is ever won a P I am.
01:38
And that's except that. So that's good.
01:41
And then our needs to specify every suspect for you. I heard you acquitted the research group called Cyber Fremont. Six RG sabes in that resource group. I would leave the location as you yourself are specified. The organization name, which I'll call Sy Berry,
01:57
is that the reserve one
02:00
house pacify an administrator, email without just livers. David At super clouds that X, Y Z
02:06
and the price interior, you consider different options that are available. Consumption tear is only available in a few regions,
02:13
so I'm just quiet and selected developer here,
02:16
and I won't be enabling application inside for now, so I'll just quiet and click on creates.
02:23
So this will take a few minutes to create. I think he could take up to 15 to 20 minutes to create. So what? I'll do is out positively cutting
02:32
after it successfully created the AP. I am service our regime. The recording.
02:40
So the deployment off the A p I am service completed successfully.
02:45
So where you can do second click on Go to Recess
02:50
and it takes me to my A p I am service here,
02:53
So let's go back to the slides and then proceed to the next task.
02:58
So in the next task, I'll show you out in parts and publish an A p I.
03:05
And there's a visual representation off what are between you. We already have our A P I management service created.
03:13
I'm going to be important in my back and a P high
03:15
into the A P A management service. And then I'm going to be creating the product on. I'll be associating the imported a p I with that product. So let's go ahead to do that.
03:29
Back in the azure Pato under my a p I am service.
03:32
If I click on the AP eyes
03:36
on DDE, what I can do is I can have a new A p. I can create a blank empty a p. I hear what I'm gonna do is I'm going to select the open A P I specifications
03:46
and I'll change this from basic to fool
03:50
what I've read in years. I don't need to specify the u R L for my back and service on our copy that and I'll paste that in there.
04:00
They now need to specify it. Display names are specified. The display name as conference A P I on Also the name will be conference a p I.
04:10
So how lived a description alone? That's accurate. So the FBI itself it on a p a about a technical conference where you can get information about speakers sessions and topics for the conference.
04:25
So for the arrows came out select f city p
04:29
for the a p I euros offic. So this is important because I mentioned earlier that when we create on AP High Management Service, we're going to be getting a gateway. You are well
04:41
on. That's also the Baishi era so you can see the bishop about bay.
04:45
But for the address off the a p I'm gonna be important is gonna be the best hero for what slashed the FBI euros offic. So I'll just set This is
04:56
Conference a P I
05:03
so that's good. So for the tags are live death and for the product. By the fourth there, two products
05:12
for a P. A management service. There's a stutter and earthy, unlimited product. Are we creating my own product? Well, for now, let's go ahead and just select Unlimited for now,
05:21
and I'll just go ahead and click on Creates.
05:26
And there we go. It's imported mine, a p I.
05:30
So what? I can do it so I can see on the design. I can see that it's essentially index the list off operations they could find So you can see the list off operations for the FBI here.
05:42
So when they can see, like, get speakers, get session. So why can this weekly contest
05:47
on? I click on get speakers, for example, Let's go ahead and test this AP. I make sure everything is working fine.
05:55
So if I just cried and tests this so let's sent that's
06:00
the guests because operation
06:01
and they go, I get it an http 200 okay, and I can see the information about the speakers for the conference,
06:11
so that's looking good. The next round about this all created products, so
06:15
a product is what we need to create for end users to be able to soft crab trap by AP eyes.
06:24
See if I click on the products there to buy the fault. I'll just quiet on. Add a new one.
06:31
Don't call these
06:33
Cy Berry
06:39
is that there is a warrant AP Ice,
06:43
and I'll live the Heidi and I'll give this a description.
06:47
Actually, I just used the display matched the description.
06:53
I can specify whether this is published or not, so by default you've been not published by consent. Specify Published.
07:00
Doesn't require subscription. What that means is for people to be able to consume the FBI's within this products they need to subscribe another what that they need to register and then obtain its subscription key
07:14
on a P I ke. I can specify that,
07:16
um, if I want this subscription to be subject to approval of an administrator, I can select this option. But I'm gonna leave this option on selected
07:27
for now. So soft. Different count element means how many concurrent subscriptions can the same user have, so I'll just leave that I can specify some legal information here that users have to agree to for them to able to consume AP eyes in this
07:44
product.
07:46
So then I can specify. I cannot associate AP Ice with this product, so maybe I can be associated with modern one product. So if I go ahead and select the FBI's there, I have my conference, a p I. I select that
08:00
and I'm associating with this product. So why don't we can create
08:03
and that's it's now I have my product that created
08:07
Andi. If I go back on the AP ice over here, if I click on develop a Pato
08:13
legacy
08:15
and this takes me to the developer Pato
08:18
on defy click on the air p heis
08:20
I can see my a p. I stay, but if I click on the product, I can see the products there. So that's my products. And within that products,
08:31
I should be able to see my conference a p I.
08:33
So that's good. So the next activity there be showing you involves the transformation of an A P. I ease in an outbound policy.
08:41
So what are these? Are applied the outbound policy from the back end.
08:45
So my confidence ap high, so that whenever client makes a request to the A P I go stride gets way to the back and service whenever response is generated from the back in service. And this gives the back and service would generate a response. The hazard in http headers and had certain references on links within that, as they
09:05
result, is returned back to the a p a.
09:09
Get way. The outbound policy will be stripping out certain information that I do not want to go to my clients. It's gonna be hiding all those information on dhe. Then it's gonna sense that reply back to the clients with doubts those sensitive information included in them.
09:24
So that's what I'll be showing you. Let's glide into that. So I'm back in the azure Pato. So the first thing about do is if I go to my conference ap high. Let's go to some tests again.
09:37
Andi, I'll go to get speakers
09:41
and I'll just quiet and make this request tree get our oppression.
09:46
So here's what I want to show you. Number one from the other trees have to get a suppression. I get a nature to picture on red. Okay,
09:52
But you can see that information about the ex SP that netvision
09:58
and what is this part by it's included in the returned response from the back in service.
10:03
So this could potentially be sensitive information. Anyone as this information could Then go look up vulnerabilities for this vision of a sp dot net and then try to exploit that. So maybe I want to hide this in response to Baxter clients, which is what I want to do.
10:18
The other thing I want is that the response that was sent in includes setting references which, as the euro off the back and service itself I do not want the end users to have this information about the back and service. Yeah, well, so I want to transform these to the u R L off the a p I am service
10:37
instead
10:39
to get way. So that's what I want to do in this case. So let's let's get put off that stone.
10:45
So to do that now needs to configure policies. So let's go on the design. And if I click on all operations, so I want to apply this to all operations and I want to apply an out one policy so under out band policy here if I click on policy called Deter
11:03
and I want to apply an outbound policy. So what I'll do is just put this paste, eh?
11:07
I'll click on in set policy and now scroll down to where it says transformation policies, said Https off a great and select that it adds that policy in there
11:20
on what I'll do is I'll make this modification.
11:24
So 100 years I'm adding this urban policy to say If the other that's received from the back and service includes this other name, I want you to delete it. So I'm doing that for both part by an SB dot net vision.
11:39
So our quiet and safeties,
11:46
So that saved. So the other thing that I wanted to do was I wantedto had another policy
11:50
to replace the U. R L. So if I go ahead and click on outdone policy again
11:58
on DDE, where it says outbound output,
12:03
a space and our insert policy
12:05
this time around, I want to insert a policy for fine and replace string and body
12:11
on. Anyway, it finds this you are so let's quiet into this, and whether it finds the information about the references to euro off my back and service.
12:24
I wants to change its to the euro off. My AP management said. If I got my A p I am service on the overview, I can say that gets where you are out there. So that's the information that I want him on, the information to be changed to my get where you are.
12:39
So let's go back
12:41
on. If I paste that in this, I'll just remove https,
12:46
so any time this is found in the body is going to replace it with this. But what I also want to do is because this
12:54
based UFO is not the actual driver for where the FBI's Allstate. So it needs to heart the suffix off
13:03
forward slash
13:05
conference a p. I remember I had it that suffix failure. So once I had that so fixed, they're all that's looks good for great and save that
13:15
now that fine. So now I have this policies which sets the heather and then which finds and replaces a string. So let's go ahead on the tests to test it again.
13:24
It's a knife. I go back on, the gets Peca's,
13:28
and if I click on sent that operation.
13:31
Now I'm reserving my reply, but you can see that
13:35
the adults that we had initially and no longer present also, if you look at the references on the links, you can say that they've been changed from the back end. You ever go to my A p a management you are, Bill.
13:50
So in the next activity, I'll be showing you how to protect an FBI using an inbound policy
13:58
and this official representation of what I'll be showing you.
14:03
Are we creating an embalmed policy similar to the way I created on our band policy here earlier?
14:07
But what Gulbuddin is its information that's coming from the client's going to the back end.
14:15
And what's the policy would do each that
14:18
if the request is coming from the client's doesn't foul. It's the policy.
14:22
It's gonna be rooted about it by my get way to the back and service.
14:26
In this case, I'll be hiding its limits.
14:30
However, if the request that's coming from the client violates that policy, which I'm gonna make tree Guy to that violates the policy. Another what? I'm gonna make too many request on what is allowed that will automatically be stopped by that policy and they get way.
14:46
So that's what I'm going to be showing you now. So let's go ahead and do that. So I'm back in the azure Pato.
14:54
So what I'll do is I'm still under my conference FBI. If I click on the design
14:58
under all operations this time around, I want to select inbound processing and I want to click. And that now, the section that I'm going to be modifying this time will be the inbound section. I'm gonna click on insert Policy and I'm gonna click. Look for access restriction policies on dhe the policy. I want to have this limit
15:16
called rate perky. So that's the policy. So let's add that polish today
15:22
on it is written limit by key calls. I'm gonna change this to three. We knew a period 15 on dhe counter key. Let's change that to the subscription idea. Tow. The subscription idea is gonna limit that sofa, Grete and save this
15:39
and I can see my policy today. So what I'll do is fight. Go back under the tests. Top
15:45
unlikely can get speakers on ugly consent to tree get the operation, and that's stronger. That's okay lets end again.
15:54
Good. Let's send again
15:58
austere. Good. Let's end again
16:00
On There you go. That's been triggered. This is I have photo nine too many requests. So finally I'll be showing you how to create an AP a revision.
16:11
So back in the azure Pato still under my conference a p I
16:17
at the very top here you have visions for click on revisions. You can see that I currently have just one revision.
16:23
So why can't the second click on add vision
16:27
and I can give the vision that description?
16:30
So I called this
16:34
revision so
16:37
unlikely can create.
16:40
And now that that's created my vision, so what I can do so like I can click on the job down on, I can specify which revision I want to read it.
16:48
So in this case, I'm on revision to,
16:52
So let's stick with that. If I go back on the design I can see are my operations here. What I want to do is I'm gonna click on add operation. I want to have a brand new oppression gonna call these tests,
17:03
and I'm gonna set this to the post mattered, and I'm going to say posts
17:10
for slash tests.
17:14
Andi, I'll just go ahead and see if that
17:18
some added a new oppression to this.
17:21
So and if I scored on, I can see my new operation over here so I can see that on division to. But if I go to revision one,
17:30
I'll see that that operation is not there.
17:33
Also, if I go to the developer Pato
17:37
and if I go on the AP ice on, if I go on the my conference, a P I
17:45
and I can see the operation. As you can see that the new operation, I just added, It's not present because it's snowing production yet.
17:52
So why can do is if I go back on the visions.
17:57
I have my vision too
18:00
there and then I can make this the core Entravision. So if I switch, that's too biblical, Entravision.
18:06
So let's go ahead and save. That's
18:07
and now is switch revision to Toby the core Entravision. So now if I go back to develop a Pato, if I refresh the screen,
18:17
I can see my new oppression. I just added right there.
18:21
So that brings me to the end off this demo. I hope you found this information. Thanks very much for watching. And I'll see you in the next lesson.

Up Next

AZ-301 Microsoft Azure Architect Design

This AZ-301 training covers the skills that are measured in the Microsoft Azure Architect Design certification exam. Learn strategies to plan for the exam, target your areas of study, and gain hands-on experience to prepare for the real world.

Instructed By

Instructor Profile Image
David Okeyode
Cloud Security Architect
Instructor