Thursday, September 14, 2023

Resolve Azure Data Explorer error - Principal 'aaduser=xxx' is not authorized to perform operation 'VersionShowCommand'

When provisioning a new Azure Data Explorer cluster and navigating to the query section, you may receive an error message stating that the principal 'aaduser=xxx' is not authorized to perform the operation 'VersionShowCommand'.

To resolve the issue, you must grant the necessary permissions to the user principal referenced in the error message.

Begin by navigating to the Security + Networking section and selecting the Permissions menu.

Then, choose either AllDatabasesAdmin or AllDatabasesViewer based on your specific requirements.

Next, assign the user principal mentioned in the error message to grant the desired permission.

That's all you need to do. Now you can access the cluster

Tuesday, September 5, 2023

Designing an active/passive solution using Azure Front Door with priority based traffic routing

Suppose we aim to implement a solution in Azure while ensuring disaster recovery is effectively managed. In such cases, it's often necessary to deploy one instance of the solution as primary and another instance as the standby.

Remember, our objective is not to balance the load but to establish a disaster recovery solution.

The following diagram illustrates how to implement both load balancing and disaster recovery.

We can utilize Azure Front Door to implement the active/standby topology that we are interested in. Azure Front Door enables traffic routing based on latency, priority, round robin, and weighted round robin.

By employing priority-based traffic routing, we can establish an active/standby topology, which is ideal for disaster recovery implementation. According to the provided design, we should assign the same priority (e.g., 1) in the load balancing solution and a different priority (e.g., 2) for the disaster recovery solution.

To achieve this, you need to update the route you are interested in. You can apply a priority by changing the origin (represents an application server) of an origin group (represents application server collection/farm).

That's all you need to do. The secondary origin will receive the traffic when the primary origin is offline.