Troubleshooting Azure Network Security Groups

Some things I learned recently whilst troubleshooting a customer’s network security group (NSG) configuration.

Default rules

The default configuration of all NSGs includes 3 inbound and outbound rules which is something to be aware of. You can vizualise these rules in the Azure portal or with the following PowerShell. The default rules cannot be disabled but can be overridden by creating rules with a lower priority (read higher number!).

Choose a resource group

[code language=”powershell”]
$nsgName = ‘<NSGNAME>’
$rgName = (Get-AzureRmResourceGroup | Out-GridView -Title ‘Select Azure Resource Group:’ -PassThru).ResourceGroupName
[/code]

Display default rules

[code language=”powershell”]
(Get-AzureRmNetworkSecurityGroup -Name $nsgName -ResourceGroupName $rgName).DefaultSecurityRules | Select-Object * | Out-GridView
[/code]

Display custom rules

[code language=”powershell”]
(Get-AzureRmNetworkSecurityGroup -Name $nsgName -ResourceGroupName $rgName).SecurityRules | Select-Object * | Out-GridView
[/code]

By default no inbound traffic is allowed except for requests from any Azure load balancers which may have been provisioned.… [Keep reading] “Troubleshooting Azure Network Security Groups”

Image a Windows Virtual Machine In Azure, then Deploy And Join It To A Domain

The following Azure Resource Manager mode PowerShell will allow you to create an image of an existing Windows virtual machine in Azure, deploy it at will and join it to a domain if necessary.

Login to PowerShell

[code language=”powershell”]
Get-AzureSubscription
$SubID = "your-subscription-ID"
Login-AzureRMAccount
Select-AzureRmSubscription -SubscriptionId $SubID
[/code]

Create the virtual machine image

Run sysprep on the desired virtual machine in Azure.

[code language=”dos”]%windir%\system32\sysprep[/code]

When prompted for System Cleanup Action choose ‘Enter System Out of The Box Experience (OOBE)‘, Generalize and Shutdown from Shutdown Options.… [Keep reading] “Image a Windows Virtual Machine In Azure, then Deploy And Join It To A Domain”

Encryption In The Cloud

Is it safe? 

Three simple yet chilling words immortalized by the 1976 movie Marathon Man staring Laurence Olivier and Dustin Hoffman, in which Olivier tries to discover by very unpleasant means whether the location of his stolen diamonds has been exposed.

Well had Sir Lawrence encrypted that information, there would have been no need for him to worry because he would have known that short of using a weak cypher or vulnerable algorithm or password, encrypted data has a very strong chance of remaining secret no matter what.… [Keep reading] “Encryption In The Cloud”

Create a Cloud Strategy For Your Business

Let’s be clear, today’s cloud as a vehicle for robust and flexible enterprise grade IT is here and it’s here to stay. Figures published by IDG Research’s 2015 Enterprise Cloud Computing Survey predict that in 2016 25% of total enterprise IT budgets will be allocated to cloud computing.

They also reported that the average cloud spend for all the enterprises surveyed would reach 2.87M in the following year and that 72% of enterprises have at least one application running in the cloud already, compared to 57% in 2012.… [Keep reading] “Create a Cloud Strategy For Your Business”

Performance Tuning Ubuntu Server For Use in Azure cloud

The following describes how to performance tune Ubuntu Server virtual machines for use in Azure. Although this article focuses on Ubuntu Server because it’s better established in Azure at this time. It’s worth mentioning that Debian offers better performance and stability overall, albeit at the cost of some of the more recent functionality support available in Ubuntu. Regardless many of the optimizations discussed below apply equally to both although commands and settings may vary occasionally.

Best practice recommendations from Microsoft.… [Keep reading] “Performance Tuning Ubuntu Server For Use in Azure cloud”

Azure Deployment Models And How To Migrate From ASM to ARM

This is a post about the two deployment models currently available in Azure, Service Management (ASM) and Resource Manager (ARM). And how to migrate from one to the other if necessary.

About the Azure Service Management deployment model

The ASM model, also known as version 1 and Classic mode, started out as a web interface and a backend API for the PaaS services Azure opened with at launch.

Features

  1. ASM deployments are based on an XML schema.
[Keep reading] “Azure Deployment Models And How To Migrate From ASM to ARM”
Follow Us!

Kloud Solutions Blog - Follow Us!