Back in late 2016 I was lucky enough to go Microsoft Ignite in Atlanta (USA), which was a bit of a big deal as it was my first major conference. One of the take aways from the various technical sessions on Azure networking I attended was that Microsoft wanted to put a great deal of emphasis on the usage of a Hub and Spoke network topology. … [Keep reading] “Hub and Spoke network topology in Azure”
I’ve recently been digging into the weeds of doing an Azure VNet Hub and Spoke design for a customer and it’s brought about revisiting a topic from a while back.
For some quick context- for any given VNet in Azure there is a System RouteTable that holds basic routing information for that VNets network traffic flows within that VNet as well as inbound and outbound of the VNet. The following table outlines what the default System RouteTable routes consist of (table information source):
So, whats the problem with that?
Since this service stumbled on the open web by way of a leak in June 2019 and having used it for a while now in preview plus since its been GA- for me this seems to be the best way to conduct secure remote access to IaaS infrastructure in Azure.
The idea of not having to deploy any internet accessible infrastructure (not having to open up TCP22 or TCP3389) to the avalanche of 1337 h4x0rs trying to gain access to anything and everything on those ports is great news.
I’ve been looking at Azure Backup and migrating some Windows VM’s from one Recovery Services Vault to another. This is mainly because I’ve taken a look at some production deployed VM’s and found they were aligned to the reference architecture Disaster Recovery and Backup policies. Long story short, 6 VM’s needed to be moved to maintain consistency.
Things get interesting in that my previous level of access at a customer has changed and I’m time poor, so I thought I’d use PowerShell to achieve this faster.… [Keep reading] “Azure Backup PowerShell removal of backup protection of a Azure VM”
The big one: Azure Arc
Announced: November 4th, 2019
Source: Azure services now run anywhere with new hybrid capabilities: Announcing Azure Arc
I read recently a stat that said that some ~90% of all workloads are still run on-premises. That’s mind blowing to think that there’s still so much potential for cloud utilisation and workload transformation. This seems like part of the driver for the announcement of Azure Arc – “a set of technologies that unlocks new hybrid scenarios for customers by bringing Azure services and management to any infrastructure.… [Keep reading] “Interesting Azure announcements at Ignite 2019”
For a change recently, I needed to disassociate Azure RouteTable’s from subnets, specifically: I needed to this at scale. It wasn’t a matter of a couple of RouteTable’s. Rather, the design had close to a RouteTable per subnet (with many subnets across many VNETs). The environment is also spread across multiple logical zone types and VNETs are also spread across multiple subscriptions.… [Keep reading] “What’s wrong with removing a RouteTable association with AzureAz Powershell”
* * *
Network Security Groups (NSG) are pretty good. I don’t mind them that much as for what they are, they do a good job. Designing them can be a little tricky, having to know all the nuances of working with them. When it comes to implementing them, changing them at scale… well that’s where things can be a little tiresome.… [Keep reading] “Azure NSG security rule management like a boss with PowerShell and CSVs”
The other day I needed to export some data from Azure. I needed an output of all the IaaS VM instances high level configuration for a customer. Namely I needed the resource group, the hostname and the IP address of the instances to forward across for some cross reference analysis.
Now, I’ve had the unfortunate mishap of losing my PowerShell script repo during the change over / migration from my Macbook to my current Surface Pro.… [Keep reading] “Export Azure IaaS VM properties, including NIC IP address to CSV, #PromptPowerShell”
Quality of life user experience improvements to SharePoint Online through the use of 301 redirects and Azure App Service
This is the third time in the last year that I’ve had to setup a HTTP 301 redirect in Azure for a customer.Doing so improves the general quality of life experience for users accessing various Microsoft 365 services, like for example specific SharePoint Online team sites, or Exchange Online OWA.
With each implementation I turned to Azure App Service to deliver the functionality needed.… [Keep reading] “Quality of life user experience improvements to SharePoint Online through the use of 301 redirects and Azure App Service”
The other day a colleague at Kloud, asked for a second set of eyes to look over and help with an Relying Party Trust setup in AD FS 4 (Server 2016). I obliged and went through a bunch of questions to try and determine what this issue might be.
To cut a long story short, the following is a quick bit of guidance when it comes to the naming of Claim Issuance Policies. I’ve found over the years that this can have a detrimental impact on configuration of an RPT if not setup with certain formatting.… [Keep reading] “AD FS 4.0 and the curious case of claim issuance policy naming: Notes from the field [Updated]”