Hub and Spoke network topology in Azure

Originally posted on Lucian.Blog. Follow Lucian on Twitter: @LucianFrango.

Back in late 2016 I was lucky enough to go Microsoft Ignite in Atlanta (USA), which was a bit of a big deal as it was my first major conference. One of the take aways from the various technical sessions on Azure networking I attended was that Microsoft wanted to put a great deal of emphasis on the usage of a Hub and Spoke network topology. … [Keep reading] “Hub and Spoke network topology in Azure”


My experience at Microsoft Containers OpenHack featuring Kubernetes challenges

Azure consultants are constantly looking to expand our scope of expertise and aligning to this I’ve recently attended a Microsoft Containers OpenHack in Sydney. This event was a huge success for me and a rapid introduction to Kubernetes (K8s) and Azure Kubernetes Service (AKS) through a series of challenges over 3 days.

OpenHack Logo

Microsoft OpenHack is a developer-focused engagement where a wide variety of participants (Open) learn through hands-on experimentation (Hack) using challenges based on real-world customer scenarios designed to mimic the developer journey – Source: Microsoft

My experience at OpenHack

About 80 attendees were split up between the 20 tables in the room.… [Keep reading] “My experience at Microsoft Containers OpenHack featuring Kubernetes challenges”

How-To deploy Docker images to Azure Kubernetes Services (AKS)

In this blog, I will guide you through the process of building and deploying Docker images to the Kubernetes platform hosted on Azure Kubernetes Services (AKS). In addition, I will also show you how to work with service scale-out and high-availability.

Docker defines a container as “A standard unit of software that packages up code and all its dependencies, so the application runs quickly and reliably from one computing environment to another”

A Docker container image is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings.”… [Keep reading] “How-To deploy Docker images to Azure Kubernetes Services (AKS)”


Quick Intro to Azure Backup Explorer

Here’s what you need to know about Azure Backup Explorer which has been released in public preview as of 5th Feb 2020.

What is Azure Backup Explorer?

  • It’s currently available for use with Azure Virtual Machines
  • A single pane of glass for monitoring backups of your Azure Virtual Machines
  • Removes complexity and manpower associated with monitoring backups using Azure Log Analytics Workspaces

How do I access it?

TLDR = Azure Portal > any RSV > Overview > Backup Explorer
  1. Login to
[Keep reading] “Quick Intro to Azure Backup Explorer”

Azure VNets and

I’ve recently been digging into the weeds of doing an Azure VNet Hub and Spoke design for a customer and it’s brought about revisiting a topic from a while back.

For some quick context- for any given VNet in Azure there is a System RouteTable that holds basic routing information for that VNets network traffic flows within that VNet as well as inbound and outbound of the VNet. The following table outlines what the default System RouteTable routes consist of (table information source):


So, whats the problem with that?

[Keep reading] “Azure VNets and”

Your 2020 Study Guide to Azure DevOps Solutions (AZ-400)

With Microsoft announcing sweeping changes to a few Azure exams later in March 2020 the time is ripe to blog about an exam I’ve had my eye on for a while: Azure DevOps Solutions (AZ-400). This is an advanced exam that targets professionals familiar with Azure administration and Azure development. I can see this exam providing value to engineers, consultants, and architects who are driving for increased adoption of Agile practices and Infrastructure as Code.

After doing a few of these exams over the years you’ll find a rhythm that works for you.… [Keep reading] “Your 2020 Study Guide to Azure DevOps Solutions (AZ-400)”

Azure Bastion’s current annoying limitation

Originally posted on here at Follow Lucian on Twitter @lucianfrango.

Since this service stumbled on the open web by way of a leak in June 2019 and having used it for a while now in preview plus since its been GA- for me this seems to be the best way to conduct secure remote access to IaaS infrastructure in Azure.

The idea of not having to deploy any internet accessible infrastructure (not having to open up TCP22 or TCP3389) to the avalanche of 1337 h4x0rs trying to gain access to anything and everything on those ports is great news.

[Keep reading] “Azure Bastion’s current annoying limitation”

0.09 ms latency using Azure Proximity Placement Groups

Reducing network latency for critical apps running on Azure IaaS has become easier since Microsoft’s announcement of General Availability for Proximity Placement Groups (PPG) on Dec 2019.

Today I’ll give you a quick intro to Proximity Placement Groups demonstrating how to deploy a test environment into your Azure Subscription using one of my favourite tools AzureCLI. I’ll also test network latency with a PPG and without to show you the difference.

If you’re undecided about using AzureCLI or ARM templates for your Azure deployments have a look @ Pascal Naber’s post

[Keep reading] “0.09 ms latency using Azure Proximity Placement Groups”

Interesting Azure announcements at Ignite 2019

The big one: Azure Arc

Announced: November 4th, 2019
Source: Azure services now run anywhere with new hybrid capabilities: Announcing Azure Arc

I read recently a stat that said that some ~90% of all workloads are still run on-premises. That’s mind blowing to think that there’s still so much potential for cloud utilisation and workload transformation. This seems like part of the driver for the announcement of Azure Arc – “a set of technologies that unlocks new hybrid scenarios for customers by bringing Azure services and management to any infrastructure.[Keep reading] “Interesting Azure announcements at Ignite 2019”

How to bypass the Microsoft AAD login Screen for a Federated SSO User when access an AAD integrated application

As more organisations are integrating their SAML applications to AAD instead of ADFS to take advantage of the Azure AD Conditional Access Policy. One user experience issue of the change is that federated users (e.g. using ADFS for single-sign on) are first redirected to default MS AAD Login page. Only when they have entered their UPN, they are redirected to the ADFS page to sign in.

Many customers and end-users have asked if they can be redirected straight to the ADFS page, bypassing the MS login page, especially when migrating an existing ADFS federated application to AAD.… [Keep reading] “How to bypass the Microsoft AAD login Screen for a Federated SSO User when access an AAD integrated application”