Are you over 18 and want to see adult content?
More Annotations
A complete backup of www.www.amateur.tv
Are you over 18 and want to see adult content?
A complete backup of worldwidewives.com
Are you over 18 and want to see adult content?
A complete backup of www.neatmovies.com
Are you over 18 and want to see adult content?
A complete backup of www.kaufmich.com
Are you over 18 and want to see adult content?
A complete backup of www.lushstories.com
Are you over 18 and want to see adult content?
Favourite Annotations
A complete backup of sturgisrallyrentals.com
Are you over 18 and want to see adult content?
A complete backup of pmcertification.net
Are you over 18 and want to see adult content?
A complete backup of maternityathome.com
Are you over 18 and want to see adult content?
A complete backup of threebarsranch.com
Are you over 18 and want to see adult content?
A complete backup of visiblealpha.com
Are you over 18 and want to see adult content?
A complete backup of saudidriver.blogspot.com
Are you over 18 and want to see adult content?
A complete backup of engquimicasantossp.com.br
Are you over 18 and want to see adult content?
A complete backup of homegrowncafe.com
Are you over 18 and want to see adult content?
A complete backup of elportaldesanvicente.blogspot.com
Are you over 18 and want to see adult content?
A complete backup of teaandbusquets.com
Are you over 18 and want to see adult content?
Text
Blob"
WHEN TO USE AND WHEN NOT TO USE A When To Use And When NOT To Use A Scale-Out File Server. The new transparent failover, scalable, and continuously available active-active file server cluster, better known as Scale-Out File Server (SOFS) sounds really cool. Big, cheap disk, that can be bundled into a file server cluster that has higher uptime than everything thatcame before.
REMOVE A MISSING HOST FROM VMM My current Hyper-V lab includes a VMM server and a Hyper-V host. The VMM server used to manage another Hyper-V host which no longer exists. It appears as offline in the VMM console, which is a bit painful because I’ll be doing some demos with this machine in the coming months. I’d like it to Continue reading "Remove a Missing Host FromVMM"
HOW TO TEST OUTBOUND MAIL FLOW WITH IIS The final step was to manually send a mail . You can use notepad to write an email and drop it into the SMTP pickup folder. Open notepad and add something like: to:tbill@externaldomainname.com. from:testuser@internaldomain.com. subject:This is a test. this is atest.
AZURE-TO-AZURE SITE RECOVERY FAILS AZURE APP SERVICE SECURE NETWORKING MANAGING WINDOWS DEFENDER IN AZURE APPLICATION GATEWAY/FIREWALL & NSG RULES BACKING UP AZURE FIREWALL Aidan Finn, IT Pro. A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on Menu DEPLOYING AZURE ARM TEMPLATES FROM AZURE DEVOPS In this post, I will show you how to get those ARM templates sitting in an Azure DevOps repo deploying into Azure using a pipeline. With every merge, the pipeline will automatically trigger (you can disable this) to update the deployment. In other words, a complete CI/CD deployment where you manage your infrastructure/services as code. Continue reading "Deploying Azure ARM Templates From CREATE AN AZURE MANAGED DISK FROM A VHD BLOB This post will show you how to create a managed disk from a VHD blob file, such as one you’ve uploaded or restored from a virtual machine backup. In my example, I have restored the virtual hard disks of an Azure VM to a storage account called aidanfinnrestore. I am going to create a new Continue reading "Create an Azure Managed Disk from a VHDBlob"
WHEN TO USE AND WHEN NOT TO USE A When To Use And When NOT To Use A Scale-Out File Server. The new transparent failover, scalable, and continuously available active-active file server cluster, better known as Scale-Out File Server (SOFS) sounds really cool. Big, cheap disk, that can be bundled into a file server cluster that has higher uptime than everything thatcame before.
REMOVE A MISSING HOST FROM VMM My current Hyper-V lab includes a VMM server and a Hyper-V host. The VMM server used to manage another Hyper-V host which no longer exists. It appears as offline in the VMM console, which is a bit painful because I’ll be doing some demos with this machine in the coming months. I’d like it to Continue reading "Remove a Missing Host FromVMM"
HOW TO TEST OUTBOUND MAIL FLOW WITH IIS The final step was to manually send a mail . You can use notepad to write an email and drop it into the SMTP pickup folder. Open notepad and add something like: to:tbill@externaldomainname.com. from:testuser@internaldomain.com. subject:This is a test. this is atest.
AZURE-TO-AZURE SITE RECOVERY FAILSAIDAN FINN, IT PRO
An Azure blog these days, but you'll also find Hyper-V, Windows Server, System Center, desktop, systems management, deployment, and soon
DEPLOYING AZURE ARM TEMPLATES FROM AZURE DEVOPS In this post, I will show you how to get those ARM templates sitting in an Azure DevOps repo deploying into Azure using a pipeline. With every merge, the pipeline will automatically trigger (you can disable this) to update the deployment. In other words, a complete CI/CD deployment where you manage your infrastructure/services as code. HOW TO TEST OUTBOUND MAIL FLOW WITH IIS I was asked to see if there was a problem with an IIS SMTP server. I’ve been asked this one many times before in the past. The first thing I do is to check DNS (just like with Active Directory). I verified I could look up external MX records. Next I checked firewall rules and Continue reading "How To Test Outbound Mail Flow With IIS" CREATE AN AZURE MANAGED DISK FROM A VHD BLOB This post will show you how to create a managed disk from a VHD blob file, such as one you’ve uploaded or restored from a virtual machine backup. In my example, I have restored the virtual hard disks of an Azure VM to a storage account called aidanfinnrestore. I am going to create a new Continue reading "Create an Azure Managed Disk from a VHDBlob"
HYPER-V AND VLAN’S A virtual switch is created in Hyper-V to pass the physical network that is attached to that NIC to any VM that is bound to that virtual switch. You can see above that the switch only operates with VLAN 101. Every server on the network operates on VLAN 101. The physical servers are on it, the parent partition of the host is on it, etc. AZURE VIRTUAL WAN ARM Azure Virtual WAN ARM – Secured Virtual Hub Azure Firewall. I have spent quite a few hours figuring out how to deploy Azure’s new Secured Virtual Hub, an extension of Azure Virtual WAN, deployed using ARM templates (JSON). A lot of the bits are either not documented or incorrectly documented. One of the frustrating bits to deploy was the VMM 2012 DISTRIBUTED KEY MANAGEMENT (DKM) Virtual Machine Manager 2012 (VMM/SCVMM) 2012 adds something that was lacking in VMM 2007/2008/20008 R2: clustered VMM servers. VMM 2012 is the gateway to the private cloud and you want that gateway to be fault tolerant at the hardware, OS, and service level. If you want to have a clustered VMM server then you will Continue reading "VMM 2012 Distributed Key Management (DKM)" CORE INFRASTRUCTURE SUITE (CIS) LICENSE FOR WINDOWS SERVER I’ve just been told that Microsoft are launching a new license bundle that includes Windows Server and System Center, with built-in Software Assurance. You can think of it as a replacement for ECI which was limited to large purchases of at least 25 licenses (25 * 2 CPU hosts) through Large Account Reseller (LAR) and Continue reading "Core Infrastructure Suite (CIS) License for Windows ENABLE FQDN-BASED NETWORK RULES IN AZURE FIREWALL With this feature enabled, the Azure Firewall can support FQDNs in the Network Rules, opening up the possibility of using any of the supported protocol/port combinations, expanding your name-based rules beyond just HTTP/S and SQL. By default, the Azure Firewall will use Azure DNS. That’s “OK” for traffic that will only ever beoutbound
CANNOT DELETE A STORAGE POOL BECAUSE IT IS READ ONLY On my home server, I had a OS Raid 0 (2 x 500gb TB) configured at bios, and 3 x 2tb drives configured in Windows Server 2012 R2 as a Storage Pool, which was then divided into different drives. MANAGING WINDOWS DEFENDER IN AZURE BACKING UP AZURE FIREWALL Aidan Finn, IT Pro. A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on Menu HOW TO TEST OUTBOUND MAIL FLOW WITH IIS I was asked to see if there was a problem with an IIS SMTP server. I’ve been asked this one many times before in the past. The first thing I do is to check DNS (just like with Active Directory). I verified I could look up external MX records. Next I checked firewall rules and Continue reading "How To Test Outbound Mail Flow With IIS" WHEN TO USE AND WHEN NOT TO USE A The Scale-Out File Server is to be used for application data (Hyper-V, SQL Server) and continuously available file shares should not be usedby end users.
MICROSOFT VDI SIZING TOOLS Aidan Finn, IT Pro. A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on Menu FUNDAMENTAL COMPUTER INVESTIGATION GUIDE FOR WINDOWS Microsoft published a step-by-step guide on how to investigate a suspected computer crime on your network. I’ve only had time to have a quick glance but it looks pretty good. Be careful if you are invovled in this sort of thing. This stuff is a legal minefield. You cannot go trouncing around stikning your nose Continue reading "Fundamental Computer Investigation Guide for Windows" REMOVE A MISSING HOST FROM VMM My current Hyper-V lab includes a VMM server and a Hyper-V host. The VMM server used to manage another Hyper-V host which no longer exists. It appears as offline in the VMM console, which is a bit painful because I’ll be doing some demos with this machine in the coming months. I’d like it to Continue reading "Remove a Missing Host FromVMM"
AZURE VIRTUAL WAN ARM How to deploy Azure Firewall with an up-to-date API version in Azure Virtual WAN's Secured Virtual Hub, bringing back public IP addressesand new features.
INCREASE NETWORK BUFFER SIZES ON HYPER-V VMBUS I saw this post being re-tweeted by Ben Armstrong and read it this morning. It might actually be the solution to a weird problem we’ve been having at work. Think back to your computer science classes. Every process on a computer only ever gets a slice of time on the processor. When it is moved Continue reading "Increase Network Buffer Sizes on Hyper-V VMBus" AZURE-TO-AZURE SITE RECOVERY FAILS MANAGING WINDOWS DEFENDER IN AZURE BACKING UP AZURE FIREWALL Aidan Finn, IT Pro. A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on Menu HOW TO TEST OUTBOUND MAIL FLOW WITH IIS I was asked to see if there was a problem with an IIS SMTP server. I’ve been asked this one many times before in the past. The first thing I do is to check DNS (just like with Active Directory). I verified I could look up external MX records. Next I checked firewall rules and Continue reading "How To Test Outbound Mail Flow With IIS" WHEN TO USE AND WHEN NOT TO USE A The Scale-Out File Server is to be used for application data (Hyper-V, SQL Server) and continuously available file shares should not be usedby end users.
MICROSOFT VDI SIZING TOOLS Aidan Finn, IT Pro. A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on Menu FUNDAMENTAL COMPUTER INVESTIGATION GUIDE FOR WINDOWS Microsoft published a step-by-step guide on how to investigate a suspected computer crime on your network. I’ve only had time to have a quick glance but it looks pretty good. Be careful if you are invovled in this sort of thing. This stuff is a legal minefield. You cannot go trouncing around stikning your nose Continue reading "Fundamental Computer Investigation Guide for Windows" REMOVE A MISSING HOST FROM VMM My current Hyper-V lab includes a VMM server and a Hyper-V host. The VMM server used to manage another Hyper-V host which no longer exists. It appears as offline in the VMM console, which is a bit painful because I’ll be doing some demos with this machine in the coming months. I’d like it to Continue reading "Remove a Missing Host FromVMM"
AZURE VIRTUAL WAN ARM How to deploy Azure Firewall with an up-to-date API version in Azure Virtual WAN's Secured Virtual Hub, bringing back public IP addressesand new features.
INCREASE NETWORK BUFFER SIZES ON HYPER-V VMBUS I saw this post being re-tweeted by Ben Armstrong and read it this morning. It might actually be the solution to a weird problem we’ve been having at work. Think back to your computer science classes. Every process on a computer only ever gets a slice of time on the processor. When it is moved Continue reading "Increase Network Buffer Sizes on Hyper-V VMBus" AZURE-TO-AZURE SITE RECOVERY FAILS REMOVE A MISSING HOST FROM VMM My current Hyper-V lab includes a VMM server and a Hyper-V host. The VMM server used to manage another Hyper-V host which no longer exists. It appears as offline in the VMM console, which is a bit painful because I’ll be doing some demos with this machine in the coming months. I’d like it to Continue reading "Remove a Missing Host FromVMM"
AZURE APP SERVICE SECURE NETWORKING This post explains secure end-to-end connectivity to an Azure Web App across a virtual network using Private Link/Private Endpoint & Application Gateway/WAF. THERE ARE 732 HOURS IN AN AZURE MONTH This post explains how there are 732, not 744, hours in the averageAzure month.
DEPLOYING AZURE ARM TEMPLATES FROM AZURE DEVOPS In this post, I will show you how to get those ARM templates sitting in an Azure DevOps repo deploying into Azure using a pipeline. With every merge, the pipeline will automatically trigger (you can disable this) to update the deployment. In other words, a complete CI/CD deployment where you manage your infrastructure/services as code. VMM 2012 DISTRIBUTED KEY MANAGEMENT (DKM) Virtual Machine Manager 2012 (VMM/SCVMM) 2012 adds something that was lacking in VMM 2007/2008/20008 R2: clustered VMM servers. VMM 2012 is the gateway to the private cloud and you want that gateway to be fault tolerant at the hardware, OS, and service level. If you want to have a clustered VMM server then you will Continue reading "VMM 2012 Distributed Key Management (DKM)" IP ASSIGNMENT STRATEGIES FOR HYPER-V REPLICA What I love about Hyper-V Replica is that (a) it is free (b) it just works and (c) it works for a wide variety of customers/partners (large and small). It’s great that you can get your VMs from site A operational in site B with a maximum RPO of 5 minutes and an RTO of Continue reading "IP Assignment Strategies For Hyper-V Replica" AZURE VM COULD NOT START–MISSING BOOT DIAGNOSTICS STORAGE I recently had an issue where starting an Azure virtual machine would fail. The reason given was that the Boot Diagnostics storage account was missing. In this post, I’ll show you mu workaround. As part of my recent upgrade/migration for the VM hosting this site, I did a big clean up and re-organization of resources. Continue reading "Azure VM Could Not Start–Missing Boot Diagnostics AZURE-TO-AZURE SITE RECOVERY FAILS Aidan Finn, IT Pro. A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on Menu WINDOWS NETWORK LOAD BALANCING AND NIC TEAMING I’m going to do this all using HP Proliants Here’s the scenario. There’s going to be a number of web servers running Windows Server 2003. They’ll work cooperatively and share files somehow. They must be load balanced using Windows NLB. This means using the Unicast method with 2 NIC’s – Unicast allows the servers Continue reading "Windows Network Load Balancing and NIC Teaming" CANNOT DELETE A STORAGE POOL BECAUSE IT IS READ ONLY On my home server, I had a OS Raid 0 (2 x 500gb TB) configured at bios, and 3 x 2tb drives configured in Windows Server 2012 R2 as a Storage Pool, which was then divided into different drives. MANAGING WINDOWS DEFENDER IN AZURE HOW I UPGRADED THIS VM TO AZURE RESOURCE MANAGER In this post, I will explain how I upgraded the Azure virtual machine, that this site is hosted on, from ASM (Azure Service Management, Classic or Azure v1) to ARM (Azure Resource Manager, Resource Manageror Azure v2).
BACKING UP AZURE FIREWALL Aidan Finn, IT Pro. A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on Menu APPLICATION GATEWAY/FIREWALL & NSG RULES REMOVE A MISSING HOST FROM VMM My current Hyper-V lab includes a VMM server and a Hyper-V host. The VMM server used to manage another Hyper-V host which no longer exists. It appears as offline in the VMM console, which is a bit painful because I’ll be doing some demos with this machine in the coming months. I’d like it to Continue reading "Remove a Missing Host FromVMM"
HOW TO TEST OUTBOUND MAIL FLOW WITH IIS The final step was to manually send a mail . You can use notepad to write an email and drop it into the SMTP pickup folder. Open notepad and add something like: to:tbill@externaldomainname.com. from:testuser@internaldomain.com. subject:This is a test. this is atest.
AZURE: POWERSHELL VERSUS ARM TEMPLATES For some of the training that I do at work, I deploy the training lab in Azure as follows: A PowerShell script that asks me how many attendees there are, and then it runs a glorified 2 line loop. The loop iterates through different subscriptions, adding a resource group and then doing an ARM deployment. In other words, PowerShell automatesmy
AZURE-TO-AZURE SITE RECOVERY FAILS HOW TO CHECK THAT A HYPER-V VM IS I wanted to write a little bit of code to see if a virtual machine was active or not. Here is a crude bit of code that you could turn into afunction:
RDP CERTIFICATE EXPIRED The solution was to fire up the Certificates snap-in in MMC on the server for the local computer, browse to Remote Desktop and delete the certificate. This was because the cert was expired. Alternatively you can change the security of RDP from “SSL (TLS 1.0)” or “Negotiate” to “RDP Security Layer” to instruct RDP to abandonthe
MANAGING WINDOWS DEFENDER IN AZURE HOW I UPGRADED THIS VM TO AZURE RESOURCE MANAGER In this post, I will explain how I upgraded the Azure virtual machine, that this site is hosted on, from ASM (Azure Service Management, Classic or Azure v1) to ARM (Azure Resource Manager, Resource Manageror Azure v2).
BACKING UP AZURE FIREWALL Aidan Finn, IT Pro. A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on Menu APPLICATION GATEWAY/FIREWALL & NSG RULES REMOVE A MISSING HOST FROM VMM My current Hyper-V lab includes a VMM server and a Hyper-V host. The VMM server used to manage another Hyper-V host which no longer exists. It appears as offline in the VMM console, which is a bit painful because I’ll be doing some demos with this machine in the coming months. I’d like it to Continue reading "Remove a Missing Host FromVMM"
HOW TO TEST OUTBOUND MAIL FLOW WITH IIS The final step was to manually send a mail . You can use notepad to write an email and drop it into the SMTP pickup folder. Open notepad and add something like: to:tbill@externaldomainname.com. from:testuser@internaldomain.com. subject:This is a test. this is atest.
AZURE: POWERSHELL VERSUS ARM TEMPLATES For some of the training that I do at work, I deploy the training lab in Azure as follows: A PowerShell script that asks me how many attendees there are, and then it runs a glorified 2 line loop. The loop iterates through different subscriptions, adding a resource group and then doing an ARM deployment. In other words, PowerShell automatesmy
AZURE-TO-AZURE SITE RECOVERY FAILS HOW TO CHECK THAT A HYPER-V VM IS I wanted to write a little bit of code to see if a virtual machine was active or not. Here is a crude bit of code that you could turn into afunction:
RDP CERTIFICATE EXPIRED The solution was to fire up the Certificates snap-in in MMC on the server for the local computer, browse to Remote Desktop and delete the certificate. This was because the cert was expired. Alternatively you can change the security of RDP from “SSL (TLS 1.0)” or “Negotiate” to “RDP Security Layer” to instruct RDP to abandonthe
MANAGING WINDOWS DEFENDER IN AZURE This post will explain a way to monitor, report on, and alert for Windows Defender in Azure VMs using Log Analytics, Security Center,and Azure Sentinel.
AZURE: POWERSHELL VERSUS ARM TEMPLATES For some of the training that I do at work, I deploy the training lab in Azure as follows: A PowerShell script that asks me how many attendees there are, and then it runs a glorified 2 line loop. The loop iterates through different subscriptions, adding a resource group and then doing an ARM deployment. In other words, PowerShell automatesmy
WHEN TO USE AND WHEN NOT TO USE A When To Use And When NOT To Use A Scale-Out File Server. The new transparent failover, scalable, and continuously available active-active file server cluster, better known as Scale-Out File Server (SOFS) sounds really cool. Big, cheap disk, that can be bundled into a file server cluster that has higher uptime than everything thatcame before.
BUILDING AZURE VM IMAGES USING PACKER & AZURE FILES In this post, I will explain how I am using a freeware package called Packer to create SYSPREPed/generalised templates for Citrix Cloud / Windows Virtual Desktop (WVD) – including installing application/software packages from Azure Files. My Requirement Sometimes you need an image that you can quickly deploy. Maybe it’s for a scaled-out or highly-available VM-based CREATE AN AZURE MANAGED DISK FROM A VHD BLOB This post will show you how to create a managed disk from a VHD blob file, such as one you’ve uploaded or restored from a virtual machine backup. In my example, I have restored the virtual hard disks of an Azure VM to a storage account called aidanfinnrestore. I am going to create a new Continue reading "Create an Azure Managed Disk from a VHDBlob"
VMM 2012 DISTRIBUTED KEY MANAGEMENT (DKM) Virtual Machine Manager 2012 (VMM/SCVMM) 2012 adds something that was lacking in VMM 2007/2008/20008 R2: clustered VMM servers. VMM 2012 is the gateway to the private cloud and you want that gateway to be fault tolerant at the hardware, OS, and service level. If you want to have a clustered VMM server then you will Continue reading "VMM 2012 Distributed Key Management (DKM)" CORE INFRASTRUCTURE SUITE (CIS) LICENSE FOR WINDOWS SERVER I’ve just been told that Microsoft are launching a new license bundle that includes Windows Server and System Center, with built-in Software Assurance. You can think of it as a replacement for ECI which was limited to large purchases of at least 25 licenses (25 * 2 CPU hosts) through Large Account Reseller (LAR) and Continue reading "Core Infrastructure Suite (CIS) License for Windows INCREASE NETWORK BUFFER SIZES ON HYPER-V VMBUS I saw this post being re-tweeted by Ben Armstrong and read it this morning. It might actually be the solution to a weird problem we’ve been having at work. Think back to your computer science classes. Every process on a computer only ever gets a slice of time on the processor. When it is moved Continue reading "Increase Network Buffer Sizes on Hyper-V VMBus" VMQ ON TEAM INTERFACE BREAKING HYPER-V NETWORKING VMQ On Team Interface Breaking Hyper-V Networking. I recently had a situation where virtual machines on a Windows Server 2016 (WS2016) Hyper-V host could not communicate with each other. Ping tests were failing: In this case, I was building a new Windows Server 2016 demo lab for some upcoming community events in The Netherlands and Germany,an
RDP CERTIFICATE EXPIRED The solution was to fire up the Certificates snap-in in MMC on the server for the local computer, browse to Remote Desktop and delete the certificate. This was because the cert was expired. Alternatively you can change the security of RDP from “SSL (TLS 1.0)” or “Negotiate” to “RDP Security Layer” to instruct RDP to abandonthe
MANAGING WINDOWS DEFENDER IN AZURE BACKING UP AZURE FIREWALL Aidan Finn, IT Pro. A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on Menu HOW TO TEST OUTBOUND MAIL FLOW WITH IIS I was asked to see if there was a problem with an IIS SMTP server. I’ve been asked this one many times before in the past. The first thing I do is to check DNS (just like with Active Directory). I verified I could look up external MX records. Next I checked firewall rules and Continue reading "How To Test Outbound Mail Flow With IIS" WHEN TO USE AND WHEN NOT TO USE A The Scale-Out File Server is to be used for application data (Hyper-V, SQL Server) and continuously available file shares should not be usedby end users.
MICROSOFT VDI SIZING TOOLS Aidan Finn, IT Pro. A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on Menu FUNDAMENTAL COMPUTER INVESTIGATION GUIDE FOR WINDOWS Microsoft published a step-by-step guide on how to investigate a suspected computer crime on your network. I’ve only had time to have a quick glance but it looks pretty good. Be careful if you are invovled in this sort of thing. This stuff is a legal minefield. You cannot go trouncing around stikning your nose Continue reading "Fundamental Computer Investigation Guide for Windows" REMOVE A MISSING HOST FROM VMM My current Hyper-V lab includes a VMM server and a Hyper-V host. The VMM server used to manage another Hyper-V host which no longer exists. It appears as offline in the VMM console, which is a bit painful because I’ll be doing some demos with this machine in the coming months. I’d like it to Continue reading "Remove a Missing Host FromVMM"
AZURE-TO-AZURE SITE RECOVERY FAILS AZURE VIRTUAL WAN ARM How to deploy Azure Firewall with an up-to-date API version in Azure Virtual WAN's Secured Virtual Hub, bringing back public IP addressesand new features.
INCREASE NETWORK BUFFER SIZES ON HYPER-V VMBUS I saw this post being re-tweeted by Ben Armstrong and read it this morning. It might actually be the solution to a weird problem we’ve been having at work. Think back to your computer science classes. Every process on a computer only ever gets a slice of time on the processor. When it is moved Continue reading "Increase Network Buffer Sizes on Hyper-V VMBus" MANAGING WINDOWS DEFENDER IN AZURE BACKING UP AZURE FIREWALL Aidan Finn, IT Pro. A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on Menu HOW TO TEST OUTBOUND MAIL FLOW WITH IIS I was asked to see if there was a problem with an IIS SMTP server. I’ve been asked this one many times before in the past. The first thing I do is to check DNS (just like with Active Directory). I verified I could look up external MX records. Next I checked firewall rules and Continue reading "How To Test Outbound Mail Flow With IIS" WHEN TO USE AND WHEN NOT TO USE A The Scale-Out File Server is to be used for application data (Hyper-V, SQL Server) and continuously available file shares should not be usedby end users.
MICROSOFT VDI SIZING TOOLS Aidan Finn, IT Pro. A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on Menu FUNDAMENTAL COMPUTER INVESTIGATION GUIDE FOR WINDOWS Microsoft published a step-by-step guide on how to investigate a suspected computer crime on your network. I’ve only had time to have a quick glance but it looks pretty good. Be careful if you are invovled in this sort of thing. This stuff is a legal minefield. You cannot go trouncing around stikning your nose Continue reading "Fundamental Computer Investigation Guide for Windows" REMOVE A MISSING HOST FROM VMM My current Hyper-V lab includes a VMM server and a Hyper-V host. The VMM server used to manage another Hyper-V host which no longer exists. It appears as offline in the VMM console, which is a bit painful because I’ll be doing some demos with this machine in the coming months. I’d like it to Continue reading "Remove a Missing Host FromVMM"
AZURE-TO-AZURE SITE RECOVERY FAILS AZURE VIRTUAL WAN ARM How to deploy Azure Firewall with an up-to-date API version in Azure Virtual WAN's Secured Virtual Hub, bringing back public IP addressesand new features.
INCREASE NETWORK BUFFER SIZES ON HYPER-V VMBUS I saw this post being re-tweeted by Ben Armstrong and read it this morning. It might actually be the solution to a weird problem we’ve been having at work. Think back to your computer science classes. Every process on a computer only ever gets a slice of time on the processor. When it is moved Continue reading "Increase Network Buffer Sizes on Hyper-V VMBus" AZURE APP SERVICE SECURE NETWORKING This post explains secure end-to-end connectivity to an Azure Web App across a virtual network using Private Link/Private Endpoint & Application Gateway/WAF. MICROSOFT VDI SIZING TOOLS Aidan Finn, IT Pro. A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on Menu THERE ARE 732 HOURS IN AN AZURE MONTH This post explains how there are 732, not 744, hours in the averageAzure month.
AZURE: POWERSHELL VERSUS ARM TEMPLATES This post compares the process of deploying in Azure using PowerShell with that of Azure Resource Manager (ARM) JSON templates. WINDOWS NETWORK LOAD BALANCING AND NIC TEAMING I’m going to do this all using HP Proliants Here’s the scenario. There’s going to be a number of web servers running Windows Server 2003. They’ll work cooperatively and share files somehow. They must be load balanced using Windows NLB. This means using the Unicast method with 2 NIC’s – Unicast allows the servers Continue reading "Windows Network Load Balancing and NIC Teaming"WINDOWS SERVER 2016
WS2016 TPv3 (Technical Preview 3) includes a new feature called Switch Embedded Teaming (SET) that will allow you to converge RDMA (remote direct memory access) NICs and virtualize RDMA for the host. Yes, you’ll be able to converge SMB Direct networking! In the below diagram you can see a host with WS2012 R2 networking and Continue reading "Windows Server 2016 – Switch Embedded Teaming IP ASSIGNMENT STRATEGIES FOR HYPER-V REPLICA What I love about Hyper-V Replica is that (a) it is free (b) it just works and (c) it works for a wide variety of customers/partners (large and small). It’s great that you can get your VMs from site A operational in site B with a maximum RPO of 5 minutes and an RTO of Continue reading "IP Assignment Strategies For Hyper-V Replica" AZURE VM COULD NOT START–MISSING BOOT DIAGNOSTICS STORAGE I recently had an issue where starting an Azure virtual machine would fail. The reason given was that the Boot Diagnostics storage account was missing. In this post, I’ll show you mu workaround. As part of my recent upgrade/migration for the VM hosting this site, I did a big clean up and re-organization of resources. Continue reading "Azure VM Could Not Start–Missing Boot Diagnostics CANNOT DELETE A STORAGE POOL BECAUSE IT IS READ ONLY On my home server, I had a OS Raid 0 (2 x 500gb TB) configured at bios, and 3 x 2tb drives configured in Windows Server 2012 R2 as a Storage Pool, which was then divided into different drives. WINDOWS SERVER 2012–WON’T SOMEBODY THINK OF THE CALS After all the chat about Windows Server 2012 licensing and how to license WS2012 for virtualised environments, how many times have you seen a mention of CALs? Not very often, I’d say. Windows Server does require you to count processors (2 at a time) but it is not per-processor licensing like with SQL Server. Unlike Continue reading "Windows Server 2012–Won’t Somebody Think Of The MANAGING WINDOWS DEFENDER IN AZURE BACKING UP AZURE FIREWALL Aidan Finn, IT Pro. A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on Menu AZURE VIRTUAL WAN ARM Azure Virtual WAN ARM – Secured Virtual Hub Azure Firewall. I have spent quite a few hours figuring out how to deploy Azure’s new Secured Virtual Hub, an extension of Azure Virtual WAN, deployed using ARM templates (JSON). A lot of the bits are either not documented or incorrectly documented. One of the frustrating bits to deploy was the HOW TO TEST OUTBOUND MAIL FLOW WITH IIS The final step was to manually send a mail . You can use notepad to write an email and drop it into the SMTP pickup folder. Open notepad and add something like: to:tbill@externaldomainname.com. from:testuser@internaldomain.com. subject:This is a test. this is atest.
WHEN TO USE AND WHEN NOT TO USE A When To Use And When NOT To Use A Scale-Out File Server. The new transparent failover, scalable, and continuously available active-active file server cluster, better known as Scale-Out File Server (SOFS) sounds really cool. Big, cheap disk, that can be bundled into a file server cluster that has higher uptime than everything thatcame before.
REMOVE A MISSING HOST FROM VMM My current Hyper-V lab includes a VMM server and a Hyper-V host. The VMM server used to manage another Hyper-V host which no longer exists. It appears as offline in the VMM console, which is a bit painful because I’ll be doing some demos with this machine in the coming months. I’d like it to Continue reading "Remove a Missing Host FromVMM"
AZURE-TO-AZURE SITE RECOVERY FAILS MICROSOFT VDI SIZING TOOLS Microsoft VDI Sizing Tools. Microsoft has released the Remote Desktop Load Simulation tools to help you size your VDI deployments. This release is due to customer requests. The responsible teams are very web connected so they’re interested in getting genuine feedback (use Connect ). “The Remote Desktop Load Simulation toolset is used for INCREASE NETWORK BUFFER SIZES ON HYPER-V VMBUS I saw this post being re-tweeted by Ben Armstrong and read it this morning. It might actually be the solution to a weird problem we’ve been having at work. Think back to your computer science classes. Every process on a computer only ever gets a slice of time on the processor. When it is moved Continue reading "Increase Network Buffer Sizes on Hyper-V VMBus" AZURE VM COULD NOT START–MISSING BOOT DIAGNOSTICS STORAGE I recently had an issue where starting an Azure virtual machine would fail. The reason given was that the Boot Diagnostics storage account was missing. In this post, I’ll show you mu workaround. As part of my recent upgrade/migration for the VM hosting this site, I did a big clean up and re-organization of resources. Continue reading "Azure VM Could Not Start–Missing Boot Diagnostics MANAGING WINDOWS DEFENDER IN AZURE BACKING UP AZURE FIREWALL Aidan Finn, IT Pro. A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on Menu AZURE VIRTUAL WAN ARM Azure Virtual WAN ARM – Secured Virtual Hub Azure Firewall. I have spent quite a few hours figuring out how to deploy Azure’s new Secured Virtual Hub, an extension of Azure Virtual WAN, deployed using ARM templates (JSON). A lot of the bits are either not documented or incorrectly documented. One of the frustrating bits to deploy was the HOW TO TEST OUTBOUND MAIL FLOW WITH IIS The final step was to manually send a mail . You can use notepad to write an email and drop it into the SMTP pickup folder. Open notepad and add something like: to:tbill@externaldomainname.com. from:testuser@internaldomain.com. subject:This is a test. this is atest.
WHEN TO USE AND WHEN NOT TO USE A When To Use And When NOT To Use A Scale-Out File Server. The new transparent failover, scalable, and continuously available active-active file server cluster, better known as Scale-Out File Server (SOFS) sounds really cool. Big, cheap disk, that can be bundled into a file server cluster that has higher uptime than everything thatcame before.
REMOVE A MISSING HOST FROM VMM My current Hyper-V lab includes a VMM server and a Hyper-V host. The VMM server used to manage another Hyper-V host which no longer exists. It appears as offline in the VMM console, which is a bit painful because I’ll be doing some demos with this machine in the coming months. I’d like it to Continue reading "Remove a Missing Host FromVMM"
AZURE-TO-AZURE SITE RECOVERY FAILS MICROSOFT VDI SIZING TOOLS Microsoft VDI Sizing Tools. Microsoft has released the Remote Desktop Load Simulation tools to help you size your VDI deployments. This release is due to customer requests. The responsible teams are very web connected so they’re interested in getting genuine feedback (use Connect ). “The Remote Desktop Load Simulation toolset is used for INCREASE NETWORK BUFFER SIZES ON HYPER-V VMBUS I saw this post being re-tweeted by Ben Armstrong and read it this morning. It might actually be the solution to a weird problem we’ve been having at work. Think back to your computer science classes. Every process on a computer only ever gets a slice of time on the processor. When it is moved Continue reading "Increase Network Buffer Sizes on Hyper-V VMBus" AZURE VM COULD NOT START–MISSING BOOT DIAGNOSTICS STORAGE I recently had an issue where starting an Azure virtual machine would fail. The reason given was that the Boot Diagnostics storage account was missing. In this post, I’ll show you mu workaround. As part of my recent upgrade/migration for the VM hosting this site, I did a big clean up and re-organization of resources. Continue reading "Azure VM Could Not Start–Missing Boot Diagnostics AZURE: POWERSHELL VERSUS ARM TEMPLATES For some of the training that I do at work, I deploy the training lab in Azure as follows: A PowerShell script that asks me how many attendees there are, and then it runs a glorified 2 line loop. The loop iterates through different subscriptions, adding a resource group and then doing an ARM deployment. In other words, PowerShell automatesmy
APPLICATION GATEWAY/FIREWALL & NSG RULES The stops are as follows: Deploy a WAG/WAF to a dedicated subnet. Create a Network Security Group (NSG) for the subnet. Associate the NSG with the subnet. Create an inbound rule to allow TCP 65503-65534 from the Internet service tag to the CIDR address of the WAG/WAF subnet. Create rules to allow application traffic, such as TCP 443 orTCP 80
MICROSOFT VDI SIZING TOOLS Microsoft VDI Sizing Tools. Microsoft has released the Remote Desktop Load Simulation tools to help you size your VDI deployments. This release is due to customer requests. The responsible teams are very web connected so they’re interested in getting genuine feedback (use Connect ). “The Remote Desktop Load Simulation toolset is used for WINDOWS NETWORK LOAD BALANCING AND NIC TEAMING I’m going to do this all using HP Proliants Here’s the scenario. There’s going to be a number of web servers running Windows Server 2003. They’ll work cooperatively and share files somehow. They must be load balanced using Windows NLB. This means using the Unicast method with 2 NIC’s – Unicast allows the servers Continue reading "Windows Network Load Balancing and NIC Teaming" UNBINDING TCP FROM VIRTUAL NETWORK PHYSICAL NIC I’ve just realised that I’d forgotten to talk about this subject. I remembered about it after reading Taylor Brown’s blog about unbinding TCP from the physical NIC that virtual machines are using on a Hyper-V host. During my testing of our cluster I had to simulate a real environment. For us, that’s lots of virtual Continue reading "Unbinding TCP From Virtual Network Physical NIC" REASONS TO USE A THIRD PARTY FIREWALL IN AZURE So far the only brand of third-party NVA that I would consider myself for an edge/central firewall deployment is Palo Alto – but I’d rather use Azure Firewall over it anyway! All of the third-party solutions are compromised in some way: Don’t do active-active clustering (scale-out) Don’t even offer HA! Have hack solutions(“we’ll
IP ASSIGNMENT STRATEGIES FOR HYPER-V REPLICA What I love about Hyper-V Replica is that (a) it is free (b) it just works and (c) it works for a wide variety of customers/partners (large and small). It’s great that you can get your VMs from site A operational in site B with a maximum RPO of 5 minutes and an RTO of Continue reading "IP Assignment Strategies For Hyper-V Replica" AZURE VM COULD NOT START–MISSING BOOT DIAGNOSTICS STORAGE I recently had an issue where starting an Azure virtual machine would fail. The reason given was that the Boot Diagnostics storage account was missing. In this post, I’ll show you mu workaround. As part of my recent upgrade/migration for the VM hosting this site, I did a big clean up and re-organization of resources. Continue reading "Azure VM Could Not Start–Missing Boot Diagnostics THERE ARE 732 HOURS IN AN AZURE MONTH 732 (hours per month) * 12 months = 8784 hours per year. 8784 hours per year / 365 days = 24.066 hours. Not quite even. Let’s go with a leap year: 8784 hours per year / 365 days = 24 hours exactly. Sooo . 732 hours is the average length of a month in a leap year. Azure’s monthly pricing is based on the average month in a leap year. CANNOT DELETE A STORAGE POOL BECAUSE IT IS READ ONLY On my home server, I had a OS Raid 0 (2 x 500gb TB) configured at bios, and 3 x 2tb drives configured in Windows Server 2012 R2 as a Storage Pool, which was then divided into different drives. MANAGING WINDOWS DEFENDER IN AZURE BACKING UP AZURE FIREWALL Aidan Finn, IT Pro. A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on Menu AZURE VIRTUAL WAN ARM Azure Virtual WAN ARM – Secured Virtual Hub Azure Firewall. I have spent quite a few hours figuring out how to deploy Azure’s new Secured Virtual Hub, an extension of Azure Virtual WAN, deployed using ARM templates (JSON). A lot of the bits are either not documented or incorrectly documented. One of the frustrating bits to deploy was the HOW TO TEST OUTBOUND MAIL FLOW WITH IIS The final step was to manually send a mail . You can use notepad to write an email and drop it into the SMTP pickup folder. Open notepad and add something like: to:tbill@externaldomainname.com. from:testuser@internaldomain.com. subject:This is a test. this is atest.
WHEN TO USE AND WHEN NOT TO USE A When To Use And When NOT To Use A Scale-Out File Server. The new transparent failover, scalable, and continuously available active-active file server cluster, better known as Scale-Out File Server (SOFS) sounds really cool. Big, cheap disk, that can be bundled into a file server cluster that has higher uptime than everything thatcame before.
REMOVE A MISSING HOST FROM VMM My current Hyper-V lab includes a VMM server and a Hyper-V host. The VMM server used to manage another Hyper-V host which no longer exists. It appears as offline in the VMM console, which is a bit painful because I’ll be doing some demos with this machine in the coming months. I’d like it to Continue reading "Remove a Missing Host FromVMM"
AZURE-TO-AZURE SITE RECOVERY FAILS MICROSOFT VDI SIZING TOOLS Microsoft VDI Sizing Tools. Microsoft has released the Remote Desktop Load Simulation tools to help you size your VDI deployments. This release is due to customer requests. The responsible teams are very web connected so they’re interested in getting genuine feedback (use Connect ). “The Remote Desktop Load Simulation toolset is used for INCREASE NETWORK BUFFER SIZES ON HYPER-V VMBUS I saw this post being re-tweeted by Ben Armstrong and read it this morning. It might actually be the solution to a weird problem we’ve been having at work. Think back to your computer science classes. Every process on a computer only ever gets a slice of time on the processor. When it is moved Continue reading "Increase Network Buffer Sizes on Hyper-V VMBus" AZURE VM COULD NOT START–MISSING BOOT DIAGNOSTICS STORAGE I recently had an issue where starting an Azure virtual machine would fail. The reason given was that the Boot Diagnostics storage account was missing. In this post, I’ll show you mu workaround. As part of my recent upgrade/migration for the VM hosting this site, I did a big clean up and re-organization of resources. Continue reading "Azure VM Could Not Start–Missing Boot Diagnostics MANAGING WINDOWS DEFENDER IN AZURE BACKING UP AZURE FIREWALL Aidan Finn, IT Pro. A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on Menu AZURE VIRTUAL WAN ARM Azure Virtual WAN ARM – Secured Virtual Hub Azure Firewall. I have spent quite a few hours figuring out how to deploy Azure’s new Secured Virtual Hub, an extension of Azure Virtual WAN, deployed using ARM templates (JSON). A lot of the bits are either not documented or incorrectly documented. One of the frustrating bits to deploy was the HOW TO TEST OUTBOUND MAIL FLOW WITH IIS The final step was to manually send a mail . You can use notepad to write an email and drop it into the SMTP pickup folder. Open notepad and add something like: to:tbill@externaldomainname.com. from:testuser@internaldomain.com. subject:This is a test. this is atest.
WHEN TO USE AND WHEN NOT TO USE A When To Use And When NOT To Use A Scale-Out File Server. The new transparent failover, scalable, and continuously available active-active file server cluster, better known as Scale-Out File Server (SOFS) sounds really cool. Big, cheap disk, that can be bundled into a file server cluster that has higher uptime than everything thatcame before.
REMOVE A MISSING HOST FROM VMM My current Hyper-V lab includes a VMM server and a Hyper-V host. The VMM server used to manage another Hyper-V host which no longer exists. It appears as offline in the VMM console, which is a bit painful because I’ll be doing some demos with this machine in the coming months. I’d like it to Continue reading "Remove a Missing Host FromVMM"
AZURE-TO-AZURE SITE RECOVERY FAILS MICROSOFT VDI SIZING TOOLS Microsoft VDI Sizing Tools. Microsoft has released the Remote Desktop Load Simulation tools to help you size your VDI deployments. This release is due to customer requests. The responsible teams are very web connected so they’re interested in getting genuine feedback (use Connect ). “The Remote Desktop Load Simulation toolset is used for INCREASE NETWORK BUFFER SIZES ON HYPER-V VMBUS I saw this post being re-tweeted by Ben Armstrong and read it this morning. It might actually be the solution to a weird problem we’ve been having at work. Think back to your computer science classes. Every process on a computer only ever gets a slice of time on the processor. When it is moved Continue reading "Increase Network Buffer Sizes on Hyper-V VMBus" AZURE VM COULD NOT START–MISSING BOOT DIAGNOSTICS STORAGE I recently had an issue where starting an Azure virtual machine would fail. The reason given was that the Boot Diagnostics storage account was missing. In this post, I’ll show you mu workaround. As part of my recent upgrade/migration for the VM hosting this site, I did a big clean up and re-organization of resources. Continue reading "Azure VM Could Not Start–Missing Boot Diagnostics AZURE: POWERSHELL VERSUS ARM TEMPLATES For some of the training that I do at work, I deploy the training lab in Azure as follows: A PowerShell script that asks me how many attendees there are, and then it runs a glorified 2 line loop. The loop iterates through different subscriptions, adding a resource group and then doing an ARM deployment. In other words, PowerShell automatesmy
APPLICATION GATEWAY/FIREWALL & NSG RULES The stops are as follows: Deploy a WAG/WAF to a dedicated subnet. Create a Network Security Group (NSG) for the subnet. Associate the NSG with the subnet. Create an inbound rule to allow TCP 65503-65534 from the Internet service tag to the CIDR address of the WAG/WAF subnet. Create rules to allow application traffic, such as TCP 443 orTCP 80
MICROSOFT VDI SIZING TOOLS Microsoft VDI Sizing Tools. Microsoft has released the Remote Desktop Load Simulation tools to help you size your VDI deployments. This release is due to customer requests. The responsible teams are very web connected so they’re interested in getting genuine feedback (use Connect ). “The Remote Desktop Load Simulation toolset is used for WINDOWS NETWORK LOAD BALANCING AND NIC TEAMING I’m going to do this all using HP Proliants Here’s the scenario. There’s going to be a number of web servers running Windows Server 2003. They’ll work cooperatively and share files somehow. They must be load balanced using Windows NLB. This means using the Unicast method with 2 NIC’s – Unicast allows the servers Continue reading "Windows Network Load Balancing and NIC Teaming" IP ASSIGNMENT STRATEGIES FOR HYPER-V REPLICA What I love about Hyper-V Replica is that (a) it is free (b) it just works and (c) it works for a wide variety of customers/partners (large and small). It’s great that you can get your VMs from site A operational in site B with a maximum RPO of 5 minutes and an RTO of Continue reading "IP Assignment Strategies For Hyper-V Replica" UNBINDING TCP FROM VIRTUAL NETWORK PHYSICAL NIC I’ve just realised that I’d forgotten to talk about this subject. I remembered about it after reading Taylor Brown’s blog about unbinding TCP from the physical NIC that virtual machines are using on a Hyper-V host. During my testing of our cluster I had to simulate a real environment. For us, that’s lots of virtual Continue reading "Unbinding TCP From Virtual Network Physical NIC" REASONS TO USE A THIRD PARTY FIREWALL IN AZURE So far the only brand of third-party NVA that I would consider myself for an edge/central firewall deployment is Palo Alto – but I’d rather use Azure Firewall over it anyway! All of the third-party solutions are compromised in some way: Don’t do active-active clustering (scale-out) Don’t even offer HA! Have hack solutions(“we’ll
AZURE VM COULD NOT START–MISSING BOOT DIAGNOSTICS STORAGE I recently had an issue where starting an Azure virtual machine would fail. The reason given was that the Boot Diagnostics storage account was missing. In this post, I’ll show you mu workaround. As part of my recent upgrade/migration for the VM hosting this site, I did a big clean up and re-organization of resources. Continue reading "Azure VM Could Not Start–Missing Boot Diagnostics THERE ARE 732 HOURS IN AN AZURE MONTH 732 (hours per month) * 12 months = 8784 hours per year. 8784 hours per year / 365 days = 24.066 hours. Not quite even. Let’s go with a leap year: 8784 hours per year / 365 days = 24 hours exactly. Sooo . 732 hours is the average length of a month in a leap year. Azure’s monthly pricing is based on the average month in a leap year. CANNOT DELETE A STORAGE POOL BECAUSE IT IS READ ONLY On my home server, I had a OS Raid 0 (2 x 500gb TB) configured at bios, and 3 x 2tb drives configured in Windows Server 2012 R2 as a Storage Pool, which was then divided into different drives. MANAGING WINDOWS DEFENDER IN AZURE BACKING UP AZURE FIREWALL Aidan Finn, IT Pro. A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on Menu HOW I UPGRADED THIS VM TO AZURE RESOURCE MANAGER In this post, I will explain how I upgraded the Azure virtual machine, that this site is hosted on, from ASM (Azure Service Management, Classic or Azure v1) to ARM (Azure Resource Manager, Resource Manageror Azure v2).
APPLICATION GATEWAY/FIREWALL & NSG RULES WHEN TO USE AND WHEN NOT TO USE A When To Use And When NOT To Use A Scale-Out File Server. The new transparent failover, scalable, and continuously available active-active file server cluster, better known as Scale-Out File Server (SOFS) sounds really cool. Big, cheap disk, that can be bundled into a file server cluster that has higher uptime than everything thatcame before.
HOW TO TEST OUTBOUND MAIL FLOW WITH IIS The final step was to manually send a mail . You can use notepad to write an email and drop it into the SMTP pickup folder. Open notepad and add something like: to:tbill@externaldomainname.com. from:testuser@internaldomain.com. subject:This is a test. this is atest.
REMOVE A MISSING HOST FROM VMM My current Hyper-V lab includes a VMM server and a Hyper-V host. The VMM server used to manage another Hyper-V host which no longer exists. It appears as offline in the VMM console, which is a bit painful because I’ll be doing some demos with this machine in the coming months. I’d like it to Continue reading "Remove a Missing Host FromVMM"
AZURE-TO-AZURE SITE RECOVERY FAILS AZURE VM COULD NOT START–MISSING BOOT DIAGNOSTICS STORAGEAZURE BOOT DIAGNOSTICS STORAGE ACCOUNTAZURE VM BOOT DIAGNOSTICSAZURE VM DIAGNOSTICS LOGSAZURE VM DIAGNOSTICS SETTINGSAZURE VM STORAGE COSTAZURE VM STORAGE TYPES I recently had an issue where starting an Azure virtual machine would fail. The reason given was that the Boot Diagnostics storage account was missing. In this post, I’ll show you mu workaround. As part of my recent upgrade/migration for the VM hosting this site, I did a big clean up and re-organization of resources. Continue reading "Azure VM Could Not Start–Missing Boot Diagnostics THERE ARE 732 HOURS IN AN AZURE MONTH 732 (hours per month) * 12 months = 8784 hours per year. 8784 hours per year / 365 days = 24.066 hours. Not quite even. Let’s go with a leap year: 8784 hours per year / 365 days = 24 hours exactly. Sooo . 732 hours is the average length of a month in a leap year. Azure’s monthly pricing is based on the average month in a leap year. MANAGING WINDOWS DEFENDER IN AZURE BACKING UP AZURE FIREWALL Aidan Finn, IT Pro. A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on Menu HOW I UPGRADED THIS VM TO AZURE RESOURCE MANAGER In this post, I will explain how I upgraded the Azure virtual machine, that this site is hosted on, from ASM (Azure Service Management, Classic or Azure v1) to ARM (Azure Resource Manager, Resource Manageror Azure v2).
APPLICATION GATEWAY/FIREWALL & NSG RULES WHEN TO USE AND WHEN NOT TO USE A When To Use And When NOT To Use A Scale-Out File Server. The new transparent failover, scalable, and continuously available active-active file server cluster, better known as Scale-Out File Server (SOFS) sounds really cool. Big, cheap disk, that can be bundled into a file server cluster that has higher uptime than everything thatcame before.
HOW TO TEST OUTBOUND MAIL FLOW WITH IIS The final step was to manually send a mail . You can use notepad to write an email and drop it into the SMTP pickup folder. Open notepad and add something like: to:tbill@externaldomainname.com. from:testuser@internaldomain.com. subject:This is a test. this is atest.
REMOVE A MISSING HOST FROM VMM My current Hyper-V lab includes a VMM server and a Hyper-V host. The VMM server used to manage another Hyper-V host which no longer exists. It appears as offline in the VMM console, which is a bit painful because I’ll be doing some demos with this machine in the coming months. I’d like it to Continue reading "Remove a Missing Host FromVMM"
AZURE-TO-AZURE SITE RECOVERY FAILS AZURE VM COULD NOT START–MISSING BOOT DIAGNOSTICS STORAGEAZURE BOOT DIAGNOSTICS STORAGE ACCOUNTAZURE VM BOOT DIAGNOSTICSAZURE VM DIAGNOSTICS LOGSAZURE VM DIAGNOSTICS SETTINGSAZURE VM STORAGE COSTAZURE VM STORAGE TYPES I recently had an issue where starting an Azure virtual machine would fail. The reason given was that the Boot Diagnostics storage account was missing. In this post, I’ll show you mu workaround. As part of my recent upgrade/migration for the VM hosting this site, I did a big clean up and re-organization of resources. Continue reading "Azure VM Could Not Start–Missing Boot Diagnostics THERE ARE 732 HOURS IN AN AZURE MONTH 732 (hours per month) * 12 months = 8784 hours per year. 8784 hours per year / 365 days = 24.066 hours. Not quite even. Let’s go with a leap year: 8784 hours per year / 365 days = 24 hours exactly. Sooo . 732 hours is the average length of a month in a leap year. Azure’s monthly pricing is based on the average month in a leap year. AZURE APP SERVICE SECURE NETWORKING Azure Application (App) Services or Web Apps allows you to create and host a web site or web application in Azure without (directly) dealing with virtual machines. This platform service makes HTTP/S services easy. By default, App Services are shared behind a public/ & shared frontend (actually, load-balanced frontends) with public IP addresses. AZURE: POWERSHELL VERSUS ARM TEMPLATES For some of the training that I do at work, I deploy the training lab in Azure as follows: A PowerShell script that asks me how many attendees there are, and then it runs a glorified 2 line loop. The loop iterates through different subscriptions, adding a resource group and then doing an ARM deployment. In other words, PowerShell automatesmy
REMOVE A MISSING HOST FROM VMM My current Hyper-V lab includes a VMM server and a Hyper-V host. The VMM server used to manage another Hyper-V host which no longer exists. It appears as offline in the VMM console, which is a bit painful because I’ll be doing some demos with this machine in the coming months. I’d like it to Continue reading "Remove a Missing Host FromVMM"
MICROSOFT VDI SIZING TOOLS Microsoft VDI Sizing Tools. Microsoft has released the Remote Desktop Load Simulation tools to help you size your VDI deployments. This release is due to customer requests. The responsible teams are very web connected so they’re interested in getting genuine feedback (use Connect ). “The Remote Desktop Load Simulation toolset is used for WHAT ARE MICROSOFT “FLIGHTS” AND “FLIGHTING”? This release is a flight and the process is flighting. It’s just another way of saying “release”. I guess, “release” in a devs mind is a big irregular event, whereas a flight is something that happens on a regular basis. In the Microsoft world, we see flights all the time with Azure and quite frequently with SaaS such as O365 andIntune.
WINDOWS SERVER 2016
WS2016 TPv3 (Technical Preview 3) includes a new feature called Switch Embedded Teaming (SET) that will allow you to converge RDMA (remote direct memory access) NICs and virtualize RDMA for the host. Yes, you’ll be able to converge SMB Direct networking! In the below diagram you can see a host with WS2012 R2 networking and Continue reading "Windows Server 2016 – Switch Embedded Teaming VMQ ON TEAM INTERFACE BREAKING HYPER-V NETWORKING VMQ On Team Interface Breaking Hyper-V Networking. I recently had a situation where virtual machines on a Windows Server 2016 (WS2016) Hyper-V host could not communicate with each other. Ping tests were failing: In this case, I was building a new Windows Server 2016 demo lab for some upcoming community events in The Netherlands and Germany,an
THERE ARE 732 HOURS IN AN AZURE MONTH 732 (hours per month) * 12 months = 8784 hours per year. 8784 hours per year / 365 days = 24.066 hours. Not quite even. Let’s go with a leap year: 8784 hours per year / 365 days = 24 hours exactly. Sooo . 732 hours is the average length of a month in a leap year. Azure’s monthly pricing is based on the average month in a leap year. HOW MUCH MEMORY DOES MY HYPER-V HOST REQUIRE? If you are trying to figure out how much RAM you have left for virtual machines then this is the post for you. When Microsoft launched Dynamic Memory with W2008 R2 SP1, we were introduced to the concept of a host reserve (nothing to do with the SCVMM concept); the hypervisor would keep so much memory for the Management OS, and everything else was fair game for the VMs. WINDOWS 8–“YOU ALREADY OWN THIS APP” BUT IT’S MISSING OR I just had a weird issue where some apps got messed up on my Windows 8 PC at work. They disappeared. I went onto the Windows Store to re-install them but according to the store: MANAGING WINDOWS DEFENDER IN AZURE BACKING UP AZURE FIREWALL Aidan Finn, IT Pro. A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on Menu HOW I UPGRADED THIS VM TO AZURE RESOURCE MANAGER In this post, I will explain how I upgraded the Azure virtual machine, that this site is hosted on, from ASM (Azure Service Management, Classic or Azure v1) to ARM (Azure Resource Manager, Resource Manageror Azure v2).
APPLICATION GATEWAY/FIREWALL & NSG RULES WHEN TO USE AND WHEN NOT TO USE A When To Use And When NOT To Use A Scale-Out File Server. The new transparent failover, scalable, and continuously available active-active file server cluster, better known as Scale-Out File Server (SOFS) sounds really cool. Big, cheap disk, that can be bundled into a file server cluster that has higher uptime than everything thatcame before.
HOW TO TEST OUTBOUND MAIL FLOW WITH IIS The final step was to manually send a mail . You can use notepad to write an email and drop it into the SMTP pickup folder. Open notepad and add something like: to:tbill@externaldomainname.com. from:testuser@internaldomain.com. subject:This is a test. this is atest.
REMOVE A MISSING HOST FROM VMM My current Hyper-V lab includes a VMM server and a Hyper-V host. The VMM server used to manage another Hyper-V host which no longer exists. It appears as offline in the VMM console, which is a bit painful because I’ll be doing some demos with this machine in the coming months. I’d like it to Continue reading "Remove a Missing Host FromVMM"
AZURE-TO-AZURE SITE RECOVERY FAILS AZURE VM COULD NOT START–MISSING BOOT DIAGNOSTICS STORAGEAZURE BOOT DIAGNOSTICS STORAGE ACCOUNTAZURE VM BOOT DIAGNOSTICSAZURE VM DIAGNOSTICS LOGSAZURE VM DIAGNOSTICS SETTINGSAZURE VM STORAGE COSTAZURE VM STORAGE TYPES I recently had an issue where starting an Azure virtual machine would fail. The reason given was that the Boot Diagnostics storage account was missing. In this post, I’ll show you mu workaround. As part of my recent upgrade/migration for the VM hosting this site, I did a big clean up and re-organization of resources. Continue reading "Azure VM Could Not Start–Missing Boot Diagnostics THERE ARE 732 HOURS IN AN AZURE MONTH 732 (hours per month) * 12 months = 8784 hours per year. 8784 hours per year / 365 days = 24.066 hours. Not quite even. Let’s go with a leap year: 8784 hours per year / 365 days = 24 hours exactly. Sooo . 732 hours is the average length of a month in a leap year. Azure’s monthly pricing is based on the average month in a leap year. MANAGING WINDOWS DEFENDER IN AZURE BACKING UP AZURE FIREWALL Aidan Finn, IT Pro. A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on Menu HOW I UPGRADED THIS VM TO AZURE RESOURCE MANAGER In this post, I will explain how I upgraded the Azure virtual machine, that this site is hosted on, from ASM (Azure Service Management, Classic or Azure v1) to ARM (Azure Resource Manager, Resource Manageror Azure v2).
APPLICATION GATEWAY/FIREWALL & NSG RULES WHEN TO USE AND WHEN NOT TO USE A When To Use And When NOT To Use A Scale-Out File Server. The new transparent failover, scalable, and continuously available active-active file server cluster, better known as Scale-Out File Server (SOFS) sounds really cool. Big, cheap disk, that can be bundled into a file server cluster that has higher uptime than everything thatcame before.
HOW TO TEST OUTBOUND MAIL FLOW WITH IIS The final step was to manually send a mail . You can use notepad to write an email and drop it into the SMTP pickup folder. Open notepad and add something like: to:tbill@externaldomainname.com. from:testuser@internaldomain.com. subject:This is a test. this is atest.
REMOVE A MISSING HOST FROM VMM My current Hyper-V lab includes a VMM server and a Hyper-V host. The VMM server used to manage another Hyper-V host which no longer exists. It appears as offline in the VMM console, which is a bit painful because I’ll be doing some demos with this machine in the coming months. I’d like it to Continue reading "Remove a Missing Host FromVMM"
AZURE-TO-AZURE SITE RECOVERY FAILS AZURE VM COULD NOT START–MISSING BOOT DIAGNOSTICS STORAGEAZURE BOOT DIAGNOSTICS STORAGE ACCOUNTAZURE VM BOOT DIAGNOSTICSAZURE VM DIAGNOSTICS LOGSAZURE VM DIAGNOSTICS SETTINGSAZURE VM STORAGE COSTAZURE VM STORAGE TYPES I recently had an issue where starting an Azure virtual machine would fail. The reason given was that the Boot Diagnostics storage account was missing. In this post, I’ll show you mu workaround. As part of my recent upgrade/migration for the VM hosting this site, I did a big clean up and re-organization of resources. Continue reading "Azure VM Could Not Start–Missing Boot Diagnostics THERE ARE 732 HOURS IN AN AZURE MONTH 732 (hours per month) * 12 months = 8784 hours per year. 8784 hours per year / 365 days = 24.066 hours. Not quite even. Let’s go with a leap year: 8784 hours per year / 365 days = 24 hours exactly. Sooo . 732 hours is the average length of a month in a leap year. Azure’s monthly pricing is based on the average month in a leap year. AZURE APP SERVICE SECURE NETWORKING Azure Application (App) Services or Web Apps allows you to create and host a web site or web application in Azure without (directly) dealing with virtual machines. This platform service makes HTTP/S services easy. By default, App Services are shared behind a public/ & shared frontend (actually, load-balanced frontends) with public IP addresses. AZURE: POWERSHELL VERSUS ARM TEMPLATES For some of the training that I do at work, I deploy the training lab in Azure as follows: A PowerShell script that asks me how many attendees there are, and then it runs a glorified 2 line loop. The loop iterates through different subscriptions, adding a resource group and then doing an ARM deployment. In other words, PowerShell automatesmy
REMOVE A MISSING HOST FROM VMM My current Hyper-V lab includes a VMM server and a Hyper-V host. The VMM server used to manage another Hyper-V host which no longer exists. It appears as offline in the VMM console, which is a bit painful because I’ll be doing some demos with this machine in the coming months. I’d like it to Continue reading "Remove a Missing Host FromVMM"
MICROSOFT VDI SIZING TOOLS Microsoft VDI Sizing Tools. Microsoft has released the Remote Desktop Load Simulation tools to help you size your VDI deployments. This release is due to customer requests. The responsible teams are very web connected so they’re interested in getting genuine feedback (use Connect ). “The Remote Desktop Load Simulation toolset is used for WHAT ARE MICROSOFT “FLIGHTS” AND “FLIGHTING”? This release is a flight and the process is flighting. It’s just another way of saying “release”. I guess, “release” in a devs mind is a big irregular event, whereas a flight is something that happens on a regular basis. In the Microsoft world, we see flights all the time with Azure and quite frequently with SaaS such as O365 andIntune.
VMQ ON TEAM INTERFACE BREAKING HYPER-V NETWORKING VMQ On Team Interface Breaking Hyper-V Networking. I recently had a situation where virtual machines on a Windows Server 2016 (WS2016) Hyper-V host could not communicate with each other. Ping tests were failing: In this case, I was building a new Windows Server 2016 demo lab for some upcoming community events in The Netherlands and Germany,an
WINDOWS SERVER 2016
WS2016 TPv3 (Technical Preview 3) includes a new feature called Switch Embedded Teaming (SET) that will allow you to converge RDMA (remote direct memory access) NICs and virtualize RDMA for the host. Yes, you’ll be able to converge SMB Direct networking! In the below diagram you can see a host with WS2012 R2 networking and Continue reading "Windows Server 2016 – Switch Embedded Teaming THERE ARE 732 HOURS IN AN AZURE MONTH 732 (hours per month) * 12 months = 8784 hours per year. 8784 hours per year / 365 days = 24.066 hours. Not quite even. Let’s go with a leap year: 8784 hours per year / 365 days = 24 hours exactly. Sooo . 732 hours is the average length of a month in a leap year. Azure’s monthly pricing is based on the average month in a leap year. HOW MUCH MEMORY DOES MY HYPER-V HOST REQUIRE? If you are trying to figure out how much RAM you have left for virtual machines then this is the post for you. When Microsoft launched Dynamic Memory with W2008 R2 SP1, we were introduced to the concept of a host reserve (nothing to do with the SCVMM concept); the hypervisor would keep so much memory for the Management OS, and everything else was fair game for the VMs. WINDOWS 8–“YOU ALREADY OWN THIS APP” BUT IT’S MISSING OR I just had a weird issue where some apps got messed up on my Windows 8 PC at work. They disappeared. I went onto the Windows Store to re-install them but according to the store: MANAGING WINDOWS DEFENDER IN AZURE BACKING UP AZURE FIREWALL Aidan Finn, IT Pro. A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on Menu HOW I UPGRADED THIS VM TO AZURE RESOURCE MANAGER In this post, I will explain how I upgraded the Azure virtual machine, that this site is hosted on, from ASM (Azure Service Management, Classic or Azure v1) to ARM (Azure Resource Manager, Resource Manageror Azure v2).
APPLICATION GATEWAY/FIREWALL & NSG RULES WHEN TO USE AND WHEN NOT TO USE A When To Use And When NOT To Use A Scale-Out File Server. The new transparent failover, scalable, and continuously available active-active file server cluster, better known as Scale-Out File Server (SOFS) sounds really cool. Big, cheap disk, that can be bundled into a file server cluster that has higher uptime than everything thatcame before.
HOW TO TEST OUTBOUND MAIL FLOW WITH IIS The final step was to manually send a mail . You can use notepad to write an email and drop it into the SMTP pickup folder. Open notepad and add something like: to:tbill@externaldomainname.com. from:testuser@internaldomain.com. subject:This is a test. this is atest.
REMOVE A MISSING HOST FROM VMM My current Hyper-V lab includes a VMM server and a Hyper-V host. The VMM server used to manage another Hyper-V host which no longer exists. It appears as offline in the VMM console, which is a bit painful because I’ll be doing some demos with this machine in the coming months. I’d like it to Continue reading "Remove a Missing Host FromVMM"
AZURE-TO-AZURE SITE RECOVERY FAILS AZURE VM COULD NOT START–MISSING BOOT DIAGNOSTICS STORAGEAZURE BOOT DIAGNOSTICS STORAGE ACCOUNTAZURE VM BOOT DIAGNOSTICSAZURE VM DIAGNOSTICS LOGSAZURE VM DIAGNOSTICS SETTINGSAZURE VM STORAGE COSTAZURE VM STORAGE TYPES I recently had an issue where starting an Azure virtual machine would fail. The reason given was that the Boot Diagnostics storage account was missing. In this post, I’ll show you mu workaround. As part of my recent upgrade/migration for the VM hosting this site, I did a big clean up and re-organization of resources. Continue reading "Azure VM Could Not Start–Missing Boot Diagnostics THERE ARE 732 HOURS IN AN AZURE MONTH 732 (hours per month) * 12 months = 8784 hours per year. 8784 hours per year / 365 days = 24.066 hours. Not quite even. Let’s go with a leap year: 8784 hours per year / 365 days = 24 hours exactly. Sooo . 732 hours is the average length of a month in a leap year. Azure’s monthly pricing is based on the average month in a leap year. MANAGING WINDOWS DEFENDER IN AZURE BACKING UP AZURE FIREWALL Aidan Finn, IT Pro. A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on Menu HOW I UPGRADED THIS VM TO AZURE RESOURCE MANAGER In this post, I will explain how I upgraded the Azure virtual machine, that this site is hosted on, from ASM (Azure Service Management, Classic or Azure v1) to ARM (Azure Resource Manager, Resource Manageror Azure v2).
APPLICATION GATEWAY/FIREWALL & NSG RULES WHEN TO USE AND WHEN NOT TO USE A When To Use And When NOT To Use A Scale-Out File Server. The new transparent failover, scalable, and continuously available active-active file server cluster, better known as Scale-Out File Server (SOFS) sounds really cool. Big, cheap disk, that can be bundled into a file server cluster that has higher uptime than everything thatcame before.
HOW TO TEST OUTBOUND MAIL FLOW WITH IIS The final step was to manually send a mail . You can use notepad to write an email and drop it into the SMTP pickup folder. Open notepad and add something like: to:tbill@externaldomainname.com. from:testuser@internaldomain.com. subject:This is a test. this is atest.
REMOVE A MISSING HOST FROM VMM My current Hyper-V lab includes a VMM server and a Hyper-V host. The VMM server used to manage another Hyper-V host which no longer exists. It appears as offline in the VMM console, which is a bit painful because I’ll be doing some demos with this machine in the coming months. I’d like it to Continue reading "Remove a Missing Host FromVMM"
AZURE-TO-AZURE SITE RECOVERY FAILS AZURE VM COULD NOT START–MISSING BOOT DIAGNOSTICS STORAGEAZURE BOOT DIAGNOSTICS STORAGE ACCOUNTAZURE VM BOOT DIAGNOSTICSAZURE VM DIAGNOSTICS LOGSAZURE VM DIAGNOSTICS SETTINGSAZURE VM STORAGE COSTAZURE VM STORAGE TYPES I recently had an issue where starting an Azure virtual machine would fail. The reason given was that the Boot Diagnostics storage account was missing. In this post, I’ll show you mu workaround. As part of my recent upgrade/migration for the VM hosting this site, I did a big clean up and re-organization of resources. Continue reading "Azure VM Could Not Start–Missing Boot Diagnostics THERE ARE 732 HOURS IN AN AZURE MONTH 732 (hours per month) * 12 months = 8784 hours per year. 8784 hours per year / 365 days = 24.066 hours. Not quite even. Let’s go with a leap year: 8784 hours per year / 365 days = 24 hours exactly. Sooo . 732 hours is the average length of a month in a leap year. Azure’s monthly pricing is based on the average month in a leap year. AZURE APP SERVICE SECURE NETWORKING Azure Application (App) Services or Web Apps allows you to create and host a web site or web application in Azure without (directly) dealing with virtual machines. This platform service makes HTTP/S services easy. By default, App Services are shared behind a public/ & shared frontend (actually, load-balanced frontends) with public IP addresses. AZURE: POWERSHELL VERSUS ARM TEMPLATES For some of the training that I do at work, I deploy the training lab in Azure as follows: A PowerShell script that asks me how many attendees there are, and then it runs a glorified 2 line loop. The loop iterates through different subscriptions, adding a resource group and then doing an ARM deployment. In other words, PowerShell automatesmy
REMOVE A MISSING HOST FROM VMM My current Hyper-V lab includes a VMM server and a Hyper-V host. The VMM server used to manage another Hyper-V host which no longer exists. It appears as offline in the VMM console, which is a bit painful because I’ll be doing some demos with this machine in the coming months. I’d like it to Continue reading "Remove a Missing Host FromVMM"
MICROSOFT VDI SIZING TOOLS Microsoft VDI Sizing Tools. Microsoft has released the Remote Desktop Load Simulation tools to help you size your VDI deployments. This release is due to customer requests. The responsible teams are very web connected so they’re interested in getting genuine feedback (use Connect ). “The Remote Desktop Load Simulation toolset is used for WHAT ARE MICROSOFT “FLIGHTS” AND “FLIGHTING”? This release is a flight and the process is flighting. It’s just another way of saying “release”. I guess, “release” in a devs mind is a big irregular event, whereas a flight is something that happens on a regular basis. In the Microsoft world, we see flights all the time with Azure and quite frequently with SaaS such as O365 andIntune.
VMQ ON TEAM INTERFACE BREAKING HYPER-V NETWORKING VMQ On Team Interface Breaking Hyper-V Networking. I recently had a situation where virtual machines on a Windows Server 2016 (WS2016) Hyper-V host could not communicate with each other. Ping tests were failing: In this case, I was building a new Windows Server 2016 demo lab for some upcoming community events in The Netherlands and Germany,an
WINDOWS SERVER 2016
WS2016 TPv3 (Technical Preview 3) includes a new feature called Switch Embedded Teaming (SET) that will allow you to converge RDMA (remote direct memory access) NICs and virtualize RDMA for the host. Yes, you’ll be able to converge SMB Direct networking! In the below diagram you can see a host with WS2012 R2 networking and Continue reading "Windows Server 2016 – Switch Embedded Teaming THERE ARE 732 HOURS IN AN AZURE MONTH 732 (hours per month) * 12 months = 8784 hours per year. 8784 hours per year / 365 days = 24.066 hours. Not quite even. Let’s go with a leap year: 8784 hours per year / 365 days = 24 hours exactly. Sooo . 732 hours is the average length of a month in a leap year. Azure’s monthly pricing is based on the average month in a leap year. HOW MUCH MEMORY DOES MY HYPER-V HOST REQUIRE? If you are trying to figure out how much RAM you have left for virtual machines then this is the post for you. When Microsoft launched Dynamic Memory with W2008 R2 SP1, we were introduced to the concept of a host reserve (nothing to do with the SCVMM concept); the hypervisor would keep so much memory for the Management OS, and everything else was fair game for the VMs. WINDOWS 8–“YOU ALREADY OWN THIS APP” BUT IT’S MISSING OR I just had a weird issue where some apps got messed up on my Windows 8 PC at work. They disappeared. I went onto the Windows Store to re-install them but according to the store:Skip to content
AIDAN FINN, IT PRO
A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on …Menu
* Blog
* Events
* Azure Newsletter
* Azure Training
* About Aidan Finn
* Privacy
* RSS
RECORDING – INTRODUCING AZURE VIRTUAL WAN Here is a video recording that I recorded last week called IntroducingAzure Virtual WAN.
I was scheduled to do a live presentation for the (UK) Northern Azure User Group (NAUG). All was looking good … until my wife went into labour 5 weeks early! We welcomed healthy twin girls and my wife is doing well – all are home now. But at the time, I was clocking up lots of miles to visit my wife and new daughters in the evening. The scheduled online user group meeting was going to clash with one of myvisits.
I reached out to the organiser, Matthew Bradley (a really good and smart guy – and someone who should be an MVP IMO), and explained the situation. I offered to record my presentation for the user group. So that’s what I did – I deliberately did a 1-take recording and didn’t do the usual editing to clean up mistakes, coughs, actually’s and hmms. I felt that the raw recording would be more like what I would be like if I was live. The feedback was positive and I was asked if I would share the video.So here you go:
Author AFinn Posted on November 9, 2020November 9, 2020 Categories AzureTags Azure
, Azure Virtual WAN
, SD-WAN
Leave a comment on Recording – Introducing Azure Virtual WAN AN INTRODUCTION TO AZURE EXPRESSROUTE ARCHITECTURE This post will give you an overview of Azure ExpressRoute architecture. This is not a “how to” post; instead, the purpose of this post is to document the options for architecting connectivity with Microsoft Azure in one concise (as much as possible) document. INTRODUCTION TO EXPRESSROUTE Azure ExpressRoute is a form of private Layer-2 or Layer-3 network connectivity between a customer’s on-premises network(s) and a virtual network hosted in Microsoft Azure. ExpressRoute is one of the 2 Azure-offered solutions (also, VPN) for achieving a private networkconnection.
There are 2 vendor types that can connect you to Azure usingExpressRoute:
* EXCHANGE PROVIDER: Has an ExpressRoute circuit in their data centre. Either you run your “on-premises” in their data centre or you connect to their data centre. * NETWORK SERVICE PROVIDER: You get a connection to an ISP and they relay you to a Microsoft edge data centre or POP. The locations of ExpressRoute and Azure are often confused. A connection using ExpressRoute, at a very high level and from your perspective, has three pieces: * CIRCUIT: A connection to a Microsoft edge data centre or pop. This can be one of many global locations that are often nothing to do with Azure regions; they are connected to the same Microsoft WAN as Azure (and Microsoft 365) and are a means to relay you to Azure (or Microsoft 365) using Azure ExpressRoute. * CONNECTION: Connecting an Azure Virtual Network (ExpressRoute Gateway) in an Azure region to a circuit that terminates at the edgedata centre or POP.
* PEERING: Configuring the routing across the circuit andconnection.
For example, a customer in Eindhoven, Netherlands might have an ExpressRoute circuit that connects to “Amsterdam”; This POP or edge data centre is probably in Amsterdam, Netherlands, or the suburbs. The customer might use that circuit to connect to Azure West Europe, colloquially called “Amsterdam”, but is actually inMiddenmeer
,
approximately 60 KM north of Amsterdam. EXPRESSROUTE VERSUS VPN The choice between ExpressRoute and site-to-site VPN isn’t always as clear-cut as one might think: “big organisations go with ExpressRoute and small/mid go with VPN”. Very often, organisations are choosing to access Azure services over the Internet using HTTPS, with small amounts of legacy traffic traversing a private connection. In this case, VPN is perfect. But when you want an SLA or low latency, ExpressRoute is your choice.SITE-TO-SITE VPN
EXPRESSROUTE
Microsoft SLA
Microsoft: Azure
Internet: No one
Microsoft: Azure
Service Provider: CircuitMax bandwidth
Aggregate of 10 Gbps100 Gbps
Routing
BGP (even if you don’t use/enable it)BGP
Latency
Internet
Low
Multi-Site
See SD-WAN (Azure Virtual WAN)Global Reach
Also see Azure Virtual WANConnections
Azure Virtual Networks Azure Virtual Networks Other Azure ServicesMicrosoft 365
Dynamics 365
Other clouds, depending on service providerPayment
Outbound data transfer and your regular Internet connection Payment to service provider for the circuit. Payment for either a metered (outbound data + circuit) or unlimited data (circuit) to Microsoft.TERMINOLOGY
* CUSTOMER PREMISES EQUIPMENT (CPE) OR CUSTOMER EDGE ROUTERS (CES): 2, ideally, edge devices that will be connected in a highly available way to 2 lines connecting your network(s) to the service provider. * PROVIDER EDGE ROUTERS (PES), CE FACING: Routers or switches operated by the service provider that the customer is connected to. * PROVIDER EDGE ROUTERS (PES), MSEE FACING: Routers or switches operated by the service provider that connect to Microsoft’s MSEEs. * MICROSOFT ENTERPRISE EDGE (MSEE) ROUTERS: Routers in the Microsoft POP or edge data centre that the service provider has connected to.The MSEE is what:
* Your ExpressRoute virtual network gateway connects to. * Propagates BGP routes to your virtual network. * Can connect two virtual networks together (with BGP propagation) if they both connect to the same circuit (MSEE). * Can relay you to other Azure services or other Microsoft cloudservices.
It is very strongly recommended that the customer deploys two highly available pieces of hardware for the CEs. The ExpressRoute virtual network gateway is also HA, but if the Azure region supports it, spread the two nodes across different availability zones for a higher level of availability. FYI, these POPs or Edge Data Centers also host other Azure servicesfor edge services.
PEERING
Quite often, the primary use case for Azure ExpressRoute is to connect to Azure virtual networks, and resources connected to those virtualnetworks such as:
* Virtual machines
* VNet integrated SKUs such as App Service Environment, API Management, and SQL Managed Instance * Platform services supporting Private Endpoint That connectivity is provided by Azure Private Peering. However, you can also connect to other Microsoft services using Microsoft Peering:
* Services that are normally routed over the Internet, such as Azure SQL or Azure Storage Accounts. * Microsoft 365, if you can prove a legal/compliance requirement toMicrosoft
* Dynamics 365
To use Microsoft Peering you will need to configure NAT to convert connections from private IP addresses to public IP addresses before they enter the Microsoft network. EXPRESSROUTE AND VPN There are two scenarios where ExpressRoute and site-to-site VPN can coexist to connect the same on-premises network and virtual network. The first is for failover. If you deploy a /27 or larger GatewaySubnet then that subnet can contain an ExpressRoute Virtual Network Gateway and a VPN Virtual Network Gateway. You can then configure ExpressRoute and VPN to connect the same on-premises and Azure networks. The scenario here is that the VPN tunnel will be an automated failover connection for the ExpressRoute circuit – failover will happen automatically with less than 10 packets being lost. Two things immediately come to mind: * Use a different ISP for Internet/VPN connection than used forExpressRoute
* Both connections must propagate the same on-premises networks. An interesting new twist was announced recently for Virtual NetworkGateway
and Azure Virtual WAN.
By default, there is no encryption on your ExpressRoute circuit (more on this later). You will be able to initiate a site-to-site VPN connection _across_ the ExpressRoute circuit to a VPN Virtual Network Gateway that is in the same GatewaySubnet as the ExpressRoute Virtual Network Gateway, encrypting your traffic.EXPRESSROUTE TIERS
There are three tiers of ExpressRoute circuit that you can deploy in Microsoft Azure. I have not found a good comparison table, so the below will not be complete:Standard
Premium
Price
Normal
More Expensive
Azure Virtual WAN supportAnnounced, not GA
GA
Azure Global Reach
Limited to same geo-zoneAll regions
Max connections per circuit10
100, depending on the circuit size (Mbps) – 20 for 50 Mbps, 100for 10 Gbps+
Connections from different subscriptionsNo
Yes
Max routes advertised Private peering: 4,000 Microsoft peering: 200 Private Peering: Up to 10,000 Microsoft peering: 200 I said “three tiers”, right? But there is also a third tier called Local which is very lightly documented. ExpressRoute Local is a subset of ExpressRoute Standard where: * The circuit can only connect to 1 or 2 Azure regions in the same metro as the POP or edge data centre. Therefore it is available in fewer locations than ExpressRoute Standard. * ExpressRoute Global Reach is not available. * It requires an unlimited data plan with at least 1 Gbps, coming in at ~25% of the price of a 1 Gbps Standard tier unlimited data plan. SERVICE PROVIDER TYPES There are three ways that a service provider can connect you to Azure using ExpressRoute, with two of them being: * LAYER-2: A VLAN is stretched from your on-premises network toAzure
* LAYER-3: You connect to Azure over IP VPN or MPLS VPN. Your on-premises network connects either by BGP or a static default route. There is a third option, called ExpressRoute Direct.EXPRESSROUTE DIRECT
A subset of the Microsoft POPs or edge data centres offer a third kind of connection for Azure ExpressRoute called ExpressRoute Direct. The features of this include: * LARGER SIZES: You can have sizes from 1 Gbps to 100 Gbps for massive data ingestion, for things like Cosmos DB or storage (HPC). * PHYSICAL ISOLATION: Some organisations will have a compliance reason to avoid connections to shared network equipment (the CEs andMSEE).
* GRANULAR CONTROL OF CIRCUIT DISTRIBUTION: Based on business unit This is a very specialised SKU that you must apply to use.
EXPRESSROUTE FASTPATH The normal flow of packets routing into Azure over ExpressRoute is: * Enter Microsoft at the MSEE * Travel via the ExpressRoute Virtual Network Gateway. * If a route table exists, follow that route, for example, to ahub-based firewall.
* Route to the NIC of the virtual machine There is a tiny latency penalty by routing through the Virtual Network Gateway. For a tiny percentage of customers, this latency may causeissues.
The concept of ExpressRoute Fast Path is that you can skip the hop of the virtual network gateway and route directly to the NICs of the virtual machines (in the same virtual network as the gateway). To use this feature you must be using one of these gateway sizes:* Ultra Performance
* ErGw3AZ
The following are not supported and will force traffic to route via the ExpressRoute Virtual Network Gateway: * There is a UDR on the GatewaySubnet * Virtual Network Peering is used. An alternative is to connect the otherwise-peered VNets directly to the circuit with their own VNetGateway.
* You use a Basic Load Balancer in front of the VMs; use a Standardtier Load Balancer.
* You are attempting to connect to Private Endpoint. EXPRESSROUTE GLOBAL REACH I think that ExpressRoute Global Reach is one of the more interesting features in ExpressRoute. You can have two or more offices, each with their own ExpressRoute (not Local tier) circuit to a local POP/edge data center, and enable Global Reach to allow: * The offices to connect to Azure/Microsoft cloud resources * Connect to each other over the Microsoft WAN instead of deployinga WAN
Note that ExpressRoute Standard will support connecting locations in the same geo-zone, and ExpressRoute Premium will support all geo-zones. Supported POPs are limited to a small subset of locations.
ENCRYPTION
Traffic over ExpressRoute is not encrypted and as Edward Snowden informed us, various countries are doing things to sniff traffic. If you wish to protect your traffic you will have to “bring your own key”. We have a few options: * The aforementioned VPN over ExpressRoute, which is available now for Virtual Network Gateway and Azure Virtual WAN.
* Implement a site-to-site VPN across ExpressRoute using a third-party virtual appliance hosted in the Azure VNet. * IPsec configured on each guest OS, limited to machines. * MACsec, a Layer-2 feature where you can implement your own encryption from your VE to the MSEE, encrypting all traffic, not justto/from VMs.
The MACsec key is stored securely in Azure Key Vault. From what I can see, MACsec is only available on ExpressRoute Direct. Microsoft claims that it does not cause a performance issue on their routers, but they do warn you to check your CE vendor guidance.MULTI-CLOUD
Now you’ll see why I talked about Layer-2 and Layer-3. Depending on your service provider type and their connectivity to non-Microsoft clouds, if you have a circuit with the service provider (from your CEs to their CE facing PEs) that same circuit can be used to connect to Azure over ExpressRoute and to other clouds such as AWS or others. With BGP propagation, you could route from on-premises to/from either cloud, and your deployments in those clouds could route to each other. BIDIRECTIONAL FORWARDING DETECTION (BFD) The circuit is deployed as two connections, ideally connected to 2 CEs in your edge network. Failover is automated, but some will want failover to be as quick as possible. You can reduce the BGP keepalive and hold-time but this will be processor intensive on the networkequipment.
A feature called BFD can detect link failure in a sub-second with low overhead. BFD is enabled on “newly” created ExpressRoute private peering interfaces on the MSEEs – you can reset the peering if required. If you want this feature then you need to enable it on your CEs – the service provider must also enable it on their PEs.MONITORING
Azure Monitor provides a bunch of metrics for ExpressRoute that you can visualise or create alerts on. Azure’s Connection Monitor is the Microsoft-offered solution for monitoring an ExpressRoute connection. The idea is that a Log Analytics agent (Windows or Linux) is deployed onto one or more always-on on-premises machines. A test is configured to run across the circuit measuring availability and performance. Author AFinn Posted on October 7, 2020November 18, 2020 Categories AzureTags Azure
, ExpressRoute
10 Comments on An
Introduction to Azure ExpressRoute Architecture MONITORING & ALERTING FOR WINDOWS DEFENDER IN AZURE VMS In this post, I will explain how one can monitor Windows Defender and create incidents for it with Azure VMs.BACKGROUND
Windows Defender is built into Windows Server 2016 and Windows Server 2019. It’s free and pretty decent. But it surprises me how many of my customers (all) choose Defender over third-parties for their Azure VMs … with no coaching/encouragement from me or my colleagues. There is an integration with the control plane using the antimalwareagent extension. But the level of management is poor-none. There is a Log Analytics solution, but solutions are deprecated and, last time I checked, it required the workspace to be in per-node pricing mode. So I needed something different to operationalise Windows Defender withAzure VMs.
DATA
At work, we always deploy the Log Analytics extension with all VMs – along with the antimalware extension and a bunch of others. We also enable data collection in Azure Security Center. We use a single Log Analytics workspace to enable the correlation of data and easy reporting/management. I recently found out that a table in Log Analytics called ProtectionStatus contains a “heartbeat” record for Windows Defender. Approximately every hour, a record is stored in this table for every VM running Windows Defender. In there, you’ll find somecolumns such as:
* DEVICENAME: The computer name * THREATSTATUSRANK: A code indicating the health of the device according to defender:* 150: Health
* 470: Unknown (no extension/Defender) * 350: Quarantined malware * 550: Active malware * THREATSTATUS: A description for the above code * THREATSTATUSDETAILS: A longer description* And more …
So you can see that you can search this table for malware infection records. First thing, though, is to filter out the machines/records reporting that there is no Defender (Linux machines, for example): > let all_windows_vms = Heartbeat>
> | where TimeGenerated > now(-7d)>
> | where OSType == ‘Windows’ | summarize makeset(Resource);> ProtectionStatus
>
> | where Resource in (all_windows_vms)>
> | sort by TimeGenerated desc The above will find all active Windows VMs that have been reporting to Log Analytics via the extension heartbeat. Then we’ll store that data in a set, and search that set. Now we can extend that search, for example finding all machines with a non-healthy state (150): > let all_windows_vms = Heartbeat>
> | where TimeGenerated > now(-7d)>
> | where OSType == ‘Windows’>
> | summarize makeset(Resource); ProtectionStatus>
> | where Resource in (all_windows_vms)>
> | where ThreatStatusRank <> 150>
> | sort by TimeGenerated descTESTING
All the tech content here will be useless without data. So you’ll need some data! Search for the Eicar test string/file and start “infecting” machines – be sure to let people know if there are people monitoring the environment first.SECURITY CENTER
Security Center will record incidents for you: You will get email alerts if you have configured notifications in the subscription’s Security Center settings. Make sure the threshold isset to LOW.
If you want an alternative form of alert then you can use a Log Analytics alert (Scheduled Query Alert resource type) based on thebelow basic query:
> SecurityAlert
>
> | where TimeGenerated > now(-5m)>
> | where VendorName == ‘Microsoft Antimalware’ The above query will search for Windows Defender alerts stored in Log Analytics (by Security Center) in the last 5 minutes. If the threshold is freater than 0 then you can trigger an Azure Monitor Action Group to tell whomever or start whatever task you want.WORKBOOKS
Armed with the ability to query the ProtectionStatus table, you can create your own visualisations for easy reporting on Windows Defender across many machines. The pie chart is made using this query: > let all_windows_vms = Heartbeat>
> | where TimeGenerated > now(-7d)>
> | where OSType == ‘Windows’>
> | summarize makeset(Resource); ProtectionStatus>
> | where TimeGenerated > now(-7d)>
> | where Resource in (all_windows_vms)>
> | where ThreatStatusRank <> ‘150’>
> | summarize count(Threat) by Threat With some reading and practice, you can make a really fancy workbook.AZURE SENTINEL
_I have enabled the Entity Behavior preview._ Azure Sentinel is supposed to be the central place to monitor all security events, hunt for issues, and where to start investigations – that latter thanks to the new Entity Behavior feature. Azure Sentinel is powered by Log Analytics – if you have data in there then you can query that data, correlate it, and do some clever things. We have a query that can search for malware incidents reported by Windows Defender. What we will do is create a new Analytic Rule that will run every 5 minutes using 5 minutes of data. If the results exceed 0 (threshold greater than 0) then we will create an incident. > let all_windows_vms = Heartbeat>
> | where TimeGenerated > now(-7d)>
> | where OSType == ‘Windows’>
> | summarize makeset(Resource); ProtectionStatus>
> | where TimeGenerated > now(-5m)>
> | where Resource in (all_windows_vms)>
> | where ThreatStatus <> ‘No threats detected’ or > ThreatStatusRank <> ‘150’ or Threat <> ”>
> | sort by Resource asc | extend HostCustomEntity = Computer The last line is used to identity an entity. Optionally, we can associate a logic app for an automated response. Once that first malware detection is found: You can do the usual operational stuff with these incidents. Note that this data is recorded and your effectiveness as a security organisation is visible in the Security Efficiency Workbook in Azure Sentinel – even the watchers are watched! If you open an incident you can click investigate which opens a new Investigation screen that leverages the Entity Behavior data. In my case, the computer is theentity.
The break-out dialogs allow me to query Log Analytics to learn more about the machine and its state at the time and the state of Windows Defender. For example, I can see who was logged into the machine at that time and what processes were running. Pretty nice, eh? Author AFinn Posted on October 5, 2020October 8, 2020 Categories Uncategorized Leave a comment on Monitoring & Alerting for Windows Defender in Azure VMs MONITORING & ALERTING FOR WINDOWS DEFENDER IN AZURE VMS In this post, I will explain how one can monitor Windows Defender and create incidents for it with Azure VMs.BACKGROUND
Windows Defender is built into Windows Server 2016 and Windows Server 2019. It’s free and pretty decent. But it surprises me how many of my customers (all) choose Defender over third-parties for their Azure VMs … with no coaching/encouragement from me or my colleagues. There is an integration with the control plane using the antimalwareagent extension. But the level of management is poor-none. There is a Log Analytics solution, but solutions are deprecated and, last time I checked, it required the workspace to be in per-node pricing mode. So I needed something different to operationalise Windows Defender withAzure VMs.
DATA
At work, we always deploy the Log Analytics extension with all VMs – along with the antimalware extension and a bunch of others. We also enable data collection in Azure Security Center. We use a single Log Analytics workspace to enable the correlation of data and easy reporting/management. I recently found out that a table in Log Analytics called ProtectionStatus contains a “heartbeat” record for Windows Defender. Approximately every hour, a record is stored in this table for every VM running Windows Defender. In there, you’ll find somecolumns such as:
* DEVICENAME: The computer name * THREATSTATUSRANK: A code indicating the health of the device according to defender:* 150: Health
* 470: Unknown (no extension/Defender) * 350: Quarantined malware * 550: Active malware * THREATSTATUS: A description for the above code * THREATSTATUSDETAILS: A longer description* And more …
So you can see that you can search this table for malware infection records. First thing, though, is to filter out the machines/records reporting that there is no Defender (Linux machines, for example): let all_windows_vms =Heartbeat
| where TimeGenerated > now(-7d) | where OSType == 'Windows' | summarize makeset(Resource);ProtectionStatus
| where Resource in (all_windows_vms) | sort by TimeGenerated desc The above will find all active Windows VMs that have been reporting to Log Analytics via the extension heartbeat. Then we’ll store that data in a set, and search that set. Now we can extend that search, for example finding all machines with a non-healthy state (150): let all_windows_vms = Heartbeat | where TimeGenerated > now(-7d) | where OSType == 'Windows' | summarize makeset(Resource);ProtectionStatus
| where Resource in (all_windows_vms) | where ThreatStatusRank <> 150 | sort by TimeGenerated descTESTING
All the tech content here will be useless without data. So you’ll need some data! Search for the Eicar test string/file and start “infecting” machines – be sure to let people know if there are people monitoring the environment first.SECURITY CENTER
Security Center will record incidents for you: You will get email alerts if you have configured notifications in the subscription’s Security Center settings. Make sure the threshold isset to LOW.
If you want an alternative form of alert then you can use a Log Analytics alert (Scheduled Query Alert resource type) based on thebelow basic query:
SecurityAlert
| where TimeGenerated > now(-5m) | where VendorName == 'Microsoft Antimalware' The above query will search for Windows Defender alerts stored in Log Analytics (by Security Center) in the last 5 minutes. If the threshold is freater than 0 then you can trigger an Azure Monitor Action Group to tell whomever or start whatever task you want.WORKBOOKS
Armed with the ability to query the ProtectionStatus table, you can create your own visualisations for easy reporting on Windows Defender across many machines. The pie chart is made using this query: let all_windows_vms =Heartbeat
| where TimeGenerated > now(-7d) | where OSType == 'Windows' | summarize makeset(Resource);ProtectionStatus
| where TimeGenerated > now(-7d) | where Resource in (all_windows_vms) | where ThreatStatusRank <> '150' | summarize count(Threat) by Threat With some reading and practice, you can make a really fancy workbook.AZURE SENTINEL
_I have enabled the Entity Behavior preview._ Azure Sentinel is supposed to be the central place to monitor all security events, hunt for issues, and where to start investigations – that latter thanks to the new Entity Behavior feature. Azure Sentinel is powered by Log Analytics – if you have data in there then you can query that data, correlate it, and do some clever things. We have a query that can search for malware incidents reported by Windows Defender. What we will do is create a new Analytic Rule that will run every 5 minutes using 5 minutes of data. If the results exceed 0 (threshold greater than 0) then we will create an incident. let all_windows_vms =Heartbeat
| where TimeGenerated > now(-7d) | where OSType == 'Windows' | summarize makeset(Resource);ProtectionStatus
| where TimeGenerated > now(-5m) | where Resource in (all_windows_vms) | where ThreatStatus <> 'No threats detected' or ThreatStatusRank <> '150' or Threat <> '' | sort by Resource asc | extend HostCustomEntity = Computer The last line is used to identity an entity. Optionally, we can associate a logic app for an automated response. Once that first malware detection is found: You can do the usual operational stuff with these incidents. Note that this data is recorded and your effectiveness as a security organisation is visible in the Security Efficiency Workbook in Azure Sentinel – even the watchers are watched! If you open an incident you can click investigate which opens a new Investigation screen that leverages the Entity Behavior data. In my case, the computer is theentity.
The break-out dialogs allow me to query Log Analytics to learn more about the machine and its state at the time and the state of Windows Defender. For example, I can see who was logged into the machine at that time and what processes were running. Pretty nice, eh? Author AFinn Posted on October 1, 2020October 8, 2020 Categories AzureTags Analytic Rules
, Azure
, Azure Monitor Logs , Azure Security Center, Azure Sentinel
, Entity Behavior
, Log Analytics
, Windows Defender
, Workbooks
Leave a comment on Monitoring & Alerting for Windows Defender in Azure VMs AZURE APP SERVICE, PRIVATE ENDPOINT, AND APPLICATION GATEWAY/WAF In this post, I will share how to configure an Azure Web App (or App Service) with Private Endpoint, and securely share that HTTP/S service using the Azure Application Gateway, with the optional Web Application Firewall (WAF) feature. Whew! That’s lots of feature names!BACKGROUND
Azure Application (App) Services or Web Apps allows you to create and host a web site or web application in Azure without (directly) dealing with virtual machines. This platform service makes HTTP/S services easy. By default, App Services are shared behind a public/ & shared frontend (actually, load-balanced frontends) with public IP addresses. Earlier this year, Microsoft released Private Link, a service that enables an Azure platform resource (or service shared using a Standard Tier Load Balancer) to be connected to a virtual network subnet. The resource is referred to as the linked resource. The linked resource connects to the subnet using a Private Endpoint. There is a Private Endpoint resource and a special NIC; it’s this NIC that shares the resource with a private IP address, obtained from the address space of the subnet. You can then connect to the linked resource using the Private Endpoint IPv4 address. Note that the Private Endpoint can connect to many different “subresources” or services (referred to as serviceGroup in ARM) that the linked resource can offer. For example, a storage account has serviceGroups such as file, blob, andweb.
_Notes: Private Link is generally available. Private Endpoint FOR APP SERVICES is still in preview. App Services PREMIUM V2 is required forPrivate Endpoint._
The Application Gateway allows you to share/load balance a HTTP/S service at the application layer with external (virtual network, WAN, Internet) clients. This reverse proxy also offers an optional Web Application Firewall (WAF), at extra cost, to protect the HTTP/S service with the OWASP rule set and bot protection. With the Standard Tier of DDoS protection enabled on the Application Gateway virtual network, the WAF extends this protection to Layer-7.DESIGN GOAL
The goal of this design is to ensure that all HTTP/S (HTTPS in this example) traffic to the Web App must: * Go through the WAF. * Reverse proxy to the App Service via the Private Endpoint privateIPv4 address only.
The design will result in: * Layer-4 protection by an NSG associated with the WAF subnet. NSG Traffic Analytics will send the data to Log Analytics (and optionally Azure Sentinel for SIEM) for logging, classification, and reporting. * Layer-7 protection by the WAF. If the Standard Tier of DD0S protection is enabled, then the protection will be at Layer-4 (Application Gateway Public IP Address) and Layer-7 (WAF). Logging data will be sent to Log Analytics (and optionally Azure Sentinel for SIEM) for logging and reporting. * Connections directly to the web app will fail with a “HTTP Error 403 – Forbidden” error. _Note: If you want to completely prevent TCP connections to the web app then you need to consider App Service Environment/Isolated Tier or a different Azure platform/IaaS solution._DESIGN
Here is the design – you will want to see the original image:
There are a number of elements to the design:PRIVATE DNS ZONE
You must be able to resolve the FQDNs of your services using the per-resource type domain names.
App Services use a private DNS zone called privatelink.azurewebsites.net. There are hacks to get this to work. The best solution is to create a central Azure Private DNS Zone called privatelink.azurewebsites.net. If you have DNS servers configured on your virtual network(s), associate the Private DNS Zone with your DNS servers’ virtual network(s). Create a conditional forwarder on the DNS servers to forward all requests to privatelink.azurewebsites.net to 168.63.129.16 (https://docs.microsoft.com/en-us/azure/virtual-network/what-is-ip-address-168-63-129-16). This will result in: * A network client sending a DNS resolution request to your DNS servers for *.privatelink.azurewebsites.net. * The DNS servers forwarding the requests for *.privatelink.azurewebsites.net to 168.63.129.16. * The Azure Private DNS Zone will receive the forwarded request and respond to the DNS servers. * The DNS servers will respond to the client with the answer.APP SERVICE
As stated before the App Service must be hosted on a Premium v2 tier App Service Plan. In my example, the app is called myapp with a default URI of https://myapp.azurewebsites.net. A virtual network access rule is added to the App Service to permit access from the subnet of the Application Gateway. Don’t forget to figure out what to do with the SCM URI for DevOps/GitHub integration.PRIVATE ENDPOINT
A Private Endpoint was added to the App Service. The service/subresource/serviceGroup is sites. Automatically, Microsoft will update their DNS to modify the name resolution of myapp.azurewebsites.net to resolve to myapp.privatelink.azurewebsites.net. In the above example, the NIC for the Private Endpoint gets an IP address of 10.0.64.68 from the AppSubnet that the App Service is now connected to. Add an A record to the Private DNS Zone for the App Service, resolving to the IPv4 address of the Private Endpoint NIC. In my case, myapp.privatelink.azurewebsites.net will resolve to 10.0.64.68. This in turn means that myapp.azurewebsites.net > myapp.privatelink.azurewebsites.net > 10.0.64.68. APPLICATION GATEWAY/WAF * Add a new Backend Pool with the IPv4 address of the Private Endpoint NIC, which is 10.0.64.68 in my example. * Create a multisite HTTPS:443 listener for the required public URI, which will be myapp.joeelway.com in my example, adding the certificate, ideally from an Azure Key Vault. Use the public IP address (in my example) as the frontend. * Set up a Custom Probe to test https://myapp.azurewebsites.net:443 (using the hostname option) with acceptable responses of 200-399. * Create an HTTP Setting (the reverse proxy) to forward traffic to https://myapp.azurewebsites.net:443 (using the hostname option) using a well-known certificate (accepting the default cert of the App Service) for end-to-end encryption. * Bind all of the above together with a routing rule.PUBLIC DNS
Now you need to get traffic for https://myapp.joeelway.com to go to the (public, in my example) frontend IP address of the Application Gateway/WAF. There are lots of ways to do this, including Azure Front Door, Azure Traffic Manager, and third-party solutions. The easy way is to add an A record to your public DNS zone (joeelway.com, in my example) that resolves to the public IP address of the ApplicationGateway.
THE RESULT
* A client browses https://myapp.joeelway.com. * The client name resolution goes to public DNS which resolves myapp.joeelway.com to the public IP address of the ApplicationGateway.
* The client connects to the Application Gateway, requesting https://myapp.joeelway.com. * The Listener on the Application Gateway receives the connection. * Any WAF functionality inspects and accepts/rejects the connectionrequest.
* The Routing Rule in the Application Gateway associates the request to https://myapp.joeelway.com with the HTTP Setting and Custom Probe for https://myapp.azurewebsites.net. * The custom probe is constantly testing the availability of https://myapp.azurewebsites.net and a request is reverse proxied if the service is available. * The Application Gateway routes the request for https://myapp.joeelway.com to https://myapp.azurewebsites.net at the IPv4 address of the Private Endpoint (documented in the Application Gateway Backend Pool). * The App Service receives and accepts the request for https://myapp.azurewebsites.net and responds to the ApplicationGateway.
* The Application Gateway reverse-proxies the response to theclient.
FOR GOOD MEASURE
If you really want to secure things: * Deploy the Application Gateway as WAFv2 and store SSL certs in a Key Vault with limited Access Policies * The NSG on the WAF subnet must be configured correctly and only permit the minimum traffic to the WAF. * All resources will send all logs to Log Analytics. * Azure Sentinel is associated with the Log Analytics workspace. * Azure Security Center Standard Tier is enabled on the subscription and the Log Analytics Workspace. * If you can justify the cost, DDoS Standard Tier is enabled on the virtual network with the public IP address(es). And that’s just the beginning Author AFinn Posted on September 10, 2020 Categories AzureTags App Services
, Application Gateway, Azure
, Azure DNS
, DNS
, Private DNS Zone
, Private Endpoint
, Private Link
, Security
, Virtual Network
, WAF
, WAFv2
, Web App
, Web Application Firewall2 Comments on
Azure App Service, Private Endpoint, and Application Gateway/WAF AZURE VIRTUAL WAN – CONNECTIVITY In this post, I’ll explain how Azure Virtual WAN offers its core service: connections.SD-WAN
Some of you might be thinking – this is just for large corporations and I’m outta here. Don’t run just yet. Azure Virtual WAN is a rethinking of how to: * Connect users to Azure services _and_ on-premises at the sametime
* Connect sites to Azure and (optionally) other sites * Replace the legacy hardware-defined WAN * Connect Azure virtual networks together. That first point is quite timely – connecting users to services. Work-from-home (WFH) has forced enterprises to find ways to connect users to services no matter where they are. That connectivity was often limited to a privileged few. The pandemic forced small/large organisations to re-think productivity connectivity and to scale out. Before COVID19 struck, I was starting to encounter businesses that were considering (some even starting) to replace their legacy MPLS WAN with a software-defined WAN (SD-WAN) where media of different types, suitable to different kinds of sites/users/services, were aggregated via appliances; this SD-WAN is lower cost, more flexible, and by leveraging local connectivity, enables smaller locations, such as offices or retail outlets, to have an affordable direct connection to the cloud for better performance. How the on-premises part of the SD-WAN is managed is completely up to you; some will take direct control and some will outsource it to a network service provider.CONNECTIONS
Azure Virtual WAN is all about connections. When you start to read about the new Custom Routing model in Azure Virtual WAN, you’ll see how route tables are associated with connections. In summary, a connection is a link between an on-premises location (referred to as a branch, even if it’s HQ) or a spoke virtual network with a Hub. And now we need to talk about some Azure resources.AZURE RESOURCES
I’ve provided lots more depth on this topic elsewhere so I will keep this to the basics. There are two core resources in Azure Virtual WAN:* A Virtual WAN
* A Hub
The Virtual WAN is a logical resource that provides a global service, although it is actually located in one Azure region. Any hubs that are connected to this Virtual WAN resource can talk to each other (automatically), route it’s connections to another hub’s connections and share resources. A Virtual WAN Hub is similar to a hub in an Azure hub & spoke architecture. It is a central routing point (with a hidden virtual router) that is the meeting point for any connections to that hub. An Azure region can have 1 hub in your tenant. That means I can have 1 Hub in West Europe and 1 Hub in East US. The Hubs must be connected to an Azure WAN resource; if they share a WAN resource then their connections can talk to each other. I might have all my branches in Europe connect to the Hub in West Europe, and I will connect all my spoke virtual networks in West Europe to the Hub in West Europe too; this means that by default (and I can control this): * The virtual networks can route to each other * The virtual networks can route to the branches * The branches can route to the virtual networks * The branches can route to other branches We can extend this routing by connecting my branches in North America to the East US Hub and the spoke virtual networks in East US to the East US Hub. Yes; all those North American locations can route to each other. Because the Hubs are connected to a common Virtual WAN, the routing now extends across the Microsoft WAN. That means a retail outlet in the further reaches of northwest rural Ireland can connect to services hosted in East US, via a connection to the Hub in West Europe, and then hopping across the Atlantic Ocean using Microsoft’s low-latency WAN. Nice, right? Even, better – it routes just like that automatically if you are using SD-WAN appliances in the branches. _Note that a managed WAN might wire up that retail outlet differently, but still provide a fairly low-latency connection to the local Hub._BRANCH CONNECTIONS
If you have done any Azure networking then you are probably familiarwith:
* SITE-TO-SITE VPN: Connecting a location with a cost-effective but no-SLA VPN tunnel to Azure. * EXPRESSROUTE: A circuit rented from an ISP for low-latency, high bandwidth, and an SLA-supported private connection to Azure * POINT-TO-SITE VPN: Enabling end-users to create a private VPN tunnel to Azure from their devices while on the move or working fromhome
Each of the above is enabled in Azure using a Virtual Network Gateway, each running independently. Routing from branch to branch is not an intended purpose. Routing from user to the branch is not an intended purpose. The Virtual Network Gateway’s job is to connect a user toAzure.
The Azure Virtual WAN Hub supports gateways – as hidden resources that must be enabled and configured. All three of the above media types are supported as 3 different types of gateway, sized based on a billing concept called scale units – more scale units means more bandwidth and more cost, with a maximum hub throughput of 40 Gbps (including traffic to/from/between spokes). _Note that a Secured Virtual Hub, featuring the Azure Firewall, has a limit of 30 Gbps if all traffic is routed through that firewall._ You can be flexible with the branch connections. Some locations might be small and have a VPN connection to the Hub. Other locations might require an SLA and use ExpressRoute. Some might require low latency or greater bandwidth and use higher SKUs of ExpressRoute. And of course, some users will be on the move or at home and use P2S VPN. A combination of all 3 connection types can be used at once, providing each location and user the connections and costs that suit them best.EXPRESSROUTE
You will be using ExpressRoute Standard for Azure Virtual WAN; this is a requirement. I don’t think there’s really too much more to say here – the tech just works once the circuit is up, and a combination of Global Reach and the any-to-any connections/routing of Azure WAN means that things will just work.SITE-TO-SITE VPN
The VPN gateway is deployed in an active/active cluster configuration with two public IP addresses. A branch using VPN for connectivity canhave:
* A single VPN connection over a single ISP connection. * Resilient VPN connections over two ISP connections, ideally with different physical providers or even media types. An on-premises SD-WAN appliance is strongly recommended for Azure Virtual WAN, but you can use any VPN appliance that is supported for route-based VPN by Microsoft Azure; if you are doing the latter you can use BGP or the Azure WAN alternative to Local Network Gateway-provided prefixes for routing to on-premises. POINT-TO-SITE (P2S) VPN The P2S gateway offers a superior service to what you might have observed with the traditional Virtual Network Gateway for VPN. Connectivity from the user device is to a hub with a routing appliance. Any-to-any connectivity treats the user device as a branch, albeit in a dedicated network address space. Once the user has connected the VPN tunnel, they can route to (by default): * Any spoke virtual network connected to the Hub * Any spoke virtual network connected to another Hub on the sameVirtual WAN
* Any branch office connected to any Hub on the Virtual WAN In summary, the user is connected to the WAN as a result of being connected to the Hub and is subject to the routing and firewall configurations of that Hub. That’s a pretty nice WFH connectivitysolution.
Note that you have support for certificate and RADIUS authentication in P2S VPN, as well as the OpenVPN and Microsoft client. THE CONNECTIVITY EXPERIENCE Imagine we’re back in normal times again with common business travel. A user in Amsterdam could sit down at their desk in the office and connect to services in West Europe via VPN. They could travel to a small office in Luxembourg and connect to the same services via VPN with no discernible difference. That user could travel to a conference in London and use P2S VPN from their hotel room to connect via the Amsterdam Hub. Now that user might get a jet to Philadelphia, and use their mobile hotspot to offer connectivity to the Azure Virtual WAN Hub in East US via P2S VPN – and the experience is no different! _One concept I would like to try out and get a support statement on is to abstract the IP addresses and locations of the P2S gateways using Azure Traffic Manager so the user only needs to VPN to a single FQDN and is directed (using the performance profile) to the closest (latency) Hub in the Virtual WAN with a P2S gateway._SIMPLICITY
So much is done for you with Azure Virtual WAN. If you like to click in the Azure Portal, it’s a pretty simple set up to get things going, although security engineering looks to have a steep learning curve with Custom Routing. By default, everything is connected to everything; that’s what a network should do. You shouldn’t have to figure out how to route from A to B. I believe that Azure WAN will offer a superior connectivity solution, even for a single location organisation. That’s why I’ve been spending time figuring this tech out over the last few weeks. Author AFinn Posted on July 28, 2020Categories Azure
Tags Azure Virtual WAN, ExpressRoute
, Gateway
, Hub
, Point-to-Site VPN
, Site-to-Site VPN
12 Comments on Azure Virtual WAN – Connectivity THE OFFICE – PAINT & ELECTRICS COMPLETE The installation and painting of the Cloud Mechanix global HQ have completed. On a damp day, the painters arrived and started work – sealing the knots in the wood and applying the first coat. We decided to go with a different set of colours to the house; there were two reasons for thedecision:
* To separate work from home. * To “hide” the office in the corner and in the trees surrounding that corner. So dark green was used on the outside walls with white for the trims. The interior walls and ceilings are also painted white to give the place a bright feel. The floors have not been painted, but more on that in a moment. The electricians arrived on the first day of painting and installed the electrical components. They didn’t have the ethernet cabling so they had to return a couple of days later to do that work. The painting took 2 full days with 2 painters – that’s without sanding and painting/staining the floor like manywould opt to do.
And that brings us to the floor. We decided to install AC4 (hard wearing) laminate flooring – if you don’t know what that is, it’s artificial wood flooring that has the pattern, colour and texture of finished wood without the maintenance. We found a style we like, moor acacia, that is dark to contrast with the interior white, and has a grainy finish like oak. It will pop nicely with the white furnishings. We went to two local suppliers. Both had identical pricing on the supply and similar pricing on the installation. However, one has a month of work queued up and the other has 2 months. We tried an independent installer where we would supply the materials but the price was too high with a non-guaranteed schedule. So we’ll be waiting 1 month to get the floor installed – no, that’s not work for me – trust me, I attempted it once before in a small room that took way too long and didn’t look good after. I installed the Wi-Fi to the fixed ethernet connection in the office using a spare Linkys mesh unit that I had. It tested well, similar to the same tests in the house, closer to the broadband modem. No; I did not opt to install RJ45 sockets all around the office. Wi-Fi will be reliable (antenna in the office), flexible, and not take away from the appearance of the interior. Not to mention that many things expect Wi-Fi connections these days anyway! I also shopped online for furniture. I know what I want – most of it is from Ikea – but the best delivery I could get from them was 5-6 weeks!!! So the whole floor thing won’t impact us anyway. The only real decision I have not made is what to do with the office chairs. I know many of you will recommend Secret Labs but their delivery timesare widely mocked.
As you can see in the photo, there are a few other works to be done: * The swing set is being scrapped. A much nicer wooden set is coming next week and a local handyman will take the scrap away to recycle it. * I had some paving stones that I had saved from the site that the office is installed on. I will be power washing them. * The site of the old swing set left some damage to the lawn – the anchors and foot damage. I have filled the holes and I will be sowingnew grass.
Some of the garden work will happen this week because I’ve taken some time off from work. Other than that, it will be a while before there are any updates on this project. There is one other thing toshare:
The above slate sign arrived in the post today. It was a present from my wife to hang on/in the office. It’s written in Norwegian (I work for Innofactor Norway) and explicitly refers to the 3 x tree stumps that had to be dug up by hand to clear space for the office. Author AFinn Posted on July 27, 2020July 27, 2020 Categories Azure 2 Comments on The Office – Paint &Electrics Complete
THE OFFICE – CONSTRUCTION COMPLETE The construction of Cloud Mechanix global HQ finished yesterday afternoon. The final piece to go in place was the step up to the door. You can really see the slope in the site inthe below photo.
If you step in you can see the all-wood finish, with the 1st fitting electrics, ready for the final touches. And you can see the view from one of the locations where one of the desks will be located. We had some paving stones from the site clearance, so they are being repurposed to cross the lawn from the house to the front door. A swing set was placed directly in-front of the office – the replacement is going to the far end of the lawn. The grass underneath and the empty anchor spots are bald so I’ll be re-sowing grass there in the comingdays.
So what’s next? Paint and second-fitting electrics are next in the project plan. I will also be looking at how we can extend the house security systems to the office – a combination of a supplier-based monitored alarm system and the Ring cameras. That will allow us to insure the contents of the new office, and then … it’ll be time tomove in.
Author AFinn Posted on July 21, 2020 Categories Uncategorized 1 Comment on The Office – ConstructionComplete
AZURE VIRTUAL WAN ARM – THE RESOURCES In this post, I will explain the types of resources used in Azure Virtual WAN and the nature of their relationships. _Note, I have not included any content on the recently announced preview of third-party NVAs. I have not seen any materials on this yet to base such a post on and, being honest, I don’t have any use-cases for third-party NVAs._ As you can see – there are quite a few resources involved … and some that you won’t see listed at all because of the “appliance-like” nature of the deployment. I have not included any detail on spokes or “branch offices”, which would require further resources. The below diagram is enough to get a hub operational and connected to on-premises locations and spoke virtual networks. THE VIRTUAL WAN – MICROSOFT.NETWORK/VIRTUALWANS You need at least one Virtual WAN to be deployed. This is what the hub will connect to, and you can connect many hubs to a common Virtual WAN to get automated any-to-any connectivity across the Microsoft physicalWAN.
Surprisingly, the resource is deployed to an Azure region and not as a global resource, such as other global resources such as Traffic Manager or Azure DNS. THE VIRTUAL HUB – MICROSOFT.NETWORK/VIRTUALHUBS Also known as the hub, the Virtual Hub is deployed once, and once only, per Azure region where you need a hub. This hub replaces the old hub virtual network (plus gateway(s), plus firewall, plus route tables) deployment you might be used to. The hub is deployed as a hidden resource, managed through the Virtual WAN in the Azure Portal or via scripting/ARM. The hub is associated with the Virtual WAN through a virtualWAN property that references the resource ID of the virtualWans resource. In a previous post , I referred to a chicken & egg scenario with the virtualHubs resource. The hub has properties that point to the resource IDs of each deployed gateway: * vpnGateway: For site-to-site VPN. * expressRouteGateway: For ExpressRoute circuit connectivity. * p2sVpnGateway: For end-user/device tunnels. If you choose to deploy a “Secured Virtual Hub” there will also be a property called azureFirewall that will point to the resource ID of an Azure Firewall with the AZFW_Hub SKU. Note, the restriction of 1 hub per Azure region does introduce a bottleneck. Under the covers of the platform, there is actually a virtual network. The only clue to this network will be in the peering properties of your spoke virtual networks. A single virtual network can have, today, a maximum of 500 spokes. So that means you will have a maximum of 500 spokes per Azure region. ROUTING TABLES – MICROSOFT.NETWORK/VIRTUALHUBS/HUBROUTETABLES&
MICROSOFT.NETWORK/VIRTUALHUBS/ROUTETABLES These are resources that are used in custom routing, a recently announced as GA feature that won’t be live until August 3rd, according to the Azure Portal. The resource control the flows of traffic in your hub and spoke architecture. They are child-resources of the virtualHubs resource so no references of hub resource IDs arerequired.
AZURE FIREWALL – MICROSOFT.NETWORK/AZUREFIREWALLS This is an optional resource that is deployed when you want a “Secured Virtual Hub”. Today, this is the only way to put a firewall into the hub, although a new preview program should make it possible for third-parties to join the hub. Alternatively, you can use custom routing to force north-south and east-west traffic through an NVA that is running in a spoke, although that will double peeringcosts.
The Azure Firewall is deployed with the AZFW_Hub SKU. The firewall is not a hidden resource. To manage the firewall, you must use an Azure Firewall Policy (aka Azure Firewall Manager). The firewall has a property called firewallPolicy that points to the resource ID of a firewallPolicies resource. AZURE FIREWALL POLICY – MICROSOFT.NETWORK/FIREWALLPOLICIES This is a resource that allows you to manage an Azure Firewall, in this case, an AZFW_Hub SKU of Azure Firewall. Although not shown here, you can deploy a parent/child configuration of policies to manage firewall configurations and rules in a global/local way.
VPN GATEWAY – MICROSOFT.NETWORK/VPNGATEWAYS This is one of 3 ways (one, two or all three at once) that you can connect on-premises (branch) sites to the hub and your Azure deployment(s). This gateway provides you with site-to-site connectivity using VPN. The VPN Gateway uses a property called virtualHub to point at the resource ID of the associated hub or virtualHubs resource. This is a hidden resource. Note that the virtualHubs resource must also point at the resource ID of the VPN gateway resource ID using a property called vpnGateway.
EXPRESSROUTE GATEWAY – MICROSOFT.NETWORK/EXPRESSROUTEGATEWAYS This is one of 3 ways (one, two or all three at once) that you can connect on-premises (branch) sites to the hub and your Azure deployment(s). This gateway provides you with site-to-site connectivity using ExpressRoute. The ExpressRoute Gateway uses a property called virtualHub to point at the resource ID of the associated hub or virtualHubs resource. This is a hidden resource. Note that the virtualHubs resource must also point at the resource ID of the ExpressRoute gateway resource ID using a property calledp2sGateway .
POINT-TO-SITE GATEWAY – MICROSOFT.NETWORK/P2SVPNGATEWAYS This is one of 3 ways (one, two or all three at once) that you can connect on-premises (branch) sites to the hub and your Azure deployment(s). This gateway provides users/devices with connectivity using VPN tunnels. The Point-to-Site Gateway uses a property called virtualHub to point at the resource ID of the associated hub or virtualHubs resource. This is a hidden resource. The Point-to-Site Gateway inherits a VPN configuration from a VPN configuration resource based on Microsoft.Network/vpnServerConfigurations, referring to the configuration resource by its resource ID using a property called vpnServerConfiguration. Note that the virtualHubs resource must also point at the resource ID of the Point-to-Site gateway resource ID using a property calledp2sVpnGateway .
VPN SERVER CONFIGURATION – MICROSOFT.NETWORK/VPNSERVERCONFIGURATIONS This configuration for Point-to-Site VPN gateways can be seen in the Azure WAN and is intended as a shared configuration that is reusable with more than one Point-to-Site VPN Gateway. To be honest, I can see myself using it as a per-region configuration because of some values like DNS servers and RADIUS servers that will probably be placed per-region for performance and resilience reasons. This is a hiddenresource.
_The following resources were added on 22nd July 2020:_ VPN SITES – MICROSOFT.NETWORK/VPNSITES This resource has a similar purpose to a Local Network Gateway for site-to-site VPN connections; it describes the on-premises location, AKA “branch office”. A VPN site can be associated with one or many hubs, so it is actually connected to the Virtual WAN resource ID using a property called virtualWan. This is a hidden resource. An array property called vpnSiteLinks describes possible connections to on-premises firewall devices. VPN CONNECTIONS – MICROSOFT.NETWORK/VPNGATEWAYS/VPNCONNECTIONS A VPN Connections resource associates a VPN Gateway with the on-premises location that is described by an associated VPN Site. The vpnConnections resource is a child resource of vpnGateways, so there is no actual resource; the vpnConnections resource takes its name from the parent VPN Gateway, and the resource ID is an extension of the parent VPN Gateway resource ID. By necessity, there is some complexity with this resource type. The remoteVpnSite property links the vpnConnections resource with the resource ID of a VPN Site resource. An array property, called vpnSiteLinkConnections, is used to connect the gateway to the on-premises location using 1 or 2 connections, each linking from vpnSiteLinkConnections to the resource/property ID of 1 or 2 vpnSiteLinks properties in the VPN Site. With one site link connection, you have a single VPN tunnel to the on-premises location. With 2 link connections, the VPN Gateway will take advantage of its active/active configuration to set up resilient tunnels to the on-premises location. VIRTUAL NETWORK CONNECTIONS – MICROSOFT.NETWORK/VIRTUALHUBS/HUBVIRTUALNETWORKCONNECTIONS The purpose of a hub is to share resources with spoke virtual networks. In the case of the Virtual Hub, those resources are gateways, and maybe a firewall in the case of Secured Virtual Hub. As with a normal VNet-based hub & spoke, VNet peering is used. However, the way that VNet peering is used changes with the Virtual Hub; the deployment is done using the hub/VirtualNetworkConnections child resource, whose parent is the Virtual Hub. Therefore, the name and resource ID are based on the name and resource ID of the Virtual Hubresource.
The deployment is rather simple; you create a Virtual Network Connection in the hub specifying the resource ID of the spoke virtual network, using a property called remoteVirtualNetwork. The underlying resource provider will initiate both sides of the peering connection on your behalf – there is no deployment required in the spoke virtual network resource. The Virtual Network Connection will reference the Hub Route Tables in the hub to configure route association and propagation.MORE RESOURCES
There are more resources that I’ve yet to document, including:* BGP Connections
* IP Configurations
* ExpressRoute Connections * ExpressRoute Circuits Author AFinn Posted on July 20, 2020July 22, 2020 Categories AzureTags ARM
, Azure
, Azure Firewall
, Azure Firewall Policy, Custom Routing
, ExpressRoute
, ExpressRoute Gateway, Firewall
, Gateway
, Hub & Spoke
, Networking
, P2S
, P2S Server Configuration, Point-to-Site
Gateway ,
Point-to-Site VPN ,
Resources , Route Tables, Template
, Virtual Hub
, Virtual WAN
, VPN Gateway
Leave a comment on Azure Virtual WAN ARM – The Resources THE NEW OFFICE – DAY 3 It’s Monday and day 3 of the construction of Cloud Mechanix Global HQ. On Friday, the carpenters finished the steel roof and installed the wall studs for the cavity wall with insulation, as you can see inthe photo.
One of the options we selected in the installation was to have a “plinth” and step installed. The price for this is always estimated on the site – the site effects the levelling and height of the foundation, and the height determines the amount of wood and labour required. The quote I was given was €350. The team is planning to finish the interior and additional wood work today. Next up will be the painters and electrical second fitting. We also added the options for paint and painting in the purchase. I _can_ paint, but I suck at edges and I’m slow; I’d rather let a professional do it plus that means it’s time I can spend doing other things. Thoughts are now turning to the interior, which will be painted white. Floorboards are being installed and also being painted white. But I am considering installing additional flooring to protect the structural wood. If I do, it’ll be something dark, or even grey, to contrast somewhat with the white walls and ceiling. I already have a white L-shaped Ikea “Bekant” desk. I think I will stick with the Ikea desks – I do like them. The plan is that the L-shaped desks will be placed behind the windows at the front, giving us a nice view up the garden while working. We’ll see where the budget is in a week or so, but I’m partial towards the version of the Bekant that includes powered legs that can raise/lower the desk at the push of a button. I have an office chair already with a white frame and black cushions. But it was a bad purchase – the piston lasted only a few months and it makes a cracking noise when I adjust my position – that was why I replaced the previous seat! I can see myself buying some Secret Lab chairs so comments on that are welcome – from people who have owned one for more than 1 year. I have a white 2×4 Ikea “Kallax” unit in the small office in the house at the moment. On the plus side, it’s great to display certain things. On the negative side, the close options are too small for the stuff you want to hide – I have 2 large plastic storage boxes hidden in the built-in wardrobe in the office at the moment, filled with things like spare peripherals, cables, battery packs, and so on. I think I want something that is closed storage at the bottom and open shelf storage at the top. I will keep looking. My desk is quite full at the moment: 3 x USB drives (that I might replace with a NAS), a laptop, an Intel NUC, a KVM switch, a Surface dock, an Epson eco-tank printer, 2 x 27″ monitors, a mic, and so on. Some of the stuff is stuff that you need around but don’t need beside you all the time. Because we have a nearly 6 x 4m space, we have room to add more desk space. So I am thinking of putting in 1, or even 2, additional straight desks at a later time. Things like the printer and networking gear can be relocated to there. Finally, there are times where you want to work, but want to relax. Maybe you need to read something in a more relaxed position, or just take a break from the screen. I’m thinking that we’ll put in a black leather couch in middle of the office – I’m not sure where yet because I might also move the 43″ TV from the house office into there – nice for watching conferences, etc. The second-hand market sometimes is great for that kind of thing – my mother-in-law is quite skilled at buying/selling on those kinds of websites so we might have to recruit her assistance. Depending on how that goes and how much space there is, we might add a small coffee table too. Author AFinn Posted on July 20, 2020July 20, 2020 Categories Uncategorized Leave a comment on The NewOffice – Day 3
POSTS NAVIGATION
Page 1 Page 2 … Page 386Next page
Search for: Search
Shop Related ProductsAds by Amazon
×
Thank you!
This will help us improve your ad experience. We will try not to showyou such ads again.
Report a problem
This item is...
Not relevant
Inappropriate / OffensiveDisplayed poorly
Other
Add Comments (Max 320 characters) Virtualization Essentials$30.78$40.00
Bestseller
(60)
DEAL OF THE DAY
ENDS IN
Ads by Amazon
TAGS
* 1709
* Access Restrictions* ACT
* Active Directory
* Activity Log
* Advanced Threat Protection* AKS
* Alerts
* AMD
* Analytic Rules
* App Controller
* Apple
* Appliance
* Application Firewall * Application Gateway* App Services
* Architecture
* Archive
* ARM
* ARM Template
* ASM
* ASR
* Automation
* Availability Sets
* Availability Zones* Azure
* Azure AD
* Azure AD Connect
* Azure AD Domain Services* Azure Automation
* Azure Backup
* Azure Backup Server* Azure Bastion
* Azure DevOps
* Azure DNS
* Azure Files
* Azure File Sync
* Azure Firewall
* Azure Firewall Manager * Azure Firewall Policy* Azure IaaS
* Azure Kubernetes Service* Azure Lighthouse
* Azure Migrate
* Azure Monitor
* Azure Monitor Logs* Azure PaaS
* Azure Policy
* Azure Portal
* Azure Resource Graph * Azure Resource Manager * Azure Security Center* Azure Sentinel
* Azure Site Recovery* Azure Stack
* Azure Virtual WAN
* Azure WAN
* B-Series
* Backup
* Barracuda
* Bastion Host
* BGP
* BitLocker
* Blob
* Books
* Boot Diagnostics
* Business Intelligence* Certificate
* Check Point
* Circuit
* Cisco
* Citrix
* Cloud
* Cloud Camp
* Cloud Computing
* Cloud Mechanix
* Cold
* Compliance
* Conference
* Conferences
* ConfigMgr
* Configuration Manager* Connect
* Connection
* Containers
* Course
* Custom Resource Provider* Custom Routing
* Das_v3
* Data Warehouse
* Default Route
* Delegated Resource Management* Delegation
* Deployment
* DevOps
* DevTest Labs
* Diagnostics
* Dig Data
* DMZ Hub
* DNS
* DPM
* DR
* DSC
* Dublin
* Eas_v3
* EMS
* Entity Behavior
* EPYC
* Evens
* Event
* Event Hub
* Event Notes
* Events
* Exchange
* Exchange 2010
* ExpressRoute
* ExpressRoute Gateway * Failover Clustering* Featured
* Firewall
* Forefront
* Functions
* GA
* Gateway
* General Purpose v2 Storage Account * Geo-Zone Redundant Storage* Git
* GitHub
* Global Azure
* Global Azure Bootcamp * Global VNet Peering* Governance
* GPv2
* GZRS
* Hardware
* HB_v2
* HCI
* HDInsight
* Health Monitoring
* Hot
* HP
* Hub
* Hub & Spoke
* Hub-and-spoke
* Hybrid Cloud
* Hyper-Converged Infrastructure* Hyper-V
* Hyper-V Server
* IaaS
* I am live blogging this session* IE
* Ignite
* IIS
* Infrastructure-as-Code* Intel NUC
* Internet
* Internet Explorer
* Intune
* IoT
* IoT Hub
* iPhone
* it’s lovely and cool in this room Smile* JSON
* Jumpbox
* Jump box
* Key Vault
* Kubernetes
* Layer-7
* Licensing
* Lighthouse
* Linux
* Live
* Live Migration
* Load Balancer
* Load Balancing
* Log Analytics
* Lync
* MABS
* Machine Learning
* Managed Apps
* Managed Disks
* Managed Service Prover* MAP
* MARS
* MDT
* Microservices
* Microsoft
* Microsoft. Hyper-V* Microsoft. MDT
* Microsoft 365
* Microsoft Ignite 2019 * Microsoft Information Protection * Microsoft Multipath I/O (MPIO) Users Guide for Windows Server 2012* Microsoft News
* Migration
* Mobile
* MVP
* MVPBuzz
* Nano Server
* Network
* Networking
* Network Security Group * Network Security Groups * Network Virtual Appliance* Network Watcher
* News
* NSG
* NSG Flow Logging
* NSG Traffic Analytics* NVA
* O365
* Office
* Office 365
* Opalis
* Operations Manager* OpsMgr
* Orchestrator
* P2S
* P2S Server Configuration* PaaS
* Palo Alto
* Peering
* Performance
* PIP
* Pipeline
* Planned Maintenance * Platform-as-a-Service* Podcasts
* Point-to-Site Gateway* Point-to-Site VPN
* PowerShell
* Pricing
* Private Cloud
* Private DNS Zone
* Private Endpoint
* Private Link
* Private Peering
* Probe
* Project Honolulu
* ProLiant
* Public IP Address
* Public IP Prefix
* Quick Storage Migration* RA-GZRS
* RBAC
* RDmi
* RDP
* RDS
* RDS Gateway
* Read-Access Geo-Zone Redundant Storage* Redundancy
* Regions
* Remote Desktop
* Remote Desktop Services* Resizing
* Resource Manager
* Resources
* Route Propagation
* Route Table
* Route Tables
* Routing
* RTM
* S2D
* S2S VPN
* Satya Nadella
* Scale-Out File Server* SCORCH
* Scripting
* Scripts
* SCVMM
* SD-WAN
* Secured Virtual Hub * Secure Virtual Hub* Security
* Series
* Serveless
* Server Core
* Serverless
* Service Catalog
* Service Endpoint
* Service Fabric
* Service Level Agreement* Service Manager
* Service Provider
* Service Tags
* SharePoint
* Site-to-Site VPN
* SLA
* SMA
* so hit refresh to get the latest. BTW* Spoke
* Springboard
* SQL
* SQL 2005
* SQL 2008
* SQL Server
* SSH
* SSL
* SSL Gateway
* Standard Public IP* Standard SSD
* Starting Azure Infrastructure* Static Website
* STEP
* Storage
* Storage Account
* Storage Accounts
* Storage Replica
* Storage Spaces
* Storage Spaces Direct* Stream Analytics
* Subnet
* Subscription
* Surface
* Surface Pro
* System Center
* System Center Essentials* System Route
* Tablet
* Template
* Tenant
* Tiering
* Traffic Manager
* Training
* UDR
* Uptime
* User-Defined Routing* VDI
* Virtual Hub
* Virtual Hub Route Table* Virtualisation
* Virtual Machine
* Virtual Machines
* Virtual Network
* Virtual Network Gateway* Virtual WAN
* Virtual WAN Hub
* Virtual WAN Hub Route Table * Virtual WAN Route Table * Visual Studio Code* VMM
* VMs
* VMware
* VNet
* VNet Peering
* VPN
* VPN Gateway
* VS Code
* W2008
* W2008R2
* WAF
* WAFv2
* WAG
* WAGv2
* WAIK
* WAN
* WAP
* WatchGuard
* WDS
* Web App
* Web Application Firewall * Web Application Firewall v2 * Web Application Gateway * Web Application Gateway v2* WebApps
* Webinar
* Windows
* Windows 7
* Windows 8
* Windows 8.1
* Windows 10
* Windows 2000
* Windows Azure
* Windows Azure Pack* Windows Defender
* Windows Home Server* Windows Phone
* Windows Server
* Windows Server. Windows Server 2016 * Windows Server 2003 * Windows Server 2008 * Windows Server 2008 R2 * Windows Server 2012 * Windows Server 2012 * Windows Server 2012 R2 * Windows Server 2015 * Windows Server 2016 * Windows Server 2019 * Windows Server Containers * Windows Sever 2016* Windows Updates
* Windows User Group * Windows Virtual Desktop* Windows Vista
* Windows XP
* WordPress
* Workbooks
* Workspace
* WS2019
* WSUS
* Xen
* Xeon
* Zone Redundant Storage* ZRS
* Blog
* Events
* Azure Newsletter
* Azure Training
* About Aidan Finn
* Privacy
* RSS
Aidan Finn, IT Pro PrivacyDetails
Copyright © 2024 ArchiveBay.com. All rights reserved. Terms of Use | Privacy Policy | DMCA | 2021 | Feedback | Advertising | RSS 2.0