Azure

Security of Cloud Tools

So I have been heavily involved with the security of our Managed Service Cloud infrastructure and have been using Microsoft OMS (Log Analytics) very proactively to scan our networks for potential vulnerabilities. One vulnerability that was picked up in the Security and Audit section was on a third-party box we have in our network which hosts some Office365 integration. In OMS Threat intelligence this server was shown to be hosting a suspicious outbound connection which is visualised as a red up turned arrow, which is you know you OMS is not good and requires immediate attention (see example below)… On investigation of the box and outbound IP address we discovered that it was actually an instance of remote control tool teamviewer which when accessed remotely by the third-party actuall...

Azure Stack – Black Box Architecture

Previously I talked about the Integrated System approach from Microsoft for Azure Stack. In this post I want to talk a little bit more about why Microsoft will be sealing the system. Azure Stack will run on a black box architecture with no way to get in the systems running on it. All of your administration is performed through the Azure Stack Resource Manager. You will not be able to log on the Hyper-V hosts, the credentials you use are not recognised by the Windows Servers as their level of access stops at the Azure Resource Manager level. Any action that is needed to be undertaken on the physical infrastructure will be done by the appropriate resource provider. One example of “Black Box Architecture” could be your Storage Area Network… For example, you can’t login...

Public Preview of Azure to Azure Site Recovery

Microsoft have announced the public preview of their new Azure to Azure Site Recovery feature. This allows you to replicate Virtual Machine running in Azure from Region to another without having to deploy additional infrastructure such as the original ASR software. The replication is configured through the Recovery Services Vault. This feature has been in Private Preview for quite a while now and it is available in every region that support ASR so that is good news! Hopefully all the issues have been worked out and now this is just “at scale” testing. I know that this will certainly change how I architect some Azure deployments now, especially for those where an RPO/RTO of minutes/hours is acceptable. More information on the new feature can be found at: https://azure.microsoft....

SCCM – Cloud Management Gateway limitation

I wanted to write a quick post about this on here as it’s the perfect place for this hybrid cloud solution and I wanted to make people aware of a limitation of a new feature in Microsoft System Center Configuration Manager – Cloud Management Gateway. If you’re not familiar with the Cloud Management Gateway (CMG) then I’ll abbreviate it as an alternative solution to internet based client management which is much simpler to set up and leverages Azure instead of setting up your own on-prem DMZs and the like. If you want further information on this I recommend you go and read here – https://docs.microsoft.com/en-us/sccm/core/clients/manage/plan-cloud-management-gateway Now, I happen to think this is a great solution to a problem I’ve seen for years with comp...

Azure Stack Development Kit (PoC)

Azure Stack, for a production deployment, will only be available on Integrated Systems as described here. However, there is an option for you to install Azure Stack on a single server to “kick the tyres” … This is the Azure Stack PoC (PoC), soon to be renamed to Azure Stack Development Kit. This server does not need to have all the required hardware that a production deployment would require, for example you do not have to have SSDs and HDDs in the server, you need a minimum of 5 disks in the server for the PoC installation, 1 for the Boot OS and 4 for use by Azure Stack to create a Storage Space. For the exact specifications of the hardware please check this website: https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-deploy. If you are planning to test the AppService, SQL, MyS...

Business Case for Azure Stack

Azure Stack is Microsoft’s brand new offering in the hybrid cloud space that uses the same technology as their hyperscale public could, Microsoft Azure. With this Microsoft, the ONLY hyperscale public cloud provider that can offer their services in a truly hybrid fashion. This essentially allows YOU to run Azure in your own datacentre. Microsoft have said that “Cloud is model, not a place” and this is very apt with Azure Stack. Azure Stack brings the technology of the hyperscale cloud to your datacentre. This can present organisations a huge opportunity… There are organisations that, for whatever reason, can’t use “the Cloud”, be that for compliance, security or other business reasons. Rarely is the reason a company “can’t use Cloud” a technological reason. Some organisations have data tha...

Azure Route-Based VPN with Palo Alto Firewall – Dropping Connection

Originally posted by Jay Avent I have recently been working with a customer who were trying to set up a Site-to-Site VPN connection to Azure using their on-premises Palo Alto firewall device. Their firewall was a supported model running the required PAN-OS version (v7.0.5+). They configured the device as per the documentation linked to from the Azure Support website – https://live.paloaltonetworks.com/t5/Integration-Articles/Configuring-IKEv2-VPN-for-Microsoft-Azure-Environment/ta-p/60340 however, after around an hour they were seeing the connection drop for approximately 2-3 minutes before coming back up and working again for another hour. This happened continuously despite being configured exactly as described in the support documentation. I raised a support ticket with Microsoft and aft...

Lost Password

Register