Azure Site Recovery (ASR) now supports proximity placement groups (PPGs) from the Azure portal. Recall that previously, ASR only supported Proximity placement groups when configured via PowerShell. The new functionality in the portal is a lot more seamless, and I highly recommend it for replicating for failover and failback to a secondary region, any workloads that are configured within proximity placement groups. Recall that proximity placement groups is a construct that enables you to logically group your application components together to avoid network latency between the various tiers of your application. The use case for this in the context of site recovery is that while PPGs provide optimal network latency for your application, you also want to ensure that in … Read More
Azure NetApp Files (ANF) – Deploy with JSON
Azure NetApp Files (ANF) is an enterprise-class, high performance, file storage service that supports any workload type and is by default, highly available. The service enables you to select various service and performance levels based on your use cases and needs. Key Use cases include: Databases – Applications that need to be performant require reliable, and high-performance storage. ANF can play a crucial role in ensuring that your Web-apps and e-commerce apps perform exactly as you need them to, and you have fine-grained control over the storage tiers you consume for your applications to meet your needs. Files Services – ANF provides cloud-based file share services through its highly available and scalable platform. It supports both SMB connections for Windows … Read More
Addressing Critical ZeroLogon Vulnerability CVE-2020-1472
The ZeroLogon vulnerability is a privilege elevation vulnerability that exists when an attacker establishes a vulnerable NetLogon secure channel connection to a Microsoft Windows Server Domain Controller, allowing the attacker to perform a NetLogon authentication bypass attack, which simply put, can enable an attacker to obtain domain admin access, and take over an organization’s domain and effectively disrupt the organization’s functionality through ransomeware payload installation, for instance. This Zero-day vulnerability was discovered by Security firm, Secura, and Microsoft has recently confirmed that this vulnerability is actively being exploited in the wild. Secura has released a PoC code on their Github, that actually allows exploitation of this vulnerability and it’s use and deployment is quite intuitive. If the increasing discoveries of … Read More
What retail investors can learn from Warren Buffet’s Investment strategy
Last week, Warren Buffet’s Berkshire Hathaway (NYSE: BRK.A) (NYSE: BRK.B) made a sizable purchase to increase its stake in Delta Air Lines (NYSE: DAL)on a major down day and amidst unnerving turbulence in the markets. Last week will linger on in memory for a while as the harbinger of what is now undoubtedly the markets’ slide into bear-market territory, probably precipitated by the oil price collapse, triggered over the weekend by the OPEC-Russia impasse, and fueled on by the inexorable spread of COVID-19. We saw several alternating days in a row of big moves in the S&P 500 of plus or minus 4% or more, and we saw even bigger moves this week with the circuit breaker triggered after the … Read More
NSGs for Azure APIM with VNET
I’m doing some work on deploying Azure API Management inside a VNET in order to access backend services and had to enumerate a list of Network Security Group (NSG) rules to allow inbound and outbound traffic into the subnet in which API Management is deployed. Posting the JSON here so for easy reference. Still testing this out, so let me know if I missed any ports. Cheers! { “$schema”: “https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#”, “contentVersion”: “1.0.0.0”, “parameters”: { “nsgname”: { “type”: “String”, “metadata”: { “description”: “NSG Name” } }, “location”: { “type”: “string”, “defaultValue”:”[resourceGroup().location]”, “metadata”: { “description”: “location value for all defined resources” } } }, “variables”: {}, “resources”: [ { “type”: “Microsoft.Network/networkSecurityGroups”, “apiVersion”: “2019-11-01”, “name”: “[parameters(‘nsgname’)]”, “location”: “[parameters(‘location’)]”, “properties”: { “securityRules”: [ { … Read More
[MUSINGS] What a Week! EPL Football
This is likely the first non-technology article I’m publishing here, and it is the first of many to come. So indulge me, as I lighten the content in this here blogosphere of mine. What a whirlwind week it’s been indeed. What with the global financial markets in a tailspin, and reeling from a coronavirus-driven rout, and Elton John’s beloved, albeit bottom table-dwelling Watford putting paid to Liverpool’s bid for a record-setting 19 unbeaten games in the top flight of English football. But this article isn’t about the market. There’s another 5 articles coming on that subject. This is purely about the beautiful game, football. Yes, It’s been 422 days since Liverpool lost a game in the Premier league. And while … Read More
Zero Trust and the Azure Firewall service
I’m a proponent of zero trust for enhancing network-level security and access control for your Azure resources. The idea is that of demarcating your high-security deployments from the internet, using a perimeter network, aka DMZ. What this enables you to do is focus your network access control, logging, monitoring, alert/event management workflow integration on your edge devices, not necessarily as a stand-alone solution, but as a part of an overarching solution for access control, and oversight at the network layer. Think NSGs/ASGs (in the Microsoft cloud) as fitting somewhere into this picture, and let’s not overlook Identity and the role it plays as a pillar of security, but that’s a topic for another day. Now with that said, most enterprises … Read More
Making the move to Azure Security Center and Azure Sentinel
This article is not intended as a technical deep-dive into the Azure Security Center (ASC) and Sentinel solutions from Microsoft. There are loads of instructive docs on these from Microsoft. I intend for this article to simply serve as a reminder for OMS Security and Compliance clients to make the switch to Azure Security Center and explore the Sentinel SIEM solution which is currently in preview and free. The Security and Compliance solution reaches EOL at the end of July 2019. Recall this security event log filtering feature that informed SecurityEvent table data in your Log Analytics repo, and that lived somewhere in the erstwhile OMS Security & Audit UI? Well it’s wound up in Azure Security Center. … Read More
Azure Monitor Management solution for RDS, Windows VDI and Citrix
Just noticed the availability of the community edition of the Azure Monitor management solution for RDS, Citrix and Windows VDI. Organizations that provide services through VDI have a need for monitoring the solution to various degrees beyond just server-side and infrastructure and performance monitoring, but also monitoring for user experience, session monitoring etc. These solutions enable you to deeply analyze sizing, performance, and user experience at each time frame in the past and for lowest expenses. You will also be able to leverage your existing event management, and alerting workflows in Azure monitor and investments in Azure. Check out the solutions here: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/sepagogmbh.loganalyticsagent-rds?tab=Overviewhttps://azuremarketplace.microsoft.com/en-us/marketplace/apps/sepagogmbh.loganalyticsagent-rds?tab=PlansAndPrice
Hybrid Cloud Print Known Issues and Workarounds
In a previous post, I outline the steps for deploying Hybrid cloud print. Here are some noteworthy issues and errors you may encounter when deploying/ testing this solution through either of the supported pre-authentication methods, and some ways to remediate them. Publishing permissions. This error indicates that you do not have permissions print server management permissions or permissions to modify the Mopria database file. Address this by following steps #2 and #8 of the referenced post above. Read and Sign-in Authorization for Native client or web apps This error indicates that required permissions are missing on Native client or Web apps it further indicates that you’ve not delegated permissions to the app for required APIs, as outlined in steps #10 … Read More