Thoughts from the clouds
Virtually every expert out there recommends following an Infrastructure-as-Code approach to manage Azure Networks, and even more so when dealing with traffic segmentation features such as firewall rulesets and network security groups (those tend to change more frequently than other resources). And yet, there is surprisingly little guidance on how to do so, and about … Continue reading Deploy (Azure) Network-as-Code as a champ
I recently had a project where we had the chance to convert a Palo Alto ruleset to an Azure Firewall Policy. I had recently created a script to generate a Firewall Policy for Microsoft 365 endpoints, so the challenge was using that work as a basis to generate an Azure Firewall Policy out of the … Continue reading Importing Palo Alto policies to Azure Firewall
You probably know that you can use Azure Machine Learning Services to support you along the complete life cycle of your Machine Learning development, from training to deployment. And you probably know as well that for production-grade deployments one of the best platforms to run your inferencing is Kubernetes. From the Azure Machine Learning portal … Continue reading Azure Machine Learning inferencing on AKS under the covers
You probably know what Azure Service Map is: a service that can analyze traffic in your data center and display application dependencies. This can be extremely useful for different purposes, such as deciding which VMs can be moved to the public cloud, and in which order. This picture shows a screenshot of the type of … Continue reading Azure Service Map REST API samples
After a long time of no blog writing (mostly busy with my book on ACI and learning Machine Learning and AI), the messages of new followers of this blog has pushed me into finding the time to write a new blog. Thanks for that! A question that I have been dealing with lately is that … Continue reading Migrating VMs to the cloud: send or remake?
I have been working this week a bit with Azure VMSS, and I thought I would publish my findings, since I could not find this information in the standard documentation. First of all, if you do not know what a VMSS is, you can read more here. Essentially they are farms of VMs that are … Continue reading Working with network attributes of Azure Virtual Machine Scale Sets
I have been updating my ARM templates to create VMs and VM Scale Sets (VMSS) to support the new Availability Zones. I have learnt some important concepts that were not obvious for me along the way, and I would like to share them. Before going forward, you can see a template where you can deploy … Continue reading Migrating your ARM templates to Azure Availability Zones
Lateral movements are typically the first thing that hackers do after compromising a system in order to spread their attack to other valuable targets, so isolating systems that have been compromised is of paramount importance for an organization from a security perspective. In a previous blog (here) we saw a possibility of having abstract policies … Continue reading Easily isolate compromised VMs with Azure Security Center and Logic Apps
Find out how to build a solution on top of Azure APIs to automate the creation of NSGs.
You have probably heard about Azure Backup (if you haven’t, check the documentation here). And you probably know that it is one of the most popular entry doors into the public cloud, since it offers cheap, simple, scalable, and unlimited storage for on-premises workloads (as well as for Azure VMs, of course). The use case … Continue reading Verifying Azure Backup for on-premises machines with Powershell
Cloudtrooper 