azure – Page 4 – Cloudtrooper

Do not let ExpressRoute, VPN and SDWAN traffic bypass your firewall

March 25, 2024March 26, 2024 by erjosito

I have recently expanded my SDWAN in hub-and-spoke networks design guide to include SDWAN-to-firewall routing. Initially I didn’t have this point, but recent conversations have made me realize that not everybody understand this. The main difficulty in this topic is related to the fact that you cannot inspect the effective routes of your Virtual Network … Continue reading Do not let ExpressRoute, VPN and SDWAN traffic bypass your firewall

Azure network monitoring with synthetic traffic

January 23, 2024January 24, 2024 by erjosito

Wow, that was a mouthful. But it describes what I would like to discuss in this post. Networks are at the basis of every IT infrastructure, so when they don’t work, everybody notices (and when they do work, nobody notices). Hence, monitoring computer networks to detect and fix problems as quickly as possible is a … Continue reading Azure network monitoring with synthetic traffic

Taxonomy of Azure PaaS service access

January 12, 2024February 28, 2024 by erjosito

Azure PaaS service networking is quite a complex landscape to navigate. Documentation in Azure about this topic is located in different areas (under Networking and each specific PaaS service), and sometimes using inconsistent terminology. My goal in this blog post is setting a classification of PaaS services that can be used to navigate this complexity. … Continue reading Taxonomy of Azure PaaS service access

Designing your SDWAN and Firewall into Azure Hub and Spoke

November 24, 2023September 5, 2024 by erjosito

Designing network connectivity in public cloud can very quickly become a daunting task. Of course, public cloud providers do offer native networking services, and with those it is fairly easy. This should always be your primary route (pun intended). For example, in the case of Azure, using Virtual WAN and its native integration with both … Continue reading Designing your SDWAN and Firewall into Azure Hub and Spoke

TCP Proxy with Istio on AKS

October 30, 2023 by erjosito

You might have heard of the new AKS Gateway API, which will allow for much more functionality than the good, old ingress API that we all know and love. One of those features is the support for TCP routes, since although HTTP(S) is the king protocol in today’s world, there are still many applications out … Continue reading TCP Proxy with Istio on AKS

Get certificates with Azure Key Vault extension to your Linux VMs

September 18, 2023September 18, 2023 by erjosito

Certificate management is one of those IT disciplines that is nobody’s dream, and still it can have quite a dramatic (negative) impact in your web presence if not done properly, such as users being told by the browser that your site is not secure. Azure has a nice little tool to manage certificates and bring … Continue reading Get certificates with Azure Key Vault extension to your Linux VMs

DRY Terraform code for Private Link and DNS

August 19, 2023 by erjosito

After last week’s almost-philosophical post on network complexity, let’s move on to more mundane tasks. Today I will focus on how to write efficient Terraform code to connect private endpoints and DNS, without having to copy/paste literally hundreds of lines. First things first: what the heck am I talking about? Private endpoints are a way … Continue reading DRY Terraform code for Private Link and DNS

Monitoring Azure Networks with Alerts

June 28, 2023June 30, 2023 by erjosito

Monitoring is one of those underrated disciplines: everybody tells you to do it, but nobody tells you exactly how. As a consequence, there are many different approaches and few concrete recommendations. Before continuing, a word of caution: I am not going to cover introductory topics in this post. If you are not familiar with Virtual … Continue reading Monitoring Azure Networks with Alerts

Cilium Network Policy in AKS

June 16, 2023 by erjosito

If you are following the Azure Kubernetes Service space, I am sure you noticed that Azure CNI powered by Cilium is Generally Available. But is this a big thing? What does it mean for you? Well, yes, it is big indeed. It is like changing the wheels of your car to new ones: Cilium is … Continue reading Cilium Network Policy in AKS

Deploy (Azure) Network-as-Code as a champ

June 8, 2023June 9, 2023 by erjosito

Virtually every expert out there recommends following an Infrastructure-as-Code approach to manage Azure Networks, and even more so when dealing with traffic segmentation features such as firewall rulesets and network security groups (those tend to change more frequently than other resources). And yet, there is surprisingly little guidance on how to do so, and about … Continue reading Deploy (Azure) Network-as-Code as a champ