Author: rzomerman

Enable/Disable Accelerated Networking on Azure VM’s

Microsoft Azure has the option to enable Accelerated Networking on VM’s. More information on the feature can be found here but this post is not to tell you about what good it does nor how it works.. no, this post is to introduce a new script that will enable/disable the function for you! update: it’s […]

Read more

Azure Stack Development Kit – Installer (on USB)

If you want to deploy the Azure Stack Development Kit, the deployment guide instructs you to install a clean Windows 2012R2 or 2016 server OS on the physical host to then configure it to boot from the CloudBuilder VHDX on the C drive. In this blogpost the initial installation of Windows 2012R2 / 2016 is […]

Read more

Even strong passwords are… stupid

While this blog is mostly focused around passwords and how to ensure people can login, the new direction within Microsoft is to get rid of passwords. I can already feel the shock from many security officers reading this post, but hear us (eeuh Microsoft) out on this one. Passwords are by default unsecure, they require […]

Read more

Azure Active Directory Pass-through Authentication part 2

In the initial post, we looked at PTA from a high-level perspective. This post goes into the actuals and internals of the PTA to ensure you can convince your security department on why PtA is a very good idea. Inside Azure AD there are multiple components that work together to ensure the safety of your […]

Read more

ImmutableID – mS-DS-ConsistencyGuid – ADConnect – final part

One of the most looked at topics on this blogpost is the ImmutableID series for Azure AD Connect and AADSync. And I wanted to give an update to this, given the latest versions of Azure AD Connect seemed to have adopted the idea to use the ms-ds-ConsistencyGuid (or any other value) to replace the ImmutableID used for synchronization. Don’t worry, please keep reading the other posts, as they clearly explain the how behind the idea of using the alternative ImmutableID.. and this post is just to tell you.. Microsoft has made the implementation a lot easier!

Read more

Azure Stack Development Kit – Connecting to subscription networks through the host

I know that many of my posts are about networking icw a Juniper SRX… as I happen to have one. But what if you don’t have such a “sophisticated” device that can handle multiple virtual routers, BGP and all the other stuff. Well I could say, buy one from e-bay.. but let’s see if I […]

Read more

Azure Stack Development Kit – Connecting to subscription networks

When you have Azure Stack Development Kit deployed and in Routing mode (see earlier post). You can now also create S2S VPN connections to the tenants deployed inside Azure Stack. In my configuration I used BGP for the BGPNAT to advertise the newly assigned “external” IP addresses to my Juniper so that I don’t have […]

Read more

Azure Stack Development Kit – moving around (changing IP’s)

When you have your Azure Stack Development Kit, you might want to show it off to your customers or simply change the external IP address for some other reasons.. as we have seen earlier there is a dual NAT mode inside the Azure Stack Dev Kit box. The AzS-BGPNAT01 VM receives an external IP address […]

Read more

Azure Stack Development Kit – Unable to place Virtual Machines

If you are playing around with Azure Stack Development Kit, you might come across the following error: While the error states: Unable to place Virtual Machines for specific class and size due to low memory capacity my immediate thought was to check the memory utilization on the host: With over 73Gb of memory left, I […]

Read more

Azure Stack Development Kit – BGP

Now that we have our Azure Stack Development Kit in routing mode, we can also send the BGP information from within the Stack to the Juniper Firewalls (or any FW you have..). This will ensure that the new “external IP addresses” that are assigned to our workloads are accessible via our intranet route information and […]

Read more