Do we always need to follow CAF recommendations?

In the journey of infrastructure creation within Azure, many organizations lean towards crafting complex hub-and-spoke topologies to host their applications, even when the necessity for such complexity isn’t apparent. A common justification echoes: “It’s mandated by the Microsoft Cloud Adoption Framework (CAF)”. However, embarking on this path unfolds a myriad of related, albeit previously unexplored, domains. For instance, the newfound need to manage IP spaces, delve into VLSM subnetting - topics unfamiliar to most Dev teams. Once networked, the quest doesn’t end; it merely morphs into challenges like private DNS resolution, establishing access to internal resources, and the list trails on.

Yet, if we pause to reflect, many Azure services including Azure Web Apps were designed with a public persona. Initially, some didn’t even entertain VNET integration, and this model was well-accepted.

In this article, we aim to traverse a less convoluted route towards securely hosting Web Apps, whilst sidestepping the network-centric hurdles.

Approach to Optimizing VM Costs

Are you considering transitioning your servers from an on-prem DC to Azure cloud? One step in this journey involves mapping existing servers to their Azure counterparts. The goal is to reduce the costs of the overall bundle of boxes while obtaining the highest possible performance. In theory, we can map the source VMs to the target VMs based on the number of virtual CPUs and the amount of RAM. Although this isn’t the most challenging task, it doesn’t guarantee the highest possible performance for the lowest possible price. If we always opt for a VM with the lowest price, we may compromise on performance. Conversely, choosing VMs with the highest performance could result in higher costs. Is there a middle ground? Is it possible to achieve what we want? Let’s find out.

How to automate IP ranges calculations in Azure using PowerShell

Suppose we have been allocated the IP range of 10.172.0.0/16 by the network team for planned Azure Landing Zones. The goal is to automate this by creating a tool that will automatically calculate IP ranges for us, based on some high-level and easy-to-understand details regarding the future networks.

This notebook demonstrates how to achieve this using the ipmgmt module.

Using IP management module

Assume we’ve got three different ranges ‘10.192.0.0/11’, ‘10.64.0.0/11’ and ‘10.128.0.0/11’. These ranges correspond to three different geographic locations in Azure. There are already some ranges used in these top level blocks. And we have the whole list of ranges, which are in use already. So what we want to achieve is we want to automatically select the next available range and provision VNET for it.

Considerations when running private AKS cluster

For the last two weeks I’ve been playing with Azure Kubernetes Service (AKS) and with it’s public counterpart - acs-engine. Here is a bit about the experience I got with it, having in mind I’ve never worked with these tools before. Here I’m trying to look at this from the Infrastructure perspective, but not from the developers’ perspective.

Use Powershell to analyze Sysmon events

Hello colleagues, this is an example I promised answering this tweet. I used this sysmon config to capture activities happening on my system. Unfortunately it did not capture a lot of network-related activities, perhaps I need to change it to extend network-level filters. But on the other hand it captured a lot of process level activities, so in this example i’d like to try to graph process creation events.

Using graphs to analyze Windows Firewall logs