Tag Archives: Azure

Speaking at Azure Saturday Hamburg 2021 together with Thomas Naunheim

In the past Thomas Naunheim (Thomas Blog) and I have worked on several Cloud projects focusing on Azure Governance and Enterprise Scale. We decided to create a session together to integrate the best of both worlds and our experiences and recommendations from the field.

Our agenda:

  • Overview of Cloud Adoption Framework
  • Overview of Well-architecture Framework
  • Management of Compliance and Security Status
  • Azure Enterprise-Scale Landing Zone
  • Azure Ops: “Operationalize” Azure environment at scale

We are very happy to announce that our session was accepted by the Azure Saturday Hamburg Team on 20/02/2021. The Azure Saturday Hamburg is a full, free Azure conference day with lot of great sessions. The event will have two different tracks and the first speakers and sessions have been announced. Take a look at the agenda and sign up for this great conference across different sessions from the Azure Cosmos.

Continue reading Speaking at Azure Saturday Hamburg 2021 together with Thomas Naunheim

Azure VM Best Practices

Last year Gregor Suttie and Richard Hooper launched the Azure Advent Calendar and I got to support with a session on Azure Bastion. This year they improved on the idea with the Festive Tech Calendar. I’m happy to be back with an article on Azure VM best practices. I hope you find the article helpful and I would appreciate feedback.

Over the past few months, I have conducted many customer workshops, designed and implemented Landing Zones, and migrated or placed VMs into Azure. One of the most common customer questions has been about best practices for Azure VMs to maximize performance and efficiency, minimize costs, increase security, and reduce management overhead. This article is based on my real-world experience and recommendations based on several Azure projects.

Continue reading Azure VM Best Practices

Azure Files enabled AD DS SMB authentication Best Practices and all you need to know

02/03/2022 Update 1

There are some improvements and changes in the AzFilesHybrid module, I updated the article with this changes.

The Azure Files Teams announced the availability of joining Azure Fileshares to AD DS since February 2020. This brings a lot of new possibilites, like to move Fileservers directly to a hosted SMB solution or deploy WVD Profiles directly on Azure Fileshares.

Microsoft did a lot of work to bring this solutions to live, but there are some challenges and pitfalls to activate and maintain the service. In this article I will go in a short way over all related considerations for Azure Fileshares AD DS authentication. Please note this article only focus to enable Azure Files for Active Directory Domain Services – not Azure AD or Azure AD DS.

Continue reading Azure Files enabled AD DS SMB authentication Best Practices and all you need to know

Festive Calendar 2020 – Thanks Gregor and Richard for a great Advent Idea

Last year my Community buddies Gregor Suttie and Richard Hooper has the great Idea to start the Azure Advent Calendar. A Advent Calender with 48 different Sessions to Azure related topics. I had the pleasure to held a session about Azure Bastion.

This year Gregor and Richard take this to a new level and create the Festive Calendar. An Adventcalendar with around 85 different sessions around the Microsoft 365 world.

The Calendar has started today with the yearly POM deliverd by Isidora Katanic (BTW: Greetings to the well deserved MVP award) and introduction from Amy Boyd and Adam Jackson.

This year I have the pleasure to hold a session again about Azure …… at the ….! Psst – I do not say when and which topic so it is a an Advent suprise. Take a look at the daily Festivecalendar website to see what amazing session surprises are behind the door 🙂

You can also follow the @_CloudFamily Account at Twitter to get notified when new sessions are available or you follow the tag #FestiveTechCalendar for the latest updates.

Thanks again to Gregor Suttie and Richard Hooper for this great community driven Idea – Love IT.

Speaking with Thomas Naunheim at GermanyClouds Meetup about Azure Governance Best Practices

In the past Thomas Naunheim and I do a lot of architecture and designing prinicple for integrating Azure in company environments. We have the idea to create a Azure Governance Best Practices session in the last couple of months to give the community our insights and best practices for Starting/Integrating Azure environments. The goal is to give you insights, where you can find the best documentations to start with a Cloud journey and which technical Azure features help to bring and hold your environment in an compliant and secure state.

The session contains the following topics:

  • Cloud Adoption Framework
  • Well-architecture Framework
  • Insights about Azure Policies and Azure Security Center
  • Azure Enterprise Scale architecture
  • Azure Ops
  • Identity and Access Management

We are exited to hold the session at the GermanyClouds Meetup on november 26. Did you interested in this topics or you are in the beginning or implementig phase, join us. We will happy to see you there and get your questions.

The session will not been recorded.

Azure Bastion now supports VNET Peering

Update 2 on 01/12/2021

Microsoft has changed the #AzureBastion minimum subnet size from /27 to /26. Installed #Azure Bastion are unaffected, but new deployments require the new subnet size. Please remember this. https://docs.microsoft.com/en-us/azure/bastion/bastion-faq#subnet

Update – 12/2020

Azure Bastion is now available in West Germany Central.

Azure Bastion is a service to avoid deployment own Jumphosts and reach Azure VMs over the Management Ports (SSH and RDP) in a secure way without the need to assign Public IPs directly to Azure VMs.

Azure Bastion got a really big improvement and now supports Azure VNET Peering. This includes all VNET peering models, inside a single subscription and VNET peering across different subscriptions.

Continue reading Azure Bastion now supports VNET Peering

Zu Gast beim Geeksprech Podcast zu Azure Files

Am vergangenen Freitag hatte ich das VergnĂŒgen zu Gast beim Geeksprech Podcast von meinen Community Freunden Eric Berg und Alexander Benoit zu sein.

In der Folge gehen wir auf die vielfĂ€ltigen Themen zu Azure Files ein. Dazu gehören natĂŒrlich u.a. die neuen Tiering Modelle, wie ich Azure Fileshares bereitstelle, welche Vorteile Azure File Sync mir bietet und wie ich vorhandene Fileserver nach Azure migriere und dort weiterhin die vorhandenen Windows ACLs nutzen kann. Sharepoint kam ĂŒbrigens auch mehrfach zur Sprache – ich kann mich einfach nicht davon trennen 🙂

Es war mein erster Podcast und ich muss sagen, es war eine tolle Erfahrung und ich hatte viel Spaß mit Eric zu den verschiedenen Themen rund um Azure Files.

Wer reinhören mag findet unten die Folge. Weitere Spannende Folgen und viele Infos findet ihr direkt auf der Geeksprech Podcast Website.

Azure Files Improvements – new Tiers and Soft Delete

In the last couple of Months Microsoft brings a lot of new capabilites to Azure Files. From AD DS SMB autentication over new Tiers to Soft delete, there are many improvments for Azure Files. This article will introduce the latest announcement you need to know and which workloads are addressed with the new features.

Until now, Azure Files were divided into two Tiers – Standard and Premium. At the Ignite 2019, Microsoft announced additional Tiers in order to cover requirements more optimally. However, the integration of the new Tiers was delayed due to the challenges this year. These have been available for a few weeks now. Azure Files offers 4 different Tiers with different performance capabilities and pricing now. This Tiers are called:

  • Premium
  • Transaction optimized (formerly known as Standard)
  • Hot
  • Cool
Continue reading Azure Files Improvements – new Tiers and Soft Delete

Azure VPN AAD P2S Error Server did not respond properly to vpn control packets resolved

In the last few days I have created some Azure Landingzones. To secure access to Azure resources within the landing zone with different users, customers use a P2S connection through the Azure VPN Gateway using Azure AD for authentication.

Sometimes I see some mistakes in the Azure VPN Point-to-site configuration blade that results in the Error: “Server did not respond properly to vpn control packets” when trying to connect to the VPN Gateway over the Azure VPN Client.

These error messages are often due to incorrect settings in the basic settings. To resolve this issue it is really important to configure the three points: Tenant & Audience & Issuer correctly.

Please pay close attention to the following settings:

  • The Tenant field must be specified in the following notation “https://login.microsoftonline.com/your-Azuread-Tenant-ID-here/” at the end do not miss the backforwardslash /
  • Audience field must be only contains the Enterprise Application ID of the Azure VPN client (this is the same for all Tenants) “41b23e61-6c1e-4545-b367-cd054e0ed4b4” without any other characters or spaces
  • The Issuer field must be specified in the following notation “https://sts.windows.net/your-Azuread-Tenant-ID-here/” at the end do not miss the backslash /

Please be aware of the difference between the Tenant- (begins with https://login….) and Issuer field (begins with https://sts.win…).

Please contact me if you have any questions or if you find further errors and solutions 🙂

Links

IdentitySummit 2020 is over – Thank you

Our 1st IdentitySummit is over and we had a amazing Summit with our powerfull Speakers and our attendees.

We (Azure Bonn Orga Team) started planning the Summit in March 2020. The Orga Team from the AzureBonn Meetup consists of Melanie Eibl, Thomas Naunheim and René de la Motte. The idea came from Thomas (our Identity Expert) and we can say that was a wonderful idea.

We meet together at the Debeka Innovation Center (DICE) in Koblenz to organize and streaming all the sessions from one central place. The current Corona situation has unfortunately not made a complete live event possible, so we have met under the rules in force to ensure a smooth process and bring a little live feeling.

Now after 6 session in 2 parallel Tracks we can say it was worth every minute of planning – Why?

The answer is simple: First of all because of our great speakers. Each session was planned with a minimum of 300, and each session went deep into the relevant topics, showing what needs to be considered, the pitfalls and best practices available.

Continue reading IdentitySummit 2020 is over – Thank you