Tag Archives: Security

Using ACS Engine to build private Kubernetes clusters with bring your own Virtual Network on Azure

Looking at Azure Container Service (AKS) – Managed Kubernetes you may have recognized that AKS currently does not support bring your own VNET and private Kubernetes masters. If you need both capabilities and one of them today, you must use ACS Engine to create the necessary Azure Resource Manager templates for the Kubernetes cluster deployment. -> https://github.com/Azure/acs-engine Beside Read more [...]

Deploying Application Security Groups with an Azure Resource Manager template

This month Microsoft launched the public preview of the Application Security Groups, short ASG, in all Azure regions. -> https://azure.microsoft.com/en-us/updates/public-preview-for-asg/ ASGs are like a security group and makes it easier to define an Azure Network Security Group rule set. You can join Azure VMs or to be more specific the Azure VM’s NIC to an ASG. In the next step you would Read more [...]

Link summary for guidance for mitigation and protection from Spectre and Meltdown on Windows Server, Hyper-V and Azure

From a security perspective the new year has started with a big bang. If you have lost the traction where you get the necessary information for guidance for mitigation and protection from Spectre and Meltdown on Windows Server, Hyper-V, and Azure, then have a look at the following link summary. Windows Server in general: Windows Server guidance to protect against speculative execution side-channel Read more [...]

Deploy the update management solution through an Azure Resource Manager template

In my last blog article, I talked about the update management solution in Azure and what the capabilities are. -> https://www.danielstechblog.io/keeping-azure-vms-date-update-management-solution/ Today we will have a look on how to deploy the update management solution through an Azure Resource Manager template. All what we need is to define the following Azure services in the template. Read more [...]

Keeping your Azure VMs up-to-date with the update management solution

Based on the Azure services Log Analytics and Azure Automation you can use three new capabilities in the Azure portal for your Azure VMs: inventory, change tracking, and update management. -> https://azure.microsoft.com/en-us/updates/update-management-inventory-and-change-tracking-are-available-in-azure-automation/ In this blog article I will talk about the update management solution. If you Read more [...]

Deploy NSG augmented security rules with Azure Resource Manager templates

In my previous blog post “Working with NSG augmented security rules in Azure” I described what the NSG augmented security rules are and how you can leverage them with PowerShell. -> https://www.danielstechblog.io/working-nsg-augmented-security-rules-azure/ In this blog post I will briefly describe how to implement the augmented security rules in your Azure Resource Manager template. First, Read more [...]

Working with NSG augmented security rules in Azure

At Microsoft Ignite this year Microsoft has announced several networking improvements and features in Azure. Most of them are currently in public preview and can be tested like the augmented security rules for NSGs in Azure. -> https://azure.microsoft.com/en-us/updates/public-preview-features-for-nsgs/ What are augmented security rules? In short, they extend the rule set, so you can specify Read more [...]

Enabling Azure Disk Encryption on Windows Server 2016 Server Core in Azure

Beside the Windows Server 2016 Datacenter image, Microsoft also provides an image with Windows Server 2016 Datacenter - Server Core in Azure. If you are using the Server Core image and want to enable Azure Disk Encryption for the VM, you will see the following error message. New-AzureRmResourceGroupDeployment : 14:27:53 - Resource Microsoft.Compute/virtualMachines/extensions 'azst-crp4/BitLocker' Read more [...]

Does have ADE or SSE a performance impact on Azure IaaS VMs?

Before I begin to write about this topic, I want to clarify that the results are not an official statement by Microsoft. The opinions expressed herein are my own personal opinions and do not represent my employer’s view in anyway. Now we have clarified that, let us begin to talk about what ADE and SSE are in a short way. ADE stands for Azure Disk Encryption and is the volume-based encryption option Read more [...]

Using Veeam FastSCP with Azure VMs and self-signed certificates

When working with Azure VMs you have several options to copy files into your VMs. One tool I really like is Veeam FastSCP, because my Azure VMs are just dev / test machines and are neither part of an Active Directory nor I have a VPN connection with the my Azure Virtual Network. -> https://www.veeam.com/fastscp-azure-vm.html So I want a secure way to get files into my Azure VMs and here comes Read more [...]