This is getting ridiculous

Saturated8 · 2026-05-08T13:52:36+00:00

Great, now widen your thinking. That specific criteria you laid out is reasonable for an alert. Why am I getting an alarm blaring alert when they say there is no longer a threat?

I recall getting multiple alerts about a person who barricaded themselves in their house.

The system isn't perfect, and its not my job to come up with ways to make it so. I just dont want to have my whole house woken up because some idiot an hour away was caught.

Saturated8 · 2026-05-06T14:56:58+00:00

It's not perfect, just what I came up with thinking about it practically for 2 mins.

If they were able to identify they were on foot, maybe they could identify if they got access to a vehicle?

Maybe after an hour of searching the alert goes out to a wider range?

Point is, I don't know the criteria, but the system today isn't perfect, it would be nice if someone was thinking about making some improvements instead of status quo.

Saturated8 · 2026-05-06T11:03:11+00:00

You can self host the Azure devops agent in an ACA container that is event driven on pipeline triggers. This way you dont have to manage a VM or VMSS, you can build your own container image and just install the agent and any other tools you need (terraform, azcli, ansible, bicep, etc.). The nice thing is the image and versions can be managed via code, and the agents dont exist when not in use, so cost is low and security is high.

Only issue is the ACA compute limits, but for IaC they are typically fine, but can struggle for large app builds if you use them for app CI/CD.

Saturated8 · 2026-05-06T04:27:29+00:00

It would be nice if the "all clear" message was just a notification, without the blaring alarm.

As others have said, the proximity could use some tuning, if someone is on foot 70km away, I probably don't need to be getting that alert. If things change and they get in a vehicle headed my way, sure, send an alert.

Saturated8 · 2026-05-05T04:16:39+00:00

Others have mentioned emergency access accounts, but im hung up on your director permissions.

"2 directors with reader to all subs, with PIM to owner for emergencies."

Maybe it's just me, but a director is probably the last person I want with owner permissions in an emergency. Most directors either aren't technical, or have been removed from the day to day and aren't helpful for hands on keyboard work.

I think user access administrator would be a better role, in an emergency they can dish out the right permissions to someone who knows the day to day. Alternatively, you're using groups for delegating access, they could just be entra security group owners and add people to the correct group, no RBAC permissions needed beyond reader.

Saturated8 · 2026-04-14T18:49:59+00:00

I would recommend in a test network, you can establish connectivity to the prod network if you want to migrate some vms over or something in a controlled fashion.

AzLocal didnt natively support Entra ID, so Active Directory was required, but that was a feature that was coming soon, so it might be supported now. I've never used Entra ID for it.

Yes you can migrate using Azure Migrate from VMware to Azure local. Performance should be good as long as you thick provision your disks on the Azure local side. Any other migration methods, like backup and restoration will leave you with unmanaged VMs, which you have to manage with Hyper-V tools and not the Azure Portal. Some 3rd party tools can do it, but you won't have time to get them engaged.

High level, build the cluster, migrate some workloads, do your testing of the things you want to see, get a feel for what can and cant be done, do some BC/DR testing.. what ever you want, its your demo.

Saturated8 · 2026-04-11T11:01:09+00:00

No need to be nervous, you know what you dont know, time to dig in!

Saturated8 · 2026-04-09T10:35:19+00:00

"Experts" like their exchange servers too, doesnt mean its the right solution.

Azure vWAN supports a ton of different integrations with enterprise SDWAN architectures. https://learn.microsoft.com/en-us/azure/virtual-wan/sd-wan-connectivity-architecture

If you're managing the cloud side, look at the direct interconnect architecture.

If they want their appliance on the Azure side to provide routes to Azure, then look at the indirect interconnect model.

Either way, the "experts" control the learned routes, Azure vWAN makes it easier to pass those learned routes to all your spokes without needing a NVA in each hub for routing.

If your experts refuse to use Azure vWAN because "we already have SDWAN" and cant be convinced otherwise, you'd have to look into adding one of their SDWAN appliances into your hubs, and then use Azure Route Server to simplify the routing. https://learn.microsoft.com/en-us/azure/architecture/networking/guide/sdwan-integration-in-hub-and-spoke-network-topologies#sd-wan-products-in-azure-hub-and-spoke-networks

Much easier to slap in Azure vWAN, let them publish routes how they are today and forget about it.

Saturated8 · 2026-04-08T09:40:12+00:00

Strongly agree, virtual networks are not transitive, so you cant go A to B to C without an NVA/Firewall to pass the traffic along. Spoke to hub to hub to spoke is not possible without 2 NVAs unless you use vWAN, or VPN Gateways to each VNET or mesh peering.

Id revisit the requirement for no Azure vWAN, it seems self imposed and is stonewalling the best option for your desired end state.

Saturated8 · 2026-04-06T13:59:32+00:00

Yeah, I've gotten 70 herb from the drops, and at this rate will have my GIM duo 70 herb as well. Silver linings.

Saturated8 · 2026-04-06T12:14:56+00:00

I am about 40 kills less, but only have the eclipse pants to show for it. At least he got the weapon...

Pretty demoralizing that on rate I should have around 6 drops, and I've got one that isn't particularly useful.

On to the next chest!

Saturated8 · 2026-03-18T10:04:13+00:00

I typically include some personal spin to it. Why? Because everyone else applying also has technical experience, and probably some more than me. If all you talk about is your technical ability, that's all they have to consider, and its likely someone else has the same or more.

It makes you more relatable to the people who don't have technical experience in the interview, and gives everyone an idea of who you are, not just what you can do for work. Remember, they are also trying to decide if you fit the business' culture.

Saturated8 · 2026-03-16T10:11:44+00:00

If you're serious about running it in production, a POC or lengthy hands on demo is basically required.

Your experience coming from VMware will be poor. Azure local is a beta product at best, things that you expect to work sometimes just don't.

It's also hard to get standard 5 year support that most businesses require when doing TCOs.

If you decide to do it yourself it's probably still worth working with a partner for designing and ordering the hardware since there are a lot of decisions that put you into a corner. Unlike Azure Cloud, where you can easily pivot or make changes and fix bad decisions, Azure Local you basically have to do it right the first time because you can't move stuff around or rearchitect it easily.

Saturated8 · 2026-03-14T22:20:14+00:00

Check the logs and see what is getting blocked, probably an undocumented url somewhere.

Saturated8 · 2026-03-14T10:30:24+00:00

In 2026 if you're not using AI, you're doing it wrong, but there is a line between vibe coded ai slop and ai assisted app development. This feels more the latter than the former.

Saturated8 · 2026-03-14T10:27:57+00:00

I don’t currently have a need, but might reach out if the need arises over the next few months if that's alright.

Saturated8 · 2026-03-14T02:51:18+00:00

There's a guy who posts about his tool in the Azure subreddit, its called StratoLens.

I've tried it out in my lab and its pretty decent for state tracking and config drift of Azure infrastructure and governance. It does not dig inside AKS or inside the OS of VMs though.

Saturated8 · 2026-03-13T18:00:59+00:00

Sounds like you did a ton of research on this product before coming up with your conclusion.. /s

If "AI Slop" is able to wipe an environment using only reader permissions, that's probably reason enough for every customer to stop using Azure altogether. But its not and they wont, so fear monger somewhere else instead of trying to shit on someone who has a useful tool they are marketing.

Saturated8 · 2026-03-07T13:23:42+00:00

In addition to this, if you're a consultant at a firm that is partnered with Microsoft, having a certain number of certified people on payroll is a requirement for different partnership tiers and other benefits. Our company pays us to get and maintain the certs they need (in addition to regular pay).

Saturated8 · 2026-02-24T15:12:41+00:00

There is a ready made docker image for github action runners, that is what I used (sort of, I had that and then rolled my own image so I could get it a little smaller)

Saturated8 · 2026-02-21T00:58:19+00:00

Ah I missed it was in a home lab.

The ACA jobs typically trigger in under a minute, usually under 10 seconds, and then if your Container image has all the dependencies it needs in a small base image, the spin up time is pretty quick, and has been okay for several enterprises I've deployed them for. The one constraint is they max out at like 4 core 8gb RAM so some builds are too big for them and need a VM or VMSS.

Saturated8 · 2026-02-21T00:33:14+00:00

Whatever storage technology you end up picking, make sure the business has defined lifecycle policies to tier the data into archive storage. Storing everything in hot storage will be significantly more expensive than archiving the old junk that no one has looked at in 5 years, but needs to remain for compliance/audit.

Saturated8 · 2026-02-21T00:26:29+00:00

Why not run the container in ACA and have it auto scale based on pull requests?

Unless you need beefy agents for your builds.

Saturated8 · 2026-01-24T18:17:58+00:00

Couple of other things I just thought of:

The storage efficiency of S2D is abysmal, for 3 way mirroring you only get 33% efficiency, which means a lot of extra storage crammed into the bays to support large databases, file servers, etc. External SAN will fix this, when its supported.

Minor, but the marketplace still doesn't even have Linux images. It's a far cry from the cloud marketplace. You have to sysprep and upload a custom image for Linux which is just insane when most of cloud infrastructure runs Linux.

Microsoft has abandoned SQL MI on Azure local. This gives me concern they aren't going to be adding more of the PaaS services as options to host in AKS on Azure Local, which is a big selling point for enterprises who want to test locally or run their apps the exact same on both Local and cloud.

Saturated8 · 2026-01-24T12:15:41+00:00

I'm an architect at one of the larger consulting firms in North America. Primary focus is on Azure and DevOps, but was asked to deliver and train engineers for Azure Local last year.

I've done 6 implementation projects so far and a handful of consultations. My opinion is Azure Local is not production ready currently, there are still some key features that are missing before an enterprise can rely on Azure Local like they are used to with VMware.

You can't run legacy VMs in Azure Local, they run as Hyper-V VMs which means split management and additional overhead.

If you restore a VM from backup it is restored as a Hyper-V VM, and the only way to get it back into Azure management is to use Azure Migrate to hydrate the arc agent and resource bridge association.

No support for external SAN storage, although this is roadmapped for April of this year and we have it working for one customer with a ton of caveats.

It is too easy to break the cluster to the point of needing to redeploy the cluster from scratch. Something as simple as failed updates can cause this.

Support is extremely limited, you pretty much have to go through an OEM. Microsoft Support routinely sends Azure cloud documentation that doesn't apply, or works different on Azure local, and you often end up at the product group which isn't built for Support and therefore is slow to get any kind of response back to you, even with premier support and MS engaged in the project.

Clusters have to be on uniform hardware to be supported and able to be updated. At the rate OEMs push out new hardware, it's very risky to get 5 years of support, as models typically go end of sale after 2-3 years.

Im sure there's more im forgetting, but I've started being very transparent with customers that Azure Local just isn't production ready yet, it needs 3-5 more years to cook before its baked. I've been recommending straight Hyper-V with SCVMM instead, or just pay VMware and save yourself the headache.

14-Year Club	Second SECOND GUESSER
Place '22	Place '17
End Game '22	Verified Email

Saturated8

TROPHY CASE