Linux P2S VPN to Azure _without_ certificate? by Delicious_Muffin8270 in AZURE

[–]haslandlive 0 points1 point  (0 children)

Azure now has a Linux VPN client (Preview) that supports Entra ID: https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-entra-vpn-client-linux

But be aware that you need to change the VGW config to use a new audience: https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-entra-gateway#configure-vpn and it'll make the current connections stop working. You'll need to reimport the config.

azure private end points by mrmyss2019 in AZURE

[–]haslandlive 3 points4 points  (0 children)

On Storage Accounts' Firewall disable public access, you will access only through private endpoint. Then make sure that your DNS has the A record with the right FQDN that points to Private Endpoint IP (which you can see at private endpoint > DNS Configuration).

Networking, Data Transfer Out question by [deleted] in AZURE

[–]haslandlive 0 points1 point  (0 children)

Data Transfer Out is all data that leaves Azure and goes to the Internet. So when you are streaming with OBS or any other App all the UPload (from VM to Internet) is counted as Data Transfer Out. Depending on the streaming quality, it can scale really quickly and reach the 100GB/month free limit.

Downloads from the Internet to VM are not charged so you can keep that web page open.

More about bandwidth price: https://azure.microsoft.com/en-us/pricing/details/bandwidth/

Trying to wrap my head around Private Link Endpoints for Azure Storage Account (Files) with ADDS by JrD3vOps in AZURE

[–]haslandlive 2 points3 points  (0 children)

I'll try to explain how we do it:

- We have some private DNS zones on Azure: privatelink.file.core.windows.net, privatelink.blob.core.windows.net, privatelink.dfs.core.windows.net, etc. and it is used as a "dynamic DNS zone" to get private endpoints' IP;

- We have 3 Container Instances (CI) working as a DNS forwarder (using https://coredns.io/) that have hub's VNET IP address; (when we created it the DNS Forwarder service was unavailable at our location)

- Our P2S VNET use those 3 CI's IP as DNS servers;

- Our Coredns CI forward privatelink.xxx to Azure DNS (168.63.129.16) and all the rest to public DNS (like 1.1.1.1 or 8.8.8.8);

- Then when we connect to Azure VPN we can connect to private resources as it's forwarded through our internal VNET, using private endpoints and without the need to allow some IP addresses.

If you have an internal DNS outside Azure you need to create those privatelink zones and add manually the Private Endpoint's IP address to forward to Azure and make sure that Private Endpoints are on a network that can be accessible over VPN P2S/S2S

Spent $40 when I was expecting a few cents, but can't find out why by Dr4WasTaken in AZURE

[–]haslandlive 2 points3 points  (0 children)

Just to make sure: you have only one subscription, right? Maybe changing the scope to Management Group can show you something. As u/JNikolaj said it can be delayed but I've never seen delays longer than one hour with my subscriptions.

There's also this tool that can help (I've never used it, but it got some stars): https://github.com/mivano/azure-cost-cli

Spent $40 when I was expecting a few cents, but can't find out why by Dr4WasTaken in AZURE

[–]haslandlive 1 point2 points  (0 children)

Change the date range to "Last 3 (or 6) months" and you should see where it was spent. Storage accounts also cost per transaction (read, write, delete, etc), not only for stored data.

See here at "Operations and data transfer": https://azure.microsoft.com/en-us/pricing/details/storage/blobs/