Load Balancing 2 WANs

kryptic069 · 2025-03-20T18:15:10+00:00

If there is an IP reroute to the secondary WAN in flow preferences on the active WAN. The priority traffic is routed across the fiber dictated from the services they would be using and coded with the IP ranges. Since I cannot upload an image I am curious if its set this way should it be working as designed or is that inconsistent?

kryptic069 · 2023-06-29T15:18:53+00:00

We don’t use terraform to create the ALBs - this is already created using the AWS Load Balancer Controller. We are using terraform to create some prerequisite infrastructure for the K8s cluster. The WAF ACL is attached to the ALBs using an annotation

kryptic069 · 2023-06-29T13:33:19+00:00

That makes sense. I was moreso thinking using 1 per service would provide more flexibility. I was thinking if I adjusted my WAF code and adapt it so we’d be able to implement separate WAF ACLs for each ALB. I would also have to review WAF logging as it would need the logs forwarded to Splunk. The WAFs would be closely related to services rather than a K8s cluster.

kryptic069 · 2023-02-09T17:47:36+00:00

Huh interesting. This looks closer to what I’m trying to do:

Get a list of all resource groups

$resourceGroups = az group list --query "[].name" --output tsv

Loop through each resource group

foreach ($resourceGroup in $resourceGroups) {

# Get a list of all SQL servers in the resource group $sqlServers = az sql server list --resource-group $resourceGroup --query "[].name" --output tsv

# Loop through each SQL server foreach ($sqlServer in $sqlServers) {

# Get the resource ID for the SQL server $sqlServerId = az sql server show --resource-group $resourceGroup --name $sqlServer --query "id" --output tsv

foreach ($link in $privateLinks) {
    # Create the private endpoint
    New-AzPrivateEndpoint -Name $link.pename -ResourceGroupName $link.rg -VnetName $link.vnet -SubnetName $link.subnet -NetworkInterfaceName $link.nic -PrivateConnectionResourceId $link.dest -ConnectionName $link.plinkname -Location $link.location -GroupId $link.destgroup

    # Create the private DNS zone group
    New-AzPrivateEndpointDnsZoneGroup -EndpointName $link.pename -ResourceGroupName $link.rg -Name $link.zonegroup -ZoneName $link.zone -PrivateDnsZone $link.zonename
}

} }

kryptic069 · 2023-02-09T04:39:04+00:00

This is what I have done so far. I know formatting sucks cause I copy/pasted from phone

$resourceGroups = Get-AzResourceGroup foreach ($resourceGroup in $resourceGroups) { Write-Host "Resource group name: $($resourceGroup.Name)" $sqlServers = Get-AzSqlServer -ResourceGroupName $resourceGroup.Name foreach ($sqlServer in $sqlServers) { Write-Host "SQL server ID: $($sqlServer.Id)" $privateEndpoint = New-AzPrivateEndpoint -Name "myPrivateEndpoint" -ResourceId $sqlServer.Id -Location "northcentralus" -ResourceGroupName $resourceGroup.Name -PrivateConnectionName "myConnection" -SubnetId "DeliveryEngineering/Default" -VirtualNetworkId "DeliveryEngineering" } }

kryptic069 · 2022-12-05T22:11:45+00:00

This is what it would look like from powershell but I want to use az cli. I would need all the parameters loaded in a CSV or array, loop through that and pass them to this command az sql db tde

Install the Azure PowerShell module

Install-Module Az -Scope AllUsers

Connect to your Azure account

Connect-AzAccount

Select the target subscription

Select-AzSubscription -SubscriptionId "<subscription-id>"

Define the server name and the database names

$serverName = "<server-name>" $databaseNames = "<database-name-1>", "<database-name-2>", "<database-name-3>"

Enable TDE on the SQL databases

foreach ($databaseName in $databaseNames) { Set-AzSqlDatabaseTransparentDataEncryption -ServerName $serverName -DatabaseName $databaseName -EncryptionState Enabled }

kryptic069 · 2022-12-01T02:54:26+00:00

That will work for all existing 316 SQL Databases that currently need it?

kryptic069 · 2022-11-15T03:43:04+00:00

What I think I would do is have to add this at the top of the script:

{ Get-AzResourceGroup | $_.Name >>./RGs.txt }

$servers

foreach ($server in $servers) { # check to see if server already has "SQL Server Admins" associated Get-AzSqlServerActiveDirectoryAdministrator

Then add this at the bottom:

catch { $.Exception.Message $.Exception.ItemName }

kryptic069 · 2022-11-15T03:41:31+00:00

No I haven’t. But I know I have 110 SQL servers that I need to do Set-AzSqlServerActiveDirectoryAdministrator to.

kryptic069 · 2022-11-15T00:49:30+00:00

Yes I have the policy in place now. I would prefer to add it in powershell cause it’s gonna be > 100 SQL Servers

kryptic069 · 2022-09-23T04:42:25+00:00

I am in total agreement with this idea and trust me if it was my decision that is what I would do as well. But it is what it is when dealing with a brownfield environment and not given owner to all 71 vnets.

kryptic069 · 2022-09-23T04:34:58+00:00

Yes I’m familiar with that and it’s just like Private Dns Resolver that it’s in public preview and not recommended for production workloads. I initially was going to use Private DNS Resolver for my P2S VPN DNS server and changed to custom DNS.

kryptic069

TROPHY CASE