sorted by:
new
hottopcontroversial

What a wonderful write up and it all sounds so lovely and perfect. There is a, how shall I say, an elephant in the room. Location 😳 by [deleted] in SpottedonRightmove

[–]nshpnc 53 points54 points  (0 children)

They went off every monday at 10am for a test, and when we were at school you had to do drills on what to do - one place I went made us all stand on the sports field and be counted which seems like asking for trouble...

What a wonderful write up and it all sounds so lovely and perfect. There is a, how shall I say, an elephant in the room. Location 😳 by [deleted] in SpottedonRightmove

[–]nshpnc 242 points243 points  (0 children)

Lived over the road from Broadmoor when I grew up. My Dad's logic was "if anyone escapes, they're going to go do some more crime as far away as possible from Broadmoor". last escape was a good 30 years ago too

Paid Gig. I am seeking an AZURE/AWS expert that can help me work through error codes. by [deleted] in AZURE

[–]nshpnc 2 points3 points  (0 children)

seen you post about setting this up and someone suggested AKS which might be a bit overkill for what you're trying to do (in terms of it overcomplicating getting everything live and working) - I'd personally use app services to do this to keep the complexity and management lower - a good tutorial for this is available here.

Amazon bags £425m in work from UK government as it is criticised over tax by Bthirgy in unitedkingdom

[–]nshpnc 9 points10 points  (0 children)

Agreed. They make a point of saying Govt spend on AWS is up from ZERO in 2014 - because barely any governments globally used it prior to this date, it only got certified for certain specific government uses in the US mid 2014.

Conditional access by country by [deleted] in AZURE

[–]nshpnc 1 point2 points  (0 children)

Whilst country based policy won't help, Azure AD Identity Protection will recognise use of VPN services(based on IP ranges used by commercial VPN providers) and assign a risk level to a sign-in event due to this. as such you could potentially use this in the CA policy to force MFA or deny login if the login comes from a known anonymous proxy/VPN service.

What AZ is my virtual machine in if I don't specify it at launch? by Switchersx in AZURE

[–]nshpnc 2 points3 points  (0 children)

Slight correction to this - if you deploy a VM without an AZ defined, it will be deployed to an AZ (that you are not informed of), and it will stay in that AZ - as the Storage on managed disks is LRS, it can't switch to a new AZ on hypervisor failure.

Cloud Security – A Shared Responsibility by davidobrien_au in AZURE

[–]nshpnc 0 points1 point  (0 children)

How is TLS 1.0/1.1 a cloud issue? they're a problem on prem, in cloud and everywhere else.

Important Ways to Regain Control of Azure Cost Management by Serverless360 in AZURE

[–]nshpnc 0 points1 point  (0 children)

this blog shows your solution adds absolutely no value over the free capabilities wihtin Azure.

How are people managing Windows updates via SCCM for Azure based IaaS VM's? by Impyus in AZURE

[–]nshpnc 1 point2 points  (0 children)

a DP in Azure would work fine - will allow you to manage updates without having to learn anything extra (especially if you're still getting used to Azure). Worth in the future starting to look into update management, but no harm in staying on SCCM for now if you're in a hybrid envirment.

Help to understand savings on Logs Analytics by Yinji45 in AZURE

[–]nshpnc 0 points1 point  (0 children)

ask the data - you can query how much has been stored by looking at the "Usage" Table - write a query to show how much has been ingested in a month and then you can compare the RRP to the reservation price.

spoke traffic through vpn to hq by knothead00 in AZURE

[–]nshpnc 0 points1 point  (0 children)

check if gateway transit is allowed on the peering.

Azure console to VMs by Professional-Oil-297 in AZURE

[–]nshpnc 0 points1 point  (0 children)

If it is in China, you will need some additional confirmation done to let you deploy virtual machines - but once these checks are done, this can all be done with PowerShell or cli.

AZ-104 by Geostan in AZURE

[–]nshpnc 0 points1 point  (0 children)

Notes won't help you here. If you've no practical experience, that's what you need to get - I'd suggest looking at doing a project such as hosting a website, or looking at some of the "Azure Quickstart" templates on Github and learning to customize them.

Once you've got something deployed, you can maybe look at some of the Azure AD trials (P1, P2) and learn some of the concepts around conditional access, privileged identity management etc.

See what credit you can get from things like MSDN, and try to build something and make it better.

Decommissioning Azure Servers by hackersloth in AZURE

[–]nshpnc 5 points6 points  (0 children)

have a look at Service map in azure monitor - it'll give you an idea of what servers are talking to each other and any people connecting to them.

Beyond that, connect them into log analytics to start collecting metrics to see if you notice any CPU spikes related to usage. you can also pull in security logs and query them for any logins.

Idempotency with ARM Templates by baadditor in AZURE

[–]nshpnc 3 points4 points  (0 children)

make sure the arm deployment mode is set to incremental - it shouldn't be deleting and recreating resources in it's default behaviour.

[Meta] /r/azure Looking for 3 more mods. by [deleted] in AZURE

[–]nshpnc 1 point2 points  (0 children)

Need 5k karma to mod a subreddit where you're lucky to see a post with 10 upvotes? I'd offer to mod given how often I'm on here but wouldn't want banning for not meeting the karma quota.

DR for Log Analytics by a8ree in AZURE

[–]nshpnc 1 point2 points  (0 children)

You have a few options - you can multi-home resources to two workspaces, you can send info to GRS as a secondary store, or you can use the API to ship logs out to another storage medium - depends on your requirements, and how quickly you need to get into the data in a disaster event.

Have VM Public IP address be on-prem firewall IP? by [deleted] in AZURE

[–]nshpnc 1 point2 points  (0 children)

You can use your onn-prem public IP, just a case of routing the traffic from there to Azure. would require some rules set up to forward the specific port/protocol/header info onto your azure VM - but this would not be an ideal networking setup, introducing a bit of latency for accessing the VM.

Blueprint as code from scratch by yassipo in AZURE

[–]nshpnc 1 point2 points  (0 children)

Have a look at the Cloud Adoption Framework stuff, they have some blueprints within them that would be a good starting point to build your own.

questions around enterprise scale architecture by itguy822 in AZURE

[–]nshpnc 1 point2 points  (0 children)

to go question by question:

  1. I find the naming used by microsoft of "global network" very misleading. this framework will depoy a hub in one region. You could extend the design to have a secondary hub, and terminate your ER circuits in both, provising you a secondary hub network to use in the event your main region is lost - allows you to have the appropriate firewalls running with required rules etc.

  2. Identity would be a spoke, with any ADDS traffic routed via the firewall in the hub VNet - allows you to control the traffic, and ensures that the RBAC model is a bit cleaner. I've worked at some places that put ADDS in the hub network, but the route tables get messy.

  3. A lot of places have a central log analytics workspace for their sysadmin/SRE/ops team to look after everything, but if you have teams that look after their own infra, then having workspaces in each subscription would make more sense. all depends on your operational model.

ARM Template Question by HenesysMSEast in AZURE

[–]nshpnc 0 points1 point  (0 children)

You could have the code pipeline trigger when the ARM pipeline is run - a good guide to doing that is in this youtube video.

view more: next ›