Hello folks,
This week my boss, the one and only Rick Claus (@RicksterCDN) is joining me to cover the news from Azure that the IT/Ops audience cares about. Or not… let me know in the comments. No really, please subscribe and let us know in the comments what you’d like to cover.
Anyway, this week Rick and I will discuss news about Windows Admin Center, Azure Bastion, Connection Monitor & Trusted launch.
here we go! … Join us online on YouTube? (Live at 10 am eastern time zone) or catch the replay below.
Windows Admin Center
Windows Admin Center is fast becoming one of the preferred ways of managing Windows servers, clusters, hyper-converged infrastructure, as well as Windows 10 PCs. It is a free product and is ready to use in production.
Now you can use that same tool to manage Windows Servers from the Azure portal and take advantage of a long-standing, well-known management platform like Microsoft Management Console (MMC), built from the ground up for the way systems are built and managed today. Windows Admin Center contains many of the familiar tools you currently use to manage Windows Servers and clients.
Azure Bastion
I always prefer configuring my servers using tools like the above-mentioned Windows Admin Center, or Remote Server Administration Tools RSAT but sometimes you need to connect directly to the server directly. When that’s the case RDP is a wonderful way of doing that. However, exposing the RDP port to the internet is a BAD IDEA. A really bad idea… thankfully, Azure Bastion is a service you can deploy in your Azure environment, and it lets you connect to your VMs using your browser and the Azure portal.
The Azure Bastion service is a fully platform-managed PaaS service. It provides secure and seamless RDP/SSH connectivity to your VMs directly from the Azure portal over TLS. So you don't need a public IP address, an exposed port, an agent, or special client software.
Now. The Bastion supports connectivity to Azure virtual machines OR on-prem servers via specified IP address over ExpressRoute and/or Site-to-Site VPN.
Connection Monitor
Azure Network Watcher Connection Monitor announced this week that it now supports virtual machine scale sets (VMSS). With this new capability, you can checks the connectivity from virtual machine scale sets, eliminating the need to create multiple connectivity tests for individual instances of the scale set. It makes things much easier for performance monitoring and network troubleshooting.
Trusted launch
Trusted launch protects against advanced and persistent attack techniques. It leverages several technologies to provide layered security and defense against threats. Here are some of the benefits.
- Securely deploy virtual machines with verified boot loaders, OS kernels, and drivers.
- Securely protect keys, certificates, and secrets in virtual machines.
- Gain insights and confidence in the entire boot chain’s integrity.
- Ensure workloads are trusted and verifiable.
Now. It supports support for VMs using Ephemeral OS disks. Ephemeral OS disks are created on the local virtual machine (VM) storage and not saved to the remote Azure Storage. The Ephemeral OS Disk can be deployed on the VM cache or the VM temp disk. Ephemeral OS disks work well for stateless workloads, where applications are tolerant of individual VM failures but are more affected by VM deployment time or reimaging of individual VM instances.
Because they are never written back to the Azure Storage the machine is protected from rootkits or other threats.
MS Learn Module of the Week
This week’s Learn module is Connect to virtual machines through the Azure portal by using Azure Bastion you’ll learn to deploy Azure Bastion to securely connect to Azure virtual machines directly within the Azure portal, to effectively replace an existing jumpbox. Monitor and manage remote sessions.
Thanks for joining us for this week’s AzUpdate episode. Feel free to comment or reach out with any questions in the comments below or join us on our discord server.
Cheers!
Pierre