User Profile
Hannes_LG
Brass Contributor
Joined 7 years ago
User Widgets
Recent Discussions
Re: Is Azure pricing granular?
Hi, the VM resource is payed per hour. So if you shutdown the VM (important from the Azure Portal) you don’t pay for the VM resource but you have to pay for the storage account an the public IP. Take a look to the pricing calculator, I guess it’s easy to find out. Regards, Hannes1.7KViews0likes1CommentRe: Is Azure pricing granular?
Hi, for Azure VM you have the payment model Pay-as-you-Go which mean, you only pay for the usage. I case of an Azure VM you have different components: 1.) The Azure VM size. You pay per running hour 2.) The storage or Disk account. You pay per Gigabyte and (for a storage account) per transactions 3.) For network perspective you pay for outbound traffic 4.) If you bind a public IP, you also pay for the IP If you want more information open the azure pricing calculator. https://azure.microsoft.com/en-in/pricing/calculator/ Regards, Hannes1.7KViews0likes3CommentsRe: WEF forwarding to Azure Security Centre / Log Analytics
Hi, WEF isn’t supported at the moment. A possible workaround is to write a custom powershell eventhandler and send the information periodically to log analytics. I’ve created a similar solution for a NetApp filer in the past. Regards, Hannes15KViews0likes0CommentsRe: Route Internet traffic through Ipsec tunnel.
Hi, sry for the late reply. To bind a 0.0.0.0/0 route to a gateway subnet isn’t supported so please remove that one. Change UDR1: 0.0.0.0/0 next hop virtual appliance IP Bind to each subnet in vnet a (important not to the gateway subnet!) Change UDR2: 0.0.0.0/0 next hob virtual appliance IP Bind to each subnet in vent b (important not to the gateway subnet!) On Gateway in vnet a activate „use remote gateway“ On Gateway in vnet b activate „ gateway transit“ I guess that solution should fix your issue but I don’t have time (at the Moment) to test it. Regards, Hannes5.5KViews0likes0CommentsRe: Create Multiple Subscriptions under one billing account?
Hi, no you can use Azure Dev/Test Labs in booth subscriptions. The Dev/Test subscription doesn’t change the service availability, so if the Datacenter doesn’t support Dev/Test Lab you have to choose another one for that service ‚AU East‘ With the Dev/Test subscription you have some benefits: https://azure.microsoft.com/en-us/offers/ms-azr-0148p/ Regards, Hannes11KViews0likes0CommentsRe: Create Multiple Subscriptions under one billing account?
Hi, sure you can do this. One another thing, with EA Subscription, it's possible to enable Dev/Test Subscription where you get more benifits. https://channel9.msdn.com/blogs/EA.Azure.com/Enabling-and-Creating-EA-DevTest-Subscriptions-through-the-EA-Portal Regards, Hannes11KViews0likes1CommentRe: Route Internet traffic through Ipsec tunnel.
Hi, okay that's bad. Is it possible to share your Route Table? To bin a UDR with 0.0.0.0/0 to an Azure Gateway subnet isn't supported. Original Articel (https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview) If your virtual network is connected to an Azure VPN gateway, do not associate a route table to the gateway subnet that includes a route with a destination of 0.0.0.0/0. Doing so can prevent the gateway from functioning properly. For details, see the Why are certain ports opened on my VPN gateway? question in the VPN Gateway FAQ. I guess you have to define each subnet at the UDR. Regards, Hannes5.5KViews0likes2CommentsRe: Route Internet traffic through Ipsec tunnel.
Hi, why do you want to route the traffic between two regions over a seperate Ipsec tunnel or VPN Gateway? It's possible to create a global VNet Peering. https://azure.microsoft.com/es-es/blog/global-vnet-peering-now-generally-available/ Regards, Hannes5.6KViews1like4CommentsRe: Network Security Groups
Hi, take a look at my blog post: http://cloudblogger.at/2019/05/11/azure-loadbalancer-acl-rules/ The last rule will affect, when you have a public IP (VM, LB,..) If you want to drop any traffic to the IP, you have to define a separate drop rule with the priority 4096 but keep in mind, when you drop ANY you cannot create a loadbalancer because the health checks will also be dropped. If the azure NSGs doesn't fit your requirements you can use an Azure Firewall or a third party application like CheckPoint, Cisco ASA,... Regards, Hannes2.1KViews0likes2CommentsRe: Azure Hybrid Join
Hi, here is a really good article who describes the differences. https://docs.microsoft.com/en-us/azure/active-directory/devices/overview In your case, I think your devices are managed by InTune or there are Work or School Accounts defined on each device (Azure AD registered) and the other one are synced by Azure AD connect. To setup Azure AD Hybrid join, there are some steps needed. Here is a step by step article. https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-manual Regards, Hannes1.7KViews0likes0CommentsRe: Automatic Failover using ASR?
Hi, did you think about to migrate that application from IaaS to PaaS? With PaaS it’s „simple“ to design an application over two regions - WebApp -DBaaS with geo replication -Azure Traffic manager or front door for global loadbalancing If you cannot migrate to PaaS it’s also possible with IaaS: -Global VNet peering over your sites -SQL always on on each site -IIS on each site -Azure Traffic manager with priority configuration With that solution you have an active active solution. Hope that helps. Regards, Hannes4.6KViews1like0CommentsRe: Automatic Failover using ASR?
Hi, if you failover with ASR you have a short downtime because the VM at the peered location has to startup and the monitoring solution isn’t real-time (take some seconds) But in your situation it’s sounds, you need a High availability solution over two regions, it’s also possible. What kind of application does we talk about (Web Application, Database,....) Regards Hannes4.6KViews0likes2CommentsRe: Automatic Failover using ASR?
Hi, there are powershell modules available who can start a failover. Sample: https://docs.microsoft.com/en-us/powershell/module/azurerm.siterecovery/Start-AzureRmSiteRecoveryUnplannedFailoverJob?view=azurermps-5.7.0 From the monitor perspective, it’s possible to monitor the VM with Azure Monitor (Log Analytics) and execute a webhook (Azure Automation Script or Azure Function) which includes the failover task. If you need more info’s let me know. Regards, Hannes4.6KViews0likes4CommentsRe: Install Azure, Create Free Private account
Hi, Azure is only with Azure Stack On-Prem available (Richard write on the top post). If you need help please let me know because some colleges of me implement a production environment in Austria. For my point of view a really good on Premise scenario and really awesome in combination with Azure (Hybrid Cloud) Regards, Hannes991Views0likes0CommentsRe: Monitor onpremise VM using Azure Monitor
Hi, in both situations the traffic goes over port 443. The difference between, when you use Azure Express Route, it’s possible to route the traffic over the Microsoft peering. When you only have S2S in place, the traffic goes over you internet connection. Here is an Log Analytics Architecture design: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/log-analytics-agent Regards, Hannes4.6KViews0likes0CommentsRe: Virus scan data before copying data to azure Blob storage?
Hi, for my point of view there isn’t any functionality like this per default available. But take a look at Sophos Security for Azure. https://www.sophos.com/en-us/solutions/public-cloud/azure.aspx%20 TrendMicro also have a Solution. https://www.trendmicro.com/azure/ Regards, Hannes20KViews0likes3Comments
Recent Blog Articles
No content to show