Introduction Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud – whether they’re in Azure or not – as well as on premises. Azure Firewall Manager is a security management service that provides…
Read More →Many of our customers use Azure DNS for name resolution when it comes to infrastructure they have in Azure. The setup with Azure DNS works like a charm and provides name resolution to Azure Infrastructure without doing any complex setup. One challenge you may have is that Azure DNS do not log DNS queries from…
Read More →App Runner provides per-second execution billing and everything you need to run secure production workloads. With a few clicks, you can have a container running with a public endpoint, verified TLS certificate, and automatic scaling. Through App Runner, you can bring your existing containers, or use the integrated container build service to go directly from…
Read More →Attribute-based access control (ABAC) is an authorization strategy that defines access levels based on attributes associated with security principals, resources, requests, and the environment. Azure ABAC builds on role-based access control (RBAC) by adding conditions to Azure role assignments in the existing identity and access management (IAM) system. This preview includes support for role assignment conditions on Blobs…
Read More →You can now leverage Azure Policy to enable Azure Site Recovery for your VMs at scale and ensure organizational standards. Once you have a disaster recovery policy created for a resource group, all the new virtual machines that are added to the Resource Group will have Site Recovery enabled for them automatically. Moreover, for all…
Read More →Azure Machine Learning (AML) is an enterprise grade service that provides compute infrastructure for your ML needs. Azure Machine Learning’s managed-compute infrastructure allows you to easily create a compute instance (CI) or a single or multi-node compute cluster. Starting 30 April 2021, Ubuntu is ending standard support for Ubuntu 16.04 LTS (read more on the Ubuntu release blog) and as a result, Microsoft will replace…
Read More →The Log Analytics Windows Agent for Winter 2021 is now available. This release contains a new troubleshooting tool andchanges to how the agent handles certificate changes in Azure Services. As always, we suggest using the latest agent available. If you have installed the Log Analytics Agent for Windows by using Azure extensions and have automatic extension updates turned on, this update…
Read More →Network connectivity issues are often hard to diagnose. There are multiple machines involved in a single data transfer; at least two endpoints and a complex network infrastructure in the middle. Lately, with the introduction of network virtualization, more of the infrastructure capabilities like routing and switching are being integrated into the endpoints. The additional complexity in…
Read More →AKS support for Kubernetes release 1.20 is now generally available. Kubernetes 1.20 delivers a total of 42 enhancements in various stages of maturity. These include capabilities such as CSI Volume Snapshot graduating to stable, Kubectl Debug to Beta, and introduction of new capabilities such as Graceful Node Shutdown in Alpha. Learn more about Kubernetes release 1.20…
Read More →VPC Traffic Mirroring is an AWS feature used to copy network traffic from the elastic network interface of an EC2 instance to a target for analysis. This makes a variety of network-based monitoring and analytics solutions possible on AWS. By capturing the raw packet data required for content inspection, VPC Traffic Mirroring enables agentless methods for…
Read More →In this blog we will look at using service principals with AzCopy and Azure CLI to connect to storage accounts and manage blob data. An Azure service principal is an identity created for use with applications, hosted services, and automated tools to access Azure resources. This access is restricted by the roles assigned to the…
Read More →This blog post was co-authored by Jessie Jia, Senior Program Manager The Internet is the new corporate network and the fabric that connects users, devices, and data to applications of all types. It is foundational to how organizations run their businesses, engage their customers, conduct commerce, operate their supply chain, and enable their employees to work from anywhere. However, while the Internet is highly scalable and ever expanding, it…
Read More →With the new Azure Firewall Premium now in public preview, you can now perform the following new capabilities: Transport Layer Security (TLS) Inspection: Azure Firewall Premium decrypts outbound traffic, performs the required value-added security functions and re-encrypt the traffic which is sent to the original destination. Intrusion Detection and Prevention System (IDPS): Azure Firewall Premium…
Read More →The internet runs on the Border Gateway Protocol (BGP). A network or autonomous system (AS) is bound to trust, accept, and propagate the routes advertised by its peers without questioning its provenance. That is the strength of BGP and allows the internet to update quickly and heal failures. But it is also its weakness—the path…
Read More →Deploying new applications and workloads can require big changes to your network. Read what the Enterprise Strategy Group found during their technical validation of AWS Transit Gateway. This report, Simplifying Global Network Architecture, dives into the tradeoffs and benefits of building networks with AWS Transit Gateway. It details their findings from technical validation with three customers using AWS…
Read More →Azure Bastion and VNet peering can be used together. When VNet peering is configured, you don’t have to deploy Azure Bastion in each peered VNet. This means if you have an Azure Bastion host configured in one virtual network (VNet), it can be used to connect to VMs deployed in a peered VNet without deploying…
Read More →Virtual private network (VPN) technology has changed immensely since the publication of the original Guide to IPsec VPNs (SP 800-77) in 2005. The guide was recently reworked and modernized, and Red Hat engineers lent a hand to updating this important document. The updated document takes into consideration the evolution of cryptography, software and hardware capabilities,…
Read More →Once upon a time, the term “product documentation” conjured images of ring-bound tomes several thousand pages long that would get shipped to users alongside the latest offering. In the days before the internet, this wasn’t just the best option available; it was the only option. It was big, it was slow, and it was expensive,…
Read More →Seeing a demo of Session Recording in Red Hat Enterprise Linux 8 was an eye-opener for me because it may change the way we manage systems. Let’s take a look at what you can do with session recording and where it comes in handy for troubleshooting. Session recording can help system administrators track and trace…
Read More →We’ve all been in situations where something works on one system, but not another, and we’re not sure why. Perhaps your boss is asking “Why does this work in the test environment, but not production?” and you need an answer as soon as possible. In the past when this has happened, I would open SSH…
Read More →This month marks the five year anniversary since Red Hat acquired Ansible, and since then, much has changed in the IT automation world. IT organizations have always faced continual pressure to support rapid innovation at-scale, but 2020 has been an especially challenging year. Organizations required solutions that delivered fast responses to changing business requirements, and automation…
Read More →Application allowlisting is the practice of specifying an index of approved applications or executable files that are permitted to run on a system by a specific user. This is often used on a multi-user system or some kind of a shared hosting server, where multiple users exist and they have to be given limited permissions, so…
Read More →In this article, we focus on advanced troubleshooting scenarios with middlebox appliances and SD-WAN in a global network on AWS. Middlebox appliances and SD-WAN A customer building a global network may wish to implement traffic inspection with their own network security appliances. Frequently this requirement is achieved through introduction of a transparent, middlebox appliance. AWS…
Read More →Red Hat Enterprise Linux (RHEL) version 7.5 introduced the “boom” utility for managing LVM snapshot and image boot entries. This new functionality could be very helpful for system administrators, especially those responsible for RHEL servers running directly on physical hardware, where booting from snapshots has previously been more difficult. This post will cover the…
Read More →When we unveiled Red Hat Enterprise Linux 8 at Red Hat Summit 2019, our primary focus was to deliver innovation while keeping enterprise IT’s needs for production reliability and operational compatibility front-and-center. With this launch came a predictable, six month release cadence for minor releases which continues today with Red Hat Enterprise Linux 8.3 beta. With global…
Read More →