- 67
- 111 989
Patrik's Tech Lightning
Belgium
Приєднався 27 вер 2021
Do you want the best career in the Public Cloud with a focus on Azure ?
Patrik’s Tech Lightning is the right place for you ! This channel is all about learning technology and the public cloud at Lightning speed.
I'm a Microsoft Most Valuable Professional (MVP) with more than 25 years of relevant industry experience. I will provide you
with all the secrets and shortcuts to be a public cloud master. My videos are hand crafted using digital whiteboards and animations in order for you to understand and retain the information.
I work for the ACA Group which is an IT company in Belgium. Should you be on the lookout for advanced MVP's with a long history of successful cloud migrations, please contact them: acagroup.be/
We may be able to work together :)
Patrik’s Tech Lightning is the right place for you ! This channel is all about learning technology and the public cloud at Lightning speed.
I'm a Microsoft Most Valuable Professional (MVP) with more than 25 years of relevant industry experience. I will provide you
with all the secrets and shortcuts to be a public cloud master. My videos are hand crafted using digital whiteboards and animations in order for you to understand and retain the information.
I work for the ACA Group which is an IT company in Belgium. Should you be on the lookout for advanced MVP's with a long history of successful cloud migrations, please contact them: acagroup.be/
We may be able to work together :)
ClicksOps to DevSecOps in Azure
Are you still provisioning your resources manually through the Azure Portal? This approach, often called ClickOps, has significant drawbacks.
In this video, I’ll break down what ClickOps is and explain why it's not the best practice for managing your Azure resources. In the perfect world, we want to use Infrastructure as Code (IaC) with a DevOps or DevSecOps practice.
Join me if you want to know more. I also give you tips and ideas in case you already have an environment in Azure and want to move this into a Dev(Sec)Ops environment.
Let's go !
▬ ⏰ ClicksOps to DevSecOps in Azure⏰ ▬▬▬▬▬▬▬
00:00 - Introduction
00:30 - What is ClickOps ?
00:52 - What is DevOps and DevSecOps ?
02:20 - Good things about ClickOps
03:15 - Bad things about ClickOps
07:51 - Challenges with IaC and DevOps/DevSecOps
11:12 - Outro
▬▬ ⚓ RESOURCES & LINKS ⚓ ▬▬▬▬▬▬
acagroup.be/en/blog/from-clickops-to-devsecops-smarter-cloud-management-in-azure/
In this video, I’ll break down what ClickOps is and explain why it's not the best practice for managing your Azure resources. In the perfect world, we want to use Infrastructure as Code (IaC) with a DevOps or DevSecOps practice.
Join me if you want to know more. I also give you tips and ideas in case you already have an environment in Azure and want to move this into a Dev(Sec)Ops environment.
Let's go !
▬ ⏰ ClicksOps to DevSecOps in Azure⏰ ▬▬▬▬▬▬▬
00:00 - Introduction
00:30 - What is ClickOps ?
00:52 - What is DevOps and DevSecOps ?
02:20 - Good things about ClickOps
03:15 - Bad things about ClickOps
07:51 - Challenges with IaC and DevOps/DevSecOps
11:12 - Outro
▬▬ ⚓ RESOURCES & LINKS ⚓ ▬▬▬▬▬▬
acagroup.be/en/blog/from-clickops-to-devsecops-smarter-cloud-management-in-azure/
Переглядів: 487
Відео
Azure Virtual Network: DNS Time Out
Переглядів 338Місяць тому
Azure Virtual Networks offer powerful networking capabilities, but they come with certain limitations. One of these can lead to unexpected DNS timeouts, particularly affecting Windows virtual machines. In this video, I dive into the details of this issue and guide you through practical steps to work around it. Join me to better understand how to keep your VMs running smoothly! ▬ ⏰ Azure Virtual...
Don't do this in Azure (Antipatterns) !
Переглядів 1,3 тис.2 місяці тому
There are some things which you just shouldn't do when it comes to moving your business to the cloud. Get ready to ignite your learning on the Antipatterns of the Cloud Adoption Framework (CAF) ! Learn how to identify and avoid these pitfalls, ensuring your cloud journey stays on track. Whether you're an architect, developer, or IT professional, understanding these antipatterns will help you im...
Thank You ! 100,000 Views !
Переглядів 1832 місяці тому
Wow, more than 100,000 views and 2000 subscribers ! This is just madness :) Thank you all for the support and engagement on my channel. It has been an honor to have you part of my viewer and community. I'm humbled with the feedback and interaction I've had from all of you. Even from all the trolls, after all... When someone takes time to troll, it means you are on to something. Keep it up ! 😎 N...
Azure Encryption 101
Переглядів 7382 місяці тому
Cover all encryption basics as we dive into the essentials of encryption in Azure. Learn how to secure your data with Azure's encryption options, including encryption at rest, in transit, and key management best practices. ▬ ⏰ Azure Encryption 101 ⏰ ▬▬▬▬▬▬▬ 00:00 - Introduction 00:12 - Terminology 02:05 - Keys in Encryption 05:20 - Server & Client Side Encryption 06:15 - Data at Rest in Azure 0...
5 Secret Azure Services
Переглядів 5023 місяці тому
Are you an Azure enthusiast looking to dive deeper into the platform? In this video, I uncover 5 hidden Azure services that most people haven't heard of! ▬ ⏰ 5 Secret Azure Services ⏰ ▬▬▬▬▬▬▬ 00:00 - Introduction 00:16 - Azure Baremetal 02:54 - Azure Orbital 04:38 - Azure App Spaces 06:54 - Azure SignalR 08:45 - Extended Zones 10:45 - Outro ▬▬ ⚓ WHERE DO I WORK ?⚓ ▬▬▬▬▬▬ I work for the ACA Grou...
Customer Story: Azure Firewall - Application Gateway
Переглядів 6054 місяці тому
Join me as I dive into a customer story where their policy required routing all traffic through Azure Firewall first-a decision that isn’t always ideal, especially when Application Gateways are in the mix. In this video, I break down the challenges of such an approach and share insights on how to navigate these discussions effectively, using the OSI model as a guiding framework. Whether you’re ...
Azure Log Analytics Workspace Design
Переглядів 4224 місяці тому
Time for a refreshment on how to design an Azure Log Analytics Workspace ! ▬▬ ⏰ Azure Log Analytics Workspace Design⏰ ▬▬▬▬▬▬▬ 00:00 - Introduction 00:30 - Azure LAW placement 02:10 - Microsoft Sentinel impact 03:02 - More reasons to split up LAW's 05:06 - Resilience 07:45 - Data retention 04:19 - Security 09:24 - Outro ▬▬ ⚓ RESOURCES & LINKS ⚓ ▬▬▬▬▬▬ Microsoft Cloud Adoption Framework (CAF) ua-...
10 Azure Application Design Principles
Переглядів 1,5 тис.9 місяців тому
It's time to uncover ten Azure Application Design Principles ! When you design an Azure Landing Zone, these are the design principles you should follow in Azure. ▬▬ ⏰ Azure Application Design Principles⏰ ▬▬▬▬▬▬▬ 00:00 - Introduction 01:06 - Overview of the principles 02:51 - Deep dive of the principles 12:05 - Outro ▬▬ ⚓ RESOURCES & LINKS ⚓ ▬▬▬▬▬▬ Azure Application Design Principles learn.micro...
Azure NAT Gateway Design
Переглядів 1 тис.10 місяців тому
Let us delve into the mysterious depth of the Azure NAT Gateway. With the imminent retirement of the Default Outbound Internet Access in 2025, another way to access the Internet is required. The Azure NAT Gateway is here for you ! This video provides all the necessary information on how to design and use the Azure NAT Gateway in your cloud environment. ▬▬ ⏰ Azure NAT Gateway⏰ ▬▬▬▬▬▬▬ 00:00 - In...
Cloud Center of Excellence (CCoE)
Переглядів 1,2 тис.10 місяців тому
Let us unravel the mysteries behind a Cloud Center of Excellence (CCoE). Learn the purpose and how it can serve your organization in adopting the Public Cloud with a focus on Microsoft Azure. ▬▬ ⏰ Cloud Center of Excellence⏰ ▬▬▬▬▬▬▬ 00:00 - Introduction 00:32 - CCoE Explanation 02:47 - Company without CcoE 03:36 - Company with a CcoE 06:18 - Summary 08:18 - Outro ▬▬ ⚓ RESOURCES & LINKS ⚓ ▬▬▬▬▬▬...
Azure Enterprise Scale Landing Zone (2023 Update & Quiz)
Переглядів 1,6 тис.Рік тому
Get ready to uncover the secrets of the Microsoft Enterprise Scale Landing Zone (ESLZ). This video is updated with the latest changes in 2023 ! We will start off with a quiz to test your knowledge. Afterwards, we continue with a deep dive to show you what it's all about. ▬▬ ⏰ Enterprise Scale Landing Zone ⏰ ▬▬▬▬▬▬▬ 00:00 - Introduction 00:35 - Quiz: Enterprise Scale Landing Zone 03:21 - Deep Di...
Azure Architect Interview
Переглядів 9 тис.Рік тому
Welcome to the ultimate Azure Architect real life interview ! Are you ready to take the hot seat and answer these questions ? There is one way to find out :) I'm showing you my interview process and how I assess candidates. The questions and answers here are taken from a real life interview. Good luck ! ▬▬ ⏰ Azure Architect Interview ⏰ ▬▬▬▬▬▬▬ 00:00 - Introduction 01:45 - Interview Questions/An...
Azure Private DNS Resolver
Переглядів 6 тис.Рік тому
Learn everything about the Azure Private DNS Resolver ! In this video, I go through all the options available to have a full DNS resolution with the Azure Private DNS Resolver. I show you how to name resolve Private End Points along with a full hybrid setup. Azure Private DNS Resolver allows us to setup a very elegant architecture. ▬▬ ⏰ Azure Private DNS Resolver ⏰ ▬▬▬▬▬▬▬ 00:00 - Introduction ...
Application Architecture in Azure
Переглядів 1,2 тис.Рік тому
Want to do more than just deploy an empty landing zone in Azure ? Buckle up and get ready to understand different Application Architectures and which services to use in Azure. ▬▬ ⏰ Application Architecture in Azure ⏰ ▬▬▬▬▬▬▬ 00:00 - Introduction 00:53 - Three different Application Architectures 02:04 - Monolithic 03:07 - Microservices 03:36 - N-Tier 04:49 - Benefits / drawbacks 08:15 - Outro ▬▬...
5 Tips for An Azure Architect in 2022 !
Переглядів 1,7 тис.2 роки тому
5 Tips for An Azure Architect in 2022 !
Design Azure Application Gateway & Firewall
Переглядів 2,9 тис.2 роки тому
Design Azure Application Gateway & Firewall
Azure Networking for Network Engineers
Переглядів 1,5 тис.2 роки тому
Azure Networking for Network Engineers
Very well explained, thank you!
Thank you for the nice comment ! Have an awesome start of the new year 😁
Do you have any idea how good and clear you explain things. Thanks for this man.
That's nice to hear. Thank you for the feedback !
This is regarding TrafficManager in front of DBs @ 6:20. With respect to my knowledge, we cant put AzureTrafficManager (ATM) in front of DBs, bcause TrafficManager works at the DNS level. Please give your comments on this. Thanks in advance
Great video!
Thanks!
I have used this method with MFA, but I have only been able to get this working with a Hybrid-joined machine with WHfB enabled. Any ideas on other ways to connect with MFA enabled? I also did not need to use the 'AzureAD\' prefix to use WHfB.
Awesome video once again! I can only agree on the first comment. Well explained and addressing the advantages and drawbacks of both ways of managing your environment. What I missed was a bit more around the actual management of the IaC code which might be another video for the future. Thanks again!
Glad to hear it - thank you ! Indeed, I didn't touch upon a lot of management of IaC. I feel that more time and attention is needed to make that topic useful.
Great explanation once again. Many aspects of the cloud adoption journey require you to start small. Moving from clickops to devsecops is no exception. To make things more complicated is to decide between declarative vs. imperative code. But that may be a topic for another video. I like the Terraform approach as it makes the code more 'modular' and solution agnostic...
Thank you ! Yeah, it's a bit of a rabbit hole, where you can keep on digging with regards to code choices, pipelines, tools, etc.
Just one word Amazing video
Thank you ! Glad you liked it.
Thanks for very good feedback
UDP65330 has been overlooked in the 3 companies I last worked in, it's really surprising when there are no tool tip at all in in Azure portal. I would think something like this is still very common and easily missed during first setup.
Great finding, I wish it was related to my omnipresent TCP0 and Semaphore timeouts on the SSIS Win Server VM calling Az SQL DB via the PEP on a VNET. What you think, is it related too? (I wish I could squeeze Wireshark on that VM too, to catch the ephemeral port DNS call.) Many thanks!
Good question ! Intermittent time outs ? If DNS isn't the culprit, check the dependencies. Is there enough compute power on the VM ? Is there a connection time out / retry setting you can configure ?
Great video Patrik! Thanks for your work! Can we have videos about tips how to introduce Azure into small business working environment?
Great suggestion! 👍
Nice one again. You would expect that the Azure Connected Machine Agent (Windows & Linux) would have this exclusion knowing that this behavior is by design. Now this needs to be added in any post deployment mechanism to automate this in any VM deployment. On the other hand, the OS configuration is the customer's responsibility according to the Shared Responsibility Model so there's room for debate. Funny to see that the general rule "it's always DNS" still stands after all these years...
Thank you Marc 😎 Some things indeed never change... "It's always DNS" !
Awesome , Wonderful , Direct Thanks for great videos ♥
Glad to hear you liked that one. Good to have you onboard ! 😀
Good content, easy to understand !
Thanks, happy to hear it was useful.
Great overview-Thank you!
Nice to hear you found it useful !
Why would it be bad to try to stay away from IAAS? My recommendation would be to always first try PAAS. Identitify the gaps and make a plan. Fall back to VMs as a last resort.
We are in agreement :) It's exactly how you phrased it, see if you can go PaaS but don't let it be a deciding factor for moving to the cloud. I've seen companies going with the attitude "If we can't use PaaS then we're not considering the cloud". In certain scenarios, it may be interesting to start with IaaS to get the wet feet.
😮
Hello there !
What password should you use during connection? From your microsoft account?
Spot on as usual with your content! And a nice reminder of this important topic. TY!
Thank you for the kind words ! 🙏
Hey Patrik! Thank you for a fresh topic! Really interesting and useful!
Glad you liked it!
Ooooh, great video!!! Thanks for reminding me of the existence of this, wasn't aware it's nicely summarized. To me, it's a feast of recognition by seeing some many organizations fail miserably in doing cloud adoption in a better fashion. I see so many people going into the wrong direction. I have identified two potential pitfalls myself that may result in these antipatterns: 1. No business information plan or governance and certainly not translated into an IT governance plan 2. Misunderstanding the concept of a framework and transforming it into a 'bible' or 'constitution (law)' Frameworks are just a bunch of 'recommended practices'. It can simply be summarized in failing to understand the concept of People -> Processes -> Technology
Good to hear from you Marc and thank you for the nice words 😎 I completely agree with you... Especially on point #2, which always leads to interesting discussions. For junior architects, I would definitely tell them to follow the best practices. Seasoned architects like yourself, it's best practices but you have enough experience to tailor them or go for a different solution.
Do you know if this is possible with an NVA(Fortigate) instead of the Azure Firewall? I have been trying to get Hub and Spoke Topology to work with an NVA and NAT Gateway for a week now. I have only been able to find one document on the topic but it needs to be more detailed.
Hi there !👋 An Azure NAT Gateway has the framework laid out to work with third party NVA's. As always, there's a "but" somewhere 😶 The instructions on how to integrate this has to come from Fortinet. I've myself done a quick search to get some implementation guides but unfortunately not found any. I would recommend to contact them directly. I can't imagine a leading vendor not having a good implementation guide for this. Let me know how things work out, this is really an interesting topic to watch...
Thank you! You a have a very good approach and way of describing the techincal parts of the different technologies you talk about. I
Thank you for the kind words. Glad to have you onboard !
Hard work pays off, well done! 💪💪
Thank you 🙌
Great summary, thanks
Thank you ! Glad it was useful
As described, If you send traffic outbound via the NAT gwy PIP, how will it return traffic to the AzFW PIP, and if it somehow arrives back to the AzFW PIP isn't the traffic asymmetric or it doesn't care based on it leaving the same subnet. just confused.
Yes, traffic would be asymmetric. The actual flow is: VM (in Azure) --> Azure Firewall (Private IP) --> Azure NAT Gateway --> Internet Host Return traffic is vise versa. Internet Host --> Azure NAT Gateway --> Azure Firewall --> VM Hope this cleared it up a bit? 😎
10/10 - need I say more?
Thank you ! 😄
Really interesting and well explained. Thank you for this video!
Glad to hear it - thank you 🙏
You're awesome , thanks
Thank you !
Great video! You explained cloud services so clearly and made it easy to follow. Thanks for sharing!
Glad it was helpful!
Great video and explanation
Glad you liked it!
thank you for making is better... looking fwd for the next one
Thank you for the nice words ! Good to have you on board.
I'm confused could you use Azure Gateway Load Balancer? Then filter to the NVA Firewall subnet.
Can you elaborate a bit on the question ? I focused solely in this video on the Azure Firewall and Application Gateway. If you replace the Azure Firewall with an Azure Gateway Load Balancer and NVA, the design pattern has to be checked with the specific NVA vendor. As there are several NVA vendors each with may differ a bit on feature and functionality, this has to be checked by each.
Enjoyed watching this format of video. Thanks for the upload!
Thank you !
Yep. This is caused by traditional network thinking. Another disadvantage of putting the AZFW in front, is that you lose the client's original IP address. And will require an additional setup to get it back. As the AZ FW will snat inbound traffic.
Yes, good thinking !
Very good explanation. Must admit it's pretty common to see a lack of flexibility and internal sanity checks when certain organizational policies are enforced. That such a rigid policy exists doesn't automatically mean it's a good idea. This introduces an 8th (financial) and 9th (political) layer on the OSI model. Finally, interesting to see that ChatGPT or any other LLM solution takes precedence over vendor documentation by said customer. I have similar layer 8 & 9 discussions regarding Azure Firewall at time of writing...
Thank you ! Yeah, it makes things quite interesting. Especially since LLM's are very convincing in their answers. We are well trained to spot when humans give inaccurate information, deliberate or not.
Thank you for such a useful video! Looking forward to your new lessons!
Thank you , more to come!
Thank you for an excellent introduction. I am wondering if this has since been made available beyond Azure BLOB? Specifically, we are trying to figure out how we can implement ABAC with Microsoft Entra for our SharePoint (we have M365 licenses at the highest tier) and for our Azure Data Lake? Can you help us? Can I connect with you in LinkedIn?
Thank you for the kind words ! ABAC development doesn't seem to move super fast but there definitely have been developments. There are new features along with a list that entered preview. I'm always looking to connect with professionals as yourself on LinkedIn. Send the request ! I haven't had a real business requirement to use RBAC yet. If I can point you in the right direction I will definitely do so. Keep in mind that my schedule is overfull 😎 It's not humanly possible to answer all requests but I'll do my best.
Tks Patrick, what options do we have when spliting Security law from application law: do applications havé to send twice the log ?
Depends 😎 If you indeed need to have seperate LAW's , one for security and one for Application it may result in sending the logs twice. I would try to avoid those scenarios as much as possible. You can fine tune VM's with DCR's and specify which exact logs to send to what LAW. Technically, it's possible to split it up. It all comes down to governance. If you send all the logs (security + application) to a single LAW, is table based RBAC an option ? Meaning, only certain administrators have access to the security logs and other the application. Do you have a security policy in place which prohibits this ? Bottom line: try to see if a single workspace can handle it.
Just wonderful!!
Thank you! Cheers!
That’s a great new video, Patrik! Thank you for your work!!
Thank you 😀
Question for you as someone who has aome networking knowledge but no network engineering experience. I have had a few recruiters contact me about a position that is stated as a network engineering job. I have a specific rare language skillset which is why im probably getting these requests. I have experience in CDN break/fix, but no engineering experience at all. I've used the network topology tool like 1 time, and know how to subnet just just looking up hwo to do it for 30 minutes, so pretty kuch no knowledge. How screwed would i be for taking this job? I know wnough about dns, load balancing, TLS, linux stuff like curls, rewrites and other http stuff, ddos and SIEMs, rule engine for caching, cactu and grafana for packet loss, routing, and saturation. Would any of this help me? Tjy are offering $40-50 for an 18 month contract. I make like $90k (~45/hr ) if you include the good amount of overtime I do, so i dont think it would be worth it unless it was like $55-60. Is this unreasonable?
@Patrik, Thank you so much for all the wise recommandations!!
Funny it’s exactly what Microsoft papers says but doesn’t show e exactly how to configure it
Love the way you explain concepts. Wishing you more success ahead
Thank you !
"Mother in law" !! 😁 Nice video, great explanation Patrik!
Nicely done, concise and effective, well done.
Hello, Have you tried to login with MFA enabled user to this Azure Virtual Machine?
Hi, Did you get a solution or if MFA is enabled we cannot authenticate with password in VM?
Excellent video. Thank you
Glad you found it useful !