Category: Networking

Privately moving data to Azure Storage

Azure Storage is awesome it’s a durable, highly available, massively scalable cloud storage solution with public endpoints. But what if you don’t want public endpoints. What if you want a private endpoint only? A customer asked me, how can I copy data using Azure Data Factory over my ExpressRoute link to my Azure Storage account […]

Read more

F5 BIG-IP & AAD & KCD Simplified

With the release of an Application in Azure AD, the configuration of F5 publishing Kerberos backend applications have just been made a whole lot easier. This we cover in this post, but as an added bonus, the previous post adds the possibility of authenticating (Forest) trusted users on the same backend server using KCD (although […]

Read more

F5 BIG-IP & AAD & KCD – Cross Forest – Part 2

In the previous F5 posts we did, we always used a single forest, single domain setup. Obviously, this is not always the case, certainly when cross-forest migrations are being performed. Even in these situations we could leverage F5 and AAD’s federation capabilities to provide an SSO experience. Requirements: 2 Forests with a forest trust (two-way) […]

Read more

F5 Big-IP & AAD & KCD

The title being full of acronyms, this topic is about publishing Kerberos based websites behind an F5 load balancer, while using Azure AD as the authenticating service. Or in more technical terms, F5 will rely on an external SAML based token to perform Kerberos Constraint Delegation towards a backend server. Get settled in, this is […]

Read more

Exclusive: Azure Gateway OpenVPN P2S profile creator

Since only a few days (and for the few that read this before the Ignite launch: in a few days) the Azure Virtual Network Gateway will support P2S connections based on OpenVPN. This means that the connections from all your clients to Azure networks becomes a whole lot easier. Connect with your phone, tablet, Mac […]

Read more

Breaking the 1Gbps barrier with Synology and Windows 10

[Update: seems even a Surface Pro 6 with docking station is capable of using SMB multi-channel using 2 NIC’s.. if you use the onboard NIC on the docking station, but also the USB-Ethernet converter in the dock’s USB port, you can actually achieve 2Gbps speeds as well! And, with the upgrade to a 10Gb switch, […]

Read more

Azure P2S VPN with MFA

As Microsoft enabled the Radius option in the Azure Gateway VPN configuration, it now means you can enable MFA on your P2S connections! There is a caveat however. It only works if you have replicated your users from an Active Directory into Azure Active Directory. If you have cloud-only user, it doesn’t work (yet..) I’ll […]

Read more

Azure Stack Development Kit – Connecting to subscription networks through the host

I know that many of my posts are about networking icw a Juniper SRX… as I happen to have one. But what if you don’t have such a “sophisticated” device that can handle multiple virtual routers, BGP and all the other stuff. Well I could say, buy one from e-bay.. but let’s see if I […]

Read more

Azure Stack Development Kit – Connecting to subscription networks

When you have Azure Stack Development Kit deployed and in Routing mode (see earlier post). You can now also create S2S VPN connections to the tenants deployed inside Azure Stack. In my configuration I used BGP for the BGPNAT to advertise the newly assigned “external” IP addresses to my Juniper so that I don’t have […]

Read more

Azure Stack Development Kit – BGP

Now that we have our Azure Stack Development Kit in routing mode, we can also send the BGP information from within the Stack to the Juniper Firewalls (or any FW you have..). This will ensure that the new “external IP addresses” that are assigned to our workloads are accessible via our intranet route information and […]

Read more