Thought Provoking, Ideas & Ramblings.

Find the latest business insights, technical solutions and opinions from our team.

Undocumented ARM Oddities – .Net Core App Services

Every once in a while, when working with ARM templates you come across something that is missing from the official Microsoft ARM template reference. In my case yesterday, I was looking to update the configuration of an Azure App Service to use the DotNetCore stack (rather than .NET 4.8). While I initially thought this would […]

Azure Bastion – Unable to query Bastion data.

I’ve recently setup Azure Bastion to give external users/vendors access to resources via RDP or SSH following these instructions: https://docs.microsoft.com/en-us/azure/bastion/tutorial-create-host-portal The key permissions outlined in the prerequisites at point 3 are: A virtual network. A Windows virtual machine in the virtual network. The following required roles: Reader role on the virtual machine. Reader role on […]

Get all restore points for an Azure VM

Getting restore points out of Azure can be like getting blood from a stone. The portal likes to always set a custom filter showing only ~90 days and your Powershell cmdlet only allows for a 30 day interval for retrieval dates. When running ‘Get-AzRecoveryServicesBackupRecoveryPoint’ you get the following: Sigh.. I just want all my restore […]

Azure Application Insights – No Client Source IP Address

Working with one of your customers this week who is implementing Azure API Management alongside their web applications. We are funnelling all the request logs into an Application Insights services to manage visibility of the end-to-end transaction data. We noticed that all the client GET requests had ‘0.0.0.0’ in Client IP Address. Request Properties Value […]

Upgrading Megaport Cloud Routers

Recently I had the pleasure of upgrade a Megaport Cloud Router (MCR) from version 1 to the new version 2. Version 2 MCR sits on a whole new code base and a side by side migration is required. In this blog I’ll show you how we went about the process, this could also be used […]

ARM Template Role Assignment Learnings

ARM templates are one of those things that the learning curve can be considered steep, but once you get there they make your life so much easier you’re glad you did it. If you’re like me, Google is your friend and whenever you hit an issue with your latest template you resort to searching error […]

Assign Teams phone numbers using Microsoft Forms, Logic Apps and Azure Automation

Sometimes provisioning users into Office 365 services requires custom settings to be executed with PowerShell. This can present a problem when the teams responsible for managing the ongoing process have varying levels of understanding. How do you provide a front end user interface for my custom code without the need for the operators to need […]

The role of Datacenters

The State of Play Current Enterprise ICT Environments are a mix of various technology stacks.  Critical and second-tier systems are from different eras.  A mix of modern and legacy applications sit alongside each other.  The common challenges are security, manageability and integration of disparate parts.  There is some use of public cloud services, but most […]

Automating Azure Site Recovery with PowerShell

In a recent consulting engagement, I’ve needed to perform a large-scale migration of a company’s virtual machine (VM) fleet from an On-premise datacenter to Microsoft Azure. Thinking about what that actually means – We’re picking up many compute workloads that are (in most cases) essential for day to day business operation and re-homing them to […]

AKS in a Security Conscious Enterprise

Containers and in particular Kubernetes popularity has been going from strength to strength of late. Azure Kubernetes Service (AKS) is the blue PaaS-like offering of this where the vendor manages the masters and you just need to maintain the agent nodes, better still you only pay for the compute. But like all things PaaS, while […]

The Cloud – Anagnorisis and Peripeteia

In my work here at Cloudstep we have two distinct sides to our business, a consulting practice “Jtwo Solutions” and a cloud modelling software and services practice “Cloudstep”. Working on both sides of these businesses affords me the benefit of hands on consulting, technical architecture and implementation as well as scenario based cost modelling activities […]

A career with a flammable CV

Planned Obsolescence A baked in part of the design of technology products and an unavoidable side-effect of a career in IT In a discussion with a colleague recently we reflected on how our careers and our CVs race ahead while the invisible fuse line of obsolescence comes along from behind and renders cherished skillsets and […]

Cognito authentication integration with Django using authorization code grant.

Note: Assumed knowledge of AWS Cognito backend configuration and underlying concepts, mostly it’s just the setup from an application integration perspective that is talked about here. Recently we have been working on a Django project where a secure and flexible authentication system was required, as most of our existing structure is on AWS we chose […]

Azure PowerShell ‘Az’ Module

https://azure.microsoft.com/en-us/blog/azure-powershell-az-module-version-1/ Microsoft released a new PowerShell module specifically for Azure late last year called “Az”. On the plus side Az ensures that Windows PowerShell and PowerShell Core users can get the latest Azure tooling from PowerShell on every platform be it Windows PowerShell or PowerShell Core for my preferred operating system macOs. Microsoft state that […]

SD-WAN made easy

I’ll start by asking you two questions: Are you paying too much for your Wide Area Network (WAN)? And, is it the best method of connecting to the public Cloud? At cloudstep.io we are constantly looking for ways to improve our customers connectivity to the public cloud. We consider cloud network connectivity a foundation service […]

Tagging EC2 EBS Volumes in Auto Scaling Groups

Tagging becomes a huge part of your life when in the public cloud. Metadata is thrown around like hotcakes, and why not. At cloudstep.io we preach the ways of the DevOps gods and especially infrastructure as code for repeatable and standardised deployments. This way everything is uniform and everything gets a TAG! I ran into […]

The OVF package is invalid and cannot be deployed – In the trenches with the AWS Discovery Connector

I was working with a customer recently who had trouble deploying the AWS Discovery Connector to their VMware environment. AWS offer this appliance as an OVA file. For those who aren’t aware, OVA (Open Virtualisation Archive) is an open standard used to describe virtual infrastructure to be deployed on a hypervisor of your choice. Typically […]

AWS ECS CloudFormation Fails – Unable to assume the service linked role.

I ran into an interesting issue when building a new ECS Cluster using CloudFormation. The CloudFormation stack would fail on Type: AWS::ECS::Service with error: Unable to assume the service linked role. Please verify that the ECS service linked role exists. (Service: AmazonECS; Status Code: 400; Error Code: InvalidParameterException; Request ID: beadf3d5-3406-11e9-828d-b16cd52796ef) Okay google, what’s this […]

IPv6 – slowly but surely

I first blogged about IPv6 and the reasons for its slow adoption way back in 2014. A lot can change in the world of ICT over the course of five years, but interestingly the reasons for slow adoption I believe have remained somewhat constant. I’ve updated my post to include some new thoughts. The first […]

YAML it Rhymes with Camel

I’ve blogged before about my passion for automation and the use of ARM templating in the Azure world to eradicate the burden of dull and mundane tasks from the daily routine of system administrators for whom I do consulting for. I loath repetitive tasks, its in this space where subtle differences and inconsistency love to […]

Invest one hour in learning about AWS

Getting educated about cloud services early will make it easier to transition and will burnish your CV nicely too! Amazon Web Services (AWS) offers a free virtual machine instance on AWS Elastic Compute Cloud (EC2). All you have to do is register with an email address and a creditcard. Don’t worry, they really don’t charge your card […]

AWS obtain PROTECTED level certification for Australian Region

Earlier this week Amazon Web Services made a statement, indicating that the battle of tier-one public cloud providers is still heating up. Yesterday Matthew Graham (AWS Head of Security Assurance for Australia and New Zealand) announced that The Australian Cyber Security Centre (ACSC) had awarded PROTECTED certification to AWS for 42 of their cloud services.  […]

Using the AWS CLI for Process Automation

Amazon Web Services is a well established cloud provider. In this blog, I am going to explore how we can interface with the orange cloud titan programmatically. First of all, lets explore why we may want to do this. You might be thinking “But hey, the folks at AWS have built a slick web interface which […]

Enabler in Chief

Its time for a re-think of ICT’s role in the business. We should embrace our role as enablers of great works, not the centre of the world. I love what I do.  Lately I’ve been playing with IOT.  I know very little about electronics.  I can read the squiggles on a circuit diagram and I […]

Warm AWS WorkSpaces On a Schedule

AWS WorkSpaces VDI solution has two pricing options that you need to choose between for your implementation. Monthly Hourly (On demand) In my opinion it is always worth attempting to run your WorkSpaces VDI deployment in on-demand where there is chance of cost savings when the virtual desktops can be turned off and you will […]

QoS for AWS WorkSpaces Client

AWS WorkSpaces is a great low cost Virtual Desktop experience. Extremely easy to get started and build quick images to support your needs. During the implementation you are going to want to provide a Quality of Service policy (QoS) much like you would if you had Citrix or VMWare Horizon on-premises. WorkSpaces is slightly different […]

Azure MFA with Palo Alto Client VPN

Client VPNs have come along way in recent years and are still a necessity for organisations protecting their backend services that cannot be published to the public internet securely. The nirvana is having data presented by web applications and use SAML authentication to any good identity provider that supports MFA. This world still doesn’t exists […]

Get your Flow on. .

I’ve talked before about my passion for automation. I loath doing repetitive tasks and fear inconsistency whilst undertaking them. Its not that I’m lazy, I recognise that people are generally busy and sometimes its hard to maintain focus on repetitive tasks, its easy to forget a step here and there amongst everything else that’s going […]

Cross Region, Peering Pitfalls. .

Ah if only all pitfalls were fun. Remember Pitfall on the Atari  2600. It was the second best selling game after Pac-Man. Pitfall Harry had to negotiate a jungle full of hazardous quicksand, rolling logs, fire and rattle snakes to recover precious treasures.  Recently we did some work with a customer where they made use of […]

Lazy Afternoons with Azure ARM Conditionals

Like many IT professionals I spent my early years in the industry working in customer oriented support roles. Working in a support role can be challenging. You are the interface between the people who consume IT services and the complexity of the IT department. You interact with a broad range of people who use the […]

Azure ARM, DevOps and Happy Days

Any application workload you deploy, be it on-premises or in the cloud requires supporting infrastructure. Things like network, storage, web servers, database servers etc. In the good old days we built each layer piece by piece. Virtualisation and then the cloud made this easier, reducing the need to laboriously wrangle with hardware on a day […]

Blog post category filter

Blog post Tag Cloud

ApplicationDiscovery Architecture ARM Automation AWS Azure AzureAD AzureAutomation AzureRM AzureRM DevOps InfrastructureAsCode Templating Azure Site Recovery CloudFormation CloudStep cloudtrail cloudwatch Containers DevOps ec2 ECS Fargate firewall Flow InfrastructureAsCode IoT IPv6 IT Management lambda MFA MicrosoftTeams Networking O365 OVA PaloAlto peering powershell python QOS Security Strategy Templating VDI VMware vpn workspaces YAML

Subscribe