Thought Provoking, Ideas & Ramblings.
Find the latest business insights, technical solutions and opinions from our team.
Welcome 2020ne – “are we there yet?”
“are we there yet?…. are we there yet?….” In vacations past, this was the back seat cry heard by many young parents as they sought the refuge of a far-away campsite or holiday house in search of some peace and quiet after a hectic and busy year. Clearly, 2020 was no normal year and it […]
Disable-CsAdForest – “Cannot remove the Active Directory settings for the domain due to ‘FE’ still being activated”
I’ve spent 15 years deploying on-premises versions of Microsoft Unified Communications, namely OCS, Lync & Skype for Business. During that period I did a lot of installations, but never had I done a full removal of the product. I guess that speaks to the usability of Microsoft Voice solutions. Once your in, the years just […]
Understanding Undocumented ARM Oddities
Over the past year I’ve been working pretty heavily with Azure Resource Manager (ARM) templates to create safe, reusable and consistent deployments of virtual infrastructure. When producing ARM templates, it’s important to understand what resource types are available, and what values to use in your template. I always use the Azure Template Reference to understand […]
Undocumented ARM Oddities – .Net Core App Services
Every once in a while, when working with ARM templates you come across something that is missing from the official Microsoft ARM template reference. In my case yesterday, I was looking to update the configuration of an Azure App Service to use the DotNetCore stack (rather than .NET 4.8). While I initially thought this would […]
Azure Bastion – Unable to query Bastion data.
I’ve recently setup Azure Bastion to give external users/vendors access to resources via RDP or SSH following these instructions: https://docs.microsoft.com/en-us/azure/bastion/tutorial-create-host-portal The key permissions outlined in the prerequisites at point 3 are: A virtual network. A Windows virtual machine in the virtual network. The following required roles: Reader role on the virtual machine. Reader role on […]
Get all restore points for an Azure VM
Getting restore points out of Azure can be like getting blood from a stone. The portal likes to always set a custom filter showing only ~90 days and your Powershell cmdlet only allows for a 30 day interval for retrieval dates. When running ‘Get-AzRecoveryServicesBackupRecoveryPoint’ you get the following: Sigh.. I just want all my restore […]
Azure Application Insights – No Client Source IP Address
Working with one of your customers this week who is implementing Azure API Management alongside their web applications. We are funnelling all the request logs into an Application Insights services to manage visibility of the end-to-end transaction data. We noticed that all the client GET requests had ‘0.0.0.0’ in Client IP Address. Request Properties Value […]
Upgrading Megaport Cloud Routers
Recently I had the pleasure of upgrade a Megaport Cloud Router (MCR) from version 1 to the new version 2. Version 2 MCR sits on a whole new code base and a side by side migration is required. In this blog I’ll show you how we went about the process, this could also be used […]
ARM Template Role Assignment Learnings
ARM templates are one of those things that the learning curve can be considered steep, but once you get there they make your life so much easier you’re glad you did it. If you’re like me, Google is your friend and whenever you hit an issue with your latest template you resort to searching error […]
Assign Teams phone numbers using Microsoft Forms, Logic Apps and Azure Automation
Sometimes provisioning users into Office 365 services requires custom settings to be executed with PowerShell. This can present a problem when the teams responsible for managing the ongoing process have varying levels of understanding. How do you provide a front end user interface for my custom code without the need for the operators to need […]
Tips for purchasing your next Teams video solution
Here are some notes on selecting Teams Room’s based on physical features. These help enable a positive experience when using Microsoft Teams Room’s
The role of Datacenters
The State of Play Current Enterprise ICT Environments are a mix of various technology stacks. Critical and second-tier systems are from different eras. A mix of modern and legacy applications sit alongside each other. The common challenges are security, manageability and integration of disparate parts. There is some use of public cloud services, but most […]
Automating Azure Site Recovery with PowerShell
In a recent consulting engagement, I’ve needed to perform a large-scale migration of a company’s virtual machine (VM) fleet from an On-premise datacenter to Microsoft Azure. Thinking about what that actually means – We’re picking up many compute workloads that are (in most cases) essential for day to day business operation and re-homing them to […]
AKS in a Security Conscious Enterprise
Containers and in particular Kubernetes popularity has been going from strength to strength of late. Azure Kubernetes Service (AKS) is the blue PaaS-like offering of this where the vendor manages the masters and you just need to maintain the agent nodes, better still you only pay for the compute. But like all things PaaS, while […]
The Cloud – Anagnorisis and Peripeteia
In my work here at Cloudstep we have two distinct sides to our business, a consulting practice “Jtwo Solutions” and a cloud modelling software and services practice “Cloudstep”. Working on both sides of these businesses affords me the benefit of hands on consulting, technical architecture and implementation as well as scenario based cost modelling activities […]
A career with a flammable CV
Planned Obsolescence A baked in part of the design of technology products and an unavoidable side-effect of a career in IT In a discussion with a colleague recently we reflected on how our careers and our CVs race ahead while the invisible fuse line of obsolescence comes along from behind and renders cherished skillsets and […]
Cognito authentication integration with Django using authorization code grant.
Note: Assumed knowledge of AWS Cognito backend configuration and underlying concepts, mostly it’s just the setup from an application integration perspective that is talked about here. Recently we have been working on a Django project where a secure and flexible authentication system was required, as most of our existing structure is on AWS we chose […]
Azure PowerShell ‘Az’ Module
https://azure.microsoft.com/en-us/blog/azure-powershell-az-module-version-1/ Microsoft released a new PowerShell module specifically for Azure late last year called “Az”. On the plus side Az ensures that Windows PowerShell and PowerShell Core users can get the latest Azure tooling from PowerShell on every platform be it Windows PowerShell or PowerShell Core for my preferred operating system macOs. Microsoft state that […]
SD-WAN made easy
I’ll start by asking you two questions: Are you paying too much for your Wide Area Network (WAN)? And, is it the best method of connecting to the public Cloud? At cloudstep.io we are constantly looking for ways to improve our customers connectivity to the public cloud. We consider cloud network connectivity a foundation service […]
Tagging EC2 EBS Volumes in Auto Scaling Groups
Tagging becomes a huge part of your life when in the public cloud. Metadata is thrown around like hotcakes, and why not. At cloudstep.io we preach the ways of the DevOps gods and especially infrastructure as code for repeatable and standardised deployments. This way everything is uniform and everything gets a TAG! I ran into […]
The OVF package is invalid and cannot be deployed – In the trenches with the AWS Discovery Connector
I was working with a customer recently who had trouble deploying the AWS Discovery Connector to their VMware environment. AWS offer this appliance as an OVA file. For those who aren’t aware, OVA (Open Virtualisation Archive) is an open standard used to describe virtual infrastructure to be deployed on a hypervisor of your choice. Typically […]
AWS ECS CloudFormation Fails – Unable to assume the service linked role.
I ran into an interesting issue when building a new ECS Cluster using CloudFormation. The CloudFormation stack would fail on Type: AWS::ECS::Service with error: Unable to assume the service linked role. Please verify that the ECS service linked role exists. (Service: AmazonECS; Status Code: 400; Error Code: InvalidParameterException; Request ID: beadf3d5-3406-11e9-828d-b16cd52796ef) Okay google, what’s this […]
IPv6 – slowly but surely
I first blogged about IPv6 and the reasons for its slow adoption way back in 2014. A lot can change in the world of ICT over the course of five years, but interestingly the reasons for slow adoption I believe have remained somewhat constant. I’ve updated my post to include some new thoughts. The first […]
Planning a move to the cloud with the AWS Application Discovery Service
Here at cloudstep, we love to help our customers achieve their goals. We believe that the cloud is a tool in the toolbox and we can use that multi-facet tool to help our customers realise success. Planning for success starts with goals, and goals come in many different shapes and sizes. For any given solution, […]
YAML it Rhymes with Camel
I’ve blogged before about my passion for automation and the use of ARM templating in the Azure world to eradicate the burden of dull and mundane tasks from the daily routine of system administrators for whom I do consulting for. I loath repetitive tasks, its in this space where subtle differences and inconsistency love to […]
Add VC Accounts to Microsoft Teams Channels with Azure Automation
At cloudstep.io® HQ Microsoft Teams is a big part of how we organise digital asset structure in the business. We are a consulting firm by trade, as new prospects become paying customers we add them as a team. The default General channel is used for administration and accounts, additional channels are created per project name […]
Invest one hour in learning about AWS
Getting educated about cloud services early will make it easier to transition and will burnish your CV nicely too! Amazon Web Services (AWS) offers a free virtual machine instance on AWS Elastic Compute Cloud (EC2). All you have to do is register with an email address and a creditcard. Don’t worry, they really don’t charge your card […]
AWS obtain PROTECTED level certification for Australian Region
Earlier this week Amazon Web Services made a statement, indicating that the battle of tier-one public cloud providers is still heating up. Yesterday Matthew Graham (AWS Head of Security Assurance for Australia and New Zealand) announced that The Australian Cyber Security Centre (ACSC) had awarded PROTECTED certification to AWS for 42 of their cloud services. […]
Using the AWS CLI for Process Automation
Amazon Web Services is a well established cloud provider. In this blog, I am going to explore how we can interface with the orange cloud titan programmatically. First of all, lets explore why we may want to do this. You might be thinking “But hey, the folks at AWS have built a slick web interface which […]
Enabler in Chief
Its time for a re-think of ICT’s role in the business. We should embrace our role as enablers of great works, not the centre of the world. I love what I do. Lately I’ve been playing with IOT. I know very little about electronics. I can read the squiggles on a circuit diagram and I […]
Warm AWS WorkSpaces On a Schedule
AWS WorkSpaces VDI solution has two pricing options that you need to choose between for your implementation. Monthly Hourly (On demand) In my opinion it is always worth attempting to run your WorkSpaces VDI deployment in on-demand where there is chance of cost savings when the virtual desktops can be turned off and you will […]
Backup Palo Alto VM Series Config with Azure Automation
If you have implemented a VM-Series firewall in Azure, AWS or on-premises but don’t have a Panorama Server for your configuration backups. Here is a solutions for getting the firewall configuration into an Azure Blob Storage, this could be done similarly with Lambda and S3 using python and the boto3 library. Why Do This? If […]
QoS for AWS WorkSpaces Client
AWS WorkSpaces is a great low cost Virtual Desktop experience. Extremely easy to get started and build quick images to support your needs. During the implementation you are going to want to provide a Quality of Service policy (QoS) much like you would if you had Citrix or VMWare Horizon on-premises. WorkSpaces is slightly different […]
Azure MFA with Palo Alto Client VPN
Client VPNs have come along way in recent years and are still a necessity for organisations protecting their backend services that cannot be published to the public internet securely. The nirvana is having data presented by web applications and use SAML authentication to any good identity provider that supports MFA. This world still doesn’t exists […]
Get your Flow on. .
I’ve talked before about my passion for automation. I loath doing repetitive tasks and fear inconsistency whilst undertaking them. Its not that I’m lazy, I recognise that people are generally busy and sometimes its hard to maintain focus on repetitive tasks, its easy to forget a step here and there amongst everything else that’s going […]
Cross Region, Peering Pitfalls. .
Ah if only all pitfalls were fun. Remember Pitfall on the Atari 2600. It was the second best selling game after Pac-Man. Pitfall Harry had to negotiate a jungle full of hazardous quicksand, rolling logs, fire and rattle snakes to recover precious treasures. Recently we did some work with a customer where they made use of […]
Lazy Afternoons with Azure ARM Conditionals
Like many IT professionals I spent my early years in the industry working in customer oriented support roles. Working in a support role can be challenging. You are the interface between the people who consume IT services and the complexity of the IT department. You interact with a broad range of people who use the […]
Azure ARM, DevOps and Happy Days
Any application workload you deploy, be it on-premises or in the cloud requires supporting infrastructure. Things like network, storage, web servers, database servers etc. In the good old days we built each layer piece by piece. Virtualisation and then the cloud made this easier, reducing the need to laboriously wrangle with hardware on a day […]
Blog post category filter
Blog post Tag Cloud
ApplicationDiscovery Architecture ARM Automation AWS Azure AzureAD AzureAutomation AzureRM AzureRM DevOps InfrastructureAsCode Templating Azure Site Recovery CloudFormation CloudStep cloudtrail cloudwatch Containers DevOps ec2 ECS Fargate firewall Flow InfrastructureAsCode IoT IPv6 IT Management lambda MFA MicrosoftTeams Networking O365 OVA PaloAlto peering powershell python QOS Security Strategy Templating VDI VMware vpn workspaces YAML