Author: rzomerman
-
Azure 3rd party firewalls and VPN
A lot of customers on Azure want to use the 3rd party firewalls that are available in the Azure Marketplace. But when it comes to Site2Site VPN connections, sometimes it doesn’t work as expected. Especially when using different vendors on-premises.. Why? let’s find out…
-
Azure for the Enterprise
Congratulations!, you got your Enterprise Agreement enhanced with Azure!, now what’s next, you got activation emails and you want subscriptions, but who manages subscriptions? what if the company is rather complex and you don’t want the IT admin in charge of all subscriptions let alone view the company global spending on Azure services? In short,…
-
ADFS on Azure
Azure Active Directory and thus any relying party on that service (such as Office 365) has two different modes for (your) custom domains that are added to it. Managed and Federated. Managed means that the authentication happens against the Azure Active Directory. The password (-hashes) of the user accounts are in Azure AD and no…
-
Checkpoint with Azure VPN (new version)
These are my notes on the newer Checkpoint VPN stuff.. but still working on actually testing them.. – I put a 2016 date on it to remove it from the main page.. Seems the MSS clamping on Azure VPN’s needs to be 1350, my PPPOE adapter needed to be 1492 for du Connections. Note: MTU…
-
ImmutableID – mS-DS-ConsistencyGuid – AADSync
Paul Williams talked in his blog about using another attribute from on-premises Ad’s to act as the ImmutableID for Azure Active Directory (http://blog.msresource.net/2014/03/10/windows-azure-active-directory-connector-part-3-immutable-id/) While making a very detailed blog entry on why and which attribute to choose, there wasn’t a guide on how to make this work in AADSync. [update 21-Aug-2017: The latest version of…
-
Pass the Hash
When you create a new forest or new domain, you use the Domain Admin credentials. Through the use of the “Administrator” account you can control each and every workstation and server. You can install Exchange, System Center products and much much more. But Microsoft is probably thinking twice now about the framework they have chosen…
-
Azure Networking S2S + P2S
In a previous post we looked at the ability of creating a Site-2-Site connection from Checkpoint to Azure using a Dynamic Gateway. In this post, we look at client-dialup (VPN) into the Azure network and establish routing between all the sites involved.
-
RDS Gateway through WAP
I’ve been trying to get RDS Gateway to work behind my WAP proxy server which is included in Windows Server 2012 R2 and v.Next version. While it is possible to implement ADFS based authentication based on the URL: http://technet.microsoft.com/en-us/library/dn765486.aspx But what if we wanted to publish the simple RDS Gateway on our backend server for…
-
Azure VPN with Checkpoint FW
In this post, how to configure a Site2Site VPN connecting using a Checkpoint firewall. [EDIT: The instructions below are for R77, which is a really old version. I’m currently writing the instructions for the R80.20 version, but it seems it’s a bit harder to get the S2S tunnel up and stable.. certainly on my PPPOE…
-
Geo-Clustering
Geo Clustering exists in many options, and dependent highly on the requirements and technical capability. This post is to discuss some options and things to consider before deploying any geo-cluster. Data GEO- Redundancy The first dependency in clustering is storage capability. Data from the workload in the cluster will be written to disk and that…