Tag: Azure

  • Azure Sovereign Controls

    I’ve talked about sovereignty in Azure (or cloud in general) before.. and we are going to dive a little deeper into it this time. What is it, how do you configure it, and what guardrails can you put in place? TLDR: I’ve created a few policies that mandate Managed HSM encryption for (supporting) Azure Services.…

  • Hyperscale hardware versus “cloud”

    When talking about sovereignty the most heard comment is that cloud provider can replace the big hyperscalers and that its super easy to move. In this post I wanted to go a bit deeper into why I think that’s a myth on hardware basis alone. Most “localized” cloud providers run on commodity hardware: Dell/HP/Lenovo/white box…

  • Azure VM Disk Encryption Options

    Azure provides multiple types of Disk Encryption options. But apart from their features (when you can use which one), lets dive into the how they actually work and differentiate from each other. So this post, in line with Azure for Sovereignty goes into the disk encryption options for Virtual Machines. We have four options for…

  • Azure Confidential VM’s made easy

    There has been a lot of talking about “sovereign” clouds lately. How do you secure your data in the cloud from the CSP (cloud provider) being able to access your data and give it away to regulators? Microsoft has a very clear view on the “cloud-act” and now is working hard to make sure they…

  • Client Side Encryption (CSE) & Confidential Computing

    In the previous post, I detailed the Server-Side-Encryption and the initial trust that someone must have in the cloud provider. I’ve also demonstrated how confidential compute helps in that trust with regards to Managed HSM and how a blind trust in a “Hold-Your-Own-Key” might be misplaced. While server side encryption relies on the services to…

  • External Key Store vs Azure Managed HSM

    A comparison of two options for secure key storage and cryptographic operations Introduction Cryptographic keys are essential for protecting sensitive data and ensuring the integrity and authenticity of digital transactions. However, storing and managing these keys securely can be challenging, especially in cloud environments where parts of the encryption process is managed by the cloud…

  • Availability Zones & DR

    Disaster Recovery – how to recover your application if a disaster occurs. Disaster Recovery is part of what we call “resilience” today. Resilience is the how to ensure that our applications are reliable or recoverable. This is a different approach and view of the more legacy “disaster recovery” environment where a cold (or warm) standby…

  • Availability Zones VM Conversion

    As a continuation of my AZGateway migration scripts I entered the scripting world again for the migration of VMs. As anything worth doing is worth doing twice I actually wrote the entire script and then found out the Microsoft Azure SAP team already had something lined up. While their script did migrate VM’s there were…

  • Availability Zones Gateway Conversion

    As promised, I would cover Availability Zones a bit more in the next few posts. If your Azure region supports Availability Zones you probably want to use them. Yes the services are a bit more expensive but you gain a higher SLA and the ability to adopt an active-active infrastructure. This active-active infrastructure usually starts…

  • Azure Availability Zones Mapping Checker

    Microsoft is working hard to make “Availability Zones” available for most of their primary Azure regions. What is an Availability Zone will be covered later in another blog post, including why you should use it, what advantages it brings and more importantly (as most of the previous is covered by Microsoft documentation) – how do…

  • BGP Filters in Juniper

    So, this topic might be a bit too short for you, and I’m sure your BGP filters in your SRX are way more advanced. But for the simpler people like me that just need to get something done; this one is for you. When I did the AnyCast DNS setup using BGP at home and…

  • when Azure subscriptions make sense

    I wanted to write this post on when to decide on a new subscription or not.. but then it turned to security – which – as many of you know is close to me as well.. so while the beginning of this post is about “when to choose a new Azure subscription” the conclusion is:…