 And welcome back to another episode of a Zed update. I'm Anthony Bartolo joined today by producer Pierre producer Pierre How's it going sir? I'm good. How are you good good? I decided to change it up a little bit today I usually don the the blazer, but I wanted to feel how it felt to wear a championship Jersey Well, because your team because your team has been eliminated. It's officially Springs the Leafs are eliminated So for those of you don't know Toronto Maple Leafs hockey team eliminated last week from Run one of the playoffs yet again haven't won a first round since 2004. Yes, and your Montreal Canadians are still going exactly My team eliminated your team. So it's kind of doubly sweet but the plethora of goals The plethora of goals Chelsea won the Premier League and I had this Jersey kicking around It's the old Bartolo Jersey that used to play for a team So I figured let's try it. What a what a championship Jersey looks like Are you fully kidded out right now? I got the shorts and the socks the high the knee-high socks and Show that on camera. Nope, please. Please don't So I Wanted to do something different today. I wanted to talk about Your post that you had shared yesterday because it caused a plethora of conversations And I'm gonna be drunk by the end of this So everything that's going on right now in terms of conversation you wrote a post yesterday on faking DDNS With Azure services, let's talk about this a lot of people, you know, chime in immediately said, you know Could do this so many different ways, you know, why are you doing this way? Let's talk about why you did it first? well Since the beginning of the pandemic like I've set up a machine a network at home Well, I always had a network at home But now I've got like a dedicated VLAN for my office and my stuff I picked up all of the old machines that I had some old laptops some old desktops some virtual machines on on a beefy machine and Now I've got like a full domain code because we keep talking about hybrid because this is our sweet spot and how we use cloud services to And if you want to demo something like that, you you actually kind of have to have an hybrid environment to kind of work with So I've got my domain controller. I've got like some servers and give them working some like sequel work or like very demo workloads And I'm thinking okay now The stay-at-home order has been lifted the vaccinations going well I know there's a couple events that are already scheduled for November for in person I was talking to our friend Scott Kate who's telling me that he's going to a hybrid Events next week hybrid as in it's both online and in person So I'm thinking okay, how am I going to access this in for this or this environment once I've got Once we want to start working again. My ISP seems to be Little weird on how they manage the the IP address It could stay the same for weeks and then also in what in the spend of one week. It'll change five times So I can't depend on my IP address being the same so I can remote into my environment So I wanted to hey in Canada in Canada We have the situation where the ISPs, you know, it's it's dynamic Adjustment of IPs for your home service if you want to go for a full business service. It's very expensive It's not a it's not a you know an expensive endeavor and you have the scenario where you're paying all this money But the service is the same you just have a static IP assigned to your endpoint So that's why this has been such a great post to be shared out because you alleviate all that I know there are other other services that are out there like Dine DNS that provide similar services But you actually went through and built out the solution and you incorporated this a Raspberry Pi to my understanding as well as your gateway Yeah, so I've got I've already have my wired connect calm Zone managed in Azure DNS and that was at the beginning as a demo of what you can do with Azure DNS So I'm thinking I don't want to be Wired canuck dots dy and DNS like I don't want to use somebody else's network or Name I want to use my own because I own it. I paid for it. I want to use it And it was kind of like that the fun factor of trying to figure out how to fake DDNS with Azure DNS because Azure DNS doesn't support DDNS and it doesn't support zone transfers So it's not like I could get take my internal server and configure it to send up the zone To to Azure doesn't support that yet So I had to figure out how to do it and Some people on reddit jumped in and said yeah I'll your way was a little bit more convoluted and and way more complicated than it needs to be you could do it in a single command line Yes, however, I want this to run in the background every 12 hours I don't want to have to put my credentials in there. I don't want to have to log in every time it runs So I needed to figure out a way to do it securely That can grow so I can actually have that same script running on other devices And just pass a different name so it'll update a different record So and the way I got it done is internally my dns Is sitting on a raspberry pi So I've got my dns for the inside the house. I've got my own resolver So I'm not using my isp's dns. Therefore, they're not tracking where I'm going And I've got a piehole to uh Cut on advertisement in the house So I figured while it's already there it's running it's It's a linux base the right now it's running on dibion Linux, so I figured I'll just put it on there. So the way I'm doing it and let me share my screen Is I've got a um In a resource group. I've got I created a Azure function And the azure function, uh, first of all I under identity I gave it a managed identity. So therefore I can Granually assign the rights to that function as what it's allowed to do and for the Role assignments that I've got on that one is See if that one is loading. Yes, it's loading I've got dns zone contributor assigned to that function. So it can only update records In that zone. It can't create a new zone. They can't Set permissions to that zone. They can't change a configuration. It can only update the records that are in there So that's fairly secure. So if that even gets compromised There's not much they can do other than change the ip and basically hijack my website, but that's right beside the point Now if I go back to my Uh function I've just got a little function in here. That's Uh called update dns record It's triggered by an htp or webhook And what it does is it gets the webhook and it looks at either the query or the body So depending on how I'm sending that information, it'll get the name and the ip address that I'm passing It'll check the record that's already in azure dns If the record doesn't exist for some reason if I deleted it It will go and uh recreated If it so if it doesn't exist, it'll recreate it if it does exist It checks the old ip with the one I just passed If it's the same it does nothing and it's exits if it's not the same Then it creates a record set and updates the record set in dns and then it kicks out Now on prem I'm running this as I mentioned on a Raspberry Pi and I apologize for the dark mode online. It's a little harder to see But it's really just one function to get my external ip So I just checked what my external ip is I have a regex pattern to just identify to make sure that I'm actually passing an ip address and not something else If it is an ip address, then I return it And I look and I do a dig home.wireconnect.com Which means I'm going to go to my dns already To see if that id ip address exists if it does Then I don't need to update it so I exit if it doesn't or if it's not the same Then I build the webhook and I send the I send the the the webhook back to azure and then it updates So by checking first, I'm not running the serverless function as often as I need to and That way I'm not really costing too much money and in terms of cost I looked at my cost analysis for for that solution And according to I'm trying to see if it's a come back here It's taken a while to refresh But according to this it's going to cost me 31 cents for the month I Could do this with an outside service, but it would cost me a lot more in terms of subscription It'd be a lot easier, but you know not not as fun not as fun Now when the new ip is being addressed To your location Is there a gap in terms of you know, how long until The service picks up. Hey, you know the ip has been changed I need to change that in the registry. Is there a gap that you're actually down for that time? Yeah, possibly Because right now my script runs in a cron job Every 12 hours Okay, so it runs at midnight and it runs at noon Twice a day But if you realize that you you have no connectivity You're obviously going to run the script manually so it'll pick up the address right away, right? Well, if I'm home Yes, but if I'm away, I'm kind of stuck because uh Now I have no way of getting in To run the script manually to update the address So it's like a chicken and egg thing right, right Uh My next trick will be to Set it up so that it monitors Like every like I have a script that constantly run like 24 hours a day and every Minute checks And then if it changes then Kick the kick started so But I wanted to keep say keep it simple for the first try plus it was a way for me to Illustrate how With a little bit of imagination and a little bit of creativity you can use multiple azure services To fix an issue that you would have on prem Even though though the individual services that you're dealing don't necessarily support the scenario that you want to achieve So and that's the thing right and it's about what you're trying to achieve As opposed to yes all these solutions are out there and and all these capabilities are available But it's more so the I need to do specifically this right and so in your instance, you know You wanted to incorporate a lot of you had already had piehole in your in your architecture You wanted to incorporate that. Uh, I think you know, it was brilliant in terms of what you did The blog post that details everything is shared on it ops talk I got tons of pie holes. I'm fine They're they're so but not pie holes, but the raspberry pies. They're so cheap and well, I like I use them who Again in my living room on the soundbar in the shed in the background and backyard by the pool There's an old stereo system with some speakers Uh, it's close enough to connect to my network. Uh, so I turned these into raspberry and not raspberry. Um Spotify Endpoint so I could just use my phone and say play outside and then it starts so just So a couple things that come up in the in the chat room too. Uh, ad new mcclellan was talking about uh using splash top because The isp is in the uk brought uh block team weaver. So it's hard to unblock it Uh to bypass you splash tops and some clog clients like log me in. Um, we have paul jensen joining us He's saying hey, was that a continuum doc? I just saw No So really cool. Uh paul jensen actually has a splurge Uh didn't have it run what splurge and haven't run every oh no He's telling you to splurge and haven't run every six hours at 62 cents I don't know if I can afford that buddy Sorry paul you have to give up on that on that timmy's coffee. You wouldn't have been able to have that in the morning I haven't been to tim's in probably a year Yeah Pandemic does that doesn't it? Um It's good morning to adria mcclellan. Good morning to paul jensen. Uh, we have j shock up here too I believe we also had uh, I thought we had uh Nope j shock is there paul jensen adria mcclellan Uh, good morning to you all. Uh, rabbit jenior is also in here as well. Um, awesome to see you all in the chat room Shall we start with the news? Yes All right, let's go It's going to be one of those shows today. All right. So first up, uh as your security center ga and public preview updates there are a plethora of updates I'm going to say that a lot today. There's going to be a lot of drinking of water and coffee this morning. Uh And yes, it is coffee Coffee new recommendations to enable trust launched capabilities Is is in preview. I'm going to couple mention a couple and this was a big one because You can actually have your resources slated as trusted resources to gain access to solutions and only allow those resources to do so Uh new recommendations for hardening of kubernetes kubernetes clusters another big one Um, you know, if you're deploying kubernetes into your environment into your architecture You want to make sure that you're putting your best foot forward for all security practices So this is also available in preview to provide suggestions in terms of setup As as your defender for dns, uh and for defender for resource manager So now that's become general availability This does the tracking inside of your dns and inside of your resource manager to ensure that all security capabilities are taking a that are addressed for capabilities What else have we got? We have open source relational databases. You might you may have heard the post-scree sequel announcement at build where there's a free tier zero This will now go through and and do an understanding of all your open source database relational databases made available to your organization to ensure security being capable and and In this is addressing all attacks that are coming up in that perspective What's going on? It's a mouthful It's a mouthful. It is a mouthful chat rooms on fire is a lot You know, if you're if you're watching the show live definitely jump in the chat room a lot of conversations going on right now Sounds like it's it's very warm in the uk right now, which is really cool. Um, what else we got? So acid inventory to get gets a cloud filter environment You can refine the connection points of your devices to your azure services using the filter hugely popular in iot and edge computing Scenarios, but obviously in a hybrid scenario too if you have servers on on premises Actually, I've seen a lot of manufacturers see just announced a new server terminal That you can create it's a it's a almost like an edge computing device that can run windows server for Whatever instance you want to run it for or Linux if you want to run Linux For the management of iot devices that are not smart So we have that delineation now of iot devices that just capture information and can't do any Compute they'll actually go to a gateway, which will be this seed server We should we should see we reach out to them and they can lend us one to play with for a bit And then that would do all the computation and the results would then be put up to azure, which is pretty cool. Yep Now I find um azure security center or any of the azure services that consolidate information from a plethora of different sources Uh, it's great because because you get All of the information you need in order to have a meaningful analysis of your Um posture like your security posture If something's happening, you can actually drill down and figure out where the weak point was and address it It's typically a user somewhere in your environment, but you can still address that person or that user or that machine So in our latest blog post, we've also included the video with sarah young Who does a fantastic job of going through the you know introductions of azure security center? We have not doubled with that before Check it out aka.ms4 slash az update show for all the blog posts that pertain to the show And all the articles that we're talking the news that we're talking about and their corresponding links to get more information Yep here you're up next. I am up next Give me a second here. I'm driving at the same time So azure site recovery has moved to a um monthly update or monthly cadence A little bit like a patch tuesday, but for azure site recovery So in its monthly cadence it allows them to fix some issues and also enhance existing services so This month, uh, they've added support for configuring ubuntu 20.04 learn long term lts As a master target server This wasn't possible before I think it was 18.04 was the last one that was supported and now 20.04 supported also Things that have they added to it is added linux supports for if you want to move or protect the machine from azure to azure So now oracle linux 8.2 and 8.3 are supported, but they're also supported if you're doing it Vis uh vmware physical to azure. So right now the oracle linux 8.2 and 8.3 are now fully Protected whether they're on prem or in the cloud in terms of uh disaster recovery We've also made a lot of changes in terms of um api support for protection of vmm flex And if you don't know what vmm flex is, uh, we are working on a series with the vmm flex product group That will be keep an eye on it opstock.com. Uh, that'll be coming to you shortly vmm flex is really a new way of addressing scalability and availability for vm's It's in preview right now. I think it's in private preview right now, uh, but it greatly Enables it greatly enhances What you can do with the virtual machine scale sets How you can manage them how you can deploy them how you can scale them Uh, so keep an eye on that one, but they've already added some of the rest api support for vmm flex in azure site recovery However, uh, it's still not support when vmm vmss flex scales up Now those machines that have been scaled up are not protected by default. So Because it's in preview, there's still some work to be done, but that's about it for now And of course, uh, they are some bug fix on terms of like portal Issues that they had but one of the big things is that we have now got support for cross continental disaster recovery So if you think that uh, the america is is going to suddenly sink into the ocean And you want to protect anything from the u.s to another continent? It's now supported, but it's only supported in three region pairs. So we've got Let me make the list uh southeast asia is paired with australia southeast Southeast asia is also paired with australia east and west europe is paired with south central u.s So for north america europe, that's the pair and from southeast from asia and australia Those are the pairs so you can set up your environment to be protected across continents That was it. So that was it So the big thing to note too is that roll up 55 was actually announced in april under public preview Uh, and this is why you know, it's so important that you provide your feedback It's taken to this time uh to go to to ga because they incorporated a lot of the suggestions and the feedback That was provided and that's why it's so important for you to do so so, you know Going through the you know any of the public reviews that are being shared out like what we reported before on azure security center You know, we're very grateful for you to go out and test out the functionality and provide the feedback So that we can then go forward and or microsoft engineers can go forward and make the adjustments required To ensure that it achieves and meets the needs of a lot of people that are out there in terms of services being deployed But because it's a monthly cadence now if we miss this month, then they'll be Like if you can work on it for next month, so keep your feedback coming the link is right here below And we'll make sure to pass it on to the product group Let's continue on so next up. There are a plethora of updates for azure cost management and billing It's an update show there's there was so many updates and i'm so so surprised that all these got announced after bill Usually it's the week of bill that all these updates come out So cost management and billing updates if you're faking your own bdns Implementation and you're worried about the 62 cents. You can capture it. You don't want your costment 31 cents Sorry 32 is if you've read it every six hours instead of every 12, right? So so in this scenario here, it's talking about all the updates that are coming to azure cost management and billing updates I can't tell you how many organizations have reached out to talk about this I know sanya cuff has written a couple of articles about this as well So great to have an understanding and to budget in terms of your cloud spend The one thing I really want to focus on on is if you are using cloud nine prior to azure cost management billing You have until the end of this month To get off it and to go on to the azure cost management because it is retiring the arrogant retire of the service I wanted to make sure that everybody was aware of that There's also new cost management labs. So when new services come out They're now being included into azure cost management for the understanding of what your spend is Possibly going to be and so these new labs show you how to include those services From a cost perspective to have an understanding of what your budget should be for the services being deployed And it's important because when you're talking to the organization in cloud implementation from a hybrid or In cloud scenario, you want to make sure that your organization is prepared to understand This is what you need to forecast for budget for this implementation And what the roi is at the end of this when you've done the deployment yep Keeping an eye on your cost is always always a good idea You don't want to end up spending money on resources that are not Utilized effectively or efficiently Um Like I said, I can run my dns on and around the raspberry pi that costs me 35 bucks Or I could take a full-size machine and run the exact same thing Which one's more efficient for that particular role? That's the one so In your azure uh environment, uh keeping an eye on how those resources are being utilized and which one Are actually costing you the most uh Are they really uh using The full potential or are you really using all if you've got a g5 machines that's running at 2% utilization Maybe downsizing would be a good idea. Anyway, so Let's continue. Why we got five minutes left to the show. Uh, let's go into the events I know it's gone by so quickly uh empowering teams So microsoft is throwing an event On june the 8th and it's all about how to best put your put your best foot forward for your deployment of teams For your management of teams if applications need to be created or deployed and it's your team utilization Communication strategies great session completely free for anybody to join you can register here Again, all the links for the events are available on the itopstalk.com blog or uh via aka.ms for slash az update show It's also been a fortnight and we have testing and production with producer pierre and steve the audio guy got it right this time So, uh, I was waiting for it And check out their show today. Uh, the link again is inside the blog for you to go in it It's completely free and it's on twitch. Uh, so you get to participate that way Last but not least hello world is the daily show that happens every day At 1 p.m. Eastern standard time talking from everything that microsoft services has to provide from an operational to developer Perspective it's great to see, you know, a lot of the participation from the engineering product groups coming in and talking about their services and their Wears, uh, so definitely check out this show as well Last but not least the microsoft learn module of the week and producer pierre this one was picked out by you that coincides with the faking dds blog post talk talk to us about it. Yes, um we're operations folks we're it pros and all of our careers we've worked with different tools to automate our environment And sometimes we kind of like And i'm not i don't want to generalize here, but i've i've talked to some people who have a kind of a blinders on where Oh, i'm not using that that's a developer tool that's that's for developers and I wanted to prove that even though It's a developer it was built for developer. It can be leveraged by operations in order to automate stuff so azure functions is a great way of having power shell with proper rights and proper permissions effect change or effect Automation tasks in your environment whether it's on prem or well actually azure functions is Azure automation it can be hybrid, but you can Trigger them with a web hook and the web hook is very easy. It can be secured You can revoke the keys and change the keys when you need to So I thought that this was a great way to have a A little look into how you can use that and build azure functions with triggers So that you can build your power shell scripts In well, there could be power shell. They could be python They could be any kind of scripts and put them into a function So you don't have to maintain a vm just to run that script and trigger them In plethora of different ways This has been the plethora of update show Uh producer pierre we have one minute left. What's the best way to get a hold of you? I am and always will be at wired canuck And if you want to get a hold of me for some reason you can do so on twitter at wireless live producer pierre Thank you for co-hosting the show today. It was really awesome to do so in fun time For the plethora of jokes that we had all show Everybody have a safe and wonderful weekend and we'll see you all next Friday Cheers