 Hello, everyone, and welcome to the June edition of Wired for Hybrid. This month was a busy one. So Michael and I will get right into it, so stick around. Hey, Michael, how you doing? Awesome, Pierre. How are you? I'm doing good. I'm doing good. Vacation plans on your end? We had a vacation a couple of weeks ago, kind of just hanging around the home for a while. We got something later in July. But maybe take a little bit of extra time over the July 4th weekend. But pretty much just chilling around the house, dealing with the, unfortunately, we're getting the after effects of the Canadian wildfires are finally reached us down here in Wisconsin, which is kind of a tragic thing up there. But I digress. What do you got going up for vacations? Well, based on those fires that are raging up here, I'm kind of playing it by year, so I'm not sure if I'm going to go in July or August. We'll figure it out maybe a little later, if hopefully, though, everything gets under control. But anyway, as I mentioned, this was a busy month. Absolutely. And so like one of the things that we released is actually kind of a it's a twofer, so a two and one. So we had a general release for ICMPV for pings being supported on load balancer. And then finally weeks later, we found out that not only ICPV four, we support V six pings and trace route. So you can use ping and trace route. ICMPV four and V six to verify your load balancer and the workloads behind them. So people might be like, well, I've done this before. Not over ICMP. You probably have not. You've been using other tools like TS ping, some that go over different protocols. But now that we have that support for ICMPV four and V six use using those two tools that are available to pretty much everybody. That's very cool, because we've been waiting for that forever. Yeah, you know, one of the important things for people to remember is that, OK, you're not actually going through the load balancer and to your workloads. Load balancer is taking your request. It's doing the work for you, providing you the request back. OK, so it's not actually going through. It's just the load balancer is telling you, yes, that the workload is there. You're we're good. Absolutely. So, you know, people don't have to worry. Oh, now they opened up ICMP. Now, you know, I got to worry about pings of death and things from the late nineties are going to come back and haunt me. No, you don't have to worry about that. Is that load balancers handling all of that? And chances are that's probably handled somewhere up the stack from load balancer, but you don't have to worry about those back end workloads because they're going to be they'll be perfectly fine. And you'll be able to tell both on-prem so you can do it from your on-prem clients. You can also do it from inside Azure virtual machines as well. If you need to test the load balancers from an Azure VM. And I worked on the documentation with the product team on this. So we have it fully documented for you, whether you're running Windows or Linux, the tools for each platform, we have you totally covered. So definitely check out our documents. If you're interested in this and need more info on it. I mean, it's not for it's not rocket science. It's ping. It's a tool we've been using for 30 odd years. But I think it's an important tool now in your tool set that you can use along with everything else for managing your workloads. Absolutely. I believe your second item is also about load balancer. Absolutely. So one of the things that we just went GA is that Azure load balancer per VM limit has been removed. So previously virtual machines on Azure had a limit to the number of load balancers that they were allowed. So you could have one public and one internal. Now those have been removed and you're just simply limited to the limits for load balancers, virtual machines that are in Azure. And we've got a link for you to go through all of those limits as well. And chances are you're probably not going to be using like a hundred load balancers going to a single VM. But I think there's probably some instances where you'll definitely have multiple VMs or multiple load balancers connecting to a VM or a workload. Well, I can see scenarios where if you've got like your front end and you've got your business logic and you've got your database and you may have like file storage somewhere that some or all of those tiers of your application need to be behind a load balancer depending on how it's architected, of course. Yep. Absolutely. So, you know, as we see our organizations in the cloud starting to scale and starting to get more complex you know, this removes one of those limits for a mature product like load balancer, just simply opening it up based on customer needs and the needs of organizations as they're growing. OK. OK, what's your third item for this month? So the last thing I have for us is related to Azure Firewall. So generally available now have access to policy analytics for Azure Firewall. And this is a pretty cool add on because what this does is this is going to look at your policies and rules and allow you to be able to monitor your policies and rules. Why this might be important is that one of the things that we've seen in the cloud, just like we've been dealing with for decades on prem is that as you use something over a period of time you start layering stuff on top of each other. And as administrators, we all know how hard it is to really see what is the effect of all of these hands that have been in here making changes. So this allows you to be able to get better visibility into the policies and rules that are impacting your organization. So this might be perhaps you've over policy, your organization, and it's both and now you're blocking legitimate traffic because of mismatching rules or maybe because you've have so much stuff going on, you have a new attack threat, but you thought it was covered, but it's not being covered. And you're not sure where, you know, something's going wrong because, you know, somebody might have thrown in a allow rule in there where it should have been a deny. And, you know, that stuff happens when you have people doing all this. So this gives you some great visibility into your firewall, which, you know, I think you can agree with me is probably for your Azure workloads, one of the most important security pieces as part of your Azure networking infrastructure, along with a well architected network network layout. Yeah. And any time you get more visibility and monitoring capabilities into your environment, because monitoring capabilities inherits like alerting and so on and reporting, that's just good practice to have. Absolutely. Absolutely. So that covers mine. So I think you've got some cool stuff for Azure Front Door for us, right? I do. I do. Just like you, you had a two-fer. I have a three-fer, meaning there are three announcements. Pardon me? You're always looking atop me, aren't you? Well, it just happened that way, but it's not a competition, Michael. It is not a competition. No, Azure Front Door, three announcements. Number one is that Azure Front Door integration with managed identity is generally available. And to me, out of the three announcements, this is the one that people should pay the most attention to. It means that your Azure Front Door now can become a managed identity within Azure AD. Could be a system-generated identity or user-generated identity. But because it's got it's now a known entity within Azure and AD, now we can assign some access rights to that. So for example, your Azure Front Door may now would have access or managed access to your key vault for certificates, for secrets that if it needs to access a hardened like storage array or anything of that nature. So that's really big in terms of security. But also eliminating like secret rollover that we have to do all the time if it's configuration based. So now you create a managed identity for your front door and you let Azure manage the rest of it. That's awesome. That's awesome. The number two and number three announcements for Azure Front Door are kind of related. So number one is you can now upgrade from premium or from standard to premium without any downtime. So you go to the portal or you go to your command line to put however you decide to manage your environment and just change the configuration or change the SKU from standard to premium and it's done. There are no migration. There are no downtime. It's just as soon as you turn it on you now have access to those added capabilities that premium gives you and those added capabilities are WAF that's included and also private link at no additional cost. Of course, there's like the Microsoft managed rule set that is not available in standard but is available in a premier or premier premium. And if you have any info, I'll add the link down there for the comparison of the different tiers. The third and final announcement for Front Door is kind of related to that. But if you want to migrate, let's say, or if you want to up your tier from classic and I'm not even sure if you're allowed to deploy classic anymore. I don't think so. I don't think so. We'll make sure that it's in the show notes. Anyways, if you have classic and you want to go to standard or if you want to go to premium because classic, you have to create your profile and if you will go from classic to standard, normally you'd have to recreate your profile or migrate your profile. Now there's a generally available way of doing the migration to automate the migration for you. So it basically takes your profile and moves it over on your behalf without you having to recreate everything manually. Oh, that's cool. Those are the three announcements for Front Door and I think, like I said, the managed identity one is far and beyond the most important, the most valuable one that I can see here. Yeah, for sure. It just allows you to better manage and not have to worry about a bunch of different things. I also think moving the classic to standard standard to premium without downtime. I think that'll help a lot of organizations because there might be times where one of the things you get with premium is you get that bot protection is like, if you're coming under an attack and it's coming from bots and you want to flip the switch on that, if you have to put it into a project and do a migration and stuff like that, nobody wants this. Now you can just go through the process boom, you don't have to worry about your stuff going down. You can bring that protection online. So I think it's, you know, one of the things you've mentioned previously we've talked about throughout these shows, our products are evolving based on our customer feedback and they're not necessarily becoming different. We're just adding those fine tuning to allow you to better utilize these and to provide you the better value and more security and protection in your environments. Yeah, and those changes, as you mentioned, are based on your feedback. And I'm talking to not you, Michael, but the audience watching this. So if you have more feedback, like leave it down here. I will probably give you a link here where you can give your feedback and we'll connect you to the right product group. But it is definitely in response to customer feedback. Awesome. And I think you have one more for us. I do, I do. So the last one is we now have private link support for application gateways. So as you know, application gateway is a layer of four kind of load balancer or a web traffic load balancer. It allows you to like manage incoming traffic to different pools in the back. So nothing has changed. So if you've got, it's still an IP port to IP port, but also making decisions based on if the URI has like video in it, it'll send it to the pool that's like optimized for video and so on. So none of that has changed. Now, what has changed is that the incoming to a load balancer can come from a private endpoint or private link. So what that means is if you have all of your workstations in an hybrid environment, whether they're VDI stations in the cloud or physical stations in your environment connecting through a remote gateway or virtual gateway, you can actually go through your own VNets without ever hitting the internet through that private link to your application. So if it's an internal based application, you can do that. You can do that from different tenants and different subscriptions. So that kind of opens up possibilities in terms of how you secure traffic between your people, your clients and your application. That's awesome. And I think that's, as we're seeing as the growing and the progression of people's cloud workloads is that we're seeing more things that people are working with in the cloud, not just connecting to it, but inside. And so, you know, things like this are great. Again, a great addition to allow you to be able to use that Azure backbone and keep things off the public internet. And so this is a great addition, great, just another great, I'm sure based on hundreds of customers, you know, stuff like that and telemetry and little squirrels finding things. Anyway, we will continue to work on that. And if you continue to give us your feedback, we will continue to make changes. Absolutely. All right. Hey Michael, it was absolutely wonderful to see you again. Last time we talked was right before your vacation. So welcome back and for you at home, please like and subscribe so that you don't miss any of them. We had two deep dives that we published a couple of weeks ago, a few weeks ago. Take a look at those. I'll also put the link down here. And if you have any suggestion as to what kind of Azure or hybrid networking you want us to deep dive in, let us know in the comments below. And with that being said, Michael, thanks for another great participation. Absolutely. Thanks for having me Pierre. Have a good one everybody. Cheers.