 Good morning, everyone. Good morning, Mr. Claus. How are you doing on this fine Friday at 7 a.m. Pacific time? It is a gorgeous and balmy Thirteen degrees outside Canadian Celsius Overcast Drury wet it is a beautiful summer day your spring day here in Seattle today. Isn't that normal for Seattle the I was looking on the news and it looks like Belle Did Bellevue get like a tornado in Canada? overnight, do you know about that? There was a tornado warning in Ottawa yesterday, so that's crazy man Like I still get news. I lived about an hour and a half away from Bellevue Bellevue Belleville, sorry Belleville Belleville in Ontario, and they look like they had literally a tornado rip through there It tore a solar panel off of the roof of the building That's a 14-story apartment building landed on the ground trees down all over the place So I hope you're safe in the Canada's up north away from all the tornadoes my friend. Yeah, we had Week and a half ago two weeks ago. We had a Derrico, which is Not a tornado because it doesn't spin. It's just in one direction but winds of 190 kilometers an hour or 100 close to 120 miles an hour in freedom units and Yeah, it took away like a whole side of my fence became a sale. I was oh Coffee in hand looking out the window going wow. This is wild and all of a sudden my see my fans go nice See here's where I'm gonna be checking up on you right now from my technology perspective because in my monitors I've got different things like we all do when we're doing these live streamcasts is the stream actually live on the YouTubes Because my window on the YouTubes is saying that it still isn't live yet. It says I am watching it's on the Just making sure because I can't see it So you know what it's probably my fault because it is too early in the morning for me But I'm happy to be here my friend that supports you on this. He's at update telling the news The folks for what's going on in and around Microsoft and other things We are new we are live on the YouTubes and Paul Jensen and Johnny chips and Shannon Bennett Sharon Bennett Andrew McCallum Peter to tender are already in the chat having Randall time Peter Peter to tenders in the chat already He is he's also Seattle time zone as well So he's an early riser today. Good morning, right right now, man So what's what's on tap for today? What did you pick out as being interesting news articles that we should be talking about my friend? Well, I went through and there was a lot of different sequel and and Database type announcements For our audience I picked up four that I thought were interesting and I will let you go first with the the first one Well, okay The first one on the list that we chose and so we do the research beforehand We each kind of like do like rock paper scissors and which items we're going to be talking about As it goes through I won on the first one So I got to pick the first one and I decided to pick our good old friend windows admin center Whack as we affectionately call it the windows admin center for azure arc enabled infrastructure Presid is a good friend of ours on the show. He's been on Chatting with us and doing interviews with us over the years He's one of the main one of the main pms for windows admin center has been there since the days that it was called Honolulu, I think it was yeah project Honolulu and anyway, they during the event that we'll be talking about that happened earlier this week later on the show The hybrid event He actually Announced or other people announced that he was demoing The concept of the windows admin center that happens to be azure arc enabled That allows you to manage your infrastructure So for those who don't know windows admin center to free download provided you have a license for windows server Most recent version your license to be able to use it You can install it on individual machines. You then Web browse over to that machine configure it to go off and do things Well, the new version that they have now available for arc enabled infrastructure is actually done through the portal on the azure portal And so long as you have a arc enabled agent Sorry, it's not an agent as your arc enabled system that you want to go off and manage That happens to be on premises or in somebody else's cloud. It doesn't matter which one You can now connect up to it and manage it with the windows admin center interface Without having to have a dedicated box that's running it. So it's it's in the portal It's an azure But then you use the arc connectivity that you get to your multi cloud environment Both on premises and in other people's clouds other hyperscale cloud providers to go off and manage it No VPN required no htps content going through these different connections that sort of stuff required You simply are a matter of going in and using the arc infrastructure to go down and to manage that box so I think that's kind of like the The easy button you compress To manage the infrastructure. Yeah, actually the the if you go down and like simplicity and convenience Which I think are key here So you don't have to like the deploy it you don't have to Set it up You don't you don't end up with the the the authentication headache because of connecting to that server providing the Credentials connecting to that server The second paragraph right there is probably what kind of sums it up for me by default Azure arc provides you with the essential elements to manage your infrastructure centralized security, same governance monitoring policy now with a one-click experience It's all set for you to be able to go off and use it So now the way I like to frame windows admin center and into the way that you go off and manage your systems Obviously you manage your systems at scale. You're using power shell to automate things. You're trying to make things So there's less things you have to use a GUI environment to go off and the touch Or you're managing them inside the azure portal or If you happen to still have a cloud connected version of system center going off and managing things in that way I use it min center to go through and to do more in-depth diagnostics and troubleshooting on a specific box I'm not going to go off and touch all 100 of my domain controllers with as you admit with windows admin center If i'm trying to do something in those individual boxes, but I can holistically look at the boxes Or I can drill in to look and then pop out again drill in to look and pop out again That's kind of how I frame my admin center stuff. Yeah, I like that the admin center the The overview because it gives you a bit of a top-down view of the health of your servers and you can you can check like the event logs and stuff like that without having to Remote into each of them. So as I mentioned in the post Yeah Our dp2 server is great However I prefer to do everything Remotely like rsat or or whack are my friends Yeah, the last thing about windows admin center That i'll mention is simply that um our good friend Who is now on a different team? uh thomas mow already believe I did an interview with persaud. I started persid. Um, not too long ago with the old Azure unblog format and published it inside one of the blogs. So good info in there go take a look And I noticed that it's on our youtube. So if you're already there, uh, please like and subscribe Yeah, like and subscribe to the channel And uh, you know, he's notice how he's taken on a hat persona as well I noticed that but it's the you know trendsetter hats Good fun Yeah, but his hat is more of the um The paperboy hat The newsy we'll call him a newsy newsy. Thomas newsy mower You know, I will point out in the chat there Uh, I just noticed there from Peter the tender that the whack extensions don't potentially load without signing into with your azure credentials again Um, interesting. I haven't actually gone in and verified something like that But something to watch out for um, the documentation is obviously heavily slanted towards Existing editions. This one's just brand new and out and released this week here So, uh, probably a little bit of catch-up time required For some of the specifics, but a good point out there. Peter appreciate it. Yep And I'm sure somebody on our team will, um Run it through its bases and put a blog about it. You got it. I'll add a task to your list my friend Okay, all right What do you got buddy? What do you got? Next is a general ability of the azure bastion ip-based connection I am I am really really, um, happy with this one. Um, as I mentioned, we had the storm A couple weeks ago that's uh in the power fluctuation that caused my edge device to fry So I've replaced it And with a machine now that I can now actually have a site to site vpn to my demo environment All of my servers here, uh under my desk because Where it people we have servers under the desk Um are now arc enabled servers. They're connected to my environment, but with Bastion ip-based connection you can create the the your bastion server Only works for standard, uh skews. So if you're on a basic you upgrade to standard When you enable a private ip When you go to the connect to the bastion server, you say connect it'll ask you which ip address you want to connect to Uh, so I can say from my network in azure, which is like at 10.0.0.0 slash 24 I can say okay 192.168 dot block dot block Not that I want to promote my ip addressing scheme at home And it'll actually go through the site to site vpn and remote desktop into one of my machines at home Then again, um not a Not promoting, uh rdp as a management style However, there are some times where you don't have a choice if you're installing a something that only has An msi that you have to install or whatever you need to do on a server that you can't do remotely This is a great way of Gaining access to all of your machines, uh, whether they're on your vnet where the bastion server is Or if they're in a peered network, so if you've got your vnet in I don't know canada east and you've got another vnet In us west and those vnets are peered You can actually go through the peered network connection and Through one bastion so you don't have to deploy one in every location right connect to all of your machines now Right now it's still uh only ip based so you actually have to know what the ip address of the machine you're connecting to um We've already talked to the product group. They are some stuff that uh, they're thinking about, um, hopefully This will get better, but you got it and you know in just because you mentioned the rdp place For our friends that are not using rdp that are instead using ssh to manage Linux boxes as well Bastion's functionality of being able to do a ssh connection Uh to those individual boxes still works as well too. So it's not necessarily has to be rdp That's the primary thing people use it for so cool stuff man Yeah, that's really cool. Cool stuff. Well, I've you know, I you and I are both, uh, old fashioned you can tell by their beards um Great hair stuff like that. We're old fashioned. Uh and min folks that have been doing stuff sometimes far too long and uh So occasionally when we get into troubleshooting things we have to get into you know, you go down to uh the packet layered People go off and to see what's going on in between individual hosts to do some analysis and troubleshoot some stuff Using using fiddler and other stuff like that so we'll go off and to see what's going on um, well, uh, one of the things that you can do in azure that you can cap for your design Of how you're going to be making something work If you're using images of full vms because you haven't made the transition to start using Containers and deployable containers and stuff like that. Uh, it's something called virtual machine scale sets or vmss Uh, virtual machine scale sets are identical images that are managed as one vm is managed as one Doing specific roles if this is part of your network design Well, if you're looking at trying to do like a health monitor or a is these are these boxes working kind of a monitor you normally would be doing a network watcher connection to those things and the network watcher has been around now for a couple of years at least Uh, if i remember correctly, uh, and they're inside the azure portal you can create, uh, you know a network monitor resource You can then go in and identify end points you want to go off and manage Choose the port you're looking for choose the frequency. Is it healthy? Is it not healthy? You know, put all those good kind of things in there and then have it automated that just goes off and works Well, the thing that's now new for this is it now supports targeting a whole scale set as opposed to individual boxes Because you know, it would really suck having to put in network monitor connections to all 5 000 nodes If you had for some reason a 5 000 node scale set. Um, we don't necessarily go off and do that Not only that is a scale set by definition can grow and shrink right right, so if you don't know how many you're gonna grow to You you end up with a little bit of an issue So basically now, uh available inside the portal when you're making and defining your scale sets So you're a network monitoring resource Uh, you can now go in and target a scale set and it will automatically go through and set up the end points Monitoring piece that will then go in and distribute itself across the size of your scale set as it grows and shrinks I remember I had a really cool demo that a friend of mine made who was one of the pms for scale sets That had a graphical representation Of the status of those individual boxes with like little green circles and things like that And then as you went and grew from 10 to 1 000 you would see all these little green things popping up Um, I got to see if I can dig up that demo someplace It was a good good way to go off and look at it but at least now from an actual use Case scenario of a production environment for monitoring now I can just go in and use the uh network monitor support for the virtual machine scale sets capability and target my scale sets and Protocols timeliness. Is it healthy? Is it not healthy? Give me the status and it just goes off and works. So yeah, that's now available It's now available. We In the old days actually I probably has to have somewhere in my drawers. Uh the um the fluke Like ethernet that like you plug in the cable and you hit the button and it starts collecting all these packets and tells you all of that It's kind of hard to do that in a virtual network. Amen. Where do you plug in the fluke? Welcome to 2005 Cool stuff, man. Yeah, uh, all right. So next one The next and the last one for today, um I did I have a question for you first, uh Do you know of any? Enterprises that would have like super critical systems That's need to absolutely be trusted and absolutely be uh, completely It's not necessarily something for every single organization But when you've got use case scenarios and you're looking for something to work like this Previously you'd have to do it on trusted hardware on premises. You know, it's all there It's got all the the intel bits loaded into it and trusted computing and confidential computing stuff like that That would all have to be in there But I know that we have it available on the azure side of things as well This is the oh, oh, okay. Yeah, this one. Yeah, you've got this. Yeah, so so now we have trusted launch for vms with trusted launch is It's it's a term that collects a whole bunch of different technologies like secure boots tpm virtual tpm, uh all kinds of different Uh technologies to ensure that your machine is uh the attestation of your os So nobody can actually kind of grab a hold and inject something into your os that would make your machine Compromise but that would also Not be picked up by an antivirus of some kind So root kits or stuff like that Now with trusted trusted launch you have all of that that's already available. But now We do support the femoral os disks So basically what that means is you have an image of your disc When that machine starts and Basically, it's like a copy of that image gets mounted either in your vm Tempt drive or in your vm cache. So it actually runs With the vm but when you shut down the vm whatever's in that machine or whatever's in that os Drive does not get written back to the storage account So even if it did get Compromise so if you made this into like a honeypot or something Uh when you shut it down, it doesn't write the os back. So when you start it again, it gets a fresh new Um copy of that ephemeral uh os disk and mounts it again. So it's perfect for stuff like Stateless type of application where you have a number of nodes In your vm scale set for example that are using This image of os Very very quick to to start and because it doesn't have to write it back to the desk It runs in memory or like while the machine is running and then makes your machine so much more Um protected from all of the the bad things that could happen to your machine Very cool, man. It's now available for ga. It's been a preview for a little while And it's been running and going. Um, I personally haven't actually had the instance of creating something like this again The snare is that i've been working with don't actually call for but it's good to know that we continue to bulk up The stuff that we're making available for some of our customers that do require an extra layer of security that they can Then go through and have audits to trust whether or not it's up and working And it's available inside the hyperscale cloud. So very very cool stuff It's now available for ga across all public regions inside of the azure space Yes, so security We're there nice nice, man So, you know, we've been we've been talking about the new stuff But there was an event that took place that that you and I were in the background Yes helping out with earlier this week. Uh, and that was the hybrid event for multi cloud and edge day If you will now we have the link inside the show notes on the blog post to be able to go to but it's, you know Azure hybrid digital event dot event dot microsoft.com. It just rolls off the tongue. You have to go there Wonderful. We're we're great with the naming. You are all right. It's it's it's fantastic Anyway, if you go to the link inside of the environments, uh that we have on the blog post on itops.com Um, you have to still register to attend the event even though the event is done Now once you've registered you then are able to have access to all the on-demand videos That you can play back at, you know, 2x speed if you wanted to or Back at regular speed your call But the part that I want to call it for this one here that you and I were helping out with Was, you know, we were doing Q and a questions and answering stuff in the background during the live keynote portions of stuff, but um A little bit further down on the resource page like you have up on the screen right now You can see a series of five different Well, technically four different plus the main one if I remember correctly five different On-demand sessions that have the next level of depth of content because this is an event and it does have Some good awareness material. It's out there, but to go the next level of depth that's in there You'll find a number of different sessions. You can go off and watch on your own time From some of our good friends that you may recognize I think even thomas managed to sneak himself in there at once But the main main speakers and the main event that you saw that we were helping out with you can see there We had all the execs the vp's that were there our good friend erin chapel Rowan soames was there too Andrew conway came in and talked some security stuff there too Jeremy winter took a brief little visit as well doing some stuff on the on the azure arc side of things So lots of cool stuff in there But I would pay particular attention to the on-demand sessions that were recorded And available if you scroll down the page to find those resources for those extra ones That's the main thing I want to call out for that Yeah, and and uh jason hansen as a great conversation with actual it people from Greg's and wolverine and million mbcp Yeah Actually, that's the first one the first one right here. Oh cool. Where hey I said cool cool stuff. Yep So go ahead and go by and uh lig sin too those things Ah, uh, where's my mouse? Oh, there it is Too many monitors Simplify my friends simplify. I should simplify There's something else that's going on this week In terms of community event There's this little thing called uh patch and switch that I think has a show today Oh, yes. Yep. We're getting on to that one there. Uh, it's been a while since we've had a show It's a good just basically a good bunch of fun uh talking about some stuff and um it's gonna be uh A little bit rusty maybe maybe not because uh our cohort in crime who runs the switcher for us Steve the audio guy aka jared shockly Has already started his um rv tour across north america and so he Hopefully has found a stable uh parking spot outside of starbucks to be able to get enough connectivity To run the show we'll find out because we don't run the show inside of the cloud like stream yard Like we do with this one. It's actually run through his obs box that he runs off of his rv So a little dicey on the stuff. Did you mind being on standby for us my friend? I would but uh, I would be uh on a plane at that time Oh, uh, that might be a little bit hard. Um, yeah, I don't think I don't think the wi-fi on air canada in-flight system would support me um Streaming a show good point. Good point. Well, we'll see what happens. Uh, that's if you're in europe, uh, come and see me at the psconf.eu so the power shell conference in vienna I'll be there. So did I approve that? I didn't do that Wow, I know that was this weekend It's this yep psconf.eu That's right. What day Uh Think about it think hard because you're going to it next week. I think it's monday through uh tuesday through friday There you go psconf.eu if you're in town and you've got tickets to go Go see mr. Pierre Hamas If you're around vienna and you don't have tickets and you want to uh meet and chat and maybe a meet-up Never know. Yep. It could be there too. Cool stuff, man And I believe april's going to that one too. Isn't she she is she is so uh, she'll be coming in on sunday I believe yeah, she's got a triathlon race or something like that. She has to go to first Yeah, I don't move that fast. So far too much exercise for me And to conclude this episode of az update We have our learn module of the week is learn learn microsoft docs.microsoft.com slash learn is your one-stop shop for everything in terms of learning The azure intricacies and we're doing the one that is uh semi related to the news that we talked about today, which is azure bastion Um, which basically you can go through to connect the virtual machine using azure bastion through the azure portal This is obviously a little bit dated But if you've never used azure bastion before it basically walks you through how to go up to it how to connect up to it How to configure machines to use azure bastion? Uh, it's quite nice little walk through to get to go through it eight different units Really six different units because the first one the last one are kind of like intro and extra type stuff I remember correctly, but uh, it's not too bad set it up take a look at it Check it out azure bastion is a good friend of ours Good way to connect up to your machines and microsoft learns a great way to go off and to try it out Yes, and this one You say it's a little dated but there hasn't been that many changes to bastion since it came out Other than what we just announced in terms of the private ip Uh connectivity with bastion which you can Turn on so you don't have to redeploy if you already have a bastion server So go through the learn module set it up then turn on the private ip Cool, and you're good to go That works man. That works Then here in north america. I think this weekend is also um Father's day is a nine Is it So that's our social banter for the day folks. Thank you very much very smooth and rehearsed As you can tell Uh, I wish you a happy father's day in north america Well, happy father's day to you too. You know, I appreciate it. Although most of my kids are awake, so It's gonna be uh, it's because I noted I mentioned this only because I think in the uh, Paul jensen mentions here in the chat Sausages and beer with pier and vienna is possible Uh, someone also mentioned the barbecue time So I have a brisket that's in my fridge that i'm going to be uh smoking this weekend with my son who is here Uh separating the point from the flat and then turning that into burnt ends Uh inside the barbecue So that's happening in the claus household this weekend I did that I did that last weekend with uh, four pounds of bacon bacon ends. Oh very nice That was really really good. You got it man. Well, thanks for having me on the show. I appreciate it Thanks for coming uh coming in and uh being my co-pilot on this one and for all of you at home Thank you very much for joining us. Uh, stay safe and uh join us next week for another episode of az update Cheers. See you