 So Mikey, what are we doing this week? What are we doing? Uh, I think We're in Bellevue, right? We're in Bellevue Bellevue Bellevue Power sauce on it. Yes. Yes. Yes. Yes, but we're forgetting something. Oh, yeah Wired for hybrid. What's new and virtual networking? Yeah, I guess we have to find some spots and Record the episode Maybe we should go over there. All right, let's go go Hello everyone Welcome back to another edition of wired for hybrid this week. We're doing a different kind of networking Instead of being each in our respective closets slash basements as we normally are We are in person at the PowerShell and automation summit in Bellevue, Washington It's kind of cool to be back with people. It is it's it's kind of weird in one sense But it is pretty awesome to be back at a conference You know having those hallway sessions, which are the best sessions. Yep, and you know just being able to reconnect with Communities. Yeah with communities and know that there are still some awesome communities out there people doing some great work and Just a great great week so far and we've got one more day left one more day You've got a session tomorrow, right? I have a session on AI generated code in the enterprise. Oh, that sounds pretty cool You're doing some of the Shit GPT stuff. No, I'm not chat GPT. I might be doing some co-pilot stuff. It's still Finishing the talk tonight. No, it's done for once. That's that's awesome That's awesome Normally it's like the hour before but no it's actually done very cool Yeah, so if you are part of a community if you are a coder a network administrator an IT pro whatever label you put on yourself And you're part of a community get involved People are great Let's talk We need your we need you to talk to us. Anyway I Been in your basement too long. I've been in my basement too long. I've been in my basement too long Okay, so let's get started. So Mike. What's the the first item you have this week? The first item we have this week is pretty exciting one. Yeah, I'm I am a little biased a little Little biased is a little because I am the content developer aka writer for Azure Virtual Network Manager and I think we mentioned this from time to time but but a few weeks back as your virtual network manager or AVNM as we like to call it because we love our acronyms. Yep went generally available So it is now available for customers to use to do Hub-spoke configuration. So what AVNM does for you is It allows you to centrally manage Your virtual networks and the interconnectivity of them and the interconnectivity of them Through a couple of different options. We have the first which is GA For hub-spoke is connectivity configuration. Yep. What that allows you to do is it allows you to to group Create a policy. Mm-hmm in general you create a policy. Yep. It allows you to define I want These virtual networks to be in this spoke I want these virtual networks to be in the hub and then it goes So we can do that manually or We can actually use Azure policy The first time that Dynamically so what's great about that is that many organizations grow you add virtual networks. Yes Just like on-prem when you add new stuff in if you're not keeping track of it, you might miss it So what will happen is that? let's say you create a Azure policy that defines group membership based on a specific part of the name of the Virtual network. Okay Say it's proud Then a new virtual network that comes on that's proud will become part of that and you don't have to do anything So you don't end up with like Horfin networks somewhere. So you could have in your hub For example your your Azure monitor resources your your backup vaults or like all of the stuff to manage the rest of your network Could be in the hub and then as you're deploying new virtual networks with Workloads they automatically connect because of the policy. Yep Absolutely outstanding. So it's so it's super cool The other part of it is so you can do mesh configuration as well and That is going to be common generally available in the future a little bit We also have security admin roles. So with security admin roles What these allow you to do is we're all familiar with NSGs or we should network security groups should be the bane of my Existent in some cases. Yep. The problem with NSGs is You have to define them at all of the different levels. So what we can do with security admin rules is we can create levels and We can create memberships for the virtual networks to apply to specific groupings So let's say our organization wants to block SSH and RDP for all virtual networks Okay, we can create a blanket rule at the top of our organization. So People can't erently or By choice turn those on what we can also do is we have some flexibility in when we decide Do we completely ban the use of that or we can leave it open to Specific groups of virtual networks, okay to be able to use NSGs Then if there's a if there's a business need for it. Absolutely. So then and you know, you can think of it both ways you could have a Perhaps something you want open Everything so it's gonna work just like it's gonna you can either like a firewall. Yep You can block or allow, you know those sorts of things. So Super super cool That's coming along along with that, which is super exciting next week We're gonna be talking with Andrea Michael who is I work with Andrea on a day-to-day basis. She's fantastic Yeah, she's amazing. She's the product manager one of the product managers along with Jay Lee For Azure Virtual Network Manager her and I and PR are gonna sit down We're gonna deep dive into Azure Virtual Network Manager and because It's such a cool project product and there's a ton of stuff We're gonna cover next week. We're gonna cover Virtual Network Manager and hub spoke then we're gonna come back Once security admin rules and mash and then any of the new features that I get lit up. Yep We're gonna do another deep dive on that. So I think Subscribe the bell hit that bell You don't want to miss that. So if you subscribe and hit that bell You'll be notified when we put that online Absolutely, and make sure to let us know if you know if that's the type of content that you're looking for Yes, we're always looking for great ideas of who of people to reach out to within the networking Group to come and provide you that information you need in order to Well that IPv6 one we did with John Floors Generated a ton of conversations online for me. Yeah, that was a that was an awesome session That was great having John on we should we should definitely try to see if we can get him on again We'll do more. We'll do more, but if you have something specific you want to see that is no comment below Anyway, let's hear your second point. So my second point. We have we seem to be always talking about web Application firewall every month. Wow every month because it's an important product, right? Yep, and we got a deep dive scheduled in the upcoming future So definitely have a deep dive on that. So what we have is we have scale improvements. Okay, and metrics Enhancements with that. So what that means is that WAP is going to Have but greater scale so to kind of give you you know just to refresh web application firewall It provides that centralized protection for your Applications, yes, so gives you those firewall capabilities, you know malicious attacks sequel injections all those sorts of yeah But it's an application firewalls a web application firewall So it's not your typical like layer seven Yeah, absolutely. So it's just deep packet inspection firewall, but it is to protect your application and your workloads from Establish patterns. Yeah sequel injections Cross-site scripting, you know those sorts of things directly targeted at applications So what it does as far as the the scaling is it's going to allow you to have a greater number of ports front-end ports a greater number of HTTP load balancing rules back in HTTP settings More SSL certificates and also redirect configurations That's pretty good. Yeah, that's good. So and We have more metrics Metrics are good metrics are good. So we're gonna you're gonna have a little into what the hell's going on Absolutely. So, you know just along the same lines of having improved scale. We need to be able to know what's going on Yeah, so report on it trigger events on it based on that. So you're gonna be able to see How many total requests is WAF doing? rule matches and Custom rule matches and then bot protection rule matches. So the big thing to remember with this is that This is available with all application gateway v2 WAF skews. Okay, that's a mouthful there. Yes that are running core rule set 3.2 which we talked about Two months ago. Yep. Absolutely. So you can definitely check that out. So that's that new Generation, yeah, what's the update the updated rule set? Yeah, the updated rule set is that new generation WAF engine that Yeah, I think we talked about that in January. Yeah, so that's all super good stuff And we definitely have docs for you on both of those you can check out. Absolutely I think you got something cool to talk tell us about yes, so Excuse me We have a new enhanced connection troubleshooting fake capabilities as part of Azure now traffic manager so Azure traffic manager allows you to basically decide where the traffic goes if you're can if you're in Canada You go there if you in the US you go there if you in China you go there if you're wherever anyway It's basically like traffic shaping For that you can control for your for Azure networking so it's like the guy that I saw on the street on campus because all the roads are under construction No one that was directing traffic. Yeah, not quite, but like yeah close enough So he's not the one that's doing traffic manager. No, no, he's not the one But so there's improvements in it. So traffic manager has always been around And that kind of coupled with it is the Azure network watcher Azure network watcher is the way that you can monitor the health of your virtual networks Within your environment, but now there's like enhance troubleshooting Capabilities some more existing and have been kind of like tweaked and a little better now Some are brand new so we've got like high-piv flow verify so you can like verify the flow of Across your virtual network across your gateways and kind of like map that out You can check what the next ops are going to be there's going to be some port scanners checking NSG issues Because if you've got lots of in a in a mesh or in a hub and spoke on a network And you've got NSG's at the at the subnets and you've got NSG's at the at the device and at the server at the Nick You tried to connect from one server to another and you realize that it can't stop connecting like which NSG's actually brought breaking it So there are tools now to do this to check for user defined rules To check for blocked or detecting blocked ports And one of the cool things that is new is that now it'll give you actionable insights In in the form of like a step-to-step by guide So if there's a problem, there's a step-by-step guide that will walk you through how you troubleshoot and fix your environment Oh, that's awesome. So that really really cool especially for network administrators that are not Dealing with this type of work like every day Yeah, if you're if you're in mom-and-pop shop if you're in like a small business and you're wearing like six different hats your developer You're the the manager you're the IT pro the network guy and the the backup guy Well, you're not spending all your time on there. So it will give you That's that insight to kind of guide you through the troubleshooting methodologies. Very cool. That's definitely some Good stuff there. Yeah No, we talked about Firewall basic did we talk about fire or basic? No, that was you like we skipped it. We skipped one. We did not so Finally Azure Firewall basic is general. I thought you were going to say that rock has come out only to Seattle The rock has come back To Seattle, we're gonna we're gonna get the DMCA strikes for that. We are so we can cut that out now. It's okay. All right so Azure Firewall basic has gone generally available. We talked a couple months ago when it was private preview Yes, we had an episode where there was no GAs that month and we reviewed a bunch of previews and we were excited about that one So definitely go back Check that out get some information about that But as your firewall basic is going to bring that cloud native firewall functionality to Small medium-sized businesses. So it's gonna give you Almost everything that the everything you need at that size. Yep Everything you need when you're a small organization to protect your organization is in the box at a Price point that's cost-effective for smaller organizations This is something we've been hearing from customers forever. Yes. I remember I can remember people didn't want the bells and whistles They just wanted to have a basic firewall layer seven packet inspection to protect our environment Absolutely, and you know, this is also something let's say you're a larger organization And you haven't moved into using Azure Firewall This is a good step in to see okay Do you need everything that's in Firewall standard? You could use this and then maybe down the road you do need those features. You can always move out Yeah, but I gotta be careful though because there's also because it's a basic. There's also Not a restriction on throughput like it's it's not quite as fast as your standard or advanced skills So, you know for those larger organizations, you're probably gonna run into some things That is a great point that make sure people understand that the throughputs and we definitely have the documentation for that Yes, you can you can see how to how to deploy it using Docs at learn.microsoft.com We have learned on Microsoft.com now learned on Microsoft.com. Yeah, you said Docs. Oh We've had a rebranding anyway if you go to Docs at Microsoft Look at the URL here. It's gonna be right here. It's gonna be right here. You're probably gonna put it right here So, yes, it is learned on Microsoft.com. So much more fun when person doing this. It totally is I think what's gonna happen is that Everybody's gonna be like you two need to get in the room. I just need to get out of my basement. That's yeah All right, my second item is a reserved namespaced for subdomains so It's again Kind of related to the traffic manager my first point now with Africa traffic manager What you can do is there's new functionality on how you can reserve labels for your subdomains. So when you're Using traffic manager you end up with like a label dots traffic manager net This is like worldwide and across tenants So if you have like trademarks if you have company names if there are workloads And if you reserve them now they can't be used by anybody else By and by having a nomenclature that is controlled and reserved that you control it will help you in terms of increased application availability And application performance because it doesn't have to like to jump all over the place. So traffic manager will Streamline that it'll help you in like combining hybrid haps So if you've got like the front end in the cloud the back end on prem It controls all that traffic nice and also distribute the traffic where you want it So if you're in Europe you go to one of our European data centers if you're in North America you go to East u.s. For example or West u.s. Currently or in Canada and whatever it is like you central or central You're central. That's right. It helps you define and distribute the traffic the way you want it to be done. So that You have an impact into How your stakeholders are being served with the application Very cool. And speaking of central. This isn't really news, but I just wanted to throw this in They are building a data center in my state. I heard I heard very exciting I heard I still won't get a tour of it No, I was gonna say one of these days Maybe they'll invite us for a tour, but yeah, it'd be great if we could go see the one in Redmond and record an episode in a data center We would be escorted out to really quickly and Silo would be all over us. Oh, yeah, cuz We're not allowed to be here We just kind of using the big room at the conference center while everybody else is in sessions Well, speaking of that, I think we have sessions to get to We do and I think I saw somebody open that door over there. So yeah, I think John was waving. He's like Anyway As mentioned several times hit the bell like and subscribe Tell us in the comments if there are technologies you want us to deep dive on because we have a list but if Most of you are leaning towards a certain product. Maybe it goes up the priority list We want to engage with you. We want to answer your questions And if you just want to listen to us and not have to see this we are available on Spotify iTunes Hi-Heart radio and Amazon and Amazon Amazon music. Yeah, that's right. So Subscribe like let us know what you think and we will see you next month. Cheers