Network Design Ideas for VMs in Azure
Hello, I am analyzing the current Azure environment at my new job and trying to figure out the architectural choices mostly networking wise. Currently, we have 10 VMs and each VM has its own VNet and they are all in the same region. In my experience so far, I have never seen such network design in Azure before. If all VMs are in the same region, we could have one Vnet and utilize subnets and NSGs to segment the VMs and control the traffic. Having so many different VNets makes it very complex to manage. Looking for opinions what other people think. Is this just a bad design or just to keep the VMs separate from each other.Best Practices for Designing a Hub-and-Spoke Architecture in Azure
A Hub-and-Spoke architecture is a widely used networking topology in Azure that helps organizations centralize network management, enhance security, and optimize connectivity. However, designing an efficient Hub-and-Spoke model requires careful planning regarding network security, scalability, and cost optimization. What are the core components of a Hub-and-Spoke architecture in Azure? What factors should be considered when designing the hub (e.g., Virtual Network Gateway, Firewall, Security controls)? What are the key challenges you've encountered while implementing a Hub-and-Spoke architecture in Azure, and how have you addressed them?Managing Multiple VMs on Azure Similar to Workspace One
Hello, I currently manage an infrastructure of approximately 100 VMs. I would like to perform activities on Azure such as: Installing/removing apps Viewing all installed apps on the VMs Adding shortcuts to the desktop Adjusting timezone/date and time I am looking for a solution that can handle these tasks, similar to what Workspace One does, but for Windows Servers. How do you currently manage these tasks? Thank you! Feel free to post this on the Microsoft forum. If you need any further assistance, let me know!
Limits with my on prem AD DS domain wit "_" 😑
Hello every body, Here is my situation. I have a domain name : "domain_contoso.com" that all my servers were joined to it, and i don't have a synchronisation with MS Entra ID. My project now, is to migrate my servers to azure and i'm confused. In fact, i want to extend my active directory with this domain on a vm azure and configure trust and replication but the problem that i can't create a verified domain with the "_" and MS Entra Id doesn't accept that also. So, my questions are : - If i purchase a new verified domain "domaincontoso.com" where is without the "_" and i added it to MS Entra ID, then, i synchronise all my users from "domain_contoso.com" to MS Entra ID and i extend the same active directory on prem to a vm on azure with a config for the replication. That's work ? There's no risks ? - if i purchase a new verified domain "contoso.com" and create a new active directory on a vm azure witb this domain then , i configure the synchronisation to MS Entra ID. Also, i configure the trust with the on prem "domain_contoso.com" to ensure that all users on prem AD can access to the server with the new domain in Azure after migration. What is the best solution ? And what are the + and - ? Thank you very muchStore a file in Azure and make it accessible over the Internet
I wish to store a txt file in Azure and make it so that the file is accessible when someone goes to it's corresponding URL. No need for access control or authentication The file contain a filter list that the ABP extension will access via URL and this txt file will be stored somewhere in Azure. What Azure solution can I use for this which keeps the price down for us?Video Recording: Azure Architecture Best Practices
The video recording from the free online event where I was presenting together with Microsoft Cloud Solution Architect, Dominik Zemp, about Azure Architecture Best Practices is now available. In this session, you will learn about proven guidance that’s designed to help you, architect, create and implement the business and technology strategies necessary for your organization to succeed in the cloud. It provides best practices, documentation, and tools that cloud architects, IT professionals, and business decision-makers need to successfully achieve their short- and long-term objectives. We will be focusing on topics like the Cloud Adoption Framework and the new Enterprise-Scale landing zone architecture. Azure Architecture Best Practices Virtual Event Agenda: Introduction Why Azure Architecture? Introduction to the Cloud Adoption Framework What is Enterprise-Scale? Build landing zones with Enterprise-Scale Critical design areas Deployment using AzOps Demo Build on top of Enterprise-Scale – Well-Architected Framework for workloads and apps Q&A
Move on-prem environment to Azure migration
Hi there, I'm working on a customer with a traditional Windows AD domain. The customer wants to have all their Windows VMs (now running on VMWare) to Azure. For the clients we recently managed to make all devices Azure AD Joined only. M365 suite is used for Teams/SharePoint/ExchangeOnline, Defender for endpoint and Endpointmanager for client management. We have no domain joined computers anymore. All the users are still in Azure AD Connect that syncs to Azure AD. Printers are on universal print and files to Teams/SharePoint. We now have a large file share that we could not migrate to sharepoint. We would like to have this on Azure Files. Right now we are in the start of creating an Azure subscription. What should be the best route to take for this? On-prem there are a couple Windows (apps) VMs that we would like to 'lift and shift' to Azure. These app servers are used for legacy/history checking... If there is any clear path or documentation that we can consult, would like to know. Thanks in advance!
On Premise Data Gateway
I have a web application that calls some Logic App HTTPS endpoints to retrieve data from an on premise SQL server via the on-prem data gateway. I have noticed that when I hit the api first thing in the morning the initial call is extremely slow but subsequent calls are what I would expect. I dont see this with other endpoints that dont use a gateway. This leads me to believe that the gateway is "spinning down". Are there any settings to prevent this from happening or do I have to create a schedule of some sort to call it every so often to keep it fresh. Thanks.
