I gave a talk on cloud security. Before companies will start using Public Cloud they need to know it’s safe to use. There’s plenty of stories in press about security breaches, but AWS for example makes it clear in their “Shared Responsibility Model” that you still have to use security best practices such as least rights privilege, network segmentation (eg a DMZ) to contain any breach. https://www.slideshare.net/hentsu/cloud-security-for-regulated-firms-securing-my-cloud-and-proving-it-65384157?qid=6a90d703-73bf-4892-b99d-cb1da1b9fcbd&v=&b=&from_search=2

Great talk on enabling developers to make use of DevTest labs on Azure https://channel9.msdn.com/events/Visual-Studio/Alm-Days-2016/Needs-when-running-your-DevTest-Infrastructure-on-Azure https://blogs.msdn.microsoft.com/devtestlab http://ClemensReijnen.nl http://www.uk.sogeti.com/services/microsoft-services/oneshare-cloud-based-development-and-testing/

I took some technology to the alps, a GoPro Hero 4 silver. Great bit of kit, was easy to view vids on iPad over WiFI at the end of the day. If attaching to a helmet use a tether to your goggle clip or loose it when you crash on your head. Back home the video editor, GoPro Studio, crashed a lot :-( (https://vimeo.com/152906550) HD file: (http://tinyurl.com/hx9d97u) or (http://1drv.ms/1PezEom)

I ran a project to deploy an HPC cluster using on-demand AWS Elastic Compute Cloud (EC2) resources. The HPC cluster provides researchers with compute resource to quickly run mathematical simulations across very large datasets. This deployment was a replacement for aging on premises HPC hardware and an opportunity to trial Amazon AWS in a hybrid cloud configuration. High security implementation: One way firewall rules between company network and AWS (company connects out to AWS resources, AWS resources can’t connect in) Encryption of data in transit and at rest AWS Direct Connect connecting company to AWS.

While hunting for some Hyper-V videos, I came across recorded sessions from the 4th Nordic Infrastructure Conference. No sales pitches, only some great talks from field hardened consultants. The sessions are focused on Enterprise Infrastructure (Microsoft Windows Server, System Centre, Azure, PowerShell DSC, Identity Management, Security/hacking). Session Info http://2015.nicconf.com/sessions Recorded sessions: https://www.youtube.com/channel/UChu8zqu8d1mjWxNRLlGXUAw

My long running PowerShell scripts now have background musak thanks to: http://www.adminarsenal.com/admin-arsenal-blog/powershell-music-remotely https://www.youtube.com/watch?v=FsoIfkNQYEg http://youtube-mp3.org/ $scriptDir = Split-Path -Path $MyInvocation.MyCommand.Definition -Parent $musakFilePath="$scriptDir\musak.mp3" $wmplayer = New-Object System.Windows.Media.MediaPlayer $wmplayer.Open($musakFilePath) Start-Sleep 2 # This allows the $wmplayer time to load the audio file $duration = $wmplayer.NaturalDuration.TimeSpan.TotalSeconds $wmplayer.Play() $stopwatch=[system.diagnostics.stopwatch]::StartNew() while ($stopwatch.Elapsed.Seconds -lt $duration) { Write-Progress -Activity "Doing stuff, please hold…" -status "$($stopwatch.Elapsed.Seconds) seconds" -percentComplete ($stopwatch.Elapsed.Seconds / $duration*100) # do something # break when done start-Sleep -s 1 } $wmplayer.

Another super niche blog post. No one is ever going to find this…. So I had to dig into System Centre Configuration Manager today, probably Microsoft’s most complex product. I’ve been using this massively scalable and capable scheduling system since SMS1.2. But it still a bit scary to support… Machines cloned by VDI service VMware View were coming up with the same unique ID. The SMS client had been captured in the reference image that was cloned to create desktop pools.

I’ve done a couple of other posts on using AD credentials with AWS API. You setup AWS IAM to trust AD Federation Services (ADFS) for authentication. You get temporary access keys to use with the AWS API. This is safer than making lots of IAM accounts with long term passwords (Secret Access Keys) that end up embedded in code and stored who knows where. See previous posts for an overview of AD authentication to AWS.

We know Visual Studio Pro with MSDN gets you unlimited Windows Server (including Hyper-V for virtualisation) and unlimited SQL. This is a way of licensing Microsoft software in your on premises test and development environments. You can now bring your own MSDN licences with you to Azure. This way the Microsoft software in your Windows and SQL VMs on Azure is already paid for and you pay the equivalent of Linux rates for Windows and SQL VMs on Azure.

Getting a Direct Connect link to AWS from our colo datacentre was straight forward. Encrypting traffic between colo and AWS via Direct Connect is proving to be more difficult. Although the traffic is logically isolated, we wanted it encrypted as it traverses 3rd party WAN providers. This is the best resource I’ve come across so far explaining how to setup a VPN over AWS direct connect: https://www.youtube.com/watch?v=SMvom9QjkPk