When creating a workplace for your users in Azure using RDS or Windows Virtual Desktop you might recognize this issue. All servers in Azure use a dynamic outbound IP for browsing. When you need to access websites that require IP whitelisting this can be an issue.
You can use multiple solutions for this problem:
- Route your internet traffic back to on-prem via ExpressRoute or VPN
- Use Azure Firewall, or a virtual firewall appliance (can be costly)
- Use a self-build outbound NAT VM
This blog will explain how to build your own outbound NAT VM for your Azure virtual net. Although this is not Enterprise ready it will work just fine. Determine production readiness for yourself.
Continue reading Azure NAT with Ubuntu Linux
Windows Virtual Desktop is a great way of publishing remote desktops to your users. In contrast of Remote Desktop Services (RDS) you do not have to manage the infrastructure of brokers, gateway etc. the WVD service will manage all of this to you.
I have been working with WVD for several months now and I have created some PowerShell scripts to make WVD life easier. At time of writing assigning user by user to a WVD hostpool is the only method of assigning users to hostpools. There is no method to assign an AzureAD group or WSAD group to a hostpool. Because managing the user (upn) assignments of hundreds of users is not very convenient I created a PowerShell script to make this easier.
The PowerShell script read a Windows Server Active Directory (WSAD) group, takes out the UPN of the members and assigns them to the HOSTPOOL. It is a one-way sync with add and remove.
Continue reading WVD Group Assignments – PowerShell
Microsoft has a new Virtual Desktop to host desktops managed by Microsoft running on Azure. At time of writing the Windows 10 Enterprise for Virtual Desktops is not available as ISO file, so running SCCM or MDT to build your own WVD “Golden Image” is not that easy. Combining some techniques allows me to create a WIM file of the VHD that Azure delivers. The WIM file can be used to do an MDT OS Deployment.
What do you need?
- Microsoft Azure subscription (https://portal.azure.com)
- MDT Server
- An up and running Windows Virtual Desktop environment
Steps to get the WIM file.
- Create an Azure VM with the correct Windows 10 version.
- SYSPREP the VM and shutdown/deallocate.
- Download the VHD file
- Convert the VHD to WIM with a few PowerShell lines
- Import the WIM file in MDT for a regular OS deployment task sequence.
Continue reading Create a WIM file from the WVD VHD file.
In this blog I will explain how to install a Hyper-V role on a Windows 2019 Standard Server Core. I also install and configure the DHCP and RRAS role. To configure these roles, I use a Windows 2019 Standard Server (Desktop Experience).
This normally is pretty easy when all are joined to the domain, but for my “LAB” scenario I do not use a Domain Controller. Procedures should work also on Hyper-V Server 2019, except for the DHCP and RRAS role.
In my LAB network I want to use a Sophos XG HOME edition for network protection to the Internet. I want to virtualize this software to maximize the usability of the MiniPC I purchased.
From a major Chinese webshop I purchased a J1900 based MiniPC with 4x Intel Network card in it. It came with 8GB and 120GB SSD. The J1900 processor supports Hyper-V.
I want to use the DHCP/RRAS and Hyper-V role on this BOX. Because the J1900 only supports 8GB of RAM I use the Server Core edition of Windows 2019 instead of the Desktop Experience.
Continue reading Manage non domain Joined Windows Server 2019 Core
Hello welcome to my new blog on the new site https://www.microcloud.nl
This BLOG is about configuring a Cisco ASA 5505 device for a Fiber To The Home connection in The Netherlands. Last week I have migrated from OnsBrabantNet to XS4all. Despite the patching issues in the POP after 4 days it finally works.
Continue reading Configure Cisco ASA 5505 for XS4all (FTTH)
This post describes how to connect your on premise network via VPN to Azure. This blog shows how to create the settings in the Cisco ASA and in Azure.
Continue reading Micosoft Azure SITE2SITE VPN – Cisco ASA
FIM Portal – Installing and configuring Codex Powershell
This post describes the installation and configuration of the FIM PowerShell Workflow Activity (v2.1) found on Codeplex. It took me some time to get it to work and I would like to share this. All credits for the PowerShell extensions go to the original authors. Continue reading FIM Powershell – Workflow