Laying the Azure cloud foundation

Cloud services

We have began the process of laying the foundation for our Hybrid cloud environment on Azure. We have created an Azure subscription for production, development operations, and testing.

The process of migrating mission critical services to Azure cloud is imperative. We have designed, built and deployed virtual resources and machines for our Windows infrastructure.

We will configure all the necessary resources for the Azure virtual network. Azure virtual resource includes: network setting on the virtual machines, such as: Azure virtual networking, public and private IP addressing, subnetting, and firewall configuration.

After configuring the private and public IP for the VM, we will set up virtual network appliance (VNET). In the process of configuring VNET, we determine the appropriate configuration such as: VNET to VNET connectivity. The VNET configuration will connect remote subsets and resources together.

To connect the remote resource. we will create a new virtual gateway to subnet. The VNET actually connects the remote resources together. Once the connections are created, we will assign public and private keys to verify a secure econnection.

One technique to connect remote resources includes creating peer to peer VNETs. We will deploy a VNET gateway to connect remote resources. We will deploy gateway and connections to allow or deny network traffic. The appropriate connections should be associated with the same subscription to function properly.

We will review the process to set up Domain Name Service. We can set up DNS using Azure DNS servers. This configuration supports Azure private zones. Azure private zones allow additional security. Another option is, we can use our internal Windows or Linux DNS servers. This gives us more options to manage our on premise VMs and resources.

Azure provided DNS has several advantages. Such as, no additional configuration needed. The service is ready to go once deployed. Fully qualified DNS names are not required. This provides some simplification of DNS services. Azure is highly available as to reduce any down time. High availability includes redundant backup DNS servers.

Azure provided DNS has some disadvantages. The DNS suffix cannot be changed. WINNS and Netbios are not supported. This must be taken into consideration when deploying Azure DNS servers. Probably not the best solution for internal hybrid environment.

When you implement internal DNS, scavaging service should be turned off. We will configure Azure DNS to facilitate improved name resolution on premise.

For hybrid environments we will implement our own DNS servers with in our domain. This will allow us to connect our Azure virtual machines to our internal on premise servers. This will also allow us to connect Azure virtual machine to multiple networks. This configuration will allow remote, standard, and reverse look up of IP addresses.

To configure Azure DNS we will create a DNS zones. We will assign the zones to the appropriate subscription and subnets. We configure and name the DNS zone based on the domain name and standard naming conventions.

One the DNS zones are created, we will be assigned DNS servers to delegate. In the DNS zone we can get the DNS server information (IP address) for delegation purposes. Typically the domain name is what was purchased from the web register. Example

The next step is adding DNS records to our zone. The 1st record we will add is www which is an A record type. We will leave the TTL set to 1 hour. We can set up C Names records for aliases. We can set up MX records for our email server and any additional services needed.

Since we are setting up DNS for our web server, we will use its physical IP address. Once the A record is created we will test connective by using NSLookup command to find DNS names. The NSLookup command should return the name and IP address of the web server. To create a private DNS zone, you must use Powershell as opposed to the GUI.

To complete the configuration of the network we will setup network security groups. A network security group is comprised of: a list of rules that allow or denies traffic. This applies to virtual machines in subnet, and network interface connected to virtual machine. The rules can be applied to inbound or outbound traffic.

The network security group (NSG) work flow, we can use is traffic is sent to Azure VNET. NSG rules are processed. The VNET determines if Inbound traffic is allowed or denied.

When a virtual machine is provisioned, default security rules are created. By default, inbound VNET traffic is allowed. Inbound traffic to load balances is allowed by default as well The last default rule denies all inbound traffic.

Outbound default rules include: allow outbound VNET traffic, allow outbound web traffic, last rule is to deny outbound traffic.

When establishing security rules they should include source and source port range. We also include destination and destination port range. You can allow all traffic by using an asteric or source port any. You must specify what protocols is to be used. We also need to specify action, allow or deny traffic. additionally we have set a priority to the rule. Rules are processes based on priority. The lowest priority is processed first and the highest last.

A scenario we will deploy is a Smalll network with two subnets. The VNET will deny all traffic except RDP traffic. To accomplish this we will deny all traffic to VNET and associated the two subnets. We will test this scenario by trying to RDP to Virtual machines. (VMS)

To update security rules, we will create a network security group. The NSG has default inbound and outbound security rules established. The NSG is associated a subscription and resource. To create with a security role. We will select inbound or outbound. We will create an inbound NSG rule for RDP. In order for NSG to go into effect, it must be associated with subnet of the VNET. We want to test a deny RDP rule. We’ll select a subnets and associate VM. We will choose both subnet and network interface. To view changes and topology, we can utilize network watcher. We can verify the network and subnet are properly associated, and will route traffic accordingly. Any traffic bound for this network and subnet, are subject to rules with the NSG. We will now associate the Virtual machines network interface. We will edit there security group associated with the network interface. By default the security is the VM itself. Once complete the network interface should be associated with correct security zone. These changes must be done through the network interface due to system constraints.

Many of these tasks can be complete through Powershell. As we complete these tasks. The fist steps is to assign variable such as name, description. Once the NSG is created, we will assign to the appropriate subnet. One of the main commands is get-AZNET. We will create inbound rule to allow access to a web server. The last step is to complete an associating VM with the appropriate subnet. If you ever need to delete a NSG, you must first disassociate it from the subnet.

The next step is to add a rule to NSG to allow access. We’ll select inbound security rules and add. Select a source such as any, IP address or application security group. Then select port address range. Next we’ll specify destination such as NSG, IP address, application security group. Next select port address range. To allow RDP use port 3389. We’ll specify action allow or deny traffic. Then we’ll add priority. This has to have a lower priority then the 500 block all traffic. We’ll give the rule a name. Once the rule is created, we’ll test RDP.

When the network starts to become more complex with multiple NSG, it is important to evaluate effectiveness of your security rules. To help evaluate NSG and rules we will use Network watcher. We will review the effective security rules. We will select the subscription, resource, and the VM. The rules for the resource will be presented. This will include NSG, inbound and outbound rules. Within this configuration we setup NSG for RDP and one for access to web server.

To determine how security rules are affecting a specific VM, go to topology and select the VM. Within the VM select networking. This will show the specific inbound and outbound rules. Review NSG will help determine what traffic is allowed to subnet and then to network interface for the VM.

Within the NSG, we are allowing HTTP to port 80 to the VMs subnet. Local to the VM, the network interface is blocking all inbound traffic. Using effective rules will allow us the manage traffic to our subnets and VMs.

As we deploy a wide range of solutions, we can help improve services, operations, and security. Please contact us for more information!

Computer network foundations and design

Computer networks build the foundation of the internet. While reviewing network operations and protocols, we will also-review Microsoft exam network fundamentals 98-366.

In the early days of the internet, people connected via a dial up modem. Typically the speed was 28 KB / second. The connection was over POTS, plain old telephone system. You may remember using AOL dial up and the you got mail message, wow. In the 2000, 70% of the people used dial up.

The next advancement in technology was digital subscriber line. DSL is asynchronous and transmits both voice and data.

The typical Home network consists of broad band and a modem. Broadband uses Data over cable service interface specifications DOCSIS. High bandwidth transmission standard over broadband. DOCSIS supports high bandwidth transfers (1GB) via data modulation techniques. Broadband is a shared medium and will show slow downs during peak usage hours (8 – 12 pm).

ISDN Integrated Service dedicated network or leased lines provide means to connect remotes offices. This technology uses Pharrell digital transmission. This medium supports video transmission at 64 kB / channel.

The two interfaces used are basic rate (hone use) and primary rate. Basic rate has 2 B channels at 64 KB and 1 D channel 16 KB

Primary rate was designed for business. 23 Chanel’s at 64 KB and one D channel at 64 KB. The circuits are T1 circuits. T1 provides internet connection between remote sites, voice connectivity for PBX over leases lines. T1 provides 23 voice channels.

A more affordable option for voice over IP is SIP session intilization protocol trunking.

T1 24 channels 1.5 MB

T2 96 channels 6.3 MB

T3 672 channels 44.76 MB

T3 DS3

E standard 32 channels 2 MB

MPLS multiprotocol label switching private routed connection uses label switch routing – route tables to labels. Packets are forwarded based on labels. Label switching results in redundancy and resiliency.

Customers internal network connect to MPLS via virtual routing. MPLS is a layer 3. The on premise network will connect via OSP Open shortest path or BGP border gateway protocol. The dynamic routing protocol will allow companies to easily add new locations. The new routes are added dynamically.

VPLS connectivity virtual private label switching is layer 2 bridging. The edge can be a switch often provided by service provider. VPLS is a cost effective means to connect multiple sites.

VPN and tunnels are cost effective way to connect two remote resources. VPN creates a secure tunnel. Tunnels are typically site to site. A VPN encapsulates the data and securely sends across the network. Once the data arrives it is de-encapsulated.

We can setup unencrypted tunnels which utilizes generic routing encapsulation GRE The protocols used include 47, TCP, UDP, and multicast. This protocol works well with OSPF.

Wireless technologies include fixed based wireless provide by internet service provider. These solution is cost effective and speed may fluctuate. Another option is satellite wireless. This can be utilized access internet and transport data. (Remote location) This service tends to be expensive. Satellite is low bandwidth and high latency. This not good for Voice over IP service.

Wireless services also include 3G and 4G. With a good cell connection, throughout can be 3 – 4 MB per second. These plans can be quite expensive. These services are good for data backups.

Based on this information, we can help plan, design, and integrate your network. The end result will be improved service and overall performance. Please contact us for more information. Thanks

Office 365 Administration

We provide office 365 administrative services

We provide extensive management of passwords and cloud identities. A cloud identity is an object stored in a Active directory database. This contains object attributes. We will Manage then Environment with group policy.

We will setup and manage password policies.

We will utilize PowerShell to automate processing of batch jobs and repetitive tasks.

Add bulk users

Updating bulk user passwords

Manage users licences

We can help improve you Office 365 deployment and experience.

Contact us for more information.

The Best designed computer system Architecture

CPUComputer Architecture  has a great effect on security and performance. The key components of good Computer Architecture and performance are as follows:

• Central Processing Unit (CPU) – gets instructions from memory and executes them.  Some high end CPU’s are:

  1. AMD Ryzen Threadripper 2950X @  3.5 GHz 16 core $654
  2. Intel Core i9-9900X @ 3.50GHz  3.5 GHz  10 cores (2 logical cores per physical) $899
  3. Intel Core i7-9800X @ 3.80GHz 8 cores (2 logical cores per physical) $899

• Registers – points to memory locations that contain next set of instructions to execute.

• Arithmetic logic unit (A.L.U) does the actual execution of instructions.

• Control unit manages and synchronizes system while application code and Operating System instructions are executed.

• General Register – hold variables and temporary results.

• Program status word holds conditional bit, should CPU be working in user mode (problem state) or privileged mode (kernel / supervisor mode).

• To access data, CPU sends fetch request on address bus.

Random Access Memory – temporary storage facility where data & program instructions can be temporarily held and altered. Volatile means that loss of power results in  loss of data.

Hardware segmentation – memory is separated physically instead of just logically. This help protect higher level process’s memory space.

Cache memory- high speed writing and reading activities.

Motherboards have different types of cache.

• Level 1 – fastest

• Level 2 – 2nd fastest

• Level 3  – 3rd fastest

L1 & L2 is typically built into controllers and processors.

Having a great understand of all the facets that go into computer Architecture allows you to get the best performing system while providing excellent security.

My goal is to provide excellent information on computer hardware: Personal computers, servers, network, security devices, and mobile devices. Getting the best devices @ the best price is the goal of JBrock Consulting. Shop and see our products at

Please subscribe to get the latest information on products, pricing, and features.

Increase email productivity using Office 365

Outlook Productivity suite

Everyone uses email and being more productive can enhance your career. In today’s work environment, email is a mission critical application.

Outlook is a great communication tool. You can load Outlook on your PC, Mac, or mobile device. Here are some of the key task you can do with Outlook:

  • Manage appointments using calendar features.
  • Share files via the cloud such as One drive application.
  • Stay productive and connected any where in the world.
  • Organize email to focus on key messages.
  • Use @mentions to get someones attention

How to add @mentions – In the body of the email, add the @ symbol and the first few letters on users name. Outlook will offer a list of contacts to added. This will get the readers attention and probably a response.

Managing your calendar and contacts in Outlook

When scheduling meeting and appointments use the calendar assistant. The calendar scheduling assistant allows you to see when attendees and rooms are available. The bars in the times field will indicated when attendees are busy or free. The rooms tab on the right well let you know when rooms are available. This will make scheduling meeting pain free.

How to collaborate using Outlook

Outlook allows users to share a file attachment so you can collaborate on data files with others. In Outlook, select attach file for email message. Files with a cloud icon are stored in the cloud, such as OneDrive application . This allows multiple uses to make changes to file, enhancing collaboration.

How to setup and online meeting with notes

To setup an online meeting, in Outlook select Skype meeting and choose date and time. Note, you have to be logged into Skype to setup the online meeting. This inserts a link that attendees can use to join/access meeting.

To setup up meeting notes, select meeting notes on Outlook ribbon bar. This allow you to select an OneNote notebook to document minutes for your meeting.

Outlook is an amazing productivity tool. For additional useful tips, please subscribe. We will provide great productivity tips for our valued readers. Thank you and much appreciated.

Training and continuing education with Coursera

Training and career development are a crucial component to improving yourself and becoming more successful. During my studies, I have completed and extensive review of available training platforms. I have some very useful and valuable information.

I started reviewing some additional training sponsored by Google through Coursera. The first program was Google IT support professional certificate. Coursera gives users a 7 day free trail with full access to every course in your specialization. I enrolled in the IT support professional certificate specialization and I liked the class very much.

The IT support class was a combination of video lectures, exercises, and module quizzes. I found the material was interesting and informative. The program covered some very interesting material: digital logic, computer architecture, operating systems, networking, software, troubleshooting, and customer care. For some of the hands on exercises, we used Google cloud services to spin using up servers and associated services. I really liked using Google cloud services. The monthly cost for the program was $49 per month. I completed the course and received the following course certificate.

IT Support
IT Support

The next program I worked on was System Administration and Information Technology Infrastructure Services. Since this was they type of work I have done for most of my career, I was very interested in this topic. The work I do as a system administration, and the topics covered were: cloud services, server maintenance, infrastructure services, hardware provisioning, system maintenance, virtualization, remote access, SSH, Network services, Software services, File and Print services, Platform services, Directory Services, and Data recovery & Back Ups. The monthly cost for this program was $49 per month. The course material keep me engaged and working hard to complete each module. I felt the cost was well worth the price. I completed the course and received the following course certificate.

System Administrator IT infrastructure

I really enjoyed the first two class, so I continue on my Information Technology specialist track. The next class in the program was computer networking. Designing and building networks is a passion on mine, so learning more about networks was exciting. The class covered the following topics: TCP/IP 5 layer network model, OSI network model, Networking devices, Network Setup, physical layer, Data link layer, Network layer, Sub-netting, Routing, Transport layer, Firewalls, Application layer, Network services, Virtual Private Networks, Wide area network, wireless, Dynamic Name service, Cloud networks, and troubleshooting. The class was great and well worth the price of admission! I completed the course and received the following course certificate.

Conclusion: If you are looking to continue your education and improve your skill set, I recommend Coursera programs. The classes are designed help you stay motivated and on track. For each module there is a dead line, but this can be extended if you need additional time. Feel free to leave any comments on your experience with Coursera. If you need any assistance please contact me. Thanks

Note: I will be covering some these topics in more detail in some future posts.

110 Grill review

We went out on the town and had dinner at the 110 Grill in Braintree Ma. There was a Good size crowd, and nice atmosphere. The Bruins are on TV, game 2 of the NHL playoffs. For Bruins fans, it was kind of a must win.  I ordered an Arnold Palmer, in honor of the masters golf tournament and the king of golf Anrnold Parmer. Pretty tasty!

We were feeling good and the service was excellent, and the waitress is cute! Not a bad start to the evening.

We got a table pretty quick and we had a nice view of the Bruins game.

We order an appetizer Chorizo Totchos, the food came out pretty fast and it looked pretty good!

We received our appetizer which looks good.  The only down side was,  no silverware to eat it.  We got some from a passing waiter and off we went.  The Appetizer “Chorizo Totchos” is very good. The main ingredient,  (potatoes) was cooked to perfection. The taste was delicious with chives and sour cream. There was a hint of chili sauce and salsa. I would say a great appetizer, definitely very pleased! The portion of the appetizer was great, plenty of meat and potato’s to get you started! So far I am impressed!

For my entrée, I got Shrimp & Clam linguini. The sauce (butter & Lemmon) was hot and tasty, The Shrimp and clams where cooked well and the meal felt healthy and some what light. The toasted bread was a nice touch and I enjoyed my meal while watching the Bruins. An added bonus was the Bruins were leading the game 2 (2 – 0).

The burger and onion ring got a 10 out of 10 stars. (**********). The Claim & Shrimp linguini got an 8.5 out of 10 start. (*********). The meal did not blow me away, but it was really good. I would recommend 110 grill as a place to put into your dinning rotation! We had a good time and really liked the 110 grill!

Review by Jonathan and Theresa.

Boston Red Sox 2018

World Champions

The Red Sox are world champions.  Back in April, I knew there were good, a playoff team for sure.  As the season progressed, it looked like an American league East division title and home field advantage. This was an awesome development as my son works at Fenway.

Clearly the Red Sox are good, but their bullpen is not dominant and has failed to hold leads in many games.  Even though this was a major flaw, they still had the best record in baseball.  I though there was no way they would beat Houston in a series. Houston definitely had the better pitching and bullpen.

In the ALCS, the Red Sox lost game one and are down 4 – 2 in game 2.  Then Jackie Bradley Jr (JBJ) hits a double scoring 3 runs and Mookie provides the insurance runs to tie the series at 1.

In the decisive game 3, JBJ comes through again with a grand slam to close the door on the Astros.  The emergence of two key additions, Steve Pierce (key homers) and Nathan Eovaldi (throwing smoke) propels Boston towards the world series.  The Red Sox are victorious an gain a 2 -1 series lead.

Heading into game 4, the Red Sox have a chance to go up 3 -1. If the Red Sox  have a 3 – 1 series lead, it is pretty much over.  Game 4 was a very close game and key for both teams. In a key moment, Houston’s Altuve hits a deep shot to right and Mookie drifts back and perfectly times his leap to make a great catch.  A Houston fan appears to touches the ball preventing Mookie from making the catch.  The key question was, did the fan interfere with the catch? Umpire Joe West makes arguably the greatest call in ALCS history and calls him out! There was fan interference resulting in the key out.

In the late inning JBJ hits another key home run to give the Red Sox some breathing room.  In the bottom on the 9th and the game slipping a way from closer Kimbrell, another key moment is about to happen.

The Astros have loaded the bases against Kimbrell. The Astros slugger Alex Bregman hits a line drive to left. This appears to be the game winning hit. Red Sox out fielder  Andrew Benintendi starts to close on the ball. At the very last moment he dives and make a miraculous catch, saving the game!

In un-believable fashion, the Red Sox win the game. With a great performance from the Boston out field, Boston solidifies the best out field in major league baseball.  Not to mention, the Outfield has the best choregraphed dance moves ever seen on a baseball field. Check out YouTube, pretty cool

In the clinching ALCS David Price throws a gem, Martinez and Devers hit key home runs, as the Red Sox advance to the world series.

The Red Sox go into to defeat the Los Angeles Dodgers  4 -1. David Pierce becomes World Series MVP and Boston has another world championship in baseball.

CISSP security professional

Security professional

I have began the process of gaining CISSP security professional certification.  The CISSP certification holds a lot of value in todays job market. As security threats, attacks escalate, being able to mitigate these risks is very valuable.

The black market or hacking community is consistently developing tools to penetrate vulnerable networks. Many of these tools are designed to install back door access to corporate networks. Once these back door tools are installed, the hackers has gained access to valuable data. An example of valuable data is credit card numbers, social security numbers, and corporate intellectual property.

Much of the illegal hacking goes undetected or cyber criminals go unpunished. The hackers use many zombie systems to carry out various attacks on institutions. Since a zombie system was used, it is very difficult to track down the hackers. This has become a huge problems for corporations and subsequently law enforcement. Improve security is one mechanism to migrate the risk associated with hacking. I will be reviewing tools available to help protect yourself and your company. Subscribe to stay up to date!

Football in America, what the future holds

The sport of American football is a collusion sport loved by many. Over the years, injuries such as concussions has given the game a bad name! For many of us: players, officials, and coaches, the game maybe in trouble.

For the many players, the risk of playing may out weight the benefits. As the numbers of people playing has dwindled, football organizations have taken many steps to make the game safer. Rules changes now penalize players who make hits that can lead to injury. Illegal hits to the head can result in disqualification and/or rejection from the game.

As a result of the rules changes, the players and coaches are working to play the game in a safer manner. Football is inherently dangerous as are many things in life. I believe football can be played in a manner where the risk of injury is significantly reduced. As football officials, we work hard to make the game safe for the players, and more enjoyable for the fans.

At the college and NFL level, the stakes are much higher. At these levels, millions of dollars are at stake!

In order for football to survive, the game must change and adapt. We all must work hard to make all things safer. We who love the game, and we are striving to make the game better. We are working to save football for future generations! Thanks and have a goo season.