Laying the Azure cloud foundation

Cloud services

We have began the process of laying the foundation for our Hybrid cloud environment on Azure. We have created an Azure subscription for production, development operations, and testing.

The process of migrating mission critical services to Azure cloud is imperative. We have designed, built and deployed virtual resources and machines for our Windows infrastructure.

We will configure all the necessary resources for the Azure virtual network. Azure virtual resource includes: network setting on the virtual machines, such as: Azure virtual networking, public and private IP addressing, subnetting, and firewall configuration.

After configuring the private and public IP for the VM, we will set up virtual network appliance (VNET). In the process of configuring VNET, we determine the appropriate configuration such as: VNET to VNET connectivity. The VNET configuration will connect remote subsets and resources together.

To connect the remote resource. we will create a new virtual gateway to subnet. The VNET actually connects the remote resources together. Once the connections are created, we will assign public and private keys to verify a secure econnection.

One technique to connect remote resources includes creating peer to peer VNETs. We will deploy a VNET gateway to connect remote resources. We will deploy gateway and connections to allow or deny network traffic. The appropriate connections should be associated with the same subscription to function properly.

We will review the process to set up Domain Name Service. We can set up DNS using Azure DNS servers. This configuration supports Azure private zones. Azure private zones allow additional security. Another option is, we can use our internal Windows or Linux DNS servers. This gives us more options to manage our on premise VMs and resources.

Azure provided DNS has several advantages. Such as, no additional configuration needed. The service is ready to go once deployed. Fully qualified DNS names are not required. This provides some simplification of DNS services. Azure is highly available as to reduce any down time. High availability includes redundant backup DNS servers.

Azure provided DNS has some disadvantages. The DNS suffix cannot be changed. WINNS and Netbios are not supported. This must be taken into consideration when deploying Azure DNS servers. Probably not the best solution for internal hybrid environment.

When you implement internal DNS, scavaging service should be turned off. We will configure Azure DNS to facilitate improved name resolution on premise.

For hybrid environments we will implement our own DNS servers with in our domain. This will allow us to connect our Azure virtual machines to our internal on premise servers. This will also allow us to connect Azure virtual machine to multiple networks. This configuration will allow remote, standard, and reverse look up of IP addresses.

To configure Azure DNS we will create a DNS zones. We will assign the zones to the appropriate subscription and subnets. We configure and name the DNS zone based on the domain name and standard naming conventions.

One the DNS zones are created, we will be assigned DNS servers to delegate. In the DNS zone we can get the DNS server information (IP address) for delegation purposes. Typically the domain name is what was purchased from the web register. Example

The next step is adding DNS records to our zone. The 1st record we will add is www which is an A record type. We will leave the TTL set to 1 hour. We can set up C Names records for aliases. We can set up MX records for our email server and any additional services needed.

Since we are setting up DNS for our web server, we will use its physical IP address. Once the A record is created we will test connective by using NSLookup command to find DNS names. The NSLookup command should return the name and IP address of the web server. To create a private DNS zone, you must use Powershell as opposed to the GUI.

To complete the configuration of the network we will setup network security groups. A network security group is comprised of: a list of rules that allow or denies traffic. This applies to virtual machines in subnet, and network interface connected to virtual machine. The rules can be applied to inbound or outbound traffic.

The network security group (NSG) work flow, we can use is traffic is sent to Azure VNET. NSG rules are processed. The VNET determines if Inbound traffic is allowed or denied.

When a virtual machine is provisioned, default security rules are created. By default, inbound VNET traffic is allowed. Inbound traffic to load balances is allowed by default as well The last default rule denies all inbound traffic.

Outbound default rules include: allow outbound VNET traffic, allow outbound web traffic, last rule is to deny outbound traffic.

When establishing security rules they should include source and source port range. We also include destination and destination port range. You can allow all traffic by using an asteric or source port any. You must specify what protocols is to be used. We also need to specify action, allow or deny traffic. additionally we have set a priority to the rule. Rules are processes based on priority. The lowest priority is processed first and the highest last.

A scenario we will deploy is a Smalll network with two subnets. The VNET will deny all traffic except RDP traffic. To accomplish this we will deny all traffic to VNET and associated the two subnets. We will test this scenario by trying to RDP to Virtual machines. (VMS)

To update security rules, we will create a network security group. The NSG has default inbound and outbound security rules established. The NSG is associated a subscription and resource. To create with a security role. We will select inbound or outbound. We will create an inbound NSG rule for RDP. In order for NSG to go into effect, it must be associated with subnet of the VNET. We want to test a deny RDP rule. We’ll select a subnets and associate VM. We will choose both subnet and network interface. To view changes and topology, we can utilize network watcher. We can verify the network and subnet are properly associated, and will route traffic accordingly. Any traffic bound for this network and subnet, are subject to rules with the NSG. We will now associate the Virtual machines network interface. We will edit there security group associated with the network interface. By default the security is the VM itself. Once complete the network interface should be associated with correct security zone. These changes must be done through the network interface due to system constraints.

Many of these tasks can be complete through Powershell. As we complete these tasks. The fist steps is to assign variable such as name, description. Once the NSG is created, we will assign to the appropriate subnet. One of the main commands is get-AZNET. We will create inbound rule to allow access to a web server. The last step is to complete an associating VM with the appropriate subnet. If you ever need to delete a NSG, you must first disassociate it from the subnet.

The next step is to add a rule to NSG to allow access. We’ll select inbound security rules and add. Select a source such as any, IP address or application security group. Then select port address range. Next we’ll specify destination such as NSG, IP address, application security group. Next select port address range. To allow RDP use port 3389. We’ll specify action allow or deny traffic. Then we’ll add priority. This has to have a lower priority then the 500 block all traffic. We’ll give the rule a name. Once the rule is created, we’ll test RDP.

When the network starts to become more complex with multiple NSG, it is important to evaluate effectiveness of your security rules. To help evaluate NSG and rules we will use Network watcher. We will review the effective security rules. We will select the subscription, resource, and the VM. The rules for the resource will be presented. This will include NSG, inbound and outbound rules. Within this configuration we setup NSG for RDP and one for access to web server.

To determine how security rules are affecting a specific VM, go to topology and select the VM. Within the VM select networking. This will show the specific inbound and outbound rules. Review NSG will help determine what traffic is allowed to subnet and then to network interface for the VM.

Within the NSG, we are allowing HTTP to port 80 to the VMs subnet. Local to the VM, the network interface is blocking all inbound traffic. Using effective rules will allow us the manage traffic to our subnets and VMs.

As we deploy a wide range of solutions, we can help improve services, operations, and security. Please contact us for more information!

Computer network foundations and design

Computer networks build the foundation of the internet. While reviewing network operations and protocols, we will also-review Microsoft exam network fundamentals 98-366.

In the early days of the internet, people connected via a dial up modem. Typically the speed was 28 KB / second. The connection was over POTS, plain old telephone system. You may remember using AOL dial up and the you got mail message, wow. In the 2000, 70% of the people used dial up.

The next advancement in technology was digital subscriber line. DSL is asynchronous and transmits both voice and data.

The typical Home network consists of broad band and a modem. Broadband uses Data over cable service interface specifications DOCSIS. High bandwidth transmission standard over broadband. DOCSIS supports high bandwidth transfers (1GB) via data modulation techniques. Broadband is a shared medium and will show slow downs during peak usage hours (8 – 12 pm).

ISDN Integrated Service dedicated network or leased lines provide means to connect remotes offices. This technology uses Pharrell digital transmission. This medium supports video transmission at 64 kB / channel.

The two interfaces used are basic rate (hone use) and primary rate. Basic rate has 2 B channels at 64 KB and 1 D channel 16 KB

Primary rate was designed for business. 23 Chanel’s at 64 KB and one D channel at 64 KB. The circuits are T1 circuits. T1 provides internet connection between remote sites, voice connectivity for PBX over leases lines. T1 provides 23 voice channels.

A more affordable option for voice over IP is SIP session intilization protocol trunking.

T1 24 channels 1.5 MB

T2 96 channels 6.3 MB

T3 672 channels 44.76 MB

T3 DS3

E standard 32 channels 2 MB

MPLS multiprotocol label switching private routed connection uses label switch routing – route tables to labels. Packets are forwarded based on labels. Label switching results in redundancy and resiliency.

Customers internal network connect to MPLS via virtual routing. MPLS is a layer 3. The on premise network will connect via OSP Open shortest path or BGP border gateway protocol. The dynamic routing protocol will allow companies to easily add new locations. The new routes are added dynamically.

VPLS connectivity virtual private label switching is layer 2 bridging. The edge can be a switch often provided by service provider. VPLS is a cost effective means to connect multiple sites.

VPN and tunnels are cost effective way to connect two remote resources. VPN creates a secure tunnel. Tunnels are typically site to site. A VPN encapsulates the data and securely sends across the network. Once the data arrives it is de-encapsulated.

We can setup unencrypted tunnels which utilizes generic routing encapsulation GRE The protocols used include 47, TCP, UDP, and multicast. This protocol works well with OSPF.

Wireless technologies include fixed based wireless provide by internet service provider. These solution is cost effective and speed may fluctuate. Another option is satellite wireless. This can be utilized access internet and transport data. (Remote location) This service tends to be expensive. Satellite is low bandwidth and high latency. This not good for Voice over IP service.

Wireless services also include 3G and 4G. With a good cell connection, throughout can be 3 – 4 MB per second. These plans can be quite expensive. These services are good for data backups.

Based on this information, we can help plan, design, and integrate your network. The end result will be improved service and overall performance. Please contact us for more information. Thanks

Office 365 Administration

We provide office 365 administrative services

We provide extensive management of passwords and cloud identities. A cloud identity is an object stored in a Active directory database. This contains object attributes. We will Manage then Environment with group policy.

We will setup and manage password policies.

We will utilize PowerShell to automate processing of batch jobs and repetitive tasks.

Add bulk users

Updating bulk user passwords

Manage users licences

We can help improve you Office 365 deployment and experience.

Contact us for more information.

Increase email productivity using Office 365

Outlook Productivity suite

Everyone uses email and being more productive can enhance your career. In today’s work environment, email is a mission critical application.

Outlook is a great communication tool. You can load Outlook on your PC, Mac, or mobile device. Here are some of the key task you can do with Outlook:

  • Manage appointments using calendar features.
  • Share files via the cloud such as One drive application.
  • Stay productive and connected any where in the world.
  • Organize email to focus on key messages.
  • Use @mentions to get someones attention

How to add @mentions – In the body of the email, add the @ symbol and the first few letters on users name. Outlook will offer a list of contacts to added. This will get the readers attention and probably a response.

Managing your calendar and contacts in Outlook

When scheduling meeting and appointments use the calendar assistant. The calendar scheduling assistant allows you to see when attendees and rooms are available. The bars in the times field will indicated when attendees are busy or free. The rooms tab on the right well let you know when rooms are available. This will make scheduling meeting pain free.

How to collaborate using Outlook

Outlook allows users to share a file attachment so you can collaborate on data files with others. In Outlook, select attach file for email message. Files with a cloud icon are stored in the cloud, such as OneDrive application . This allows multiple uses to make changes to file, enhancing collaboration.

How to setup and online meeting with notes

To setup an online meeting, in Outlook select Skype meeting and choose date and time. Note, you have to be logged into Skype to setup the online meeting. This inserts a link that attendees can use to join/access meeting.

To setup up meeting notes, select meeting notes on Outlook ribbon bar. This allow you to select an OneNote notebook to document minutes for your meeting.

Outlook is an amazing productivity tool. For additional useful tips, please subscribe. We will provide great productivity tips for our valued readers. Thank you and much appreciated.

Football in America, what the future holds

The sport of American football is a collusion sport loved by many. Over the years, injuries such as concussions has given the game a bad name! For many of us: players, officials, and coaches, the game maybe in trouble.

For the many players, the risk of playing may out weight the benefits. As the numbers of people playing has dwindled, football organizations have taken many steps to make the game safer. Rules changes now penalize players who make hits that can lead to injury. Illegal hits to the head can result in disqualification and/or rejection from the game.

As a result of the rules changes, the players and coaches are working to play the game in a safer manner. Football is inherently dangerous as are many things in life. I believe football can be played in a manner where the risk of injury is significantly reduced. As football officials, we work hard to make the game safe for the players, and more enjoyable for the fans.

At the college and NFL level, the stakes are much higher. At these levels, millions of dollars are at stake!

In order for football to survive, the game must change and adapt. We all must work hard to make all things safer. We who love the game, and we are striving to make the game better. We are working to save football for future generations! Thanks and have a goo season.

How does Amazon dominate the virtual Market place

The story of is remarkable.  The building of a web empire from the sales of books, video, DVDs, to consumer electronics.  As these sales and services flourished, the company continued to build out its computing infrastructure.   Once Amazon gained footing in electronics this venture lead to the future of web computing (AWS) or Amazon Web Services.

Last year (2017) AWS generated $18 billion in revenue. AWS continues to expand rapidly as revenues are growing  (year over year at 40%). Much of this growth is centered around EC2 cloud virtualization.  JBrock Consulting & Enterprises can spin up a server farm in short order to meet growing computing needs.

EC2 Dashboard:

Amazon web computing

Amazon Elastic Compute cloud is a secure web service that is resizable to meet most business needs. You can try EC2 for free at running Windows or Linux fro 750 hours.

JBrock Enterprises provides training on how to utilize AWS  platform to help your business increase profits, decrease cost,  and improve efficiency.

Please contact us at if you have any questions.

Digital Platform and horizon

 boston-2Digital companies and individuals are looking for a competitive advantage.  We can help companies gain an advantage by implementing Windows Azure platform.

Utilizing technical expertise to lead business transformation and focusing on competitive advantage, we can move the cloud forward  to seize improvements.

We are completely focused on providing value to our customers.  We partner with business leaders to assist finding new customers, markets, products, and develop new business process while  improving performance and how people work.

Key West – Bridge to paradise

Travel and review of my trip to Key West.

The journey to Key West

In 2017, I completed  one of my top bucket list items with a trip to Key West. As we embarked on our trip to Key West, we took a Lyft Luxury to Braintree Ma Airport shuttle on the way to Logan International. We were running late  and a bit rushed  heading to the airport.   We checked in and then we had to be processed through Airport security. The One ticket with precheck did not help the situation. Pre-check allows passengers to bypass Homeland security. Luckily we made it to our gate as the plane was boarding. Low and behold, I had a problem, my belt was left at the security checkpoint. I did my best OJ  impersonation and sprinted to get my belt. I made it back as our JetBlue  plane was last  call boarding.

A couple of hours later, we landed at Miami international Airport. We got our bags and headed to get our rental car. We rented a car from Hertz and it took an ungodly amount of time to get the rental. Recommendation, If you can afford it, I would recommend getting a Ford Mustang Convertible. During the wait, I picked a place on South beach to have brunch. Shortly we were off to South Beach.

We arrived at the Front Porch Cafe on Ocean Blvd. The food, service, and atmosphere were excellent. I would rate experience 5 stars and highly recommend it. It was a great way to start the day.

After brunch, we explored Ocean Blvd and headed to the beach. For years I have wanted to see South beach, we were finally here and it was awesome! The palm trees, architecture, culture were all wonderful to see.

After spending an hour at the beautiful beach, we sat and took it all in.  The ocean water was so increadabily warm and the sand was baking hot.   After our stroll on the beach, we picked up some Cuban cigars and head to Key West.

After spending the day at South Beach, I definitely want to own a condo in Miami.  Follow my journey to finding the perfect real estate investment in Miami.