Congratulations!

[Valid RSS] This is a valid RSS feed.

Recommendations

This feed is valid, but interoperability with the widest range of feed readers could be improved by implementing the following recommendations.

Source: http://thuansoldier.net/?feed=rss2

  1. <?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
  2. xmlns:content="http://purl.org/rss/1.0/modules/content/"
  3. xmlns:wfw="http://wellformedweb.org/CommentAPI/"
  4. xmlns:dc="http://purl.org/dc/elements/1.1/"
  5. xmlns:atom="http://www.w3.org/2005/Atom"
  6. xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
  7. xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
  8. >
  9.  
  10. <channel>
  11. <title>The Soldier of Fortune</title>
  12. <atom:link href="http://thuansoldier.net/?feed=rss2" rel="self" type="application/rss+xml" />
  13. <link>http://thuansoldier.net</link>
  14. <description>Musing on Microsoft Digital Transformation</description>
  15. <lastBuildDate>Wed, 19 Jul 2017 11:42:34 +0000</lastBuildDate>
  16. <language>en-US</language>
  17. <sy:updatePeriod>hourly</sy:updatePeriod>
  18. <sy:updateFrequency>1</sy:updateFrequency>
  19. <site xmlns="com-wordpress:feed-additions:1">21061349</site> <item>
  20. <title>Quick look at Microsoft Azure nested virtualization</title>
  21. <link>http://thuansoldier.net/?p=6244</link>
  22. <comments>http://thuansoldier.net/?p=6244#respond</comments>
  23. <pubDate>Wed, 19 Jul 2017 11:16:46 +0000</pubDate>
  24. <dc:creator><![CDATA[Thuan Soldier]]></dc:creator>
  25. <category><![CDATA[Microsoft Azure]]></category>
  26. <category><![CDATA[azure nested virtualization]]></category>
  27. <category><![CDATA[hyper-v in azure]]></category>
  28.  
  29. <guid isPermaLink="false">http://thuansoldier.net/?p=6244</guid>
  30. <description><![CDATA[During my work and evangelism with not only customers but also Microsoft geeks surrounding me, I&#8217;ve been asked if I&#8217;ve...]]></description>
  31. <content:encoded><![CDATA[<p>During my work and evangelism with not only customers but also Microsoft geeks surrounding me, I&#8217;ve been asked if I&#8217;ve ever heard of deploying a hypervisor inside an Azure VM. It turns out a question: Why do you need to run a virtualization inside an already-virtualized environment which is so-called nested virtualization? Recently Microsoft <a href="https://azure.microsoft.com/en-us/blog/nested-virtualization-in-azure/" target="_blank" rel="noopener">announced </a>the capability of nested virtualization back a week ago.</p>
  32. <p><img data-attachment-id="6249" data-permalink="http://thuansoldier.net/?attachment_id=6249" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/07/azure_nested_virtualization.png" data-orig-size="623,343" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="azure_nested_virtualization" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/07/azure_nested_virtualization-300x165.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/07/azure_nested_virtualization.png" class="aligncenter size-full wp-image-6249" src="http://thuansoldier.net/wp-content/uploads/2017/07/azure_nested_virtualization.png" alt="" width="623" height="343" srcset="http://thuansoldier.net/wp-content/uploads/2017/07/azure_nested_virtualization.png 623w, http://thuansoldier.net/wp-content/uploads/2017/07/azure_nested_virtualization-300x165.png 300w, http://thuansoldier.net/wp-content/uploads/2017/07/azure_nested_virtualization-552x304.png 552w" sizes="(max-width: 623px) 100vw, 623px" /></p>
  33. <p>There would be some use cases where nested virtualization is helpful. One example is the lift-and-shift of non-Microsoft platform to Microsoft Azure. With a big infrastructure of VMware, for instance, it takes time to experiment, try and evaluate before moving because without nested virtualization you would have to convert VMware to Hyper-V compatible image before importing to Azure. Another possible use case is training facility deployment on a nested virtualization environment. Consider  a case of SharePoint development training with bunch of Azure virtual machines with a dedicated Azure virtual where bunch of nested SharePoint virtualized machines. This sounds like an effective-cost approach doesn&#8217;t it. There is perhaps another common use case of container in Azure while Azure container service is limited from the capability perspective while nested virtualization is fully controlled. For a trial RedHat Enterprise deployment, it is a good news for MVP owning eligible subscription with 150$ limit.</p>
  34. <blockquote><p>Disclaimer: I have a very little experience on the technology of containerization in whether Docker or Azure.</p></blockquote>
  35. <p>By that announcement, I tried to provision <strong>Standard_D4S_V3</strong> virtual machines running Windows Server 2016 Datacenter edition. Nested virtualization can be deployed on both virtual machine sizes: <a href="https://azure.microsoft.com/en-us/blog/introducing-the-new-dv3-and-ev3-vm-sizes/" target="_blank" rel="noopener">Dx_V3 and Ex_V3</a>. As of this writing, V3 size is only available in US West 2, US East, Europe West and Southeast Asia Pacific.</p>
  36. <p><img data-attachment-id="6246" data-permalink="http://thuansoldier.net/?attachment_id=6246" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/07/azurev3.png" data-orig-size="557,569" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="azurev3" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/07/azurev3-294x300.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/07/azurev3.png" class="aligncenter size-full wp-image-6246" src="http://thuansoldier.net/wp-content/uploads/2017/07/azurev3.png" alt="" width="557" height="569" srcset="http://thuansoldier.net/wp-content/uploads/2017/07/azurev3.png 557w, http://thuansoldier.net/wp-content/uploads/2017/07/azurev3-294x300.png 294w, http://thuansoldier.net/wp-content/uploads/2017/07/azurev3-552x564.png 552w" sizes="(max-width: 557px) 100vw, 557px" /></p>
  37. <p>I then deployed Hyper-V and provisioned a Windows XP on a nested virtual machine. The guidance I followed is described <a href="https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/nested-virtualization" target="_blank" rel="noopener">here</a>. If you need more advanced with automation and control of nested virtual machine settings, go download and run <a href="https://github.com/charlieding/Virtualization-Documentation/tree/live/hyperv-tools/Nested" target="_blank" rel="noopener">this script</a> on your Azure virtual machine.</p>
  38. <div id="attachment_6258" style="width: 900px" class="wp-caption aligncenter"><img data-attachment-id="6258" data-permalink="http://thuansoldier.net/?attachment_id=6258" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/07/nested-azure.png" data-orig-size="890,804" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="nested-azure" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/07/nested-azure-300x271.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/07/nested-azure.png" class="wp-image-6258 size-full" src="http://thuansoldier.net/wp-content/uploads/2017/07/nested-azure.png" alt="" width="890" height="804" srcset="http://thuansoldier.net/wp-content/uploads/2017/07/nested-azure.png 890w, http://thuansoldier.net/wp-content/uploads/2017/07/nested-azure-300x271.png 300w, http://thuansoldier.net/wp-content/uploads/2017/07/nested-azure-768x694.png 768w, http://thuansoldier.net/wp-content/uploads/2017/07/nested-azure-552x499.png 552w" sizes="(max-width: 890px) 100vw, 890px" /><p class="wp-caption-text">My Hyper-V in an Azure Virtual Machine has a nested Windows XP virtual machine</p></div>
  39. <p>I also tried to install VMWare Workstation Pro on the Azure virtual machine. However, during my nested virtual machine setup, I encountered with the incompatibility between VMWare and Hyper-V.</p>
  40. <p><img data-attachment-id="6259" data-permalink="http://thuansoldier.net/?attachment_id=6259" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/07/vmware.png" data-orig-size="399,330" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="vmware" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/07/vmware-300x248.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/07/vmware.png" class="aligncenter size-full wp-image-6259" src="http://thuansoldier.net/wp-content/uploads/2017/07/vmware.png" alt="" width="399" height="330" srcset="http://thuansoldier.net/wp-content/uploads/2017/07/vmware.png 399w, http://thuansoldier.net/wp-content/uploads/2017/07/vmware-300x248.png 300w" sizes="(max-width: 399px) 100vw, 399px" /></p>
  41. <p>Trying several ways folks shared over the Internet to solve this error but I have no luck so far. From the pre-requisites we know that Azure nested virtualization currently supports Hyper-V host only.</p>
  42. <ul class="lf-text-block lf-block" data-lf-anchor-id="4e5d0dcd0b01c1345961b9e661574e2a:0">
  43. <li>A Hyper-V host running Windows Server 2016 or <a href="https://blogs.windows.com/windowsexperience/2016/08/02/how-to-get-the-windows-10-anniversary-update/" target="_blank" rel="noopener">Windows 10 Anniversary Update</a>.</li>
  44. <li>A Hyper-V VM running Windows Server 2016 or Windows 10 Anniversary Update.</li>
  45. <li>A Hyper-V VM with configuration version 8.0 or greater.</li>
  46. <li>An Intel processor with VT-x and EPT technology.</li>
  47. </ul>
  48. <blockquote>
  49. <div>
  50. <div class="content">
  51. <p class="lf-text-block lf-block" data-lf-anchor-id="5233099f417c596d294da80f0b646fba:0">Virtualization applications other than Hyper-V are not supported in Hyper-V virtual machines, and are likely to fail. This includes any software that requires hardware virtualization extensions (<a href="https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/nested-virtualization" target="_blank" rel="noopener">Source</a>)</p>
  52. </div>
  53. </div>
  54. </blockquote>
  55. <p>There are a couple of reasons I guess from Azure nested virtualization. The first thing is that Microsoft targets to non-Microsoft virtualization customers such as VMware, <a href="https://www.linux-kvm.org/page/Main_Page" target="_blank" rel="noopener">KVM</a> or <a href="https://www.openstack.org/" target="_blank" rel="noopener">OpenStack</a>. These types of customer have a comprehensive road map of lift-and-shift plan. It is not that easy to just convert everything to Microsoft stack. As mentioned earlier in this article, they need time to test and evaluate Azure offerings. The other thing around Azure nested virtualization is to aim to offer a complete enterprise cloud solution. This capability would be the sign of bare-metal cloud service offering for companies that need a dedicated IaaS cloud environment on Microsoft Azure to eliminate the concern of public-cloud <a href="http://thuansoldier.net/?tag=azure-security" target="_blank" rel="noopener">security</a> and shared underlying infrastructure while still taking advantages of infrastructure management and automation offering.</p>
  56. <p>With Azure nested virtualization, Azure is going to compete directly with <a href="https://cloud.oracle.com/en_US/bare-metal" target="_blank" rel="noopener">Oracle Cloud in the bare-metal cloud service</a></p>
  57. ]]></content:encoded>
  58. <wfw:commentRss>http://thuansoldier.net/?feed=rss2&#038;p=6244</wfw:commentRss>
  59. <slash:comments>0</slash:comments>
  60. <post-id xmlns="com-wordpress:feed-additions:1">6244</post-id> </item>
  61. <item>
  62. <title>Involve security consulting partner for vulnerability assessment on Azure</title>
  63. <link>http://thuansoldier.net/?p=6208</link>
  64. <comments>http://thuansoldier.net/?p=6208#respond</comments>
  65. <pubDate>Sun, 16 Jul 2017 03:56:10 +0000</pubDate>
  66. <dc:creator><![CDATA[Thuan Soldier]]></dc:creator>
  67. <category><![CDATA[CyberSecurity]]></category>
  68. <category><![CDATA[Microsoft Azure]]></category>
  69. <category><![CDATA[azure iaas]]></category>
  70. <category><![CDATA[azure iaas defense in depth]]></category>
  71. <category><![CDATA[azure security]]></category>
  72. <category><![CDATA[qualys security]]></category>
  73.  
  74. <guid isPermaLink="false">http://thuansoldier.net/?p=6208</guid>
  75. <description><![CDATA[Microsoft excels at building a solid partnership with service companies around the world. You may not know that on Microsoft...]]></description>
  76. <content:encoded><![CDATA[<p>Microsoft excels at building a solid partnership with service companies around the world. You may not know that on Microsoft Azure, you can involve a security consulting partner to help you perform server vulnerability assessment. Moreover, through Azure Security Center, you receive a recommendation in which you are given the opportunity to allow <a href="https://www.qualys.com/" target="_blank" rel="noopener">Qualys</a> to support you.</p>
  77. <p>In this article, we will see how to install Qualys vulnerability assessment so the security company can go to help.</p>
  78. <blockquote><p>If you want to learn advanced Azure IaaS Defense in Depth with lot of hands-on labs to practice, go order my book <a href="http://amzn.com/B07117YWFZ" target="_blank" rel="noopener noreferrer">here</a></p></blockquote>
  79. <p>The first step is to log into the Azure Management Portal (<em>https://portal.azure.com</em>) using your administrator account. From the left panel, click Security Center. Under <strong>PREVENTION</strong>, click <strong>Partner solutions</strong>.</p>
  80. <p><img data-attachment-id="6209" data-permalink="http://thuansoldier.net/?attachment_id=6209" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-01.png" data-orig-size="856,525" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="sc-qualys-01" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-01-300x184.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-01.png" class="aligncenter size-full wp-image-6209" src="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-01.png" alt="" width="856" height="525" srcset="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-01.png 856w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-01-300x184.png 300w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-01-768x471.png 768w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-01-552x339.png 552w" sizes="(max-width: 856px) 100vw, 856px" /></p>
  81. <p>From the screen, click <strong>recommendations </strong>link next to &#8220;<strong>To deploy a partner solution see&#8230;</strong>&#8220;. Azure Security Center gives you list of recommendations based on its criteria on each resource category. In a single view, you can see not only recommendation for storage, but also server and networking.  One of the ones you would pay attention to is &#8220;<strong>Add a vulnerability assessment solution</strong>&#8220;. Click on this recommendation.</p>
  82. <p><img data-attachment-id="6210" data-permalink="http://thuansoldier.net/?attachment_id=6210" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-02.png" data-orig-size="590,399" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="sc-qualys-02" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-02-300x203.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-02.png" class="aligncenter size-full wp-image-6210" src="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-02.png" alt="" width="590" height="399" srcset="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-02.png 590w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-02-300x203.png 300w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-02-552x373.png 552w" sizes="(max-width: 590px) 100vw, 590px" /></p>
  83. <p>On the new blade, select the Azure virtual machine you need to scan vulnerability then click <strong>Install on 1 VMs</strong>. (The number &#8220;1&#8221; is based on the number of selected virtual machine&#8221;)</p>
  84. <p><img data-attachment-id="6211" data-permalink="http://thuansoldier.net/?attachment_id=6211" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-03.png" data-orig-size="588,163" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="sc-qualys-03" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-03-300x83.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-03.png" class="aligncenter size-full wp-image-6211" src="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-03.png" alt="" width="588" height="163" srcset="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-03.png 588w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-03-300x83.png 300w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-03-552x153.png 552w" sizes="(max-width: 588px) 100vw, 588px" /></p>
  85. <p>On the <strong>Add a Vulnerability Assessment</strong> blade, click <strong>Create New.</strong></p>
  86. <p><img data-attachment-id="6212" data-permalink="http://thuansoldier.net/?attachment_id=6212" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-04.png" data-orig-size="587,274" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="sc-qualys-04" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-04-300x140.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-04.png" class="aligncenter size-full wp-image-6212" src="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-04.png" alt="" width="587" height="274" srcset="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-04.png 587w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-04-300x140.png 300w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-04-552x258.png 552w" sizes="(max-width: 587px) 100vw, 587px" /></p>
  87. <p>On the <strong>Create a new Vulnerability Assessment</strong> solution blade, click <strong>Qualys for Azure</strong>. As of this article, there is only one partner being engaged with Microsoft. More partners said by Microsoft will be soon on-boarding Azure.</p>
  88. <p><img data-attachment-id="6213" data-permalink="http://thuansoldier.net/?attachment_id=6213" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-05.png" data-orig-size="588,133" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="sc-qualys-05" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-05-300x68.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-05.png" class="aligncenter size-full wp-image-6213" src="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-05.png" alt="" width="588" height="133" srcset="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-05.png 588w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-05-300x68.png 300w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-05-552x125.png 552w" sizes="(max-width: 588px) 100vw, 588px" /><br />
  89. On the <strong>Qualys, Inc. vulnerability management</strong> blade, click <strong>Sign up</strong> for the solution. You are redirected to the Qualys registration account for Qualys solution for Azure. Click <strong>Qualys Free Trial</strong> and follow registration process to complete.</p>
  90. <p>Enter name of the solution under <strong>Name. </strong>Subscription is automatically selected. Select <strong>Use</strong> <strong>existing</strong> under <strong>Resource</strong> <strong>group</strong> Select <strong>did-infra-rg</strong> from the drop-down list. Select your location under <strong>Location.</strong></p>
  91. <p><img data-attachment-id="6214" data-permalink="http://thuansoldier.net/?attachment_id=6214" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-06.png" data-orig-size="476,483" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="sc-qualys-06" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-06-296x300.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-06.png" class="aligncenter size-full wp-image-6214" src="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-06.png" alt="" width="476" height="483" srcset="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-06.png 476w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-06-296x300.png 296w" sizes="(max-width: 476px) 100vw, 476px" /></p>
  92. <p>Login to Qualys portal. Qualys solution for Azure is based on cloud model. Click <strong>Modules</strong> from the left corner and select <strong>Cloud Agent</strong>.</p>
  93. <p><img data-attachment-id="6215" data-permalink="http://thuansoldier.net/?attachment_id=6215" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-07.png" data-orig-size="549,512" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="sc-qualys-07" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-07-300x280.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-07.png" class="aligncenter size-full wp-image-6215" src="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-07.png" alt="" width="549" height="512" srcset="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-07.png 549w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-07-300x280.png 300w" sizes="(max-width: 549px) 100vw, 549px" /></p>
  94. <p>On the <strong>Cloud Agent</strong> page, there are two tabs: <strong>Dashboard</strong> and <strong>Agent</strong> <strong>Management</strong>. Click <strong>Agent</strong> <strong>Management</strong></p>
  95. <p>On the <strong>Agent</strong> <strong>Management</strong> page, click <strong>Agents</strong> Click <strong>Install</strong> <strong>New</strong> <strong>Agent</strong>.</p>
  96. <p><img data-attachment-id="6216" data-permalink="http://thuansoldier.net/?attachment_id=6216" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-08.png" data-orig-size="943,473" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="sc-qualys-08" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-08-300x150.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-08.png" class="aligncenter size-full wp-image-6216" src="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-08.png" alt="" width="943" height="473" srcset="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-08.png 943w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-08-300x150.png 300w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-08-768x385.png 768w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-08-552x277.png 552w" sizes="(max-width: 943px) 100vw, 943px" /></p>
  97. <p>On the <strong>New Activation Key</strong> page, enter the title of your new activation key. Stick to <strong>Vulnerability</strong> <strong>Management</strong>. Click <strong>Generate</strong>.</p>
  98. <p><img data-attachment-id="6217" data-permalink="http://thuansoldier.net/?attachment_id=6217" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-09.png" data-orig-size="1126,906" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="sc-qualys-09" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-09-300x241.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-09.png" class="aligncenter size-full wp-image-6217" src="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-09.png" alt="" width="1126" height="906" srcset="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-09.png 1126w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-09-300x241.png 300w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-09-768x618.png 768w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-09-552x444.png 552w" sizes="(max-width: 1126px) 100vw, 1126px" /></p>
  99. <p>Copy the activation key into your secure note. Click <strong>Install instructions</strong> for Windows under <strong>Installation</strong> <strong>Requirements</strong>. Qualys supports not only Windows but other ones as seen below.</p>
  100. <p><img data-attachment-id="6219" data-permalink="http://thuansoldier.net/?attachment_id=6219" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-10.png" data-orig-size="770,622" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="sc-qualys-10" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-10-300x242.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-10.png" class="aligncenter size-full wp-image-6219" src="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-10.png" alt="" width="770" height="622" srcset="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-10.png 770w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-10-300x242.png 300w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-10-768x620.png 768w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-10-552x446.png 552w" sizes="(max-width: 770px) 100vw, 770px" /></p>
  101. <p>Switch to the option <strong>Deploying in Azure Cloud</strong>. Copy code under <strong>License code</strong> and <strong>Public</strong> <strong>key</strong> which you need to enter in</p>
  102. <p><img data-attachment-id="6220" data-permalink="http://thuansoldier.net/?attachment_id=6220" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-11.png" data-orig-size="1123,906" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="sc-qualys-11" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-11-300x242.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-11.png" class="aligncenter size-full wp-image-6220" src="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-11.png" alt="" width="1123" height="906" srcset="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-11.png 1123w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-11-300x242.png 300w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-11-768x620.png 768w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-11-552x445.png 552w" sizes="(max-width: 1123px) 100vw, 1123px" /></p>
  103. <p>Go back to Azure and paste copied code accordingly into <strong>License</strong> <strong>code</strong> box and <strong>Public</strong> <strong>key. </strong>Stick <strong>Auto</strong> <strong>update</strong> to allow Azure Security Center to automatically install Qualys agent to be installed on other virtual machines including future ones which it discovers. Click <strong>OK</strong>.</p>
  104. <p><img data-attachment-id="6221" data-permalink="http://thuansoldier.net/?attachment_id=6221" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-12.png" data-orig-size="478,587" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="sc-qualys-12" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-12-244x300.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-12.png" class="aligncenter size-full wp-image-6221" src="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-12.png" alt="" width="478" height="587" srcset="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-12.png 478w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-12-244x300.png 244w" sizes="(max-width: 478px) 100vw, 478px" /></p>
  105. <p>Wait around 5 – 10 minutes until the agent deployment is complete on your target virtual machine. Once the deployment is finished, Qualys Agent extension is installed on your virtual machine. You can go to the virtual machine and check its extension.</p>
  106. <p><img data-attachment-id="6222" data-permalink="http://thuansoldier.net/?attachment_id=6222" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-13.png" data-orig-size="961,432" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="sc-qualys-13" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-13-300x135.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-13.png" class="aligncenter size-full wp-image-6222" src="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-13.png" alt="" width="961" height="432" srcset="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-13.png 961w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-13-300x135.png 300w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-13-768x345.png 768w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-13-552x248.png 552w" sizes="(max-width: 961px) 100vw, 961px" /></p>
  107. <p>To verify if your setup is correct, open <strong>Agent Management</strong> page in the Qualys portal. Click <strong>Activation</strong> <strong>Keys</strong>.</p>
  108. <p><img data-attachment-id="6223" data-permalink="http://thuansoldier.net/?attachment_id=6223" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-14.png" data-orig-size="967,449" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="sc-qualys-14" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-14-300x139.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-14.png" class="aligncenter size-full wp-image-6223" src="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-14.png" alt="" width="967" height="449" srcset="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-14.png 967w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-14-300x139.png 300w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-14-768x357.png 768w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-14-552x256.png 552w" sizes="(max-width: 967px) 100vw, 967px" /></p>
  109. <p>Click the activation key you just created. On the <strong>Key</strong> <strong>Info</strong> <strong>View</strong> page, click <strong>Agents</strong>. You can see that your agent host with correct name is added.</p>
  110. <p><img data-attachment-id="6224" data-permalink="http://thuansoldier.net/?attachment_id=6224" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-15.png" data-orig-size="914,338" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="sc-qualys-15" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-15-300x111.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-15.png" class="aligncenter size-full wp-image-6224" src="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-15.png" alt="" width="914" height="338" srcset="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-15.png 914w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-15-300x111.png 300w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-15-768x284.png 768w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-15-552x204.png 552w" sizes="(max-width: 914px) 100vw, 914px" /></p>
  111. <p>You can verify whether Qualys agent is automatically installed on another virtual machine.</p>
  112. <p><img data-attachment-id="6225" data-permalink="http://thuansoldier.net/?attachment_id=6225" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-16.png" data-orig-size="663,504" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="sc-qualys-16" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-16-300x228.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-16.png" class="aligncenter size-full wp-image-6225" src="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-16.png" alt="" width="663" height="504" srcset="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-16.png 663w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-16-300x228.png 300w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-16-552x420.png 552w" sizes="(max-width: 663px) 100vw, 663px" /></p>
  113. <p>You can click on each agent and look for Vulnerability report from Qualys.</p>
  114. <p><img data-attachment-id="6226" data-permalink="http://thuansoldier.net/?attachment_id=6226" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-17.png" data-orig-size="879,508" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="sc-qualys-17" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-17-300x173.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-17.png" class="aligncenter size-full wp-image-6226" src="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-17.png" alt="" width="879" height="508" srcset="http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-17.png 879w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-17-300x173.png 300w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-17-768x444.png 768w, http://thuansoldier.net/wp-content/uploads/2017/07/sc-qualys-17-552x319.png 552w" sizes="(max-width: 879px) 100vw, 879px" /></p>
  115. <p>You may ask if your virtual machine needs Internet connection. This matter is not disclosed yet but I guess that Microsoft opens a private tunnel to allow Qualys cloud-based agent service to connect to your virtual machine to perform an assessment.</p>
  116. <h3><span style="color: #ff6600;"><strong>Additional References</strong></span></h3>
  117. <p>Here are some additional references that might be helpful:</p>
  118. <ul>
  119. <li><a href="https://docs.microsoft.com/en-us/azure/security-center/security-center-vulnerability-assessment-recommendations" target="_blank" rel="noopener">Vulnerability assessment in Azure Security Center</a></li>
  120. <li><a href="https://community.qualys.com/docs/DOC-5725-scanning-in-microsoft-azure-using-resource-manager-arm" target="_blank" rel="noopener">Scanning in Microsoft Azure using Resource Manager (ARM)</a></li>
  121. </ul>
  122. ]]></content:encoded>
  123. <wfw:commentRss>http://thuansoldier.net/?feed=rss2&#038;p=6208</wfw:commentRss>
  124. <slash:comments>0</slash:comments>
  125. <post-id xmlns="com-wordpress:feed-additions:1">6208</post-id> </item>
  126. <item>
  127. <title>A little experience writing for Amazon KDP</title>
  128. <link>http://thuansoldier.net/?p=6197</link>
  129. <comments>http://thuansoldier.net/?p=6197#respond</comments>
  130. <pubDate>Sun, 09 Jul 2017 12:05:47 +0000</pubDate>
  131. <dc:creator><![CDATA[Thuan Soldier]]></dc:creator>
  132. <category><![CDATA[Miscellaneous]]></category>
  133. <category><![CDATA[amazon kdp]]></category>
  134. <category><![CDATA[azure security]]></category>
  135. <category><![CDATA[book writing]]></category>
  136. <category><![CDATA[kindle device]]></category>
  137.  
  138. <guid isPermaLink="false">http://thuansoldier.net/?p=6197</guid>
  139. <description><![CDATA[&#8220;Microsoft Azure IaaS Defense in Depth&#8221; is the very first book I wrote myself became commercial on Amazon Store. This...]]></description>
  140. <content:encoded><![CDATA[<p>&#8220;<a href="https://www.amazon.com/dp/B07117YWFZ/ref=cm_sw_su_dp" target="_blank" rel="noopener">Microsoft Azure IaaS Defense in Depth</a>&#8221; is the very first book I wrote myself became commercial on Amazon Store. This book is published through <a href="https://kdp.amazon.com/en_US/help/topic/A37Z49E2DDQPP3?ref_=gs" target="_blank" rel="noopener">Amazon Kindle Direct Publishing</a>. I got a few requests from fellow MVPs in the community regarding my experience with Amazon KDP and why I didn&#8217;t go with a good publisher. In this article, I&#8217;d like to share a little experience during my time working on my book authoring.</p>
  141. <h3><span style="color: #ff6600;">Why I chose Amazon KDP?</span></h3>
  142. <p>There are some popular names among book publishing companies such as Packt, Apress, Wrox, O&#8217;reilly that you may know if reading IT books. When I had an idea of writing my book, I thought about Packt because most of books published by Packt gives more practical and hands-on structure than the others. Apress can be a good one but Wrox is more academic which drills down deeply the content.</p>
  143. <p>Popular publishing companies like these not only help in publishing and marketing your book but also give a systematical structure for your content. They have a good plan to brainstorm what should be written and how to organize the content so readers can read to the bottom to fully achieve the knowledge. That said, the plan often takes time for email, communication, chatting and online call. At the time I decided to write my book, I had intended to <a href="http://thuansoldier.net/?p=5355" target="_blank" rel="noopener">publish it on June 15, 2017</a> which is my 27th birthday. Hence, I thought I would not have enough time to work with a publisher. If you are asked to write for them, it takes around 1 month to prepare table of content and some sample paragraphs for evaluation before officially writing.</p>
  144. <p>When there was not a choice for a popular publisher, I had to look for a self-service publisher. LeanPub and Amazon KDP were in my shortlisted options. Finally I chose Amazon KDP because it is free. LeanPub is good but it charges me $99 for the first time. Another reason is the book format. While Amazon KDP does not care about the book format because the book is rendered on Kindle devices, LeanPub gives a PDF format which is easily shared to others. I don&#8217;t mean the income I would have after publishing the book, but with PDF format there is no guarantee of leakage.</p>
  145. <h3><span style="color: #ff6600;">What to do with Amazon KDP?</span></h3>
  146. <p>You need to register an account <a href="https://kdp.amazon.com/en_US/" target="_blank" rel="noopener">here</a> before you can work out your book&#8217;s information, cover, description and price in the <strong>Bookshelf</strong>. Amazon KDP also provides some free tools such as <a href="https://www.amazon.com/gp/feature.html?docId=1002998671" target="_blank" rel="noopener">Kindle Textbook Creator</a>, <a href="https://www.amazon.com/gp/feature.html?docId=1000765261" target="_blank" rel="noopener">Kindle Previewer</a> to help you create and preview your book on a simulated Kindle devices.</p>
  147. <p><img data-attachment-id="6201" data-permalink="http://thuansoldier.net/?attachment_id=6201" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/07/kindle_creator.png" data-orig-size="1320,716" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="kindle_creator" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/07/kindle_creator-300x163.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/07/kindle_creator.png" class="aligncenter size-full wp-image-6201" src="http://thuansoldier.net/wp-content/uploads/2017/07/kindle_creator.png" alt="" width="1320" height="716" srcset="http://thuansoldier.net/wp-content/uploads/2017/07/kindle_creator.png 1320w, http://thuansoldier.net/wp-content/uploads/2017/07/kindle_creator-300x163.png 300w, http://thuansoldier.net/wp-content/uploads/2017/07/kindle_creator-768x417.png 768w, http://thuansoldier.net/wp-content/uploads/2017/07/kindle_creator-1140x618.png 1140w, http://thuansoldier.net/wp-content/uploads/2017/07/kindle_creator-552x299.png 552w" sizes="(max-width: 1320px) 100vw, 1320px" /></p>
  148. <p>There are many similar questions regarding the format the author should use for Kindle book. I would say per my experience that the <strong>font size is 11</strong> and the font is <strong>Garamond</strong>. Though Kindle automatically converts your manuscript into HTML format and render upon its standard on Kindle devices. The width: height should be <strong>6:9</strong> in case you need to not only publish Kindle book but also paperback. I used the template suggested by CreateSpace to prepare my manuscript.</p>
  149. <p>After completing your manuscript, you need to set the price. It is recommended to follow the maturity of people who set the 70:30 as a royalty. For more information on this stuff, read <a href="https://kdp.amazon.com/en_US/help/topic/A30F3VI2TH1FR8" target="_blank" rel="noopener">here</a>.</p>
  150. ]]></content:encoded>
  151. <wfw:commentRss>http://thuansoldier.net/?feed=rss2&#038;p=6197</wfw:commentRss>
  152. <slash:comments>0</slash:comments>
  153. <post-id xmlns="com-wordpress:feed-additions:1">6197</post-id> </item>
  154. <item>
  155. <title>Microsoft MVP for the 7th year</title>
  156. <link>http://thuansoldier.net/?p=5544</link>
  157. <comments>http://thuansoldier.net/?p=5544#comments</comments>
  158. <pubDate>Sun, 02 Jul 2017 08:11:26 +0000</pubDate>
  159. <dc:creator><![CDATA[Thuan Soldier]]></dc:creator>
  160. <category><![CDATA[Miscellaneous]]></category>
  161. <category><![CDATA[microsoft mvp]]></category>
  162.  
  163. <guid isPermaLink="false">http://thuansoldier.net/?p=5544</guid>
  164. <description><![CDATA[I&#8217;m humbly excited today to have received an email from Microsoft saying that my MVP award has been renewed. This...]]></description>
  165. <content:encoded><![CDATA[<p>I&#8217;m humbly excited today to have received an email from Microsoft saying that my MVP award has been renewed. This is the consecutive 7th year since the first time I got the MVP award for Microsoft SharePoint. Now SharePoint is grouped into a new MVP category called Office Servers and Services which comprises of 5 Microsoft productivity products: Office 365, Exchange, SharePoint, Skype for Business and Yammer.</p>
  166. <p><img data-attachment-id="5545" data-permalink="http://thuansoldier.net/?attachment_id=5545" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/07/mvp_2018.png" data-orig-size="609,302" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="mvp_2018" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/07/mvp_2018-300x149.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/07/mvp_2018.png" class="aligncenter size-full wp-image-5545" src="http://thuansoldier.net/wp-content/uploads/2017/07/mvp_2018.png" alt="" width="609" height="302" srcset="http://thuansoldier.net/wp-content/uploads/2017/07/mvp_2018.png 609w, http://thuansoldier.net/wp-content/uploads/2017/07/mvp_2018-300x149.png 300w, http://thuansoldier.net/wp-content/uploads/2017/07/mvp_2018-552x274.png 552w" sizes="(max-width: 609px) 100vw, 609px" /></p>
  167. <p>Microsoft MVP award is not a certificate you can study and take an examination to achieve it nor something special like a silver bullet. The award is your contribution to the world&#8217;s community and Microsoft business. This would be to show how your blood of Microsoft looks like and how much of passion you would expose.</p>
  168. <p>For the last year, I&#8217;ve been with community in several countries. I gave my presentation at <a href="http://thuansoldier.net/?p=4571" target="_blank" rel="noopener">Global Azure Bootcamp 2016</a> and <a href="http://thuansoldier.net/?p=4933" target="_blank" rel="noopener">2017</a> at Microsoft Singapore where I shared with folks <a href="https://www.slideshare.net/thuansoldier/planning-and-deployingsharepointfarminazuregabsg2016" target="_blank" rel="noopener">best practices for SharePoint Server deployment on Microsoft Azure</a> and <a href="https://www.slideshare.net/thuansoldier/design-a-secure-azure-iaas-lesson-learnt-from-government-cloud" target="_blank" rel="noopener">Azure IaaS defense in depth</a> topics. In November 2016, I had a chance to speak at <a href="https://www.slideshare.net/thuansoldier/lotus-notes-transition-to-office-365" target="_blank" rel="noopener">European SharePoint Conference 2016</a> in one of the world&#8217;s most livable cities &#8211; Vienna, Australia. I met many internationally renowned experts in person to discuss more about SharePoint and the market.</p>
  169. <div id="attachment_5548" style="width: 663px" class="wp-caption aligncenter"><img data-attachment-id="5548" data-permalink="http://thuansoldier.net/?attachment_id=5548" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/07/IMG_0207.jpg" data-orig-size="653,490" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;2.2&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;iPhone 6&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;1479313168&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;4.15&quot;,&quot;iso&quot;:&quot;160&quot;,&quot;shutter_speed&quot;:&quot;0.03030303030303&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;1&quot;}" data-image-title="IMG_0207" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/07/IMG_0207-300x225.jpg" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/07/IMG_0207.jpg" class="wp-image-5548 size-full" src="http://thuansoldier.net/wp-content/uploads/2017/07/IMG_0207.jpg" alt="" width="653" height="490" srcset="http://thuansoldier.net/wp-content/uploads/2017/07/IMG_0207.jpg 653w, http://thuansoldier.net/wp-content/uploads/2017/07/IMG_0207-300x225.jpg 300w, http://thuansoldier.net/wp-content/uploads/2017/07/IMG_0207-552x414.jpg 552w" sizes="(max-width: 653px) 100vw, 653px" /><p class="wp-caption-text">With Gokan &#8211; a Microsoft Regional Director in Belgium and Vlad &#8211; a SharePoint expert from Canada</p></div>
  170. <p>In March 2017, I flew to Kuala Lumpur Malaysia to speak about <a href="https://www.slideshare.net/thuansoldier/expertslive-asia-pacific-2017-planning-and-deploying-sharepoint-server-2016-on-microsoft-azure" target="_blank" rel="noopener">SharePoint Server 2016 on Microsoft Azure</a> at the ExpertsLive Asia Pacific 2017. Later a month, I went to Singapore for Global Azure Bootcamp 2017 presentation at Microsoft Singapore.</p>
  171. <div id="attachment_5549" style="width: 548px" class="wp-caption aligncenter"><img data-attachment-id="5549" data-permalink="http://thuansoldier.net/?attachment_id=5549" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/07/IMG_1125.jpg" data-orig-size="538,538" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;1&quot;}" data-image-title="IMG_1125" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/07/IMG_1125-300x300.jpg" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/07/IMG_1125.jpg" class="wp-image-5549 size-full" src="http://thuansoldier.net/wp-content/uploads/2017/07/IMG_1125.jpg" alt="" width="538" height="538" srcset="http://thuansoldier.net/wp-content/uploads/2017/07/IMG_1125.jpg 538w, http://thuansoldier.net/wp-content/uploads/2017/07/IMG_1125-150x150.jpg 150w, http://thuansoldier.net/wp-content/uploads/2017/07/IMG_1125-300x300.jpg 300w" sizes="(max-width: 538px) 100vw, 538px" /><p class="wp-caption-text">With Microsoft Singapore folks</p></div>
  172. <p>One of another remarkable work is book writing. This year I spent my time with another MVP writing a <a href="https://gallery.technet.microsoft.com/Step-by-step-Guide-to-2553ee9a" target="_blank" rel="noopener">150-page step-by-step guide to configuring and deploying Office 365 hybrid</a>. I also authored myself a publishing book named <a href="https://www.amazon.com/Microsoft-Azure-Defense-Depth-Guide-ebook/dp/B07117YWFZ" target="_blank" rel="noopener">Microsoft Azure Iaas Defense in Depth</a> which has already been on Amazon store. Beside book writing, I established a new website <a href="http://azurevn.net" target="_blank" rel="noopener">http://azurevn.net</a> where I gather Microsoft Azure experts and lovers to share experiences and articles. My event engagement is still active in which I was engaged to organize with Microsoft two events in Vietnam.</p>
  173. <p>I think being an MVP is an amazing experience. I would like to thank my peer MVPs, the community program manager and the Microsoft product teams for supporting and being with the community for years. I’m looking forward to contributing and engaging more into the community in the new year ahead.</p>
  174. ]]></content:encoded>
  175. <wfw:commentRss>http://thuansoldier.net/?feed=rss2&#038;p=5544</wfw:commentRss>
  176. <slash:comments>2</slash:comments>
  177. <post-id xmlns="com-wordpress:feed-additions:1">5544</post-id> </item>
  178. <item>
  179. <title>Four levels of customer frustration</title>
  180. <link>http://thuansoldier.net/?p=5521</link>
  181. <comments>http://thuansoldier.net/?p=5521#respond</comments>
  182. <pubDate>Fri, 23 Jun 2017 05:34:37 +0000</pubDate>
  183. <dc:creator><![CDATA[Thuan Soldier]]></dc:creator>
  184. <category><![CDATA[Miscellaneous]]></category>
  185. <category><![CDATA[customer frustration]]></category>
  186. <category><![CDATA[customer service]]></category>
  187. <category><![CDATA[frustration handling]]></category>
  188.  
  189. <guid isPermaLink="false">http://thuansoldier.net/?p=5521</guid>
  190. <description><![CDATA[It’s been nearly 8 years since I started with IT service. Having faced with many customers, I’ve received number of...]]></description>
  191. <content:encoded><![CDATA[<p>It’s been nearly 8 years since I started with IT service. Having faced with many customers, I’ve received number of different complaints and compliments. I receive compliant every time if something does not meet a customer’s expectation. On the contrary, if I get a compliment, that is something I completed reaches customer’s expectation. I had a conversation yesterday with a friend of mine, sharing a message he got from his customer about frustration. He then asked me what was a customer’s feeling when writing such a message to him. I looked back myself, remembering as much as possible when I got a complaint. Finally there are four levels of frustration I’ve realized, based on the message (e.g. email, IM…) customers have sent to me.</p>
  192. <blockquote><p>You may be interested in reading <a href="http://thuansoldier.net/?p=5101" target="_blank" rel="noopener">my own three letters to be successful in IT managed services</a></p></blockquote>
  193. <h3><span style="color: #ff6600;"><strong>&#8220;I’m not happy&#8221;</strong></span></h3>
  194. <p>When a customer says he is not happy. He happens to see something he does not like. This can be a missing something from your side. This can be a missed deadline in a project. This level sometimes is acceptable because nothing is perfect. Moreover, you have to deal with a fastidious person you cannot imagine. We cannot satisfy every of kind of person in our life. This level may get you pay attention more, but it still does not tell you in a sign of red alert. Perhaps it is a unconsiderable mistake. You need to see why he is not happy and try to address that thing.</p>
  195. <h3><span style="color: #ff6600;"><strong>&#8220;I’m unhappy&#8221;</strong></span></h3>
  196. <p>This literally sounds like the previous one. Yes it’s but it is a quite different level of frustration. Such a message to you is an automatic reflex which tells you that the customer didn’t think about putting “<strong>Not</strong>” before “<strong>Happy</strong>”. He purposely used a negative verb “<strong>Unhappy</strong>”. It’s an upper level of the previous one when the reason has not been explained in a formal way. The customer in this case doesn’t seem to stand enough. When you receive this message, this can be a sign of warning alert which requires you to have an action plan to see what is really happening in your case. In a software project, it can be a defect which is present to  end users not only one time, but several times. Another reason could be the case when you don’t directly address to the customer’s concern repeatedly.</p>
  197. <h3><span style="color: #ff6600;"><strong>&#8220;I’m disappointed&#8221;</strong></span></h3>
  198. <p>When something the customer even does not hope to be solved, he gives you such a message. When a customer has nothing to hope, perhaps a long-lasting error you haven’t fixed yet, or something you cannot seem to solve. This is a red alert that requires a managerial level review to see how things can be solved. In a software project, if that is a technical issue the escalation is still in the management level. This can result to a contract termination or penalty agreement. There can be a meeting between both parties to review the entirely project. I got this kind of message a few times in the past when I could not deliver a good software project or was unable to complete a milestone. The meeting at that time was just only to bring out the question “WHEN” until the customer expressed frankly that he was totally disappointed.</p>
  199. <h3><span style="color: #ff6600;"><strong>&#8220;I’m frustrated&#8221;</strong></span></h3>
  200. <p>Have you ever heard from your customer? The level couldn’t be better explained by itself, and from Google : <em>feeling or expressing distress and annoyance, especially because of inability to change or achieve something</em>. When a customer says that he is frustrated, he wants to tell you he is painful totally, and he feels sadly when working with you. The reason he feels that is very often because his direct manager seems to be disappointed to him. That is why you receive the highest level of frustration.</p>
  201. <p><img data-attachment-id="5522" data-permalink="http://thuansoldier.net/?attachment_id=5522" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/06/rsz_anger-742x495.jpg" data-orig-size="742,495" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="rsz_anger-742&#215;495" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/06/rsz_anger-742x495-300x200.jpg" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/06/rsz_anger-742x495.jpg" class="aligncenter size-full wp-image-5522" src="http://thuansoldier.net/wp-content/uploads/2017/06/rsz_anger-742x495.jpg" alt="" width="742" height="495" srcset="http://thuansoldier.net/wp-content/uploads/2017/06/rsz_anger-742x495.jpg 742w, http://thuansoldier.net/wp-content/uploads/2017/06/rsz_anger-742x495-300x200.jpg 300w, http://thuansoldier.net/wp-content/uploads/2017/06/rsz_anger-742x495-552x368.jpg 552w" sizes="(max-width: 742px) 100vw, 742px" /></p>
  202. <p>In a software project, if your delivery makes a big impact on the total plan, resulting to business loss, the customer finally is frustrated. They do not want to do business with you. The termination contract decision may be quickly made if the relationship between you and them is not good.</p>
  203. <h3><span style="color: #ff6600;"><strong>Conclusion</strong></span></h3>
  204. <p>Every of level frustration has an action plan to follow. The more flexible it it, the less frustration you manage to achieve. I’d hope my article can be a good point to share with you signs of frustration to help improve service.</p>
  205. ]]></content:encoded>
  206. <wfw:commentRss>http://thuansoldier.net/?feed=rss2&#038;p=5521</wfw:commentRss>
  207. <slash:comments>0</slash:comments>
  208. <post-id xmlns="com-wordpress:feed-additions:1">5521</post-id> </item>
  209. <item>
  210. <title>Protecting your Azure virtual machine with Disk Encryption</title>
  211. <link>http://thuansoldier.net/?p=5421</link>
  212. <comments>http://thuansoldier.net/?p=5421#respond</comments>
  213. <pubDate>Sun, 11 Jun 2017 03:47:45 +0000</pubDate>
  214. <dc:creator><![CDATA[Thuan Soldier]]></dc:creator>
  215. <category><![CDATA[CyberSecurity]]></category>
  216. <category><![CDATA[Microsoft Azure]]></category>
  217. <category><![CDATA[azure disk encryption]]></category>
  218. <category><![CDATA[azure key vault]]></category>
  219. <category><![CDATA[azure security]]></category>
  220. <category><![CDATA[cloud security]]></category>
  221. <category><![CDATA[iaas security]]></category>
  222.  
  223. <guid isPermaLink="false">http://thuansoldier.net/?p=5421</guid>
  224. <description><![CDATA[The ultimate objective of security was to protect data from any authorized access. Confidentiality should emphasize similarly. Controlling access to...]]></description>
  225. <content:encoded><![CDATA[<p>The ultimate objective of security was to protect data from any authorized access. Confidentiality should emphasize similarly. Controlling access to virtual machine and data sometimes does not work. Through a local attack, an attacker might have your disk where data is stored. In this situation, adding an extra protection layer by encrypting your disk is always a recommended best practice.</p>
  226. <blockquote><p>If you want to learn advanced Azure IaaS Defense in Depth with lot of hands-on labs to practice, go pre-order my upcoming book <a href="http://amzn.com/B07117YWFZ" target="_blank" rel="noopener noreferrer">here</a></p></blockquote>
  227. <p>Azure Disk Encryption allows you to encrypt disk in virtual machine. During the encryption, disk-encryption key is stored in Azure Key Vault which is required for decryption. To successfully gain data inside your disk, an attacker must have not only data disk but also secret key to decrypt. Without the key, the attacker cannot mount the disk into his hypervisor host for further analysis. Your virtual machines are encrypted at rest in the storage account.</p>
  228. <p>Azure Disk Encryption leverages BitLocker encryption technology on Windows and DM-Crypt on Linux.</p>
  229. <p><a href="http://thuansoldier.net/wp-content/uploads/2017/06/keyvault.png"><img data-attachment-id="5422" data-permalink="http://thuansoldier.net/?attachment_id=5422" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/06/keyvault.png" data-orig-size="521,328" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="keyvault" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/06/keyvault-300x189.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/06/keyvault.png" class="aligncenter size-full wp-image-5422" src="http://thuansoldier.net/wp-content/uploads/2017/06/keyvault.png" alt="" width="521" height="328" srcset="http://thuansoldier.net/wp-content/uploads/2017/06/keyvault.png 521w, http://thuansoldier.net/wp-content/uploads/2017/06/keyvault-300x189.png 300w" sizes="(max-width: 521px) 100vw, 521px" /></a></p>
  230. <h3><span style="color: #ff6600;"><strong>Lab: Encrypting Azure virtual machine disk</strong></span></h3>
  231. <p>This lab is going to walk you through steps to enable Disk Encryption. Perform the following steps to complete the lab:</p>
  232. <p style="padding-left: 30px;"><strong>Step 1</strong>: Log into the Azure Management Portal (<em>https://portal.azure.com</em>) using your administrator account.</p>
  233. <p style="padding-left: 30px;"><strong>Step 2</strong>: From the left panel, click <strong>Azure Key Vault</strong>. If it has not been added yet, click More services and search for <strong>Key vaults</strong>.</p>
  234. <p><a href="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-01.png"><img data-attachment-id="5425" data-permalink="http://thuansoldier.net/?attachment_id=5425" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-01.png" data-orig-size="587,171" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="azure-disk-encryption-01" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-01-300x87.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-01.png" class="aligncenter size-full wp-image-5425" src="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-01.png" alt="" width="587" height="171" srcset="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-01.png 587w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-01-300x87.png 300w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-01-552x161.png 552w" sizes="(max-width: 587px) 100vw, 587px" /></a></p>
  235. <p style="padding-left: 30px;"><strong>Step 3</strong>: On the <strong>Key vaults</strong> blade, click <strong>Add</strong>.</p>
  236. <p><a href="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-02.png"><img data-attachment-id="5426" data-permalink="http://thuansoldier.net/?attachment_id=5426" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-02.png" data-orig-size="498,227" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="azure-disk-encryption-02" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-02-300x137.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-02.png" class="aligncenter size-full wp-image-5426" src="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-02.png" alt="" width="498" height="227" srcset="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-02.png 498w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-02-300x137.png 300w" sizes="(max-width: 498px) 100vw, 498px" /></a></p>
  237. <p style="padding-left: 30px;"><strong>Step 4</strong>: On the <strong>Create Key Vault</strong> blade, enter name of the new key vault under <strong>Name</strong></p>
  238. <p style="padding-left: 30px;"><strong>Step 5</strong>: Select your subscription under <strong>Subscription</strong></p>
  239. <p style="padding-left: 30px;"><strong>Step 6</strong>: Select <strong>Use existing</strong> under <strong>Resource Group</strong> setting. Select<strong> did-infra-rg</strong> from the drop-down list. did-infra-rg is the resource group which I created before purposely for grouping all Azure components related to network infrastructure (e.g. virtual network, application gateway&#8230;).</p>
  240. <p style="padding-left: 30px;"><strong>Step 7</strong>: Select your location under <strong>Location.</strong></p>
  241. <p><a href="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-03.png"><img data-attachment-id="5427" data-permalink="http://thuansoldier.net/?attachment_id=5427" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-03.png" data-orig-size="474,467" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="azure-disk-encryption-03" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-03-300x296.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-03.png" class="aligncenter size-full wp-image-5427" src="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-03.png" alt="" width="474" height="467" srcset="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-03.png 474w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-03-300x296.png 300w" sizes="(max-width: 474px) 100vw, 474px" /></a></p>
  242. <p style="padding-left: 30px;"><strong>Step 8</strong>:Keep <strong>Pricing</strong> <strong>tier</strong> setting by default with <strong>Standard</strong></p>
  243. <p style="padding-left: 30px;"><strong>Step 9</strong>: Click <strong>Access</strong> <strong>policies</strong> to specify who to manage key vault.</p>
  244. <p style="padding-left: 30px;"><strong>Step 10</strong>: On the <strong>Access</strong> <strong>policies</strong> blade, choose the user you want.</p>
  245. <p style="padding-left: 30px;"><strong>Step 11</strong>: On the permission blade, select <strong>Key, secret, &amp; Certificate Management</strong> under <strong>Configure from template (optional)</strong></p>
  246. <p style="padding-left: 30px;"><strong>Step 12</strong>: Click <strong>OK</strong>.</p>
  247. <p><a href="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-04.png"><img data-attachment-id="5428" data-permalink="http://thuansoldier.net/?attachment_id=5428" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-04.png" data-orig-size="949,523" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="azure-disk-encryption-04" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-04-300x165.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-04.png" class="aligncenter size-full wp-image-5428" src="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-04.png" alt="" width="949" height="523" srcset="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-04.png 949w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-04-300x165.png 300w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-04-768x423.png 768w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-04-552x304.png 552w" sizes="(max-width: 949px) 100vw, 949px" /></a></p>
  248. <p style="padding-left: 30px;"><strong>Step 13</strong>: Click <strong>Advanced access policy</strong> On the <strong>Advanced access policy</strong> blade, select three options.</p>
  249. <p style="padding-left: 30px;"><strong>Step 14</strong>: Click <strong>OK</strong>.</p>
  250. <p><a href="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-05.png"><img data-attachment-id="5429" data-permalink="http://thuansoldier.net/?attachment_id=5429" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-05.png" data-orig-size="477,376" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="azure-disk-encryption-05" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-05-300x236.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-05.png" class="aligncenter size-full wp-image-5429" src="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-05.png" alt="" width="477" height="376" srcset="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-05.png 477w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-05-300x236.png 300w" sizes="(max-width: 477px) 100vw, 477px" /></a></p>
  251. <p style="padding-left: 30px;"><strong>Step 15</strong>: Click <strong>Create</strong>.</p>
  252. <p style="padding-left: 30px;"><strong>Step 16</strong>: Wait a few minutes until the creation process is completed.</p>
  253. <p><a href="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-06.png"><img data-attachment-id="5430" data-permalink="http://thuansoldier.net/?attachment_id=5430" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-06.png" data-orig-size="516,133" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="azure-disk-encryption-06" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-06-300x77.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-06.png" class="aligncenter size-full wp-image-5430" src="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-06.png" alt="" width="516" height="133" srcset="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-06.png 516w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-06-300x77.png 300w" sizes="(max-width: 516px) 100vw, 516px" /></a></p>
  254. <p style="padding-left: 30px;"><strong>Step 17</strong>:Open PowerShell ISE and run <strong>Login-AzureRM</strong> to log into your Azure. You are prompted to provide Azure subscription account.</p>
  255. <p><a href="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-07.png"><img data-attachment-id="5431" data-permalink="http://thuansoldier.net/?attachment_id=5431" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-07.png" data-orig-size="609,586" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="azure-disk-encryption-07" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-07-300x289.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-07.png" class="aligncenter size-full wp-image-5431" src="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-07.png" alt="" width="609" height="586" srcset="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-07.png 609w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-07-300x289.png 300w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-07-552x531.png 552w" sizes="(max-width: 609px) 100vw, 609px" /></a></p>
  256. <p style="padding-left: 30px;"><strong>Step 18</strong>: Make sure PowerShell returns your Azure information before you move on.</p>
  257. <p><a href="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-08.png"><img data-attachment-id="5432" data-permalink="http://thuansoldier.net/?attachment_id=5432" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-08.png" data-orig-size="677,186" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="azure-disk-encryption-08" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-08-300x82.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-08.png" class="aligncenter size-full wp-image-5432" src="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-08.png" alt="" width="677" height="186" srcset="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-08.png 677w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-08-300x82.png 300w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-08-552x152.png 552w" sizes="(max-width: 677px) 100vw, 677px" /></a></p>
  258. <p style="padding-left: 30px;"><strong>Step 19</strong>: Open the Azure Disk Encryption Prerequisite file provided by Microsoft from <a href="https://raw.githubusercontent.com/Azure/azure-powershell/master/src/ResourceManager/Compute/Commands.Compute/Extension/AzureDiskEncryption/Scripts/AzureDiskEncryptionPreRequisiteSetup.ps1" target="_blank" rel="noopener">here. </a>Copy the code and paste into PowerShell ISE.</p>
  259. <p style="padding-left: 30px;"><strong>Step 20</strong>: The PowerShell asks you several information including key vault information you created from the beginning.</p>
  260. <p style="padding-left: 30px;"><strong>Step 21</strong>: Copy <strong>addClientID</strong>, <strong>addClientSecret</strong>, <strong>diskEncryptionKeyVaultUrl</strong>, <strong>keyVaultResourceId </strong>from the PowerShell screen into a NotePad file before you press <strong>Enter</strong>.</p>
  261. <p><a href="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-09.png"><img data-attachment-id="5435" data-permalink="http://thuansoldier.net/?attachment_id=5435" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-09.png" data-orig-size="1690,337" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="azure-disk-encryption-09" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-09-300x60.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-09-1024x204.png" class="aligncenter size-full wp-image-5435" src="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-09.png" alt="" width="1690" height="337" srcset="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-09.png 1690w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-09-300x60.png 300w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-09-768x153.png 768w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-09-1024x204.png 1024w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-09-1140x227.png 1140w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-09-552x110.png 552w" sizes="(max-width: 1690px) 100vw, 1690px" /></a></p>
  262. <p style="padding-left: 30px;"><strong>Step 22</strong>: Copy the following PowerShell code snipping with correct value you copied, including virtual machine name and resource group that the virtual machine you need to encrypt its disks.</p>
  263. <pre class="brush: csharp; title: ; notranslate">
  264. $vmName = 'did-ad-vm'
  265. $resourceGroupName = 'did-ad-rg'
  266. $aadClientID = '9fc8a638-a495-43e9-b951-aa7b9109836c'
  267. $aadClientSecret = '045d7535-3c58-4c28-acd9-064a12f09134'
  268. $diskEncryptionKeyVaultUrl = 'https://did-keyvault.vault.azure.net/'
  269. $keyVaultResourceId = '/subscriptions/2dd8cb59-ed12-4755-a2bc-356c212fbafc/resourceGroups/did-infra-rg/providers/Microsoft.KeyVault/vaults/did-keyvault'
  270. Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $resourceGroupName -VMName $vmName -AadClientID $aadClientID -AadClientSecret $aadClientSecret -DiskEncryptionKeyVaultUrl $diskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $keyVaultResourceId
  271. </pre>
  272. <p style="padding-left: 30px;"><strong>Step 23</strong>: You are asked to confirm to encrypt the disk on the target virtual machine. Click <strong>Yes</strong>.<a href="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-10.png"><img data-attachment-id="5436" data-permalink="http://thuansoldier.net/?attachment_id=5436" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-10.png" data-orig-size="1589,174" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="azure-disk-encryption-10" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-10-300x33.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-10-1024x112.png" class="aligncenter size-full wp-image-5436" src="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-10.png" alt="" width="1589" height="174" srcset="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-10.png 1589w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-10-300x33.png 300w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-10-768x84.png 768w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-10-1024x112.png 1024w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-10-1140x125.png 1140w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-10-552x60.png 552w" sizes="(max-width: 1589px) 100vw, 1589px" /></a></p>
  273. <p style="padding-left: 30px;"><strong>Step 24</strong>: Wait around 10-15 minutes until the encryption process is completed.</p>
  274. <p style="padding-left: 30px;"><strong>Step 25</strong>: You can verify by checking encryption status in <strong>DISK ENCRYPTION</strong></p>
  275. <p><a href="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-11.png"><img data-attachment-id="5437" data-permalink="http://thuansoldier.net/?attachment_id=5437" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-11.png" data-orig-size="885,97" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="azure-disk-encryption-11" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-11-300x33.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-11.png" class="aligncenter size-full wp-image-5437" src="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-11.png" alt="" width="885" height="97" srcset="http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-11.png 885w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-11-300x33.png 300w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-11-768x84.png 768w, http://thuansoldier.net/wp-content/uploads/2017/06/azure-disk-encryption-11-552x61.png 552w" sizes="(max-width: 885px) 100vw, 885px" /></a></p>
  276. <p>Now you have completed this lab.</p>
  277. <h3><span style="color: #ff6600;"><strong>Additional references</strong></span></h3>
  278. <p>Here are some additional references that might be helpful:</p>
  279. <ul>
  280. <li><a href="https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption" target="_blank" rel="noopener">Azure Disk Encryption for Windows and Linux IaaS VMs</a></li>
  281. <li><a href="https://docs.microsoft.com/en-us/azure/key-vault/key-vault-whatis" target="_blank" rel="noopener">What is Azure Key Vault?</a></li>
  282. </ul>
  283. ]]></content:encoded>
  284. <wfw:commentRss>http://thuansoldier.net/?feed=rss2&#038;p=5421</wfw:commentRss>
  285. <slash:comments>0</slash:comments>
  286. <post-id xmlns="com-wordpress:feed-additions:1">5421</post-id> </item>
  287. <item>
  288. <title>SharePoint Online missing Search template</title>
  289. <link>http://thuansoldier.net/?p=5408</link>
  290. <comments>http://thuansoldier.net/?p=5408#comments</comments>
  291. <pubDate>Thu, 08 Jun 2017 02:30:16 +0000</pubDate>
  292. <dc:creator><![CDATA[Thuan Soldier]]></dc:creator>
  293. <category><![CDATA[Office 365]]></category>
  294. <category><![CDATA[search template missing]]></category>
  295. <category><![CDATA[sharepoint online]]></category>
  296.  
  297. <guid isPermaLink="false">http://thuansoldier.net/?p=5408</guid>
  298. <description><![CDATA[Troubleshooting in a modern Software-As-A-Service (SaaS) like SharePoint Online is not my interest. Last week I had a customer who...]]></description>
  299. <content:encoded><![CDATA[<p>Troubleshooting in a modern Software-As-A-Service (SaaS) like SharePoint Online is not my interest. Last week I had a customer who asked to look into an out-of-the-box Search problem in SharePoint Online. When searching on the search box, SharePoint Online throws out the message below:</p>
  300. <p>&#8220;<em>Display Error: The display template had an error. You can correct it by fixing the template or by changing the display template used in either the Web Part properties or Result Types.</em></p>
  301. <p><em>Template &#8216;~sitecollection/_catalogs/masterpage/Display Templates/Search/Control_SearchBox.js&#8217; not found or has syntax errors. (LoadTemplate: )</em>&#8221;</p>
  302. <p><a href="http://thuansoldier.net/wp-content/uploads/2017/06/search_error.png"><img data-attachment-id="5409" data-permalink="http://thuansoldier.net/?attachment_id=5409" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/06/search_error.png" data-orig-size="1586,580" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="search_error" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/06/search_error-300x110.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/06/search_error-1024x374.png" class="aligncenter size-full wp-image-5409" src="http://thuansoldier.net/wp-content/uploads/2017/06/search_error.png" alt="" width="1586" height="580" srcset="http://thuansoldier.net/wp-content/uploads/2017/06/search_error.png 1586w, http://thuansoldier.net/wp-content/uploads/2017/06/search_error-300x110.png 300w, http://thuansoldier.net/wp-content/uploads/2017/06/search_error-768x281.png 768w, http://thuansoldier.net/wp-content/uploads/2017/06/search_error-1024x374.png 1024w, http://thuansoldier.net/wp-content/uploads/2017/06/search_error-1140x417.png 1140w, http://thuansoldier.net/wp-content/uploads/2017/06/search_error-552x202.png 552w" sizes="(max-width: 1586px) 100vw, 1586px" /></a></p>
  303. <p>The error seems to indicate that SharePoint Online does not reach to call built-in Search JavaScript files in Display Template folder. The very first thing to do is verify if Display Template is still in <strong>Master Page Gallery</strong> library (<strong>Site Settings</strong> &gt; <strong>Master pages and page layouts</strong>). Unfortunately it was not there. I remembered the <strong>Search Server Web Parts and Templates</strong> feature in which Microsoft describes that if we see missing template error, activate the feature.</p>
  304. <p>After a few times trying to activate and deactivate with the hope that the Display Template would be automatically provisioned, but no luck.</p>
  305. <p><a href="http://thuansoldier.net/wp-content/uploads/2017/06/search_sv_webpart.png"><img data-attachment-id="5413" data-permalink="http://thuansoldier.net/?attachment_id=5413" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/06/search_sv_webpart.png" data-orig-size="950,120" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="search_sv_webpart" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/06/search_sv_webpart-300x38.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/06/search_sv_webpart.png" class="aligncenter size-full wp-image-5413" src="http://thuansoldier.net/wp-content/uploads/2017/06/search_sv_webpart.png" alt="" width="950" height="120" srcset="http://thuansoldier.net/wp-content/uploads/2017/06/search_sv_webpart.png 950w, http://thuansoldier.net/wp-content/uploads/2017/06/search_sv_webpart-300x38.png 300w, http://thuansoldier.net/wp-content/uploads/2017/06/search_sv_webpart-768x97.png 768w, http://thuansoldier.net/wp-content/uploads/2017/06/search_sv_webpart-552x70.png 552w" sizes="(max-width: 950px) 100vw, 950px" /></a><br />
  306. I came to the decision to copy the Display Templates folder in a newly created site collection to the missing one. Firstly, I connected to my site collection using SharePoint Designer. I then created a new folder in the path (<strong>site collection</strong> &gt; <strong>All Files</strong> &gt; <strong>_catalogs</strong> &gt;<strong>masterpage</strong>) named <strong>Display Templates</strong>. During the copy, SharePoint Designer responded to me there was a conflict because Display Templates still existed in the masterpage folder. I checked every language pack folder and finally found it. The last step was to move it to the masterpage folder and try to search again.</p>
  307. <p>Perhaps someone accidentally dragged Display Templates folder into a language pack folder when working with SharePoint Designer that SharePoint Online was not able to locate correctly. This is a real-world experience of troubleshooting. This post would be helpful at least if you are in the urgent situation troubleshooting SharePoint Online.</p>
  308. ]]></content:encoded>
  309. <wfw:commentRss>http://thuansoldier.net/?feed=rss2&#038;p=5408</wfw:commentRss>
  310. <slash:comments>1</slash:comments>
  311. <post-id xmlns="com-wordpress:feed-additions:1">5408</post-id> </item>
  312. <item>
  313. <title>DMZ Implementation on Microsoft Azure</title>
  314. <link>http://thuansoldier.net/?p=5387</link>
  315. <comments>http://thuansoldier.net/?p=5387#respond</comments>
  316. <pubDate>Tue, 06 Jun 2017 01:52:38 +0000</pubDate>
  317. <dc:creator><![CDATA[Thuan Soldier]]></dc:creator>
  318. <category><![CDATA[CyberSecurity]]></category>
  319. <category><![CDATA[Microsoft Azure]]></category>
  320. <category><![CDATA[azure dmz]]></category>
  321. <category><![CDATA[azure network security group]]></category>
  322. <category><![CDATA[azure security]]></category>
  323. <category><![CDATA[cloud security]]></category>
  324. <category><![CDATA[iaas security]]></category>
  325.  
  326. <guid isPermaLink="false">http://thuansoldier.net/?p=5387</guid>
  327. <description><![CDATA[When it comes to network defense, demilitarized zone (DMZ) is thought of first. What is so-called demilitarized zone? Is it...]]></description>
  328. <content:encoded><![CDATA[<p>When it comes to network defense, demilitarized zone (DMZ) is thought of first. What is so-called demilitarized zone? Is it a very sensitive military zone you should not step into?</p>
  329. <p>In the field of security, DMZ is a separate zone which is not associated to a private or trusted network. It simply stands alone to isolate from your private network to untrusted network. It is difficult to measure the level of trust. Untrusted network is the one which you have very low trust. Where? The answer is Internet. Why? You do not know exactly who has access to your system because when exposing to the Internet (e.g. internet-facing website), the access is considered anonymously. Internet is not the only untrusted network. DMZ can be used in the case you do not want to expose your private network to any other network.</p>
  330. <blockquote><p>If you want to learn advanced Azure IaaS Defense in Depth with lot of hands-on labs to practice, go pre-order my upcoming book <a href="http://amzn.com/B07117YWFZ" target="_blank" rel="noopener noreferrer">here</a></p></blockquote>
  331. <p>Let’s bring an example in which your web front-end server needs to call to an API to query up-to-date stock data from an internet-facing website. Without defense in depth in mind, the design is straightforward. The web front-end server can directly talk to the Internet to query data and web visitor can send a request directly to the web front-end server.</p>
  332. <p><a href="http://thuansoldier.net/wp-content/uploads/2017/06/dmz-azure-01.png"><img data-attachment-id="5388" data-permalink="http://thuansoldier.net/?attachment_id=5388" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/06/dmz-azure-01.png" data-orig-size="536,370" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="dmz-azure-01" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/06/dmz-azure-01-300x207.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/06/dmz-azure-01.png" class="aligncenter size-full wp-image-5388" src="http://thuansoldier.net/wp-content/uploads/2017/06/dmz-azure-01.png" alt="" width="536" height="370" srcset="http://thuansoldier.net/wp-content/uploads/2017/06/dmz-azure-01.png 536w, http://thuansoldier.net/wp-content/uploads/2017/06/dmz-azure-01-300x207.png 300w" sizes="(max-width: 536px) 100vw, 536px" /></a></p>
  333. <p>You are not wrong with this design. However, this design has a security breach. An attacker from the Internet has chances to attack to your web front-end server. If he successfully gets in, the other servers would be potentially compromised by his local attack inside the same private network.</p>
  334. <p>When we consider defense in depth, we should not allow private network to directly communicate with the Internet although the web front-end server needs to have Internet-bound traffic to the stock API. A practical approach is to prepare an external network which separates from the private network. In the external network, we place another server whose capability to forward HTTP request or synchronize data to the web front-end server. With this design below, the web front-end server is no longer responsible for querying stock data. Instead, the Internet-facing server is.</p>
  335. <p><a href="http://thuansoldier.net/wp-content/uploads/2017/06/dmz-azure-0.png"><img data-attachment-id="5389" data-permalink="http://thuansoldier.net/?attachment_id=5389" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/06/dmz-azure-0.png" data-orig-size="538,489" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="dmz-azure-0" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/06/dmz-azure-0-300x273.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/06/dmz-azure-0.png" class="aligncenter size-full wp-image-5389" src="http://thuansoldier.net/wp-content/uploads/2017/06/dmz-azure-0.png" alt="" width="538" height="489" srcset="http://thuansoldier.net/wp-content/uploads/2017/06/dmz-azure-0.png 538w, http://thuansoldier.net/wp-content/uploads/2017/06/dmz-azure-0-300x273.png 300w" sizes="(max-width: 538px) 100vw, 538px" /></a></p>
  336. <p>Why do we think this design a DMZ practice? Private network should only be private by its name, as always. When considering private, only authorized and monitored access are allowed. If you let your web front-end server go to the Internet, how do you control anonymous access to the server? The internet-facing server in the DMZ design is an extra layer to communicate with the stock API.</p>
  337. <p>The internet-facing server in the above design is often a firewall facing with the Internet. In fundamental security courses, you are taught that DMZ is a network segment between two firewalls. One faces with the Internet and another one faces with the private network.</p>
  338. <p><a href="http://thuansoldier.net/wp-content/uploads/2017/06/dmz-azure-02.png"><img data-attachment-id="5390" data-permalink="http://thuansoldier.net/?attachment_id=5390" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/06/dmz-azure-02.png" data-orig-size="538,496" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="dmz-azure-02" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/06/dmz-azure-02-300x277.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/06/dmz-azure-02.png" class="aligncenter size-full wp-image-5390" src="http://thuansoldier.net/wp-content/uploads/2017/06/dmz-azure-02.png" alt="" width="538" height="496" srcset="http://thuansoldier.net/wp-content/uploads/2017/06/dmz-azure-02.png 538w, http://thuansoldier.net/wp-content/uploads/2017/06/dmz-azure-02-300x277.png 300w" sizes="(max-width: 538px) 100vw, 538px" /></a></p>
  339. <p>Can Azure Virtual Network provide the ability to build a DMZ architecture? It can absolutely. <a href="http://thuansoldier.net/?p=5355" target="_blank" rel="noopener noreferrer">Purchase my upcoming book</a> to get access to full hands-on lab on building a DMZ on Microsoft Azure with the sample of SharePoint farm deployment.</p>
  340. ]]></content:encoded>
  341. <wfw:commentRss>http://thuansoldier.net/?feed=rss2&#038;p=5387</wfw:commentRss>
  342. <slash:comments>0</slash:comments>
  343. <post-id xmlns="com-wordpress:feed-additions:1">5387</post-id> </item>
  344. <item>
  345. <title>Brute-force attack mitigation on Microsoft Azure</title>
  346. <link>http://thuansoldier.net/?p=5381</link>
  347. <comments>http://thuansoldier.net/?p=5381#respond</comments>
  348. <pubDate>Mon, 05 Jun 2017 01:48:34 +0000</pubDate>
  349. <dc:creator><![CDATA[Thuan Soldier]]></dc:creator>
  350. <category><![CDATA[Microsoft Azure]]></category>
  351. <category><![CDATA[azure identity monitoring]]></category>
  352. <category><![CDATA[azure security]]></category>
  353. <category><![CDATA[brute-force attack]]></category>
  354. <category><![CDATA[cloud security]]></category>
  355. <category><![CDATA[point-to-size vpn]]></category>
  356.  
  357. <guid isPermaLink="false">http://thuansoldier.net/?p=5381</guid>
  358. <description><![CDATA[Brute-force attack is simply to continuously attempt to discover your password by combining all possible passwords it can guess. That said,...]]></description>
  359. <content:encoded><![CDATA[<p>Brute-force attack is simply to continuously attempt to discover your password by combining all possible passwords it can guess. That said, human can guess a password by trying to brainstorm all possibilities such as birthday, girlfriend name, a memorable location or even a combination of birthday and full name. The problem is that our brain cannot come up with a million of guesses and type the guessed password into the login form. Unless you are so-called a time-billionaire. With a tool, it can guess and automatically fill into the login form. Whenever it receives a message like &#8220;<strong>Successful login</strong>&#8221; it will stop the guessing process.</p>
  360. <blockquote><p>This article is not going to purposely show you how to perform a brute-force attack. You can find many sample scripts and tools over the Internet.</p></blockquote>
  361. <p>Attackers often choose brute-force technique because it&#8217;s exploited against security unawareness of human. People tend to pick a simple password (sometimes I did too in order to quickly get into a system) that can be easily guessed. A few common ones include &#8220;<em>12345678</em>&#8220;, &#8220;<em>[email protected]</em>&#8220;, &#8220;<em>iloveyou</em>&#8220;. They even keep the password by default that we see almost from setting up a new router. They don&#8217;t mind to change to different password.</p>
  362. <blockquote><p>If you want to learn advanced Azure IaaS Defense in Depth with lot of hands-on labs to practice, go pre-order my upcoming book <a href="http://amzn.com/B07117YWFZ" target="_blank" rel="noopener noreferrer">here</a></p></blockquote>
  363. <p>While setting up a simple password is a bad behavior, this results to huge security incident which damages to your business. Imagine your salesman&#8217;s password is compromised to a bad guy, he can access to download all financial and sales report which can be sold to different competitor. Or simple password set by an administrator can allows attacker to perform an attack to try to RDP to virtual machine. Recently a colleague of mine used a simple password to work on Amazon AWS virtual machine via SSH. The attacker managed to grab the password after his brute-force attempt. As a result, he successfully logged into the virtual machine and uploaded the bash shell for further exploitation.</p>
  364. <h3><span style="color: #ff6600;"><strong>Secure RDP</strong></span></h3>
  365. <p>Normally when managing a virtual machine, an administrator uses Remote Desktop Protocol (for Windows) or SSH (for Linux) to remotely connect. The problem we have seen with these types of protocols is that attackers can use brute-force techniques to try to guess the password. As mentioned in my principle of security awareness, if password does not meet complexity level, it can be easily guessed. And you have heard of millions of pawned passwords, haven’t you? To establish a secure remote connection more than just direct remote desktop protocol, you should consider disabling public IP address (if you do not need it), then using one of the following ways:</p>
  366. <ul>
  367. <li>Point-to-site VPN</li>
  368. <li>Site-to-site VPN</li>
  369. <li>ExpressRoute</li>
  370. </ul>
  371. <p>Point-to-site VPN and Site-to-site VPN are Azure VPN Gateway options typically for hybrid deployment. Point-to-site VPN requires a client certificate before you can connect to your private virtual network. It is considered a multi-authentication from network layer.</p>
  372. <p><a href="http://thuansoldier.net/wp-content/uploads/2017/06/secure_rdp.png"><img data-attachment-id="5382" data-permalink="http://thuansoldier.net/?attachment_id=5382" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/06/secure_rdp.png" data-orig-size="595,445" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="secure_rdp" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/06/secure_rdp-300x224.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/06/secure_rdp.png" class="aligncenter size-full wp-image-5382" src="http://thuansoldier.net/wp-content/uploads/2017/06/secure_rdp.png" alt="" width="595" height="445" srcset="http://thuansoldier.net/wp-content/uploads/2017/06/secure_rdp.png 595w, http://thuansoldier.net/wp-content/uploads/2017/06/secure_rdp-300x224.png 300w" sizes="(max-width: 595px) 100vw, 595px" /></a></p>
  373. <p>The illustration above shows you the <a href="http://thuansoldier.net/?p=5170" target="_blank" rel="noopener noreferrer">Point-to-site VPN setup</a> to secure the remote from the administration PC to Microsoft Azure hosted system. After the administration keys in his password, he can use RDP to connect to the virtual machines. Twice authentication does strengthen your security.</p>
  374. <p>There can be a jump server which adds an extra hop before you have access to your virtual machines in the virtual network. The administrator must remotely connect to the jump server first. From this jump server, he must remotely connect to virtual machines with RDP.</p>
  375. <blockquote><p>In many cases, people are unaware of securing this jump server. They consider it just a jump server without hardening. Thus, this server is easily compromised. Make sure the jump server is always included in your hardening plan.</p></blockquote>
  376. <h3><span style="color: #ff6600;"><strong>DMZ Implementation</strong></span></h3>
  377. <p><a href="http://thuansoldier.net/?p=5387" target="_blank" rel="noopener noreferrer">DMZ implementation</a> can be an approach to securing your virtual machine. If you do not expose your virtual machine to the Internet, attackers cannot perform a brute-force attack against the RDP. He has to perform escalation technique to try to exploit the external network first. This is how we call the discouragement of attack in defense in depth.</p>
  378. <p>You should combine with Azure Network Security to not allow inbound network traffic on port 3389 from the Internet.</p>
  379. <h3><strong><span style="color: #ff6600;">Password Complexity</span></strong></h3>
  380. <p>Brute-force attack targets to simple password. Hence, if password complexity is applied we are going to have more good feeling on this stuff. We can enable password complexity and force people to use it. The article <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-passwords-policy" target="_blank" rel="noopener noreferrer">here </a>provided by Microsoft shows you the password complexity requirements for accounts stored in Azure Active Directory.</p>
  381. <h3><strong><span style="color: #ff6600;">Azure Active Directory Lockout Policy</span></strong></h3>
  382. <p>Lockout policy is considered one of acceptable practices to mitigate brute-force attack. Unfortunately, right now the default value of attempt is 10 and you cannot modify it.</p>
  383. <p>From this <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-passwords-policy" target="_blank" rel="noopener noreferrer">source</a> we know that after 10 unsuccessful sign-in attempts (wrong password), the user will be locked out for one minute. Further incorrect sign-in attempts will lock out the user for increasing duration.</p>
  384. <p>However, it the attacker knows the lockout policy, he can make a denial-of-service on lockout service for group of accounts. In this case, targeted accounts are locked. The unavailability is also considered part of a successful attack. In the SharePoint case, if the service account is known, the attacker can take down the entirely SharePoint farm by just trying as enough attempts as the lockout policy is applied. OWASP already listed out the disadvantages of lockout approach <a href="https://www.owasp.org/index.php/Blocking_Brute_Force_Attacks" target="_blank" rel="noopener noreferrer">here</a></p>
  385. <h3><strong><span style="color: #ff6600;">Enable Multi-factor Authentication</span></strong></h3>
  386. <p>Another approach is to <a href="http://thuansoldier.net/?p=5002" target="_blank" rel="noopener noreferrer">enable multi-factor authentication</a> to mitigate brute-force attack. Even when password is successfully guessed, the attack cannot get into the system without being successfully authenticated at the second authentication</p>
  387. <p>Consider that business users really hate security policy. They seem not to worry about security breach loss. But if you ask them to be authenticated one more time, they would blame you. They are not comfortable when having to enter passwords many times. We all know that so consider that multi-factor authentication enforcement can potentially affect user experience. But if the loss is huge then there is no reason not to enforce.</p>
  388. <h3><strong><span style="color: #ff6600;">Identity Monitoring</span></strong></h3>
  389. <p>When you centralize your identity in Microsoft Azure, your team is given access to different Azure resources. In this case, you need to monitor and manage them. With Azure Active Directory Premium, you take fully advantages of building a risk-based policy to automatically protect identities. These can include:</p>
  390. <ul>
  391. <li>Leaked credentials</li>
  392. <li>Impossible travel to atypical locations</li>
  393. <li>Sign-ins from infected devices</li>
  394. <li>Sign-sin from anonymous IP addresses</li>
  395. <li>Sign-ins from IP addresses with suspicious activity</li>
  396. <li>Signs in from unfamiliar locations</li>
  397. </ul>
  398. <p><a href="http://thuansoldier.net/wp-content/uploads/2017/06/identity_monitoring.png"><img data-attachment-id="5383" data-permalink="http://thuansoldier.net/?attachment_id=5383" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/06/identity_monitoring.png" data-orig-size="847,783" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="identity_monitoring" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/06/identity_monitoring-300x277.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/06/identity_monitoring.png" class="aligncenter wp-image-5383" src="http://thuansoldier.net/wp-content/uploads/2017/06/identity_monitoring.png" alt="" width="583" height="539" srcset="http://thuansoldier.net/wp-content/uploads/2017/06/identity_monitoring.png 847w, http://thuansoldier.net/wp-content/uploads/2017/06/identity_monitoring-300x277.png 300w, http://thuansoldier.net/wp-content/uploads/2017/06/identity_monitoring-768x710.png 768w" sizes="(max-width: 583px) 100vw, 583px" /></a></p>
  399. <p>More information about these capabilities, read here <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-identityprotection">https://docs.microsoft.com/en-us/azure/active-directory/active-directory-identityprotection</a></p>
  400. <h3><span style="color: #ff6600;"><strong>Conditional Access Policy</strong></span></h3>
  401. <p><a href="http://thuansoldier.net/?p=5002" target="_blank" rel="noopener noreferrer">Conditional access policy</a> in Azure Active Directory Premium allows you to control access based on policy. Although this is not related to brute-force attack, it can be a good choice to monitoring your identity and forcing corporate identities to be authenticated by your own policies. Attacker without knowing policies cannot make a successful attack.</p>
  402. <p>There are four conditions:</p>
  403. <ul>
  404. <li>Device</li>
  405. <li>Sign-in</li>
  406. <li>Location</li>
  407. <li>Client App</li>
  408. </ul>
  409. <p>Each condition provides a scope to apply. For example, with device policy you can choose to set the login from a specific device platform such as iOS, Android. Or from a location you can set a trusted IP addresses. This does help to block attacker&#8217;s IP address when he tries to discover and log into from his location.</p>
  410. <h3><strong><span style="color: #ff6600;">Conclusion </span></strong></h3>
  411. <p>Brute-force attack is not new, but this is a common used technique because human mistake happens all the time. One solution cannot address all problems like we very often say that security is not a silver bullet. To prevent brute-force attack, you must combine all possible solutions.</p>
  412. <p>Azure Security Center can help detect brute-force attack with its Detection capability. However, as of this writing the Detection capability has not been shifted to Azure Active Directory. You can still beneficial from the RDP Brute-force detection for your Azure virtual machine.</p>
  413. ]]></content:encoded>
  414. <wfw:commentRss>http://thuansoldier.net/?feed=rss2&#038;p=5381</wfw:commentRss>
  415. <slash:comments>0</slash:comments>
  416. <post-id xmlns="com-wordpress:feed-additions:1">5381</post-id> </item>
  417. <item>
  418. <title>My upcoming book about Azure IaaS Defense in Depth</title>
  419. <link>http://thuansoldier.net/?p=5355</link>
  420. <comments>http://thuansoldier.net/?p=5355#respond</comments>
  421. <pubDate>Mon, 29 May 2017 05:05:00 +0000</pubDate>
  422. <dc:creator><![CDATA[Thuan Soldier]]></dc:creator>
  423. <category><![CDATA[Microsoft Azure]]></category>
  424. <category><![CDATA[azure security]]></category>
  425. <category><![CDATA[cloud security]]></category>
  426. <category><![CDATA[iaas security]]></category>
  427.  
  428. <guid isPermaLink="false">http://thuansoldier.net/?p=5355</guid>
  429. <description><![CDATA[If you are an avid reader of my blog, you may realize that every recent article related to Azure IaaS...]]></description>
  430. <content:encoded><![CDATA[<p>If you are an avid reader of my blog, you may realize that every recent article related to <a href="http://thuansoldier.net/?tag=azure-security" target="_blank" rel="noopener noreferrer">Azure IaaS security</a> these days includes an introduction of my upcoming book titled &#8220;<a href="https://www.amazon.com/dp/B07117YWFZ/ref=cm_sw_su_dp" target="_blank" rel="noopener noreferrer">Microsoft Azure IaaS Defense in Depth Guide</a>&#8220;. This book will cover common security design consideration and guidance on how to apply defense in depth strategy to your system hosted on Microsoft Azure IaaS. You will also learn number of different security practices along with Microsoft Azure built-in features to prevent common attacks (e.g. brute-force attack, DDoS, surface attack). It is not only written for the audience of Azure IT Pro, but also for anyone who is going to move or deploy an infrastructure onto Microsoft Azure. This book will also provide you a serial hands-on lab on building a production-like protected SharePoint Server 2013 farm on Microsoft Azure which can be beneficial to absolute beginner in order to quickly adopt Azure IaaS knowledge before taking off with Microsoft Azure journey.</p>
  431. <p><a href="http://thuansoldier.net/wp-content/uploads/2017/05/book01.png"><img data-attachment-id="5371" data-permalink="http://thuansoldier.net/?attachment_id=5371" data-orig-file="http://thuansoldier.net/wp-content/uploads/2017/05/book01.png" data-orig-size="1345,547" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="book01" data-image-description="" data-medium-file="http://thuansoldier.net/wp-content/uploads/2017/05/book01-300x122.png" data-large-file="http://thuansoldier.net/wp-content/uploads/2017/05/book01-1024x416.png" class="aligncenter size-full wp-image-5371" src="http://thuansoldier.net/wp-content/uploads/2017/05/book01.png" alt="" width="1345" height="547" srcset="http://thuansoldier.net/wp-content/uploads/2017/05/book01.png 1345w, http://thuansoldier.net/wp-content/uploads/2017/05/book01-300x122.png 300w, http://thuansoldier.net/wp-content/uploads/2017/05/book01-768x312.png 768w, http://thuansoldier.net/wp-content/uploads/2017/05/book01-1024x416.png 1024w" sizes="(max-width: 1345px) 100vw, 1345px" /></a></p>
  432. <blockquote><p>On this day 6 years ago, my loving dad sadly passed away. That&#8217;s the reason why I decided to choose this day to announce the book. This book is dedicated to him who gave me so much of inspiration and motivation to pursue my passion and live my life. It&#8217;s hard to express how things have been going on since then.</p></blockquote>
  433. <p>This book <a href="https://www.amazon.com/dp/B07117YWFZ/ref=cm_sw_su_dp" target="_blank" rel="noopener noreferrer">can be pre-ordered</a> currently with only 9.99 USD. It will be automatically delivered on your Kindle on June 15, 2017 which is my 27th birthday. Once you read the book then you do not think it is helpful, I will refund back to you within 30 days.</p>
  434. <p>Initially this book is released in form of Kindle format which you can read on <a href="https://www.amazon.com/Amazon-Fire-Tablet-Family/b?ie=UTF8&amp;node=6669703011" target="_blank" rel="noopener noreferrer">Kindle devices</a>. I use Kindle Direct Publishing service provided by Amazon to publish the book on Amazon website. I have not decided yet the paperback edition, but this would be over <a href="https://www.createspace.com/" target="_blank" rel="noopener noreferrer">CreateSpace</a>. Follow my blog to get up-to-date information regarding the paperback edition.</p>
  435. ]]></content:encoded>
  436. <wfw:commentRss>http://thuansoldier.net/?feed=rss2&#038;p=5355</wfw:commentRss>
  437. <slash:comments>0</slash:comments>
  438. <post-id xmlns="com-wordpress:feed-additions:1">5355</post-id> </item>
  439. </channel>
  440. </rss>
  441.  

If you would like to create a banner that links to this page (i.e. this validation result), do the following:

  1. Download the "valid RSS" banner.

  2. Upload the image to your own server. (This step is important. Please do not link directly to the image on this server.)

  3. Add this HTML to your page (change the image src attribute if necessary):

If you would like to create a text link instead, here is the URL you can use:

http://www.feedvalidator.org/check.cgi?url=http%3A//thuansoldier.net/%3Ffeed%3Drss2

Copyright © 2002-9 Sam Ruby, Mark Pilgrim, Joseph Walton, and Phil Ringnalda