Azure Architecture Series: Services Architecture Reference Model

I am writing this to provide Azure services architecture as the start of Azure Architecture series. The intention is purely educational, please ensure to engage Microsoft or professional consulting services for your environment and use cases. On top of that, Microsoft has provided various reference architecture from the official site.  This model provides a model … Continue reading Azure Architecture Series: Services Architecture Reference Model

Industry 4.0 – Building Digital Ecosystem

Why am I writing this (reading this) ? I was involved in the most ambitious if not the biggest Industry 4.0 (Internet of Things) research during my time at PwC. This global report conducted by PwC’s surveyed of over 2,000 global companies across nine industry sectors. The highlight of the report for Australia and Singapore region: Six … Continue reading Industry 4.0 – Building Digital Ecosystem

Skyhigh Cloud Security Part2: Let There be Light

Previously, we discussed in very high level about different threat vectors which enterprises need to be able to address cloud services problems and using Skyhigh to address those problems. The role of IT is changing from provider to enabler and service broker. We want to remove the stigma of Shadow IT which implies people are doing something … Continue reading Skyhigh Cloud Security Part2: Let There be Light

Skyhigh Cloud Security Part 1: Let there be light

I believe we all agree cloud adoption grows exponentially at 2015. We can agree almost every businesses using cloud services - as a service in any form. Yet still the number one CIO's concern for cloud adoption is security according to various researchers and surveys. If the security is the number one concern of cloud … Continue reading Skyhigh Cloud Security Part 1: Let there be light

Secure Azure Virtual Network – Defense In Depth using Network Security Groups, User Defined Routes and Barracuda NG Firewall

Kloud Blog

Security Challenge on Azure

There are few common security related questions when we start planning migration to Azure:

  • How can we restrict the ingress and egress traffic on Azure ?
  • How can we route the traffic on Azure ?
  • Can we have Firewall kit, Intrusion Prevention System (IPS), Network Access Control, Application Control and Anti – Malware on Azure DMZ ?

This blog post intention is to answer above questions using following Azure features combined with Security Virtual Appliance available on Azure Marketplace:

  • Azure Virtual Network (VNET)
  • Azure Network Security Groups (NSGs)
  • Azure Network Security Rule
  • Azure Forced Tunelling
  • Azure Route Table
  • Azure IP Forwarding
  • Barracuda NG Firewall available on Azure Marketplace

One of the most common methods of attack is The Script Kiddie / Skiddie / Script Bunny / Script Kitty. Script Kiddies attacks frequency is one of the highest frequency and still is. However the attacks have been evolved into something more…

View original post 1,509 more words

Life is Short When You Get Hacked – Sydney AWS User Group

This blog post is the follow up and hopefully will provide more details for Amazonians attending Sydney AWS User Group running on 5th August 2015. We started the session with Ashley Madison story which inspired the title of the session: Life is Short Have an Affair when You get Hacked We don't know where the Ashley Madison … Continue reading Life is Short When You Get Hacked – Sydney AWS User Group

AWS Direct Connect in Australia via Equinix Cloud Exchange

Kloud Blog

We have discussed Azure ExpressRoute via Equinix Cloud Exchange on my previous blog. Equinix Cloud Exchange (ECX) also provides AWS Direct Connect connectivity which means you can share the same physical link (1GBps or 10GBps) between Azure and AWS!  ECX also provides connectivity service to AWS for connection speed less than 1GBps. AWS Direct Connect provides dedicated, private connectivity between your WAN or datacenter and AWS services such as AWS Virtual Private Cloud (VPC) and AWS Elastic Compute Cloud (EC2).

AWS Direct Connect via Equinix Cloud Exchange is Exchange (IXP) provider based allowing us to extend our infrastructure that is:

  • Private: The connection is dedicated bypassing the public Internet which means better performance, increases security, consistent throughput and enables hybrid cloud use cases (Even hybrid with Azure when both connectivity using Equinix Cloud Exchange)
  • Redundancy: If we configured second AWS Direct Connect connection, traffic will failover to the second link…

View original post 351 more words

Azure ExpressRoute in Australia via Equinix Cloud Exchange

Kloud Blog

Microsoft Azure ExpressRoute provides dedicated, private circuits between your WAN or datacentre and private networks you build in the Microsoft Azure public cloud. There are two types of ExpressRoute connections – Network (NSP) based and Exchange (IXP) based with each allowing us to extend our infrastructure by providing connectivity that is:

  • Private: the circuit is isolated using industry-standard VLANs – the traffic never traverses the public Internet when connecting to Azure VNETs and, when using the public peer, even Azure services with public endpoints such as Storage and Azure SQL Database.
  • Reliable: Microsoft’s portion of ExpressRoute is covered by an SLA of 99.9%. Equinix Cloud Exchange (ECX) provides an SLA of 99.999% when redundancy is configured using an active – active router configuration.
  • High Speed speeds differ between NSP and IXP connections – but go from 10Mbps up to 10Gbps. ECX provides three choices of virtual circuit speeds in Australia: 200Mbps, 500Mbps…

View original post 1,060 more words