Christof VG

You don't need to come out of your comfort zone, if automation is in it!

Automatically convert a PowerShell script to an executable

Read time: 5 minutes

Introduction

In my previous post “PowerShell GUI with externally managed data“, we created a PowerShell GUI script that uses externally managed data. But wouldn’t it be great if the application was just an executable, which could be easily used by end-users, and that could be deployed using Mobile Device Management? Of course! In this blog post, I will guide you through the process of updating your pipeline to automatically convert the PowerShell script into an executable.

Read More

PowerShell GUI with externally managed data

Read time: 15 minutes

Introduction

A while ago, I got a question from a customer to create a PowerShell GUI script to be used by their end-users. The customer is a global company, with multiple offices in various countries. This script had following requirements:

  • data, displayed in the application, should be filtered by the selected country/location
  • the data to display should be maintained by someone without programming skills

The suggestions I made were also accepted:

  • Source control should be used for the code
  • Automated build and release (CI/CD) should be used

In this blog post I want to show you how I created an PowerShell script with a GUI with one release pipeline, and another pipeline with the data, used in the script.

Read More

Azure Virtual Datacenter - Part 3 - Firewall deployment

Read time: 10 minutes
Execution time: 10 minutes

Series overview

Introduction

We now have the foundation of our Virtual Datacenter in place. We created a central hub, meant to accommodate centralized services like firewalls, domain controllers, file servers, … . Spoke networks are created for specific workloads that need to be separated from other workloads for security or governance purposes. Another network is created that will be connected using a site-to-site ipsec tunnel to simulate an on-premises network. With all these networks in place, we are ready to implement the centralized firewalls that will inspect and control all east-west traffic (between the spokes and the on-premises network) and north-south traffic (between the internal networks and the internet).

The ARM templates for the deployment are available on my GitHub page so I won’t put the files here. But we will go deeper into certain parts of the ARM templates in this article where needed.

Read More

Azure Virtual Datacenter - Part 2 - Virtual Networks

Read time: 5 minutes
Execution time: 10 minutes

Series overview

Introduction

In the previous post, we designed the Azure Virtual Datacenter using the Hub-and-Spoke model. Now, it is time to get our hands dirty and start with the fun part! In this post, we will create the virtual networks that create the base

Read More

Azure Virtual Datacenter - Part 1 - Overview

Read time: 5 minutes

Series overview

What is an Azure Virtual Datacenter?

The term Azure Virtual Datacenter was introduced by Microsoft as an approach for extending your on-premises datacenter to the public cloud in a secure way. The complete description of the Azure Virtual Datacenter is described in the eBook “Azure Virtual Datacenter”, which can be found here: https://azure.microsoft.com/mediahandler/files/resourcefiles/1ad643b8-73f7-43f6-b05a-8e160168f9df/Azure_Virtual_Datacenter.pdf.

Read More

pfSense on Azure - Part 4 - Deploy pfSense in Azure with ARM templates

Read time: 5 minutes
Execution time: 5 minutes

Series overview

Introduction

After publishing part 1 through 3, someone brought to my attention that I should do the deployment using ARM templates instead of using PowerShell. This is completely true, so I created the necessary ARM templates to deploy the exact same environment. I made use of a main template that gathers all parameters and creates all resource groups. It also deploys 4 linked templates:

  • virtualNetwork.json: Deploys the virtual network and subnets
  • managedDisk.json: Deploys a managed disk from the uploaded VHD
  • pfSense.json: Deploys an instance of pfSense, attaching the managed disk
  • managementVM.json: Deploys a management VM to access and configure the pfSense instance

    Read More

pfSense on Azure - Part 3 - Deploy pfSense in Azure

Read time: 5 minutes
Execution time: 10 minutes

Series overview

Introduction

In the first part, we prepared the virtual machine for pfsense with all necessary tweeks for Azure. In part 2, all necessary packages are installed, along with the Azure Linux Agent. Now we are ready to upload the VHD to an Azure storage account, create an image and deploy a new virtual machine, based on that image.

Read More

pfSense on Azure - Part 2 - Install pfSense

Read time: 5 minutes
Execution time: 15 minutes

Series overview

Introduction

In the previous part, we created the virtual machine that we will use to install pfSense on, with custom settings specific for Azure. As a recap, here an overview of the settings we made to make the virtual machine compatible with Azure:

  • The virtual machine type is created as a generation 1 virtual machine.
  • The virtual hard disk is configured with a fixed disk size.
  • The Virtual hard disk type is set to VHD.
  • Checkpoints are disabled.

We also added an extra NIC. This is not for compatibility with Azure, but it is necessary to configure pfSense as a router.

Read More

pfSense on Azure - Part 1 - Create pfSense Virtual Machine

Read time: 5 minutes
Execution time: 5 minutes

Series overview

Introduction

In another series, I will build an Azure Virtual Datacenter. Central in the Virtual Datacenter design are the firewalls that will inspect and filter all traffic that passes through the central hub.

We will use pfSense firewalls in this series. pfSense provides very reasonable priced, enterprise grade NVA’s. Check the Azure Marketplace for all information about pfSense and pricing. A community edition is also available, which can be downloaded for free. This version is community supported on https://forum.netgate.com. For our study of networking in a Virtual Datacenter environment in Azure, the community edition will do fine.

Production environment

In a production environment it is highly recommended to make use of the Netgate pfSense Firewall/VPN/Router from the Azure Marketplace, or subscribe for Netgate pfSense support. More info about a support subscription can be found here: https://www.netgate.com/support/.

Read More