Deploying infrastructure ARM Templates to Azure, but using Tags and their respective value as the parameter configuration settings

In a post earlier, we look at using arm to lookup the value of tags' at both the Subscription and Resource Level. With Bicep this is much easier to understand. This is the same lab configuration as in the original post, but this time to code should be a lot more readable. // Sample to lookup tag values // Both Subscription and Resource Level @description('The resource ID of the resource we wish to look up a tag from.

Guide to installing an alternative Radius service, for those who may have implemented Windows NPS Server - License Free and Open Source, Enterprise Ready

In a pervious post, I covered the steps to deploy the current stable release of FreeRadius, by installing the packages from the NetworkRadius organizations repository. We will now, focus on configuring the FreeRadius server so that it can authenticate 802.1x requests. Why? Why would we go to this trouble, especially given the fact that Windows has shipped with its own NPS service, for the past 20 years? Simple really, In the world of Cloud First, many customers are now selecting the option of Azure AD Joined only, for their machines in preference to AD Joined, or even Hybrid Joined.

PFX files enable to transportation of certificates between systems, however many services require separate files for both public and private certificates

Using OpenSSL, we can extract the private key, and the certificate into independent file’s, which is required for most networking devices, and linux services. You will need to install the OpenSSL package, either on your Windows or Linux system (I have covered how to update the current version on Linux here) Export the private key from the PFX file We begin, by passing in the PFX and requesting the Private key to be placed into its own file.

Windows stores certificates in a special logical store, in this post we check out two methods to export certificates with their private key to PFX files

A .pfx file is in essence an archive which can contain multiple objects, and can also be password protected; The format of this file is known as PKCS#12 Typically, a .pfx usually contains one or more certificate, typically the chain of upstream authorities, and the corresponding private key. The most common usage of a PFX file is simplify certificate distribution to alternate systems or deployed to services. Logical stores Within Windows, all certificates exist in logical storage locations referred to as certificate stores.

Using OpenSSL we learn how to create a Certificate Request from Linux node, to issue a certificate from a Windows PKI Server

At some point, you will have the requirement of creating a certificate request, and submitting this to an online certificate authority, which will process the request and issue you a certificate with both a Public and Private Key. In this post, we will use the ‘OpenSSL’ utility to create such a request file, and walk trough the steps of issuing a certificate from a Windows PKI Server. Creating our Certificate Request We will create a Certificate Request template file which defines the settings which are necessary to also include Subject Alternate Name in the issued certificate.

A simple guide to installing the current version of the OpenSSL utility on Ubuntu Linux

Being over 25 years old, OpenSSL can be found on just about any system you work with today; but this does not imply that the version installed is current (or even close). During its life, there have been many instances where OpenSSL has been in the news, where some new vulnerability has being discovered, and quickly after, patched. The Swiss Army Knive of SSL Certificate’s, this is a tool that everyone should have at least used once in their administrative duties.

Guide to installing an alternative Radius service, for those who may have implemented Windows NPS Server - License Free and Open Source, Enterprise Ready

FreeRADIUS is an open source, high-performance, modular, scalable and feature-rich RADIUS server. It ships with both server and radius client, development libraries and numerous additional RADIUS related utilities, for Linux FreeRADIUS supports request proxying, with fail-over and load balancing, as well as the ability to access many types of back-end databases. RADIUS, which stands for Remote Authentication Dial-In User Service, is a network protocol used for remote user authentication and accounting.

Deploying infrastructure ARM Templates to Azure, but using Tags and thier respective value as the parameter configuration settings

In the post, I am going to introduce a concept which will allow you to greatly up your Infrastructure as Code game, by using Azure as a State Machine! One of the typical challenges when deploying ARM templates, is the sheer number of parameters which we find as a requirement to complete a deployment; which as you will appreciate gets considerably harder as we target many environments. There are a number of methods to address this, including the use of Parameter files or Continuous deployment variables; each with their own challenges.

Delegating Azure Enterprise Agreement Owner privileges to a Service Principal (SPN)

EA Department / Account Administrator

Under the Enterprise agreement we have some different Persona’s, which have quite different abilities and operations upon which they are permitted to preform.

Before we being the process of delegation, It is important to understand this Hierarchy, so we can correctly proceed with the technical work ahead.

Retrieve the Function Host Keys while deploying an ARM template

Todays conundrum: As I deploy a new Function Application, I need a simple methodology to retrieve the Host Keys for the function application so that I validate the deployment has been successful; and potentially pass on the key to related services, for example API Management.

As before, I am leveraging templates, and will stay cloud native; this time depending on the functions Output ability to present the keys.