Blog de Joe Freeman

The incredible increase in remote work, continually escalating security concerns, the shift to SaaS providers for office productivity, and exploding bandwidth demands have changed the way companies manage connectivity.  Companies are moving from  always-on network VPNs to a mix of cloud proxies and zero-trust models. Home users connect to all services via public internet connections. Corporations typically block this type of access via IP or geo-location blocking that limit access from corporate networks or remote sites.  Corporations extended internal hardware and security models by providing remote sites and remote users with corporate-owned machines that join the corporate network via VPN. The VPN bridge the local network to the corporate network. They appear inside the company similar to the way they do inside corporate facilities.  This provides all the benefits and risks associated with being inside the network. Remote machine and site breaches give the a...

Remote works often connect to remote desktops over Cisco AnyConnect VPN links.  Those remote connections secure the remote corporate network by forcing all network traffic over the VPN connection.   You free up your computer to access the internet and other services by making your remote desktop connection from a Virtual Machine.  The cheapest way to do this on a Windows 10 machine is to run a Windows 10 guest  inside Microsoft Hyper-V.  You connect to the guest machine via Remote Desktop.  This leaves you with two desktops, the host  desktop which is still attached to the Internet and a guest  desktop connected soly to the corporate hosts via the Cisco AnyConnect VPN connection. Hyper-V Manager Remote Desktop This information originated  https://devhammer.net/2014/05/22/cisco-anyconnect-and-hyper-v-connect-to-a-vpn-from-inside-a-vm-session/ Hyper-V Manager supports two Remote Desktops.   Enhanced: This is the new and improved ...

Azure supports two types of VPN connections.  Site-to-site bridges your internal network to an Azure VLAN effectively creating a single large routable network.  Point-to-site joins a single machine to an Azure VLAN effectively putting that machine behind the Azure firewall. You can get a high level overview of this from  previous b log.  I also walked through how to create a point-to-site in a previous blog . I wanted to join my home office network to Azure so that I had  back side  access to all of my IaaS machines.  These machines are all installed on a VLAN (10.0.2.x) with ACLs blocking external port access. My home office runs with a single public IP with a Netgear FVS318N VPN capable firewall behind my cable modem. I do not have a complicated nested network.  The office is a 192.168.1.x network in a NAT configuration behind the Netgear. Some Microsoft documents recommend a Windows RRAS server with multiple LAN cards in it. One LAN ca...

Azure is primarily aimed at public facing services and web sites. You can see this in the way some Cloud Service features are only available at Azure's public edge.  Azure provides the ability to interact  machines remotely through the public ports and services. Sometimes you don't want everything  exposed to the internet so you can get access to it. A VPN can be used in those cases provide secure no public machine-to-network or network-to-network connectivity Standard Access Applications and services are deployed in the Azure environment as a kind of virtual data center.  Individual machines and programs communicate with each other using the internal Azure network.  Azure virtual machines can also communicate from Azure to other sites on the internet. Machines external to Azure normally communicate with Azure machines through their publicly defined service interface points. Most services run on standard ports for Azure-to-Azure  communications. Th...

You don't really have to worry about connectivity when you have a single in-house data center.  All your proprietary data is on "your" network that you manage. You firewall protects your sensitive information from internet intruders.  The internal network provides routing and name lookup services. You don't really worry about connectivity when your are consuming publicly available resources on the internet.  Your internal network allows outbound connections to the internet.  Your gateway knows which DNS servers provide name support. Note: IPV4 network numbers in the diagrams are just examples. They happen to be how my internal and Azure networks are configured. Azure a Cloud Provider Cloud providers give you the ability to spin up off-site data centers that are visible and reachable from the internet.  The actual remote data center organization and configuration is somewhat opaque to you since it is managed and controlled by the cloud provider.  ...