Snapt @ vRetreat May 2020

Last week I received an invitation to the latest in the vRetreat series of events. These events bring together IT vendors and a selected group of tech bloggers- usually in venues like football clubs and racetracks, but in the current circumstances we were forced online. The first of the two briefings at the May 2020 event came from Snapt.

Established in 2012, Snapt is built on a product range they refer to as “Load Balancing Plus” – taking in Load Balancing, Web Acceleration and Firewall. They have a recent flagship release named “Nova” which enables the deployment and scaling of these load balancers across multiple environments.

It’s an interesting approach for anyone working in a multi-cloud environment, for example with workloads in vSphere, AWS, and Azure, who wants a consistent method of deploying, securing, and maintaining their load balancers in all of these clouds from one SaaS platform.

snapt1-crop

Snapt achieve this by separating their control and data planes – The SaaS control plane is managed by a clean web-based dashboard or API calls, and from there the nodes are deployed to the target infrastructures as VMs, containers, or cloud devices depending on the platform.

This separation of the nodes from the control adds potential for scaling, helped by their stateless nature. Logs are streamed directly out of the node and the parameters are pulled down from the control plane. Nodes also expose interfaces to allow direct monitoring from third-party applications as well as that provided by the Nova dashboard.

image

Down on the node, the load balancing features are supported by a wide set of security tools. Traditional blacklists and whitelists are supported by more advanced features such as geofencing and anomaly detection. Activity here is reported back up to the dashboard to give admins a clear, global, view of load and threats across their environments.

Whilst there are plenty of other load balancing solutions on the marketplace, based on this briefing I’d say that Snapt are well worth a look and particularly if the requirement is for a multi-cloud type environment.

There is a Community Edition of Nova available which allows up to 5 nodes free of charge- check out https://nova.snapt.net/pricing for details.

Please read my standard Declaration/Disclaimer and before rushing out to buy anything bear in mind that this article is based on a sales discussion at a sponsored event rather than a POC or production installation. I wasn’t paid to write this article or offered any payment, aside from being entered in a  prize draw of delegates to win a chair (I was not a winner).

Check Azure WebApps have Backup Configured

Azure WebApps (depending on tier) come with an optional native backup service. This quick PowerShell snippet looks at all the WebApps in the current subscription and reports back on whether Backup has been set up. This should be helpful for spotting where a configuration has been missed.

Use Set-AzContext to set the subscription in advance, and to restrict to an individual Resource Group use the –ResourceGroupName on the Get-WebApp cmdlet in the first line.

foreach($WebApp in Get-AzWebApp ){
  if (Get-AzWebAppBackupConfiguration `
      -ResourceGroupName $WebApp.ResourceGroup `
      -Name $WebApp.Name `
      -ErrorAction SilentlyContinue) {
  $WebApp.Name+" Backup Configured"
  } else {
  if( (Get-Error -Last 1).Exception.Response.Content `
      -like "*Backup configuration not found for site*")
    {$WebApp.Name+" Backup Not Configured"}
 }
}

Using New-AzureFirewallRule with multiple ports or IP ranges

When creating an Azure Firewall rule with multiple ports or IP ranges using the PowerShell “New-AzureFirewallRule” cmdlet, you may get an error like this:

Invalid IP address value or range or Service Tag 192.168.64.0/18,10.1.0.0/16.
StatusCode: 400
ReasonPhrase: Bad Request
ErrorCode: AzureFirewallRuleInvalidIpAddressOrRangeFormat

or

Invalid port value or range. User ports must be in [1, 65535]
StatusCode: 400
ReasonPhrase: Bad Request
ErrorCode: AzureFirewallRuleInvalidPortOrRangeFormat

The incorrect code causing these messages refers to the Source Address or Destination Port as a comma-delimited string as you would use in the Azure Portal, as shown here:

#Incorrect Code
$netRule = New-AzFirewallNetworkRule `
     -Name "FirewallRule1" `
     -Description "Rule for HTTP,SMB traffic" `
     -Protocol "TCP" `
     -SourceAddress "192.168.64.0/18,10.1.0.0/16" `
     -DestinationAddress "172.20.1.1/28" `
     -DestinationPort "139,445,80"

However, the cmdlet wants an array of strings to be passed here rather than a comma-delimited string value, so (“192.168.64.0/18″,”10.1.0.0/16”) rather than “192.168.54.0/18,10.1.0.0/16”. The correct version of the above code snippet is as follows:

#Corrected Code
$netRule = New-AzFirewallNetworkRule `
     -Name "FirewallRule1" `
     -Description "Rule for HTTP,SMB traffic " `
     -Protocol "TCP" `
     -SourceAddress ("192.168.64.0/18","10.1.0.0/16") `
     -DestinationAddress "172.20.1.1/28" `
     -DestinationPort ("139","445","80")

Checking Hybrid Benefits in Azure with PowerShell

When using Windows-based Virtual Machines on Microsoft Azure, there’s an option to use “Azure Hybrid Benefit” to re-use existing Windows licenses you own on-premises for workloads now running in the public cloud.

image

If you don’t select this option then your Azure bill will include the cost of a new Windows license for that virtual machine, so it’s important to ensure it is used where you are entitled to do so. If you have a site license, or campus agreement, you may find that you are allowed Hybrid Benefit on all your workloads in Azure.

This PowerShell snippet will list all the Windows Virtual machines (in the current subscription- use Set-AzContext to change that) which are not making use of the Hybrid Benefits- giving you a quick list of VMs to check the settings on.

Get-AzVM | Where-Object {$_.OSProfile.WindowsConfiguration -and !($_.LicenseType)}

Virtual vs In-person Conferences

In the current pandemic situation (April 2020) a lot of events, both small and large, have had to close their doors and move from in-person to virtual on-line environments. There’s been a lot of chatter about this on the interwebs, and how some people favour the way of conferencing we have been forced into adopting.

From my perspective I find it hard to see how online meetings can match up to the in-person show. The section of the event where you’re sat quietly listening to a speaker, raising your hand with a question, or asking at the end, is similar between the two. Viewing from home you have a more comfortable chair but, on the flip side you must buy your own drinks and snacks. However, you are just watching an online webinar and the moment the session ends, you step out of that breakout back into your home life.

Distance-learning like this is great, but it’s just one component of what makes the traditional tech conference such a worthwhile experience. It’s that time when you’re not sat down listening to a presentation or trying out a lab that can really make the difference.

Discussions happen with random people on the show floor, in a queue, at the bar in the evenings, or even at the airports. The social component, even for an introvert, should not be underestimated. I’ve now got some great friends, gained unexpected knowledge, and understood things from different viewpoints thanks to tech conferences. It’s also one of the few ways of breaking out of the “bubble” of IT in my organisation and seeing what people do in similar functions in the wider world.

IMG_20200128_145028331 (2)

Even the big events I’ve attended- VMworld, Cisco Live, Microsoft TechEd – I’ve gone into knowing few, or even zero, people at the event but always come away with new contacts, experiences, and friends. I don’t get any of that from the breakout sessions, it’s all from those bits in-between.

Getting out of the office (or these days the home-office) is an important method of separation and difficult to replicate without travelling to a conference (even if it’s just down the road). Without that separation it’s hard to avoid being (as) distracted by the day to day and able to concentrate on learning.

I’d love to be proven wrong. If someone can figure out how to answer this puzzle of doing the bits between and after the sessions well in an online environment I’d be overjoyed, but I’m still waiting for that to happen. Perhaps the London VMUG next week might surprise me.