My name is Robin van Bruggen and I work as a freelance workspace specialist. My focus as a workspace specialist is implementing, migrating and managing physical and virtual desktop solutions. I do this at my company Van Bruggen ICT.
Azure Bastion is a new Azure service that enables you to create private RDP and SSH to Azure machines. Before Azure Bastion, you would have to create VPN access to Azure or assign a public IP address to the virtual machine(s) and allow RDP/SSH access from the internet.
Before Azure Bastion you could secure the access to the virtual machine using Just In Time VM Access or a VPN. Bastion gives you a full private service in your Azure virtual network so you can access your machines using SSL in the browser without the need to expose your machines.
Azure Bastion is currently in preview. You can access the preview using this URL : https://aka.ms/BastionHost.
How Azure Bastion Works
The Azure Bastion service works over port 443 (SSL) and this is the only port and connection Bastion uses. So port 443 will be the only port that you will have to enable in your virtual network (NSG). Behind Bastion it will connect to your devices over port 3389 (RDP) or 22 (SSH) to the virtual machines.
Alternative to Azure Bastion, you could work with a VPN service to Azure, IP access (with whitelisting) or Just In Time VM Access.
Click the READ MORE button to start going though the actual configurationRead More
The last few days I have been busy with creating my new home lab. For years I had the possibility to use my employers or customers test/lab environments, to test new technology and reproduce/troubleshoot issues. I have started working as a freelancer earlier this year and needed my own test environment.
Why a home lab
For me, I use my home lab almost daily. To try and reproduce customer issues and verify their setup or to setup and test new software/settings but most of all to study and gain/improve my knowledge and get my certifications. I will combine my home lab with an Azure environment.
My gear of choice
I want my lab environment to be available 24/7 with low power consumption and I want it to be (very) quiet. I also wanted it to have a dedicated GPU. I did not want to build my own custom computer (takes to much time for me) so I wanted a pre-build computer. Intel offers a large choice of pre-build hardware with good specs!
I have chosen to buy the Intel NUC Hades Canyon. The Hades Canyon offers a good dedicated GPU, fast CPU, M.2 SSD and 32/64GB of memory and a small form factor. The exact specifications of my NUC:
CPU: 3.1GHz Intel Core i7-8705G (quad-core, 8MB Cache, up to 4.1GHz)
Graphics: Radeon RX Vega M GH graphics (4GB HBM2 VRAM), Intel UHD Graphics 630
RAM: 2x Kingston HyperX 16GB DDR4
Storage: Samsung 970 EVO Plus 1TB M.2 SSD
The Hades Canyon is in my opinion currently one of the best pre-build systems to get for a homelab environment. The dedicated GPU allow me (for example) to configure and play with GPU Passthrough in an RDS environment.
Besides my homelab I have a 2019 Apple Macbook Pro and a Microsoft Surface Pro that I take with me at work. In my homeoffice I have an extra Intel NUC with Windows 10.
- Apple Macbook Pro 15″ Touchbar (mid 2019)
- Intel Core i7 (2,6GHz QuadCore)
- 16 GB RAM 2400Mhz DDR4
- 265GB SSD
- Radeon Pro 555x 4GB
This laptop is running a Windows 10 Virtual Machine and applications like Edge Chromium (love it!), Office 365, RoyalTS, 1Password..
My current VM’s
My current homelab is running 6 VM’s with enough space/memory available to run more. This NUC will be able to run roughly +- 8 VM’s easily.
Currently i’m running a full (hybrid) RDSH environment with a few Azure components. All the VM’s are running on Windows Server 2019 except for the Ubiquiti VM, which is a Ubuntu VM.
- 1x Domain Controller/DNS/Azure AD Connect/SQL Server.
- 2x RDS Server (RemoteDesktop and RemoteApps).
- 1x RD Web/RD Gateway.
- 1x Management/Fileserver/RD Broker.
- 1x Ubiquiti Unifi and UNMS server (which currently manages 3 different sites with routers/access points).
Besides this I have a Site2Site VPN to from my homelab to Azure, AD Connect and a few virtual machines, like a Windows 10 desktop for Windows Virtual Desktop and Azure storage for FSLogix profile containers.