• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!
Collapse

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

  • You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
  • You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
  • If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Previously on "Azure hosting or similar"

Collapse

  • Spoiler
    replied
    Originally posted by SeanT View Post
    Windows firewall:

    RD Gateway on 443 open to the world.
    RD service itself on 3389 open to localhost (i.e. the gateway service running on the same machine) and to the OpenVPN box.

    Normal user access: RD via RD Gateway and Duo
    Admin user backdoor: VPN auth with certificate / key, RDP direct to server
    Thanks for the clarification

    Leave a comment:


  • SeanT
    replied
    Originally posted by Spoiler View Post
    Just trying to figure out exactly how that would work ...

    Spin up a Linux box in Lightsail, and run OpenVPN server on it.
    Install OpenVPN client on the Lightsail Windows server and connect to the OpenVPN server.
    Then, connect to VPN Server from home PC and run RDP over it.
    If the admin account was secured with 2FA, then I'm still reliant on that working okay.
    If the admin account isn't 2FA, then this leaves it open to brute force type attacks using direct RDP (not over the VPN).
    Unless ... I can restrict an account to only permit logins over the VPN (not sure if that's possible) ???
    Windows firewall:

    RD Gateway on 443 open to the world.
    RD service itself on 3389 open to localhost (i.e. the gateway service running on the same machine) and to the OpenVPN box.

    Normal user access: RD via RD Gateway and Duo
    Admin user backdoor: VPN auth with certificate / key, RDP direct to server

    Leave a comment:


  • Spoiler
    replied
    Originally posted by SeanT View Post
    I'd want an admin back door though (so a free VPN appliance, just for the genuinely administrative users, can be a Linux box for an extra fiver a month or something).
    Just trying to figure out exactly how that would work ...

    Spin up a Linux box in Lightsail, and run OpenVPN server on it.
    Install OpenVPN client on the Lightsail Windows server and connect to the OpenVPN server.
    Then, connect to VPN Server from home PC and run RDP over it.
    If the admin account was secured with 2FA, then I'm still reliant on that working okay.
    If the admin account isn't 2FA, then this leaves it open to brute force type attacks using direct RDP (not over the VPN).
    Unless ... I can restrict an account to only permit logins over the VPN (not sure if that's possible) ???

    Leave a comment:


  • SeanT
    replied
    Potential sticking point: https://forums.aws.amazon.com/thread...hreadID=252542

    Leave a comment:


  • SeanT
    replied
    Originally posted by Spoiler View Post
    This looks interesting, thanks. Will give it a spin. Pretty sure the app i need to use will work with 2012, possibly 2016. Will test it out.
    Main concern now is to secure RDP, but still keep the login process simple(ish) - looking at DUO's 2FA option for RDP ...
    Yep, just install remote desktop gateway on the same server, and set up Duo. I'd want an admin back door though (so a free VPN appliance, just for the genuinely administrative users, can be a Linux box for an extra fiver a month or something).

    Leave a comment:


  • Spoiler
    replied
    Originally posted by Dante View Post
    https://amazonlightsail.com/

    Windows Server:
    2 GB Memory
    1 Core Processor
    50 GB SSD Disk
    3 TB Data Transfer*

    $30 / £22.95 a month

    EDIT: It's Windows 2012 and 2016 only,so you'll have to ensure your s/w runs on it (or go down the Linux + VM route).
    This looks interesting, thanks. Will give it a spin. Pretty sure the app i need to use will work with 2012, possibly 2016. Will test it out.
    Main concern now is to secure RDP, but still keep the login process simple(ish) - looking at DUO's 2FA option for RDP ...

    Leave a comment:


  • Dante
    replied
    https://amazonlightsail.com/

    Windows Server:
    2 GB Memory
    1 Core Processor
    50 GB SSD Disk
    3 TB Data Transfer*

    $30 / £22.95 a month

    EDIT: It's Windows 2012 and 2016 only,so you'll have to ensure your s/w runs on it (or go down the Linux + VM route).
    Last edited by Dante; 3 November 2017, 15:54.

    Leave a comment:


  • SeanT
    replied
    Originally posted by stek View Post
    Anyway I didn't assume, I presumed....
    Correct you are sir, you presumptuous person you

    Leave a comment:


  • stek
    replied
    Originally posted by SeanT View Post
    Why would you assume this? It's just as likely to be ASP or PHP or worse.
    From my time at Tosh on the EPOS side of things. Almost everything was built on IBM Sterling Commerce and spat out a WAR file (or EAR) at the end.

    Perhaps a bit of a leap of faith...

    Anyway I didn't assume, I presumed....

    Leave a comment:


  • SeanT
    replied
    BTW Spoiler, just what is the application, could I get it to run in a container for you?

    Leave a comment:


  • SeanT
    replied
    Originally posted by garethevans1986 View Post
    Azure isnt mature enough compared to AWS, MS are playing catch up with the tech and try to retro fit services into the cloud rather than designing them cloud first like AWS do. It's a nicer platform to use, better management suite, Azure SDKs are a nightmare between versions as they ALWAYS have breaking changes in.

    My current client uses Azure and it's a big huge bag of spanners. Hard limits all over the place which is ridiculous - eg 200 Storage Accounts per subscription, Cloud Services etc. Service Fabric only just coming out on Azure, AWS equivilant Elastic Beanstalk has been around for years.

    Gareth
    My little potted summary I just wrote for someone else:

    AWS rules the roost on depth and breadth of the services it does offer, but fails on inadequate container orchestration (unless you roll your own), largely un-necessary rebranding of products and vendor lock-in, complicated network stack that's less powerful than the GOOG one, and from what I've seen noisy neighbour issues.

    Azure is basically like AWS in many ways - just a little bit less awesome. It's nowhere near as nice to work with, but has good options for M$ shops and of course an awesome AI / data platform with some good USPs mixed in there.

    GCP is a bit different - it's not quite as easy to work with as AWS, but the networking and support for container orchestration and a pipeline feeding this is pretty excellent. Add in Cloud Spanner, a world class networking stack, some more AI / ML goodness, good support for open source databases that don't deviate from the original codebase / implementation, and Cloud Console and it's a pretty compelling all rounder. GKE is a bit more limited but it's so nice to be able to use K8S with the hard stuff done for you we'll let them off.

    Leave a comment:


  • SeanT
    replied
    Originally posted by stek View Post
    Presumably the server end is just a WAR file deployed on JBoss or Websphere
    Why would you assume this? It's just as likely to be ASP or PHP or worse.

    Leave a comment:


  • garethevans1986
    replied
    Originally posted by woohoo View Post
    I'm interested in the reasons why you prefer aws.

    Azure isnt mature enough compared to AWS, MS are playing catch up with the tech and try to retro fit services into the cloud rather than designing them cloud first like AWS do. It's a nicer platform to use, better management suite, Azure SDKs are a nightmare between versions as they ALWAYS have breaking changes in.

    My current client uses Azure and it's a big huge bag of spanners. Hard limits all over the place which is ridiculous - eg 200 Storage Accounts per subscription, Cloud Services etc. Service Fabric only just coming out on Azure, AWS equivilant Elastic Beanstalk has been around for years.

    Gareth

    Leave a comment:


  • stek
    replied
    Presumably the server end is just a WAR file deployed on JBoss or Websphere, can u not drop it on Linux?

    Leave a comment:


  • woohoo
    replied
    Originally posted by SeanT View Post
    Because you don't have to deal with Microsoft "support"?
    Having dealt with MS support it's hit and miss and can be a pain. But im more interested in the short-comings of azure compared to AWS.

    Leave a comment:

Working...
X