Azure Insights: Hyper-V VMs; Publisher verification; Gen2 VMs; Setting an NSG to an NIC

June 4 2020

Azure pros share their thoughts on Hyper-V VMs, Publisher verification, Gen2 VMs or setting an NSG to an NIC.

Connecting to nested Hyper-V VMs with a VPN Gateway

Thomas Thornton took a look at nested Hyper-V VMs, which offer benefits for unsupported operating systems running legacy apps to sandbox environments. Users often want to create VMs in a nested Hyper-V VM and connect to other VMs in Azure. Currently, restrictions in the Azure backend make it impossible to setup an external switch and provide direct Hyper-V access to a hosts physical network. He wrote:

The solution is to configure NAT so that VMs can access the internet from the Hyper-V hosts public IP address and configure additional routing to enable connectivity to other VMs in Azure and vis-versa so other VMs in Azure can access the Hyper-V VMs.  

Thornton demoed the process from NAT and LAN routing to static route setup.

Arranging Publisher verification in Azure AD

Tobias Zimmergren examined Microsoft's launch of Publisher verification in Azure Active Directory. Developers for Microsoft partners are currently able to tie their MPN ID to Azure AD apps so that end-consumers will see the app's creator as a verified publisher. This can help to reaffirm trust. To get going, users can navigate to AD, select Branding and the Publisher verification section, enter an MPD ID, configure consent policies.

Next, it's essential to configure consent options to not allow group owner consent while allowing group owner consent for all group owners or selected group owners. He wrote:

I also want to highlight the fact that anyone can become a verified publisher. This is not an indication that the application quality is sound, nor that the application does what it says it does. The publisher verification simply ties an application to a trusted Microsoft partner company. If the application then misbehaves, its outside the scope of the verification.

Working with Gen2 VMs in AKS

Richard Hooper, writing on Pixel Robots looked into the rollout of Kubernetes Service Gen2 VMs in public preview.  The new VMs are very similar to those found in Hyper-V back to Windows Server 2012 R2, relying on UEFI boot architectures supporting VM builds up to 12 TB in size with two TB OS disks.

Users begin by registering the feature with the az feature register command. From there, users must reregister the namespace, create a resource group and navigate the VM Scale Set for the node pool.

Setting a Network Security Group to VM Network Interface with PowerShell

Also on his blog, Thomas Thornton explained how to assign a Network Security Group to a VM Network Interface in Azure using PowerShell. Users start by fetching the NSG and the NIC. Within $vmnic properties the NSG should be blank. Once defined, users can run PowerShell with Set-AzNetworkInterface applied.

Once users run the process they should see the NSG applied to the VM NIC.

FREE Membership Required to View Full Content:

Become a MemberLogin
Joining gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more, and it’s all FREE. You’ll also have the option to receive periodic email newsletters with the latest relevant articles and content updates. Learn more about us here
About MSDW Reporter

More about MSDW Reporter