my new job teams are asking me to Create IBM Cloud PAK “Platform connections” to MS Azure SQL Server databases c) Anything else you can think of! (networking Vnet, registering an endpoint with the Azure DNS service) there is not much resources i found online . could you please walk me through how can i design this platform in azure step by step . will be very helpful
Sorry, but I’m not clear on what you are looking for. You want to know how to create Virtual network Azure dns Azure sql db Create dns entry for database? Which part of that don’t you know how to do
in Linux generally you use BIND. I don't have a specific script for your environment, so I suggest you start here - www.linuxtechi.com/setup-bind-server-centos-8-rhel-8/
Hi thanks for your wonderful videos 😊I am kind of stuck since 4 days on a dns issue... I setup an aadds on azure and a s2s vpn between my firewall and the azure virtual network gateway in order to be able to join the aadds on premises... I am able to join the domain which on azure without problem! I am using a custom dns on the aadds but the machines once join to the aadds the custom dns doesn't khow how to resolve internet addresses looks like I need to add a forwarder such as google dns or my own on premises ns... Is there a way to add the forwarder on the azure custom dns? We are looking forward to have a 100% Cloud bases Active Directory
I haven’t tried that…but I think that if you added a 3rd custom DNS into your vnet of 1.1.1.1 or some other online DNS ip then it should allow you to lookup things on the internet
Good informative video, I have a question. Why would I come to Azure DNS when Domain Name Registrar is doing the same job? Is there any performance improvement since name servers now on Azure?
Good question vishwanath! For me it is ease of management. I am always working in Azure. I don't have to log in to my Domain Registrar to make any changes to my public DNS. Just point it once to Azure and do everything for Public and Private DNS in one place.
Thanks! I capture the computer screen with a free software called OBS and I edit the videos with adobe premiere pro and add animations and effects using adobe after effects
Hi Dean! great work, I always come back here for a refresh on DNS. At 12:13, if 12.0.2.4 was a DNS server on a VM it would resolve the IP, wouldn't it? How do you think this would compare to Azure DNS at 168.63.129.16 in terms of efficacity or finance in a work environment? is it worth having an internal DNS running inside VNet in relation to performance/finance?
They both work very well. It is more of a question on how you want to manage things, and where you want that DNS info. Yes, Azure DNS zones will be less expensive then a VM, but if it isn’t a solution that does everything you want, that doesn’t matter
Not Exactly feature limitations but because as her private DNS is not native to active directories some of the SRV records or not they are… But private DNS is not meant to replace active directly DNS
Hi Dean, Could you please make video on custom RBAC policy. We would love to here more on RBAC because we don't have proper resource on you-tube for custom RBAC
We can do that AZ-Farmers. This is a VERY large topic so can you give me some idea of why you want to use Custom RBAC? What is the use case or what is there in the built-in RBAC that is not meeting your needs? Thanks!
@@AzureAcademy Let’s assume we have VM administrator, Network administrator and Database administrator who manages their resources. Now thing about that if person knows how to manage VM, will it make any sense to give him to privilege to change database and network resource? It's not about questioning on skillset about employee, it just about giving him authorized access.
I like the way you put that. Yes this can totally be done in Azure today through all of the RBAC roles that we have. You can also create custom RBAC roles...but I would normally advise against this. The reason why is that this is a HUGE amount of work, in the end you do not gain a lot from it and there are a lot of concerns...for example: Requirement: Create , Change, Delete VMs Read Virtual Networks These requirements can be met with 2 Azure RBAC roles. 1. VM Contributor 2. Virtual Network Reader I would take these 2 roles and give that person access The roles can also be scoped to a specific subscription or resource group to limit this access as well Some customers see these requirements and choose to create a custom role where they take PARTS of the VM Contributor and Virtual Network Reader and combine just the parts that they think are the minimal rights needed to get this user working...and there in lies the problem. I have NEVER seen a customer do this successfully without many...many hours of work, and then even if you get it working it doesn't work long term. What I mean is that there may be a feature you read about in the Azure Docs that requires Virtual Network Reader and so you think...I have that! But the feature isn't working. The reason is because We write our documentation to call out our RBAC roles like Virtual Network Reader...not the sub features of that Role. So there are parts of the reader role that you didn't give your custom group because when you created the group you didn't need all those features so you didn't include them all... so now the new Azure feature you are trying to use isn't working because you don't have the rights correct. If you MUST have a custom role then the way I would do it is this. Take VM contributor and VNET reader and create a custom role from those COMPLETE RBAC Roles. then you are covered. But now I have to ask...why are you taking all the time and effort to do this custom role creation when you can just assign the VM Contributor and VNET Reader to the group and be done in 1 second? So if you would still like a video on this then I sure can...let me know #HappyLearning
my new job teams are asking me to Create IBM Cloud PAK “Platform connections” to MS Azure SQL Server databases
c) Anything else you can think of! (networking Vnet, registering an endpoint with the Azure DNS service)
there is not much resources i found online . could you please walk me through how can i design this platform in azure step by step . will be very helpful
Sorry, but I’m not clear on what you are looking for.
You want to know how to create
Virtual network
Azure dns
Azure sql db
Create dns entry for database?
Which part of that don’t you know how to do
What is the purpose of having "connection specific dns suffix when a VM is not joined to a domain ??
its required for all Azure VMs. feel free to change it yourself, or join your VMs to a domain
I like your videos! Your English is perfect! ;-)
Thank you! 😃
How can we do the same thing in Linux machine ? Any script for that ?
in Linux generally you use BIND. I don't have a specific script for your environment, so I suggest you start here - www.linuxtechi.com/setup-bind-server-centos-8-rhel-8/
Is this ps script somewhere on github?
Sorry it isn’t. This is a script for each loop just to set the DNS Suffix on all VMs. Should be easy enough to copy down
Hi thanks for your wonderful videos 😊I am kind of stuck since 4 days on a dns issue... I setup an aadds on azure and a s2s vpn between my firewall and the azure virtual network gateway in order to be able to join the aadds on premises... I am able to join the domain which on azure without problem! I am using a custom dns on the aadds but the machines once join to the aadds the custom dns doesn't khow how to resolve internet addresses looks like I need to add a forwarder such as google dns or my own on premises ns... Is there a way to add the forwarder on the azure custom dns? We are looking forward to have a 100% Cloud bases Active Directory
I haven’t tried that…but I think that if you added a 3rd custom DNS into your vnet of 1.1.1.1 or some other online DNS ip then it should allow you to lookup things on the internet
Yes, it would be great to have a video on the run command, I have had to use it to resolve several issues
Thanks for letting me know
thx. you for this video, it gets clear about privat and public DNS
Awesome
Thanks for your lovely illustrations. Could you please cover hub and spoke architecture, Thanks
Thanks! Is there something specific about Hub and Spoke you are looking for?
@@AzureAcademy I am not aware how to create this. So .
This could help 👉 th-cam.com/video/rfPoMVXnBIk/w-d-xo.html
Please sir also post vedio for running PS in VM as you promised in Video Please
are you talking about the VM Run commands or something else?
and you tell me what time in the video you are talking about?
Good informative video, I have a question. Why would I come to Azure DNS when Domain Name Registrar is doing the same job? Is there any performance improvement since name servers now on Azure?
Good question vishwanath!
For me it is ease of management. I am always working in Azure. I don't have to log in to my Domain Registrar to make any changes to my public DNS. Just point it once to Azure and do everything for Public and Private DNS in one place.
@@AzureAcademy Thanks for answering, thought so
Anytime!
Great video very very good my compliments and thanks!
Thanks!
Thanks for the great video. Can I know what tool you use to create this video. Looks really good.
Thanks! I capture the computer screen with a free software called OBS and I edit the videos with adobe premiere pro and add animations and effects using adobe after effects
@@AzureAcademy Thanks a lot for the lightning response. Appreciate that.
Anytime
Can we do dns suffix stuff for AKS as well?
Yes you can
Great video. I love all the courses.. I'm getting Certified!! And yes would love the command line class for the vm you mentioned here
Thanks for the feedback
Very good explanation of the different Azure DNS features. Thanks.
Thanks for the feedback
Hi Dean! great work, I always come back here for a refresh on DNS. At 12:13, if 12.0.2.4 was a DNS server on a VM it would resolve the IP, wouldn't it? How do you think this would compare to Azure DNS at 168.63.129.16 in terms of efficacity or finance in a work environment? is it worth having an internal DNS running inside VNet in relation to performance/finance?
They both work very well. It is more of a question on how you want to manage things, and where you want that DNS info. Yes, Azure DNS zones will be less expensive then a VM, but if it isn’t a solution that does everything you want, that doesn’t matter
@@AzureAcademy I see. Have you come across any limitations of either? If yes, care to share the experience?
Not Exactly feature limitations but because as her private DNS is not native to active directories some of the SRV records or not they are… But private DNS is not meant to replace active directly DNS
@@AzureAcademy I don't seem to make sense of this answer. Care to rephrase it?
What I meant was Azure Private DNS Zones cannot be used to replace Active Directory DNS today.
Hi Dean,
Could you please make video on custom RBAC policy. We would love to here more on RBAC because we don't have proper resource on you-tube for custom RBAC
We can do that AZ-Farmers. This is a VERY large topic so can you give me some idea of why you want to use Custom RBAC?
What is the use case or what is there in the built-in RBAC that is not meeting your needs?
Thanks!
@@AzureAcademy Let’s assume we have VM administrator, Network administrator and Database administrator who manages their resources. Now thing about that if person knows how to manage VM, will it make any sense to give him to privilege to change database and network resource? It's not about questioning on skillset about employee, it just about giving him authorized access.
I like the way you put that.
Yes this can totally be done in Azure today through all of the RBAC roles that we have.
You can also create custom RBAC roles...but I would normally advise against this.
The reason why is that this is a HUGE amount of work, in the end you do not gain a lot from it and there are a lot of concerns...for example:
Requirement:
Create , Change, Delete VMs
Read Virtual Networks
These requirements can be met with 2 Azure RBAC roles.
1. VM Contributor
2. Virtual Network Reader
I would take these 2 roles and give that person access
The roles can also be scoped to a specific subscription or resource group to limit this access as well
Some customers see these requirements and choose to create a custom role where they take PARTS of the VM Contributor and Virtual Network Reader and combine just the parts that they think are the minimal rights needed to get this user working...and there in lies the problem.
I have NEVER seen a customer do this successfully without many...many hours of work, and then even if you get it working it doesn't work long term.
What I mean is that there may be a feature you read about in the Azure Docs that requires Virtual Network Reader and so you think...I have that! But the feature isn't working.
The reason is because We write our documentation to call out our RBAC roles like Virtual Network Reader...not the sub features of that Role.
So there are parts of the reader role that you didn't give your custom group because when you created the group you didn't need all those features so you didn't include them all...
so now the new Azure feature you are trying to use isn't working because you don't have the rights correct.
If you MUST have a custom role then the way I would do it is this.
Take VM contributor and VNET reader and create a custom role from those COMPLETE RBAC Roles.
then you are covered.
But now I have to ask...why are you taking all the time and effort to do this custom role creation when you can just assign the VM Contributor and VNET Reader to the group and be done in 1 second?
So if you would still like a video on this then I sure can...let me know
#HappyLearning
Really nice explanation Thank you
Awesome, how about this! - th-cam.com/video/XX8sCH6jNCY/w-d-xo.html
If i ping to private ip, do i need to check dns
+jaffer ali I’m not sure what you mean?
If you are pinging the Private IP address DNS is not involved...DNS performs name resolution to IP addresses?
Thanks for the great explanation!
Thanks 👍👍
nice one !
Thanks!