Hi,
I wanted to ask about your experience with hardening Nerdio. The documentation covers the manual steps for Storage Accounts, SQL, and App Service. However, the built-in script "Enable Private Endpoints" seems to do much more, like hardening the Key Vault or even creating a Hybrid Worker VM. Are you performing all the required steps manually, or are you using the script?
Regards
Philipp
Hi Philipp Mair
I'm back to this topic again. I spent a few hours this weekend preparing the existing scripts for my purposes. In my opinion, there are two relevant scripted actions:
These should help to automate some of the necessary steps. I think that these will work in a lab or smaller environments. But in an enterprise environment, the hybrid worker or networks are only deployed by the infrastructure team, and we should use those. That's why I created a script “Enable Hybrid Worker VM” based on the existing script “Create Hybrid Worker VM”.
In addition, I modified the other script to optimize the private DNS zone topic and adapted it so that I can control whether links to the VNet should be created at the end, since in most cases a central DNS resolution is also available, and you cannot link the same zone to a VNet multiple times, so it would not be sustainable.
If necessary, I can share this privately, but I will also discuss it with the team at Nerdio and possibly create a blog article.
Regards,
Stefan
Thanks Stefan Beckmann.
The environment of the customer is currently running with a demo license for a POC and we'll do the POC without hardening Nerdio. So I don't need the script at the moment.
But your version of the script sounds good. Let's see what the team at Nerdio thinks about it :)
Please sign in to leave a comment.
Comments (2 comments)