IT Wiz Technology Blog

Multi-Cloud Architect Study Guide and Resources

Featured by Samuel Mitchell, posted in AWS, Azure, Data Center Virtualization, Microsoft, Network Virtualization, Uncategorized

Introduction

I have created this article to reflect the title which is to provide study resources to prepare for the various Cloud Architect certifications for Oracle, Google Cloud, Amazon Web Services and Microsoft Azure. Each of them brings their own dynamics to the architecture space and has difference focus and value. When you combine the information together, it will make you a well rounded Architect. The only missing piece is the business side because these resources only bring the technology perspective and focus. To fill this gap, I have included other resources from my references who I believe are enlightening the technical community on how to approach Architects with soft skills which is more important than the technical skills (the know how). Resources are from difference sources:

Technical Skills for Cloud Architects from different Cloud Service Providers:

Oracle Cloud Infrastructure 2023 Architect Associate

Oracle Cloud Infrastructure 2023 Architect Professional

Google Cloud Professional Cloud Architect

AWS Solutions Architect Professional

Azure Solutions Architect Expert

Disable IE Enhanced Security Configuration in Windows Server via script

January 26, 2025 by Samuel Mitchell, posted in Azure, Hyper-V, Security, VMware, windows, Windows server

I have always want to use a script to disable Internet Explorer Enhanced Security Configuration (IE ESC) in Windows Server. It is an annoying activity when it is required to perform tasked using the IE in older versions of windows servers.

It is important to note that IE ESC is very important to the security of legacy servers from common past vulnerabilities which is not a risk in current versions of server OS.

This activity must be taken with precaution and on servers with access restriction to the Internet. It is encouraged that IT professional implement all measures to secure the legacy application running on these servers that must be maintained in an segmented or isolated environment. It is the responsibility of the IT professional to use a secure alternative browser after this activity has been performed.

Now here is a batch script to the rescue taken from this Microsoft FAQ that can be runned on all your servers. Save the script in a batch file and run it from the command line.

The script must run as an administrator or a logon script to work since it is making changes to the registry.

Note: The script was created for Windows Server 2003 and 2008. However, it will work for other versions such as Windows Server 2019.

ECHO OFF
REM  IEHarden Removal Project
REM  HasVersionInfo: Yes
REM  Author: Axelr
REM  Productname: Remove IE Enhanced Security
REM  Comments: Helps remove the IE Enhanced Security Component of Windows 2003 and 2008(including R2)
REM  IEHarden Removal Project End
ECHO ON
::Related Article
::933991 Standard users cannot turn off the Internet Explorer Enhanced Security feature on a Windows Server 2003-based terminal server
::http://support.microsoft.com/default.aspx?scid=kb;EN-US;933991
:: Rem out if you like to Backup the registry keys
::REG EXPORT "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" "%TEMP%.HKEY_LOCAL_MACHINE.SOFTWARE.Microsoft.Active Setup.Installed Components.A509B1A7-37EF-4b3f-8CFC-4F3A74704073.reg"
::REG EXPORT "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" "%TEMP%.HKEY_LOCAL_MACHINE.SOFTWARE.Microsoft.Active Setup.Installed Components.A509B1A8-37EF-4b3f-8CFC-4F3A74704073.reg"
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" /v "IsInstalled" /t REG_DWORD /d 0 /f
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" /v "IsInstalled" /t REG_DWORD /d 0 /f
::x64
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432node\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" /v "IsInstalled" /t REG_DWORD /d 0 /f
::Disables IE Harden for user if set to 1 which is enabled
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap" /v "IEHarden" /t REG_DWORD /d 0 /f
REG ADD "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap" /v "IEHarden" /t REG_DWORD /d 0 /f
REG ADD "HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap" /v "IEHarden" /t REG_DWORD /d 0 /f
::Removing line below as it is not needed for Windows 2003 scenarios. You may need to enable it for Windows 2008 scenarios
::Rundll32 iesetup.dll,IEHardenLMSettings
Rundll32 iesetup.dll,IEHardenUser
Rundll32 iesetup.dll,IEHardenAdmin
Rundll32 iesetup.dll,IEHardenMachineNow
::This apply to Windows 2003 Servers
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\Subcomponents" /v "iehardenadmin" /f /va
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\Subcomponents" /v "iehardenuser" /f /va
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\Subcomponents" /v "iehardenadmin" /t REG_DWORD /d 0 /f
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\Subcomponents" /v "iehardenuser" /t REG_DWORD /d 0 /f
::REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" /f /va
::REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" /f /va
:: Optional to remove warning on first IE Run and set home page to blank. remove the :: from lines below
:: 32-bit HKCU Keys
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "First Home Page" /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Default_Page_URL" /t REG_SZ /d "about:blank" /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /t REG_SZ /d "about:blank" /f
:: This will disable a warning the user may get regarding Protected Mode being disable for intranet, which is the default.
:: See article http://social.technet.microsoft.com/Forums/lv-LV/winserverTS/thread/34719084-5bdb-4590-9ebf-e190e8784ec7
:: Intranet Protected mode is disable. Warning should not appear and this key will disable the warning
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "NoProtectedModeBanner" /t REG_DWORD /d 1 /f
:: Removing Terminal Server Shadowing x86 32bit
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap" /v "IEHarden" /f
:: Removing Terminal Server Shadowing Wow6432Node
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap" /v "IEHarden" /f

The script may display errors for some commands depending on the versions of Windows servers due the registry keys not used in that versions.

Most importantly, ensure to verify the settings changed for the Internet Explorer ESC.

Storage Redundancy in Azure

August 1, 2024 by Samuel Mitchell, posted in Azure, Microsoft, windows, Windows server

In general computing, storage is a very important component of a systems because it is where all the data is stored on a systems. With this reason, it is important that when moving workloads to the Cloud, storage is a critical part of the discussion.

In this article, the focus will be on storage redundancy options in the Azure and how it works.

There are four (4) basic storage redundancy options in Azure:

Locally Redundant Storage (LRS)
Zone-Redundant Storage (ZRS)
Geo-Redundant Storage (GRS)
Geo-Zone Redundant Storage (GZRS)

To better understand how the storage redundancy, a few terms will need to be defined:

Region – it is a large geographical area. For example California or Virigina (in Azure it is referred to as West US and East US respectively)

Availability Zones (AZ) – it is a logical set of one or more datacenters within a single region. The AZ shares the same network, power and cooling which is a single point of failure for the AZ. Every Region will have alteast 1 AZ and atmost 3 AZes.

Now, I am will be going over the storage redundancy.

Locally Redundant Storage (LRS)

Within one Availability Zone, there are muliple racks of servers with storage that will support the redundancy as required. The LRS takes advantage of these storage, by making 3 copies of the data across three (3) independent storage within a datacenter (Availability Zone).

The LRS protects against system level failures which includes server and disk within a datacenter.

Zone-Redundant Storage (ZRS)

The next level of storage redundancy is ZRS which has three (3) copies of your data across three(3) availability zones (data centers). This storage redundancy protects the data against datacenter level failures which is affected by network or power outage.

For the remaining storage redundancy, the replication to the secondary region is based on the primary region selected using the region pair. Additionally, the next redundancy will need to be activated for the service to be back online.

Geo-Redunant Storage (GRS)

This storage redundancy method utilizes the LRS as part of it functionality. The data is replicated across two regions where three (3) copies of the data is created within each region. This redundancy not only increase the data available against systems failures but also against regional outage affected by natural disasters namely earthquakes, floods or hurricanes.

Geo-Zone Redundant Storage (GZRS)

This storage redundancy is similiar to the GZS except that the primary region use the ZRS instead of the LRS method. The benefits of redundancy GZRS verse GRS is that when there is a datacenter level failure in the primary region, the data will still be available and failover to the secondary region will not be necessary.

Limitations

Not all storage redundancy are available for all storage account type. An example is the Premium Azure Files which uses SSD-backed storage and only supports LRS and ZRS.

Conclusion

For each of the storage redundancy, selecting the right option will be based on business requirements and cost. It is important to assess the impact to the buiness and choose the option that balance cost and availability to keep the business operational.

Reference:

https://learn.microsoft.com/en-us/azure/storage/files/files-redundancy

Improving the Resilence of Azure VM Disk

July 16, 2024 by Samuel Mitchell, posted in Azure, Microsoft, windows

In Microsoft Azure there are many features available to improve the resilience of your Azure resources. In this article, I am going to focus on the resilience of an Azure VM Disk.

Let me paint a scenario where a Azure VM was created with a disk as LRS (locally redundant storage). The risk with the LRS is the disks are only protected against physical failures within a single datacenter such as server rack or drive failure. However, to increase the resilience of the VM disk against datacenter failures, I recommend that it is configure as ZRS (zone-redundant storage).

To convert a disk from LRS to ZRS, the correct procedure must be followed based on whether the disk is zonal or regional. To check this state, run the following command:

Azure CLI:

az disk show –name [DiskName] –resource-group [RGName]

If the zone parameter is empty, it is an indication that it is regional otherwise it is zonal.

The disk locality will be determine which method is applied to convert the disk from LRS to ZRS. Once verified as regional continue to the next steps to start the process.

For regional disk, it is necessary to only deallocate(shutdown) the Azure VM and then convert the disk using the commands:

Firstly, gather the Azure VM and disk information and create variables to store these values:

$RGName='ResourceGroupName'

$vmDiskName='VMDiskName'

$vmSize='Standard_DS_v2'

$diskSKU='Premium_ZRS'

Get the Parent VM Id (required for sizing of the VM if disk type is changed from Premium to Standard)

$vmId= $(az disk show \

–name$vmDiskName \

–resource-group $RGName \

–query manageBy \

–output tsv)

Stop the Azure VM in preparation for disk conversion

az vm deallocate --ids $vmId

Upgrade the Azure VM size (this step is critical that VM size can support the disk SKU or the disk conversion may fail)

az vm resize –ids $vmId –size $vmSize

Convert the disk from LRS to ZRS:

az disk update –name $vmDiskName –sku $diskSKU –resource-group $RGName

Start up the VM:

az vm start –ids $vmId

If the disk is zonal:

a snapshot of the original disk will need to be created.
Then a new disk will be created from the snapshot.
when the disk is created, a new VM will be provisioned with this new disk atached.

I hope this article assist with the steps to convert a disk from LRS to ZRS.

Reference:

Disk Migration LRS to ZRS

Securing the Microsoft OneDrive share

July 4, 2024 by Samuel Mitchell, posted in Microsoft, windows

Microsoft has provided a method to easily and conveniently share documents with other persons that are stored within your OneDrive.

How?

This capability creates a shared link which can be sent via email or shared with the person directly.

Security

With this capability, it is important that users takes precaution when sharing their information with others, especially if it is company related.

I recommend the following guidelines when using these capabilities:

1. Verify the email address of the person you are sharing the files with. This email address will be used to validate the access to that share link using access code to the email.

2. Set the correct level of access such as “can view” (which is read-only). If they don’t need to edit the files, then apply the least privilege, which is read only. It protects the files from getting modified uncessarily.

3. Establish a timeline that the person will be assessing the information and set it on the shared link. This ensures the expiration of access without human’s intervention.

4. Dont share the entire drive, all the files should be placed in a folder and the shared link created from there. It limits the access to only that folder and even if it is compromised, it is restricted to that folder only. An additional benefit is that it gives you the flexibility to share additional information with the same party. You can simply drop that files in that folder, and it is readily available to them.

It is important to note that this shared link from OneDrive is publicly accessible, which means that it will be accessed from the internet. The only safeguard is the access permissions configured as recommended.

Why?

The OneDrive is a public file storage service which provides local access on the computer.

Other OneDrive features for Business

The OneDrive for Business or organizations that uses SharePoint, there is an additional settings for restricting access based on location using the location-based policy. This setting is only configurable by administrators, and it is set on a wider scale.

There are more features which will not be discussed in this article. You can check out the Mircrosoft Learn for further details.

Resizing a Ubuntu Linux VM in Hyper-V

June 4, 2024 by Samuel Mitchell, posted in Data Center Virtualization, Hyper-V

I had a Ubuntu VM with disk size of 12GB running in an Hyper-V environment on the physical server with limited disk space. I discovered that the VHDX disk space was not enough to run the applications I was installing on it.

In order to resolve this challenge, I had to increase the disk size of the VHDX disk and then increase the disk partition within the VM.

To increase the virtual disk size, I use the powershell command:

Resize-VHD -Path "VHDX disk location" -SizeBytes 60GB

2. Then I proceed to log into to Ubuntu VM

3. Open a bash shell

4. To view the partition to increase, run the command as a root:

sudo fdisk -l

if the command is not installed, you need to run the following command first:

sudo apt install cloud-guest-utils

5. When the partition is identified, use it in the next command to expand partition into free space:

sudo growpart /dev/sda 1

Note: space between the partition and id

6. Then this command will resize the partition:

sudo resize2fs /dev/sda1

Note: no space between partition and id

7. Dont forget the final step to reboot the ubuntu VM for the command to take effects. This is critical because it did not work until I did this step.

I hope this helps someone who support linux.

Oracle Cloud Infrastructure 2023 Architect Associate Study Resources

October 10, 2023 by Samuel Mitchell, posted in architecture, Oracle Cloud Infrastructure

I have created this blog to share resources used to prepare for my Oracle Cloud Infrastructure Architect Associate Exam. The exam will be done using Online proctoring which will be my first time. Unfortunately, I am unable to take advantage of the test center option because it is not available using the Race to Certification program. As a result, I end up scheduling the exam at my work office because I have no proper enclosed sound proof room in my house to do a proctored exam.

Exam Number: 1Z0-1072-23

https://education.oracle.com/oracle-cloud-infrastructure-2023-architect-associate/pexam_1Z0-1072-23

https://mylearn.oracle.com/ou/learning-path/become-an-oci-architect-associate/122195

Passing this exam is required to earn these certifications. Select each certification title below to view full requirements.
Oracle Cloud Infrastructure 2023 Certified Architect Associate

Exam Format: Multiple Choice

Duration: 90 Minutes
Exam Price: $245
Number of Questions: 55
Passing Score: 65%
Validation: This exam has been validated against Oracle Cloud Infrastructure 2023
Policy: Cloud Recertification

Review exam topics

The following table lists the exam objectives and their weightings.

Objectives	% of Exam
Compute	20%
Networking	28%
Storage	22%
Observability and Management	8%
Identity and Access Management	10%
Security	12%

Compute [20%]

Select appropriate computing choices
Configure compute instances
Configure Autoscaling
Describe OCI compute image options
Describe and configure OS Management
Understand Infrastructure Maintenance

Networking [28%]

Implement and manage Virtual Cloud Networks
Describe public and private subnets
Describe public and private IP addresses and virtual NICs
Configure Virtual Cloud Network Routing and Gateways
Configure Security Lists and Network Security Groups
Implement and manage VCN connectivity
Understand VCN connectivity options
Configure site-to-site VPN
Describe Fast connect
Configure Local and Remote Peering
Configure DNS and Traffic Management
Describe Public and Private DNS zones
Configure Traffic Management
Explain Load Balancing
Describe and configure a layer-7 Load Balancer
Describe and configure a layer-4 Network Load Balancer
Understand Network Command Center Services
Understand Inter-Region Latency
Understand Network Visualizer

Storage [22%]

Deploy and manage Block Storage
Understand Block Volume performance tiers
Deploy Block and Boot Volumes
Configure Volume Groups, Backups, Clones
Configure cross-region replication
Configure and manage Object Storage
Understand Object Storage tiers
Describe Object Storage Security
Implement Object Storage versioning, life cycle management, and retention rules
Configure Multipart uploads
Understand Object Storage replication
Implement and manage File Storage
Configure File Storage
Describe File Storage Security
Understand File System Snapshots and Cloning
Understand File System usage and metering
Understand File Storage replication

Observability and Management [8%]

Understand Observability and Management platform
Configure Monitoring and set alarms
Configure Logging

Identity and Access Management [10%]

Understand AuthN and AuthZ
Implement compartments
Implement conditional and advanced policies
Configure Dynamic Groups and Tag based access control

Security [12%]

Understand security services
Configure Cloud Guard, Security Zone, and Security Advisor
Describe and Configure OCI Vault
Describe and Configure Web Application Firewall and Certificates

Microsoft Certification Learning Resources

May 31, 2023 by Samuel Mitchell, posted in Azure, Exchange, Microsoft, windows, Windows server

This article was created for me to keep track of the Microsoft Learning resources available to acquire the knowledge needed to prepare for the Microsoft Certifications.

The material includes preparation for following certifications:

AZ-900
AZ-104
AZ-800/AZ-801
AZ-500
AZ-700
AZ-305
AZ-400
AZ-140
SC-300
MS-900
MS-500 (expires June 30, 2023)
MS-100/ MS-101 (expires July 31, 2023) / MS-102
AI-900
AI-102
DP-900
DP-420
DP-300

Microsoft Learn
https://learn.microsoft.com/en-us/

Microsoft Learning Lab Exercises
https://github.com/MicrosoftLearning

Microsoft Azure Connected Learning Experience (CLX)
https://clx.cloudevents.ai/events/39366311-ad15-4b90-9364-0252213842fa

Microsoft Partner Training
https://partner.microsoft.com/en-us/training/training-events

MS365 Lab Resources for Microsoft Partner
https://transform.microsoft.com/modernwork/partner

Microsoft Learn Lab Exercise
https://microsoftlearning.github.io/AZ500-AzureSecurityTechnologies/
https://microsoftlearning.github.io/MS-500-Microsoft-365-Security/
https://microsoftlearning.github.io/SC-300-Identity-and-Access-Administrator/
https://microsoftlearning.github.io/AZ-104-MicrosoftAzureAdministrator/

https://microsoftlearning.github.io/AZ-305-DesigningMicrosoftAzureInfrastructureSolutions/

https://microsoftcloudworkshop.com/

https://microsoftlearning.github.io/AZ500-AzureSecurityTechnologies/

https://microsoftlearning.github.io/AZ-140-Configuring-and-Operating-Microsoft-Azure-Virtual-Desktop/

https://microsoftlearning.github.io/AZ400-DesigningandImplementingMicrosoftDevOpsSolutions/

Microsoft Simulation Guide

https://mslearn.cloudguides.com/en-us/guides/AZ-900%20Exam%20Guide%20-%20Azure%20Fundamentals
https://mslabs.cloudguides.com/guides/DP-900%20Exam%20Guide%20-%20Azure%20Data%20Fundamentals
https://mslabs.cloudguides.com/guides/AI-900%20Exam%20Guide%20-%20Azure%20AI%20Fundamentals

https://mslabs.cloudguides.com/guides/AZ-104%20Exam%20Guide%20-%20Microsoft%20Azure%20Administrator

https://mslabs.cloudguides.com/guides/AZ-700%20Lab%20Simulations%20-%20Designing%20and%20implementing%20Microsoft%20Azure%20networking%20solutions

https://mslabs.cloudguides.com/guides/AZ-800%20Lab%20Simulations%20-%20Administering%20Windows%20Server%20Hybrid%20Core%20Infrastructure

https://mslabs.cloudguides.com/guides/AZ-801%20Lab%20Simulations%20-%20Configuring%20Windows%20Server%20Hybrid%20Advanced%20Services

https://mslabs.cloudguides.com/guides/DP-300%20Lab%20Simulations%20-%20Administering%20Microsoft%20Azure%20SQL%20solutions

https://mslabs.cloudguides.com/guides/AI-102%20Lab%20Simulations%20-%20Designing%20and%20implementing%20a%20Microsoft%20Azure%20AI%20solution

https://mslabs.cloudguides.com/guides/DP-420%20Lab%20Simulations%20-%20Designing%20and%20implementing%20cloud-native%20applications%20using%20Microsoft%20Azure%20Cosmos%20DB

Third party resources:

John Savill – https://learn.onboardtoazure.com/

Susanth Sutheesh – https://www.aguidetocloud.com/

Microsoft Azure Paid Labs environment and Training – ACloudGuru.com

I will update this list as times progresses and the information changes.

Disclaimer: all information is provided as is and if there are any changes Microsoft website is the ultimate authority and the respective producers.

CCNA 200-301 Preparation Tools

April 22, 2023April 24, 2023 by Samuel Mitchell, posted in Cisco, Routing & Switching

This article is created to assist in providing the resources required to prepare for the CCNA 200-301 exam.

The list of resources I find helpful are:

Wendell Odom’s Blog – it has a lot of practice labs questions for Packet Tracer or Cisco Model Labs
CCNA Exam Topic Guide – get the exam topics for the CCNA exam 200-301
Cisco Packet Tracker – the Cisco CCNA Lab simulator tool
Cisco Model Labs (CML) – the Cisco DevNet Sandbox which can be used to create labs for a reserved time up to 4 hours – more advance emulator
Cisco Model Labs Enterprise – similar to CML but it allows reservation up to 2 days.
CCNA 200-301 Official C er t Guide Library – the official Cisco CCNA book and prep test exam engine to prepare for the exam
CCNA 200-301 Video Training – video training going through the exam topics
CCNA 200-301 Exam Prep Video – video exam prep guide going through the exam topics

AZ-305 – Microsoft Azure Solution Architect Study Resources

February 12, 2023 by Samuel Mitchell, posted in Uncategorized

I wanted to share the resources that I used to prepare for the AZ-305 Microsoft Certified: Azure Solutions Architect Expert.

I will update this list as I gather more resources.