I am wondering if we can use P4 client to access Vault server? Are those two interoperable?
No, you need a P4 client to access a P4 server, and a Vault client to access a Vault server.
You can, however, use both environments at the same time individually to keep both repositories synched up. Set the Working directory from the vault (inherit sub-directories) to the same/main directory layout used in Perforce.
Related
Maybe I'm going about this the wrong way, but I uploaded an SSH key to my Key Vault and am trying to pass this to an SFTP-SSH connection in my logic app.
However, when I try to put the secret value into the SSH private key field of the connection, it doesn't bring up the Dynamic variables form. I'm guessing this might be because the API Connection is a separate object outside the Logic App?
Is there a way for me to pass the ssh key from the key vault to the SFTP connection? Whether it's in the logic app or not. I want to be able to deploy this solution without re-entering the key manually into the API.
I actually found this video where the guy looked like he's going to do exactly this type of flow, but it looks like part 1 of the video and there's no part 2 where the actual execution of this happens:
https://www.youtube.com/watch?v=5W8g0KER8RM
You cannot do this from the portal.
The youtube video you refer to is to allow ease of deployment using arm templates. Sadly the 2nd part of the video is not available.
If you are using the portal, you need to setup the connection the first time. This is also secure as no one can see the credentials once the connection is made. But this is not ok when you have to redeploy the logic app to multiple environments in which case you need to manually setup the connection credentials each time. To make this task easy, you setup the SSH keys as shown in the video, and then configure an arm template to use the secrets from the key vault.
You can check the Microsoft forum answer to the same question HERE.
I am trying to set up AAD Connect to synchronise our in-house LDAP user directory with the Azure AAD. Documentation says to use AAD Connect, and that while Microsoft would (of course) prefer you have Active Directory locally to link to, it should also work with an SQL or LDAP backend, though the only instructions I can find are a year out of date. In any case, we are a linux house and do not have AD internally.
Possibly I need an older version of AAD Connect (1.1.649?) but am unable to find this anywhere.
Does anyone have any instructions on how we can configure AAD Connect to work with anything but a local Active Directory?
I have seen this blog posting, but it does not match the current AD Connect software. https://blog.kloud.com.au/2017/11/03/generic-ldap-connector-for-azure-ad-connect/
There is a trick to doing this.
Install local Active Directory
Install AADConnect linking to local AD and Azure AD
When install has completed, run the ADConnect Synchronisation Service (UIShell) configuration app
This then allows you to define an LDAP connector, and remove the unnecessary local AD one
Now you need to define rules using the Synchronisation Rules Editor to trigger updates, creates or deletes
Now you need to set up profiles in the Synchronisation Service for Full Import and for Sync on each source.
This is not trivial but there is more information here: https://learn.microsoft.com/en-us/microsoft-identity-manager/reference/microsoft-identity-manager-2016-connector-genericldap
Don't run the install wizard as it only allows you to configure replication to a local AD, which is pointless as you can set up federation in this case.
An alternative, now available, is to install the AAD Domain Services object in Azure. This is, in effect, AD+ADConnect in a managed box, and will give you an LDAP endpoint to AD. You can then use LDAP replication of some sort to synchronise this with your local LDAP, or else use it directly for authnz.
Drawbacks are that is is, of course AD LDAP and has a strange structure; and the LDAP password synch only happens when the passwords are updated in AAD. And you cant extend the schema locally. However it may be enough if authentication and groups are all that is required.
I have an SSIS package with a dtsConfig file that contains a user id and password. The package has a password (EncryptAllWithPassword) which provides some measure of protection when opening in BIDS or creating SQL Agent jobs.
My question is, can the configuration file (package.dtsConfig) itself be secured? Anyone with access to the deployment folder could view its contents, which doesn't seem very secure.
You are correct and that's one of my issues with using an XML file for holding secure contents. To protect it, you'd need to use Access Control Lists, ACL, and deny rights to everyone but the service account that runs the SSIS package.
In environments where we used file configuration, our deployment strategy would look something like
\server\SSIS\Packages\Project
\server\SSIS\Configs
That way developers could see what is current deployed because we'd grant read access to the Packages folder and deny access to the Configs folder.
2012+ with the Project Deployment Model gets this right with their built-in encryption for the SSISDB Environments and the ability to mark entities as Sensitive.
Is DirSync a must for AD FS hosted on Azure Virtual Machines?
I keep reading Azure solution with DirSync. Is it absolutely impossible to federate directly without syncing active directory.
I am looking to implement Federated Web SSO on Azure, it would be a huge set back having to sync client Active Directories.
Yes, you will need DirSync for AD FS to function properly with Azure. What's the setback, specifically? The only real caveat I can find is a 300,000 object limit, not sure if that's per domain but it seems they're open to lifting the limit if you contact support.
If it's the setup you're concerned about, it's pretty basic. You will likely need clients to provision a VM, but that's not crazy talk or anything. Here's a few (short) TechNet articles to walk you through it:
Prepare for directory synchronization
Active directory synchronization
Install or upgrade the Directory Sync tool
Synchronize your directories
I'm preparing a laptop to take with me while travelling, so all my user data is encrypted using EFS in case someone decides to steal it. I also need to set up a couple of local sites for development with IIS. If I turn off encryption on the wwwroot of a site, IIS can serve it just fine. However, I really would like to be able to use encryption here as well.
I've tried these steps:
http://support.microsoft.com/kb/243756
When I try to view the local site in IE, I get a login dialog as expected, but it doesn't accept my credentials, although this is the account I use to encrypt the served files. Has anyone tried this and got it to work?
EFS and IIS really don't play nicely together. The IIS services (typically) runs under "Network Service" which doesn't have access to your user account's EFS decryption key.
You have two options with IIS:
Run "IIS Admin Service" and "World Wide Web Publishing Service" as your personal account, along with running any web site's anonymous user as this account.
Flag the InetPub directory as Never Encrypt.
#1 is obviously the best bet for security/encryption purposes, but its going to be a challenge to set up the appropriate rights for your account to run these services.
You might want to consider just using Visual Studio's built in web server (Cassini) which gets aroung the encryption problem since it runs as your personal account, but it does have some of its own issues.
Full hard drive encryption sounds more appropriate. I've had good results with the free version of CompuSec from
http://www.ce-infosys.com/english/downloads/free_compusec/
Thanks for the answers -- I've now decided to take the easy route and put all my web files in a TrueCrypt volume that I'll mount whenever I need to work on any local web sites, together with any database data. This is definitely the safest as far as I can see.