https://wire.zerotrust-network.de/posts/Recent content in Posts on The Cloud WireHugo -- gohugo.ioen-usThu, 28 May 2026 00:00:00 +0000https://wire.zerotrust-network.de/posts/private-link-service-to-onprem-sql/Thu, 28 May 2026 00:00:00 +0000https://wire.zerotrust-network.de/posts/private-link-service-to-onprem-sql/Introduction Picture a data platform in an isolated VNet. It needs to read from SQL Servers that still live on-premises. You can’t peer to the hub, because the address space overlaps. The only way out of that VNet is a Private Endpoint. So you reach for Private Link. One Private Link Service and one Private Endpoint per SQL Server. It works for the first one. By the fourth, every new backend is its own approval, its own DNS record, and another line on the bill.https://wire.zerotrust-network.de/posts/sharding-azure-private-dns-zones/Tue, 28 Apr 2026 00:00:00 +0000https://wire.zerotrust-network.de/posts/sharding-azure-private-dns-zones/TL;DR Split your one flat private DNS zone (zerotrust-network.de) into per-team or per-environment shards (infra.zerotrust-network.de, apps.zerotrust-network.de, and so on), then put an Azure DNS Private Resolver in the hub to glue them back together. The reason to shard is blast radius and admin scope, not scaling. Each shard becomes its own RBAC and lifecycle boundary. Each shard is registration-linked to as few VNets as possible (typically the one VNet whose workloads it represents) and resolution-linked to the hub VNet.https://wire.zerotrust-network.de/posts/delivering-anycast-dns-azure/Sun, 20 Jul 2025 00:00:00 +0000https://wire.zerotrust-network.de/posts/delivering-anycast-dns-azure/Originally published on LinkedIn. Introduction In my previous blog, I walked through how to deploy Anycast DNS with Infoblox Universal DDI on AWS using Cloud WAN. That design showed how enterprises can build a globally available and resilient DNS fabric by combining centralized Infoblox management with AWS’s global networking backbone. As promised, in Part Two, we shift focus to Microsoft Azure. Many of the customers I work with operate hybrid or multi-cloud environments, and a common pattern I see is that the DNS challenges on AWS also appear on Azure.https://wire.zerotrust-network.de/posts/delivering-anycast-dns-aws/Sun, 15 Jun 2025 00:00:00 +0000https://wire.zerotrust-network.de/posts/delivering-anycast-dns-aws/Originally published on LinkedIn. Introduction Over the past few months, in conversations I’ve had with enterprises running workloads across multiple regions and hybrid clouds, one theme kept coming up: DNS keeps biting them. Everyone wants the same thing: consistent, resilient DNS services that just work everywhere. But when you start layering in multi-cloud topologies, global reach and the need for fast failover, Anycast DNS quickly shifts from “nice to have” to “hard to manage.