Monday, January 16, 2023

ChatGPT to author Bicep templates?

I'm sure that by now many have heard about ChatGPT. If not, ChatGPT is a large language model developed by OpenAI. It is based on the GPT (Generative Pre-training Transformer) architecture, which was trained on a massive amount of text data to generate human-like text. ChatGPT is fine-tuned to perform specific language tasks such as answering questions, generating text and more. It uses the latest advances in neural network technology to understand and respond to natural language input in a way that mimics human conversation. It can be used for various applications such as chatbots, automated customer service, language translation and more.

I took ChatGPT for a spin to see how accurate and detailed it would be to write (Infra as) Code. Somehow Bicep felt like a good candidate! (in case you don't know why, follow this link 😊)

The first question I asked was to author a simple Bicep template to create a Vnet.

No alt text provided for this image

I was blown away by the initial response which came back instantly! That looks awesome for a first try! Do note that ChatGPT says Bicep is still in preview. The reason is that ChatGPT is trained on a large dataset of text data that was current as of 2021, so it may not have information that is more recent than that. The training data used to build the model is also constantly being updated, so the information available to ChatGPT may change over time.

Also note that ChatGPT gave some advise on network designs as well, how cool is that!

A best practice however would be to use a parameter instead of 'resourceGroup().location'. So lets tell ChatGPT to adapt to that and also tell it to to make resourceGroup().location the default value of the parameter.

No alt text provided for this image

That was easy! Next, we'll tell it to use a different API version when dealing with VNets.

No alt text provided for this image

There we go. Finally, lets see if it can also generate a parameters file with a couple of sample values. Of course it can!

No alt text provided for this image

And this is just scratching the surface on what ChatGPT is able to do based on a simple example, there is so much more!

ChatGPT can help with writing code by providing code snippets, examples, and templates for a specific programming language or framework. It can also help with troubleshooting errors by providing solutions to common problems. Additionally, ChatGPT can assist with understanding the proper syntax and usage of a particular command or function by providing explanations and documentation.

ChatGPT can also help with writing code by providing suggestions for code improvements and better practices and by suggesting alternative ways to implement a certain functionality. It can also help with understanding and working with complex code by providing explanations of the code's behavior and providing examples of how to use it.

It's important to note that while ChatGPT can help with writing code, it's not a replacement for human programmers. ChatGPT can provide suggestions and examples, but it can't replace the experience and understanding of the problem domain that a human developer has.

Strong advise: do not blindly trust AI generated code for production environments. Use AI to assist you, not to replace you.

And guess what...part of this article was actually written by ChatGPT itself! Did you notice that? The possibilities are endless and I'm looking forward to test driving this some more! What are your thoughts?

Monday, July 11, 2022

RDP Shortpath in action!

 What is RDP Shortpath?

RDP Shortpath is all about offering better reliability and consistent latency for Azure Virtual Desktop (AVD). For a regular AVD session, all traffic is always tunneled through a gateway that is hosted by Microsoft as part of the AVD Service in Azure. RDP Shortpath allows direct RDP traffic from client to host and, after authentication and authorization, essentially bypasses the Gateway.

You might be familiar with the RD Gateway role as part of Remote Desktop Services. This role provides a similar service as it also tunnels RDP Traffic from the RD Client towards the RD Session host by only requiring outbound TCP traffic over 443 (SSL). There are distinct differences however. First, the AVD Gateway is hosted and controlled by Microsoft so you don’t see it in your subscription and it is managed and maintained for you. Second, AVD Gateway does not require you to open port 3389 from gateway to host as the AVD Agent on the host only requires outbound ports. The latter is called reverse connect and allows full separation between the gateway and host. Very important from a security standpoint of course.

Why is this important to the topic of RDP Shortpath? The AVD Gateway only support RDP-TCP, meaning we cannot leverage RDP-UDP. If you’ve worked with RDS before, you’ll know that having RDP-UDP available significantly boosts the overall RDP experience. This is especially the case how graphics intensive applications or applications that are latency-sensitive. Ever since the release of AVD (and before that WVD), there has been a big ask for RDP-UDP and it has been on the radar and roadmap for some time.

With RDP Shortpath, Microsoft delivered this promise. This allows for direct communication from the AVD Client to the AVD host. This reduces round-trip time, improving user experience, especially with latency-sensitive applications. RDP Shortpath does not replace reverse connect as all session brokering is still performed by the AVD Control Plane.

RDP Shortpath comes in two different options

The first option is RDP Shortpath for managed networks. For this option your AVD Clients needs direct TCP port 3389 to the host. This option is mostly ment for trusted connections like Express Route and Site-To-Site VPN. You can also use a public IP on the host, but for security reasons I would advise against that. More information on the setup and the requirements can be found here: Azure Virtual Desktop RDP Shortpath for managed networks.

The second option is Azure Virtual Desktop RDP Shortpath for public networks, which is currently into public preview. For this option, no TCP port 3389 to the host is required and as a result, a private network like Express Route or Site-To-Site VPN is also not required. More information on the setup and the requirements can be found here: Azure Virtual Desktop RDP Shortpath for public networks (preview).

Although RDP Shortpath for public networks is still into public preview (Microsoft recommends to not use it for production yet and configure it on a validation host pool), my experiences with the feature have been super great so far.

Enable RDP Shortpath for public networks preview

To participate in the RDP Shortpath for public networks preview, all you have to do is add the registry entry ICEControl as shown below.

REG ADD “HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations” /v ICEControl /t REG_DWORD /d 2 /f

And to disable RDP Shortpath for public networks preview, simply remove the ICEControl registry entry as shown below.

REG DELETE “HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations” /v ICEControl /f

Confirm RDP Shortpath is operational

Once enabled, the easier way to confirm that RDP Shortpath for public network is working (also applies to managed networks) is by clicking on the Connection information in the blue bar. As you can see below, it says ‘UDP is enabled’ and the further down states UDP as the transport protocol.

Putting RDP Shortpath to action

Over time, I have performed several tests with RDP Shortpath both for Public as well as for private networks, even when RDP Shortpath was still in technical preview. A subset of those videos are available on my YouTube channel.

In my most recent test from last week, I took RDP Shortpath for Public Networks to the test using an NVads A10 v5-series Session Host in Azure Virtual Desktop. These VM’s are powered by a NVIDIA A10 GPU. What’s also great about the NVads A10 v5 series is that it allows you to select models with a partial GPU. So for scenarios where a full A10 GPU is not required, you can also select a size with 1/2, 1/3 or even 1/6 of a GPU. Back in March of this year, when this new series was still ito preview, Michel Roth (Microsoft Azure HPC team), wrote a great article called Why the NVads A10 v5 series lowers AVD costs even further which contains interesting insights into the benefits and costs.

Back to my test case. To testdrive RDP Shortpath on the GPU enabled machine in a fun way, I used GTA5 running inside the AVD Session Host! The results were amazing. As you can see in the screenshot below the round trip latency was only 8ms and 49 frames per second. During this test run the frames per second fluctuated between 46 and 50 frames per second.

Want to see it in action? below is a link to the video I published last week! AVD — GPU — RDP Shortpath demo, with GTA — YouTube

Tuesday, July 5, 2022

Parallels RAS 19 Expression based filtering and Multiple Multi-factor Authentication (MFA) providers!

 This is article number three in a series I’m publishing on Parallels Remote Application Server version 19. In the previous two articles I discussed support for Let’s Encrypt and integration with MSIX app attach.

Expression based filtering & policies

Multiple Multi-factor Authentication (MFA) providers.

Wednesday, June 8, 2022

Parallels Remote Application Server version 19 now supports Let’s Encrypt!

 On June 1st 2022 Parallels released Remote Application Server 19 Public Preview! This version comes with a lot of new exciting features! In a previous article I focused on the MSIX app attach support. In this article I want to address the support for Let’s Encrypt!

  1. You need a publicly accessible domain that resolves to the Secure Gateway directly or through third-party load balancers.
  2. On the the Secure Gateway, port 80 must be opened for incoming Let’s Encrypt requests

Wednesday, June 1, 2022

Parallels Remote Application Server version 19 Public Preview!

 Parallels just released Remote Application Server 19 Public Preview! This version comes with a lot of new exciting features!

  • Amazon Web Services (AWS) as a cloud provider — Parallels RAS 19 extends the list of supported cloud computing providers by integrating with Amazon EC2. This integration will allow customers to utilize RAS Templates based on Amazon EC2 instances and build hybrid and cloud environments with a unified administrative and end-user experience.
  • MSIX app attach Integration — Parallels RAS 19 provides a new and modern application delivery method — Application Packages, based on MSIX app attach. This App Layering technology enables customers to separate applications from the core operating system and deliver applications to users dynamically. This makes it easier to create a RAS template and get more control by providing the right application for the right user.
  • Let’s Encrypt Certificate Management — Let’s Encrypt (LE) is a global Certificate Authority (CA). This organization behind LE is non-profit and provide free SSL/TLS certificates with each certificate valid for 90 days, thus requiring to be renewed during the period. Parallels RAS 19 includes automated certificate management which provides the ability to issue, renew and revoke certificates directly from the RAS Console.
  • Parallels Client for Windows on ARM64 — Parallels Client for Windows has been rebuilt and optimized to natively run on machines that are powered by ARM64 processors which were created to be more lightweight and power-efficient.