author:

name:"Nicola Delfino"

avatar:"/assets/images/bio-photo.jpg"

bio:"I meet people, I do things for @Microsoft. My opinions and my tweets are my own, not the views of my employer and should NEVER be taken seriously."

bio:"I meet people, I do things for @Microsoft :). My opinions and my tweets are my own, not the views of my employer and should NEVER be taken seriously."

location:"Italy"

email:"nicola.delfino@outlook.com"

uri:

home:# null (default), "absolute or relative url to link to author home"

links:

-label:"Twitter"

icon:"fab fa-fw fa-twitter-square"

url:"https://twitter.com/nicoltwit"

-label:"Facebook"

icon:"fab fa-fw fa-facebook-square"

url:"https://facebook.com/nicola.delfino"

-label:"Buy me a coffee"

icon:"fas fa-fw fa-coffee"

url:"https://www.buymeacoffee.com/nicolcoffee"

-label:"GitHub"

icon:"fab fa-fw fa-github"

url:"https://github.com/nicolgit"

-label:"Linkedin"

icon:"fab fa-fw fa-linkedin"

url:"https://www.linkedin.com/in/nicoladelfino"

-label:"X"

icon:"fab fa-fw fa-twitter"

url:"https://x.com/nicoltwit"

-label:"Facebook"

icon:"fab fa-fw fa-facebook-square"

url:"https://facebook.com/nicola.delfino"

-label:"Instagram"

icon:"fab fa-fw fa-instagram"

url:"https://instagram.com/nicolgramm"

-label:"Flickr"

icon:"fab fa-fw fa-flickr"

url:"https://flickr.com/photos/15216811@N06"

-label:"Linkedin"

icon:"fab fa-fw fa-linkedin"

url:"https://www.linkedin.com/in/nicoladelfino"

footer:

links:

title:"Converting JPEG Images to Animated GIF using PowerShell and FFmpeg"

date:2025-08-08 10:00

tags:[powershell, ffmpeg, gif, automation, image-processing]

excerpt:"Learn how to create animated GIFs from a sequence of JPEG images using a PowerShell script and FFmpeg. Perfect for creating smooth animations from image sequences."

header:

overlay_image:https://live.staticflickr.com/65535/54686926861_527ec886b1_h.jpg

caption:"Photo credit: [**nicola since 1972**](https://www.flickr.com/photos/15216811@N06/54686926861)"

Creating animated GIFs from a sequence of images is a common task in digital content creation, whether you're building tutorials, showcasing animations, or creating engaging social media content. In this post, I'll walk you through a PowerShell script that automates the conversion of JPEG images to animated GIFs using FFmpeg.

You'll need FFmpeg installed on your system.

Here's the PowerShell script that handles the entire conversion process:

To use this script, ensure your JPEG files are numbered sequentially (01.jpeg, 02.jpeg, etc.) in the source directory, then call:

This creates a slow-motion GIF (0.5 fps) from images in the "welcome" directory.

Whether you're creating technical documentation, social media content, or presentation materials, this script can save you significant time while ensuring consistent, high-quality results.

title:How to quickly deploy a test web server on an Azure VM

date:2025-06-15 10:00

tags:[Azure, Virtual Machine, Portal, web server, custom script extension]

For my**Labs**, I often need to create and build virtual machines.**Many virtual machines** :-). One of the most "popular" machine recently is for me the web server. The requirement for my needs is often very simple:**create a web server that responds on port 80, that is able to make me understand "what machine I’m interacting with"**, so, the ideal response message to the request*http://my-machine-ip* should be "*myMachineName*".

Once the machine is created, go to Azure Portal > virtual machines >`vmname` > run command > run powershell script

type:

click**Run**

After a couple of minutes the script will be executed, and IIS will be provisioned and working.


Once the machine is created, go tpo Azure Portal > virtual machines >`vmname` > run command > run linux shell script

type:

sudo apt-get update

sudo apt-get install -y nginx

sudo rm /var/www/html/index.html

echo$HOSTNAME| sudo tee /var/www/html/index.html

click**Run**

After a couple of minutes the script will be executed, and IIS will be provisioned and working.


title:"Azure Private Endpoint Routing in Hub-and-Spoke Networks: Understanding the hidden behavior"

date:2025-09-01 10:00

tags:[Azure, Networking, Private Endpoint, Hub-and-Spoke, Security]

excerpt:"Discover why Azure private endpoints behave unexpectedly in hub-and-spoke networks by creating implicit routes across peered VNets, and learn effective solutions to maintain centralized traffic control through Azure Firewall."

header:

overlay_image:https://live.staticflickr.com/65535/54686926861_527ec886b1_h.jpg

caption:"Photo credit: [**nicola since 1972**](https://www.flickr.com/photos/15216811@N06/54686926861)"

Recently, I helped a customer understand a puzzling behavior related to a private endpoint deployed in a classic Azure hub-and-spoke network topology.

The reason for the apparently anomalous behavior of private endpoints is that, although a private endpoint appears in the Azure portal as a network interface (NIC) connected to a subnet,**it's actually implemented completely differently under the hood**.

When Azure creates a private endpoint and attaches it to a subnet, what actually happens is that Azure creates explicit routes on all NICs connected to the VNet where the private endpoint is activated.

**These same routes are also added to the NICs of all virtual machines connected to networks that are peered with the one where the private endpoint is exposed.**

Let me walk you through the details.

The situation is shown in the following diagram: there are 2 spoke VNets connected to a hub VNet. The hub contains an Azure Firewall configured to allow any-to-any traffic. The requirement was to avoid exposing the private endpoint externally to spoke networks, and the idea was to not attach any route table to the private endpoint subnet.


In this configuration, we would expect the following connectivity to the storage account:

**Expected connectivity:**

* spoke-01-vm HTTPS to storage-01: ❌ FAIL (missing return route)

* spoke-02-vm HTTPS to storage-01: ✅ OK (same subnet)

* hub-vm-01 HTTPS to storage-01: ✅ OK (direct peering exists)

**Actual connectivity:**

* spoke-01-vm HTTPS to storage-01: ✅ OK

* spoke-02-vm HTTPS to storage-01: ✅ OK

* hub-vm-01 HTTPS to storage-01: ✅ OK

WHY ?!?!? :-)

When examining the effective routes of`hub-vm-01`, we find the following route:


The same route is present on the NICs of the firewall VMs as well. This means it's**as if storage-01 is connected to both spoke-02 and the hub network**.


When`spoke-01-vm` tries to contact the storage account:

1.**Outbound traffic**: Thanks to the route table on its subnet, traffic reaches the firewall and then goes directly to the private endpoint (pip-01), without passing through the peering to spoke-02

2.**Return traffic**: Since the private endpoint behaves "as if" it's also connected to the hub, the response from pip-01 can reach spoke-01-vm without needing the routing table and without passing through the firewall, because it only traverses one peering instead of two.


One effective way to solve this is:

1.**Add a route table to the private endpoint subnet** that redirects traffic to the firewall

2.**Manage access control at the firewall level** to block or allow access to that subnet


Centralizing control at the firewall level is an approach I've seen applied in numerous contexts, and from a management perspective, it's generally a good compromise because:

-**Centralized security policies**: All traffic rules are managed in one place

-**Consistent logging and monitoring**: All traffic flows through a single inspection point

-**Simplified troubleshooting**: Network issues can be diagnosed from a central location

-**Scalability**: New spokes can be added without complex routing configurations

1.**Private endpoints create implicit routes** across all peered VNets, not just the VNet where they're deployed

2.**Portal representation is misleading**: While they appear as NICs in a subnet, their routing behavior is different

3.**Route tables alone aren't sufficient** for controlling private endpoint access in hub-and-spoke topologies

4.**Firewall-centric control** provides better security and management capabilities

For more detailed information on this specific topic, check out

- 🔝[Private endpoints are an illusion](https://blog.cloudtrooper.net/2025/01/20/private-link-reality-bites-private-endpoints-are-an-illusion/)

-[Azure Private Link documentation](https://learn.microsoft.com/en-us/azure/private-link/)

-[Hub-spoke network topology in Azure](https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke)

-[Azure Firewall in a hub-spoke network](https://learn.microsoft.com/en-us/azure/firewall/firewall-faq)