Talks
Microsoft Azure
Migrating Servers to Microsoft Azure
Date: Friday, June 20 2025
Time: 6:00-7:00 PM CET
Format: Live tech webinar
Overview
As organizations increasingly move to the cloud, IT professionals need a practical understanding of how to migrate on‑premises servers to Microsoft Azure. This session introduces Azure Migrate and its key integrations, giving you a solid foundation for assessing and migrating a wide range of workloads, including virtual machines and physical servers.
By the end of the webinar, you’ll have a clear view of the Azure Migrate service and the tools that enable efficient, reliable server migrations to Azure.
What You’ll Learn (Learning Objectives)
- Assess and migrate VMware virtual machines, Hyper‑V machines, and physical machines
- Set up and prepare Azure and VMware environments for Azure Migrate
- Explore the Azure Migrate Server Migration tool, appliance VMs, and continuous discovery
Who Should Attend (Intended Audience)
- IT professionals aiming to become Azure cloud architects or preparing for Microsoft Azure certification exams
- IT professionals responsible for managing and supporting Azure virtual machines
Prerequisites
- General knowledge of IT infrastructure
- General familiarity with the Azure environment and VMware
Session Materials
Looking for resources from the webinar? You can request the slide deck by filling out the contact form on the website. Please include “ Azure Migrate Webinar – Slide Deck ” in your message, and we’ll send it to you via email.
Please note: the webinar was delivered live and was not recorded, so a recording is not available.
The Art of Azure ExpressRoute: Crafting Resilient Architectures and Evading Design Blunders
Date: Wednesday, September 17 2025
Time: 5:30-6:15 PM CET
Format: Live tech webinar
Overview
Build ironclad Azure connectivity that keeps traffic predictable and uptime high. In this fast‑paced session, we distill hard‑earned patterns for resilient ExpressRoute design, from selecting the right peering and circuit/gateway SKUs to engineering BGP for deterministic paths and controlled failover. You’ll learn how to avoid hidden pitfalls (asymmetric routing, route leaks, single‑circuit risk) and adopt operational practices that keep your hybrid edge robust over time. Expect clear decision frameworks, testable patterns, and guardrails you can apply the next day.
What You’ll Learn (Learning Objectives)
- HA topologies: dual circuits/providers, redundant edge routers, failure‑domain isolation
- BGP traffic engineering: scoped prefixes, local‑pref/MED/AS‑path, max‑prefix guards; prevent default‑route/long‑prefix leaks
- Peering & segmentation: private vs Microsoft peering; hub‑and‑spoke, VRF/VNet segmentation aligned to service needs
- Controlled failover: ExpressRoute-to-VPN fallback, graceful reroute, DR test plans that prevent blackholes
- Capacity & performance: circuit/gateway SKUs, MTU/QoS, latency/jitter targets, instrumentation of the right metrics
- Security & operations: route filtering, policy guardrails, observability/alerts/runbooks; avoid common anti‑patterns (asymmetric paths, single‑circuit dependency, unbounded advertisements)
Who Should Attend (Intended Audience)
- Cloud & network architects designing hybrid connectivity to Azure
- Azure engineers / platform teams responsible for ExpressRoute planning and operations
- IT operations / SRE teams focused on resilience, performance, and incident readiness
- Security & compliance practitioners needing governed connectivity patterns
Prerequisites
- Working knowledge of IP networking and BGP fundamentals
- Familiarity with Azure networking (VNets, gateways, routing)
- Exposure to on‑prem connectivity (data center, MPLS/SD‑WAN, edge routers)
- Basic understanding of cloud governance and operations
Session Materials
This webinar is part of a 3‑day virtual conference organized by Kyndryl (Kyndryl SRExplore25). Slides and the session recording are available to Kyndryl internal employees.
Interested in the topic for an external audience? We’re happy to organize a new webinar covering the same material. Request it via the contact form on the website and mention “ ExpressRoute webinar request ”.
Session Title
BGP nell’underlay multi-cloud: resilienza e simmetria tra on-prem e public cloud
Event
Delivered at ITNOG10 Bologna 2026, organized by the ITalian Network Operators Group (ITNOG). Learn more: ITNOG10 2026
Format
Public, in‑person session
Date & Time
April 21, 2026 · 4:25-4:45 PM CET
Technical Overview
Hybrid connectivity between on‑premises and Cloud Service Providers (Azure, AWS, GCP) requires a design that makes resilience, flow symmetry, and failover behavior predictable. This session presents vendor‑neutral architecture patterns for ExpressRoute, Direct Connect, and Cloud Interconnect, grounded in measurable BGP traffic engineering. We cover dual‑POP and dual‑provider designs, VRFs, BGP traffic engineering for ingress/egress (using local‑pref and AS‑path prepending), ECMP, and practical operational constraints (MTU, max‑prefix, filtering). We also review the main failure modes (link, port, colocation, region), convergence targets (including BFD), common anti‑patterns (magic defaults and “dual” designs that are not truly diverse), and a practical checklist to validate resilience and symmetry before going live.
Core topics covered:
- Vendor‑neutral private connectivity patterns across Azure ExpressRoute, AWS Direct Connect, and Google Cloud Interconnect
- Reference architectures for high availability: dual‑POP, dual‑provider, and real failure‑domain diversity
- VRF-based segmentation and routing separation for hybrid underlays
- BGP traffic engineering you can measure and reason about: Egress control with local preference, Ingress control with AS‑path prepending, ECMP behavior and how it impacts symmetry
- Operational guardrails and constraints: MTU handling, max‑prefix protection, and route filtering strategies
- Failure modes and convergence: link/port/colo/region scenarios, BFD targets, and validation steps
- Anti‑patterns to avoid: “magic defaults”, hidden single points of failure, and “dual” only on paper
- Pre‑production checklist to validate resilience and flow symmetry end‑to‑end
Audience & Prerequisites
Audience: Network Engineers, Cloud/Network Architects, NetDevOps/SRE teams, and anyone responsible for hybrid connectivity across on‑prem and public cloud environments.
Prerequisites: solid understanding of BGP fundamentals (eBGP, attributes, policy), common redundancy patterns (dual links/peering), and basic concepts like VRFs and ECMP.
Session Materials
Slides
Session Title
Dal Networking alla Data Platform: Architetture Azure Databricks per Scalabilità e Sicurezza
Event
Delivered at Global Azure Vicenza 2026, an in-person community event organized by Azure Meetup Veneto. It is the Veneto stop of a three-day global marathon dedicated to Microsoft technologies, featuring a full day of technical sessions across AI, security, infrastructure, and modern work. Learn more: Global Azure Vicenza 2026 sessions
Format
Public, in‑person session
Date & Time
April 17, 2026 · 11:40 AM-12:30 PM CET
Technical Overview
This session bridges data engineering and cloud networking to show how to deploy Azure Databricks workspaces that are secure, scalable, and easy to operate. We clarify how the control plane and compute plane interact, which traffic flows must be allowed, and how these decisions impact performance, reliability, and incident response. We cover proven hub-and-spoke patterns: a dedicated governance/admin workspace in the hub and application workspaces in the spokes, backed by Unity Catalog for consistent, cross-workspace access control. On the networking side, we explore VNet injection, Private Endpoints, routing to shared services, and egress restrictions, plus packet filtering with Azure Firewall and NSGs to enforce east-west and north-south controls. The session provides an architecture blueprint, a detailed deployment checklist, and practical guidance to make landing zones truly Databricks-ready. Content is tailored for Cloud Architects and Data Engineers designing data platforms that are scalable, secure, and operationally sustainable.
Core topics covered
- Azure Databricks fundamentals for secure deployments: control plane vs compute plane, trust boundaries, and shared responsibility
- Required network flows and connectivity model: what must be reachable and how to reduce the allowed surface to the minimum
- Hub-and-spoke reference topology: governance/admin workspace in the hub, application workspaces in the spokes, shared services routing (DNS, logging/monitoring)
- Identity and access at scale: Unity Catalog as the governance backbone for consistent authorization across workspaces
- Databricks networking patterns: VNet injection design principles and subnet strategy, Private Endpoints / Private Link, DNS resolution patterns, and common pitfalls, Egress restriction and outbound control (UDR/NAT strategies and controlled internet breakout)
- Security controls on the wire: Azure Firewall + NSG policy enforcement with practical rule design, segmentation for east-west and north-south traffic (least privilege)
- Operability by design: how networking choices affect performance, reliability, and incident response
- Practical deliverables: a Databricks-ready landing zone blueprint, a deployment checklist for design-time and run-time readiness
Audience & Prerequisites
Audience: Cloud Architects, Data Engineers, Platform/SRE teams, and Network/Security Architects involved in designing and operating Azure-based data platforms.
Prerequisites: working knowledge of Azure networking basics (VNets, routing/UDR, NSGs, DNS), Private Link/Private Endpoints concepts, identity fundamentals, and general familiarity with Azure Databricks (workspaces and compute concepts).
Session Materials
Slides
Session Title
Securing the Hybrid Edge: Security‑First Connectivity for Azure and Multi‑Cloud
Event
Delivered at SharpCoding 2026, the community conference dedicated to everyone who wants to learn or deepen Microsoft technologies and solutions. The event takes place at the Microsoft office in Rome. Learn more: SharpCoding 2026 program
Format
Public, in‑person session
Date & Time
February 27, 2026 · 12:20-1:10 PM CET
Technical Overview
Hybrid connectivity is no longer “just networking”: it is a security boundary. In this session, we explore how to design resilient, low‑latency, and defensible hybrid networks using Azure private connectivity as the foundation. We cover practical design patterns and decision points around BGP, dual‑homing and carrier diversity, FastPath and gateway choices, encryption options (MACsec and IPsec overlays), attack‑surface reduction, data residency and sovereignty, and end‑to‑end observability, so you can build connectivity that is secure-by-design, measurable, and operationally sustainable.
Core topics covered
- Hybrid edge mindset: treating connectivity as a security-first design problem
- Azure private connectivity building blocks (ExpressRoute, gateways, Virtual WAN patterns)
- BGP design patterns for hybrid: routing policy, route control, segmentation, blast-radius reduction
- Dual-homing patterns (active/active vs active/passive)
- Carrier diversity and failure-domain thinking (metro/POP/provider/CPE)
- Latency and pathing: avoiding “private but slow” architectures
- MACsec where it fits for line-rate link encryption
- IPsec overlays for end-to-end confidentiality across hybrid/multi-cloud paths
- Private-first exposure patterns and controlled ingress/egress
- Minimizing public endpoints and tightening routing boundaries
- Designing with regulatory constraints in mind (data locality, cross-border routing implications)
- What to monitor (BGP health, route changes, loss/jitter/latency, MTU)
- Correlating network + security telemetry to shorten incident response time
Audience & Prerequisites
Cloud/Network Architects, Security Architects, Platform/SRE teams, Enterprise IT leaders.
Prereqs: familiarity with BGP, enterprise WANs, Azure networking (VNets, ER gateways, Virtual WAN), and standard security controls.
Session Materials
Slides and resources are available in the SharpCoding reserved area.
Session Title
Securing the Edge: Best Practices for Azure ExpressRoute in Hybrid Cloud Architectures
Event
Delivered at WPC 2025, Italy’s most important conference on Microsoft technologies, bringing together architects, engineers, and IT leaders across cloud, security, AI, and modern infrastructure.
Learn more: WPC 2025 conference program
Format
Public, in‑person session
Date & Time
December 2, 2025 · 6:30-7:30 PM CET
Technical Overview
This session dives deep into the strategic design and operational hardening of Azure ExpressRoute for hybrid and multi‑cloud scenarios.
We examine how to engineer resilient, secure, and high‑performance connectivity between enterprise edge sites and Azure, with emphasis on failure domains, traffic engineering, and control‑plane/edge security.
Core topics covered:
- Peering & service choices
- Private Peering for VNet connectivity
- ExpressRoute Direct for high‑throughput and deterministic capacity; MACsec available on ER Direct for Layer‑2 encryption
- FastPath for data‑plane bypass of the gateway to reduce latency and CPU load
- High availability & failure domain isolation
- Dual circuits in separate facilities/providers; metro diversity and MSEE pair diversity
- Zone‑redundant ER gateways and active/active design
- Failover strategies: ExpressRoute primary with IPsec VPN as controlled fallback; deterministic failover with prefix scoping
- BGP policy & path control
- Edge security posture
- Hub‑and‑spoke topologies with deny‑by‑default at the hub
- Azure Firewall/NVA patterns for L4‑L7 inspection and policy
- Least‑privilege routing and interface scoping; explicit east‑west controls and micro‑segmentation
- Regionally anchored connectivity; no unintended trans‑regional backhaul and clear data‑path documentation
- Route‑filtering and locality controls aligned with regulatory constraints
- Performance & capacity planning
- Common anti‑patterns to avoid
Audience & Prerequisites
Cloud/Network Architects, Security Architects, Platform/SRE teams, Enterprise IT leaders.
Prereqs: familiarity with BGP, enterprise WANs, Azure networking (VNets, ER gateways, Virtual WAN), and standard security controls.
Session Materials
Slides and resources are available in the WPC Community reserved area
(Requires WPC Community access and login)
AWS
AWS Egress‑Only Internet Gateway (IPv6): Design, Setup & Best Practices
Date: Friday, May 30, 2025
Time: 6:30-7:30 PM CET
Format: Live tech webinar
Overview
IPv6 brings globally routable addressing to your VPCs, which is powerful but also changes the way you secure outbound internet access. In this practical, 60‑minute session, we’ll demystify the Egress‑Only Internet Gateway (EIGW): a horizontally scaled, highly available VPC component that enables outbound IPv6 connections while preventing unsolicited inbound access. We’ll cover how it works, when to use it instead of (or alongside) IGW/NAT, the required route‑table entries, and the security model.
What You’ll Learn (Learning Objectives)
By the end of the webinar, you will be able to:
- Explain what an Egress‑Only Internet Gateway is and why it exists in IPv6‑enabled VPCs, including its stateful nature and how it blocks unsolicited inbound connections while allowing return traffic.
- Differentiate EIGW vs IGW vs NAT Gateway.
- Configure EIGW end‑to‑end: create the gateway, associate IPv6 CIDR blocks to VPC/subnets as required, and add ::/0 (or specific IPv6 prefixes) to the route table to steer outbound traffic through the EIGW.
- Apply the right security controls: understand why security groups cannot be attached to an EIGW and how to use network ACLs to govern allowed traffic to/from subnets using the gateway.
Who Should Attend (Intended Audience)
- Cloud network architects & engineers designing IPv6‑ready VPCs.
- Security engineers implementing guardrails for outbound internet access.
- DevOps/SRE teams responsible for VPC routing and connectivity.
- Solution architects who need to choose correctly between EIGW, IGW, and NAT in multi‑account, multi‑VPC environments.
Prerequisites
- Working knowledge of AWS VPC fundamentals (subnets, route tables).
- Basic understanding of IPv4 vs IPv6 addressing and implications for internet connectivity.
- Familiarity with IGW/NAT Gateway concepts is helpful but not mandatory.
Session Materials
Looking for resources from the webinar? You can request the slide deck by filling out the contact form on the website.
Please include ” AWS Egress‑only IGW – Slide Deck ” in your message, and we’ll send it to you via email.
Please note: the webinar was delivered live and was not recorded, so a recording is not available.
AWS NAT Gateway Goes Regional: Design, Migration & Ops
Date: Friday, November 28, 2025
Time: 6:30-7:30 PM CET
Format: Live tech webinar
Overview
AWS has introduced a regional availability mode for NAT Gateway that eliminates per‑AZ juggling: you can now deploy a single NAT Gateway at the VPC (regional) scope, without creating public subnets in every AZ, and it automatically expands and contracts across AZs as your workloads scale. We’ll translate this change into concrete design guidance, and highlight the security, observability, and cost‑ops angles you should care about.
What You’ll Learn (Learning Objectives)
- How regional NAT Gateway works vs the legacy zonal model, and why it simplifies route tables, removes public‑subnet dependencies, and aligns NAT with other regional VPC constructs.
- Design patterns for private egress that avoid cross‑AZ hairpinning and keep traffic local, including tips for centralized vs distributed egress.
- IP strategy choices (AWS‑provided IPs vs BYOIP) and how to align them with partner allow‑listing and compliance requirements.
- Security & observability considerations: where to enforce controls, what to log, and how to tag/monitor NAT data processing and errors.
- Availability & scope: understanding current regional support and caveats (e.g., commercial Regions vs GovCloud/China at launch).
Who Should Attend (Intended Audience)
- Cloud & Network Architects designing multi‑AZ VPC topologies
- Platform/SRE and DevOps engineers managing egress for EKS/ECS/EC2 workloads
- Security engineers and SecOps teams responsible for egress policy and allow‑listing
- Solutions/Enterprise Architects advising on AWS networking standards at scale
Prerequisites
- Working knowledge of AWS VPC constructs (subnets, route tables, Internet Gateway) and how NAT Gateway enables private egress.
- Familiarity with multi‑AZ deployments and basic routing concepts.
- (Nice to have) Experience with IaC (CloudFormation/Terraform) for network builds and with IP allow‑listing/BYOIP.
Session Materials
Looking for resources from the webinar? You can request the slide deck by filling out the contact form on the website.
Please include ” AWS Regional NAT GW Webinar – Slide Deck ” in your message, and we’ll send it to you via email.
Please note: the webinar was delivered live and was not recorded, so a recording is not available.
Session Title
BGP nell’underlay multi-cloud: resilienza e simmetria tra on-prem e public cloud
Event
Delivered at ITNOG10 Bologna 2026, organized by the ITalian Network Operators Group (ITNOG). Learn more: ITNOG10 2026
Format
Public, in‑person session
Date & Time
April 21, 2026 · 4:25-4:45 PM CET
Technical Overview
Hybrid connectivity between on‑premises and Cloud Service Providers (Azure, AWS, GCP) requires a design that makes resilience, flow symmetry, and failover behavior predictable. This session presents vendor‑neutral architecture patterns for ExpressRoute, Direct Connect, and Cloud Interconnect, grounded in measurable BGP traffic engineering. We cover dual‑POP and dual‑provider designs, VRFs, BGP traffic engineering for ingress/egress (using local‑pref and AS‑path prepending), ECMP, and practical operational constraints (MTU, max‑prefix, filtering). We also review the main failure modes (link, port, colocation, region), convergence targets (including BFD), common anti‑patterns (magic defaults and “dual” designs that are not truly diverse), and a practical checklist to validate resilience and symmetry before going live.
Core topics covered:
- Vendor‑neutral private connectivity patterns across Azure ExpressRoute, AWS Direct Connect, and Google Cloud Interconnect
- Reference architectures for high availability: dual‑POP, dual‑provider, and real failure‑domain diversity
- VRF-based segmentation and routing separation for hybrid underlays
- BGP traffic engineering you can measure and reason about: Egress control with local preference, Ingress control with AS‑path prepending, ECMP behavior and how it impacts symmetry
- Operational guardrails and constraints: MTU handling, max‑prefix protection, and route filtering strategies
- Failure modes and convergence: link/port/colo/region scenarios, BFD targets, and validation steps
- Anti‑patterns to avoid: “magic defaults”, hidden single points of failure, and “dual” only on paper
- Pre‑production checklist to validate resilience and flow symmetry end‑to‑end
Audience & Prerequisites
Audience: Network Engineers, Cloud/Network Architects, NetDevOps/SRE teams, and anyone responsible for hybrid connectivity across on‑prem and public cloud environments.
Prerequisites: solid understanding of BGP fundamentals (eBGP, attributes, policy), common redundancy patterns (dual links/peering), and basic concepts like VRFs and ECMP.
Session Materials
Slides
Cisco
Coming soon
Coming soon