The Definitive Guide to Building a Robust Multi-Cloud Architecture

Explore Jade Global's Whitepaper on achieving success in a Multi-Cloud environment. Discover best practices, challenges, & success stories of Multi-Cloud Solutions. Download your free copy now!

Multi-Cloud Architecture is the Future of IT Infrastructure

As businesses increasingly adopt cloud computing, the demand for flexible, scalable, and resilient solutions is growing. Multi-cloud architecture is emerging as a game-changer, allowing companies to leverage the best features of different cloud providers. This blog explores why multi-cloud architecture is the future of IT infrastructure, offering enhanced reliability, reduced vendor lock-in, and optimized performance. Discover how your organization can benefit from a multi-cloud strategy.

Multi-Cloud vs. Hybrid Cloud: Strategic Decision-Making for Leaders.

Sanjay Kumar Mohindroo Sanjay Kumar Mohindroo. skm.stayingalive.in Explore the strategic difference between multi-cloud and hybrid cloud with expert insights for CIOs, CTOs, and digital transformation leaders. A Cloud Crossroads for the Modern Leader Imagine this: you’re in the boardroom. The CIO looks up after a vendor pitch and asks, “Should we go multi-cloud or hybrid?” Everyone turns to…

Hybrid Multi-Cloud Architecture: Combining the Best Elements

In an era where businesses pursue digital transformation, hybrid multi-cloud architecture has emerged as a pivotal solution. It provides a strategic approach to harnessing the advantages of various cloud environments, encompassing private clouds, public clouds, and on-premises infrastructure, to establish a unified, flexible IT ecosystem. This blog delves into the concept of hybrid multi-cloud architecture, examining its components, advantages, and use cases, elucidating why it is increasingly the preferred choice for modern enterprises.

What is Hybrid Multi-Cloud Architecture?

Hybrid multi-cloud architecture is an integration of: 

Hybrid Cloud: A combination of private and public cloud infrastructure, facilitating seamless integration and data portability. 

Multi-Cloud: The utilization of multiple cloud providers, such as AWS, Microsoft Azure, and Google Cloud Platform (GCP), for specific workloads. 

This architecture enables businesses to distribute workloads across diverse environments, optimizing for performance, compliance, and cost, while maintaining centralized management.

Key Components of Hybrid Multi-Cloud Architecture

Private Cloud 

  A dedicated, secure environment designed for sensitive workloads or data-intensive applications, typically hosted on-premises or in a private data center.

2. Public Cloud 

  Scalable and cost-effective infrastructure offered by vendors such as AWS, Azure, or GCP, ideal for dynamic workloads and non-sensitive applications.

3. Edge Computing 

  Extends cloud capabilities to the network edge, providing computational power closer to end-users for low-latency applications.

4. Unified Management Layer 

  Platforms and tools that deliver centralized control, monitoring, and orchestration across all cloud environments.

5. Interoperability 

  Facilitates seamless data exchange and application compatibility across different clouds, supported by APIs, middleware, and integration frameworks.

Benefits of Hybrid Multi-Cloud Architecture

Flexibility and Agility 

  Enables businesses to select the optimal cloud environment for each workload, ensuring optimal performance and resource utilization.

2. Cost Optimization 

  Allows organizations to utilize cost-effective public cloud services for non-critical workloads while deploying private clouds for sensitive data, balancing cost-efficiency.

3. Improved Disaster Recovery 

  Multi-cloud redundancy ensures enhanced availability and resilience, mitigating the risk of downtime and data loss.

4. Regulatory Compliance 

  Facilitates the storage of sensitive data in private clouds or on-premises to meet compliance requirements, while non-sensitive operations can be conducted in public clouds.

5. Enhanced Performance 

  Workloads can be deployed in environments offering the best performance characteristics, such as low latency, high compute power, or regional proximity.

6. Vendor Independence 

  Mitigates vendor lock-in by distributing workloads across multiple providers, ensuring competitive pricing and fostering innovation opportunities.

Use Cases of Hybrid Multi-Cloud Architecture

Financial Services 

  Financial institutions can securely store sensitive customer data within a private cloud while utilizing public clouds for customer-facing applications.

2. Healthcare 

  Healthcare facilities can process sensitive patient data on-premises to comply with regulatory requirements, while employing public clouds for research analytics.

3. E-commerce 

  E-commerce businesses can manage core databases in a private cloud and utilize public clouds to effectively handle seasonal traffic surges.

4. Media and Entertainment 

  Streaming platforms can implement edge computing for low-latency content delivery and employ multi-cloud environments to achieve global scalability.

Challenges and Solutions

Complexity: Overseeing multiple environments presents considerable complexity. Address this by implementing unified management tools and automation.

Security: Hybrid configurations broaden the attack surface. Mitigate this risk through robust encryption, secure APIs, and compliance monitoring.

Interoperability: Achieving seamless integration across various clouds is challenging. Tackle this issue with open standards and middleware solutions.

Conclusion

Hybrid multi-cloud architecture offers businesses the flexibility, scalability, and resilience essential for thriving in today's competitive environment. By integrating the strengths of private and public clouds and employing multiple cloud providers, organizations can attain unmatched agility and efficiency. Whether you are a startup seeking to scale or an enterprise pursuing digital transformation, hybrid multi-cloud architecture serves as a strategic option to future-proof your operations. 

Discover the potential of hybrid multi-cloud to transform your workload management and enhance business success.

Building Your Serverless Sandbox: A Detailed Guide to Multi-Environment Deployments (or How I Learned to Stop Worrying and Love the Cloud)

Introduction Welcome, intrepid serverless adventurers! In the wild world of cloud computing, creating a robust, multi-environment deployment pipeline is crucial for maintaining code quality and ensuring smooth transitions from development to production.Here is part 1 and part 2 of this series. Feel free to read them before continuing on. This guide will walk you through the process of setting…

As I've suggested here before there is plentiful evidence to declare that hidden within almost every story of horror Lovecraft wrote there is a commentary on his personal views of the human condition. That view became more cynical and hopeless as he grew older. It was projected with a bit of mirthful sardonic joyousness in his early works but became deadly serious as he entered the last decades of his life. At The Mountains Of Madness, presents us with a narrator and protagonist who is a cold and serious man of science. He enters a desolate and uncharted region of Antarctica seeking knowledge of the past and is of course hopeful that he will make minor discoveries that will expand our understanding of the earth and prehistory. Certainly he is unprepared for the mind-twisting revelations that the discovery of a vast and ruined city, millions of years old would bring. This city he must grudging accept, was built and once inhabited by a species of alien creatures utterly non-human. These entities, not even remotely mammalian and at least partly vegetable as much as animal must have been intellectually our superiors. Despite their extraordinary cultural achievements the records they leave behind attesting to their skills in architecture, art, goverment, and social order, they fall into a decadence and eventual extinction as a species. At one point our human explorer and narrator proclaims, "They were men!" Well, perhaps only a scientist would say that of a race of barrel- bodied, starfish headed, multi- winged monsters with 5 eyes, 5 mouths, five wriggling starfish feet and fern corals for hands! The moral of the story: If creatures who survived for millions of years on our earth, whose cultural achievements were so much greater than our own will ever be, whose bodies were so robust beyond any other life-form known to science, If these incredible entities could not survive natural law or escape the destiny that all things must decline and die, how could we? For Lovecraft there was Cosmic Law, unavoidable destiny and ultimately hopelessness. Before Lovecraft humankind still dared to hope, dared to dream that a better world was possible. Though Lovecraft did not live to see World War ll, that titanic conflict, the threat of nuclear annihilation, and the mushroom cloud of depression which has hung over our collective psyches ever since was something Lovecraft saw coming. For all his intellectual gifts and despite his occasional proclamations of arrogance Lovecraft was in his own mind a failure and his life was for nothing. Can we be certain that his fate will not be ours? (Exhibit 541)

?

,

NAVIGATING PROJECT MANAGEMENT IN THE AEC INDUSTRY

Navigating Project Management in the AEC industry involves a series of interconnected tasks that require effective planning, execution, monitoring, and control. By following best practices and leveraging project management methodologies such as APM, SCRUM, KANBAN, or the Traditional WATERFALL Project Management Methodology, the AEC professionals can successfully deliver complex projects while meeting stakeholder expectations and achieving project objectives.

As an architectural manager with a Master of Architecture degree and an architectural engineering degree from reputable institutes, having experience in project and design management for large-scale commercial facilities, multi-story offices, and high-rise administration buildings, I can provide the necessary artifacts to enhance project success, improve team collaboration, and effectively handle project complexities in the architecture, engineering, and construction (AEC) sector.

1. Set Clear Goals and Objectives:

Define project scope, including deliverables and constraints.

Establish SMART (Specific, Measurable, Achievable, Relevant, Time-bound) goals.

Align goals with stakeholder expectations and project requirements.

Obtain buy-in from key stakeholders on project objectives.

2. Develop a Comprehensive Project Plan:

Create a detailed work breakdown structure (WBS) to organize project tasks.

Define project milestones and dependencies.

Develop a project schedule with timelines and resource allocation.

Identify risks and develop a risk management plan.

Establish a budget and financial plan for the project.

3. Foster Effective Communication:

Establish communication channels and protocols for project team members.

Hold regular project meetings to discuss progress, issues, and updates.

Use clear and concise language in all communications.

Encourage open and transparent communication among team members.

Address communication barriers and conflicts promptly.

4. Embrace Technology and Communication:

Utilize project management software for task tracking and collaboration.

Implement communication tools such as emails, instant messaging, and video conferencing.

Leverage cloud-based platforms for document sharing and version control.

Provide training and support for team members on project management tools.

Stay updated on new technologies and tools to improve project efficiency.

5. Manage Change Effectively:

Establish a change control process to evaluate and approve changes to project scope.

Communicate changes to stakeholders and assess their impact on project objectives.

Update project documentation and plans to reflect approved changes.

Monitor changes to prevent scope creep and ensure project alignment with goals.

Evaluate the risks and benefits of proposed changes before implementation.

6. Foster Collaboration and Teamwork:

Encourage team members to share ideas, feedback, and best practices.

Foster a collaborative work environment that values diversity and inclusivity.

Promote team building activities and recognize team achievements.

Facilitate cross-functional collaboration and knowledge sharing.

Resolve conflicts and promote a positive team culture.

7. Continuously Monitor and Evaluate Progress:

Track project performance against key performance indicators (KPIs).

Conduct regular project reviews to assess progress and identify areas for improvement.

Monitor project risks and issues and take corrective actions as needed.

Evaluate project outcomes against initial goals and objectives.

Use lessons learned to make informed decisions and optimize project performance.

By focusing on these subtasks within each point, project managers can enhance project success, improve team collaboration, and effectively manage project complexities in the Architecture, Engineering, and Construction (AEC) industry.

Sonetra KETH (កេត សុនេត្រា) •Architectural Manager, Project Manager, BIM Director •建築師經理, 專案經理, BIM總監 •Giám đốc kiến ​​trúc, Giám đốc dựán, Giám đốc BIM •RMIT University Vietnam + Institute of Technology of Cambodia

Seats of the Hoshikarygadian and the Jigokarymihakai in subtertale:

Hoshikarygadian:

Zone:

Located in a small dimension, which is located near the Celestial Primordial Universe, this dimension is filled with positive energies and celestial elements.

Headquarters:

The Hoshikarygadian headquarters is a large house.

Dimension Description:

Heavens: The sky of this dimension is perpetually illuminated by a mixture of golden, blue, and silver tones.

Celestial Energies: Everything in this dimension emanates a sense of peace and harmony.

Nature: The surroundings are filled with trees with translucent leaves that shine in sky-blue tones, along with small streams of golden water that flow silently, emitting a faint glow. Small, multi-colored islands float in the air that have only golden flowers.

The Headquarters:

Exterior:

The house, although it seems simple at first glance, has a majestic design.

Its structure combines celestial materials such as translucent glass, white wood with golden veins, and architectural details engraved with starry patterns.

Interior:

Main Room: It is a large, circular room with a domed ceiling that projects dynamic, moving constellations.

In the center, a round table made of floating glass serves as a meeting place.

Rest Rooms: Although no one lives here, there are designated rooms for allies and Inkuyzujadly to temporarily rest if they need to.

Each room automatically adapts to the needs and preferences of the guest.

Purpose of the Headquarters:

The headquarters is a neutral and strategic point where Inkuyzujadly's allies and herself meet to:

Strategic Planning: Design plans and strategies to protect the multiverse.

Exchange of information about the Aus and their enemies the Jigokarymihakai.

Training and Rest: Conducting joint training exercises, strengthening their skills and synergy as a team, and also temporarily resting.

Jigokarymihakai:

Zone:

Located in a small dimension, which is located quite far from the Celestial Primordial Universe, this dimension is filled with negative energies and dark celestial elements.

Headquarters:

The headquarters of the Jigokarymihakai is a mansion.

Dimension Description:

Skies: The sky of this dimension is perpetually clouded by a mixture of red, dark blue, and black hues.

Celestial Energies: Everything in this dimension emanates a feeling of hatred and discord.

Nature: The surroundings are filled with trees with translucent leaves that glow purple, along with small streams of light blue water that flow silently. Small, light red islands float in the air that have only red and black flowers.

The Headquarters:

Exterior:

The mansion, though it appears simple at first glance, has a majestic and dark design.

Its structure combines celestial materials such as translucent glass, black wood with golden veins, and architectural details engraved with starry patterns.

Interior:

Main Room: It is a very large, circular hall with a vaulted ceiling that projects dynamic, moving dark constellations.

In the center, a round table made of floating glass serves as a meeting place.

Rest Rooms: Although no one lives here, there are designated rooms for the allies and Eraxsukuxuy to temporarily rest if they need to.

Each room automatically adapts to the needs and preferences of the guest.

Purpose of the Headquarters:

The headquarters is a neutral and strategic point where Eraxsukuxuy's allies and herself meet to:

Strategic Planning: Design plans and strategies to destroy the multiverse.

Exchange of information about the Aus and their enemies the Hoshikarygadian.

Training and rest: Conduct joint training exercises, strengthening their skills and synergy as a team and also temporarily resting.

The Evolution of DJ Controllers: From Analog Beginnings to Intelligent Performance Systems

The DJ controller has undergone a remarkable transformation—what began as a basic interface for beat matching has now evolved into a powerful centerpiece of live performance technology. Over the years, the convergence of hardware precision, software intelligence, and real-time connectivity has redefined how DJs mix, manipulate, and present music to audiences.

For professional audio engineers and system designers, understanding this technological evolution is more than a history lesson—it's essential knowledge that informs how modern DJ systems are integrated into complex live environments. From early MIDI-based setups to today's AI-driven, all-in-one ecosystems, this blog explores the innovations that have shaped DJ controllers into the versatile tools they are today.

The Analog Foundation: Where It All Began

The roots of DJing lie in vinyl turntables and analog mixers. These setups emphasized feel, timing, and technique. There were no screens, no sync buttons—just rotary EQs, crossfaders, and the unmistakable tactile response of a needle on wax.

For audio engineers, these analog rigs meant clean signal paths and minimal processing latency. However, flexibility was limited, and transporting crates of vinyl to every gig was logistically demanding.

The Rise of MIDI and Digital Integration

The early 2000s brought the integration of MIDI controllers into DJ performance, marking a shift toward digital workflows. Devices like the Vestax VCI-100 and Hercules DJ Console enabled control over software like Traktor, Serato, and VirtualDJ. This introduced features such as beat syncing, cue points, and FX without losing physical interaction.

From an engineering perspective, this era introduced complexities such as USB data latency, audio driver configurations, and software-to-hardware mapping. However, it also opened the door to more compact, modular systems with immense creative potential.

Controllerism and Creative Freedom

Between 2010 and 2015, the concept of controllerism took hold. DJs began customizing their setups with multiple MIDI controllers, pad grids, FX units, and audio interfaces to create dynamic, live remix environments. Brands like Native Instruments, Akai, and Novation responded with feature-rich units that merged performance hardware with production workflows.

Technical advancements during this period included:

High-resolution jog wheels and pitch faders

Multi-deck software integration

RGB velocity-sensitive pads

Onboard audio interfaces with 24-bit output

HID protocol for tighter software-hardware response

These tools enabled a new breed of DJs to blur the lines between DJing, live production, and performance art—all requiring more advanced routing, monitoring, and latency optimization from audio engineers.

All-in-One Systems: Power Without the Laptop

As processors became more compact and efficient, DJ controllers began to include embedded CPUs, allowing them to function independently from computers. Products like the Pioneer XDJ-RX, Denon Prime 4, and RANE ONE revolutionized the scene by delivering laptop-free performance with powerful internal architecture.

Key engineering features included:

Multi-core processing with low-latency audio paths

High-definition touch displays with waveform visualization

Dual USB and SD card support for redundancy

Built-in Wi-Fi and Ethernet for music streaming and cloud sync

Zone routing and balanced outputs for advanced venue integration

For engineers managing live venues or touring rigs, these systems offered fewer points of failure, reduced setup times, and greater reliability under high-demand conditions.

Embedded AI and Real-Time Stem Control

One of the most significant breakthroughs in recent years has been the integration of AI-driven tools. Systems now offer real-time stem separation, powered by machine learning models that can isolate vocals, drums, bass, or instruments on the fly. Solutions like Serato Stems and Engine DJ OS have embedded this functionality directly into hardware workflows.

This allows DJs to perform spontaneous remixes and mashups without needing pre-processed tracks. From a technical standpoint, it demands powerful onboard DSP or GPU acceleration and raises the bar for system bandwidth and real-time processing.

For engineers, this means preparing systems that can handle complex source isolation and downstream processing without signal degradation or sync loss.

Cloud Connectivity & Software Ecosystem Maturity

Today’s DJ controllers are not just performance tools—they are part of a broader ecosystem that includes cloud storage, mobile app control, and wireless synchronization. Platforms like rekordbox Cloud, Dropbox Sync, and Engine Cloud allow DJs to manage libraries remotely and update sets across devices instantly.

This shift benefits engineers and production teams in several ways:

Faster changeovers between performers using synced metadata

Simplified backline configurations with minimal drive swapping

Streamlined updates, firmware management, and analytics

Improved troubleshooting through centralized data logging

The era of USB sticks and manual track loading is giving way to seamless, cloud-based workflows that reduce risk and increase efficiency in high-pressure environments.

Hybrid & Modular Workflows: The Return of Customization

While all-in-one units dominate, many professional DJs are returning to hybrid setups—custom configurations that blend traditional turntables, modular FX units, MIDI controllers, and DAW integration. This modularity supports a more performance-oriented approach, especially in experimental and genre-pushing environments.

These setups often require:

MIDI-to-CV converters for synth and modular gear integration

Advanced routing and clock sync using tools like Ableton Link

OSC (Open Sound Control) communication for custom mapping

Expanded monitoring and cueing flexibility

This renewed complexity places greater demands on engineers, who must design systems that are flexible, fail-safe, and capable of supporting unconventional performance styles.

Looking Ahead: AI Mixing, Haptics & Gesture Control

As we look to the future, the next phase of DJ controllers is already taking shape. Innovations on the horizon include:

AI-assisted mixing that adapts in real time to crowd energy

Haptic feedback jog wheels that provide dynamic tactile response

Gesture-based FX triggering via infrared or wearable sensors

Augmented reality interfaces for 3D waveform manipulation

Deeper integration with lighting and visual systems through DMX and timecode sync

For engineers, this means staying ahead of emerging protocols and preparing venues for more immersive, synchronized, and responsive performances.

Final Thoughts

The modern DJ controller is no longer just a mixing tool—it's a self-contained creative engine, central to the live music experience. Understanding its capabilities and the technology driving it is critical for audio engineers who are expected to deliver seamless, high-impact performances in every environment.

Whether you’re building a club system, managing a tour rig, or outfitting a studio, choosing the right gear is key. Sourcing equipment from a trusted professional audio retailer—online or in-store—ensures not only access to cutting-edge products but also expert guidance, technical support, and long-term reliability.

As DJ technology continues to evolve, so too must the systems that support it. The future is fast, intelligent, and immersive—and it’s powered by the gear we choose today.

Cloud Migration and Integration A Strategic Shift Toward Scalable Infrastructure

In today’s digital-first business environment, cloud computing is no longer just a technology trend—it’s a foundational element of enterprise strategy. As organizations seek greater agility, scalability, and cost-efficiency, cloud migration and integration have emerged as critical initiatives. However, transitioning to the cloud is far from a lift-and-shift process; it requires thoughtful planning, seamless integration, and a clear understanding of long-term business objectives.

What is Cloud Migration and Why Does It Matter

Cloud migration involves moving data, applications, and IT processes from on-premises infrastructure or legacy systems to cloud-based environments. These environments can be public, private, or hybrid, depending on the organization’s needs. While the move offers benefits such as cost reduction, improved performance, and on-demand scalability, the true value lies in enabling innovation through flexible technology infrastructure.

But migration is only the first step. Cloud integration—the process of configuring applications and systems to work cohesively within the cloud—is equally essential. Without integration, businesses may face operational silos, inconsistent data flows, and reduced productivity, undermining the very purpose of migration.

Key Considerations in Cloud Migration

A successful cloud migration depends on more than just transferring workloads. It involves analyzing current infrastructure, defining the desired end state, and selecting the right cloud model and service providers. Critical factors include:

Application suitability: Not all applications are cloud-ready. Some legacy systems may need reengineering or replacement.

Data governance: Moving sensitive data to the cloud demands a strong focus on compliance, encryption, and access controls.

Downtime management: Minimizing disruption during the migration process is essential for business continuity.

Security architecture: Ensuring that cloud environments are resilient against threats is a non-negotiable part of migration planning.

Integration for a Unified Ecosystem

Once in the cloud, seamless integration becomes the linchpin for realizing operational efficiency. Organizations must ensure that their applications, databases, and platforms communicate efficiently in real time. This includes integrating APIs, aligning with enterprise resource planning (ERP) systems, and enabling data exchange across multiple cloud platforms.

Hybrid and Multi-Cloud Strategies

Cloud strategies have evolved beyond single-provider solutions. Many organizations now adopt hybrid (combining on-premise and cloud infrastructure) or multi-cloud (using services from multiple cloud providers) approaches. While this enhances flexibility and avoids vendor lock-in, it adds complexity to integration and governance.

To address this, organizations need a unified approach to infrastructure orchestration, monitoring, and automation. Strong integration frameworks and middleware platforms become essential in stitching together a cohesive IT ecosystem.

Long-Term Value of Cloud Transformation

Cloud migration and integration are not one-time projects—they are ongoing transformations. As business needs evolve, cloud infrastructure must adapt through continuous optimization, cost management, and performance tuning.

Moreover, integrated cloud environments serve as the foundation for emerging technologies like artificial intelligence, data analytics, and Internet of Things (IoT), enabling businesses to innovate faster and more efficiently.

By treating cloud migration and integration as strategic investments rather than tactical moves, organizations position themselves to stay competitive, agile, and future-ready.

Entertaining the idea of a false Love Interest for Wallace in the LH chapter. Why do I call her a "False" interest? Because she's more of her own character than just someone for Wallace to fall for. Remember the lord I mentioned? The one who commissions the Inventor to build all kinds of machinery for his estate? That's his daughter. She's a middle-aged 40-something singleton, he wants her married off and out of his hair since his Lordship is awfully tired of taking care of his adult child when she should be doing her duty of creating heirs and raising her own family, or at the very least moving out and bothering anyone else but her father. This woman is neurodivergent, heavy on some traits, light on others, a typical self-occupied antisocialite. Asexual, aromantic to boot, she wants nothing to do with marriage or men or anyone, but as the only one of his Lordship's children to not walk down the aisle, her father's patience has run awfully thin, meaning he's about ready to palm her off to anyone showing the merest hint of interest. With Wallace hanging around the mansion, working on commissions and doing his best to please his employer, it's no shock the man offers him the woman's hand and a load of money to take her off his shoulders. The two form as close as you can to calling it something of an acquaintance, but she's no interest in him and his head's too far in the clouds to register her, not that they don't enjoy the solemn company of likeminded intelligence. She is a multi-skilled architecture enthusiast, loves working on those small models in bottles and constructing her own blueprints for the perfect house, bit of a bug lover as well, collects rare specimens to put in storage with the hope of reintroducing their type to the wild one day after some biological intervention, this woman is an interesting character! But she's not meant to play fiancee number 3 in this chapter, Wallace's heart's not in it, though you're almost meant to believe he likes her...personally. If I'm honest, her lack of eye contact and mild anxiety when in the room with anyone other than her father (Even with him sometimes) reminds Wallace of DL, and their lack of reaction to the Lord's daughter spending some of her time with the Inventor himself, almost upsets him because Wallace is constantly looking for them to offer some telltale sign they have feelings for him as he does them. And selfishly he uses the woman to do that. Part of my brain wants to imagine her as an alternate DL, older, self-reserved, cold even, to the point with no ramblings or beating around the bush. The type Wallace should want because they're on similar levels, but he wants the original, the one and only, and she...wants a freaking break.

Entra ID Lateral Movement And Expanding Permission Usage

Abusing Intimate Permissions for Lateral Movement and Privilege Escalation in Entra ID Native Environments: (In)tune to Takeovers

Recently, a client received assistance from the Mandiant Red Team in visualizing the potential consequences of an advanced threat actor breach. In order to compromise the tenant’s installed Entra ID service principals, Mandiant migrated laterally from the customer’s on-premises environment to their Microsoft Entra ID tenant during the evaluation.

Using a popular security architecture that involves Intune-managed Privileged Access Workstations (PAWs), we will discuss in this blog post a new method by which adversaries can move laterally and elevate privileges within Microsoft Entra ID by abusing Intune permissions (DeviceManagementConfiguration.ReadWrite.All) granted to Entra ID service principals. We also offer suggestions and corrective actions to stop and identify this kind of attack.

A pretext

The client had a well-developed security architecture that adhered to the Enterprise Access model suggested by Microsoft, which included:

An Active Directory-based on-premises setting that adheres to the Tiered Model.

A Microsoft Entra Connect Sync-synchronized Entra ID environment that synchronizes on-premises identities and groups with Entra ID. PAWs, which were completely cloud-native and controlled by Intune Mobile Device Management (MDM), were used to administrate this environment. They were not connected to the on-premises Active Directory system. To access these systems, IT managers used a specific, cloud-native (non-synced) administrative account. These cloud-native administrative accounts were the only ones allocated Entra ID roles (Global Administrator, Privileged Role Administrator, etc.).

A robust security barrier was created by separating administrative accounts, devices, and privileges between the Entra ID environment and the on-premises environment:

Because Entra ID privileged roles are associated with unique, cloud-native identities, a compromise of the on-premises Active Directory cannot be utilized to compromise the Entra ID environment. This is an excellent practice for Microsoft.

An “air gap” between the administration planes of the two environments is successfully created by using distinct physical workstations for administrative access to cloud and on-premises resources. Attackers find it very challenging to get through air gaps.

Strong Conditional Access regulations imposed by Privileged Identity Management assigned roles to the administrative accounts in Entra ID, necessitating multi-factor authentication and a managed, compliant device. Additionally, Microsoft recommends these best practices.

Attack Path

One of the objectives of the evaluation was to assign the Mandiant Red Team the task of obtaining Global Administrator access to the Entra ID tenant. Mandiant was able to add credentials to Entra ID service principals (microsoft.directory/servicePrincipals/credentials/update) by using a variety of methods that are outside the purview of this blog post. This gave the Red Team the ability to compromise any preloaded service principal.

There are a number well-known methods for abusing service principal rights to get higher permissions, most notably through the usage of RoleManagement.See AppRoleAssignment and ReadWrite.Directory.Application and ReadWrite.All.ReadWrite.All rights for Microsoft Graph.

However, the Mandiant Red Team had to reconsider their approach because none of these rights were being used in the customer’s environment.

Mandiant found a service principle that was given the DeviceManagementConfiguration after using the superb ROADTools framework to learn more about the customer’s Entra ID system.Go ahead and write.Permission is granted.Image credit to Google Cloud

The service principal is able to “read and write Microsoft Intune device configuration and policies” with this authorization.

Clients running Windows 10 and later can execute the unique PowerShell scripts used by Intune for device management. Administrators have an alternative to configuring devices with settings not accessible through the configuration policies or the apps section of Intune by using the ability to run scripts on local devices. When the device boots up, management scripts with administrator rights (NT AUTHORITY\SYSTEM) are run.

The configuration of Device Management.Go ahead and write.To list, read, create, and update management scripts via the Microsoft Graph API, all permissions are required.

The Microsoft Graph API makes it simple to write or edit the management script. An example HTTP request to alter an existing script is displayed in the accompanying figure.PATCH https://graph.microsoft.com/beta/deviceManagement/ deviceManagementScripts/<script id> { "@odata.type": "#microsoft.graph.deviceManagementScript", "displayName": "<display name>", "description": "<description>", "scriptContent": "<PowerShell script in base64 encoding>", "runAsAccount": "system", "enforceSignatureCheck": false, "fileName": "<filename>", "roleScopeTagIds": [ "<existing role scope tags>" ], "runAs32Bit": false }

The caller can provide a display name, file name, and description in addition to the Base64-encoded value of the PowerShell script content using the Graph API. Depending on which principle the script should be run as, the runAsAccount parameter can be set to either user or system. RoleScopeTagIds references Intune’s Scope Tags, which associate people and devices. The DeviceManagementConfiguration can likewise be used to construct and manage them.Go ahead and write. Permission is granted.

The configuration of Device Management.Go ahead and write.By changing an existing device management script to run a PowerShell script under Mandiant’s control, Mandiant was able to go laterally to the PAWs used for Entra ID administration with full authorization. The malicious script is run by the Intune management script when the device reboots as part of the user’s regular workday.

By implanting a command-and-control device, Mandiant could give the PAWs any instructions. The Red Team obtained privileged access to Entra ID by waiting for the victim to activate their privileged role through Azure Privileged Identity Management and then impersonating the privileged account (for example, by stealing cookies or tokens). By taking these actions, Mandiant was able to fulfill the assessment’s goal and gain Global Administrator rights in Entra ID.

Remediation and Recommendations

To avoid the attack scenario, Mandiant suggests the following hardening measures:

Review your organization’s security principals for the DeviceManagementConfiguration.ReadWrite.All permission:  DeviceManagementConfiguration should be handled by organizations that use Microsoft Intune for device management.Go ahead and write.Since it grants the trustee authority over the Intune-managed devices and, consequently, any identities connected to the devices, all permissions are considered sensitive.

Mandiant advises businesses to routinely check the authorizations given to Azure service principals, with a focus on the DeviceManagementConfiguration.Along with other sensitive permissions (like RoleManagement), there is the ReadWrite.All permission.See AppRoleAssignment and ReadWrite.Directory.Application and ReadWrite.All.ReadWrite.All.

Businesses that manage PAWs with Intune should exercise extra caution when assigning Intune privileges (either via DeviceManagementConfiguration).Use Entra roles like Intune Role Administrator or ReadWrite.All.

Enable Intune’s multiple admin approval: Intune allows you to use Access Policies to demand a second administrator’s approval before applying any changes. By doing this, an attacker would be unable to use a single compromised account to create or alter management scripts.

Think about turning on activity logs for the Microsoft Graph API: Graph API Activity logs, which provide comprehensive details about Graph API HTTP requests made to Microsoft Graph resources, can be enabled to aid in detection and response efforts.

Make use of the features that Workload ID Premium licenses offer: With a Workload-ID Premium license, Mandiant suggests using these features to:

Limit the use of privileged service principals to known, reliable places only. By guaranteeing that only trustworthy places are used, this reduces the possibility of unwanted access and improves security.

Enable risk detections in Microsoft Identity Protection to improve service principal security. When risk factors or questionable activity are found, this can proactively prohibit access.

Keep an eye on service principal sign-ins proactively: Monitoring service principal sign-ins proactively can aid in identifying irregularities and possible dangers. Incorporate this information into security procedures to set off notifications and facilitate quick action in the event of unwanted access attempts.

Mandiant has a thorough grasp of the various ways attackers may compromise their target’s cloud estate with some hostile emulation engagements, Red Team Assessments, and Purple Team Assessments.

Read more on Govindhtech.com

Harnessing the Capabilities of Hybrid Multi-Cloud Architecture

In today's digital era, organizations are increasingly leveraging cloud computing to drive innovation, enhance agility, and reduce costs. While the initial wave of cloud adoption focused on single-cloud solutions, businesses are now adopting more sophisticated strategies such as hybrid multi-cloud architecture. This approach combines the advantages of multiple cloud environments—public, private, and on-premises—to create a flexible, scalable, and resilient IT infrastructure. In this blog post, we will examine the benefits, challenges, and key considerations associated with hybrid multi-cloud architecture.

Understanding Hybrid Multi-Cloud Architecture

Hybrid multi-cloud architecture involves the integration of multiple cloud services and on-premises infrastructure to deliver a unified computing environment. This strategy utilizes various cloud platforms such as AWS, Microsoft Azure, Google Cloud, and private clouds, enabling organizations to optimize workloads and achieve greater flexibility. The hybrid aspect denotes the combination of on-premises and cloud resources, while multi-cloud refers to the utilization of multiple cloud providers.

Benefits of Hybrid Multi-Cloud Architecture

1. Flexibility and Scalability

Hybrid multi-cloud architecture provides exceptional flexibility and scalability. Organizations can select the most appropriate environment for each workload, whether it be a public cloud for enhanced scalability, a private cloud for heightened security, or on-premises infrastructure for legacy applications. This flexibility enables companies to adjust resources according to demand, ensuring optimal performance and cost-efficiency.

2. Cost Optimization

By strategically allocating workloads across various environments, organizations can achieve cost optimization. For example, non-sensitive workloads can be hosted on cost-effective public clouds, while mission-critical applications can reside on-premises or in private clouds. This strategy reduces expenditure on expensive infrastructure while maximizing resource utilization.

3. Enhanced Security and Compliance

Hybrid multi-cloud architecture improves security by allowing organizations to maintain control over sensitive data. Sensitive information can be retained in private clouds or on-premises systems, while public clouds can be utilized for less critical data. This segregation aids in meeting regulatory requirements and ensuring compliance with industry standards.

4. Risk Mitigation and Resilience

Utilizing multiple cloud providers mitigates the risk of vendor lock-in and enhances resilience. In the event of a service outage or disruption with one provider, businesses can seamlessly transition workloads to another cloud platform. This multi-cloud strategy ensures high availability and business continuity, thereby minimizing the risk of downtime.

5. Optimized Performance

Different cloud providers have distinct areas of excellence. By adopting a hybrid multi-cloud approach, businesses can capitalize on the unique strengths of each platform. For instance, an organization might leverage AWS for its extensive machine learning services, Azure for its integration with Microsoft products, and Google Cloud for its data analytics capabilities. This optimized performance results in greater overall efficiency and effectiveness.

Challenges of Hybrid Multi-Cloud Architecture

While hybrid multi-cloud architecture offers numerous benefits, it also presents several challenges:

1. Complexity in Management

Managing multiple cloud environments can be intricate and necessitates specialized skills. Organizations require robust cloud management tools and practices to effectively monitor, manage, and optimize their hybrid multi-cloud infrastructure.

2. Data Integration and Interoperability

Ensuring seamless data integration and interoperability between different cloud environments can be demanding. Organizations need to establish standard protocols and utilize integration tools to enable smooth data flow across platforms.

3. Security and Compliance

While hybrid multi-cloud architecture can enhance security, it also introduces complexity in maintaining consistent security policies and compliance across various environments. Businesses must implement comprehensive security measures and adhere to strict compliance protocols.

Key Considerations for Implementing Hybrid Multi-Cloud Architecture

1. Strategic Planning

Commence with a well-defined strategy that outlines your business objectives, workload requirements, and cloud adoption roadmap. Determine which workloads are optimally suited for public clouds, private clouds, and on-premises infrastructure.

2. Robust Cloud Management

Invest in sophisticated cloud management tools that offer visibility, automation, and control over your multi-cloud environment. These tools facilitate performance monitoring, resource management, and compliance assurance.

3. Strong Security Measures

Implement robust security measures, including encryption, identity and access management, and regular security audits. Ensure that security policies are uniformly applied across all environments.

4. Skilled Workforce

Equip your IT team with the requisite skills and knowledge to manage and operate a hybrid multi-cloud architecture. Ongoing training and development are crucial to staying abreast of the evolving cloud landscape.

Conclusion

Hybrid multi cloud architecture represents the future of cloud computing, providing a flexible, scalable, and resilient approach to IT infrastructure management. By leveraging the strengths of multiple cloud providers alongside on-premises systems, organizations can optimize performance, reduce costs, enhance security, and ensure business continuity. Successful implementation, however, necessitates careful planning, robust management, and a skilled workforce. Embrace the capabilities of hybrid multi-cloud architecture to unlock new opportunities and propel your business forward in the digital age.

Exploring the Azure Technology Stack: A Solution Architect’s Journey

Kavin

As a solution architect, my career revolves around solving complex problems and designing systems that are scalable, secure, and efficient. The rise of cloud computing has transformed the way we think about technology, and Microsoft Azure has been at the forefront of this evolution. With its diverse and powerful technology stack, Azure offers endless possibilities for businesses and developers alike. My journey with Azure began with Microsoft Azure training online, which not only deepened my understanding of cloud concepts but also helped me unlock the potential of Azure’s ecosystem.

In this blog, I will share my experience working with a specific Azure technology stack that has proven to be transformative in various projects. This stack primarily focuses on serverless computing, container orchestration, DevOps integration, and globally distributed data management. Let’s dive into how these components come together to create robust solutions for modern business challenges.

Understanding the Azure Ecosystem

Azure’s ecosystem is vast, encompassing services that cater to infrastructure, application development, analytics, machine learning, and more. For this blog, I will focus on a specific stack that includes:

Azure Functions for serverless computing.

Azure Kubernetes Service (AKS) for container orchestration.

Azure DevOps for streamlined development and deployment.

Azure Cosmos DB for globally distributed, scalable data storage.

Each of these services has unique strengths, and when used together, they form a powerful foundation for building modern, cloud-native applications.

1. Azure Functions: Embracing Serverless Architecture

Serverless computing has redefined how we build and deploy applications. With Azure Functions, developers can focus on writing code without worrying about managing infrastructure. Azure Functions supports multiple programming languages and offers seamless integration with other Azure services.

Real-World Application

In one of my projects, we needed to process real-time data from IoT devices deployed across multiple locations. Azure Functions was the perfect choice for this task. By integrating Azure Functions with Azure Event Hubs, we were able to create an event-driven architecture that processed millions of events daily. The serverless nature of Azure Functions allowed us to scale dynamically based on workload, ensuring cost-efficiency and high performance.

Key Benefits:

Auto-scaling: Automatically adjusts to handle workload variations.

Cost-effective: Pay only for the resources consumed during function execution.

Integration-ready: Easily connects with services like Logic Apps, Event Grid, and API Management.

2. Azure Kubernetes Service (AKS): The Power of Containers

Containers have become the backbone of modern application development, and Azure Kubernetes Service (AKS) simplifies container orchestration. AKS provides a managed Kubernetes environment, making it easier to deploy, manage, and scale containerized applications.

Real-World Application

In a project for a healthcare client, we built a microservices architecture using AKS. Each service—such as patient records, appointment scheduling, and billing—was containerized and deployed on AKS. This approach provided several advantages:

Isolation: Each service operated independently, improving fault tolerance.

Scalability: AKS scaled specific services based on demand, optimizing resource usage.

Observability: Using Azure Monitor, we gained deep insights into application performance and quickly resolved issues.

The integration of AKS with Azure DevOps further streamlined our CI/CD pipelines, enabling rapid deployment and updates without downtime.

Key Benefits:

Managed Kubernetes: Reduces operational overhead with automated updates and patching.

Multi-region support: Enables global application deployments.

Built-in security: Integrates with Azure Active Directory and offers role-based access control (RBAC).

3. Azure DevOps: Streamlining Development Workflows

Azure DevOps is an all-in-one platform for managing development workflows, from planning to deployment. It includes tools like Azure Repos, Azure Pipelines, and Azure Artifacts, which support collaboration and automation.

Real-World Application

For an e-commerce client, we used Azure DevOps to establish an efficient CI/CD pipeline. The project involved multiple teams working on front-end, back-end, and database components. Azure DevOps provided:

Version control: Using Azure Repos for centralized code management.

Automated pipelines: Azure Pipelines for building, testing, and deploying code.

Artifact management: Storing dependencies in Azure Artifacts for seamless integration.

The result? Deployment cycles that previously took weeks were reduced to just a few hours, enabling faster time-to-market and improved customer satisfaction.

Key Benefits:

End-to-end integration: Unifies tools for seamless development and deployment.

Scalability: Supports projects of all sizes, from startups to enterprises.

Collaboration: Facilitates team communication with built-in dashboards and tracking.

4. Azure Cosmos DB: Global Data at Scale

Azure Cosmos DB is a globally distributed, multi-model database service designed for mission-critical applications. It guarantees low latency, high availability, and scalability, making it ideal for applications requiring real-time data access across multiple regions.

Real-World Application

In a project for a financial services company, we used Azure Cosmos DB to manage transaction data across multiple continents. The database’s multi-region replication ensure data consistency and availability, even during regional outages. Additionally, Cosmos DB’s support for multiple APIs (SQL, MongoDB, Cassandra, etc.) allowed us to integrate seamlessly with existing systems.

Key Benefits:

Global distribution: Data is replicated across regions with minimal latency.

Flexibility: Supports various data models, including key-value, document, and graph.

SLAs: Offers industry-leading SLAs for availability, throughput, and latency.

Building a Cohesive Solution

Combining these Azure services creates a technology stack that is flexible, scalable, and efficient. Here’s how they work together in a hypothetical solution:

Data Ingestion: IoT devices send data to Azure Event Hubs.

Processing: Azure Functions processes the data in real-time.

Storage: Processed data is stored in Azure Cosmos DB for global access.

Application Logic: Containerized microservices run on AKS, providing APIs for accessing and manipulating data.

Deployment: Azure DevOps manages the CI/CD pipeline, ensuring seamless updates to the application.

This architecture demonstrates how Azure’s technology stack can address modern business challenges while maintaining high performance and reliability.

Final Thoughts

My journey with Azure has been both rewarding and transformative. The training I received at ACTE Institute provided me with a strong foundation to explore Azure’s capabilities and apply them effectively in real-world scenarios. For those new to cloud computing, I recommend starting with a solid training program that offers hands-on experience and practical insights.

As the demand for cloud professionals continues to grow, specializing in Azure’s technology stack can open doors to exciting opportunities. If you’re based in Hyderabad or prefer online learning, consider enrolling in Microsoft Azure training in Hyderabad to kickstart your journey.

Azure’s ecosystem is continuously evolving, offering new tools and features to address emerging challenges. By staying committed to learning and experimenting, we can harness the full potential of this powerful platform and drive innovation in every project we undertake.

Sunlit Moonrise | Daechwita Min Yoongi/Agust D x OC (Royalty/Fantasy AU)

Sunlit Moonrise Masterlist

<Previous Chapter

Next Chapter>

!!SUNLIT MOONRISE IS A MULTI-CHAPTER STORY AND NOT A ONE-SHOT SO IT DOES NOT MAKE SENSE IF YOU READ SINGLE CHAPTERS OUT OF CONTEXT. IF YOU ENJOYED THIS PLEASE READ PREVIOUS CHAPTERS LINKED ABOVE TO UNDERSTAND THE ENTIRE STORY!!

Chapter 7: The Dowager Vixen

The final approach to Vulstis Keep makes Aine sink in on herself. Her white and gold dress to honour Nocriam feels more like a flag of surrender for one about to enter a den of angry foxes. The weathered turrets and coal-soaked walls force the vast castle to emulate the appearance of a looming storm cloud that never goes away. A storm cloud that haunts Aine's nightmares, no matter how shiny her father commanded the white marble of the Hall of Witnesses be kept. Braelyn observes Aine closely, strawberry blonde hair pulled back into its convenient bun so she can easily trail every line of Aine's face for an inclination of the red-haired woman's mood. 

Aine may be a fantastic warrior, but she lacks the art of lady-like subtlety. She cannot mask her emotions well under ridiculous flattery or false smiles. As she drives a sword through her enemy's heart on the battlefield, there is no need to play pretend. Braelyn, however, would sweetly convince you she is your most loyal friend whilst shoving a knife through your back. 

Braelyn is chuffed that she has trumped the heir to the great Sampson name at yet something else. A trait much more favourable in the Vulstis Court, too. 

"What are you so happy about?" Aine snaps, screwing her face up in contempt. 

It seems Braelyn is so chuffed that she let her precious facade slip. Her father, Lord Berach Highmarch, would have scorned her to the high heavens if he had just witnessed that. 

The carriage comes to a halt and the horses whinny, signalling they have finally arrived at the stables of Vulstis Keep. 

"Just that we are finally here, I was beginning to get motion sickness." Braelyn lies smoothly, offering Aine a reassuring smile. 

Aine sneers at her like a wild cat. She cannot quite place it, but from refusing to say what her father had discussed with her, to the sinister look she was giving her when she awoke with a splitting headache, to the way she lightly glazes over everything as if it is fine, Braelyn is becoming rather sickening. 

A guard opens the door, a strong smell of manure wafting in courtesy of a chilling breeze. "This way, m'lady."

Well, at least they're not calling me Goddess now. Part of King Min's sudden 'be nice' plan, perhaps?

Before Aine can delve deeper into the twisted mind of the man she hates, she's traipsing through a mix of mud and horse poo into what appears to be a service entrance to the castle. 

Be nice, but not that nice, she remarks in her head, taking note of how the mess on the floor has completely desecrated the colours of Nocriam represented on her dress. She has waded through pools of blood and piles of amputated limbs, and yet some mud feels significantly more offensive. 

Though weathered from the outside, Vulstis Keep sports grand gothic architecture and design on the inside. The only similarity is that the inside is still coated in coal dust, no matter how many scullery maids are scrubbing away. Aine remembers that much from her days at Court and the long hours her and her mother would spend promenading with the other ladies whilst her father and the men flexed their egos in the Council Room. The only woman allowed in the council meetings back then was the previous queen, Min Chinsun. She is now known as The Dowager Vixen because of her sharp tongue and blatant honesty.

After climbing a vaguely familiar spiralling staircase and being guided to a door at the end of a sprawling corridor, the Vulstis guard clicks his heels together, dismissing himself. As the door swings open and Aine examines the grand fireplace and the elegant canopies that encapsulate the large bed, memories of her mother plaiting her hair and singing her folk songs flash before her eyes. This room. This very room is where she used to stay when her father was called to Court. 

"M'lady?" Braelyn asks, wondering why Aine is frozen at the threshold of a seemingly normal-looking room. 

"Leave me." Aine commands blankly, almost falling into the room as her steps are weighed down with memories of her mother.

"Yes, m'lady." Braelyn says, swiftly turning and rushing off to inform her Vulstis connections about Aine's saddened state upon seeing the room. It's all she can do to contain the smirk threatening to form on her lips. She's a proper lady, and must contain herself.

Meanwhile, Aine runs her fingers along every ledge, crevice and crack in the room. Instead of seeing the extravagant gothic architecture, she sees the windowsill as her mother's favourite spot to sit and recite her morning prayers to the Sun God. The cracked floorboard just to the right of the fireplace is not a malfunction, but instead where she used to cradle Aine in her lap as her fingers expertly wove Aine's hair into an intricate up-do. A single tear escapes the corner of Aine's eye, paralysing her cheek as it falls. Paralysing her face. She does not know what to do, she has not cried in so long. 

"Excuse me, m'lady, we have come to prepare you for the induction meeting with the Council." an unfamiliar voice announces.

Surprise, then frustration. They are emotions Aine is used to. Swiping underneath her eyes and swivelling around, she comes face-to-face with a band of Vulstis servants carrying things ranging from a dress to makeup to gold jewellery. Braelyn is nowhere in sight. 

"Right. Come in." 

Surprisingly, the dress she is shoved in is not black nor gold, but emerald green. Aine's instincts tell her that is not much better considering Vulstis's stone is the emerald. Although a Lady's role in the Vulstis Court is much more conservative than in Nocriam, their dress code certainly does not reflect this as the dress's suffocating corseted top and plunging neckline leave barely anything to the imagination. Aine's hair is wrestled into an elaborate plaited up-do to reveal the contours of her neck and collarbones and compliment the angles of her face and jawline. The servants are not as gentle as her mother used to be, yanking so hard to the point where Aine is convinced they are trying to rip the red right out of her scalp. Multiple gold jewellery pieces are draped from her neck, ears and wrists. 

She no longer looks like Princess Aine Sampson of Nocriam, the fearless warrior who sliced the skin clean off King Min's forearm. No. She looks like an object of desire. An emerald to be admired and gawked at. And now she's walking into the Council full of men who probably set this whole thing up to boost their egos.

For the first time in her life, Aine will see the Council Room. To say it is underwhelming is an understatement. Aside from some tapestries depicting the history of Vusltis on the walls, it just has the same interior as the rest of the castle. A glossy wooden table paired with some gem-encrusted chairs to flaunt their trade of coal and gemstone mining is placed in the middle, and that about sums up the furnishings in the room, excluding the essentials such as candles and draping for the window.

As for the people, they stare at her like six hungry foxes whilst taking leisurely sips from their wine cups. Aine recognises each and every one of them, either from her time at Vulstis Court when she was younger or from recent encounters. Lord Berach Highmarch, a highly ambitious man who was always after the reputation and acclaim the Sampsons had in Vulstis. Looks like he finally got it. Sir Caim Davys, a wise old man of the people, a sly swordsman, and Aine's first ever combat and archery teacher. Her heart aches a bit at the sight of him. Sir Mermin Conall, Vulstis's Head of the Royal Guard and known charmer, no matter how much he ages. Aine has had a fair few duels with him on the battlefield. And of course, Advisor Hwang, The Dowager Vixen, and King Min. 

"Ah, so this is what you look like without all your weaponry and I'm-going-to-kill-you get up! Not bad." Advisor Hwang says teasingly, that fake smile back on his face.

Aine's lip twitches and she considers strangling him with one of her necklaces, but after eyeing Sir Conall and Sir Davys, she decides against it. 

"I've already got a headache and we haven't even started yet, at least let the girl sit down before hurling your insufferable egos at her." a voice cracks through the air like a whip, as if you have to listen and obey or else. 

"Yes, ma'am." Advisor Hwang mumbles, tottering off to his seat beside King Min with his tail between his legs.

Aine takes a seat the furthest away from anyone else, partly because she does not want to be near any of these people, and partly because her dress is so big it does not allow her enough room to sit near anyone. She glances up at the owner of the voice, Min Chinsun, aka The Dowager Vixen, and notices her grey hair is fixed into a similar hairstyle as hers. Granted, she is wearing royal ornaments in it, whereas Aine is not. However, she is not bothered by it. She is wearing it with such dignity and fierceness, despite sitting at a table with men she just deemed have 'insufferable egos'. The wrinkles on her face only add to her prowess, painting her as wise and all-knowing, making her opinions valued, rather than weak and ageing. The makeup around her eyes is dark and dramatic, meaning anyone who meets her brown-eyed glare is facing off with an even more intimidating sight. It is enough to make anyone second-guess what they are saying. Considering King Min's silence up until this point, he dares not to question his mother either.

"Welcome, or should I say, welcome back to the Kingdom of Vulstis, Aine Sampson, Goddess of the Land." King Min says, raising his cup. 

Aine furrows her brows. 

"I didn't fix Coimeach Pass. What if your people go there and find out it's still ransacked? I don't think they'll be too pleased." Aine points out, hoping a revolt of Vulstis's common people will be her ticket out of here and the key to Nocriam's victory.

"No...but we did." Sir Conall perks up, smirking. 

I'm being used. Just like the emerald I'm dressed up as.

"You expect me to just sit back and be your pawn? That arrow was a warning, but rest assured you shall end up like King Ailill Olom- maimed by the Goddess you kidnapped!" Aine yells, slamming her fists on the table. 

King Min flinches, his reaction taking Aine slightly aback.

"For such a disciplined warrior, you sure do have a short fuse. Emotions will be the death of you, child, especially when there are so many vultures waiting to feed off of that." Min Chinsun assesses, sighing. 

Aine's eyes widen at how right she is, but in a moment of bubbling emotion continues on to vent her reasoning. "Maybe because the same kingdom that took away my mother and forced me into warfare is now trying to take me away from my father! All I can think about is how the Goddess Aine got her revenge- why can't I? Why must I be the one to continue to suffer losses at the hands of a man that has seemingly hated me from the moment I was born?" 

Something that somewhat resembles guilt and sympathy flashes across King Min's dark eyes, but it's gone before Aine can fully examine it. 

"Regardless, the world is cruel. People will use your emotion whether that is love, or the people you love, to get to you. You have to get that under control if you want to survive. Dying won't help your father. Maiming my son certainly will not." Min Chinsun says more harshly than before. There's no sympathy in her eyes, only openness. Telling you she's being nothing but honest, a complete contrast to her son whose eyes are nothing but closed-off. 

"Besides, what you just insinuated against our king is treasonous, you ought to be sent to the dungeons for such words!" Lord Highmarch accuses.

"Oh, do shut up, you old fart. We all know why you really want her in the dungeons." The Dowager Vixen shuts him down, Aine catching her meaning immediately. He hates the Sampsons because he envies them. She's surprised he hasn't asked for Coimeach Pass yet since it's been restored. He constantly complained to Aine's father that Arionnach Hill (pronounced Ah-ree-oh-nak), the Highmarch residence, was too far away from Vulstis Keep. 

"It's not like I was going to let the girl anywhere near the armoury, anyway. I may be old, but I'm not stupid." Sir Davys scoffs, sending a wink Aine's way. 

"Well then, I'd say that's that for this introductory meeting. I do have other things to attend to. Or do you men have some dick measuring to add onto this, because I'd much rather skip that?" Min Chinsun says curtly. 

King Min looks a little put out that his mother ended the Council meeting for him. Or was it that she mentioned his nether regions? 

As for Advisor Hwang, well, the smile is long gone and his expression finally matches his eyes. It is one of loathing, but who it is directed at, Aine cannot tell. What she can tell, though, is that she can rely on The Dowager Vixen to get things done, and in a brutally honest way at that.

✼　 ҉ 　✼　 ҉ 　✼　 ҉ 　✼　 ҉ 　✼　 ҉ 　✼

A/N: I can't tell you how much I enjoyed writing this chapter! Min Chinsun's introduction was SO fun...for someone as cold as King Min, I felt like he had to have a mother that commands attention and respect, no matter who is in the room. 

Hope Aine and Sir Davys can reconnect, too! 

I also want to thank you for all the likes and reblogs on Sunlit Moonrise so far, it means a lot! I am the 'Gardener' type of writer, as G RR Martin coined it, so I tend to build the story and world alongside the characters, rather than planning everything ahead from start to finish. 

<Previous Chapter

Next Chapter>

Chapter 1

Sunlit Moonrise Masterlist