Category Archives: Azure

Azure Resource Manager

Azure Resource Manager– Step 2–Copy and Public IPs

Published by:

Previously on Overcast: Azure Resource Manager–First Steps

For my next trick, I will try to deploy two VMs, on the same VNET and add external access endpoints. For that, we will require two new items for our collection: loops and external endpoints.

Let’s start with the loops.

Loops are implemented by the copy directive:

image

For the number of instances, as you may have noticed, I have created a variable to make things easier.

The interesting part is that the index of the copy is available for you to use, for example, in the name of the objects:

image

Same for the VMs:

image

Also note that you need to think in loop, so, each iteration will create a dependency on the specific NIC:

image

And each VM needs a different VHD:

image

OK, so let’s give it a spin:

image

Looks OK:

image

And it seems fine!

image

and here:

image

Now, the next step is to add an external IP to the VM. The IP is actually added to each NIC.

When you use the wizard, it is not smart enough to know you are using copy and creating multiple interfaces, but it is a good start. Again, you have to think in loops and variables, so you’ll need to change a few things.

First, the name:

image

I’ve created a publicIPName variable and added the copyindex, so the name will be like <publicIPName>0, <publicIPName>1,etc.

I have also created a DNS prefix instead of a name, since I will add a copyindex to it:

image

remember the rules: the dns name must be unique and lowercase.

The last part is to assign the IP to a NIC. First the dependency:

image

then the actual IP:

image

After the deployment finishes, here’s what you get:

image

And since I have an external IP, I can even RDP to the VM:

image

Summary

– We have learned how to copy instances of an object to create many

– We have learned how to add public IPs to the VMs

You can find the final Deployment file here.

Hope this helps!

Azure Resource Manager

Azure Resource Manager–First Steps

Published by:

image

After struggling with Azure Resource Manager for a while and feeling like I didn’t understand the details and nuances of the model, I’ve decided to explorer some of the elements in detail.

The first one I’d like to touch is a Virtual Machine. Very common and very basic to any IaaS deployment.

Let’s see what Visual Studio 2015 will give us.I have created an empty project and will try to add the Resources manually:

image

As one would expect, any VM will need to be stored somewhere and have a network card. So, it makes more send to create both before. But we can follow the wizard for now:

image

image

So far, so good:

image

Now, for the VNET:

image

image

image

Ok, after clicking the final Add, here’s what I get:

image

All this is stored in the DeploymentTemplate.json file.

Visual Studio’s wizard creates and assumes a lot of thins, like the Parameters, for example:

image

On a real automated deployment, some of these won’t be manually entered and seed variable might be the best option.

Speaking of which, the variables get created very quickly by the wizard:

image

And notice the definition:

image

Let’s take a look at some of them, starting by the VNET. It assumes one VNET, with 10.0.0.0/16 prefix and two subnet, which I didn’t actually requested (10.0.0.0/24 and 10.0.1.0/24). May not be a bad idea, but we’ll need to review what we need and we don’t. Also, not the names of the Subnets. If you want it to be easy to ready, you should rename those to Frontend/Backend. Or Internal and DMZ.

image

Not for the OS disk, it will use:

image

Ok, for now. For the VM Size, however, Microsoft recommends a much larger machine, which might not be really necessary:

image

So, here’s what I’ve changed so far:

image

Back to the parameters, note that you can allow valid options for the parameters:

image

If the parameters is not specified in the DeploymentTemplate.param.dev.json file, the user will be prompted either here or in the new Azure Portal, which is initially empty:

image

 

Now for the resources themselves, starting with the VNET. Note the // characters as comments. This is not officially supported outside of visual studio. JSON officially won’t allow comments. But for didactic purposes…anything.

image

The the NIC:

image

Before we look at the VM, let’s see the storage account:

image

And finally, the VM:

image

Ok, so what we have is very simple:

image

So, let’s deploy it:

image

On my first try, VS 2015 crashed completely on me for no reason…Second, same thing. Something must be wrong. What about those comments…no luck. It must be something with 2015 RTM and Windows 10. After switching to VS 2013, I can start the deployment:

image

I will create a new Resource Group:

image

image

Now edit the Parameters:

image

And Deploy!

It started to move:

image

And there is a Resource group in the portal:

image

10 minutes later, nothing had happened. I assume something went wrong, like a parameter with an invalid content or something like that.

Before I start trying to troubleshoot, I’ve decided to check a few pre-requisites that might be outdated, like Azure Powershell. I’ve found out I had a version from may and there is a newer one from August 2015, so, let’s upgrade it.

image

I will start clean now, by using PoSh to deploy it. Before I start I will delete the Resource Group in the portal:

image

image

You should have it open in PoSh ISE:

image

To work from here, you’ll need to authenticate and you do that by using Add-AzureAccount.

After running the script (reminder: enable scripts by setting the Execution policy!), I’ve got a significant error:

image

Storage account names must be all lowercase, 3 to 24 characters. As you can see, I had it wrong in the parameters:

image

However, some components were created:

image

Since the VM depends on the storage account, it couldn’t be created. Let’s do it all from the beginning. Hit F5:

image

Using east us. Type in the admin user password. And let’s see.

image

It seems I have forgotten everything about windows and computer names. It is the cloud! It should just work! Smile

However, it won’t. It is still governed by the regular rules and you have to know what you are doing!!!

Let’s try again, just so we never forget! This time, I will change the VM name:

image

Bingo!

image

Meanwhile, in the portal:

image

Note the extra interface there. This happened because I decided not to wipe the Resource Group before trying again and the name of the interface is created concatenating the VMName, so, the previous one is still there.

You may simply wipe the interface:

image

So, I hope this helps you to give the first steps using Azure Resource Manager! If you are feeling bold, make sure you check this link out. There is a lot of templates ready to be used.

Azure

Azure Logic Apps–First look

Published by:

I’ve recently got a note from a good MVP pal Daniele Grandini about Azure Logic Apps. If you are like me, I had not heard about it before, although I spend a good chuck of my time working with Azure services. That’s how Azure is. There is always something new and cool to be looked at. But I digress. Let’s take a look at Logic Apps.

You can find it in the new portal:

image

Then you need to select a pricing tier. Note that the tiers are the same to this and to websites, which of course, makes me think the Logic Apps all run as Web Services/Web Apps.

image

You are then asked to set up a trigger. You can start it manually as well. So, the first thing I thought about was to send myself a summary of Microsoft Azure related tweets on a daily basis. I know I have enough e-mails but often I can’t skim through all the tweets everyday.

So, I’ve setup a recurrence:

image

Every day:

image

Ok, but at what time? Let’s see it later. Once you click the check mark, you are asked to set the first step. I believe I will need to connect to twitter:

image

image

You, of course, need to authorize it. You will need to logon and click as below:

image

 

Interestingly enough, you can read and write information:

image

I’m going to try and search tweets with the #MicrosoftAzure tag:

image

Let’s then send that list to me, using, of course, office 365!

image

You again, will need to authorize:

image image

Then I will simply send me an email with the tweets content:

image

Just after creating the logic app, I’ve got the e-mail:

image

So, to answer the question about the time for the recurrence, it seems it will be 24 hours from the first creation.

But there is a way and the answer is documented here: https://msdn.microsoft.com/en-us/library/azure/dn948511.aspx

Click on CodeView:

image

Ok, don’t panic with all the code in there. It is all good. Smile

Look for the “Triggers” section:

image

Add the starttime parameter as below (don’t forget the comma in the previous line):

image

Save it. And wait…

In a nutshell, it seems like a very handy mechanism to create basic and complex workflows, with great capabilities and breadth.

 

Hope this helps!

Azure SCVMM

Connecting your Virtual Machine Manager infrastructure to Azure

Published by:

System Center Virtual Machine Manager 2012 R2 Update Rollup 6 has been recently released and one of the most exciting features is the ability to connect to your Azure workloads. Let’s then take a look at how to do that:

First, make sure you VMM Server is running fine and has UR6 deployed to it.

For the the actual connection, you will need a few things:

Access to the console

Subscription ID

Certificate

To get you subscription ID, you can go to your Azure console, under settings:

image

To get a certificate and import it into azure, check this link:

https://msdn.microsoft.com/en-us/library/azure/gg551722.aspx

 

Make sure that you import the certificate into the User Personal Store as recommended:

image

 

Now, having all that, you can start the VMM configuration:

image

 

Paste in your Subscription and ID and browse for the certificate:

image

 

After a few seconds, you should see your Azure workloads there:

image

The operations you can perform are relatively limited:

image

Hope this helps!

Azure Linux

Run a command in a Linux Azure VM

Published by:

Here’s my scenario: I have a tomcat Ubuntu server that I wanted to log on to. Problem: can’t remember the password. Can’t actually remember the users I have created.

There are more than one solution, but here’s what I have used.

I wanted to list the existing users. An old trick from my Unix days was to dump the content of the /etc/passwd file, where you can see the usernames. Since my Azure VM has an agent, I can take advantage of the Linux Extensions and compose the following powershell:

 

#Enter the VM name and Service name
$vm = Get-AzureVM -ServiceName “MyServiceName” -Name “mytocam”
#Specify the command to execute
$PublicConfiguration = ‘{“commandToExecute”: “cat /etc/passwd”}’

#Deploy the extension to the VM
$ExtensionName = ‘CustomScriptForLinux’ 
$Publisher = ‘Microsoft.OSTCExtensions’ 
$Version = ‘1.*’
Set-AzureVMExtension -ExtensionName $ExtensionName -VM  $vm -Publisher $Publisher -Version $Version -PublicConfiguration $PublicConfiguration  | Update-AzureVM

 

Simple enough. Now you can see the results in the new and gorgeous portal:

image

And the results:

image

When I looked at the list, I even remembered that I had a specific user for monitoring that I used for SCOM. Done. I was in.

Any commands can be run this will, with full access.

 

Hope this helps!

Automation Azure MVA

Very Useful MVA Courses

Published by:

imageIf you have never checked Microsoft Virtual Academy, stop what you are doing and go check it! But grab a coffee first. There is a lot available to learn. I have separated a few very useful courses in the Azure side for you to take. I really encourage you to explore more and find other interesting ones and share with me and others.

Here’s the list!

Check out this course to explore the process of automating the cloud with Azure Automation. Find out how to get started and how to connect to Microsoft Azure. Learn how to import and publish a Connect-Azure runbook, and create and publish your first runbook. Finally, invoke Azure Automation runbooks, and discover next steps.

http://www.microsoftvirtualacademy.com/training-courses/automating-the-cloud-with-azure-automation?prid=ca_ITProMVP_ALL

IT Pros, are you planning to expand your datacenter into the cloud or exploring the possibility? Want to learn what it would take? In this course, get the information you need. Experts Aleksandar Đorđević and Predrag Jelesijević walk you through an overview and explore key scenarios in Microsoft Azure and Windows Server. They even show you practical demos that explore, in detail, how to create a site-to-site (S2S) virtual private network (VPN) connection and how to connect a site-to-site VPN.

http://www.microsoftvirtualacademy.com/training-courses/microsoft-azure-site-to-site-vpn?prid=ca_ITProMVP_ALL

Azure RemoteApp combines Windows application experience and powerful RDS capabilities on Azure’s reliable platform and helps IT to bring scale, agility, and global access to corporate applications. In this course, learn more about how to scale up or down to meet dynamic business needs without large capital expense or management complexity, how to provide access to corporate applications from anywhere, on any device, and how to centralize and protect corporate resources on the reliable Azure platform.

http://www.microsoftvirtualacademy.com/training-courses/corporate-apps-anywhere-anytime-with-microsoft-azure-remoteapp?prid=ca_ITProMVP_ALL

 

Hope this helps!

Azure

Azure Subscription Billing Alerts Preview

Published by:

In preview now, the Azure subscription Alerts feature will let you configure alerts regarding your usage

Simple steps to get there. If you don’t have a subscription yet, request a free monthly trial here.

Once you have you subscription setup, head to the preview page and request to join it.

image

You will shortly receive an welcome e-mail.

Once in, you can set up to 5 alerts:

image

Not a lot of options yet:

image

image

But useful nevertheless!

Once enabled, you should get a confirmation:

image

Happy ‘Clouding’!

Automation Azure Powershell

Stopping specific VMs every night with Azure Automation

Published by:

As many companies start to use Windows Azure as a development and test environment, the need for cost saving in the subscriptions start to become a real issue. I run into the same issue when trying to move at least part of my lab into Azure. I wanted it to be available, but I wanted some automated task to bring down everything that was non essential to the environment (my domain controller, for example).

So, I have decided to leverage a recently made public Azure feature called automation. Automation leverages PowerShell Workflow to perform automation tasks against your Azure environment.

Below you will find the steps on how to configure it.

Initial Setup

In order to run the workflow against your Azure VMs, you will need an Azure credential (AD User) that is an administrator of your subscription. So I went ahead and created a new AzureAdmin in my default directory and assigned subscription administration rights.

If you don’t know how to do that, you can check this post.

Now that you have your user, you can go ahead and create your automation account. For that go to the Automation section in the portal:

 

image

You should see something like this, if you never configured an account.

image

Create and account and choose a region.

image

Documentation doesn’t say specifically, but I assume the region, among other things, will define the timezone for the scheduling feature.

image

The last step before you actually create your runbook is to create a credential asset. For that you must go to your automation account->assets option:

image

Click on Add Setting:

image

Add a credential:

image and image

 

Finally, let’s create the Runbook!

image

I’m using a runbook available in the gallery and then I will do some customizations. Follow the steps below:

image

image

image

image

image

image

As you probably noticed, the Runbook will stop ALL VMs,so, that doesn’t work for me. So, I have customized the script lightly to allow for an exclusion list, in form of an Array:

$exceptionlist = @(“fehsedc02”)

I have then customized the PS line to exclude the vms in the list:

Get-AzureVM | where{$_.status -ne ‘StoppedDeallocated’ -and $_.Name -notin $exceptionlist} | Stop-AzureVM –force

image

I have added an extra line, just to show the VMs that remained started after the procedure.

Let’s give it a spin:

image

image

 

image

image

image

The cherry on the top of the cake is the schedule. What I wanted is the VMs to stop at 8:00 PM every night. So, here it goes:

In the Runbook section, click on Schedule:

image

Name it

image

Not a lot of options, but enough for my purposes:

image

IMPORTANT: Initially, I assumed it would respect the time zone of the Automation account, but in fact, it seems it will respect the time zone by checking what is set in the browser  (or the computer). Namely, where you are. If you need it to be different, it seems you’ll need to change you time zone or calculate the hours manually.

Also note the scheduler won’t respect daylight saving time.

A few hours later:

image

image

image

There you go. You can go to sleep safely without the fear of spending a lot of money on your subscription!

 

Hope this helps

Active Directory Azure Cloud

Configuring Azure AD Directory Sync

Published by:

Microsoft Azure Active Directory is a great resource to provide instantaneous authentication options for Web application and resources. Very often, though, you already have your local directory, with users that already their own passwords. Fear not! Active Directory Sync tool to the rescue!

Here go some simple steps I did to set it up in my lab, mistakes included. I’m really glad when I can troll through some like that and bump my head against the walls. That’s when you learn! (or when you get a concussion…). But anyways, here they go.

Let’s start by creating an Azure Directory.

image

image

I have actually used fehsecorp only, to fehsecorp1, but I had done it before, so, wanted to show the Green check. Smile

Not sure you noticed how long it took? Faster than installing a DC, isn’t it?

You have to activate the synchronization:

image

Then download the the sync tool:

image

Keep going…

image

And BANG! Pre-requisites.

image

I have added it here. Note that I have used a DC I have for my domain, running in Azure. Not local. Doesn’t really matter,although it is not recommended to run on a DC (just for lab purposes).

image

Now it is a go!

image

Click Accept then Next.

For some strange reason, the setup takes a long time…(elevator music…)

Finally! After what it felt like 3 days and a half, there you go:

image

Click Finish and let’s start configuring:

Read the Welcome screen and Click Next

I had a user called azureadmin@fehsecorp.onmicrosoft.com and I will use this account.

image

My on-premises AD Admin:

image

Click Next, Next.

image

Next.

And there it is:

image

Error.

Hum. I thought it could be I didn’t run it as administrator after I had the pre-reqs installed  but it seems that you have to logoff in order for new group memberships to take effect.

Once I did that, there you:

image

Now let’s try it:

image

You have to check event viewer if you want to be in the know immediately.

A couple of minutes later, there you go!

image

Not that hard, eh?

Let’s try logging in as John.Doe, a user I had in my local directory:

image

And it works! The screen below is expected, since I haven’t granted any rights to this user:

image

If you want to make it right, you will have your domain properly configured, in order to provide single sign-on and a consistent experience for you end user.

 

Hope this helps!

Azure Server 2003 EOS Server 2012

Windows Server 2003–R.I.P. (soon)

Published by:

imageAs I write this post, there is only around 300 days left for Windows Server 2003 life. Yes, time goes by fast and we have to embrace the future. It was a good run. When Server 2003 came by, I remember that some of new features and capabilities were awesome. Maybe it happens to all new operating systems. But at some point, technology evolves and you are faced with the challenge of upgrading your environment. Windows 2008 is here for the last 6 years. Window Server 2012, now R2, is already around for a couple of years. It is a lot to grasp, of course. New versions come faster every time and the new possibilities are immense. You don’t have to embrace all new features at once. It is known that OS upgrades are like painting a plane on the fly, so, buckle up!

For starters, it is not like Windows 2003 will stop working. In fact, if it was time-bombed, this would be much easier task. A few important facts are important though and should not be taken lightly. As of July 14th, 2015, Windows Server 2003 won’t have any support. That means (1) that there won’t be any updates. In 2013 only, while Server 2003 was under extended support, 37 security updates were released. It also means (2) that you won’t be compliant with any standards or regulations. Therefore, making business with companies that demand those regulations, like PCI with VISA/Mastercard won’t be an option. That can be a dramatic situation for an organization. More than that, (3) you can run, but you cannot hide. Every edition, virtual or not, SMB or enterprise will be affected. There is no safe haven.

So, it is time to act. Start planning. Luckily, current technologies, although it might feel challenging, bring a great deal of options to replace Windows Server 2003 in your corporation. Windows Server 2012 R2 and its greatly rich set of features allows for a lot of flexibility and easier usage when thinking of on-premises approaches. On the other side, you have Microsoft Azure, which is a new compute model and also brings an incredible set of options for your migration. And of course, you can always use the best of both worlds: go hybrid. Extend your datacenter and leverage your existing infrastructure along with an infinitely extendable datacenter in the cloud.

Among other features, Windows Server 2012 R2 offers enhancement in the Storage Area, Network virtualization, Automation, Identity management and many others. Azure, the same way, offers storage options, with amazing redundancy capabilities and performance, at prices that can be hardly matched by on-premises implementations. Besides that, it is an extensible technology, where you can if your dynamic or static needs, creating virtual machines, websites, load-balancer sets, very quickly or in an automated fashion, without having to worry about which BIOS, Storage Driver or which firmware are in place. It is there, available, for you to use. Of course, it is a different model, including on the pricing side, and it has to be tested and understood.

In order to migrate your Windows 2003 ecosystem, start first (1) by assessing what you have in your environment. It is easy to fight an enemy when you know its size. Identify applications, their owners, locations, etc. For that you can leverage many tools, including the Microsoft Assessment and Planning Tookkit (MAP). Second (2), look at these applications in terms of how critical they are, what type of technology they use (IIS, MMC, ASP, .NET, etc.) and how complex they are. You may be surprised to find some applications that are critical, but not too complex, which would make them very good candidates to start the process. Step three (3) is a very interesting one: choose your destination: where should you move this applications to? As I have mentioned before, Window Server 2012 R2, on-premises, might seem like a good and logical option. However, there is a lot more that can be done. For example, you could, instead of spinning up a new Hyper-V cluster with Server 2012 R2, you could connect you datacenter to Microsoft Azure and spin the virtual machines there, without a single drop of sweat or blood in the datacenter. Depending on the application, IIS based, for example, you could even just move into an Azure WebSite offer in Azure and don’t even care about the virtual machines themselves. Or a bit of both. Additionally, when you think Exchange, for example, you could use Office 365, the same way you could pick Lync Online or SharePoint Online.

In this process, some hard decisions will have to be made. You may find some 3rd Party custom applications that simply won’t work in 2012 R2 or Azure. Or 32 bits vs. 64 bits (although it is usually not a big deal). You may need to either re-develop, adapt, replace or, if you are luck and can, drop it).

Once you have the migration matrix in place, plan to start as soon as the business allows you to. The time is short and your critical business application should be exposed to new vulnerabilities and shouldn’t either be the cause for not being able to do business with other great corporation due to the lack of compliance. It is time to that Windows Server 2003 for the good times together and let it rest in peace.

Please make sure to review some of the links below to help you with the process:

Migrating to Windows Server 2012 Training

Transforming the Datacenter

Virtualizing Your Data Center with Hyper-V and System Center

Licensing Windows Server 2012 R2

 

Hope this helps!