Jump to content

proximagr

Moderators
 View Profile  See their activity

  • Posts

    2468

  • Joined

  • Last visited

  • Days Won

    12

 Content Type 

Blog Entries posted by proximagr

  1. proximagr
    Compliance Report using Azure Policy
    Azure Policy is a powerful tool for Azure Governance. With Azure Policy we can define rules for all Azure Subscriptions the we manage. We can use this rules for simple limitation actions, like permitting only specific VM Series and Sizes that can be created and also more complex rule sets that helps you standardize the whole Azure deployment. At my previous posts, we learned How to limit the Azure VM Sizes and How to enforce tags for resources creation
    At the current post we will learn how to use Azure Policy to have a compliance report for our deployment. We will learn this by using an example. Then we will create two Virtual Networks and we will add a Network Security Group only to the first one. Finally we will use the Policy to audit whether the Subnets have assigned the NSG or Not.
    First we need two Virtual Networks. You can create the Virtual Networks using the Azure Portal or using ARM template, like mine from my Github account: https://github.com/proximagr/ARMTemplates/blob/master/2vnets.json
    After applying the template you will have two VNETs like that:

    Then we will a Network Security Group (NSG) only to the MyVNET01 Virtual Network. Again using Azure Portal, PowerShell or my ARM Template for NSG
    Assign the NSG to the MyVNET01 VIrtual Network

    Add the Policy
    Go to Azure Policy -> Definitions and click the “+ Policy definition” to create a new policy definition.

    At the New Policy definition page, select the subscription (location) that the policy will be saved, then add a name. in this case we will use the sample policy template from Microsoft docs so I will add the same name.
    Copy the policy Json text from https://docs.microsoft.com/en-us/azure/governance/policy/samples/nsg-on-subnet and paste it at the POLICY RULE below and Save.

    At the “effect” part of the Json, change the “deny” to “audit”.

    If you search for “NSG” you will see our new policy definition, ready to be assigned.

    Click on the definition’s name to open it and press Assign.

    I will just target the “ComplianceReport” Resource Group

    At the parameters, I added the Resource ID of the NSG, “MyNSG01”

    Evaluate the results
    To check the compliance, go to Policy – Compliance page and search for nsg. You have to wait for about 15 minutes for the compliance policy to evaluate the resources.
    If you search “nsg” you will see that the “Audit NSG on Subnet” policy is 50% compliant. Click on the policy’s name to view more details.

    The assignment details page will open where we can see what resources are not compliant.

    Click on the three dots (…) next to the non-compliant subnet and select “view compliance details” to check why this resource is not compliant.

    The compliance details reports that the value is null and what the required (target) value must be.

    If you want to trigger an on-demand compliance check, you need to make a POST request. You can follow my post Validate Azure Resource Move with Postman to create the access Token and then use it to make a POST request to the Resource Group sung this POST:
    https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{YourRG}/providers/Microsoft.PolicyInsights/policyStates/latest/triggerEvaluation?api-version=2018-07-01-preview
    Source:
    https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects
    https://docs.microsoft.com/en-us/azure/governance/policy/samples/nsg-on-subnet
    https://docs.microsoft.com/en-us/azure/governance/policy/how-to/get-compliance-data#evaluation-triggers

    The post Compliance Report using Azure Policy appeared first on Apostolidis IT Corner.
     
     
     
  2. proximagr
    Excited to be speaking at Microsoft Ignite The Tour in Milan on Jan 27-28. Join me to learn how to use Azure Platform As A Service (PaaS) to design your apps with Elasticity, Resiliency & High Availability and how to Accelerate your web applications with the Azure Front Door Service.
    IT industry-leading conference is going to Milan. Don’t miss the very latest in cloud technologies and developer tools with guest speakers, industry experts, and more.
    I will deliver two sessions:
    A 45 minutes Breakthrough session, where I will talk about how to use Azure Platform as a Service (PaaS): Design your apps with Elasticity, Resiliency and High Availability very easy, fast and secure. Session code: BRK30169
    Session link: https://milan.myignitetour.techcommunity.microsoft.com/sessions/91113?source=sessions
    And a 15 minute Theater session, where I will talk about how to accelerate your web applications with Azure Front Door Service. Use the Azure WAN, 130+ edge sites with WAF & Layer 7 Load Balance at a global scale. Session code: THR30089
    Session link: https://milan.myignitetour.techcommunity.microsoft.com/sessions/91114?source=sessions
    YFeel free to find me at the Microsoft Showcase, where I will answer all your questions, discuss about Cloud Technologies and the future of our industry!
    Grab your ticket at https://www.microsoft.com/it-it/ignite-the-tour/milan
    See you at Milan!


    The post Excited to be speaking at Microsoft Ignite The Tour in Milan! appeared first on Apostolidis IT Corner.
     
     
     
  3. proximagr
    Global AI Bootcamp, Athens 2019
    December 14, 2019 we proudly carried out the Global AI Bootcamp, Athens 2019! IT was a day full of AI and Microsoft Azure. The Global AI Bootcamp is a free one-day event organized across the world by local communities that are passionate about artificial intelligence on Microsoft Azure.
    After all preparations with the assistance of Stoiximan.gr, our sponsor, the day begun at Athinais Cultural Center, at Athens, Greece. From early morning our sponsor was there with us to prepare the venue.
    People start coming at 10:00 am and we checked-in 62 attendees. We started with the keynote and then the presentations. There was time at launch for networking and people looked to have fun.
    After launch we have more presentations and then we proceeded with the workshop. We deliver the workshop with the assistance of two AI experts from Stoiximan.
    For ending we draw gifts that our vendor Stoiximan.gr provided.
    Judging from my personal experience with the attendees that day, and from their excellent evaluations, all had a great time and learn a lot about AI and Microsoft Azure.
    Looking forward for our next event!

    The post Global AI Bootcamp, Athens 2019 appeared first on Apostolidis IT Corner.


  4. proximagr
    Azure Virtual Network Gateway provides the ability to connect to your Azure Virtual Network with Azure Client VPN (SSL) connections using your Azure AD or hybrid identity, with Multi Factor Authentication (MFA) and your Conditional Access policies.
    We can have an Enterprise grade SSL VPN, with Active Directory authentication and Single Sign on (SSO) from your corporate laptops and apply all your conditional access policies, like MFA, Compliance devices, trused locations, etc.
    How to create the VPN Gateway
    Go to your Virtual Network’s subnets and create a Gateway subnet by clicking the “+ Gateway subnet”
    Create a Virtual network gateway, by searching for the “Virtual network gateways” service and press Add.

    Select “VPN”, “Route-based” and at the SKU select any size except the Basic. Basic SKU does not support Azure AD authentication.

    Create a Public IP and leave all other settings default and create the Gateway.

    After about 20 minutes the VPN Gateway is ready. In the meantime we will prepare the Azure AD and give concern to use the Azure AD with the Azure client VPN. Using a Global Admin account, go to the “Azure Active Directory” and copy the “Tenant ID” from the Overview blade, and keep it on a notepad.

    Then copy the url and paste the below url to your browser’s address bar. You need to log in with a Global Admin non guest non Microsoft account.
    https://login.microsoftonline.com/common/oauth2/authorize?client_id=41b23e61-6c1e-4545-b367-cd054e0ed4b4&response_type=code&redirect_uri=https://portal.azure.com&nonce=1234&prompt=admin_consent
    With a guest or Microsoft account, even if it is Global Admin, you will be propted to login with an admin account, meaning a member work account.

    Once you login with a member work Global Admin account, you can accept the permissions to create the Azure VPN application

    You can navigate to the Azure Active Directory / Enterprise Application and view / manage the Azure AD application.

    Open the Azure VPN enterprise application and copy the “Application ID” to a notepad.

    Go to the VPN Gateway, select the “Point to site configuration” and click the “Configure now”

    Add the Address Pool that you want the VPN clients to have, for Tunnel type select “OpenVPN (SSL) as it is the only type that supports Azure AD authentication.
    Then use the details that you have copied to the notepad, the Tenant ID and the Application ID, and add them to the required fields and press save.
    Tenant: https://login.microsoftonline.com/paste-your-tenant-id-here Audience: paste-the-azure-vpn-application-id-here Issuer: https://sts.windows.net/paste-your-tenant-id-here/
    How to Download the VPN Client and Connect to the Gateway
    Download the VPN client, using the button.

    Extrack the downloadded zip file

    And at the AzureVPN folder you will find the configuration xml.

    Open the Microsoft Store and get the Azure VPN Client

    Open the Azure VPN Client and at the lower left corner, press the + and Import the xml configuration file

    accept all the settings and press save

    The Azure VPN connection will appear at the Azure VPN client and also at the Windows 10 network connections, like any other VPN
    Azure VPN Client:

    Windows 10 Network Connections:

    Once you press connect, it will prompt you to connect using the account(s) that you are already using at your Windows 10 machine, or use a different account

    You will be prompted for MFA or any other conditional access policy you have applied, and the you will be connected.

    Conditional Access & Multi-Factor Authentication (MFA)
    You can add Conditional Access to the Azure client VPN connection. Go to Azure Active Directory / Security / Conditional Access and create a new Policy.
    Select the “Azure VPN” at the “Cloud apps or actions” section


    At the Access Controls / Grand section, you can require multi-factor authentication, or AD Joined device, or compliant device, or all of that

    At the “Conditions” section you can controll the location that the policy will apply. Lets say, you can apply the MFA requirement at “Any location” and exclude the “Trusted locations”, in order to not require MFA when the device is at a trusted location, like your company’s network.



    https://www.e-apostolidis.gr/microsoft/azure/azure-client-vpn-with-azure-ad-auth-mfa-step-by-step-guide/
  5. proximagr
    Spin up Azure HDInsight clusters on demand
    This is my Global AI Bootcamp, Athens 2019 Presentation with title:
    Spin up HDInsight clusters on demand for ETL, IoT, Data Science & Machine Learning
    At my presentation I explained with a hands-on demo, how to use Azure Data Factory to spin up on-demand Azure HDInsight clusters to make a process and automatically delete them once they provide the result.
    Download the PowerPoint Presentation:  download link
    And watch the Demo:

    The post Spin up Azure HDInsight clusters on demand appeared first on Apostolidis IT Corner.


  6. proximagr
    SQL Failover Cluster with AlwaysOn Availability Groups
     
    Η ιδέα είναι να έχουμε ένα SQL Flailover Cluster στο Primary Site και στο υπάρχον Cluster να προσθέσουμε ένα AlwaysOn Availability group για το DR. Λόγο του μεγέθους της υλοποίησης θα γίνει τρία Posts. Ένα το Failover Cluster, ένα η εγκατάσταση της SQL σε Failover Clster και ένα η υλοποίηση του AlwaysON Availability Groups.
    Windows Server 2012 R2 Failover Cluster with FreeNAS 9.3 (Page 1, Page 2) Microsoft SQL 2012 on Failover Cluster (Page 1, Page 2, Page 3) Add AlwaysOn AG to SQL Failover Cluster Instance (Page 1, Page 2, Page 3)

    Windows Server 2012 R2 Failover Cluster with FreeNAS 9.3 (Page 2)
     

    Δίνουμε Cluster Name και IP

    Το αφήνουμε να προσθέσει όλο το διαθέσιμο storage και πατάμε next για να δημιουργηθεί το cluster

    Αν ο cluster validator είχε τελειώσει επιτυχώς τότε και το cluster θα δημιουργηθεί επιτυχώς

    Και voila έχουμε ένα όμορφο cluster

    Μπορείτε να δείτε ότι το cluster network 1 είναι cluster only και έχει το subnet που δώσαμε για heartbeat και το cluster network 2 που είναι cluster and client έχει το domain subnet

     
    Πηγή http://www.e-apostolidis.gr/%ce%b5%ce%bb%ce%bb%ce%b7%ce%bd%ce%b9%ce%ba%ce%ac/sql-failover-cluster-with-alwayson-ag/
  7. proximagr
    SQL Failover Cluster with AlwaysOn Availability Groups
    Η ιδέα είναι να έχουμε ένα SQL Flailover Cluster στο Primary Site και στο υπάρχον Cluster να προσθέσουμε ένα AlwaysOn Availability group για το DR. Λόγο του μεγέθους της υλοποίησης θα γίνει τρία Posts. Ένα το Failover Cluster, ένα η εγκατάσταση της SQL σε Failover Clster και ένα η υλοποίηση του AlwaysON Availability Groups.
    Windows Server 2012 R2 Failover Cluster with FreeNAS 9.3 (Page 1, Page 2) Microsoft SQL 2012 on Failover Cluster (Page 1, Page 2, Page 3) Add AlwaysOn AG to SQL Failover Cluster Instance (Page 1, Page 2, Page 3)

    Windows Server 2012 R2 Failover Cluster with FreeNAS 9.3 (Page 1)
    Ξεκίνησα φτιάχνοντας ένα VM FreeNAS για να μπορέσω να έχω με όσα λιγότερα resources ένα ISCSI Storage. Το FreeNAS θέλει 2GB Ram για την εγκατάσταση και το initial setup αλλά μετά το κατεβάζω σε 512MB Ram, έτσι κι αλλιώς οι απαιτήσεις μου θα είναι ελάχιστες. Δεν θα μείνω σε λεπτομέρειες για την εγκατάσταση του FreeNAS, κατεβάζουμε το ISO από το http://www.freenas.org/download/και φτιάχνουμε ένα VM. Κάνουμε boot από το ISO και ακολουθούμε τον Wizard όπου διαλέγουμε δίσκο εγκατάστασης και δίνουμε root password. Τέλος αφού ανοίξει έχουμε 14 επιλογές, διαλέγουμε την 1 και ρυθμίζουμε το δίκτυο. Για το lab έδωσα 192.168.193.152/24
    Αφού ρυθμίσουμε το δίκτυο επιστρέφουμε στις επιλογές μόνο που πλέον μας ενημερώνει για την διεύθυνση του web interface, όπως στην εικόνα:

    Πριν κάνω login στο web interface έχω ήδη φτιάξει 2 δίσκους στο FreeNAS VM ώστε να αναλάβει ο wizard να φτιάξει volumes κλπ, αν και είναι πολύ απλό να τα κάνεις και manual στο FreNAS.
    Κάνω login στο FreeNAS web interface και ακολουθώ τον wizard. Δίνω pool name

    Δίνω share name και διαλέγω iSCSI

    Και αφού τελειώσει ο wizard έχουμε έτοιμο το iscsi target.
    Στη συνέχεια χρειαζόμαστε ένα Domain Controller. Μιας που μιλάμε για low resources lab, έφτιαξα ένα VM με 512 MB Ram και 1 CPU και έβαλα Windows Server 2012 r2 Core. Με sconfig.cmd ανοίγουμε τις επιλογές και δίνουμε computer name, IP κλπ

    Και στη συνέχεια με powershell τον κάνουμε Domain Controller. Πρώτα βάζουμε domain services και management tools και στη συνέχεια τον προμοτάρουμε σε domain controller και DNS.
     

    Install-WindowsFeature AD-Domain-Services –IncludeManagementTools
    Install-ADDSForest -DomainName "sqllab.int " -DomainNetbiosName "SQLLAB" -DomainMode Win2012R2 -ForestMode Win2012R2 -InstallDns –Force
     
    Έτοιμος και ο Domain Contoller. Πάμε για τα Cluster Nodes. Έχω φτιάξει ένα VM με 2GB Ram, 2 CPUs, 2 NICs & Windows Server 2012 R2. Sysprep και multiply και μπαμ έχουμε 3 όμορφα VMs.
    Μια λεπτομέρεια, επειδή θα χρειαστούμε σε όλα τα VMs Failover Cluster και επίσης η SQL 2012 θέλει .NetFramework 3.5, στο template VM βάζουμε και αυτά.
    Ξεκινάμε το Failover Cluster για να βάλουμε SQL.
    Ανοίγουμε το πρώτο VM, rename, στο lab το ονόμασα Win2012R201 (πρωτότυπο ε?) και κάνουμε join στο domain.
    Δίνουμε στην μια NIC μια IP που θα βλέπει το Domain και το FreeNAS και στην άλλη NIC ένα διαφορετικό subnet που θα βλέπει μόνο το άλλο Node. Για ευκολία έχω κάνει rename την μια κάρτα Domain με IP 192.168.193.153 και την άλλη Heartbeat με IP 172.16.5.1

    Στη συνέχεια ενεργοποιούμε το iscsi initiator από administrator tools και προσθέτουμε το iscsi target δίνοντας την IP του FreeNAS και πατώντας quick connect και μετά Connect και διαλέγουμε και το Multi path. Μετά στο Volumes and Devices tab πατάμε Auto Configure. Τέλος στο Device manager κάνουμε initialize τον δίσκο, format και του δίνουμε ένα γράμμα. Για test φτιάχνουμε ένα text αρχείο στο δίσκο.



    Το ίδιο κάνουμε και στο δεύτερο VM. Για να σιγουρευτούμε ότι και οι δύο μπορούν να γράψουν στον ίδιο δίσκο δημιουργούμε και εδώ ένα αρχείο. Σαν αποτέλεσμα πρέπει να έχουμε και τα 2 αρχεία.

    Ανοίγουμε το Failover Cluster Manager από τα Administrative Tools και πρώτα τρέχουμε το Validate Configuration, διαλέγουμε και τους 2 member servers που ετοιμάσαμε με το iscsi και τρέχουμε το test.

    Μόλις τελειώσει το validation κοιτάμε να μην έχει errors ή warnings και αν έχει τα διορθώνουμε και τον ξανατρέχουμε. Τέλος όταν έχει ολοκληρωθεί επιτυχώς, όπως στην εικόνα, το “create the cluster now using the validated nodes” είναι επιλεγμένο και πατώντας finish ανοίγει ο Create Cluster Wizard.
     
    Συνέχεια στην επόμενη σελίδα
     
    Πηγή http://www.e-apostolidis.gr/%ce%b5%ce%bb%ce%bb%ce%b7%ce%bd%ce%b9%ce%ba%ce%ac/sql-failover-cluster-with-alwayson-ag/
  8. proximagr
    Puppet On Azure Εγκατάσταση & Παραμετροποίηση του FOREMAN για να έχουμε γραφικό περιβάλλον μέσω WEB
    Το Open Puppet δεν έχει γραφικό περιβάλλον στην βασική του εγκατάσταση. Υπάρχουν μερικά open source προγράμματα τα οποία μπορούν να προτεθούν στο Puppet Master και να μας προσφέρουν γραφικό περιβάλλον. Ένα από τα καλύτερα είναι το Foreman. Με το Foreman μπορούμε να διαχειριστούμε το Puppet πλήρως.
    Το Dashboard του Foreman:

    Εγκατάσταση:
    Συνδεόμαστε στο Puppet Master με SSH, κάνουμε login και τρέχουμε την εντολή “sudo su -“ για να γυρίσουμε σε root
    Ενεργοποιούμε τα repositories για το Foreman
    echo “deb http://deb.theforeman.org/trusty 1.9” > /etc/apt/sources.list.d/foreman.list echo “deb http://deb.theforeman.org/ plugins 1.9” >> /etc/apt/sources.list.d/foreman.list wget -q http://deb.theforeman.org/pubkey.gpg -O- | apt-key add – Τρέχουμε την εγκατάσταση με foreman-installer
    Μόλις τελειώσει η εγκατάσταση μας ενημερώνει για το link του Web interface και τα credentials.
    Μπορούμε να ανοίξουμε την πόρτα 443 από το Endpoint του Azure ώστε να έχουμε την κονσόλα και απ’ έξω.
    Από το Azure Management Portal διαλέγουμε το VM του Master Puppet και πηγαίνουμε στα Endpoints

    Στη συνέχεια πατάμε ADD και διαλέγουμε “Add a stand-alone endpoint”


    Στο πεδίο Name διαλέγουμε από το Drop down menu το HTTPS
    pΒλέπουμε στα Endpoints έχει προστεθεί το HTTPS

    και πλέον μπορούμε να κάνουμε browse στο link του Cloud Service Ανοίγουμε τον browser και κάνουμε login στο Foreman από την public διεύθυνση, στα certificate prompts πατάμε και στα δύο cancel.
    Μπαίνουμε στο Dashboard
    Πάμε στο Hosts και πατάμε All Hosts για να δούμε το Status των Agents
    Πατώντας στο όνομα ενός host μπορούμε να δούμε περισσότερα στοιχεία
    Statistics


  9. proximagr
    Puppet On Azure
    Puppet Automation – Δημιουργία αρχείου στους Servers που κάνουμε Manage
    Έχουμε εγκαταστήσει το Puppet και τους Agents, τώρα είναι η ώρα να δούμε ένα test automation.
    Παράδειγμα «Δημιουργία αρχείου»
    Στον Puppet Master τρέχουμε:
    nano /etc/puppet/manifests/site.pp
    και δίνουμε όνομα του αρχείου και το path
    το security “mode”
    και το περιεχόμενο του αρχείου ”content”

    Και το σώζουμε
    Τώρα πάμε στον Slave να δούμε το αρχείο. Μπορούμε να περιμένουμε μισή ώρα μέχρι να κάνει request ο agent στο master ή να τρέξουμε “puppet agent –test” για να το επισπεύσουμε

    Και με “nano /tmp/puppet-test” βλέπουμε το περιεχόμενο

    Τώρα για να δημιουργήσουμε το αρχείο και στα Linux αλλά και σε Windows παραμετροποιούμε το site.pp το παρακάτω:
    if $osfamily == 'windows' {file { 'c:/temp/pupet-test.txt': ensure => file, mode=>'0644',content => "this is the first puppet test file.n" }}else {file{'/tmp/puppet-test':ensure => "present",mode => 0644,content => "this is the first puppet test file.n",}}

    source: http://www.e-apostolidis.gr/%CE%B5%CE%BB%CE%BB%CE%B7%CE%BD%CE%B9%CE%BA%CE%AC/puppet-on-azure-%CE%B2%CE%AE%CE%BC%CE%B1-4-puppet-automation/
  10. proximagr
    Puppet On Azure Προσθήκη Windows Agent Βήμα 1 Δημιουργία Windows VM
    Δημιουργούμε ένα Virtual Machine, από το Azure Management Portal πάμε στα Virtual Machines, πατάμε New και πατάμε «From Gallery”

    Διαλέγουμε Windows Server 2012 R2 Datacenter

    Δίνουμε όνομα, για το Lab: “puppetslave03”, size ένα A0, username & password

    Στην επόμενη οθόνη επιλέγουμε το ίδιο Cloud Service, Virtual Network & Storage Account, τέλος αλλάζουμε τις public Ports του RDP & PowerShell (για ασφάλεια) και πατάμε το βελάκι δεξιά

    Στην επόμενη οθόνη αφήνουμε μόνο το “Install VM Agent” και πατάμε το check για να δημιουργήσουμε το VM. Βήμα 2 Private IP
    Αφού δημιουργηθεί το VM δίνουμε Private IP από νέο Azure Portal
    Πηγαίνουμε στο “Virtual Machines (classic)” και επιλέγουμε το VM

    Στην καρτέλα Settings πατάμε IP Addresses

    αλλάζουμε το IP address assignment κάτω από το Private IP address σε Static, δίνουμε την στατική IP που θέλουμε και πατάμε save
    Βήμα 3 Puppet Agent
    Ανοίγουμε το Remote Desktop Connection και για Computer βάζουμε το Public Address του VM και την πόρτα που ορίσαμε. Στην συγκεκριμένη περίπτωση “openpuppetlab.cloudapp.net:33389”

    Δίνουμε το username & το Password που ορίσαμε κατά την δημιουργία του VM και συνδεόμαστε Firewall
    Ο Puppet Agent επικοινωνεί στην πόρτα 8140 οπότε πρέπει πρώτα να την ανοίξουμε στο Windows Firewall. Από το Server Manager πάμε στο Local Server και πατάμε στο Windows Firewall για να ανοίξει η καρτέλα του Windows Firewall. Εκεί πατάμε “Advanced settings”

    Στην καρτέλα του Windows Firewall with Advanced Security πατάμε New Rule και ανοίγει ο New Inbound Rule Wizard

    Στην πρώτη καρτέλα διαλέγουμε το Port και πατάμε Next

    Στην επόμενη καρτέλα διαλέγουμε το Specific local ports και βάζουμε την 8140 και πατάμε Next

    Στην επόμενη καρτέλα αφήνουμε το Allow the connection και πατάμε Next

    Στην επόμενη καρτέλα αφήνουμε τα apply rules όπως είναι και πατάμε Next

    Και τέλος δίνουμε ένα όνομα, π.χ. Puppet Agent, και πατάμε Finish για να δημιουργηθεί ο κανόνας. Host File
    Ο Agent πρέπει να επικοινωνεί με τον Master στο FQDN που ορίσαμε στον Master. Οπότε εφόσον δεν έχουμε DNS πρέπει να παραμετροποιήσουμε το host file του Windows Server.
    Ανοίγουμε ένα Notepad με Administrator Rights

    Πάμε στο file/open και ανοίγουμε το αρχείο “ C:WindowsSystem32driversetchosts”
    Προσθέτουμε στο τέλος το entry με τα στοιχεία του Master
    10.0.0.4 puppetmaster.puppet.lab

    Και κάνουμε save και κλείνουμε το Notepad
    Ανοίγουμε ένα Command Prompt και κάνουμε ένα ping στο FQDN του Master για να δούμε ότι απαντάει
    Hostname
    Πρέπει το certificate που θα εκδοθεί να είναι της μορφής puppetmaster.puppet.lab οπότε πρέπει να πούμε στον server να έχει αυτό το FQDN. Εφόσον ο Server δεν είναι σε Domain πρέπει να δώσουμε το DNS suffix χειροκίνητα.
    Ανοίγουμε τα properties της κάρτας δικτύου και πατάμε Properties

    Επιλέγουμε το IPv4 και πατάμε Properties

    Πατάμε Advanced

    Και στο πεδίο DNS Suffix δίνουμε το puppet.lab

    Πατάμε ΟΚ σε όλες τις καρτέλες μέχρι να κλείσουν. Σε αυτό το σημείο θα χάσουμε το RDP για 2-3 λεπτά. Μετά μπορούμε να ξανασνδεθούμε. Εγκατάσταση Puppet Agent
    Για να μας αφήσει ο Server να κατεβάσουμε τον agent πρέπει πρώτα να κλείσουμε το IE Enhanced Security Configuration. Από το Server Manager πάμε στο Local Server και πατάμε στο IE Enhanced Security Configuration και το κάνουμε Off μόνο για τους Administrators.

    Ανοίγουμε Internet Explorer και πάμε στη διεύθυνση https://downloads.puppetlabs.com/windowsκαι κατεβάσουμε το “puppet-3.8.3-x64.msi”. Σε περίπτωση 32bit λειτουργικού κατεβάζουμε το “ puppet-3.8.3.msi”
    Αφού κατέβει τρέχουμε το msi, ανοίγει ο Wizard και πατάμε Next

    Αποδεχόμαστε το agreement και πατάμε Next

    Στην επόμενη καρτέλα διαλέγουμε το path όπου θα εγκατασταθεί το Puppet Agent και δίνουμε το FQDN του Puppet Master

    Στην επόμενη καρτέλα πατάμε install για να ξεκινήσει η εγκατάσταση

    Αφού τελείωσε η εγκατάσταση πατάμε Finish

    Ανοίγουμε τα Services και ελέγχουμε ότι το Puppet Agent service είναι Running και Automatic

    Τώρα πηγαίνουμε στον Puppet Master για να δούμε αν ο Agent έχει κάνει certificate request ώστε να το κάνουμε sign. Τρέχουμε στον Puppet Master το command “puppet cert list”
    Ελέγχουμε να μας έχει φέρει certificate με όνομα “puppetslave03.puppet.lab”

    Και κάνουμε sign με puppet cert sign puppetslave03.puppet.lab
    Τέλος πηγαίνουμε στον Windows Server και κάνουμε restart το Puppet Agent service
    Για να δούμε ότι ο Agent μιλάει και δέχεται εντολές από τον Master ανοίγουμε το “Start Command Prompt with Puppet”

    Και τρέχουμε την εντολή “puppet agent –test”

    Εφόσον φέρει σε πράσινο τα Cashing certificate είναι ΟΚ
  11. proximagr
    Today I received my copy of the Lync Server Cookbook, from Packt Publications. I am one of the reviewers of the book.
     

     
    The link to the book is: https://www.packtpub.com/networking-and-servers/lync-server-2013-cookbook
     
    http://www.e-apostolidis.gr/everything/lync-server-cookbook-packt/
  12. proximagr
    This is a fast way to manage Calendar permissions of a mailbox. Same commands are for both Exchange on-premises and Exchange Online (Office 365). For Exchange Online first connect Powershell to Office365, as described to previous posts.
     

    # To check current permissions
    Get-MailboxFolderPermission -Identity "[email protected]":\calendar
    # To add calendar permissions, permission can be Editor,Reviewer,Author etc
    Add-MailboxFolderPermission -Identity "[email protected]":\calendar -User "manager@mydomain" -AccessRights Editor
    # To change the calendar permission of an existing access (thi swill change the access to Author
    Set-MailboxFolderPermission -Identity "[email protected]":\calendar -User "manager@mydomain" -AccessRights Author
    # To remove calendar permissions
    Remove-MailboxFolderPermission -Identity "[email protected]":\calendar -User "manager@mydomain"
    source: http://www.e-apostolidis.gr/microsoft/exchange-calendar-permissions-using-powershell/
  13. proximagr
    Αυτό το post είναι οι σημειώσεις μου από διάφορα migrations Exchange 2007 & 2010 σε Office 365 Hybrid Deployment. Για Exchange 2013 είναι σχεδόν το ίδιο, αλλά αρκετά πιο εύκολο!
    Όπως είπα είναι οι σημειώσει μου μαζί με διάφορες προσθέσεις από διάφορα blogs, κάτι σαν Checklist και όχι Tytorial ή Guide.
     
    1. Τι χρειάζεται:
    2 x ADFS NLB (for identity federation)
    2 x ADFS Proxy Servers NLB (for identity federation)
    1 x domain member server for DIrSync
    1 x SQL 2008 R2 server that will store the DirSync database
    1 x Exchange 2010 Service Pack 2 + based hybrid deployment server (for rich coexistence with Exchange Online)
    Access to public DNS of Domain (company.com)
    3rd Party Certificates (if you have on old exchange 2007 a wildcard export and import to 2010)
    Domain User for ADFS service account
    Configure UPN for company.com domain
     
    2. Γενικά τα βήματα:
    1. Add Domain (company.com) to Office 365
    2. Add TXT record to DNS for verification
    3. Specify domain cervices (Exchange, Lync, Sharepoint)
     
    4. ADFS (&/or Farm)
    Add IIS Role, Configure NLB sts.company.local (add hosts, add A record, enable MAC spoofing), add Certificate (SelfSigned or 3rd Party) & bind default site to 443
    Setup ADFS Federation server
    AD FS 2.0 Federation Server Configuration Wizard
    Domain User for ADFS service account
     
    5. ADFS Proxy (&/or Farm)
    Add IIS Role, Configure NLB sts.company.com (add hosts, add A record, enable MAC spoofing), add Certificate (SelfSigned or 3rd Party) & bind default site to 443
    Add host A to Public DNS (sts.company.com)
    Add host record to proxy servers for sts.company.local local IP (ADFS NLB Address)
    Setup ADFS Federation server proxy
    AD FS 2.0 Federation Server Configuration Wizard
     
    6. Convert Domain to a Federated Domain
    On Office 365 portal then downloads then step 3 “Set up and configure your office desktop apps”
    de-select everything (only to install MOSM for powershell)
    On office 365 portal then users then manage (SSO), install MOSM for powershell
    Open MOSM and “$Cred=Get-Credential” add creds, then “Connect-Msolservice –Credentials $Cred” then “Convert-MsolDomainToFederated –DomainName “office365lab.dk”” and “Get-MsolDomain | fl”
    Configure UPN for company.com domain
    Go to login.microsoftonline.com and check SSO login
     
    7. DirSync
    o365 portal then users then set up under directory synchronization (after activate needs some hours)
    o365 portal then users then set up ude active directory synchronization under step 4 download DirSync tool
    Verify dirsync:
    o365 portal then users then set up under actice directory synchronization check “active directory synchronization is activated” or powershell: “Get-MsolCompanyInformation | fl DirectorySynchronizationEnabled”
    Sync:
    run “Directory Sync Configuration”, add creds, check “Enable Exchange hybrid deployment”. If you want to select OU, groups, users, etc then dont check “synchronize directories now”
    Edit sync: “C:\Program Files\Microsoft Online Directory Sync\SYNCBUS\Synchronization Service\UIShell” and run “miisclient” guide (http://blogs.msdn.com/b/denotation/archive/2012/11/21/installing-and-configure-dirsync-with-ou-level-filtering-for-office365.aspx)
    Force Sync:
    With powershell go to C:\Program Files\Microsoft Online Directory Sync” folder and from here run the “DirScConfigshell.psc1” script and on the new windows run “Start-ynOnlineCoexistenceSync”
     
    8. Hybrid Deployment
    Configure NLB on Exchange 2010 HUB/CAS
    ADD 3rd party certificate (if you have on old exchange 2007 a wildcard export and import to 2010)
    assign services SMTP & IIS
    Configure URLS
    OWA
    Set-OwaVirtualDirectory -Identity “EX03\OWA (Default Web Site)” -InternalURLhttps://hybrid.office365lab.dk/OWA -ExternalURL https://hybrid.office365lab.dk/OWA
    Set-OwaVirtualDirectory -Identity “EX04\OWA (Default Web Site)” -InternalURLhttps://hybrid.office365lab.dk/OWA -ExternalURL https://hybrid.office365lab.dk/OWA
    ECP
    Set-EcpVirtualDirectory -Identity “EX03\ECP (Default Web Site)” -InternalURLhttps://hybrid.office365lab.dk/ECP -ExternalURL https://hybrid.office365lab.dk/ECP
    Set-EcpVirtualDirectory -Identity “EX04\ECP (Default Web Site)” -InternalURLhttps://hybrid.office365lab.dk/ECP -ExternalURL https://hybrid.office365lab.dk/ECP
    Active Sync
    Set-ActivesyncVirtualDirectory -Identity “EX03\Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL https://hybrid.office365lab.dk/Microsoft-Server-Activesync -ExternalURLhttps://hybrid.office365lab.dk/Microsoft-Server-Activesync
    Set-ActivesyncVirtualDirectory -Identity “EX04\Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL https://hybrid.office365lab.dk/Microsoft-Server-Activesync -ExternalURL https://hybrid.office365lab.dk/Microsoft-Server-Activesync
    OAB
    Set-OABVirtualDirectory -Identity “EX03\oab (Default Web Site)” -InternalUrlhttps://hybrid.office365lab.dk/oab -ExternalURL https://hybrid.office365lab.dk/oab
    Set-OABVirtualDirectory -Identity “EX04\oab (Default Web Site)” -InternalUrlhttps://hybrid.office365lab.dk/oab -ExternalURL https://hybrid.office365lab.dk/oab
    EWS
    Set-WebServicesVirtualDirectory -Identity “EX03\EWS (Default Web Site)” -InternalUrlhttps://hybrid.office365lab.dk/ews/exchange.asmx -ExternalURLhttps://hybrid.office365lab.dk/ews/exchange.asmx
    Set-WebServicesVirtualDirectory -Identity “EX04\EWS (Default Web Site)” -InternalUrlhttps://hybrid.office365lab.dk/ews/exchange.asmx -ExternalURLhttps://hybrid.office365lab.dk/ews/exchange.asmx
    Autodiscover
    Set-ClientAccessServer –Identity EX03 -AutoDiscoverServiceInternalUri:https://hybrid.office365lab.dk/Autodiscover/Autodiscover.xml
    Set-ClientAccessServer –Identity EX04 -AutoDiscoverServiceInternalUri: https://hybrid.office365lab.dk/Autodiscover/Autodiscover.xml
     
    9. Configure DNS to Exchange 2010
    Configure SPF Record (http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/)
    Add public DNS v=spf1 ip4:192.168.6.220 ip4:192.168.6.221 include:outlook.com -all
    o365 portal then domains then SMTP domain properties under DNS management create SPF TXT record (name @ value v=spf1 ip4:192.168.6.220 ip4:192.168.6.221 include:outlook.com -all)
     
    10. Add o365 Tenant to EMC
    from EMC add exchange forest
    Connect to Exchange Online with powershell “$TenantCreds = Get-Credential” then “$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUrihttps://ps.outlook.com/powershell/ -Credential $TenantCreds -Authentication Basic –AllowRedirection” then “Import-PSSession $Session” then to test “Get-Mailbox | Get-MailboxStatistics | ft -a” or “Get-AcceptedDomain”
     
    11. Configuring Exchange 2010 Hybrid
    EMC – on premises – Organization Configuration” – “Hybrid Configuration” – “New Hybrid Configuration”
    Add TXT record to public DNS
    Add transport certificate (3rd party)
     
    12. Now on can use EMS Get-HybridConfiguration για έλεγχο ότι όλα είναι OK.
    Checklist:
    EMC on-premises
    A federation trust with the Microsoft Federation Gateway (MFG) has been established for the specified domain | On-Premises Org Configuration – federation trust
    an organizational relationship has been established with the Exchange Online organization in Office 365 | On-Premises Org Configuration | organization relationships
    “tenant_name.mail.onmicrosoft.com” has been added as an accepted domain | on-premisis – org conf – hub – accepted domains
    “tenant_name.mail.onmicrosoft.com” and “office365lab.dk” has been added as a remote domain | on-premises – org conf – hub – remote domains
    The default E-Mail Address policy has been updated, so that it stamps a secondary proxy address (alias@tenant_name.mail.onmicrosoft.com) on mailbox user objects | on-premisis – org conf – hub – e-mail address policies
    The HCW also creates a receive connector on each of the hybrid servers | on-premiss – server conf – HUB – receive connectors
    the HCW will create a send connector that will route all e-mail messages destined for “tenant_name.mail.onmicrosoft.com” to Exchange Online in Office 365 | on-premisis – org conf – hub – send connectors
    EMS: Get-OrganizationRelationship | fl
    EMC online
    Org conf – HUB – remote domains
    Org conf – Organization Relationships
    FOPE (forerfront access form ECP – Mail Control
    check Two connectors (inbound & outbound)
     
    Move mailbox = new remote move request | it will move to Mail Contact
    New mailbox online: Mail Contact – new remote mailbox
     
    13. After move
    Generally, Windows Phone 8 and iOS clients will be able to automatically update the ActiveSync profile, while Android based clients must have their ActiveSync profile recreated.
    Outlook will need to close with admin message, re-open and add credentials
     
    14. Decommission
    Move all mailboxes to Exchange Online, point all on-premise line of business applications, network devices and so on to Exchange Online, configures mail flow to go directly in and out of Exchange Online. In this scenario, you decommission all on-premise Exchange servers, but still use DirSync and ADFS for federation. With DirSync, the on-premise Active Directory is the source of authority, which means you should provision users in the on-premise Active Directory and then have them synchronized to Office 365/Exchange Online. In this cae, it’s usually a good idea to keep a single Exchange 2010 server on-premise, so you can use the Exchange 2010 EMC or cmdlets for the provisioning. Alternatively, you remove all Exchange 2010 servers and have an identity solution such as FIM provision the on-premise Active Directory objects with the required mail attributes in order for Exchange Online to treat them as mail enabled users. Bear in mind that with DirSync enabled, most user/mailbox attributes in Exchange Online are read-only meaning you must write to them via the on-premise Active Directory user/group object.
     
    source: http://www.e-apostolidis.gr/everything/exchange-20072010-hybrid-deployment-migrating-to-office-365/
  14. proximagr
    The DirSync by default runs every three hours. And you will realized that there is no GUI way to change that. To change the sync interval we need to change a configuration file.
    1. Go to the below directory on your DirSync Server:
    C:\Program Files\WindowsAzureActiveDirectorySync
    (there are two similar directories, one with spaces between the words and one without. We want the one without spaces)
    Here we will find the main executable of the DirSync Scheduler, the “Microsoft.Online.DirSync.Scheduler.exe” and its assosiated Config file, the “”Microsoft.Online.DirSync.Scheduler.exe.Config”.
    2. Open the “Microsoft.Online.DirSync.Scheduler.exe.Config” file using notepad
    Find the line with key=”SyncTimeInterval”, the default is the below:
    <add key=”SyncTimeInterval” value=”3:00:0″ />
     
    The “value” is the frequency of the schedule. The default “3:00:0″ means 3 hours.
    We can change the value to what best fits our organization’s needs and based to how often we make changes to Active Directory. To reduce it to one hour change it to:
    <add key=”SyncTimeInterval” value=”1:00:0″ />
     
    3. Once we finish changing the file, save and close it. Then go to the Services (services.msc) and restart the “Windows Azure Active Directory Sync Service” service, Service name: “MSOnlineSyncScheduler”.

    Source: http://www.e-apostolidis.gr/microsoft/alter-the-office-365-dirsync-schedule/
  15. proximagr
    You can easily provide Full Access Permissions using the GUI, just Edit the mailbox you want, go to Mailbox Delegation and provide Full Access. Both Exchange 2013 and Online is the same. But if you have to provide Full Access massively then you need PowerShell.
     
    The command for a single user is:
    Add-MailboxPermission -Identity "employee" -User "manager" -AccessRights FullAccess
    with that command user “manager” will be granded with Full Access permissions to user “employee”
     
    Now lets see how the user “manager” can take Full Access to many users, lets say “all Sales department”. The steps are two, first we need to query the “Sales Department” users and then we need to pipeline it to provide access to user “manager”
    example 1: Using Active Directory OU container

    get-mailbox -OrganizationalUnit domain.local/users/salesdpt | Add-MailboxPermission -User "manager" -AccessRights FullAccess
    example 2: Using a txt list. As usual create a txt file and make a per-line list with title “employee” like this:
    employeeusername1username2username3
    Save it as c:\access.txt and then run this command:
    Import-CSV c:\access.txt | Foreach { Add-MailboxPermission -User "manager" -AccessRights FullAccess }
    To view the permission change the “Add-MailboxPermission” with “Get-MailboxPermission”
     
    To remove the permission change the “Add-MailboxPermission” with “Remove-MailboxPermission”
     
    Just a final addition, when you provide Full Access permission to a user, at my example the “manager”, Outlook auto-maps the accounts that the manager gains access. So the next time he will open outlook, all mailboxes will be visible. You can force to don’t auto-map by adding -AutoMapping:$false at the end of the script, like this:
    Add-MailboxPermission -Identity "employee" -User "manager" -AccessRights FullAccess -AutoMapping:$false
    Be careful: with great power comes great responsibility!
     
    source: http://www.e-apostolidis.gr/microsoft/exchange-2013-online-grand-full-access-to-mailboxes/
  16. proximagr
    1. Check if the password is set to never expire for one user:
     
    Get-MSOLUser -UserPrincipalName username | Select PasswordNeverExpires
     
    2. Check if the password is set to never expire for all users:
     
    Get-MSOLUser | Select UserPrincipalName, PasswordNeverExpires
     
    3. Check if the password is set to never expire for a list of users:
     
    create a txt file listing the required users, line by line with title “username”, and save it as c:\pwdexpire.txt, like this:
     
    username
    testuser1
    testuser2
    testuser3
     
    then run:
     
    Import-csv c:\pwdexpire.txt | for each { Get-MSOLUser -UserPrincipalName $_.username | Select PasswordNeverExpires }
     
    4. Set password to never expire for one user:
     
    Set-MsolUser -UserPrincipalName username -PasswordNeverExpires $true
     
    5. Set password to never expire for all users:
     
    Get-MSOLUser | Set-MsolUser -PasswordNeverExpires $true
     
    6. Set password to never expire for a list of users:
     
    like before create a txt list and run:
     
    Import-csv c:\pwdexpire.txt | for each { Set-MsolUser -UserPrincipalName $_.username -PasswordNeverExpires $true }
     
    7. to re-set the password to expire just replace the $true with $false (please note that is the organization’s password expiration period has passed then the user/users will be locked and you will need to reset their passwords)
     
    source: http://www.e-apostolidis.gr/microsoft/manage-office-365-password-expiration/
  17. proximagr
    To move a mailbox to Exchange Online from Exchange 2013 first connect Windows PowerShell to Exchange Online with a Global Administrator:
     
    $UserCredential = Get-Credential
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/-Credential $UserCredential -Authentication Basic -AllowRedirection
    Import-PSSession $Session
    Provide the on-premise administrator credential
     
    Then connect to the local Exchange 2013:
     
    Run $RemoteCredential= Get-Credential
    Start the move request
     
    Finally initiate the move:
     
    New-MoveRequest -Identity “useralias” -Remote -RemoteHostName “mail.mydomain.com” -TargetDeliveryDomain mydomain.mail.onmicrosoft.com -BadItemLimit 10000 -AcceptLargeDataLoss -RemoteCredential $RemoteCredential
     
    source: http://www.e-apostolidis.gr/microsoft/exchange-2013-online-grand-full-access-to-mailboxes/
  18. proximagr
    This post is bout Exchange/Office 365 Hybrid Deployments, when for some reason we need to completely delete a user account and mailbox from Office 365 in order to re-sync it.
     
    First you need to exclude the user from DirSync
    Open the “Synchronization Service Manager” (cn be fount at “C:\Program Files\WindowsAzureActiveDirectorySync\SYNCBUS\Synchronization Service\UIShell\miisclient.exe”) Navigate to “Metaverse Search” and click on “Add Clause” Be sure that you choose Displayname as Attribute, and then configure your search Double click an entry, and open the tab connectors Activate the line with the “Active Directory Connector” Management Agent and click on “Disconnect… In the disconnect object accept question, choose “Disconnector (Default)” to remove the connector. Explicit Disconnector will lock the object to be a connector again.

    You can then rerun your search, and the specific account will not be shown anymore. And after a sync, the object will also be removed from the azure Directory
     
    Then you need to remove the user object from the Office 365 portal using the PowerShell
    Open PowerShell “Windows Azure Active Directory Module” $msolcred = get-credential connect-msolservice -credential $msolcred Get-MsolUser -ReturnDeletedUsers | FT UserP*,ObjectId Remove-MsolUser -ObjectId abc1234-12abc-123a-ab12-a12b3c4d5f6gah -RemoveFromRecycleBin -Force Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force

    Then at the next scheduled sync of te DirSync the user will be recreated. Also you can force the DirSync to creaate the user faster.
     

    soure: http://www.e-apostolidis.gr/microsoft/delete-user-from-office-365-with-dirsync/
  19. proximagr
    To connect PowerShell to Exchange Online, open the PowerShell and run:

    $UserCredential = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/-Credential $UserCredential -Authentication Basic -AllowRedirection Import-PSSession $Session

    source: http://www.e-apostolidis.gr/microsoft/connect-to-exchange-online/
  20. proximagr
    First of all, the VM must be within a virtual network to be able to add a static Private IP address
     
    There are two ways to set a static private IP. One is using the new Azure Portal "portal.azure.com" and one via PowerShell.
     
    Using the new Portal, browse a VM, select settings and then IP addresses. There at the Private IP address you can select "Static" and add the IP address.
     
    Using PowerShell, first connect to the Azure (details on this post), and use the following commands:
     
    #Test IP availability:
    Test-AzureStaticVNetIP -VNetName XXXXXXX -IPAddress
     
    #Set the VM that will take the static IP
    $static = Get-AzureVM -ServiceName xxxxx -Name xxxxxx
     
    #Set the static IP
    Set-AzureStaticVNetIP -VM $static -IPAddress xx.xx.xx.xx | Update-AzureVM
     
    #Check the static IP
    Get-AzureStaticVNetIP -VM $staticVM
     
    source: http://www.e-apostolidis.gr/microsoft/set-static-ip-to-azure-vm/
  21. proximagr
    First we need to install the Azure PowerShell module from http://go.microsoft.com/fwlink/p/?linkid=320376&clcid=0x409
     
    Then open PowerShell and follow the below commands:
     
    #Get your subscription file - The browser will open, you will need to login to the Azure Subscription and finally it will download the <subscriptonname>.publishsettings file
    Get-AzurePublishSettingsFile
     
    #Connect to your Subscription
    Import-AzurePublishSettingsFile -PublishSettingsFile "full path to downloaded file"
    Source: http://www.e-apostolidis.gr/microsoft/connect-powershell-to-azure/
  22. proximagr
    Copy AZURE VHD to other storage account
     
    #Source storage account
    $context1 = new-azurestoragecontext -storageaccountname "name_source_account" -storageaccountkey "key_source_account"
     
    #Destination storage account
    $context2 = new-azurestoragecontext -storageaccountname "name_destination_account" -storageaccountkey "key_destination_account"
     
    #Initiate copy this might take a while
    Start-AzureStorageBlobCopy -SrcContainer "vhds" -SrcBlob "name_as_found_in_step_one.vhd" -SrcContext $context1 -DestContainer "vhds" -DestBlob "my_destination_name.vhd" -DestContext $context2
     
    Track Azure VHD copy process
     

    $context = new-azurestoragecontext -storageaccountname "name_destination_account" -storageaccountkey "key_destination_account"
     
    Get-AzureStorageBlobCopyState -Blob "file_name.vhd" -Container "vhds" -Context $context
     
    source: http://www.e-apostolidis.gr/microsoft/copy-azure-vhd-to-other-storage-account/
  23. proximagr
    There are many reasons to have your Disks stored at separate Storage Accounts, per Cloud Service. One is that a Storage Account in Azure provides 20000 IOPS and every disk in Standard Tier 500 IOPS. Azure support suggests to don’t have more than 40 disks per Storage Account. Also you may want to have your disks lined (go to Azure, Cloud Services, selsect a Cloud Service and you can see the “Lined Resources” tab, there you can link storage accounts to the Cloud Service) to the same Cloud Services as their VMs. The problem is that if you have an Azure VM and you try to “attach an empty disk” you will realize that the disk will be created at the default Storage Account of the Subscription and there is no option to change this.
     
    Here is a PowerShell command that creates a VHD at a specified Storage Account, creates a Disk and attaches it to a VM:
     
    Get-AzureVM "servicename -Name "vmname" | Add-AzureDataDisk -CreateNew -DiskSizeInGB XXX -DiskLabel "diskname" -MediaLocation "https://storageaccountname.blob.core.windows.net/vhds/vhdname.vhd"-LUN X | Update-AzureVM
     
    Some more info on this command:
     
    First of all you need to connect to your Azure Subscription, you can follow this Post on how to do it.
    Then create a Storage Account using the GUI or PowerShell, here is the Microsoft’s link http://azure.microsoft.com/en-us/documentation/articles/storage-create-storage-account/
    Then you need to list the disks that are already connected to your VM in order to view the LUN number that you will use. The OS disk is not listed on this command. The first data disk consumes the LUN 0, the second the LUN 1 and so on. The command is:
     
    Get-AzureVM -ServiceName "servicename" -Name "vmname" | Get-AzureDataDisk
     
    source: http://www.e-apostolidis.gr/microsoft/create-a-disk-in-specific-storage-account-and-attach-it-to-a-vm-in-azure/
  24. proximagr
    I was looking for a free solution to have an email notifications for Azure backup. After reading other blogs and technet site I end up to use PowerShell Send-MailMessage attached to the Azure Backup Logs. In short, when the Azure Backup log is created, the script lists the last 2 days events, creates an html file and mails the report with the html as attachment to you.
     
    First find the Azure backup Event Log, it under “Applications and Services Logs, CloudBackup, Operational” and select to attach a task to the log. This will trigger the task on every event created under this log. On the other hand you can attach the task to a specific event.
     
    Create a Task and attach the below PowerShell script. Here you will find the powershell.exe “C:\Windows\System32\WindowsPowerShell\v1.0″
     
    Crate a folder c:\IT and Copy the below script on a text file and name it “eventemail.ps1″. Finally change the required fields.
     
    $date = (Get-Date).AddDays(-2)
    $event = Get-WinEvent -FilterHashtable @{ LogName = "cloudbackup"; StartTime = $date; }
    $event | ConvertTo-Html message,timecreated | Set-Content c:\it\backup.html
     
    if ($event.EntryType -eq "Error")
    {
    $PCName = $env:COMPUTERNAME
    $EmailFrom = "FROM_EMAIL_HERE"
    $EmailTo = "YOUR_EMAIL_HERE"
    $EmailSubject = "Server $PCName Backup Failure report"
    $SMTPServer = "SMTP_SERVER_HERE"
    Write-host "Email Sent"
    Send-MailMessage -From $EmailFrom -To $EmailTo -Subject $EmailSubject -body "$($event.Message) $($event.TimeCreated)" -Attachments "c:\it\backup.html" -SmtpServer $SMTPServer
    }
    else
    {
    write-host "There is no error. Below the logs files."
    $event
    $PCName = $env:COMPUTERNAME
    $EmailFrom = "FROM_EMAIL_HERE"
    $EmailTo = "YOUR_EMAIL_HERE"
    $EmailSubject = "Server $PCName Backup Success report"
    $SMTPServer = "SMTP_SERVER_HERE"
    Write-host "Sending Email"
    Send-MailMessage -From $EmailFrom -To $EmailTo -Subject $EmailSubject -body "$($event.Message) $($event.TimeCreated)" -Attachments "c:\it\backup.html" -SmtpServer $SMTPServer
    }
     
    The “write-host ” lines can be removed. They are useful only for troubleshooting by running the script manually on powershell.
     
    source: http://www.e-apostolidis.gr/microsoft/azure-backup-email-notification/
  25. proximagr
    Microsoft offers for free it’s antimalware service. When you create a new VM you have the option to enable it. This will install the System Center Endpoint Protection client to the VM managed by Azure. If you have added this but now you want to remove it and add some other antivirus/antimalware solution you cannot do it by just uninstalling the client from the VM. The client will auto re-insalled by Azure. There are two ways to completely uninstall the program and remove it from Azure. One is using the new Portal and one using PowerShell.
     
    Using the Portal
    Go to https://portal.azure.com/ Browse the VM Go to the Configuration section and click on Extensions Click the Microsoft.Azure.Security extension You can delete it using he Delete button At any time you can re-add it, by clicking the Add button at the Extensions window


     
    Using PowerShell
     
    First connect PowerShell to your Azure subscription, as described to this post and then:
     
    # First check the Antimalware Service Status, you need to select the Azure VM and then get the status:
    $servicename = "myVMservice"
    $vmname = "myVMname"
    $vm = Get-AzureVM –ServiceName $servicename –Name $vmname
    Get-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -Version 1.* -VM $vm
     
    #First remove the service from Azure
    Remove-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -VM $vm
     
    # Then uninstall the Antimalware Client from the VM
    Get-AzureVM -ServiceName $servicename -Name $vmname | Set-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -Version 1.* -Uninstall | Update-AzureVM
     
    source: http://www.e-apostolidis.gr/microsoft/remove-microsoft-antimalware-service-from-a-vm/
×
×
  • Create New...