Jump to content

proximagr

Moderators
  • Posts

    2468
  • Joined

  • Last visited

  • Days Won

    12

Blog Entries posted by proximagr

  1. proximagr
    SQL Failover Cluster with AlwaysOn Availability Groups
    Πάμε τώρα για το τελευταίο κομμάτι του lab, να προσθέσουμε AlwaysOn Availability Group στο υπάρχον SQL WSFC.
    Windows Server 2012 R2 Failover Cluster with FreeNAS 9.3 (Page 1, Page 2) Microsoft SQL 2012 on Failover Cluster (Page 1, Page 2, Page 3) Add AlwaysOn AG to SQL Failover Cluster Instance (Page 1, Page 2, Page 3)

    Add AlwaysOn AG to SQL Failover Cluster Instance (Page 1)
    Για αρχή πρέπει να ενεργοποιήσουμε το “AlwaysOn High Availability” setting και στα δύο Nodes του υπάρχοντος Cluster. Εδώ να τονίσουμε πως η επιλογή υπάρχει μόνο στη Enterprise έκδοση και όχι στην Standard. Ανοίγουμε λοιπόν το SQL Server Configuration Manager / SQL Server Services / SQL Server (NAME) , δεξί click Properties και στην καρτέλα “AlwaysOn High Availability” επιλέγουμε το “Enable AlwaysOn Availability Groups”. Με το που θα πατήσουμε Apply θα μας ενημερώσει ότι η αλλαγή θα περάσει στον SQL στο επόμενο restart.

    Δεν κάνουμε restart.
    Τώρα για να γίνει η αλλαγή στο δεύτερο Node πρέπει να κάνουμε manual failover για να σηκωθεί το service της SQL. Όπως είχαμε κάνει και στο τέλος του προηγούμενου Post, όταν εγκαταστήσαμε το δεύτερο SQL Node, από το Failover Cluster Manager κάνουμε move το SQL Server Role στο δεύτερο Node. Τώρα άμα ανοίξετε το SQL Server Configuration Manager θα δείτε ότι το SQL Server service έχει γίνει stop και το SQL Server service τρέχει στο δεύτερο Node με ενεργοποιημένο με το AlwaysOn. Τέλος ξανακάνουμε move το SQL Server Role στο πρώτο Node.
    Στη συνέχεια πάμε να βάλουμε τον τρίτο server στο υπάρχον Windows Failover Cluster. Ανοίγουμε το Failover Cluster Manager από το πρώτο Node (Win2012R201 στο lab) και πατάμε Nodes / Add Node…

    Ξεκινάει ο Wizard, πατάμε το πρώτο Next και στο Select Servers επιλέγουμε τον τρίτο server (Win2012R203 στο lab) και πατάμε Next.
    Για να περάσει το verification πρέπει ο server να έχει ήδη το Failover Cluster feature, κάτι που στο lab υπάρχει από το template.

    Μιας και αυτό το Node δεν θα είναι ουσιαστικά μέρος του Failover Cluster αλλά το θέλουμε μόνο για το AlwaysOn, επιλέγουμε να μην κάνει τα validation test και να μην βάλει storage.


    Τώρα πρέπει να σιγουρεύουμε ότι δεν θα προσπαθήσει το Cluster να σηκώσει την SQL στο τρίτο Node που θα είναι για το AlwaysOn.
    Αφού προστεθεί το Node στο Cluster πρέπει να πάμε πρώτα στο Failover Cluster Manager / WSFCcomputername (sqlclus.sqllab.int για το lab), επιλέγουμε από τα Cluster Core Resources στο Server Name το computer name του sql cluster (sqlclus για το lab) και δεξί click properties.

    Πηγαίνουμε στο Advanced Policies tab και απόεπιλέγουμε το τρίτο Node, όπως στην εικόνα

    Στην συνέχεια στον SQL Server Ρόλο, δεξί click properties και να επιλέξουμε preferred owners τα δύο πρώτα Nodes μόνο.

    Το ίδιο κάνουμε και για τα δύο Cluster Disks

    Τώρα κάνουμε μια τυπική εγκατάσταση SQL Server 2012 στο τρίτο Node, με τα ίδια settings που κάναμε και για το Cluster, με τη διαφορά ότι θα κάνουμε Stand Alone Setup και όχι Cluster και πρέπει να δώσουμε διαφορετικό instance name γιατί το Default instane (MSSQLSERVER) υπάρχει στο Cluster. Επίσης δίνουμε έναν δίσκο στο Server με ίδιο γράμμα με αυτό που έχουν οι servers στο Cluster για την SQL. Στο lab είναι F:.

    Αφού ολοκληρωθεί η εγκατάσταση ενεργοποιούμε το AlwaysOn κι εδώ από το SQL Server Configuration Manager και κάνουμε restart το SQL server service.
     

    Συνέχεια στην επόμενη σελίδα
     
    Πηγή http://www.e-apostolidis.gr/%ce%b5%ce%bb%ce%bb%ce%b7%ce%bd%ce%b9%ce%ba%ce%ac/add-alwayson-ag-to-sql-failover-cluster-instance/
  2. proximagr
    SQL Failover Cluster with AlwaysOn Availability Groups Πάμε τώρα για το τελευταίο κομμάτι του lab, να προσθέσουμε AlwaysOn Availability Group στο υπάρχον SQL WSFC. Windows Server 2012 R2 Failover Cluster with FreeNAS 9.3 Microsoft SQL 2012 on Failover Cluster Add AlwaysOn AG to SQL Failover Cluster Instance Add AlwaysOn AG to SQL Failover Cluster Instance […]
    The post Add AlwaysOn AG to SQL Failover Cluster Instance appeared first on Proxima's IT Corner.


    Source
  3. proximagr
    SQL Failover Cluster with AlwaysOn Availability Groups
     
    Πάμε τώρα για το τελευταίο κομμάτι του lab, να προσθέσουμε AlwaysOn Availability Group στο υπάρχον SQL WSFC.
    Windows Server 2012 R2 Failover Cluster with FreeNAS 9.3 (Page 1, Page 2) Microsoft SQL 2012 on Failover Cluster (Page 1, Page 2, Page 3) Add AlwaysOn AG to SQL Failover Cluster Instance (Page 1, Page 2, Page 3)

    Add AlwaysOn AG to SQL Failover Cluster Instance (Page 2)
     

    Επίσης σε αυτό το σημείο να αναφέρω ότι επειδή χρησιμοποιούμε ένα Named instance, κάθε φορά που ξεκινάει το SQL Server service καταχωρεί ένα SPN record το οποίο χρειάζεται για να μπορέσουν οι εφαρμογές να κάνουν authenticate με τον SQL Server. Για να μπορέσει να γίνει αυτό πρέπει το account που τρέχει το SQL Server service να έχει δικαίωμα να διαβάζει και να γράφει serviceprinipalnames στο Active Directory. Στο lab χρησιμοποίησα Domain Admin account οπότε το SPN καταχωρείται σωστά.

    Μπορούμε πλέον να ξεκινήσουμε την διαδικασία να βάλουμε την βάση μας σε AlwaysOn Availability Group.
    Από το active node του WSFC ανοίγουμε το SQL Management Studio και συνδεόμαστε στο SCL Cluster Instance, στο LAB “SQLFCI”. Πρώτα κάνουμε ένα backup την βάση μας, μιας που είναι προαπαιτούμενο για να προχωρήσουμε. Παίρνουμε το backup και το κάνουμε restore στο τρίτο Node, Win2012R203 στο lab αλλά προσοχή, επιλέγουμε στο restore Options / Recovery state / RESTORE WITH NORECOVERY

    Αφού ολοκληρωθεί το restore η βάση θα πρέπει να έχει δημιουργηθεί και να είναι σε (Restoring…)

    Μετά πηγαίνουμε στο πρώτο Node, Win2012R201 στο lab, SQL Management Studio, στο “AlwaysOn High Availability” και με δεξί click στο Availability Groups πατάμε “New Availability Group Wizard…”

    Ανοίγει ο Wizard και μετά το πρώτο next δίνουμε Availability group name

    Στο επόμενο βήμα επιλέγουμε την βάση που θέλουμε να βάλουμε σε Availability Group

    Στο επόμενο βήμα πρέπει να ορίσουμε replicas. Έχει ήδη το SQFCI, και μάλιστα μας ενημερώνει ότι επειδή είναι Failover Cluster Instance δεν υποστηρίζει automatic failover. Αυτό σημαίνει ότι όταν χάσουμε όλο το Cluster (SQL Cluster Instance) θα πρέπει να πάμε στο τρίτο Node (Win2012R203 στο lab) στο SQL management studio / AlwaysON High Availability / Availability Groups / και με δεξί click πάνω στο “AG Aname” κάνουμε manual failover.

    Κάνουμε connect στο τρίτο Node, Win2012R203\MSSQLAG

    Αφού προστεθεί και ο Win2012R203, επιλέγουμε Readable Secondary και ανάλογα την χρήση επιλέγουμε Synchronous ή όχι Commit. Όπως είπα και στην αρχή του πρώτου Post, “Η ιδέα είναι να έχουμε ένα SQL Flailover Cluster στο Primary Site και στο υπάρχον Cluster να προσθέσουμε ένα AlwaysOn Availability group για το DR” η χρήση του Availability Group είναι για DR Site για να αποφύγουμε latency στο Commit το αφήνουμε unchecked. Έτσι θα έχουμε asynchronous commit και θα αποφύγουμε το latency με ένα “φόβο” για Data Loss τη στιγμή που θα χρειαστεί Failover.
    Τέλος πατάμε Next.

    Στην επόμενη καρτέλα επιλέγουμε το «Join only” αφού έχουμε κάνει ήδη restore την βάση, και πατάμε Next

     
    Συνέχεια στην επόμενη σελίδα
     
    Πηγή http://www.e-apostolidis.gr/%ce%b5%ce%bb%ce%bb%ce%b7%ce%bd%ce%b9%ce%ba%ce%ac/add-alwayson-ag-to-sql-failover-cluster-instance/
  4. proximagr
    SQL Failover Cluster with AlwaysOn Availability Groups
     
    Πάμε τώρα για το τελευταίο κομμάτι του lab, να προσθέσουμε AlwaysOn Availability Group στο υπάρχον SQL WSFC.
    Windows Server 2012 R2 Failover Cluster with FreeNAS 9.3 (Page 1, Page 2) Microsoft SQL 2012 on Failover Cluster (Page 1, Page 2, Page 3) Add AlwaysOn AG to SQL Failover Cluster Instance (Page 1, Page 2, Page 3)

    Add AlwaysOn AG to SQL Failover Cluster Instance (Page 3)
     

    Στην καρτέλα validation αγνοούμε το warning για τον Listener, θα τον δημιουργήσουμε μετά

    Και πατάμε Finish για να δημιουργήσει το Group

    Σε αυτό το σημείο μπορούμε να δημιουργήσουμε Listener. Σε μια εγκατάσταση που όλα τα SQL Instances είναι single ένας Listener χρησιμεύει για common name, ώστε να οδηγεί κάθε φορά τις εφαρμογές στο σωστό server. Στην περίπτωση όμως που το ένα ή περισσότερα instances είναι clustered δεν λειτουργεί ο Listener. Μπορούμε και πάλι να δημιουργήσουμε τον Listener αλλά σε περίπτωση που χαθούν τα δύο πρώτα και βασικά Nodes του Cluster τότε ο μόνος τρόπος για να γίνει access η SQL είναι με το instance name του τρίτου Node, στην περίπτωση του lab είναι Win2012R203\MSSQLAG.
    Εδώ πρέπει να τονίσουμε ότι εφόσον δεν υπάρχει Listener και Automatic Failover για να γίνει access η SQL σε περίπτωση που χάσουμε το SQL Failover Cluster Instance πρέπει να γίνει Manual Failover στο Availability Group μέσο του SQL Management Studio, όπως είπαμε και κατά τη δημιουργία.
    Τέλος να πούμε ότι η διαχείριση του Failover Cluster SQL Instance γίνετε μέσω του Windows Server Failover Cluster Manager, όπως π.χ. το manual failover, όπως είδαμε και στο προηγούμενο post. Ενώ η διαχείριση του AlwaysOn High Availability γίνετε από το SQL Management Studio.
     
    Πηγή http://www.e-apostolidis.gr/%ce%b5%ce%bb%ce%bb%ce%b7%ce%bd%ce%b9%ce%ba%ce%ac/add-alwayson-ag-to-sql-failover-cluster-instance/
  5. proximagr
    Add multiple managed disks to Azure RM VM
    In this post I have created a PowerShell script to help add multiple managed disks to an Azure RM Virtual Machine.
    The script to add multiple managed disks will prompt you to login to an Azure RM account, then it will query the subscriptions and ask you to select the desired. After that it will query the available VMs and promt to select the target VM from the VM list.
    At this point I am checking the OS disk and define the storage type of the data disk. If we need to change the storage type we can check the comments at step 4. e.g. If the OS disk is Premium and you want Standard data disks.
    The next step is to ask for disk size. You can check the sizes and billing here: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/managed-disks-overview#pricing-and-billing
    Finally it will ask for the number of the disk we need to create. After this input the script will create the disks, attach them to the VM and update it. The Script:

     



    1



    2



    3



    4



    5



    6



    7



    8



    9



    10



    11



    12



    13



    14



    15



    16



    17



    18



    19



    20



    21



    22



    23



    24



    25



    26



    27



    28



    29



    30



    31



    32



    33



    34



    35



    36



    # 1. You need to login to the Azure Rm Account

    Login-AzureRmAccount

    # 2. The script will query the Subscriptions that the login account has access and will promt the user to select the target Subscription from the drop down list

    $subscription = Get-AzureRmSubscription | Out-GridView -Title "Select a Subscription" -PassThru
    Select-AzureRmSubscription -SubscriptionId $subscription.Id

    # 3. The script will query the available VMs and promt to select the target VM from the VM list

    $vm = Get-AzureRmVM | Out-GridView -Title "Select the Virtual Machine to add Data Disks to" -PassThru

    # 4. I set the storage type based on the OS disk. If you want to spesify somehting else you can cahnge this to: $storageType = StandardLRS or PremiumLRS etc.

    $storageType = $VM.StorageProfile.OsDisk.ManagedDisk.StorageAccountType

    # 5. The script will promt for disk size, in GB

    $diskSizeinGB = Read-Host "Enter Size for each Data Disk in GB"

    $diskConfig = New-AzureRmDiskConfig -AccountType $storageType -Location $vm.Location -CreateOption Empty -DiskSizeGB $diskSizeinGB

    # 6. Enter how many data disks you need to create

    $diskquantity = Read-Host "How many disks you need to create?"

    for($i = 1; $i -le $diskquantity; $i++)
    {
    $diskName = $vm.Name + "-DataDisk-" + $i.ToString()
    $DataDisk = New-AzureRmDisk -DiskName $diskName -Disk $diskConfig -ResourceGroupName $vm.ResourceGroupName
    $lun = $i - 1
    Add-AzureRmVMDataDisk -VM $vm -Name $DiskName -CreateOption Attach -ManagedDiskId $DataDisk.Id -Lun $lun
    }

    Update-AzureRmVM -VM $vm -ResourceGroupName $vm.ResourceGroupName
    You can download the script from here: AddManagedDisks
  6. proximagr
    The DirSync by default runs every three hours. And you will realized that there is no GUI way to change that. To change the sync interval we need to change a configuration file.
    1. Go to the below directory on your DirSync Server:
    C:\Program Files\WindowsAzureActiveDirectorySync
    (there are two similar directories, one with spaces between the words and one without. We want the one without spaces)
    Here we will find the main executable of the DirSync Scheduler, the “Microsoft.Online.DirSync.Scheduler.exe” and its assosiated Config file, the “”Microsoft.Online.DirSync.Scheduler.exe.Config”.
    2. Open the “Microsoft.Online.DirSync.Scheduler.exe.Config” file using notepad
    Find the line with key=”SyncTimeInterval”, the default is the below:
    <add key=”SyncTimeInterval” value=”3:00:0″ />
     
    The “value” is the frequency of the schedule. The default “3:00:0″ means 3 hours.
    We can change the value to what best fits our organization’s needs and based to how often we make changes to Active Directory. To reduce it to one hour change it to:
    <add key=”SyncTimeInterval” value=”1:00:0″ />
     
    3. Once we finish changing the file, save and close it. Then go to the Services (services.msc) and restart the “Windows Azure Active Directory Sync Service” service, Service name: “MSOnlineSyncScheduler”.

    Source: http://www.e-apostolidis.gr/microsoft/alter-the-office-365-dirsync-schedule/
  7. proximagr
    Application Security Groups to simplify your Azure VMs network security
    Application Security Groups helps to manage the security of the Azure Virtual Machines by grouping them according the applications that runs on them. It is a feature that allows the application-centric use of Network Security Groups.

    An example is always the best way to better understand a feature. So let’s say that in a Subnet we have some Web Servers and some Database Servers. The access rules of the Subnet’s Network Security Group to allow http, https & database access to those servers will be something like this:

    Using only the Network Security Groups functionality we need to add the IP addresses of the servers to use them to the access lists. There are two major difficulties here:
    For every rule we need to add all the IPs of the servers that will be included. If there is an IP address change (e.g by adding or removing a server) then all the relative rules must change.
    Use Application Security Groups
    Now, lets see how we can bypass this complexity by using Application Security Groups, combined with Network Security Groups.
    Create two Application Security Groups, one for the Web Servers and one for the Database Servers
    At the Azure Portal, search for Application Security Groups

    Provide a name and a Resource Group

    Create one more with name Database Servers and at the Resource Group you will have those two Application Security Groups:

    Then go each Virtual Machine and attach the relevant ASG.
    Click the Virtual Machine and then go to the Networking settings blade, and press the “Configure the application security groups”

    Select the relevant ASG and press save:

    Do the same for all your servers. Finally open the Network Security Group. Open the https rule, at my example is the “https2WebServers” rule. Change the Destination to “Application Security Group” and for Destination application security group select the Web Servers.

    Same way change the database access rule and for Source add the “Database Server” ASG and for destination the “Web Servers” ASG. Now the NSG will look like this:

    Now on when removing a VM from the Web Servers farm of the Database servers cluster there is no need to change anything at the NSG. When adding a new VM, the only thing we need to do is to attach the VM to the relative Application Security Group.
    A Virtual Machine can be attached to more than one Application Security Group. This helps in cases of multi-application servers.
    There are only two requirements:
    All network interfaces used in an ASG must be within the same VNet If ASGs are used in the source and destination, they must be within the same VNet

  8. proximagr
    <h1>Azure Security Center</h1>
    <h2>Remediate security recommendations in 1 click</h2>
    <p>Azure Security Center provides unified security management and advanced threat protection across hybrid cloud workloads. Using advanced analytics, it helps you detect potentially malicious activity across your hybrid cloud workloads, and recommends potential remediation steps, which you can then evaluate, and take the necessary action.</p>
    <p id="DLQOMZB"><img class="alignnone size-full wp-image-2857 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d8ddac95fb1a.png"alt="" /></p>
    <p>One of the main features of Azure Security Center is that offers prioritized and actionable security recommendations so you can remediate security vulnerabilities before they can be exploited by attackers. To simplify remediation of security issues now allows you to remediate a recommendation on multiple resources with a single click.</p>
    <ul>
    <li>Quick access to 1-click fix<br />The 1-click fix label is shown next to the recommendations that offer this faster remediation tool.</li>
    <li>Logging for transparency<br />All remediation actions are logged in the activity log.</li>
    </ul>
    <p id="cYAerXE"><img class="alignnone size-full wp-image-2858 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d8ddaf03f635.png"alt="" /></p>
    <h2>How to use 1-click remediation</h2>
    <p>Look for the “1-click Fix !” Label at the recommendations!</p>
    <p id="aBGvMLk"><img class="alignnone size-full wp-image-2859 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d8ddb125f8f2.png"alt="" /></p>
    <p>Once you click the “1-click Fix !” Label, the recommendation information page will pen. Select the affected resources and click Remediate</p>
    <p id="ORTsWRv"><img class="alignnone size-full wp-image-2861 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d8ddfea3fdaa.png"alt="" /></p>
    <p>A final window will open that will inform you about the action that will be performed and what will affect. Check the information and if you agree click the final “Remediation” button</p>
    <p id="NiZsHKi"><img class="alignnone size-full wp-image-2863 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d8de03500959.png"alt="" /></p>
    <h2>Current 1-click remediation availability</h2>
    <p>Remediation is available for the following recommendations in preview:</p>
    <ul>
    <li>Web Apps, Function Apps, and API Apps should only be accessible over HTTPS</li>
    <li>Remote debugging should be turned off for Function Apps, Web Apps, and API Apps</li>
    <li>CORS should not allow every resource to access your Function Apps, Web Apps, or API Apps</li>
    <li>Secure transfer to storage accounts should be enabled</li>
    <li>Transparent data encryption for Azure SQL Database should be enabled</li>
    <li>Monitoring agent should be installed on your virtual machines</li>
    <li>Diagnostic logs in Azure Key Vault and Azure Service Bus should be enabled</li>
    <li>Diagnostic logs in Service Bus should be enabled</li>
    <li>Vulnerability assessment should be enabled on your SQL servers</li>
    <li>Advanced data security should be enabled on your SQL servers</li>
    <li>Vulnerability assessment should be enabled on your SQL managed instances</li>
    <li>Advanced data security should be enabled on your SQL managed instances</li>
    </ul>
    <p>Single click remediation is part of Azure Security Center’s free tier.</p>
    <p>Read more at: <a href="https://azure.microsoft.com/en-gb/blog/azure-security-center-single-click-remediation-and-azure-firewall-jit-support/">AzureSecurity Center single click remediation</a></p>
    <p>Sources:</p>
    <p><a href="https://azure.microsoft.com/en-gb/blog/azure-security-center-single-click-remediation-and-azure-firewall-jit-support/">AzureSecurity Center single click remediation</a></p>
    <p><a class="breadcrumbs__link" href="https://azure.microsoft.com/en-us/updates/one-click-remediation-for-security-recommendations/"data-event="global-navigation-body-clicked-breadcrumb" data-bi-area="content" data-bi-id="global-navigation-body-clicked-breadcrumb">Azure Security Center—1-click remediation for security recommendations is now available</a></p>
    <p><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fasc-remediate-security-recommendations-in-1-click%2F&linkname=ASC%20%7C%20Remediate%20security%20recommendations%20in%201%20click"title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_print" href="https://www.addtoany.com/add_to/print?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fasc-remediate-security-recommendations-in-1-click%2F&linkname=ASC%20%7C%20Remediate%20security%20recommendations%20in%201%20click" title="Print" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share#url=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fasc-remediate-security-recommendations-in-1-click%2F&title=ASC%20%7C%20Remediate%20security%20recommendations%20in%201%20click" data-a2a-url="https://www.e-apostolidis.gr/microsoft/azure/asc-remediate-security-recommendations-in-1-click/" data-a2a-title="ASC | Remediate security recommendations in 1 click"><img src="https://static.addtoany.com/buttons/share_save_171_16.png" alt="Share"></a></p><p>The post <a rel="nofollow" href="https://www.e-apostolidis.gr/microsoft/azure/asc-remediate-security-recommendations-in-1-click/">ASC | Remediate security recommendations in 1 click</a> appeared first on <a rel="nofollow" href="https://www.e-apostolidis.gr">Apostolidis IT Corner</a>.</p>


    <a href="https://www.e-apostolidis.gr/microsoft/azure/asc-remediate-security-recommendations-in-1-click/"class='bbc_url' rel='nofollow external'>Source</a>
  9. proximagr
    Thank you all for participating at my session today at Athens Azure Bootcamp, about how to Protect your data with a modern backup, archive and disaster recovery solution.
     

     
    Bad things happen, even to good people. Protect yourself and avoid costly business interruptions by implementing a modern backup, archive and disaster recovery strategy. See how you can securely extend your on-premises backup storage and data archive solutions to the cloud to reduce cost and complexity, while achieving efficiency and scalability. Be ready with a business continuity plan that includes disaster recovery of all your major IT systems without the expense of secondary infrastructure. You leave this session with a set of recommended architectures showing how to implement a modern backup, archive and disaster recovery solution and an understanding of how to quickly get something in place in your organization.
     
    PANTELIS APOSTOLIDIS
     
    you can download my presentation from this link: https://1drv.ms/p/s!AvpafHi49lqjgdd4ixVWNS6nqZIZSw
  10. proximagr
    Auto Start/Stop an Azure VM (ARM)
    For Azure VMs that are not needed to be running 24/7, we can use Azure Automation to schedule automatic Stop (Deallocate) and Start. First ensure to reserve resources if needed, such as the Private and the Public IP.
    Now lets see how we will Auto Start/Stop an Azure VM (ARM). First create an Automation Account, go to the Azure Portal, expand more services and search for automation. Then click the “Automation Accounts”

    At the Automation Accounts press “Add”

    At the Automation Account creation blade provide a Name, the Subscription, the Resource Group, trhe location and if it is the first Automation Account select Yes to create automatically a Run As account

    After the creation it will open the new Automation Account’s blade. Here click the “Runbooks”

    We don’t need to write any scripting since there are available Runbooks at the gallery, so select Browse gallery

    At the Gallery search for the “Start Azure V2 VMs” and “Stop Azure V2 VMs” Graphical Runbooks.


    Click the Runbook and a the new blade press Import. Type a unique name and press OK

    After the import, we will be navigated to the Runbook and we need to Publish it in order to be able to use it. At the Runbook’s blade, press “Edit”

    And then press Publish

    After the Publishing the Runbook is ready to Start and add Schedules. Now lets add Schedules to specify the VM and the schedule that will Start. Press “Schedule”

    Press Link a schedule to your runbook and then Create a new schedule

    Give a name to the schedule, and then select the Start date and time and the recurrency, at my example it will start the VM everyday at 7:00 am

    then go to the Parameters and provide the Resourcegroup name and the VM name and press OK.

    The Runbook is ready. Create more Schedules for all needed VMs. And then repeat the process for the “Stop Azure VM V2” runbook and you will have two Runbooks with many Schedules. To test a Runbook press “Start”.

     

    The post Auto Start/Stop an Azure VM (ARM) appeared first on Proxima's IT Corner.


    Source
  11. proximagr
    <h1>Auto-Shutdown Hyper-V free with USB UPS</h1>
    <p>Recently i installed a Hyper-V 2012 R2 server (the free version) but my UPS doesn’t support Windows Core. No problem, we have PowerShell!! after some search on various sites – blogs – etc i end up creating the following script. It checks the battery status every 3 minutes, using WMI and when the battery drops below 50% is sends the shutdown signal. As long as you set the VMs to save on shutdown you are OK!</p>
    <p>I also added a simple mail notification before the shutdown.</p><pre class="crayon-plain-tag">$batterystatus = (get-wmiobject -class CIM_Battery -namespace "rootCIMV2").EstimatedChargeRemaining
    DO
    {
    start-sleep -seconds 180
    $batterystatus = (get-wmiobject -class CIM_Battery -namespace "rootCIMV2").EstimatedChargeRemaining
    $batterystatus
    } While ($batterystatus -gt 50)
    $login = "username"
    $password = "password" | Convertto-SecureString -AsPlainText -Force
    $credentials = New-Object System.Management.Automation.Pscredential -Argumentlist $login,$password
    Send-MailMessage -Body "UPS Started - Server will shutdown in 5 minutes" -From mail@domain.com -To mymail@domain.com -Subject "Power Loss - UPS Started" -SmtpServer mail.domain.com -Credential $Credentials
    shutdown /s /t 300</pre><p> </p>
    <p><a class="a2a_button_email" href="http://www.addtoany.com/add_to/email?linkurl=http%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fpowershell%2Fauto-shutdown-hyper-v-usb-ups%2F&linkname=Auto-Shutdown%20Hyper-V%20free%20with%20UPS"title="Email" rel="nofollow" target="_blank"><img src="http://www.e-apostolidis.gr/wp-content/plugins/add-to-any/icons/email.png" width="16" height="16" alt="Email"/></a><a class="a2a_button_print" href="http://www.addtoany.com/add_to/print?linkurl=http%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fpowershell%2Fauto-shutdown-hyper-v-usb-ups%2F&linkname=Auto-Shutdown%20Hyper-V%20free%20with%20UPS" title="Print" rel="nofollow" target="_blank"><img src="http://www.e-apostolidis.gr/wp-content/plugins/add-to-any/icons/print.png" width="16" height="16" alt="Print"/></a><a class="a2a_dd addtoany_share_save" href="https://www.addtoany.com/share#url=http%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fpowershell%2Fauto-shutdown-hyper-v-usb-ups%2F&title=Auto-Shutdown%20Hyper-V%20free%20with%20UPS" data-a2a-url="http://www.e-apostolidis.gr/microsoft/powershell/auto-shutdown-hyper-v-usb-ups/" data-a2a-title="Auto-Shutdown Hyper-V free with UPS"><img src="http://www.e-apostolidis.gr/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></p><p>The post <a rel="nofollow" href="http://www.e-apostolidis.gr/microsoft/powershell/auto-shutdown-hyper-v-usb-ups/">Auto-Shutdown Hyper-V free with UPS</a> appeared first on <a rel="nofollow" href="http://www.e-apostolidis.gr">Proxima's IT Corner</a>.</p>


    <a href="http://www.e-apostolidis.gr/microsoft/powershell/auto-shutdown-hyper-v-usb-ups/"class='bbc_url' rel='nofollow external'>Source</a>
  12. proximagr
    Azure AD | Secure Web Application Publishing
    Application Publishing
    Azure Active Directory Application Proxy is a very easy and secure way for web application publishing using the extremely secure Azure AD authentication mechanism. There are a tone of features, like SSO and 2 Factor Authentication. But lets see the basic here. You have a web application that you are using internal to your network, not even https, or you have developed a web application and you want an easy and safe way to publish it without having to wary about authentication or VPN. Use the Azure AD Application Proxy following the following simple steps.
    For this example I have used a Windows Server 2016 with IIS and the SugarCRM application using the IIS Web Platform Installer. The internal link is http://appproxy01/sugarcrm/that opens the SugarCRM login page.
    Lets start
    Navigate to Azure Portal and go to Azure Active Directory. Mind that Azure Active Directory Basic or Premium license is required. You can start a trial Azure AD Premium or Enterprise Mobility Suite E3 that includes Azure AD Premium.
    Fist of all you need to enable Application proxy. Select Enterprise applications –> Application proxy and click Enable & Download the connector clicking the “Connector” link.

    Next, install the connector to the web server or to an other domain member server. It requires Windows Server 2012 R2.

    At the installation process it will ask to login with an Azure AD account that has access to publish applications.
    Once installed, Run the Connector Troubleshooter to verify that the connector will run properly.

    After the successful installation,back to the Azure Portal the server FQDN and the Public IP will appear under the Default Connector.

    Now it is time to publish the application. Go to “All applications” –> +ADD –> On-premises application.

    Give a name, the internal Url that is used to access the application at your local network and press Add. Note the External URL.

    The next step is to assign users. Following the quick steps, press “Assign a user for testing”

    an add at least a user and you are ready to test the application.
    Now lets test the published application
    Open your favorite browser and navigate the the External URL. You will be navigated to the Microsoft online service logon page. Once authenticated with your Azure AD account the SugarCRM login page will be served.

    This is the simplest way to publish a web application without having to wary for Authentication and Security.
    Of course if the application supports active directory authentication then it is very easy to setup SSO, but we will analyze that at the next post.
  13. proximagr
    Azure App Service, get data from on-premises databases securely
    There are many scenarios where we want to have the Web Application on the Cloud but on the other hand, due to various limitations, the database stays on-premises. Azure has a service, called Azure Hybrid Connections, that allows the Web App to connect to on-premises databases, using internal IP address or the database server host name, without a complex VPN setup.
    The Connection diagram

    I have tested the connection with Microsoft SQL, PostgreSQL, MySQL, mongodb and Oracle. The databse requirements is to have a static port. So the first step in case of a Microsoft SQL instance is to assign a static port. In my test environment I have a Microsoft SQL 2016 and I assigned the default port 1433, using the Sql Server Configuration Manager / SQL Server Network Configuration / Protocols for INSTANCENAME (MSSQLSERVER)

    All paid service plans supports hybrid connections. The limits are on how many hybrid connections can be used per plan, as the below table shows.Pricing planNumber of Hybrid Connections usable in the planBasic5Standard25Premium200Isolated200
    To start creating the Hybrid Connections, go to the App Service / Networking / Hybrid Connections and press the “Configure your hybrid connection endpoints”

    At the Hybrid connections blade there are two steps, the first is to “Add hybrid connection” and the second is to “Download the connection manager”.

    First click the “Add hybrid connection” and then press “Create new hybrid connection”

    The “Create new hybrid connection” blade will open. Add a Hybrid connection name, this must be at least 6 characters and it is the display name of the connection. At the Endpoint host add the hostname of the database server and at the Endpoint port, the port of the database. At my case I added 1433, as this is the port I assign to my SQL instance before.
    Finally you will need to specify a name for a Servicebus namespace. As you realize, the hybrid connection uses Azure Servicebus for the communication, and press OK.

    Once the connection is created it will be shown at the portal as “Not connected”

    Now we need to download and install the hybrid connection manager by clicking the “Download connection manager”. For this test I will install the hybrid connection manager at the same server as the SQL database, but for a production environment it is recommended to install the hybrid connection manager to a different server that will have access to the database servers only to the required ports. For the best security install it to a DMZ server and open only the required ports to the database servers.
    Run the downloaded msi and just click Install.

    Open the “Hybrid connection manager” UI and press “Add a new Hybrid Connection.

    Sign in to your Azure account

    Once logged in, choose your Subscription and the hybrid connection configured previously will appear. Select it and press Save.

    Now at the connection manager status it will show “Connnected”

    The same at the Azure Portal and your Hybrid connection is ready.

    Test, test, test and proof of concept. Open the Console, form the Wep App Blade, and tcpping the SQL server’s hostname atthe port 1433

    and also sqlcmd

    [/url]
    The post Azure App Service, get data from on-premises databases securely appeared first on Apostolidis IT Corner.


    Source
  14. proximagr
    Azure App Service, get data from on-premises databases securely
    There are many scenarios where we want to have the Web Application on the Cloud but on the other hand, due to various limitations, the database stays on-premises. Azure has a service, called Azure Hybrid Connections, that allows the Web App to connect to on-premises databases, using internal IP address or the database server host name, without a complex VPN setup.
    The Connection diagram

    I have tested the connection with Microsoft SQL, PostgreSQL, MySQL, mongodb and Oracle. The databse requirements is to have a static port. So the first step in case of a Microsoft SQL instance is to assign a static port. In my test environment I have a Microsoft SQL 2016 and I assigned the default port 1433, using the Sql Server Configuration Manager / SQL Server Network Configuration / Protocols for INSTANCENAME (MSSQLSERVER)

    All paid service plans supports hybrid connections. The limits are on how many hybrid connections can be used per plan, as the below table shows. Pricing plan Number of Hybrid Connections usable in the plan Basic 5 Standard 25 Premium 200 Isolated 200
    To start creating the Hybrid Connections, go to the App Service / Networking / Hybrid Connections and press the “Configure your hybrid connection endpoints”

    At the Hybrid connections blade there are two steps, the first is to “Add hybrid connection” and the second is to “Download the connection manager”.

    First click the “Add hybrid connection” and then press “Create new hybrid connection”

    The “Create new hybrid connection” blade will open. Add a Hybrid connection name, this must be at least 6 characters and it is the display name of the connection. At the Endpoint host add the hostname of the database server and at the Endpoint port, the port of the database. At my case I added 1433, as this is the port I assign to my SQL instance before.
    Finally you will need to specify a name for a Servicebus namespace. As you realize, the hybrid connection uses Azure Servicebus for the communication, and press OK.

    Once the connection is created it will be shown at the portal as “Not connected”

    Now we need to download and install the hybrid connection manager by clicking the “Download connection manager”. For this test I will install the hybrid connection manager at the same server as the SQL database, but for a production environment it is recommended to install the hybrid connection manager to a different server that will have access to the database servers only to the required ports. For the best security install it to a DMZ server and open only the required ports to the database servers.
    Run the downloaded msi and just click Install.

    Open the “Hybrid connection manager” UI and press “Add a new Hybrid Connection.

    Sign in to your Azure account

    Once logged in, choose your Subscription and the hybrid connection configured previously will appear. Select it and press Save.

    Now at the connection manager status it will show “Connnected”

    The same at the Azure Portal and your Hybrid connection is ready.

    Test, test, test and proof of concept. Open the Console, form the Wep App Blade, and tcpping the SQL server’s hostname atthe port 1433

    and also sqlcmd

  15. proximagr
    Azure Backup | Enable backup alert notifications
    Azure Backup generates alerts for all backup events, such as unsuccessful backups. A new option is to create backup alert notifications so Azure Backup will alert you firing an email when an alert is generated.
    To enable the backup alert notifications, navigate to the “Backup Alerts” section of the “recovery Services vault” and click the “Configure notifications”

    There switch the Email notification to On to enable the alerts. Enter one or more recipients separated with semicolon (. Choose Per Alert or Hourly Digest. Per Alert will fire an email for every alert instantly and the Hourly Digest means that the notification agent will check for alerts every hour and will fire an email with the active alerts.
    Finally choose the Severity of the alerts which you will be notified and press save.


    If you like my content you can follow my blog: e-apostolidis.gr
  16. proximagr
    I was looking for a free solution to have an email notifications for Azure backup. After reading other blogs and technet site I end up to use PowerShell Send-MailMessage attached to the Azure Backup Logs. In short, when the Azure Backup log is created, the script lists the last 2 days events, creates an html file and mails the report with the html as attachment to you.
     
    First find the Azure backup Event Log, it under “Applications and Services Logs, CloudBackup, Operational” and select to attach a task to the log. This will trigger the task on every event created under this log. On the other hand you can attach the task to a specific event.
     
    Create a Task and attach the below PowerShell script. Here you will find the powershell.exe “C:\Windows\System32\WindowsPowerShell\v1.0″
     
    Crate a folder c:\IT and Copy the below script on a text file and name it “eventemail.ps1″. Finally change the required fields.
     
    $date = (Get-Date).AddDays(-2)
    $event = Get-WinEvent -FilterHashtable @{ LogName = "cloudbackup"; StartTime = $date; }
    $event | ConvertTo-Html message,timecreated | Set-Content c:\it\backup.html
     
    if ($event.EntryType -eq "Error")
    {
    $PCName = $env:COMPUTERNAME
    $EmailFrom = "FROM_EMAIL_HERE"
    $EmailTo = "YOUR_EMAIL_HERE"
    $EmailSubject = "Server $PCName Backup Failure report"
    $SMTPServer = "SMTP_SERVER_HERE"
    Write-host "Email Sent"
    Send-MailMessage -From $EmailFrom -To $EmailTo -Subject $EmailSubject -body "$($event.Message) $($event.TimeCreated)" -Attachments "c:\it\backup.html" -SmtpServer $SMTPServer
    }
    else
    {
    write-host "There is no error. Below the logs files."
    $event
    $PCName = $env:COMPUTERNAME
    $EmailFrom = "FROM_EMAIL_HERE"
    $EmailTo = "YOUR_EMAIL_HERE"
    $EmailSubject = "Server $PCName Backup Success report"
    $SMTPServer = "SMTP_SERVER_HERE"
    Write-host "Sending Email"
    Send-MailMessage -From $EmailFrom -To $EmailTo -Subject $EmailSubject -body "$($event.Message) $($event.TimeCreated)" -Attachments "c:\it\backup.html" -SmtpServer $SMTPServer
    }
     
    The “write-host ” lines can be removed. They are useful only for troubleshooting by running the script manually on powershell.
     
    source: http://www.e-apostolidis.gr/microsoft/azure-backup-email-notification/
  17. proximagr
    Azure Backup Reports
    A new feature is in public preview, the Azure Backup Reports. Now we can have the Azure Backup Reports at the OMS Workspace, Event Hub and Power Bi. You can use Power BI to view report dashboard, download reports and create custom reports
    The configuration has two steps, one to configure the Azure Backup Reports connection with each service and the other is to get the data at each service.
    First go to a Recovery Services vault and select Backup Reports. Next press the Configure button.

    The Diagnostic settings blade will open. Change the Status to “On” and select the desired services to collect the Azure Backup Logs.

    For the Power Bi integration we need a Storage account. So check the “Archive to storage account” option and select a storage account. The storage account must be at the same region as the Azure Backup account.

    To integrate with OMS check the “Send to Log Analytics” option and select an OMS Workspace.

    An other option is to stream the Azure Backup logs to event hub. To configure it check the “Stream to an event hub” and select the event hub namespace and policy name.

    At the bottom part of the configuration blade select the Logs that you want to get. The retention days option is only for the Storage Account configuration.

    Press save and return to the Backup reports blade. Now press the “Sign in” to connect to Power Bi to configure the Service.

    At the lower left corner of the Power Bi Portal press “Get Data”

    At the AppSource press the “Get” button under the Services.

    Search and select the “Azure Backup”

    At the connect to Azure Backup page enter the Storage Account name. This is the storage account that we selected at the Azure Backup Reports configuration.

    Press next and Save. Now the Azure Backup workspace is ready. Be patient, it needs time to start reporting data.

    If you go back to the Azure Portal, the Backup Reports blade has changed and it only has the option to connect to your Power Bi dashboard.

    If you browse to your Power Bi dashboard, you can view the Azure Backup Reports Workspace as the below image.

    For the OMS integration, you only need to go to the Log Search and query “Category=”AzureBackupReport” and you will have all the Azure Backup Report logs. Following the OMS logic you can create a custom View, you can follow this post: Azure Log Analytics

  18. proximagr
    <h1>Azure Bastion – Jump Server as a Service</h1>
    <p>Azure Bastion is a new Azure Platform (PaaS) service, at this time is still in Preview, that allows to have RDP and SSH access to Virtual Machines inside a Virtual Network directly from the Azure Portal. This eliminates the need to expose the Virtual Machines RDP and SSH ports to the internet.</p>
    <p>The logic comes from the Jump Servers, but you don’t need to deploy any VMs and you don’t have to worry about the hardening. It all ready on Azure as a Service.</p>
    <p>A jump server is a hardened and monitored device that spans two dissimilar security zones and provides a controlled means of access between them. You can find more about jump servers at <a href="https://en.wikipedia.org/wiki/Jump_server">https://en.wikipedia.org/wiki/Jump_server</a></p>
    <p>The connection to the virtual machines is achieved directly from the Azure Portal over Secure Sockets Layer (SSL) just using the browser. The Bastion Host is</p>
    <h2>Azure Bastion Preview preparation</h2>
    <p>For the time, Azure Bastion Hosts are in Public Preview. To use them we need to Register the Azure Bastion Host provider. Open PowerShell and login to Azure or use the Cloud Shell from the Azure Portal.</p>
    <p>To register the provider run:</p>
    <p>Register-AzProviderFeature -FeatureName AllowBastionHost -ProviderNamespace Microsoft.Network</p>
    <p id="zOeDhIo"><img class="alignnone wp-image-2732 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/06/img_5d091fe6262cc.png"alt="register provider" width="821" height="165" /></p>
    <p>Then run:</p>
    <p>Register-AzResourceProvider -ProviderNamespace Microsoft.Network</p>
    <p id="DRILxeM"><img class="alignnone wp-image-2733 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/06/img_5d091ff460da0.png"alt="azure bastion register" width="646" height="84" /></p>
    <p>The provider takes some time to register. Run the following command to check when it is registered:</p>
    <p>Get-AzProviderFeature -FeatureName AllowBastionHost -ProviderNamespace Microsoft.Network</p>
    <p id="EZSfQTp"><img class="alignnone wp-image-2736 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/06/img_5d0923cdafb5e.png"alt="register check" width="797" height="78" /></p>
    <p>Once the Provider is Registered, access the Azure Portal using this link: <a href="http://aka.ms/BastionHost">http://aka.ms/BastionHost</a>in order to access the Bastions Preview.</p>
    <h2>Create the Bastion</h2>
    <p>From the Azure Portal search for bastions</p>
    <p id="IWWlOrg"><img class="alignnone wp-image-2727 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/06/img_5d0801333cf93.png"alt="portal azure bastion" width="496" height="222" /></p>
    <p>Hit “Add” to start the Bastion creation wizard</p>
    <p id="BZxMhhc"><img class="alignnone wp-image-2728 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/06/img_5d080140b2353.png"alt="azure bastion" width="520" height="329" /></p>
    <p>One thing to consider is that the Virtual Network must have an empty subnet with name “AzureBastionSubnet” and at least /27 range. This Subnet will be configured as a DMZ.</p>
    <p id="qwRNwdC"><img class="alignnone wp-image-2729 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/06/img_5d080183b9c91.png"alt="azure bastion" width="750" height="115" /></p>
    <p>At the Create a bastion wizard select the Subscription and the Resource group. I prefer to create a new Resource Group. Enter a name for the Bastion Host Instance and a Region. Of course the Virtual Network and the Region must be the same as the Virtual Machines that you want to access. Finally select a name for the Public IP of the Bastion Host and hit Review and Create to create the Bastion.</p>
    <p id="xZvMCkm"><img class="alignnone wp-image-2730 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/06/img_5d0801ea435a4.png"alt="azure bastion" width="843" height="870" /></p>
    <p>Once the Bastion is ready you can see its properties. Not much to configure, just the IAM.</p>
    <p id="dfkMDjH"><img class="alignnone wp-image-2739 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/06/img_5d092bdbb123f.png"alt="azure bastion" width="1162" height="645" /></p>
    <h2>Using the Bastion Host</h2>
    <p>And now the magic. Once you have a bastion deployed to a Virtual Network, browse a Virtual Machine and hit “Connect”. Beside the RDP and SSH, you will see a new option, the BASTION!</p>
    <p id="LiCqvkU"><img class="alignnone wp-image-2741 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/06/img_5d092c6bebb80.png"alt="azure bastion" width="1157" height="551" /></p>
    <p>Since the topology is Intternet –>Public IP of Bastion –> Bastion –> Virtual Network – NSG – Private IP –> VM you need to allow the RDP / SSH traffic from the Bastion VNET to the Virtual Machine and https traffic (no RDP / SSH needed) from the internet (or your public ip) to the Bastion Subnet.</p>
    <p>Enter the VMs username and password and hit connect and we have RDP over HTTPS</p>
    <p id="OphcKAS"><img class="alignnone wp-image-2742 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/06/img_5d093149258cf.png"alt="azure bastion" width="1379" height="1021" /></p>
    <h2>Copy Text to / from the VM</h2>
    <p>There a little icon >> at the right middle of the screen.</p>
    <p id="JTaxuWt"><img class="alignnone size-full wp-image-2748 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/06/img_5d09355db8db6.png"alt="" /></p>
    <p>Click it and the Copy / paste box will open. Any text you paste at that box it will be available at the VMs clipboard. Also the Fullscreen button is available there.</p>
    <p id="WQLZHRX"><img class="alignnone size-full wp-image-2749 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/06/img_5d0935877025c.png"alt="" /></p>
    <p>Also any text you copy from the VM will appear at that box, like the image below:</p>
    <p id="ZvVaJdz"><img class="alignnone size-full wp-image-2750 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/06/img_5d0935cf0a626.png"alt="" /></p>
    <p>The Remote Desktop experience is excellent! No RDP client needed, just your browser.</p>
    <p>Sources:</p>
    <p><a href="https://docs.microsoft.com/en-us/azure/bastion/bastion-faq">https://docs.microsoft.com/en-us/azure/bastion/bastion-faq</a></p>
    <p><a href="https://docs.microsoft.com/en-us/azure/bastion/bastion-nsg">https://docs.microsoft.com/en-us/azure/bastion/bastion-nsg</a></p>
    <p><a href="https://azure.microsoft.com/en-us/blog/announcing-the-preview-of-microsoft-azure-bastion/">https://azure.microsoft.com/en-us/blog/announcing-the-preview-of-microsoft-azure-bastion/</a></p>
    <p><a href="https://docs.microsoft.com/en-us/azure/bastion/bastion-create-host-portal">https://docs.microsoft.com/en-us/azure/bastion/bastion-create-host-portal</a></p>
    <p><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure-bastion-jump-server-as-a-service%2F&linkname=Azure%20Bastion%20%E2%80%93%20Jump%20Server%20as%20a%20Service"title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_print" href="https://www.addtoany.com/add_to/print?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure-bastion-jump-server-as-a-service%2F&linkname=Azure%20Bastion%20%E2%80%93%20Jump%20Server%20as%20a%20Service" title="Print" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share#url=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure-bastion-jump-server-as-a-service%2F&title=Azure%20Bastion%20%E2%80%93%20Jump%20Server%20as%20a%20Service" data-a2a-url="https://www.e-apostolidis.gr/microsoft/azure-bastion-jump-server-as-a-service/" data-a2a-title="Azure Bastion – Jump Server as a Service"><img src="https://static.addtoany.com/buttons/share_save_171_16.png" alt="Share"></a></p><p>The post <a rel="nofollow" href="https://www.e-apostolidis.gr/microsoft/azure-bastion-jump-server-as-a-service/">Azure Bastion – Jump Server as a Service</a> appeared first on <a rel="nofollow" href="https://www.e-apostolidis.gr">Apostolidis IT Corner</a>.</p>


    <a href="https://www.e-apostolidis.gr/microsoft/azure-bastion-jump-server-as-a-service/"class='bbc_url' rel='nofollow external'>Source</a>
  19. proximagr
    Azure Blob Storage… Recycle Bin!!!!!!!
    Remember all that red alerts when comes to deleting blobs? Ah, forget them! Microsoft Azure brought the Windows Recycle Bin to Azure and named it Soft delete.
    The soft delete feature basically is similar to the Windows recycle bin. Deleting a file from the Windows explorer, the Operating System instead of actually removing the file it moves it to the recycle bin. The file stays there and it can be undeleted at any time. The soft delete feature in Microsoft Azure does the same thing for blob storage. When data is deleted or overwritten, the data is not actually gone. Instead, the data is soft deleted, thereby making it recoverable if necessary.
    It’s not enabled by default, but it’s very easy to enable it. Go to the Storage Account, scroll down to the Blob Service and select “Soft delete”. Select the Retention policy and Save, that’s all!

    Let’s delete and test. Browse a container and click the “Show delete blobs”. The current blob will show as active.

    deleting the blob it will change the status to “deleted”

    Click the three little dots and you can undelete, the blob, in Azure!!!

    Active again!

    Be careful, if you delete the whole container, the storage account or the Azure Subscription there is no return. The Soft delete feature is at blob level inside a container.
    For more deltails visit the docs: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-soft-delete
    [/url]
    The post Azure Blob Storage… Recycle Bin!!!!!!! appeared first on Apostolidis IT Corner.


    Source
  20. proximagr
    Azure Blob Storage… Recycle Bin!!!!!!!
    Remember all that red alerts when comes to deleting blobs? Ah, forget them! Microsoft Azure brought the Windows Recycle Bin to Azure and named it Soft delete.
    The soft delete feature basically is similar to the Windows recycle bin. Deleting a file from the Windows explorer, the Operating System instead of actually removing the file it moves it to the recycle bin. The file stays there and it can be undeleted at any time. The soft delete feature in Microsoft Azure does the same thing for blob storage. When data is deleted or overwritten, the data is not actually gone. Instead, the data is soft deleted, thereby making it recoverable if necessary.
    It’s not enabled by default, but it’s very easy to enable it. Go to the Storage Account, scroll down to the Blob Service and select “Soft delete”. Select the Retention policy and Save, that’s all!

    Let’s delete and test. Browse a container and click the “Show delete blobs”. The current blob will show as active.

    deleting the blob it will change the status to “deleted”

    Click the three little dots and you can undelete, the blob, in Azure!!!

    Active again!

    Be careful, if you delete the whole container, the storage account or the Azure Subscription there is no return. The Soft delete feature is at blob level inside a container.
    For more deltails visit the docs: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-soft-delete
  21. proximagr
    Azure Virtual Network Gateway provides the ability to connect to your Azure Virtual Network with Azure Client VPN (SSL) connections using your Azure AD or hybrid identity, with Multi Factor Authentication (MFA) and your Conditional Access policies.
    We can have an Enterprise grade SSL VPN, with Active Directory authentication and Single Sign on (SSO) from your corporate laptops and apply all your conditional access policies, like MFA, Compliance devices, trused locations, etc.
    How to create the VPN Gateway
    Go to your Virtual Network’s subnets and create a Gateway subnet by clicking the “+ Gateway subnet”
    Create a Virtual network gateway, by searching for the “Virtual network gateways” service and press Add.

    Select “VPN”, “Route-based” and at the SKU select any size except the Basic. Basic SKU does not support Azure AD authentication.

    Create a Public IP and leave all other settings default and create the Gateway.

    After about 20 minutes the VPN Gateway is ready. In the meantime we will prepare the Azure AD and give concern to use the Azure AD with the Azure client VPN. Using a Global Admin account, go to the “Azure Active Directory” and copy the “Tenant ID” from the Overview blade, and keep it on a notepad.

    Then copy the url and paste the below url to your browser’s address bar. You need to log in with a Global Admin non guest non Microsoft account.
    https://login.microsoftonline.com/common/oauth2/authorize?client_id=41b23e61-6c1e-4545-b367-cd054e0ed4b4&response_type=code&redirect_uri=https://portal.azure.com&nonce=1234&prompt=admin_consent
    With a guest or Microsoft account, even if it is Global Admin, you will be propted to login with an admin account, meaning a member work account.

    Once you login with a member work Global Admin account, you can accept the permissions to create the Azure VPN application

    You can navigate to the Azure Active Directory / Enterprise Application and view / manage the Azure AD application.

    Open the Azure VPN enterprise application and copy the “Application ID” to a notepad.

    Go to the VPN Gateway, select the “Point to site configuration” and click the “Configure now”

    Add the Address Pool that you want the VPN clients to have, for Tunnel type select “OpenVPN (SSL) as it is the only type that supports Azure AD authentication.
    Then use the details that you have copied to the notepad, the Tenant ID and the Application ID, and add them to the required fields and press save.
    Tenant: https://login.microsoftonline.com/paste-your-tenant-id-here Audience: paste-the-azure-vpn-application-id-here Issuer: https://sts.windows.net/paste-your-tenant-id-here/
    How to Download the VPN Client and Connect to the Gateway
    Download the VPN client, using the button.

    Extrack the downloadded zip file

    And at the AzureVPN folder you will find the configuration xml.

    Open the Microsoft Store and get the Azure VPN Client

    Open the Azure VPN Client and at the lower left corner, press the + and Import the xml configuration file

    accept all the settings and press save

    The Azure VPN connection will appear at the Azure VPN client and also at the Windows 10 network connections, like any other VPN
    Azure VPN Client:

    Windows 10 Network Connections:

    Once you press connect, it will prompt you to connect using the account(s) that you are already using at your Windows 10 machine, or use a different account

    You will be prompted for MFA or any other conditional access policy you have applied, and the you will be connected.

    Conditional Access & Multi-Factor Authentication (MFA)
    You can add Conditional Access to the Azure client VPN connection. Go to Azure Active Directory / Security / Conditional Access and create a new Policy.
    Select the “Azure VPN” at the “Cloud apps or actions” section


    At the Access Controls / Grand section, you can require multi-factor authentication, or AD Joined device, or compliant device, or all of that

    At the “Conditions” section you can controll the location that the policy will apply. Lets say, you can apply the MFA requirement at “Any location” and exclude the “Trusted locations”, in order to not require MFA when the device is at a trusted location, like your company’s network.



    https://www.e-apostolidis.gr/microsoft/azure/azure-client-vpn-with-azure-ad-auth-mfa-step-by-step-guide/
  22. proximagr
    <p style="text-align: justify;">ExpressRoute is a Microsoft Azure service that provides a private connection between an organization’s on-premises infrastructure and Microsoft Cloud services, such as Microsoft Azure, Office 365, and Dynamics 365.</p>
    <p style="text-align: justify;">Microsoft Azure ExpressRoute was general available back on 2014. To connect to Azure ExpressRoute you need a direct line with an ExpressRoute provider. Now Microsoft announced that Microsoft cloud services can be accessed with Azure ExpressRoute using satellite connectivity, breaking the direct line barriers, making it feasible to connect your data center directly to Microsoft Azure from all around the globe!</p>
    <p style="text-align: justify;"><img src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/6fc8736b-b6e9-4959-8692-c602e9d931e4.png"alt="Infographic of High level architecture of ExpressRoute and satellite integration" /></p>
    <p><span style="font-size: 10px;">image from <a href="https://azure.microsoft.com/en-us/blog/satellite-connectivity-expands-reach-of-azure-expressroute-across-the-globe/">https://azure.microsoft.com/en-us/blog/satellite-connectivity-expands-reach-of-azure-expressroute-across-the-globe/</a></span></p>
    <p id="JXlaLtf" style="text-align: justify;">Azure ExpressRoute Satellite connectivity is currently provided by three Microsoft partners, Intelsat, SES, and Viasat. Microsoft expands its already large connectivity, adding Satellite connectivity options at the 54 Regions worldwide making <a href="https://azure.microsoft.com/en-us/global-infrastructure/global-network/">Microsoft’sglobal network</a> one of the largest in the world.</p>
    <p style="text-align: justify;">Source:</p>
    <p style="text-align: justify;"><a href="https://docs.microsoft.com/en-us/azure/expressroute/expressroute-introduction">https://docs.microsoft.com/en-us/azure/expressroute/expressroute-introduction</a></p>
    <p style="text-align: justify;"><a href="https://azure.microsoft.com/en-us/blog/satellite-connectivity-expands-reach-of-azure-expressroute-across-the-globe/">https://azure.microsoft.com/en-us/blog/satellite-connectivity-expands-reach-of-azure-expressroute-across-the-globe/</a></p>
    <p><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fazure-expressroute-adds-satellite-connectivity%2F&linkname=Azure%20ExpressRoute%20adds%20Satellite%20connectivity"title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_print" href="https://www.addtoany.com/add_to/print?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fazure-expressroute-adds-satellite-connectivity%2F&linkname=Azure%20ExpressRoute%20adds%20Satellite%20connectivity" title="Print" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share#url=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fazure-expressroute-adds-satellite-connectivity%2F&title=Azure%20ExpressRoute%20adds%20Satellite%20connectivity" data-a2a-url="https://www.e-apostolidis.gr/microsoft/azure/azure-expressroute-adds-satellite-connectivity/" data-a2a-title="Azure ExpressRoute adds Satellite connectivity"><img src="https://static.addtoany.com/buttons/share_save_171_16.png" alt="Share"></a></p><p>The post <a rel="nofollow" href="https://www.e-apostolidis.gr/microsoft/azure/azure-expressroute-adds-satellite-connectivity/">Azure ExpressRoute adds Satellite connectivity</a> appeared first on <a rel="nofollow" href="https://www.e-apostolidis.gr">Apostolidis IT Corner</a>.</p>


    <a href="https://www.e-apostolidis.gr/microsoft/azure/azure-expressroute-adds-satellite-connectivity/"class='bbc_url' rel='nofollow external'>Source</a>
  23. proximagr
    Azure File Sync & DFS Namespace
    Azure File Sync is a new Azure feature, still in preview, that allows to sync a folder between your local file server and Azure Files. This way your files are accessible both locally at your file server and publicly at Azure Files using an SMB 3.0 client. Also the files can be protected online using Azure Backup.
    The idea of this post is to have the files of two file servers to sync to Azure Files using Azure File Sync and in addition use the DFS Namespace feature to achieve common name and availability. This is not something officially supported, it is just an idea on using two different technologies to help for a service.
    The requirement before starting the Azure File Sync is to create an Azure File share. We have covered this at a previews post, check here
    Once the Azure Files share is ready, proceed with the Azure File Sync resource. At the Azure Portal press New and search for it and create it.

    At the Deploy Storage Sync blade select a name for the Resource, subscription, resource group and location.

    When the Azure File Sync is ready we need to create a Sync group. Sync group is something like the DFS Replication Group. It is a group that consists of an Azure File Share and many local file servers that syncs a folder.

    Press “+Sync group” it will open the new “Sync group” blade. There provide a name for the Sync group and select the storage account and the Azure File Share created before.

    The Sharegroup is ready with the cloud endpoint. The next step is to add the first local file server. Register the local servers
    Navigate to https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-server-registrationfor information on how to download the agent, install it and register the server. After that press “Add server endpoint”

    At the “Add server endpoint” blade, select the registered server and add the path to the folder that has the data you want to sync. With Cloud Tiering you select a percent of the volume of the local server. When the capacity of the volume reaches this number then Azure File Share makes the files that are less frequently accessed cloud only. The file icon on the server get transparent and if anyone double clicks the file then it is downloaded instantly.

    Register the second server the same way as the first and finally the share group will have two server endpoints. At my example the second server had no data, just the folder, and the Azure File Sync synced all files from server A.
    Create a DFS Namespace
    The next step is to create a DFS Namespace, just the namespace with the two local servers. Add the folders of both servers and you are ready.

    Also if you browse the Azure File Share, all files are accessible

    Notes from the field
    Adding or changing a file at the first server, almost instantly replicates to Azure File Share and to the second server.
    Altering a file at both servers instantly it will keep the last accessed by timestamp as is and the other file will be renamed by adding the server name at the file name, as the example “enaneoarxeio-AzureFS2.txt” where AzureFS2 is the server name.
    You can add an Azure Backup and have a Cloud Backup of all your files.
  24. proximagr
    Azure File Sync & DFS Namespace
    Azure File Sync is a new Azure feature, still in preview, that allows to sync a folder between your local file server and Azure Files. This way your files are accessible both locally at your file server and publicly at Azure Files using an SMB 3.0 client. Also the files can be protected online using Azure Backup.
    The idea of this post is to have the files of two file servers to sync to Azure Files using Azure File Sync and in addition use the DFS Namespace feature to achieve common name and availability. This is not something officially supported, it is just an idea on using two different technologies to help for a service.
    The requirement before starting the Azure File Sync is to create an Azure File share. We have covered this at a previews post, check here
    Once the Azure Files share is ready, proceed with the Azure File Sync resource. At the Azure Portal press New and search for it and create it.

    At the Deploy Storage Sync blade select a name for the Resource, subscription, resource group and location.

    When the Azure File Sync is ready we need to create a Sync group. Sync group is something like the DFS Replication Group. It is a group that consists of an Azure File Share and many local file servers that syncs a folder.

    Press “+Sync group” it will open the new “Sync group” blade. There provide a name for the Sync group and select the storage account and the Azure File Share created before.

    The Sharegroup is ready with the cloud endpoint. The next step is to add the first local file server.Register the local servers
    Navigate to https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-server-registration for information on how to download the agent, install it and register the server. After that press “Add server endpoint”

    At the “Add server endpoint” blade, select the registered server and add the path to the folder that has the data you want to sync. With Cloud Tiering you select a percent of the volume of the local server. When the capacity of the volume reaches this number then Azure File Share makes the files that are less frequently accessed cloud only. The file icon on the server get transparent and if anyone double clicks the file then it is downloaded instantly.

    Register the second server the same way as the first and finally the share group will have two server endpoints. At my example the second server had no data, just the folder, and the Azure File Sync synced all files from server A.
    Create a DFS Namespace
    The next step is to create a DFS Namespace, just the namespace with the two local servers. Add the folders of both servers and you are ready.

    Also if you browse the Azure File Share, all files are accessible

    Notes from the field
    Adding or changing a file at the first server, almost instantly replicates to Azure File Share and to the second server.
    Altering a file at both servers instantly it will keep the last accessed by timestamp as is and the other file will be renamed by adding the server name at the file name, as the example “enaneoarxeio-AzureFS2.txt” where AzureFS2 is the server name.
    You can add an Azure Backup and have a Cloud Backup of all your files.
    [/url]
    The post Azure File Sync & DFS Namespace appeared first on Apostolidis IT Corner.


    Source
  25. proximagr
    Azure offers free smtp relay using the SendGrid application. SendGrid is a cloud service that provides email delivery and marketing campaigns. The specific offer is for up to 25.000 emails per month. Also this offers provides full reporting and analytics and 24/7 support.
    At this post we will see how to create a SendGrid free account that can be used for many purposes, like:
    Send emails through an application using the SendGrid API Send email campaigns, newsletters, etc using the SendGrid SMTP service


    At the Azure Portal, portal.azure.com, search for sendgrid and click the “SendGrid Email Delivery”

    The SendGrid account wizard will open. Fill the name and password, select subscription and resource group and choose the F1 free pricing tier. Also fill the contact information, accept the legal terms and press “Create”
    Once the SendGrid Account is created, navigate to it and select Manage
    The SendGrid portal will open. Navigate to the Settings / API Keys to Create an API Key.
    Enter a name for the key. For permissions you only need send emails So select Restricted Access and add “Mail Send”. Press create & view to create the key.
    You will only see the key once, upon creation. After that there is no way to see the key again, so copy and keep it safe.
    SMTP Service
    We are ready to send emails using any host that supports SMTP. The settings are:
    Server: smtp.sendgrid.net Username: apikey Password: “The API Key you created before” Ports: SSL 465, Unencrypted: 25 , TLS 586 More about SendGrid SMTP: https://sendgrid.com/docs/API_Reference/SMTP_API/integrating_with_the_smtp_api.html

    API Usage:
    https://sendgrid.com/docs/for-developers/sending-email/api-getting-started/
×
×
  • Create New...