Jump to content

proximagr

Moderators
  • Posts

    2468
  • Joined

  • Last visited

  • Days Won

    12

Blog Entries posted by proximagr

  1. proximagr
    Azure Log Analytics | CPU Performance Monitor
    In this article we will create a CPU Performance monitor View for our servers at the Azure Log Analytics (OMS) Portal.

    At the Microsoft Operations Management Suite (OMS) portal press the + button to create a new View

    The View Designer workspace will open. Select the “Line chart & callout”

    At the Properties blade enter a Name, something like “CPU Performance Monitor”, add the below query and press Apply
    Type:Perf CounterName="% Processor Time" InstanceName="_Total" | measure avg(CounterValue)by Computer Interval 10Minutes

    Pressing Apply you will see at the Preview window the “Name” and the CPU Performance of all the Windows servers that are monitored by OMS agent.

    The next step is to press the “+ View” tab and add a “Stack of line charts

    The “Stack of line charts” will add three charts per row and we can use it to add our servers. We will create something like that:

    So, at the Properties blade add a name and a query for each server needs to be monitored and press Apply. For more than three servers add more “Stack of line charts”.
    The query is the below, just change the Computer = “server.domain.local” with your servers.
    Type:Perf CounterName="% Processor Time" InstanceName="_Total" AND Computer ="server.domain.local" | measure Avg(CounterValue) as 'CPU_Percentage' by Computer Interval10Minutes

    Finally press “Save” at the View Designer

    The result is a CPU Performance monitor for all servers at the OMS Portal.

    And when you press it you have the CPU Performance Monitor of all added servers.


    Stay tuned for the next part
  2. proximagr
    Azure Managed Disks | Easy Scale, High Available, Secure
    Azure Managed Disks is almost five months old, start using it, its simple, easy to scale, high available and secure. As Microsoft says, “Let Azure take care of your disks”.
    The idea is simple, choose the performance tier and the size you want. After that you are free to change your mind! You can change the performance tier (yes, switch between SSD & HDD) and the size just with click.
    Lets get it started. First of all we need to enable the managed disks at the VM creation. Specifically at the third step select “Yes” at the “Use managed disks” setting. After that you don’t have to wary about storage account, Azure takes care of this.

    Once the VM is deployed, go to the VM’s blade and click “Disks” and “+ Add data disk”

    After that, the “Create managed disk” blade opens and there are some interesting settings to choose. Lets have a closer look.

    First choose a name for the Data Disk, choose a Resource Group and Account type. This is the performance tier, SSD or HDD.
    Next, at the Source type drop down menu, we can choose to create an empty disk, by selecting the None. Also, we can select to use a Snapshot that we have already created or a Storage blob to select a disk.

    After that it is the size. The Managed Disks have specific price, IOPS and price. Type the Size in Gigabytes and see the estimated performance instantly.
    You can find the details here: https://azure.microsoft.com/en-us/pricing/details/managed-disks/
    Standard Managed Disks:

    All standard managed disks have 500 IOPS and 60MB/sec throughput
    Premium Managed Disks:

    And what happens with the existing VMs that have “classic” unmanaged disk? No worries, just a bit of PowerShell and you can convert that to managed disks.
    How to do it? First Stop the VM, not just show down, we need to Stop (Deallocate it). Then run just this line of PowerShell code:
    ConvertTo-AzureRmVMManagedDisk -ResourceGroupName rgname -VMName vmname
    Now some magic. SSD to HDD to SSD to HDD and go on!
    Lets say you have created a Standard disk, HDD, but now you need performance. Just go to the VM blade, first Stop the VM and then select the “Disks” find the disk and change the “Account type”

    Just save, and voila! you have SSD, from 500 IOPS to 5000 IOPS! Any time, you can Stop the VM and change the disk back to Standard (HDD)
    Export
    Some more magic? Click “Export” at the disk properties, set an expiration time and Generate URL. You need to Stop the VM first.

    A PUBLIC URL is generated. You can use it to download the VHD without having to login to the Portal.
    Create snapshot
    At the disk properties click “Crete snapshot”
    http://www.e-apostolidis.gr/wp-content/uploads/2017/06/img_5938635086f51.png
    Enter a Name, select Resource group and Account type
    http://www.e-apostolidis.gr/wp-content/uploads/2017/06/img_5938639b0ffd7.png
    Now, under the Resources of the Resource Group you will find the Snapshot
    http://www.e-apostolidis.gr/wp-content/uploads/2017/06/img_59386471e209c.png
     

    https://static.addtoany.com/buttons/share_save_171_16.png
    The post Azure Managed Disks | Easy Scale, High Available, Secure appeared first on Apostolidis IT Corner.
     
    Source
  3. proximagr
    Get real insights about your Windows and Linux VMs & VMSSs performance and their dependencies with Azure Monitor. Integrate with Log Analytics for even more in depth analysis and retain the data over time. Health, Performance & Service Map of your VM in a dashboard.
    Deploy to Single VM
    For a single VM, go to the VMs blade, scroll down to the “Monitoring” section, select “Insights” and press “Try now”

    The Azure Monitor Insights Onboarding wizard will open. If your VM is already onboard at a Log Analytics workspace just click Enable. Otherwize select a Log Analytics workspace or create one.

    You will start seeing data form the VM in about 20-30 minutes. Deploy to multiple VMs using Azure Policy
    For deploying to multiple VMs, the easiest way is to use Azure Policy
    Go to the Azure Policy, select Assignments and press “Assign initiative”

    The first option is the Scope. Press the three dots “…” at the Scope field. You can choose a a Management Group, a Subscription or a Resource Group. So if you just select a Management Group (And don’t select subscription and resource group), this policy will apply to all Subscriptions under the Management Group and of course to all resources of the subscription. If you choose a Subscription (and don’t select a resource group then the policy will apply to all resources of the subscription. Finally if you choose a resource group then the policy will apply only to this resource group. Later we will see how to select specific VMs in the Subscription or Resource group.

    After selecting the Scope you can add exclusions. There you can check the VMs you don’t want this policy to apply.

    The next step is to select the Policy. At the BASICS section, press the three dots “…” near the “Initiative definition” and find the “Enable Azure Monitor for VMs”

    Next step is to configure the Parameters. There select the Log Analytics workspace that the VM will onboard, or create a new one. Optionally you can provide a list of VMs instead of adding all of them

    Finally press Apply. Back at the Azure Policy main menu you will see the new Definition Assignment.
    View the Health / Performance / Service Map of the VMs
    To view the Azure Monitor of the VMs, go to the VM that you have enabled Insights, select the Insights blade and you will be able to see the health status not only for the common CPU. Memory, Disk,

    But also for the services that run inside the VM and the Azure Monitor discovered.

    By clicking on any service you will have a list of all logs of this service

    At the performance section you have the ability to select time range and have performance analytics for a requisted period of time

    Finally at the MAp, you have a service map of the services and ports that are open and listening


    Product Documentation: https://docs.microsoft.com/en-us/azure/azure-monitor/insights/vminsights-overview
  4. proximagr
    <h1 style="text-align: left;">Azure Policy | Enforce tags for resource creation</h1>
    <h2 style="text-align: justify;">Azure Governance</h2>
    <p style="text-align: justify;">After the previous post about <a href="https://www.e-apostolidis.gr/microsoft/azure-policy-limit-the-azure-vm-sizes/"target="_blank" rel="noopener noreferrer">how to use Azure Policy to limit the Azure VM sizes</a>, I continue the series of posts about Azure Governance with a video guide on how to enforce tags for resource creation. The idea is to explain through examples and how-to-guides, the tools that Microsoft Azure provides to help the administrators to enforce rules to all subscriptions. Some examples of those rules are, to help the organizations to stay compliant with their corporate standards, to standardize the resources creation and management, to manage the permissions and access controls, etc.</p>
    <h2 style="text-align: justify;">Azure Policy</h2>
    <p style="text-align: justify;">Azure Policy is a powerful tool for Azure Governance. We can define rules for all Azure Subscriptions the we manage. We can use this rules for simple limitation actions, like permitting only specific VM Series and Sizes that can be created and also more complex rule sets that helps you standardize the whole Azure deployment.</p>
    <h3 style="text-align: justify;">Enforce tags for resource creation</h3>
    <p style="text-align: justify;">So, why tags? Why we need to add tags to all Azure resources? The Microsoft Azure environments are getting bigger and bigger and managed by multiple people and teams. That makes it difficult to understand who created a resource and what is the purpose of that resource. Another critical matter that we need tags is Cost Management. At the Azure Cost Management Portal, we can sort and arrange the resource cost using the Tags. This way we can provide an expense dashboard with the actual cost of the resources per department, project or whatever tags we have added to the Resource.</p>
    <h3 style="text-align: justify;">Guide: Video</h3>
    <p style="text-align: justify;">View my video guide on how to use Azure Policy to enforce tags for resource creation</p>
    <p><iframe id="_ytid_65438" width="840" height="473" data-origwidth="840" data-origheight="473" src="https://www.youtube.com/embed/h6qXy20o0fY?enablejsapi=1&autoplay=0&cc_load_policy=0&iv_load_policy=1&loop=0&modestbranding=1&rel=0&fs=1&playsinline=0&autohide=2&theme=dark&color=red&controls=1&"class="__youtube_prefs__" title="YouTube player" allow="autoplay; encrypted-media" allowfullscreen data-no-lazy="1" data-skipgform_ajax_framebjll=""></iframe></p>
    <p style="text-align: justify;">You can find more at Microsoft Docs: <a href="https://docs.microsoft.com/en-us/azure/governance/policy/">https://docs.microsoft.com/en-us/azure/governance/policy/</a></p>
    <p style="text-align: justify;">
    <p><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fazure-policy-enforce-tags-for-resource-creation%2F&linkname=Azure%20Policy%20%7C%20Enforce%20tags%20for%20resource%20creation"title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_print" href="https://www.addtoany.com/add_to/print?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fazure-policy-enforce-tags-for-resource-creation%2F&linkname=Azure%20Policy%20%7C%20Enforce%20tags%20for%20resource%20creation" title="Print" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share#url=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fazure-policy-enforce-tags-for-resource-creation%2F&title=Azure%20Policy%20%7C%20Enforce%20tags%20for%20resource%20creation" data-a2a-url="https://www.e-apostolidis.gr/microsoft/azure/azure-policy-enforce-tags-for-resource-creation/" data-a2a-title="Azure Policy | Enforce tags for resource creation"><img src="https://static.addtoany.com/buttons/share_save_171_16.png" alt="Share"></a></p><p>The post <a rel="nofollow" href="https://www.e-apostolidis.gr/microsoft/azure/azure-policy-enforce-tags-for-resource-creation/">Azure Policy | Enforce tags for resource creation</a> appeared first on <a rel="nofollow" href="https://www.e-apostolidis.gr">Apostolidis IT Corner</a>.</p>


    <a href="https://www.e-apostolidis.gr/microsoft/azure/azure-policy-enforce-tags-for-resource-creation/"class='bbc_url' rel='nofollow external'>Source</a>
  5. proximagr
    Azure Policy | Limit the Azure VM Sizes Azure Governance
    This post, Azure Policy, is the first of a series of posts about Azure Governance. The idea is to explain through examples and how-to-guides, the tools that Microsoft Azure provides to help the administrators to enforce rules to all subscriptions. Some examples of those rules are, to help the organizations to stay compliant with their corporate standards, to standardize the resources creation and management, to manage the permissions and access controls, etc. Azure Policy
    Azure Policy is a powerful tool for Azure Governance. With Azure Policy we can define rules for all Azure Subscriptions the we manage. We can use this rules for simple limitation actions, like permitting only specific VM Series and Sizes that can be created and also more complex rule sets that helps you standardize the whole Azure deployment. Limit the Azure VM Sizes
    In this fist post we will go through a simple policy, the “Allowed virtual machine SKUs”. With this policy you can control what Azure VM series and sizes are permitted for deployment. You can apply this policy to a whole Management group, to a Subscription or to a single Resource Group. Step by Step Guide
    Open the Azure portal, https://portal.azure.com, and login with your account. At the top search box write “policy”. From the search results select the “policy”.

    At the Policy screen, select the “Definitions”. To create and apply a policy we need to start from a Policy Definition.

    At the Policy Definition screen, we can filter the definitions by scope, definition type, type and category. The “Allowed virtual machine SKUs” definition is under the “Compute” category. At the Category drop down menu, deselect everything and select only the “Compute”. Press the “Allowed virtual machine SKUs” definition.

    The “Allowed virtual machine SKUs” definition will open. Here we can see the code beneath the definition. It is written in json format. If we want to make changes at the definition we must first press “Duplicate definition”. This will create a copy of the definition. Then we can open the definition duplicatie and press “Edit definition. We will cover this at a future post.
    To select the VM sizes, the scope and apply the definition, press “Assign”
    Set the scope
    At the Assign policy screen, first we need to select the scope. The scope is where the policy definition will apply. To set the scope press the little blue box with the three dots.

    For scope, we can select a whole Management group, a whole subscription or a single Resource Group.
    Select the Azure VM SKUs
    After the scope, we need to select the allowed Azure VM SKUs. Open the drop down menu and select the SKUs that you will allow.

    At this test policy, I selected all Standard F1-4 series, the Standard F2s – 4s and the Standard F2s_v2 – 4s_v2.
    We can change the “Assignment Name” to easily find the specific assignment at the Assigned Policies list. I changed the name to “Allowed only F1-4 virtual machine SKUs”
    The next step is the “Managed Identity”. Managed identity creates an Azure AD Identity, like a service account, that is used for resource creation. We need this only for some specific policies that must create a resource if it is doesn’t exists.
    We don’t need a Managed Identity to limit the Azure VM SKU sizes. So now we can press “Assign”.

    A notification will inform you that the Policy will take effect after about 30 minutes. The policy needs this time to apply the rules to the selected scope.

    Back to the policy Assignments screen, hit refresh and you will see the new Policy Assignment’s name and the Scope.
    Test the policy
    To test the policy, I waited 30 minutes and tried to create a Standard DS1 v2 VM at the devrg Resource Group. Although I am the Subscription Owner, the Service admin, the one that created the policy assignment, the Azure Resource Manager doesn’t allow me to create this VM.

    And the error details: “disallowed by policy”

    You can find more about Azure Policy at Microsoft Docs: https://docs.microsoft.com/en-us/azure/governance/policy/
  6. proximagr
    <h1 style="text-align: justify;">Azure Portal | Playing with Disk Snapshot</h1>
    <p style="text-align: justify;">Disk Snapshot is a powerful tool to manage Azure VMs. It’s simple to create and can help the administrators in various tasks. It’s a fast and efficient way to have a crash-consistent Disk of a Virtual Machine, before performing tasks, updates, configuration changes, application installations, etc. Of course the last line of defence is the Azure Backup, but using the Snapshot you don’t need to wait the whole Backup / Restore times. With snapshots there are two main options to recover the VM. One is using the “swap OS Disk” functionality, which gives you the ease to swap the Operating System disk with one click. The other option is to create a new VIrtual Machine. Beware, if you want to make Azure VM clones, you need to generalize the VM with Sysprep and Capture the VM. Using the Snapshot option you will have an identical VM, with the same IDs.</p>
    <h2 style="text-align: justify;">Snapshot</h2>
    <p style="text-align: justify;">The first step is to create a snapshot from the Virtual Disk. Open the Azure VM, go to Disks, select the OS Disk and press “Create Snapshot”. You don’t actually need to stop the VM. Windows Server operating system stays fully consistent, but no one can guarantee the consistency of any databases currently running. Think of it like the Hyper V CheckPoint functionality. We make checkpoints all the time and we revert to them even in production.</p>
    <p id="yLMWzuR" style="text-align: justify;"><img class="alignnone wp-image-2884 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8c4f41af1.png"alt="disk snapshot" width="773" height="359" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8c4f41af1.png 773w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8c4f41af1-300x139.png 300w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8c4f41af1-768x357.png 768w" sizes="(max-width: 773px) 100vw, 773px" /></p>
    <p style="text-align: justify;">The Create snapshot screen will open. Fill in a name and disk account type (Standard / Premium) and press create.</p>
    <p id="Cvnyhoo" style="text-align: justify;"><img class="alignnone wp-image-2885 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8c81cf6be.png"alt="disk snapshot" width="635" height="448" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8c81cf6be.png 635w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8c81cf6be-300x212.png 300w" sizes="(max-width: 635px) 100vw, 635px" /></p>
    <p style="text-align: justify;">At this point I will create a folder at the VM for revision</p>
    <p id="RNUFdnD" style="text-align: justify;"><img class="alignnone wp-image-2886 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8d0eef630.png"alt="disk snapshot" width="580" height="303" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8d0eef630.png 580w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8d0eef630-300x157.png 300w" sizes="(max-width: 580px) 100vw, 580px" /></p>
    <h2 style="text-align: justify;">Create a Disk</h2>
    <p style="text-align: justify;">To make the snapshot functional, we need to create a Managed Disk resource.</p>
    <p id="TCxcFbJ" style="text-align: justify;"><img class="alignnone wp-image-2888 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8dbd6c9fb.png"alt="disk snapshot" width="614" height="296" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8dbd6c9fb.png 614w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8dbd6c9fb-300x145.png 300w" sizes="(max-width: 614px) 100vw, 614px" /></p>
    <p style="text-align: justify;">At the Create managed disk wizard, select the Region that the Snapshot resides. Then select “Source type” Snapshot and select it. At the Size, select a disk size at least the same as the source disk.</p>
    <p id="CYKOnDl" style="text-align: justify;"><img class="alignnone wp-image-2889" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8e03cea11.png"alt="disk snapshot" width="638" height="656" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8e03cea11.png 833w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8e03cea11-292x300.png 292w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8e03cea11-768x789.png 768w" sizes="(max-width: 638px) 100vw, 638px" /></p>
    <h2 style="text-align: justify;">Swap OS Disk</h2>
    <p style="text-align: justify;">Now that we have created the managed disk, it’s time to use the Swap OS Disk functionality. We have proceeded with the Azure VM’s updates, software updates, configuration changes, and finally we need to roll back those changes. Go to the VM’s Disks and press “Swap OS Disk”</p>
    <p id="pzuGeyg" style="text-align: justify;"><img class="alignnone wp-image-2887" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8d3ca65c2.png"alt="disk snapshot" width="633" height="390" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8d3ca65c2.png 852w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8d3ca65c2-300x185.png 300w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8d3ca65c2-768x472.png 768w" sizes="(max-width: 633px) 100vw, 633px" /></p>
    <p style="text-align: justify;">at the “Swap OS Disk” wizard, select the managed disk that we created.</p>
    <p id="qmhobOc" style="text-align: justify;"><img class="alignnone wp-image-2890 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8e6658951.png"alt="disk snapshot" width="449" height="399" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8e6658951.png 449w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8e6658951-300x267.png 300w" sizes="(max-width: 449px) 100vw, 449px" /></p>
    <p style="text-align: justify;">In the background, the Azure Platform will stop, deallocate the VM and it will re-crate it with the selected OS disk. As you see at the next screenshot the OS disk is the managed disk that we created from teh snapshot.</p>
    <p id="JASxLxW" style="text-align: justify;"><img class="alignnone wp-image-2891 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8eda544ed.png"alt="disk snapshot" width="955" height="484" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8eda544ed.png 955w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8eda544ed-300x152.png 300w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8eda544ed-768x389.png 768w" sizes="(max-width: 955px) 100vw, 955px" /></p>
    <p style="text-align: justify;">I Started the VM and logged in. The folder I created after the snapshot of course is missing <img src="https://s.w.org/images/core/emoji/12.0.0-1/72x72/1f642.png"alt="?" class="wp-smiley" style="height: 1em; max-height: 1em;" /></p>
    <p style="text-align: justify;"><img class="alignnone wp-image-2892 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8f86e1d8a.png"alt="disk snapshot" width="507" height="258" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8f86e1d8a.png 507w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8f86e1d8a-300x153.png 300w" sizes="(max-width: 507px) 100vw, 507px" /></p>
    <h2 style="text-align: justify;">New Azure VM</h2>
    <p style="text-align: justify;">The other option is to create a new Virtual Machine using the Snapshot. As I wrote before, beware, if you want to make Azure VM clones, you need to generalize the VM with Sysprep and Capture the VM. Using the Snapshot option you will have an identical VM, with the same IDs.</p>
    <p style="text-align: justify;">To create a VM from the Snapshot, just open the Managed Disk that you created from the Snapshot and press Create VM.</p>
    <h2 id="YVnQUGo" style="text-align: justify;"><img class="alignnone wp-image-2893 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8fe63bbc2.png"alt="disk snapshot" width="764" height="401" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8fe63bbc2.png 764w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b8fe63bbc2-300x157.png 300w" sizes="(max-width: 764px) 100vw, 764px" /></h2>
    <p style="text-align: justify;">The Create a virtual machine wizard will open, and at the Operating System Image section, it will have selected the image from the disk. This process is identical to creating a new Hyper V VM from an existing virtual disk.</p>
    <p id="agkkViV" style="text-align: justify;"><img class="alignnone wp-image-2899 size-full" src="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b9dee55885.png"alt="disk snapshot" width="875" height="838" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b9dee55885.png 875w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b9dee55885-300x287.png 300w, https://www.e-apostolidis.gr/wp-content/uploads/2019/10/img_5d9b9dee55885-768x736.png 768w" sizes="(max-width: 875px) 100vw, 875px" /></p>
    <p style="text-align: justify;">Follow the Create a virtual machine wizard exactly the same as creating any Azure VM.</p>
    <p>More e-apostolidis.gr posts about managed disks: <a href="https://www.e-apostolidis.gr/tag/managed-disks/">https://www.e-apostolidis.gr/tag/managed-disks/</a></p>
    <p style="text-align: left;">Read more at: <a href="https://docs.microsoft.com/en-us/azure/virtual-machines/windows/managed-disks-overview#managed-disk-snapshots">https://docs.microsoft.com/en-us/azure/virtual-machines/windows/managed-disks-overview#managed-disk-snapshots</a></p>
    <p> </p>
    <p><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fazure-portal-playing-with-disk-snapshot%2F&linkname=Azure%20Portal%20%7C%20Playing%20with%20Disk%20Snapshot"title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_print" href="https://www.addtoany.com/add_to/print?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fazure-portal-playing-with-disk-snapshot%2F&linkname=Azure%20Portal%20%7C%20Playing%20with%20Disk%20Snapshot" title="Print" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share#url=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fazure-portal-playing-with-disk-snapshot%2F&title=Azure%20Portal%20%7C%20Playing%20with%20Disk%20Snapshot" data-a2a-url="https://www.e-apostolidis.gr/microsoft/azure/azure-portal-playing-with-disk-snapshot/" data-a2a-title="Azure Portal | Playing with Disk Snapshot"><img src="https://static.addtoany.com/buttons/share_save_171_16.png" alt="Share"></a></p><p>The post <a rel="nofollow" href="https://www.e-apostolidis.gr/microsoft/azure/azure-portal-playing-with-disk-snapshot/">Azure Portal | Playing with Disk Snapshot</a> appeared first on <a rel="nofollow" href="https://www.e-apostolidis.gr">Apostolidis IT Corner</a>.</p>


    <a href="https://www.e-apostolidis.gr/microsoft/azure/azure-portal-playing-with-disk-snapshot/"class='bbc_url' rel='nofollow external'>Source</a>
  7. proximagr
    Azure Portal | Virtual Machines bulk actions
    Azure Portal is a great GUI tool to administer all your Azure Resources and it continues evolving. Here is a very useful Tip. Did you know that you can manage Virtual Machines in bulk using the Azure Portal VIrtual Machines section? We have virtual machines bulk actions!

    Not only we can Assign Tags, Start, Restart, Stop and Delete Virtual Machines in bulk but also configure Change Tracking, Inventory and Update Management!!
    Filter out the Virtual Machines needed and just click the “Change Tracking” to have a report off all changes that happens inside the VM, like changes to services for Windows, daemons for Linux, applications and file changes.
    Use the “Inventory” to have a complete inventory of all the installed applications of the VM. Enable consistent control and compliance of these virtual machines.
    Enable the “Update Management” to manage the Updates of the selected Virtual Machines. Create update policies and control the installation of the updates.
  8. proximagr
    <h1>Azure Private Link | Private connection to Azure PaaS</h1>
    <p> </p>
    <p>Azure Private Link is a new service, currently in Preview, that provides private connectivity from a virtual network or an on-premises network with Site-2-Site VPN to Azure platform as a service (PaaS) Microsoft services. Azure Private Link makes the networking a lot more simple improving the security and eliminating the need for public access.</p>
    <p id="nAIxogs"><img class="alignnone size-full wp-image-2844 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d8145c21e8f8.png"alt="" /></p>
    <p> </p>
    <p><span style="font-size: 12px;">image from: <a href="https://azure.microsoft.com/en-us/services/private-link/">https://azure.microsoft.com/en-us/services/private-link/</a></span></p>
    <p>Azure Private Link is a Service mapped to Azure Virtual Networks through a private endpoint. This means that all traffic is routed internally, using private IPs and connectivity, eliminating the exposure to threats. Using Private Link helps an organization to meed the compliance standards.</p>
    <p>Azure Private Link is a Global service. It does not have regional restrictions. You can connect privately services from all the Azure Regions around the globe.</p>
    <h2>Lets Lab It!</h2>
    <p>Let’s see in practice how we can connect from an Azure VM and from our on-premises computer using VPN to an Azure SQL Database using private IPs. For the Lab I already have a Virtual Machine running Windows Server 2019 and an Azure SQL Database. The SQL Database is not connected to any networks.</p>
    <p>Open the Azure Portal, press New and search for “Private Link”, select it and press “Create”</p>
    <p id="wWRgRfz"><img class="alignnone size-full wp-image-2824 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d812bccdb08c.png"alt="" /></p>
    <p>A nice “Getting started page” will open. Click the “Build a private connection to a service”</p>
    <p id="YGbIKKC"><img class="alignnone size-full wp-image-2825 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d812c222bb50.png"alt="" /></p>
    <p id="hySxSQb"><img class="alignnone size-full wp-image-2826 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d812c2e18651.png"alt="" /></p>
    <p>The “Create a private endpoint” wizard will open. Select a name for the Private Link and a Region and press Next to go to the second step.</p>
    <p><code></code></p>
    <p id="vCwjsPb"><img class="alignnone size-full wp-image-2832 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d8130185f27f.png"alt="" /></p>
    <p>At the second step, select to connect to the azure resource in my directory, and select the subscription where the Azure SQL Database resides. Then select the SQL Server.</p>
    <p id="qmxqrJF"><img class="alignnone size-full wp-image-2833 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d81303297eff.png"alt="" /></p>
    <p>At the third step, select the VIrtual Network that the Private Link will be created. I selected the network where my Virtual Machine resides. If you don’t have your own DNS server select Yes to create an Azure private DNS zone.</p>
    <p id="nfoqivE"><img class="alignnone size-full wp-image-2835 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d813077e1d38.png"alt="" /></p>
    <p>At the final step, review the settings and create the Private Link</p>
    <p id="lHsjjBi"><img class="alignnone size-full wp-image-2836 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d81309adc037.png"alt="" /></p>
    <p>After the resource creation, you can check the DNS for the Azure SQL Server Private IP Address!</p>
    <p id="cSPyGGM"><img class="alignnone size-full wp-image-2837 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d81317ff3814.png"alt="" /></p>
    <p>And at the SQL Server, at the “Private endpoint connections” section you will see the new Private Link.</p>
    <p id="YnyPGra"><img class="alignnone size-full wp-image-2839 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d8132886dbdc.png"alt="" /></p>
    <p>Open a Remote Desktop Connection to the Azure VM, and run a nslookup for the SQL Server name. In my case the command is:</p>
    <p>PS C:> nslookup plsqlsrv.database.windows.net<br />Server: UnKnown<br />Address: 168.63.129.16</p>
    <p>Non-authoritative answer:<br />Name: plsqlsrv.privatelink.database.windows.net<br />Address: 10.0.2.5<br />Aliases: plsqlsrv.database.windows.net</p>
    <p id="zdWsPaP"><img class="alignnone size-full wp-image-2838 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d8131e47f882.png"alt="" /></p>
    <p>And it returned the Private IP address of the SQL Server.</p>
    <p>From my computer, i tried to connect to the Azure SQL Server, using the name plsqlsrv.database.windows.net and the connection failed since my Public IP Address is not allowed to access the server.</p>
    <p id="YMuBmUq"><img class="alignnone size-full wp-image-2840 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d813f72173a6.png"alt="" /></p>
    <p>From the Azure VM I managed to connect successfully and of course internally!</p>
    <p id="nVbBsVv"><img class="alignnone size-full wp-image-2841 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d813fab7a6a1.png"alt="" /></p>
    <p>After that, I added a Virtual Network Gateway to the Network and created a Point to Site VPN connection from my local computer to Azure. You can check my guide on how to do this: <a href="https://www.e-apostolidis.gr/microsoft/azure-start-point-point-to-site-vpn/"target="_blank" rel="noopener noreferrer">https://www.e-apostolidis.gr/microsoft/azure/azure-start-point-point-to-site-vpn/</a></p>
    <p>In order to connect to the Azure SQL you need to either use a local DNS server to map the SQl Server name to the Azure SQL IP or add an entry to the local host file for testing.</p>
    <p id="VbhUQVD"><img class="alignnone size-full wp-image-2849 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d8150b51c2d2.png"alt="" /></p>
    <h2>Conclusion</h2>
    <p>Azure Private Link is in Preview and currently supports Azure SQL Database and Storage accounts. Additional services coming in preview in next 3-6 months:</p>
    <ul>
    <li>· Cosmos DB</li>
    <li>· App Service Vnet Integration + App Service Environment</li>
    <li>· Azure Kubernetes Service</li>
    <li>· Azure Key Vault</li>
    <li>· PostgreSQL</li>
    <li>· MySQL</li>
    <li>· Maria DB</li>
    </ul>
    <p> </p>
    <p>Source:</p>
    <p><a href="https://azure.microsoft.com/en-us/services/private-link/">https://azure.microsoft.com/en-us/services/private-link/</a></p>
    <p><a href="https://azure.microsoft.com/en-au/blog/announcing-azure-private-link/">https://azure.microsoft.com/en-au/blog/announcing-azure-private-link/</a></p>
    <p> </p>
    <p><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fazure-private-link-private-connection-to-azure-paas%2F&linkname=Azure%20Private%20Link%20%7C%20Private%20connection%20to%20Azure%20PaaS"title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_print" href="https://www.addtoany.com/add_to/print?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fazure-private-link-private-connection-to-azure-paas%2F&linkname=Azure%20Private%20Link%20%7C%20Private%20connection%20to%20Azure%20PaaS" title="Print" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share#url=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fazure-private-link-private-connection-to-azure-paas%2F&title=Azure%20Private%20Link%20%7C%20Private%20connection%20to%20Azure%20PaaS" data-a2a-url="https://www.e-apostolidis.gr/microsoft/azure/azure-private-link-private-connection-to-azure-paas/" data-a2a-title="Azure Private Link | Private connection to Azure PaaS"><img src="https://static.addtoany.com/buttons/share_save_171_16.png" alt="Share"></a></p><p>The post <a rel="nofollow" href="https://www.e-apostolidis.gr/microsoft/azure/azure-private-link-private-connection-to-azure-paas/">Azure Private Link | Private connection to Azure PaaS</a> appeared first on <a rel="nofollow" href="https://www.e-apostolidis.gr">Apostolidis IT Corner</a>.</p>


    <a href="https://www.e-apostolidis.gr/microsoft/azure/azure-private-link-private-connection-to-azure-paas/"class='bbc_url' rel='nofollow external'>Source</a>
  9. proximagr
    Azure Start Point | Point-to-Site VPN
    In this post series we will go through some basic steps on how to start with Microsoft Azure. At this post we will see how we can create Point-to-Site VPN connection with Azure.
    If you don’t have an Azure Subscription, you can easily create a free trial by just going to https://azure.microsoft.com/en-us/free/
    Create typical a VIrtual Network

    In order to create Point-to-Site VPN connection it needs a Virtual Network Gateway. Go to the Virtual Network, Subnets and add a Gateway Subnet.

    FInally we can add the Virtual Network Gateway. From the portal, create a Virtual Network Gateway resource and add it to the previously created Virtual Network.

    The Virtual Network Gateway can take up to 45 minutes to be created.
    Once the Virtual Network Gateway is created we need one more step. To configure Point-to-site. Open the Virtual Network Gateway and press configure.

    We will need a root and a client self-signed certificate to complete the setup. Using a WIndows 10 or Windows Server 2016 machine we can make use of the New-SelfSignedCertificate cmdlet that makes the process easy. The whole process is described here: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
    For the root certificate run the below PowerShell using ISE:
     



    1



    2



    3



    4



    $cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
    -Subject "CN=prodevrootcert" -KeyExportPolicy Exportable `
    -HashAlgorithm sha256 -KeyLength 2048 `
    -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign
    For the client certificate run the below PowerShell using ISE:
     



    1



    2



    3



    4



    $cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
    -Subject "CN=prodevrootcert" -KeyExportPolicy Exportable `
    -HashAlgorithm sha256 -KeyLength 2048 `
    -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign
    Export the root certificate public key in cer format using MMC, open the Certificates snap-in and select “current user”. Find the root certificate under Personal –> Certificates and right click –> All Tasks export

    Select to “not export the private key” and use Base64 encoded.

    Export the client certificate by selecting “export the private key” , select the “include all certificates in the certification path” and the “enable certificate privacy”. Add a password and export it to pfx file.

    this pfx file must be installed to all the client computers that will use this Point-to-Site connection.
    Now lets go back to the Point-to-Site configuration page. Add an address pool that the VPN clients will use. This subnet must be different from the Virtual Network address space.

    Then open the root certificate, the cer file, using notepad, copy the text between the Begin and End marks.

    Paste the certificate text to the “Root certificated” –> Public certificate data” field and add a name to the “Name” field.

    Press Save and the “Download VPN Client” button will be enabled and we can download the VPN client.
    In order to establish the VPN connection we need to install the VPN Client and the Client “pfx” certificate to the workstation.
  10. proximagr
    Azure Start Point | Point-to-Site VPN
    In this post series we will go through some basic steps on how to start with Microsoft Azure. At this post we will see how we can create Point-to-Site VPN connection with Azure.
    If you don’t have an Azure Subscription, you can easily create a free trial by just going to https://azure.microsoft.com/en-us/free/
    Create typical a VIrtual Network

    In order to create Point-to-Site VPN connection it needs a Virtual Network Gateway. Go to the Virtual Network, Subnets and add a Gateway Subnet.

    FInally we can add the Virtual Network Gateway. From the portal, create a Virtual Network Gateway resource and add it to the previously created Virtual Network.

    The Virtual Network Gateway can take up to 45 minutes to be created.
    Once the Virtual Network Gateway is created we need one more step. To configure Point-to-site. Open the Virtual Network Gateway and press configure.

    We will need a root and a client self-signed certificate to complete the setup. Using a WIndows 10 or Windows Server 2016 machine we can make use of the New-SelfSignedCertificate cmdlet that makes the process easy. The whole process is described here: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
    For the root certificate run the below PowerShell using ISE:
    $cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `-Subject "CN=prodevrootcert" -KeyExportPolicy Exportable `-HashAlgorithm sha256 -KeyLength 2048 `-CertStoreLocation "Cert:CurrentUserMy" -KeyUsageProperty Sign -KeyUsage CertSign
    For the client certificate run the below PowerShell using ISE:
    $cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `-Subject "CN=prodevrootcert" -KeyExportPolicy Exportable `-HashAlgorithm sha256 -KeyLength 2048 `-CertStoreLocation "Cert:CurrentUserMy" -KeyUsageProperty Sign -KeyUsage CertSign
    Export the root certificate public key in cer format using MMC, open the Certificates snap-in and select “current user”. Find the root certificate under Personal –> Certificates and right click –> All Tasks export

    Select to “not export the private key” and use Base64 encoded.

    Export the client certificate by selecting “export the private key” , select the “include all certificates in the certification path” and the “enable certificate privacy”. Add a password and export it to pfx file.

    this pfx file must be installed to all the client computers that will use this Point-to-Site connection.
    Now lets go back to the Point-to-Site configuration page. Add an address pool that the VPN clients will use. This subnet must be different from the Virtual Network address space.

    Then open the root certificate, the cer file, using notepad, copy the text between the Begin and End marks.

    Paste the certificate text to the “Root certificated” –> Public certificate data” field and add a name to the “Name” field.

    Press Save and the “Download VPN Client” button will be enabled and we can download the VPN client.
    In order to establish the VPN connection we need to install the VPN Client and the Client “pfx” certificate to the workstation.
    [/url]
    The post Azure Start Point | Point-to-Site VPN appeared first on Apostolidis IT Corner.


    Source
  11. proximagr
    Azure Start Point | Your first Web App
    In this post series we will go through some basic steps on how to start with Microsoft Azure. For start we will create a Web App.
    If you don’t have an Azure Subscription, you can easily create a free trial by just going to https://azure.microsoft.com/en-us/free/
    Let’s create our first Web App. Go to the Azure Portal by navigating to https://portal.azure.com and click “+ Create a resource”

    At the search box write “Web App” and press enter

    At the search results. click the “Web App” and at the next screen just press “Create”

    The “Web App Create” wizard will open.Enter a name for the App. This will be the Public name of your App. Azure by default provides the domain *.azurewebsites.net for free.
    So in my example the prowebdev.azurewebsites.net will be the URL of my App
    Select the Azure Subscription that will used to bill the Web App and a Resource Group. The Resource Group is used to organize the resources and provide role based access control among other.
    OS: Select the Operating System platform that will host your Web App. This can be Windows, Linux or a Docker Container. For the test I will select Windows.
    As you can see the wizard has selected an App Service Plan by default with a random name and location. The App Service Plan is actually the Web Server that will host out Web App. Click on the “App Service Plan/Location”
    Add a name for the Web Server, select the Location that is nearest to you (or your clients) and the Pricing Tier.
    By pressing OK you will return to the Web App create wizard and press Create. Now you can monitor the creating process of the App form the “Notifications” option at the top right of the portal, it is the button that has a ringing bell image. First you will see the “Deployment in progress…” message and as soon as the App is ready you will see the “Deployment completed” message.
    Now if you go to the Resource group you will see two resources. The App Service and the App Service Plan. In high level, the App Service Plan is the web server and the App Service is the Web Application.

    Now click the App Service and at its blade you can see your applications URL.

    Click the URL and you will see the Demo page

    [/url]
    The post Azure Start Point | Your first Web App appeared first on Apostolidis IT Corner.


    Source
  12. proximagr
    Azure Start Point | Your first Web App
    In this post series we will go through some basic steps on how to start with Microsoft Azure. For start we will create a Web App.
    If you don’t have an Azure Subscription, you can easily create a free trial by just going to https://azure.microsoft.com/en-us/free/
    Let’s create our first Web App. Go to the Azure Portal by navigating to https://portal.azure.com and click “+ Create a resource”

    At the search box write “Web App” and press enter

    At the search results. click the “Web App” and at the next screen just press “Create”

    The “Web App Create” wizard will open. Enter a name for the App. This will be the Public name of your App. Azure by default provides the domain *.azurewebsites.net for free.

    So in my example the prowebdev.azurewebsites.net will be the URL of my App
    Select the Azure Subscription that will used to bill the Web App and a Resource Group. The Resource Group is used to organize the resources and provide role based access control among other.
    OS: Select the Operating System platform that will host your Web App. This can be Windows, Linux or a Docker Container. For the test I will select Windows.
    As you can see the wizard has selected an App Service Plan by default with a random name and location. The App Service Plan is actually the Web Server that will host out Web App. Click on the “App Service Plan/Location”
    Add a name for the Web Server, select the Location that is nearest to you (or your clients) and the Pricing Tier.
    By pressing OK you will return to the Web App create wizard and press Create. Now you can monitor the creating process of the App form the “Notifications” option at the top right of the portal, it is the button that has a ringing bell image. First you will see the “Deployment in progress…” message and as soon as the App is ready you will see the “Deployment completed” message.
    Now if you go to the Resource group you will see two resources. The App Service and the App Service Plan. In high level, the App Service Plan is the web server and the App Service is the Web Application.

    Now click the App Service and at its blade you can see your applications URL.

    Click the URL and you will see the Demo page

  13. proximagr
    Azure Storage | Static Web Site
    Το Microsoft Azure ανακοίνωσε την δυνατότητα να φιλοξενεί στατικές ιστοσελίδες απευθείας στο Blob Storage, με το κόστος του Blob Storage! Τι σημαίνει αυτό? Για 1 GB χώρο και 100000 views το κόστος είναι περίπου 0,05 ευρώ το μήνα!
    Στις στατικές ιστοσελίδες μπορούμε επίσης εκτός από στατικό περιεχόμενο να έχουμε και CLient Side Scripting οπως JavaScript αλλά όχι Server Side Scripting. Επίσης μπορούμε να δώσουμε και μια Custom σελίδα που θα γυρίζει αντί για 404.
    Μπορείτε να υπολογίσετε το κόστος με το Azure Prising Calculator Στο link https://azure.microsoft.com/en-us/pricing/calculator/

    Τι χρειαζόμαστε? απλά ένα Storage Account V2.

    Μόλις δημιουργηθεί το Storage Account, πρώτα ενεργοποιούμε το Static website από τα Settings του Storage Account. Μόλις πατήσουμε Save θα δημιουργηθεί ένα Virtual Directory με το όνομα $web. Το πατάμε για να μπούμε μέσα στο Blob για να ανεβάσουμε το περιεχόμενο μας. Επίσης σημειώνουμε το Primary endpoint γιατί είναι και το URL του Site μας.

    Για να ανεβάσουμε content στο $web Blob μπορούμε να χρησιμοποιήσουμε τον Storage Explorer

    και είμαστε έτοιμοι. Κάνουμε Browse στο URL του Static website, στο παρδειγμά μου είναι το https://proximagr.z6.web.core.windows.net/

    Φυσικά μπορούμε να βάλουμε το δικό μας Domain. Πρώτα φτιάχνουμε ένα CNAME που θα κάνει Point στο Endpoint και μετά πηγαίνουμε στο Custom Domain όπου δίνουμε το CNAME μας.

    και το αποτέλεσμα:

     
    [/url]
    The post Azure Storage | Static Web Site appeared first on Apostolidis IT Corner.


    Source
  14. proximagr
    Azure Storage | Static Web Site
    Το Microsoft Azure ανακοίνωσε την δυνατότητα να φιλοξενεί στατικές ιστοσελίδες απευθείας στο Blob Storage, με το κόστος του Blob Storage! Τι σημαίνει αυτό? Για 1 GB χώρο και 100000 views το κόστος είναι περίπου 0,05 ευρώ το μήνα!
    Στις στατικές ιστοσελίδες μπορούμε επίσης εκτός από στατικό περιεχόμενο να έχουμε και CLient Side Scripting οπως JavaScript αλλά όχι Server Side Scripting. Επίσης μπορούμε να δώσουμε και μια Custom σελίδα που θα γυρίζει αντί για 404.
    Μπορείτε να υπολογίσετε το κόστος με το Azure Prising Calculator Στο link https://azure.microsoft.com/en-us/pricing/calculator/

    Τι χρειαζόμαστε? απλά ένα Storage Account V2.

    Μόλις δημιουργηθεί το Storage Account, πρώτα ενεργοποιούμε το Static website από τα Settings του Storage Account. Μόλις πατήσουμε Save θα δημιουργηθεί ένα Virtual Directory με το όνομα $web. Το πατάμε για να μπούμε μέσα στο Blob για να ανεβάσουμε το περιεχόμενο μας. Επίσης σημειώνουμε το Primary endpoint γιατί είναι και το URL του Site μας.

    Για να ανεβάσουμε content στο $web Blob μπορούμε να χρησιμοποιήσουμε τον Storage Explorer

    και είμαστε έτοιμοι. Κάνουμε Browse στο URL του Static website, στο παρδειγμά μου είναι το https://proximagr.z6.web.core.windows.net/

    Φυσικά μπορούμε να βάλουμε το δικό μας Domain. Πρώτα φτιάχνουμε ένα CNAME που θα κάνει Point στο Endpoint και μετά πηγαίνουμε στο Custom Domain όπου δίνουμε το CNAME μας.

    και το αποτέλεσμα:

  15. proximagr
    Azure Storage Advanced Thread Protection
    Azure Storage Advanced Threat Protection is a new security feature, currently in Preview. It monitors the Azure Blob Storage accounts. It detects anomalies and uncommon access to the Storage Account and notifies the admins through email.
    All the Azure Storage Advanced Threat Protection monitoring and logs are integrated to the Azure Security Center, including the well known ASC recommendations.
    It’s so easy to enable, just go to the Azure Portal, navigate to your storage account’s Advanced Threat Protection setting and switch it ON!

    After that you can view the alerts at the Security Center, under Threat Protection’s Security Alerts.


    First published at https://www.e-apostolidis.gr/microsoft/azure/azure-storage-advanced-thread-protection/
  16. proximagr
    Azure Update Management
    Have you checked the update management system for your Azure and On-Premises server that supports both Windows and Linux operating systems? And it is completely free! Please find the full list of supported operating systems and prerequisites here: https://docs.microsoft.com/en-us/azure/operations-management-suite/oms-solution-update-management#prerequisites.
    Lets get started. The easiest way is to start from an Azure VM. Go to the VMs blade and find “Update management”. You will see a notification that the solution is not enabled.

    Click the notification and the “Update Management” blade will open. The “Update Management” is an OMS solution, so you will need to create a “Log analytics” workspace, you can use the Free tier. If you don’t have a Log analytics workspace the wizard will create a default for you. Also it will create an automation account. Pressing enable will enable the “Update Management” solution.

    After about 15 minutes, at the “Update Management” section of the VM you will see the report of the VM’s updates.

    After that process the Automation Account is created and we can browse to the “Automation Accounts” service at the Azure Portal. There click the newly created Automation Account and scroll to the “Update Management” section. There we can see a full report of all VMs that we will add to the Update Management solution. To add more Azure VMs simply click the “Add Azure VM” button.

    The Virtual Machines blade will open and will list all Virtual Machines at the tenant. Select each VM and press Enable.

    After all required VMs are added to the Update Management solution click the “Schedule update deployment” button. There we will select the OS type of the deployment, the list of computers to update, what type of updates will deploy and the scheduler. More or less this is something familiar for anyone that has worked with WSUS.

    Press the “Computers to Update” to select the Azure VMs for this deployment from the list of all VMs enabled.

    Then select what types of updates will deploy.

    If you want to exclude any specific update you can add the KB number at the “Excluded updated” blade.

    And finally select the schedule that the update deployment will run.

    Back to the “Update Management” blade, as we already said, we have a complete update monitoring of all Virtual Machines that are part of the “Update Management” solution.

    You can also go to the “Log Analytics” workspase and open the “OMS Portal”

    There, among other, you will see the newly added “System Update Assessment” solution.

    and have a full monitoring and reporting of the updates of your whole environment.

    [/url]
    The post Azure Update Management appeared first on Apostolidis IT Corner.


    Source
  17. proximagr
    Azure Update Management
    Have you checked the update management system for your Azure and On-Premises server that supports both Windows and Linux operating systems? And it is completely free! Please find the full list of supported operating systems and prerequisites here: https://docs.microsoft.com/en-us/azure/operations-management-suite/oms-solution-update-management#prerequisites.
    Lets get started. The easiest way is to start from an Azure VM. Go to the VMs blade and find “Update management”. You will see a notification that the solution is not enabled.

    Click the notification and the “Update Management” blade will open. The “Update Management” is an OMS solution, so you will need to create a “Log analytics” workspace, you can use the Free tier. If you don’t have a Log analytics workspace the wizard will create a default for you. Also it will create an automation account. Pressing enable will enable the “Update Management” solution.

    After about 15 minutes, at the “Update Management” section of the VM you will see the report of the VM’s updates.

    After that process the Automation Account is created and we can browse to the “Automation Accounts” service at the Azure Portal. There click the newly created Automation Account and scroll to the “Update Management” section. There we can see a full report of all VMs that we will add to the Update Management solution. To add more Azure VMs simply click the “Add Azure VM” button.

    The Virtual Machines blade will open and will list all Virtual Machines at the tenant. Select each VM and press Enable.

    After all required VMs are added to the Update Management solution click the “Schedule update deployment” button. There we will select the OS type of the deployment, the list of computers to update, what type of updates will deploy and the scheduler. More or less this is something familiar for anyone that has worked with WSUS.

    Press the “Computers to Update” to select the Azure VMs for this deployment from the list of all VMs enabled.

    Then select what types of updates will deploy.

    If you want to exclude any specific update you can add the KB number at the “Excluded updated” blade.

    And finally select the schedule that the update deployment will run.

    Back to the “Update Management” blade, as we already said, we have a complete update monitoring of all Virtual Machines that are part of the “Update Management” solution.

    You can also go to the “Log Analytics” workspase and open the “OMS Portal”

    There, among other, you will see the newly added “System Update Assessment” solution.

    and have a full monitoring and reporting of the updates of your whole environment.

    [/url]
    The post Azure Update Management appeared first on Apostolidis IT Corner.


    Source
  18. proximagr
    Azure VM Backup directly from VM’s blade

    By Pantelis Apostolidis | December 28, 2016
    0 Comment
     
    Azure VM Backup directly from VM’s blade
    Azure makes the VMs’ administration simpler every time. Today we will view a very nice new feature, the Backup shortcut at the VM’s blade.
    Just click on the VM and select Backup

    All you have to configure is the Backup Vault name and the Backup policy at the next easy step and press Enable Backup at the bottom of the “Enable backup” blade and that’s all!!

    Now the next time that we will click the Backup shortcut it will show directly the VM’s Backup Settings and run an instant backup. After the first backup we will be able to Restore the VM and also see logging about the backup jobs, like the latest and oldest restore point among others.

    Stay tuned for more Azure features
  19. proximagr
    Azure VM CMD & PowerShell from the Portal
    Today I was trying to troubleshoot an Azure VM. This VM is behind a Network Virtual Appliance (NVA) and at the subnet it has User Defined Routes (UDR) that routes the traffic to the NVA. We was troubleshooting the NVA and it was not possible to connect with RDP to the VM. Serial Console
    This is an excellent scenario to use the Serial Console. From the Azure Portal, portal.azure.com, navigate to the Azure VMs blade, scroll down to the Support + Troubleshooting section and select “Serial Console”

    The Serial Console will initialise and after a while it will establish the connection and the prompt will be the SAC>. If you encounter any errors establishing the SAC link, please follow this link: https://aka.ms/serialconsolewindows
    At the SAC> prompt press help to list the available commands.

    Using the i command we can get the IP Address configuration of the VM
    Command Prompt
    To create a command prompt session, first enter “cmd”. This will create a session.

    To list the cmd sessions press “ch”

    to select & login to a cmd session press “ch -si #” where # is the channel number. At the below screen press Enter

    At the next screen enter the admin credentials

    and we have Command Prompt. At this command prompt we can use all cmd commands.

    Some examples:
    ping -t

    dir
    PowerShell
    at the command prompt enter “powershell” and press Enter to open a PowerShell Session

    PowerShell example, disable windows firewall:
    Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False

    and yes, its off

    of course, for the firewall we could disable it using CMD
    netsh advfirewall set allprofiles state off
    For more example commands follow this link: https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/serial-console-cmd-ps-commands
  20. proximagr
    Azure VM Image
    Following one of my earlier posts, about Azure Managed Disks, lets see how easy it is to create an Azure VM Image from an Azure VM that uses Managed Disks.
    The first step it to Sysprep/Generalize the source VM. Otherwise the VM that will be created will not start. Select Generalize and “Shutdown”.

    After that wait the VM to shut down and go to the Azure Porta, at the VM’s blade and click “Capture”.

    Now, the “Create Image” blade will open. Enter a name, select a Resource Group and choose if the source VM will be deleted or not. Then press create.

    As soon as the Image is created you can find it at the “Images” service.

    Now lets create a VM from our Image
    Click the image name from the Images Blade to open the desired image Blade and just press “Create VM”.
    Of course at the image’s blade we can see if the image is Windows or Linux, if it has any Data Disks and the Location.

    After clicking the “Create VM” the classic “Create virtual machine” wizard will start, just like any other Virtual Machine creation. You will notice the difference at the final step that shows the name of your image instead of the VM’s OS.

    If you want to automate the process of creating an Azure VM from your images you can use Azure Template. You can find a quick start template at Azure’s GitHub repository.
    Create a Virtual Machine from a User Image: https://github.com/Azure/azure-quickstart-templates/tree/master/101-vm-from-user-image
  21. proximagr
    Azure Web Farm using IIS & Azure File storage
    This post is my view of a complete guide, from A to Z, including both the Windows Server part and the Azure Portal part on how to build a Web Farm using IIS & Azure File storage. Following this guide you will have a functional two server IIS Web Farm using Azure File storage.
    To create a Web Server Farm the mail requirement is a high available common storage. I see that when deploying on Azure, a lot of people are using DFSR for common storage. This solution has two major issues, the first is the cost, because you need at least two Windows Servers and second the replication speed that many times doesn’t cover the web servers needs.
    Azure File storage provides a very fast, high available and cheap solution to create a web server farm on Azure.
    Azure File storage supports both SMB 2.1 & 3.0 protocol. Every share can be up to 5TB, storing unlimited number of files and each file can be up to 1TB. Of course we can create as many shares as needed up to 500TB that is the Storage Account limit. Also every share provided 1000 IOPS.
    For this guide I used one Windows Server 2016 for Domain Controller, two Windows Server 2016 for web servers and one Standard Storage Account for Azure Files. Of course you can create an IIS Web Farm with workgroup server, but I will cover this at an other post.
    I will skip the part of creating the Azure VMs, the domain and joining the servers on it, so I assume that there is a domain and the other two servers are member servers of the domain.
    Just a note, when creating the Azure VMs that will be part of the IIS Farm remember to add them to the same Availability Set. This will inform the Azure Fabric to have the VMs to different update & fault domains
    Step 1. Add the Web Server role
    From the Server Manager, click Add roles and features and add the “Web Server (IIS)” role and at the next screen add all the features your app needs.
    Step 2. Add Application Request Routing
    For more feature and control over the IIS load balance add the Application Request Routing (ARR) using the Web Platform Installer. The Web Platform Installer uses the Internet Explorer engine so I disable the “IE Enhanced Security Configuration” just for the installation and then enable it. You can do it from the Server Manager, at the Server section.

    Next, open the IIS Manager and at the Actions Panel (on the right) click the “Get New Web Platform Components”


    Search for “arr”, and add the Application request routing 3.0
    Step 3. Create an Azure Storage Account for Azure File Storage
    To create the Azure File storage shares, go to the Azure Portal, click the + button and create a Standard Storage account (you can just search for storage account)

    Select General purpose and Standard performance (Premium does not support Azure Files)

    once the storage account is created, open it and click the “Files” button

    Click the “+ File share” to add a file share

    Give it a name and quota limit

    After clicking OK the share will be created and it will be listed at the shares blade.

    Click on it to get the connection string and then click Connect to get the access key. At this point copy the “Connecting from Windows” command. We will use this to mount the share to the web servers.

    Finally click the File Share and at the new blade press “+Add Directory” and create two directories, one Configuration and one Data
    Step 4. Configure Windows Firewall & NSG
    Open the port 80 (and nay other requires ports) at the Windows firewall and at the NSGs
    for the windows firewall, go to the Servers’s control panel, Windows Firewall and click “Advanced Settings”

    go to the Inbound Rules, add New Rule and select Port

    Select TCP 80 (and any other needed for your application/site)

    Allow the rule for all profiles, provide a name and press finish to create the rule

    For the NSGs , go to the Azure Portal, open the NSGs of the web servers and add an http allow rule like below
    Step 5. Create the IIS Shared Configuration
    Go back to the first web server, open Computer Manager and add a new user with username and password the same as the connection string of the Azure Files share. You will need this for the IIS Service to access the Azure File storage share.

    Add the user to the IIS_IUSRS group

    Then open the IIS Manager and click the “Shared Configuration”

    at the Action pane click “Export Configuration”

    add the Azure File storage Share UNC path and “Connect As” using the share’s credentials

    Enter a complex encryption key and press ok to export the configuration to the Azure File storage “configuration” share

    Now we can enable the Shared Configuration, add the Configuration Share path and the same credentials and click apply.

    it will ask for the encryption key and finally the Shared Configuration will be enabled. You will need to restart the IIS Manager console

    at this point we can change the path of application pools, ftp applications etc to the Data folder share of the Azure File storage. Just note that you will need to use the UNC path “\azurefilesol.file.core.windows.netiisfarmData” and not any mapped drive.
    Repeat the above steps to the second web server. At the Shared Configuration don’t export the configuration, just enable the Shared Configuration.
    Finally we can create the Farm, from the IIS Manager, right click at the “Server Farms” and click “Create Server Farm…”

    give a farm name,

    add both servers and press Finish

    Press NO at the URL rewrite rule auto creation

    And the farm is ready

    as mentioned before, deploy your Web Site, Web Application etc to the Data file share, always using the full UNC path “\azurefilesol.file.core.windows.netiisfarmData”. All the website data will reside at the Azure File storage.
    If you need more than 1000 IOPS create more Azure Files storage shares and divine your website/application data.
    Run the following command to allow access to the Azure File storage. Change the file://”path” as needed
    C:WindowsMicrosoft.NETFramework64v4.0.30319>caspol -m -ag 1. -url file://azurefilesol.file.core.windows.net/iisfarm/* FullTrust
    Step 5. Azure Load Balancer
    Finally, create a Load Balancer to distribute incomming traffic to the farm. For this guide I will create an External Load Balancer, but also an Internal Load Balancer is supported.
    First, find and create the Load Balancer from the Azure Portal

    provide a name, for external load balancer select Public, select Dynamic or Static IP, resource group, location and press Create

    Then go to the new load balancer and create a health probe

    create an http probe

    provide a name, select Availability Set for association and add both the Web Servers

    finally create a load balancing rule to load balance the TCP port 80 at the farm

    once the load balance rule is created you can browse the public ip / name of the load balancer

    Now, browse to the load balancer’s IP and you are good to go!

     
    [/url]
    The post Azure Web Farm using IIS & Azure File storage appeared first on Apostolidis IT Corner.


    Source
  22. proximagr
    After my previous post, the internal load balancer with two VMs, this is a scenario using the External Load Balancer. The configuration includes a Load Balancer with a Static Public IP at the frond end and two VMs at the back end. The load balancer has two static routes for RDP, one for each VM and one load balance rule, the TCP port 80, common for web sites and applications. It uses a probe that checks a web page on both hosts to verify if they are active.
     
    Lets start. First we need to install the AzureRm module. If not Windows 10 then first install the https://www.microsoft.com/en-us/download/details.aspx?id=48729<br/>Then Open Powershell ISE and execute the following commands. I have added a lot of comments to help customize based to the needs.
    Set-ExecutionPolicy RemoteSigned
    Install-Module AzureRM
    Login-AzureRmAccount
     
    #Define the variables
    $ResourceGroupName = "myresourcegroup"
    $StorageAccountName = "mystorageaccount"
    $vnetname = "VNET-01"
    $NSGname = "NSG-01"
    $locationName = "West Europe"
    $publicipname = "mypublicip"
    $vnet = Get-AzureRmVirtualNetwork -Name $vnetname -ResourceGroupName $ResourceGroupName
     
    #Create a new resource group
    New-AzureRmResourceGroup -Name $ResourceGroupName -Location $locationName
     
    #Create storage account
    New-AzureRmStorageAccount `
    -ResourceGroupName $resourcegroupName `
    -Name $storageaccountName `
    -Type Standard_LRS `
    -Location $locationName
     
    #Create Virtual Network and a private IP address for front end IP pool
    $FESubnet = New-AzureRmVirtualNetworkSubnetConfig -Name FE-SUBNET -AddressPrefix 10.0.0.16/28
    $BESubnet = New-AzureRmVirtualNetworkSubnetConfig -Name BE-SUBNET -AddressPrefix 10.0.0.32/28
     
    $vnet = New-AzureRmVirtualNetwork `
    -Name $vnetname `
    -ResourceGroupName $ResourceGroupName `
    -Location $locationName `
    -AddressPrefix 10.0.0.0/24 -Subnet $FESubnet,$BESubnet
     
    $FESubnet = Get-AzureRmVirtualNetworkSubnetConfig -Name FE-SUBNET -VirtualNetwork $vnet
    $BESubnet = Get-AzureRmVirtualNetworkSubnetConfig -Name BE-SUBNET -VirtualNetwork $vnet
     
    #Create Public IP
    $publicIP = New-AzureRmPublicIpAddress `
    -Name PublicIp `
    -ResourceGroupName $ResourceGroupName `
    -Location $locationName `
    –AllocationMethod Static `
    -DomainNameLabel $publicipname
     
    #Create FrontEnd IP pool and BackEnd address pool
    $APPfrontendIP = New-AzureRmLoadBalancerFrontendIpConfig `
    -Name APP-LB-Frontend `
    -PublicIpAddress $publicIP
     
    $APPbeaddresspool= New-AzureRmLoadBalancerBackendAddressPoolConfig -Name "APP-LB-backend"
     
    #Create load balancer rules, NAT rules, probe and load balancer
    $APPinboundNATRule1= New-AzureRMLoadBalancerInboundNatRuleConfig `
    -Name "RDP1" `
    -FrontendIpConfiguration $APPfrontendIP `
    -Protocol TCP `
    -FrontendPort 33389 `
    -BackendPort 3389
    $APPinboundNATRule2= New-AzureRMLoadBalancerInboundNatRuleConfig `
    -Name "RDP2" `
    -FrontendIpConfiguration $APPfrontendIP `
    -Protocol TCP `
    -FrontendPort 33390 `
    -BackendPort 3389
    $APPhealthProbe = New-AzureRMLoadBalancerProbeConfig `
    -Name "HealthProbe" `
    -RequestPath "/index.aspx" `
    -Protocol http `
    -Port 80 `
    -IntervalInSeconds 15 `
    -ProbeCount 2
    $APPlbrule = New-AzureRMLoadBalancerRuleConfig `
    -Name "HTTP" `
    -FrontendIpConfiguration $APPfrontendIP `
    -BackendAddressPool $APPbeAddressPool `
    -Probe $GAPPhealthProbe `
    -Protocol Tcp `
    -FrontendPort 80 `
    -BackendPort 80
    $APPLB = New-AzureRMLoadBalancer `
    -ResourceGroupName $ResourceGroupName `
    -Name "APP-LB" `
    -Location $locationName `
    -FrontendIpConfiguration $APPfrontendIP `
    -InboundNatRule $APPinboundNATRule1,$APPinboundNATRule2 `
    -LoadBalancingRule $APPlbrule `
    -BackendAddressPool $APPbeAddressPool `
    -Probe $APPhealthProbe
     
    #Create the network interfaces for the backend VMs
    $vnet = Get-AzureRMVirtualNetwork -Name $vnetname -ResourceGroupName $ResourceGroupName
    $APPbackendSubnet = Get-AzureRMVirtualNetworkSubnetConfig -Name FE-SUBNET -VirtualNetwork $vnet
     
    #Create 1st NIC with first NAT rule for RDP
    $APPbackendnic1 = New-AzureRMNetworkInterface `
    -ResourceGroupName $ResourceGroupName `
    -Name APP-lb-nic1-be `
    -Location $locationName `
    -PrivateIpAddress 10.0.0.21 `
    -Subnet $APPbackendSubnet `
    -LoadBalancerBackendAddressPool $APPLB.BackendAddressPools[0] `
    -LoadBalancerInboundNatRule $APPLB.InboundNatRules[0]
    #Create 2nd NIC with second NAT rule for RDP
    $APPbackendnic2 = New-AzureRMNetworkInterface `
    -ResourceGroupName $ResourceGroupName `
    -Name APP-lb-nic2-be `
    -Location $locationName `
    -PrivateIpAddress 10.0.0.22 `
    -Subnet $APPbackendSubnet `
    -LoadBalancerBackendAddressPool $APPLB.BackendAddressPools[0] `
    -LoadBalancerInboundNatRule $APPLB.InboundNatRules[1]
     
    #Create a Virtual Machine and assign the NIC
    # Set the existing virtual network and subnet index
    $subnetIndex=0
    $vnet=Get-AzureRMVirtualNetwork -Name $vnetName -ResourceGroupName $resourcegroupName
     
    #Create Availability Set
    $availabilitysetName="APP-AS"
    New-AzureRmAvailabilitySet –Name $availabilitysetName –ResourceGroupName $resourcegroupName -Location $locationName
     
    # First VM
    # Specify the name, size, and existing availability set
    $vmName="APP-01"
    $vmSize="Standard_A1"
    $availabilitysetName="APP-AS"
    $availabilitysetSet=Get-AzureRmAvailabilitySet –Name $availabilitysetName –ResourceGroupName $resourcegroupName
    $vm=New-AzureRmVMConfig -VMName $vmName -VMSize $vmSize -AvailabilitySetId $availabilitysetSet.Id
     
    #Add a 1023 GB additional data disk
    $diskSize=1023
    $diskLabel="AS1Data"
    $diskName="AS1Data"
    $storageAccount=Get-AzureRmStorageAccount -ResourceGroupName $resourcegroupName -Name $storageaccountName
    $vhdURI=$storageAccount.PrimaryEndpoints.Blob.ToString() + "vhds/" + $vmName + $diskName + ".vhd"
    Add-AzureRmVMDataDisk -VM $vm -Name $diskLabel -DiskSizeInGB $diskSize -VhdUri $vhdURI -CreateOption empty
     
    #Specify the image and local administrator account, and then add the NIC
    #To find the Publisher, Offer and SKU use the Get-AzureRmVMImagePublisher, Get-AzureRmVMImageOffer and Get-AzureRmVMImageSku commands
    $pubName="MicrosoftWindowsServer"
    $offerName="WindowsServer"
    $skuName="2012-R2-Datacenter"
    $cred=Get-Credential -Message "Type the name and password of the local administrator account."
    $vm=Set-AzureRmVMOperatingSystem -VM $vm -Windows -ComputerName $vmName -Credential $cred
    $vm=Set-AzureRmVMSourceImage -VM $vm -PublisherName $pubName -Offer $offerName -Skus $skuName -Version "latest"
    $vm=Add-AzureRmVMNetworkInterface -VM $vm -Id $backendnic1.Id
     
    #Specify the OS disk name and create the VM / For Create NEW OS Disk
    $diskName="OSDisk"
    $storageAccount=Get-AzureRmStorageAccount -ResourceGroupName $resourcegroupName -Name $storageaccountName
    $osDiskUri=$storageAccount.PrimaryEndpoints.Blob.ToString() + "vhds/" + $vmName + $diskName + ".vhd"
    $vm=Set-AzureRmVMOSDisk -VM $vm -Name $diskName -VhdUri $osDiskUri -CreateOption fromImage
    New-AzureRmVM -ResourceGroupName $resourcegroupName -Location $locationName -VM $vm
     
    #Second VM
    # Specify the name, size, and existing availability set
    $vmName="APP-02"
    $vmSize="Standard_A1"
    $availabilitysetName="APP-AS"
    $availabilitysetSet=Get-AzureRmAvailabilitySet –Name $availabilitysetName –ResourceGroupName $resourcegroupName
    $vm=New-AzureRmVMConfig -VMName $vmName -VMSize $vmSize -AvailabilitySetId $availabilitysetSet.Id
     
    #Add a 1023 GB additional data disk
    $diskSize=1023
    $diskLabel="AS2Data"
    $diskName="AS2Data"
    $storageAccount=Get-AzureRmStorageAccount -ResourceGroupName $resourcegroupName -Name $storageaccountName
    $vhdURI=$storageAccount.PrimaryEndpoints.Blob.ToString() + "vhds/" + $vmName + $diskName + ".vhd"
    Add-AzureRmVMDataDisk -VM $vm -Name $diskLabel -DiskSizeInGB $diskSize -VhdUri $vhdURI -CreateOption empty
     
    #Specify the image and local administrator account, and then add the NIC
    #To find the Publisher, Offer and SKU use the Get-AzureRmVMImagePublisher, Get-AzureRmVMImageOffer and Get-AzureRmVMImageSku commands
    $pubName="MicrosoftWindowsServer"
    $offerName="WindowsServer"
    $skuName="2012-R2-Datacenter"
    $cred=Get-Credential -Message "Type the name and password of the local administrator account."
    $vm=Set-AzureRmVMOperatingSystem -VM $vm -Windows -ComputerName $vmName -Credential $cred
    $vm=Set-AzureRmVMSourceImage -VM $vm -PublisherName $pubName -Offer $offerName -Skus $skuName -Version "latest"
    $vm=Add-AzureRmVMNetworkInterface -VM $vm -Id $backendnic2.Id
     
    #Specify the OS disk name and create the VM / For Create NEW OS Disk
    $diskName="OSDisk"
    $storageAccount=Get-AzureRmStorageAccount -ResourceGroupName $resourcegroupName -Name $storageaccountName
    $osDiskUri=$storageAccount.PrimaryEndpoints.Blob.ToString() + "vhds/" + $vmName + $diskName + ".vhd"
    $vm=Set-AzureRmVMOSDisk -VM $vm -Name $diskName -VhdUri $osDiskUri -CreateOption fromImage
    New-AzureRmVM -ResourceGroupName $resourcegroupName -Location $locationName -VM $vm
     
    Source: http://www.e-apostolidis.gr/microsoft/azurerm-create-external-load-balancer-with-two-vms/
  23. proximagr
    AzureRm | Create Internal Load Balancer with two VMs
    This post is part of a general idea, to create an end-to-end high available application infrastructure solution in Azure using internal load balancer with the new AzureRm commands and Azure PowerShell v.1.0 preview. For this solution I will use:
    2x Centos 11 sp4 Web/Application Servers 2x Centos 11 sp4 MySQL Servers 1x Gateway

    The first part is to create an Internal Load Balancer in Azure to use it for two VMs. This setup is ideal for Web server farms and also for SQL clusters. We will create the VNET with the Front End subnet, the internal load balancer and finally two VMs behind the load balancer. The result will be something like the below image.

    In order to run the new AzureRm commands we need to have the Windows Management Framework 5.0 Production Preview. If you have Windows 10 then no action is needed since it is embeded. For Windows 7-8.1 we can download it here: https://www.microsoft.com/en-us/download/details.aspx?id=48729
    The AzureRm commands are installed directly from the PowerShell using the Install-Module AzureRM & Install-AzureRM commands.
    Read more: http://www.e-apostolidis.gr/microsoft/azurerm-create-internal-load-balancer-with-two-vms/
  24. proximagr
    <h1><strong>AzureRm | Create Site to Site VPN</strong></h1>
    <p>This post is part of a general idea, to create an end-to-end high available application infrastructure solution in Azure using internal load balancer with the new AzureRm commands and Azure PowerShell v.1.0 preview.</p>
    <p>We will create a Gateway, request a Public IP and establish a Site to Site VPN. At the time I am writting this post there is no option to create the VPN ising the Portal, the only way is using PowerShell. Also there is no option to download the configuration for the local firewall/router, like the classic deployment.</p>
    <p>The AzureRm commands are installed directly from the PowerShell using the Install-Module AzureRM & Install-AzureRM commands.</p>
    <p>So lets start:</p><pre class="crayon-plain-tag">#Login
    Login-AzureRmAccount
     
    #Create Gateway for VPN
     
    # add the local (office) public ip and local networks
    $resourcegroupName ="RMDemoRG"
    $locationName ="West Europe"
    $vnetName = "NRPVnet"
    New-AzureRmLocalNetworkGateway -Name localsite -ResourceGroupName $resourcegroupName -Location $locationName -GatewayIpAddress "XXX.XXX.XXX.XXX" -AddressPrefix @('10.0.0.0/24','192.168.0.0/24')
     
    # Create the Gateway Subnet
    $vnet = Get-AzureRmVirtualNetwork -ResourceGroupName $resourcegroupName -Name $vnetName
    Add-AzureRmVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -AddressPrefix 172.16.0.0/16 -VirtualNetwork $vnet
    Set-AzureRmVirtualNetwork -VirtualNetwork $vnet
     
    # create gateway and request azure public ip
    $gwpip= New-AzureRmPublicIpAddress -Name RMDemoPIP -ResourceGroupName $resourcegroupName -Location $locationName -AllocationMethod Dynamic
    $vnet = Get-AzureRmVirtualNetwork -Name $vnetName -ResourceGroupName $resourcegroupName
    $GWsubnet = Get-AzureRmVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -VirtualNetwork $vnet
    $gwipconfig = New-AzureRmVirtualNetworkGatewayIpConfig -Name gwipconfig1 -SubnetId $GWsubnet.Id -PublicIpAddressId $gwpip.Id
    New-AzureRmVirtualNetworkGateway `
    -Name RMDemoGW `
    -ResourceGroupName $resourcegroupName `
    -Location $locationName `
    -IpConfigurations $gwipconfig `
    -GatewayType Vpn `
    -VpnType PolicyBased #PolicyBased For Static & RouteBased for Dynamic VPN
     
    # Get the Public IP
    Get-AzureRmPublicIpAddress -Name RMDemoPIP -ResourceGroupName $resourcegroupName
     
    # Establish the VPN connection
    $gateway1 = Get-AzureRmVirtualNetworkGateway -Name RMDemoGW -ResourceGroupName $resourcegroupName
    $local = Get-AzureRmLocalNetworkGateway -Name LocalSite -ResourceGroupName $resourcegroupName
    New-AzureRmVirtualNetworkGatewayConnection `
    -Name localtovpn `
    -ResourceGroupName $resourcegroupName `
    -Location $locationName `
    -VirtualNetworkGateway1 $gateway1 `
    -LocalNetworkGateway2 $local `
    -ConnectionType IPsec `
    -RoutingWeight 10 `
    -SharedKey 'ABCDEFG1234567890'
     
    #check the VPN status
    Get-AzureRMVirtualNetworkGatewayConnection -Name localtovpn -ResourceGroupName $resourcegroupName -Debug</pre><p>Finally, since there is no way to download the configuration script at this time, the sample configurations can be found here: <a href="https://github.com/Azure/Azure-vpn-config-samples"target="_blank">https://github.com/Azure/Azure-vpn-config-samples</a></p>
    <p>After the creation of the VPN, that can be done only using PowerShell, we can use the portal to view the status and the settings</p>
    <p><a class="a2a_button_email" href="http://www.addtoany.com/add_to/email?linkurl=http%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazurerm-create-site-to-site-vpn%2F&linkname=AzureRm%20%7C%20Create%20Site%20to%20Site%20VPN"title="Email" rel="nofollow" target="_blank"><img src="http://www.e-apostolidis.gr/wp-content/plugins/add-to-any/icons/email.png" width="16" height="16" alt="Email"/></a><a class="a2a_button_print" href="http://www.addtoany.com/add_to/print?linkurl=http%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazurerm-create-site-to-site-vpn%2F&linkname=AzureRm%20%7C%20Create%20Site%20to%20Site%20VPN" title="Print" rel="nofollow" target="_blank"><img src="http://www.e-apostolidis.gr/wp-content/plugins/add-to-any/icons/print.png" width="16" height="16" alt="Print"/></a><a class="a2a_dd a2a_target addtoany_share_save" href="https://www.addtoany.com/share#url=http%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazurerm-create-site-to-site-vpn%2F&title=AzureRm%20%7C%20Create%20Site%20to%20Site%20VPN" id="wpa2a_2"><img src="http://www.e-apostolidis.gr/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></p><p>The post <a rel="nofollow" href="http://www.e-apostolidis.gr/microsoft/azurerm-create-site-to-site-vpn/">AzureRm | Create Site to Site VPN</a> appeared first on <a rel="nofollow" href="http://www.e-apostolidis.gr">Proxima's IT Corner</a>.</p>


    <a href="http://www.e-apostolidis.gr/microsoft/azurerm-create-site-to-site-vpn/"class='bbc_url' rel='nofollow external'>Source</a>
  25. proximagr
    Bulletproof manage your Azure VMs
    Continuing the Azure Security Center posts, today we will see a new feature of the Security Center, called Just in Time VM Access.
    As best security practice, all the management ports of a Virtual Machine should be closed using Network Security Groups. Only the ports required for any published services should be opened, if any.
    However there are many occasions that we are requested to open a management port for administration or a service port for some tests for short time. This action has two major problems, first it requires a lot of administration time, because the administrator must go to the Azure Portal and add a rule at the VM’s NSG. The second problem is that many time the port is forgotten open and this is a major vulnerability since the majority of the Brute Force attacks are performed to the management ports, 22 and 3389.
    Here comes the Azure Security Center, with the Just in Time VM Access feature. With this feature we can use the RBAC of the azure Portal and allow specific users to Request a predefined port to be opened for a short time frame.JIT Configuration
    Lets see how we configure the JIT. First we need to go to the Azure Security Center. Scroll down to the ADVANCED CLOUD DEFENSE and click the “Just in time VM Access”. Since it is at a Preview you need to press the “Try Just in time VM access”

    After we enable JIT, the window displays tree tabs, the Configured, the Recommended and the No recommendation. The Configured tab displays the Virtual Machines that we have already enabled JIT. The recommended are VMs that have NSGs and are recommended to be enabled for JIT. The No recommendation are Classic VMs or VMs that don’t have attached NSG.

    To enable JIT for a VM, go to the Recommended tab, select one or more VMs and press “Enable JIT on x VMs”

    At the “JIT VM access configuration” the Security Center proposes rule with the default management ports. We can add other ports that we need and also remove any of them that are unnecessary.
    At each rule we can configure the Port, the Protocol, the Source IP and the Maximum request time.
    If we leave the “Allowed source IPs” to “Per request” then we allow the requester to decide. One very interesting setting here is that when a user requests access it has the option to allow only the Public IP that he is using at that time automatically.
    With the last option, the “Max request time” we narrow down the maximum time that we will allow a port to be opened.

    After we configure all the parameters we click Save and the VM moves to the Configured tab. At any time we can change the configuration by selecting the VM, press the three dots at the end of the line (…) and click Edit.

    The Propertied button opens the VM’s blade, the Activity log shows all the users that requested access and the Remove of course disabled the JIT.Behind the scene
    What really happens to the VM? if you browse to the NSG that is attached to the VM you will see that all the port rules configured at the JIT are added as NSG Rules with lower priority than all the other rules. All other rules automatically changed priority to higher.

    Lets see how we request access and what happens in the background. To request access go to the Security Center / JIT , select the VM and press “Request Access”

    At the “Request access” blade switch on the desired port, select “My IP” or “IP Range” and the Timerange, all according to the JIT configuration of the VM. Finally press “Open Ports”

    At the above example I select “My IP” so if you go to the VM’s NSG you will see that the 3389 port rule changed to “Allow” and for Source has my current Public IP. Also it moved at first priority.

    After the expiration of the time rage the port will change to “Deny” and move back to its prior priority.
     
    [/url]
    The post Bulletproof manage your Azure VMs appeared first on Apostolidis IT Corner.


    Source
×
×
  • Create New...