Jump to content

proximagr

Moderators
 View Profile  See their activity

  • Posts

    2468

  • Joined

  • Last visited

  • Days Won

    12

 Content Type 

Blog Entries posted by proximagr

  1. proximagr
    Αυτό δεν είναι ένα από τα συνηθισμένα μου posts. Απλά θέλω να μοιραστώ την εμπειρία της καθαρής εγκατάστασης του Exchange 2016 για όποιον θέλει να δημιουργήσει ένα lab και να εξασκηθεί. Για το δικό μου lab χρησιμοποίησα έναν Windows Server 16 TP3, ο οποίος είναι Domain Controller & DNS στο Domain mylab.lab Η εγκατάσταση του […]
    The post Microsoft Exchange 2016 | Από το 0 στο 1ο email appeared first on Proxima's IT Corner.


    Source
  2. proximagr
    A simple way to test if the Exchange server is processing emails is by using telnet & SMTP commands. First open a telnet client. The simplest is to open a Command Prompt and type: “telnet yourexchangeserver 25” and press Enter The Command Prompt will start the telnet client and try to connect to the mail […]
    The post Test Exchange mail submission using SMTP commands appeared first on Proxima's IT Corner.


    Source
  3. proximagr
    SQL Failover Cluster with AlwaysOn Availability Groups Η ιδέα είναι να έχουμε ένα SQL Flailover Cluster στο Primary Site και στο υπάρχον Cluster να προσθέσουμε ένα AlwaysOn Availability group για το DR. Λόγο του μεγέθους της υλοποίησης θα γίνει τρία Posts. Ένα το Failover Cluster, ένα η εγκατάσταση της SQL σε Failover Clster και ένα η υλοποίηση του […]
    The post SQL Failover Cluster with AlwaysOn Availability Groups appeared first on Proxima's IT Corner.


    Source
  4. proximagr
    SQL Failover Cluster with AlwaysOn Availability Groups
     
    Πάμε τώρα για το τελευταίο κομμάτι του lab, να προσθέσουμε AlwaysOn Availability Group στο υπάρχον SQL WSFC.
    Windows Server 2012 R2 Failover Cluster with FreeNAS 9.3 (Page 1, Page 2) Microsoft SQL 2012 on Failover Cluster (Page 1, Page 2, Page 3) Add AlwaysOn AG to SQL Failover Cluster Instance (Page 1, Page 2, Page 3)

    Add AlwaysOn AG to SQL Failover Cluster Instance (Page 3)
     

    Στην καρτέλα validation αγνοούμε το warning για τον Listener, θα τον δημιουργήσουμε μετά

    Και πατάμε Finish για να δημιουργήσει το Group

    Σε αυτό το σημείο μπορούμε να δημιουργήσουμε Listener. Σε μια εγκατάσταση που όλα τα SQL Instances είναι single ένας Listener χρησιμεύει για common name, ώστε να οδηγεί κάθε φορά τις εφαρμογές στο σωστό server. Στην περίπτωση όμως που το ένα ή περισσότερα instances είναι clustered δεν λειτουργεί ο Listener. Μπορούμε και πάλι να δημιουργήσουμε τον Listener αλλά σε περίπτωση που χαθούν τα δύο πρώτα και βασικά Nodes του Cluster τότε ο μόνος τρόπος για να γίνει access η SQL είναι με το instance name του τρίτου Node, στην περίπτωση του lab είναι Win2012R203\MSSQLAG.
    Εδώ πρέπει να τονίσουμε ότι εφόσον δεν υπάρχει Listener και Automatic Failover για να γίνει access η SQL σε περίπτωση που χάσουμε το SQL Failover Cluster Instance πρέπει να γίνει Manual Failover στο Availability Group μέσο του SQL Management Studio, όπως είπαμε και κατά τη δημιουργία.
    Τέλος να πούμε ότι η διαχείριση του Failover Cluster SQL Instance γίνετε μέσω του Windows Server Failover Cluster Manager, όπως π.χ. το manual failover, όπως είδαμε και στο προηγούμενο post. Ενώ η διαχείριση του AlwaysOn High Availability γίνετε από το SQL Management Studio.
     
    Πηγή http://www.e-apostolidis.gr/%ce%b5%ce%bb%ce%bb%ce%b7%ce%bd%ce%b9%ce%ba%ce%ac/add-alwayson-ag-to-sql-failover-cluster-instance/
  5. proximagr
    Puppet On Azure Επειδή η τεχνολογία είναι ένα ποτάμι που ποτέ δεν σταματάει… και το μικρόβιο μας δεν έχει θεραπεία, ο Παντελής Αποστολίδης (IT Pro) από την Office Line και ο Μάνος Πέπης (DEV) από την Innovative Ideas με αρκετά χρόνια εμπειρίας στην αγορά και αρκετές πιστοποιήσεις σε τεχνολογίες Microsoft, Cisco, Azure, κλπ. σκεφτήκαμε να […]
    The post Puppet On Azure | Βήμα 1, Προετοιμασία Azure appeared first on Proxima's IT Corner.


    Source
  6. proximagr
    Azure App Service, get data from on-premises databases securely
    There are many scenarios where we want to have the Web Application on the Cloud but on the other hand, due to various limitations, the database stays on-premises. Azure has a service, called Azure Hybrid Connections, that allows the Web App to connect to on-premises databases, using internal IP address or the database server host name, without a complex VPN setup.
    The Connection diagram

    I have tested the connection with Microsoft SQL, PostgreSQL, MySQL, mongodb and Oracle. The databse requirements is to have a static port. So the first step in case of a Microsoft SQL instance is to assign a static port. In my test environment I have a Microsoft SQL 2016 and I assigned the default port 1433, using the Sql Server Configuration Manager / SQL Server Network Configuration / Protocols for INSTANCENAME (MSSQLSERVER)

    All paid service plans supports hybrid connections. The limits are on how many hybrid connections can be used per plan, as the below table shows.Pricing planNumber of Hybrid Connections usable in the planBasic5Standard25Premium200Isolated200
    To start creating the Hybrid Connections, go to the App Service / Networking / Hybrid Connections and press the “Configure your hybrid connection endpoints”

    At the Hybrid connections blade there are two steps, the first is to “Add hybrid connection” and the second is to “Download the connection manager”.

    First click the “Add hybrid connection” and then press “Create new hybrid connection”

    The “Create new hybrid connection” blade will open. Add a Hybrid connection name, this must be at least 6 characters and it is the display name of the connection. At the Endpoint host add the hostname of the database server and at the Endpoint port, the port of the database. At my case I added 1433, as this is the port I assign to my SQL instance before.
    Finally you will need to specify a name for a Servicebus namespace. As you realize, the hybrid connection uses Azure Servicebus for the communication, and press OK.

    Once the connection is created it will be shown at the portal as “Not connected”

    Now we need to download and install the hybrid connection manager by clicking the “Download connection manager”. For this test I will install the hybrid connection manager at the same server as the SQL database, but for a production environment it is recommended to install the hybrid connection manager to a different server that will have access to the database servers only to the required ports. For the best security install it to a DMZ server and open only the required ports to the database servers.
    Run the downloaded msi and just click Install.

    Open the “Hybrid connection manager” UI and press “Add a new Hybrid Connection.

    Sign in to your Azure account

    Once logged in, choose your Subscription and the hybrid connection configured previously will appear. Select it and press Save.

    Now at the connection manager status it will show “Connnected”

    The same at the Azure Portal and your Hybrid connection is ready.

    Test, test, test and proof of concept. Open the Console, form the Wep App Blade, and tcpping the SQL server’s hostname atthe port 1433

    and also sqlcmd

    [/url]
    The post Azure App Service, get data from on-premises databases securely appeared first on Apostolidis IT Corner.


    Source
  7. proximagr
    Get early access to large disks support of Azure Backup & more
    Azure Backup’s 1TB limitation at last is over! Now you can backup VMs with disk sizes up to 4TB(4095GB), both managed and unmanaged. Also has improvements on backup and recovery performance that you can find here.
    Starting today login to the Portal, go to your Recovery Services vault and you will a notification saying “Support for >1TB disk VMs and improvements to backup and restore speed ->”

    Click the notification and the “Upgrade to new VM Backup stack” will open. Here click “Upgrade” to complete the upgrade.

    You can also upgrade all the Recovery Services vaults of a subscription using Azure PowerShell
    1. Select the subscription:
     



    1



    Get-AzureRmSubscription –SubscriptionName "SubscriptionName" | Select-AzureRmSubscription
    2. Register this subscription for the upgrade:
     



    1



    Register-AzureRmProviderFeature -FeatureName "InstantBackupandRecovery" –ProviderNamespace Microsoft.RecoveryServic
  8. proximagr
    Azure Blob Storage… Recycle Bin!!!!!!!
    Remember all that red alerts when comes to deleting blobs? Ah, forget them! Microsoft Azure brought the Windows Recycle Bin to Azure and named it Soft delete.
    The soft delete feature basically is similar to the Windows recycle bin. Deleting a file from the Windows explorer, the Operating System instead of actually removing the file it moves it to the recycle bin. The file stays there and it can be undeleted at any time. The soft delete feature in Microsoft Azure does the same thing for blob storage. When data is deleted or overwritten, the data is not actually gone. Instead, the data is soft deleted, thereby making it recoverable if necessary.
    It’s not enabled by default, but it’s very easy to enable it. Go to the Storage Account, scroll down to the Blob Service and select “Soft delete”. Select the Retention policy and Save, that’s all!

    Let’s delete and test. Browse a container and click the “Show delete blobs”. The current blob will show as active.

    deleting the blob it will change the status to “deleted”

    Click the three little dots and you can undelete, the blob, in Azure!!!

    Active again!

    Be careful, if you delete the whole container, the storage account or the Azure Subscription there is no return. The Soft delete feature is at blob level inside a container.
    For more deltails visit the docs: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-soft-delete
    [/url]
    The post Azure Blob Storage… Recycle Bin!!!!!!! appeared first on Apostolidis IT Corner.


    Source
  9. proximagr
    Free e-book: Azure Strategy and Implementation Guide
    Microsoft Azure is giving free a Strategy and Implementation guide for Azure. This e-book provides guidance, architecture and advises to implement and integrate cloud technologies.
    This guide is directed to system administrators, cloud architects and project managers. It has for chapters, the Governance, the Architecture, the Application development and operations and the Service management.
    It will help you for starting with Azure or just doing a research regarding any cloud implementations.
    You can download your free copy from this link: https://azure.microsoft.com/en-us/resources/azure-strategy-and-implementation-guide/en-us/
  10. proximagr
    Επειδή η τεχνολογία είναι ένα ποτάμι που ποτέ δεν σταματάει… και το μικρόβιό μας δεν έχει θεραπεία, ο Παντελής Αποστολίδης (IT Pro) από την Office Line και ο Μάνος Πέπης (DEV) από την Innovative Ideas με αρκετά χρόνια εμπειρίας στην αγορά και αρκετές πιστοποιήσεις σε τεχνολογίες Microsoft, Cisco, Azure, κλπ. σκεφτήκαμε να μοιραστούμε ένα οδηγό για DevOps στο Azure! Παρουσιάζοντας το Puppet, το πώς στήνετε στο Azure καθώς και μερικές από τις δυνατότητές του.
    Έτσι το Lab μας στο Azure έτρεχε με 1000 και το αποτέλεσμα παρακάτω…
     
    Τι είναι το Puppet και πως μπορούμε να το εκμεταλλευτούμε στο Azure
     
    Αυτοματοποιούμε τις διαδικασίες. Κινούμαστε γρήγορα. Αυξάνουμε της αξιοπιστίας και την ασφάλεια.
    Ο όγκος και η πολυπλοκότητα των υποδομών σε μια δομημένη μηχανογραφημένη εταιρεία ολοένα και αυξάνετε και γίνεται ποιο “smart”. Οι απαιτήσεις για ταχύτητα, αξιοπιστία, σταθερότητα, ασφάλεια ολοένα και αυξάνονται.
    Πώς μπορούμε να επιτύχουμε αυτή την ισορροπία; Σκοπός μας είναι να κάνουμε περισσότερα σε λιγότερο χρόνο! Και αυτό μπορούμε να το επιτύχουμε με DevOps…
    Η Υποδομή του Microsoft Azure προσφέρει ότι ακριβώς χρειαζόμαστε για να χτίσουμε όσα απαιτεί η επιχείρησή μας. Παρακάτω θα δούμε πως μπορούμε να ελέγχουμε και να κάνουμε Manage την υποδομή μας στο Azure με την χρήση του Puppet.
    To Puppet είναι μια Cross Platform ανοιχτού κώδικα (Open Source) που υποστηρίζει λειτουργικά Linux (CentOS, Debian, Fedora, Mandriva, Oracle Linux, RHEL, Scientific Linux, SUSE and Ubuntu), όπως επίσης multiple Unix systems (Solaris, BSD, Mac OS X, AIX, HP-UX), Mac OS X, καθώς και τα λειτουργικά της Microsoft.
    To Puppet αποτελείται από τα παρακάτω:


    1) Puppet Master – Ο κεντρικός server όπου διαχειρίζεται τα Puppet nodes (agents)
    2) Puppet Agent - o client που τρέχει στα managed Puppet nodes και επικοινωνεί – συγχρονίζει με τον Puppet master
    3) Foreman - ένα web περιβάλουν που απεικονίζει τα reports και ελέγχει τα resources της υποδομής μας  

    Προετοιμασία Azure Βήμα 1 Azure network
    Δημιουργούμε ένα Virtual Network. Αυτό μας δίνει τρία πλεονεκτήματα, ένα είναι το isolation, δεύτερον είναι οι Local στατικές IP και τρίτον είναι η δυνατότητα για Site-2-Site & Point-2-Site VPN.
    Για να δημιουργήσουμε ένα Virtual network, από το Azure Management Portal πατάμε New, διαλέγουμε Networking, Virtual Network, δίνουμε όνομα, Location και πατάμε create a virtual network

    Βήμα 2 Azure Cloud service
    Δημιουργούμε ένα Cloud Service, από το Azure Management Portal πατάμε New, διαλέγουμε Compute, Cloud Service και πατάμε Quick Create

     
    Δίνουμε όνομα στο URL και διαλέγουμε το Region ίδιο με του Virtual Network
     
    Βήμα 3 Azure Storage account
    Δημιουργούμε ένα Storage account, από το Azure Management portal πατάμε New, Storage και πατάμε Quick Create
    Δίνουμε όνομα, στην συγκεκριμένη περίπτωση openpuppetlab, διαλέγουμε το location που είναι και το Virtual Network, τέλος διαλέγουμε redundancy και πατάμε Create Storage Account .

    Βήμα 4 Azure VM | Puppet Master
    Δημιουργούμε ένα Virtual Machine, από το Azure Management Portal πάμε στα Virtual Machines και πατάμε New
    Και πατάμε «From Gallery”

    Για το Puppet 3.8 διαλέγουμε το Ubuntu Server 14.04 LTS και πατάμε το βελάκι δεξιά

    Δίνουμε όνομα, για Size ένας Puppet Muster θέλει τουλάχιστον ένα A2 (2 cores, 3.5 GB memory), δίνουμε username και επιλέγουμε το πεδίο “Provide a password” και δίνουμε password και πατάμε το βελάκι δεξιά

    Στην επόμενη εικόνα διαλέγουμε το cloud service, το Virtual Network Που δημιουργήσαμε στο Βήμα 1 (στο πεδίο Region/Affinity group/Virtual network) και το storage account που δημιουργήσαμε στα προηγούμενα βήματα. Στο Endpoint αλλάζουμε την Public πόρτα του SSH, για λόγους ασφάλειας, και πατάμε το βελάκι δεξιά
     

    Στην επόμενη εικόνα πατάμε το check για να δημιουργηθεί το VM.
    Βήμα 5 Στατική IP
    Για να δώσουμε στατική IP πρέπει να μεταβούμε στο νέο Azure Portal
    Πηγαίνουμε στο “Virtual Machines (classic)” και επιλέγουμε το VM

    Στην καρτέλα Settings πατάμε IP Addresses

    αλλάζουμε το IP address assignment κάτω από το Private IP address σε Static, δίνουμε την στατική IP που θέλουμε και πατάμε save

    Βήμα 5 Azure VM | Puppet Slaves
     
    Για τις ανάγκες του Lab θα δημιουργήσουμε δύο ακόμα Ubuntu Server 14.04 LTS αλλά θα χρησιμοποιήσουμε μικρότερου μεγέθους Virtual Machine.
    Ακολουθούμε την ίδια διαδικασία όπως στο βήμα 4 μόνο που στην οθόνη 2 του “Virtual machine configuration” δίνουμε όνομα “ puppetslave01” και διαλέγουμε ένα A0 (shared core, 768 memory)
     
    http://www.e-apostolidis.gr/wp-content/uploads/2015/10/mop11.jpg
     
    Στην επόμενη οθόνη, δίνουμε τα ίδια για cloud service, virtual network & storage account, αλλά στο Endpoint πρέπει να δώσουμε διαφορετικό Public Port διότι η εξωτερική IP είναι ίδια. Για το lab δίνουμε την πόρτα 30022
     
    http://www.e-apostolidis.gr/wp-content/uploads/2015/10/mop07.jpg
     
    Κάνουμε την ίδια διαδικασία και για να φτιάξουμε και δεύτερο Puppet Slave, αλλάζοντας μόνο το όνομα και το Public Port. Για το Lab έφτιαξα το puppetslave02 με πόρτα 30023
    Αφού δημιουργηθούν τα VMs ακολουθούμε το Βήμα 5 για να δώσουμε στατικές IP, στο Lab έδωσα 10.0.0.5 & 10.0.0.6 αντίστοιχα
     
    SOURCE: http://www.e-apostolidis.gr/%CE%B5%CE%BB%CE%BB%CE%B7%CE%BD%CE%B9%CE%BA%CE%AC/puppet-on-azure-step1-azure-preparation/
  11. proximagr
    Puppet On Azure
     
    Εγκατάσταση Open Source Puppet
     
    Βήμα 1 Σύνδεση στο Ubuntu
     
    ανοίγουμε έναν SSH client, στην προκειμένη περίπτωση PuTTY και δίνουμε για Host Name το Public όνομα του Cloud Service, στην προκειμένη περίπτωση openpuppetlab.cloudapp.net, δίνουμε την πόρτα 30021 που έχουμε ορίσει για το puppetmaster και πατάμε Open

    Κάνουμε login με το username & password που ορίσαμε στην δημιουργία του VΜ. Για να μην βάζουμε “sudo” σε κάθε εντολή, τρέχουμε “sudo su –“ και ενεργοποιούμε το root mode μέχρι να κάνουμε “exit”
     
    Βήμα 2 Προαπαιτούμενα
     
    Στατική IP
    Το Puppet χρειάζεται στατική IP & σταθερό hostname. Τη στατική IP την έχουμε ήδη ορίσει στο Azure, οπότε τρέχουμε ένα “ifconfig” για να δούμε ότι όντος το Ubuntu έχει αυτήν την IP

     
    Hostname
    Μετά ανοίγουμε το hosts file για να δώσουμε hostnames. Για τις ανάγκες του Lab θα χρησιμοποιήσω για domain name το puppet.lab. Η ίδια διαδικασία πρέπει να γίνει στο Master & στα Slaves με τις ίδιες εγγραφές.

    Αφού τελειώσουμε με τις εγγραφές πατάμε Ctrl-X, απαντάμε Y για να σώσει τις αλλαγές και Enter για έξοδο.
     
    Time Sync
    Το Puppet Master & τα Slaves πρέπει να έχουν συγχρονισμένη ώρα. Για να γίνει αυτό τρέχουμε την παρακάτω εντολή σε όλα τα μηχανήματα.
    ntpdate pool.ntp.org ; apt-get update && sudo apt-get -y install ntp ; service ntp restart

     
    Βήμα 3 Εγκατάσταση Puppet Master
    Ενεργοποιούμε το Puppet Laps repository και κάνουμε την εγκατάσταση με τις παρακάτω εντολές
    wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
    dpkg -i puppetlabs-release-trusty.deb
    apt-get update
    apt-get install puppetmaster

    Τέλος τρέχουμε “puppet –V” για να σιγουρευτούμε ότι το Puppet τρέχει και τι version έχει εγκατασταθεί

    Είναι καλό σε αυτό το σημείο να κλειδώσουμε το Puppet Auto Update γιατί σε περίπτωση automatic update θα χαλάσει το configuration. Για να γίνει αυτό δημιουργούμε ένα αρχείο μέσα στο apt/preferences.d με όνομα 00-puppet.pref και βάζουμε τα παρακάτω δεδομένα:
    Δημιουργία αρχείου:
    # /etc/apt/preferences.d/00-puppet.pref
    nano /etc/apt/preferences.d/00-puppet.pref
    Δεδομένα:
    Package: puppet puppet-common puppetmaster-passenger
    Pin: version 3.8*
    Pin-Priority: 501
    Αφού τελειώσουμε με τις εγγραφές πατάμε Ctrl-X, απαντάμε Y για να σώσει τις αλλαγές και Enter για έξοδο.
    Ανοίγουμε με nano το αρχείο /etc/puppet/puppet.conf
    nano /etc/puppet/puppet.conf
    Και βάζουμε comment στο templatedir

    Αν δεν το κάνουμε αυτό θα πάρουμε αργότερα μήνυμα ότι το templatedir is deprecated

    Κάνουμε restart το pupetmaster service και είναι έτοιμο
    service puppetmaster restart
     
    Βήμα 4 Εγκατάσταση Puppet Slave
    ανοίγουμε έναν SSH client, στην προκειμένη περίπτωση PuTTY και δίνουμε για Host Name το Public όνομα του Cloud Service, στην προκειμένη περίπτωση openpuppetlab.cloudapp.net, δίνουμε την πόρτα 30022 που έχουμε ορίσει για το puppetslave01 και πατάμε Open

    Κάνουμε login με το username & password που ορίσαμε στην δημιουργία του VΜ
    Τρέχουμε τα προαπαιτούμενα από το Βήμα2
    Ενεργοποιούμε το Puppet Laps repository και κάνουμε την εγκατάσταση με τις παρακάτω εντολές
    cd /tmp
    wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
    dpkg -i puppetlabs-release-trusty.deb
    apt-get update
    apt-get install puppet
    Τέλος τρέχουμε “puppet –V” για να σιγουρευτούμε ότι το Puppet τρέχει και τι version έχει εγκατασταθεί και ότι είναι ίδια με το version του Puppet Master

    κλειδώνουμε το Puppet Auto Update γιατί σε περίπτωση automatic update θα χαλάσει το configuration. Για να γίνει αυτό δημιουργούμε ένα αρχείο μέσα στο apt/preferences.d με όνομα 00-puppet.pref και βάζουμε τα παρακάτω δεδομένα:
    Δημιουργία αρχείου:
    nano /etc/apt/preferences.d/00-puppet.pref
    Δεδομένα:
    Package: puppet puppet-common puppetmaster-passenger
    Pin: version 3.8*
    Pin-Priority: 501
    http://www.e-apostolidis.gr/wp-content/uploads/2015/10/mopb11.jpg
    Αφού τελειώσουμε με τις εγγραφές πατάμε Ctrl-X, απαντάμε Y για να σώσει τις αλλαγές και Enter για έξοδο
    Το επόμενο βήμα για τους Slaves είναι να αλλάξουμε το configuration
    Ανοίγουμε με nano το αρχείο /etc/puppet/puppet.conf
    nano /etc/puppet/puppet.conf
    Και αλλάζουμε ως εξής:
    Βάζουμε comment στο templatedir & σε όλο το [master] section και δημιουργούμε ένα [agent] section όπου ορίζουμε τον Puppet Master server
    http://www.e-apostolidis.gr/wp-content/uploads/2015/10/mopb12.jpg
    Τέλος ενεργοποιούμε το Puppet Agent να ξεκινάει σαν service
    nano /etc/default/puppet
    και αλλάζουμε το START=no σε yes
    http://www.e-apostolidis.gr/wp-content/uploads/2015/10/mopb13.jpg
    Και ξεκινάμε το service με
    service puppet start
    http://www.e-apostolidis.gr/wp-content/uploads/2015/10/mopb14.jpg
     
    Βήμα 5 Certificates
    Σε αυτό το βήμα ήδη οι agents έχουν αρχίσει να ψάχνουν τον Puppet Master και του ζητάνε certificate exchange για να ξεκινήσουν να δέχονται οδηγίες. Οπότε το επόμενο βήμα είναι να κάνουμε sign τα certificates που έχουν έρθει από τους agents.
    Τρέχουμε στον Puppet Master το command “puppet cert list” για να δούμε τα certificates που έχουν έρθει για να γίνουν sign.
    http://www.e-apostolidis.gr/wp-content/uploads/2015/10/mopb15.jpg?w=625
    Βλέπουμε ότι οι δύο Puppet Slaves έχουν εμφανιστεί και ζητάνε για certificate sign. Για να κάνει ο Puppet Master sign τα certificates τρέχουμε:
    puppet cert sign puppetslave01.puppet.lab & puppet cert sign puppetslave02.puppet.lab
    http://www.e-apostolidis.gr/wp-content/uploads/2015/10/mopb16.jpg?w=625
    Τώρα αν ξανατρέξουμε το “puppet cert list” πρέπει να μην φέρνει κανένα request
    Και τρέχοντας το “puppet cert list -all” θα πρέπει να φέρει το certificate του Master και τα 2 certificates των slaves και το + μπροστά από την κάθε εγγραφή υποδεικνύει ότι έχει γίνει sign επιτυχώς και είναι ενεργό.
    http://www.e-apostolidis.gr/wp-content/uploads/2015/10/mopb17.jpg?w=625
    Εδώ τελειώνει η βασική εγκατάσταση & παραμετροποίηση Puppet Master & 2 Slaves
     
    source: http://www.e-apostolidis.gr/%CE%B5%CE%BB%CE%BB%CE%B7%CE%BD%CE%B9%CE%BA%CE%AC/puppet-on-azure-step2-open-source-puppet-setup/
  12. proximagr
    Azure Update Management
    Have you checked the update management system for your Azure and On-Premises server that supports both Windows and Linux operating systems? And it is completely free! Please find the full list of supported operating systems and prerequisites here: https://docs.microsoft.com/en-us/azure/operations-management-suite/oms-solution-update-management#prerequisites.
    Lets get started. The easiest way is to start from an Azure VM. Go to the VMs blade and find “Update management”. You will see a notification that the solution is not enabled.

    Click the notification and the “Update Management” blade will open. The “Update Management” is an OMS solution, so you will need to create a “Log analytics” workspace, you can use the Free tier. If you don’t have a Log analytics workspace the wizard will create a default for you. Also it will create an automation account. Pressing enable will enable the “Update Management” solution.

    After about 15 minutes, at the “Update Management” section of the VM you will see the report of the VM’s updates.

    After that process the Automation Account is created and we can browse to the “Automation Accounts” service at the Azure Portal. There click the newly created Automation Account and scroll to the “Update Management” section. There we can see a full report of all VMs that we will add to the Update Management solution. To add more Azure VMs simply click the “Add Azure VM” button.

    The Virtual Machines blade will open and will list all Virtual Machines at the tenant. Select each VM and press Enable.

    After all required VMs are added to the Update Management solution click the “Schedule update deployment” button. There we will select the OS type of the deployment, the list of computers to update, what type of updates will deploy and the scheduler. More or less this is something familiar for anyone that has worked with WSUS.

    Press the “Computers to Update” to select the Azure VMs for this deployment from the list of all VMs enabled.

    Then select what types of updates will deploy.

    If you want to exclude any specific update you can add the KB number at the “Excluded updated” blade.

    And finally select the schedule that the update deployment will run.

    Back to the “Update Management” blade, as we already said, we have a complete update monitoring of all Virtual Machines that are part of the “Update Management” solution.

    You can also go to the “Log Analytics” workspase and open the “OMS Portal”

    There, among other, you will see the newly added “System Update Assessment” solution.

    and have a full monitoring and reporting of the updates of your whole environment.

    [/url]
    The post Azure Update Management appeared first on Apostolidis IT Corner.


    Source
  13. proximagr
    Για πολλούς, ένα πρόβλημα στο να χρησιμοποιήσουν την Azure SQL, είναι η δημόσια πρόσβαση. Μετά τα τελευταία Azure updates μπορούμε να χρησιμοποιήσουμε τα service endpoints ώστε να ασφαλίσουμε την Azure SQL μέσα σε ένα VNET.
    Ας ξεκινήσουμε λοιπόν να βάλουμε την Azure SQL μέσα σε ένα VNET. Ανοίγουμε το Azure Portal και ξεκινάμε να δημιουργήσουμε ένα VNET. Στο τέλος της σελίδας δημιουργίας έχει προστεθεί μια νέα επιλογή που λέγετε service endpoints. Το ενεργοποιούμε και επιλέγουμε το Microsoft.Sql.

    Στη συνέχεια δημιουργούμε μια SQL Database. Πάλι από το Azure Portal επιλέγουμε New –> SQL Database και βάζουμε ότι στοιχεία θέλουμε.

     
    Αφού δημιουργηθεί η SQL Database, ανοίγουμε τις ρυθμίσεις και πηγαίνουμε στο Firewall / Virtual Networks. Εκεί απενεργοποιούμε το «Allow access to Azure Services». Με αυτήν την επιλογή κόβουμε την πρόσβαση στην SQL από την Public IP.
     

     
    Για να συνδέσουμε την SQL στο VNET πατάμε το «+Add existing virtual network» και δημιουργούμε έναν κανόνα όπου επιλέγουμε το VNET που δημιουργήσαμε με ενεργοποιημένα τα service endpoints.
     

    Η ώρα της δοκιμής. Ένας γρήγορος τρόπος να δοκιμάσουμε την συνδεσιμότητα μιας SQL είναι το «ODBC Data Source Administrator» το οποίο βρίσκετε στα Administrative Tools σε όλα τα λειτουργικά MS Windows Server & Professional clients. Αν προσπαθήσετε να συνδεθείτε over internet θα δείτε ότι η σύνδεση κόβετε σε επίπεδο TCP, δεν ανοίγει καν η σύνδεση, σαν να μην υπάρχει.
    Έφτιαξα λοιπόν ένα VM μέσα στο VNET για να έχω τοπική πρόσβαση. Ανοίγουμε το ODBC Data Source Administrator, και στα User DSN πατάμε new connection. Για όνομα δίνουμε ότι θέλουμε, δεν έχει σημασία και στο server δίνουμε το FQDN του Azure SQL Database.
     

     
    Στην επόμενη εικόνα δίνουμε username και password του Azure SQL Database και πατάμε «Test Data Source»
     

     
    Επίσης μπορούμε να συνδεθούμε με SMSS, βάζοντας το SQL Server FQDN, το username και το password
     

     
    και συνδέεται γρήγορα και με ασφάλεια!
     

     
    [/url]
    The post Ασφάλισε την Azure SQL Database μέσα σε ένα VNET χρησιμοποιώντας service endpoints appeared first on Apostolidis IT Corner.


    Source
  14. proximagr
    <h1>Auto-Shutdown Hyper-V free with USB UPS</h1>
    <p>Recently i installed a Hyper-V 2012 R2 server (the free version) but my UPS doesn’t support Windows Core. No problem, we have PowerShell!! after some search on various sites – blogs – etc i end up creating the following script. It checks the battery status every 3 minutes, using WMI and when the battery drops below 50% is sends the shutdown signal. As long as you set the VMs to save on shutdown you are OK!</p>
    <p>I also added a simple mail notification before the shutdown.</p><pre class="crayon-plain-tag">$batterystatus = (get-wmiobject -class CIM_Battery -namespace "rootCIMV2").EstimatedChargeRemaining
    DO
    {
    start-sleep -seconds 180
    $batterystatus = (get-wmiobject -class CIM_Battery -namespace "rootCIMV2").EstimatedChargeRemaining
    $batterystatus
    } While ($batterystatus -gt 50)
    $login = "username"
    $password = "password" | Convertto-SecureString -AsPlainText -Force
    $credentials = New-Object System.Management.Automation.Pscredential -Argumentlist $login,$password
    Send-MailMessage -Body "UPS Started - Server will shutdown in 5 minutes" -From [email protected] -To [email protected] -Subject "Power Loss - UPS Started" -SmtpServer mail.domain.com -Credential $Credentials
    shutdown /s /t 300</pre><p> </p>
    <p><a class="a2a_button_email" href="http://www.addtoany.com/add_to/email?linkurl=http%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fpowershell%2Fauto-shutdown-hyper-v-usb-ups%2F&linkname=Auto-Shutdown%20Hyper-V%20free%20with%20UPS"title="Email" rel="nofollow" target="_blank"><img src="http://www.e-apostolidis.gr/wp-content/plugins/add-to-any/icons/email.png" width="16" height="16" alt="Email"/></a><a class="a2a_button_print" href="http://www.addtoany.com/add_to/print?linkurl=http%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fpowershell%2Fauto-shutdown-hyper-v-usb-ups%2F&linkname=Auto-Shutdown%20Hyper-V%20free%20with%20UPS" title="Print" rel="nofollow" target="_blank"><img src="http://www.e-apostolidis.gr/wp-content/plugins/add-to-any/icons/print.png" width="16" height="16" alt="Print"/></a><a class="a2a_dd addtoany_share_save" href="https://www.addtoany.com/share#url=http%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fpowershell%2Fauto-shutdown-hyper-v-usb-ups%2F&title=Auto-Shutdown%20Hyper-V%20free%20with%20UPS" data-a2a-url="http://www.e-apostolidis.gr/microsoft/powershell/auto-shutdown-hyper-v-usb-ups/" data-a2a-title="Auto-Shutdown Hyper-V free with UPS"><img src="http://www.e-apostolidis.gr/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></p><p>The post <a rel="nofollow" href="http://www.e-apostolidis.gr/microsoft/powershell/auto-shutdown-hyper-v-usb-ups/">Auto-Shutdown Hyper-V free with UPS</a> appeared first on <a rel="nofollow" href="http://www.e-apostolidis.gr">Proxima's IT Corner</a>.</p>


    <a href="http://www.e-apostolidis.gr/microsoft/powershell/auto-shutdown-hyper-v-usb-ups/"class='bbc_url' rel='nofollow external'>Source</a>
  15. proximagr
    Auto Start/Stop an Azure VM (ARM)
    For Azure VMs that are not needed to be running 24/7, we can use Azure Automation to schedule automatic Stop (Deallocate) and Start. First ensure to reserve resources if needed, such as the Private and the Public IP.
    Now lets see how we will Auto Start/Stop an Azure VM (ARM). First create an Automation Account, go to the Azure Portal, expand more services and search for automation. Then click the “Automation Accounts”

    At the Automation Accounts press “Add”

    At the Automation Account creation blade provide a Name, the Subscription, the Resource Group, trhe location and if it is the first Automation Account select Yes to create automatically a Run As account

    After the creation it will open the new Automation Account’s blade. Here click the “Runbooks”

    We don’t need to write any scripting since there are available Runbooks at the gallery, so select Browse gallery

    At the Gallery search for the “Start Azure V2 VMs” and “Stop Azure V2 VMs” Graphical Runbooks.


    Click the Runbook and a the new blade press Import. Type a unique name and press OK

    After the import, we will be navigated to the Runbook and we need to Publish it in order to be able to use it. At the Runbook’s blade, press “Edit”

    And then press Publish

    After the Publishing the Runbook is ready to Start and add Schedules. Now lets add Schedules to specify the VM and the schedule that will Start. Press “Schedule”

    Press Link a schedule to your runbook and then Create a new schedule

    Give a name to the schedule, and then select the Start date and time and the recurrency, at my example it will start the VM everyday at 7:00 am

    then go to the Parameters and provide the Resourcegroup name and the VM name and press OK.

    The Runbook is ready. Create more Schedules for all needed VMs. And then repeat the process for the “Stop Azure VM V2” runbook and you will have two Runbooks with many Schedules. To test a Runbook press “Start”.

     

    The post Auto Start/Stop an Azure VM (ARM) appeared first on Proxima's IT Corner.


    Source
  16. proximagr
    AzureRm | Create Internal Load Balancer with two VMs
    This post is part of a general idea, to create an end-to-end high available application infrastructure solution in Azure using internal load balancer with the new AzureRm commands and Azure PowerShell v.1.0 preview. For this solution I will use:
    2x Centos 11 sp4 Web/Application Servers 2x Centos 11 sp4 MySQL Servers 1x Gateway

    The first part is to create an Internal Load Balancer in Azure to use it for two VMs. This setup is ideal for Web server farms and also for SQL clusters. We will create the VNET with the Front End subnet, the internal load balancer and finally two VMs behind the load balancer. The result will be something like the below image.

    In order to run the new AzureRm commands we need to have the Windows Management Framework 5.0 Production Preview. If you have Windows 10 then no action is needed since it is embeded. For Windows 7-8.1 we can download it here: https://www.microsoft.com/en-us/download/details.aspx?id=48729
    The AzureRm commands are installed directly from the PowerShell using the Install-Module AzureRM & Install-AzureRM commands.
    Read more: http://www.e-apostolidis.gr/microsoft/azurerm-create-internal-load-balancer-with-two-vms/
  17. proximagr
    <h1><strong>AzureRm | Create Site to Site VPN</strong></h1>
    <p>This post is part of a general idea, to create an end-to-end high available application infrastructure solution in Azure using internal load balancer with the new AzureRm commands and Azure PowerShell v.1.0 preview.</p>
    <p>We will create a Gateway, request a Public IP and establish a Site to Site VPN. At the time I am writting this post there is no option to create the VPN ising the Portal, the only way is using PowerShell. Also there is no option to download the configuration for the local firewall/router, like the classic deployment.</p>
    <p>The AzureRm commands are installed directly from the PowerShell using the Install-Module AzureRM & Install-AzureRM commands.</p>
    <p>So lets start:</p><pre class="crayon-plain-tag">#Login
    Login-AzureRmAccount
     
    #Create Gateway for VPN
     
    # add the local (office) public ip and local networks
    $resourcegroupName ="RMDemoRG"
    $locationName ="West Europe"
    $vnetName = "NRPVnet"
    New-AzureRmLocalNetworkGateway -Name localsite -ResourceGroupName $resourcegroupName -Location $locationName -GatewayIpAddress "XXX.XXX.XXX.XXX" -AddressPrefix @('10.0.0.0/24','192.168.0.0/24')
     
    # Create the Gateway Subnet
    $vnet = Get-AzureRmVirtualNetwork -ResourceGroupName $resourcegroupName -Name $vnetName
    Add-AzureRmVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -AddressPrefix 172.16.0.0/16 -VirtualNetwork $vnet
    Set-AzureRmVirtualNetwork -VirtualNetwork $vnet
     
    # create gateway and request azure public ip
    $gwpip= New-AzureRmPublicIpAddress -Name RMDemoPIP -ResourceGroupName $resourcegroupName -Location $locationName -AllocationMethod Dynamic
    $vnet = Get-AzureRmVirtualNetwork -Name $vnetName -ResourceGroupName $resourcegroupName
    $GWsubnet = Get-AzureRmVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -VirtualNetwork $vnet
    $gwipconfig = New-AzureRmVirtualNetworkGatewayIpConfig -Name gwipconfig1 -SubnetId $GWsubnet.Id -PublicIpAddressId $gwpip.Id
    New-AzureRmVirtualNetworkGateway `
    -Name RMDemoGW `
    -ResourceGroupName $resourcegroupName `
    -Location $locationName `
    -IpConfigurations $gwipconfig `
    -GatewayType Vpn `
    -VpnType PolicyBased #PolicyBased For Static & RouteBased for Dynamic VPN
     
    # Get the Public IP
    Get-AzureRmPublicIpAddress -Name RMDemoPIP -ResourceGroupName $resourcegroupName
     
    # Establish the VPN connection
    $gateway1 = Get-AzureRmVirtualNetworkGateway -Name RMDemoGW -ResourceGroupName $resourcegroupName
    $local = Get-AzureRmLocalNetworkGateway -Name LocalSite -ResourceGroupName $resourcegroupName
    New-AzureRmVirtualNetworkGatewayConnection `
    -Name localtovpn `
    -ResourceGroupName $resourcegroupName `
    -Location $locationName `
    -VirtualNetworkGateway1 $gateway1 `
    -LocalNetworkGateway2 $local `
    -ConnectionType IPsec `
    -RoutingWeight 10 `
    -SharedKey 'ABCDEFG1234567890'
     
    #check the VPN status
    Get-AzureRMVirtualNetworkGatewayConnection -Name localtovpn -ResourceGroupName $resourcegroupName -Debug</pre><p>Finally, since there is no way to download the configuration script at this time, the sample configurations can be found here: <a href="https://github.com/Azure/Azure-vpn-config-samples"target="_blank">https://github.com/Azure/Azure-vpn-config-samples</a></p>
    <p>After the creation of the VPN, that can be done only using PowerShell, we can use the portal to view the status and the settings</p>
    <p><a class="a2a_button_email" href="http://www.addtoany.com/add_to/email?linkurl=http%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazurerm-create-site-to-site-vpn%2F&linkname=AzureRm%20%7C%20Create%20Site%20to%20Site%20VPN"title="Email" rel="nofollow" target="_blank"><img src="http://www.e-apostolidis.gr/wp-content/plugins/add-to-any/icons/email.png" width="16" height="16" alt="Email"/></a><a class="a2a_button_print" href="http://www.addtoany.com/add_to/print?linkurl=http%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazurerm-create-site-to-site-vpn%2F&linkname=AzureRm%20%7C%20Create%20Site%20to%20Site%20VPN" title="Print" rel="nofollow" target="_blank"><img src="http://www.e-apostolidis.gr/wp-content/plugins/add-to-any/icons/print.png" width="16" height="16" alt="Print"/></a><a class="a2a_dd a2a_target addtoany_share_save" href="https://www.addtoany.com/share#url=http%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazurerm-create-site-to-site-vpn%2F&title=AzureRm%20%7C%20Create%20Site%20to%20Site%20VPN" id="wpa2a_2"><img src="http://www.e-apostolidis.gr/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></p><p>The post <a rel="nofollow" href="http://www.e-apostolidis.gr/microsoft/azurerm-create-site-to-site-vpn/">AzureRm | Create Site to Site VPN</a> appeared first on <a rel="nofollow" href="http://www.e-apostolidis.gr">Proxima's IT Corner</a>.</p>


    <a href="http://www.e-apostolidis.gr/microsoft/azurerm-create-site-to-site-vpn/"class='bbc_url' rel='nofollow external'>Source</a>
  18. proximagr
    Microsoft Azure Nested Virtualization | Hyper-V VM inside Azure VM
    With the new Dv3 and Ev3 VM sizes Microsoft has released the Nested Virtualization, meaning you can simply have a Hyper-V VM inside an Azure VM. In this post I am testing the Nested Virtualization functionality creating a Hyper-V VM inside an Azure VM and have Network and Internet Connectivity.
    Lets get started. First of all we will need a Dv3 or Ev3 VM and for best Nested Virtualization performance make use of SSD Managed Disks. I created a D4s_v3 Standard (4Cores, 16GB Ram, SSD managed disks) and I attached a 1023GB SSD Data Disk for performance.

    Now remote desktop to the VM to add the Hyper V Role. From the Server Manager, add Roles and Features and add the Hyper-V role

    Since this is an one NIC VM select the NIC to create the Virtual Switch

    Change the default Store location to the SSD Data Disk, in this case the E: drive.
     

    Finally wait for the installation to complete and reboot the VM. After the VM reboots, Remote Desktop and open the Hyper-V manager. Now we have Hyper-V inside an Azure VM.

    Lets create a VM. You can download a Trial Windows Server 2016 from https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2016or use your Subscription (MSDN, EA, etc).
    I created a VM Called NestedVM01, with 4GB Ram using the Trial Windows Server 2016 ISO

    After the VM creation setup the Windows Server 2016 with all defaults and login.

    The first thing to notice is that the Network Interface does not have a valid IP address, since Microsoft Azure will not provide one. In order to have the Nested VM to have Network connectivity we need to use NAT.
    First change the Virtual Switch to “Internal network”

    At the Host’s Network interfaces, open the vEthernet NIC and add a static IP, only IP & Mask

    Now we will need PowerShell, since we cannot configure NAT form the GUI.
    Open the PowerShell (still at the Host Azure VM) and run
    New-NetNat –Name NVMNat –InternalIPInterfaceAddressPrefix 192.168.168.0/24
    The result:

    After that we can provide the Nested VMs with IPs form the 192.168.168.0/24 range. So login to the Nested VM and add an IP fron the Range and for Default Gateway add the Host’s IP.
    For DNS add your AD DNS or a Public DNS server just to have internet.

    Now from the Nested VM you can ping the Host:

    And also browse the Internet:

    Stay tuned, on my next post we will see how we can make the Nested VM a Web Server, a hidden Web Server in a VM inside an Azure VM!
    Of course this Features opens the door for many more features to test, like Hyper-V Replica, Containers, etc, that we will see in future posts.
     
    [/url]
    The post Microsoft Azure Nested Virtualization | Hyper-V VM inside Azure VM appeared first on Apostolidis IT Corner.


    Source
  19. proximagr
    Azure File Sync & DFS Namespace
    Azure File Sync is a new Azure feature, still in preview, that allows to sync a folder between your local file server and Azure Files. This way your files are accessible both locally at your file server and publicly at Azure Files using an SMB 3.0 client. Also the files can be protected online using Azure Backup.
    The idea of this post is to have the files of two file servers to sync to Azure Files using Azure File Sync and in addition use the DFS Namespace feature to achieve common name and availability. This is not something officially supported, it is just an idea on using two different technologies to help for a service.
    The requirement before starting the Azure File Sync is to create an Azure File share. We have covered this at a previews post, check here
    Once the Azure Files share is ready, proceed with the Azure File Sync resource. At the Azure Portal press New and search for it and create it.

    At the Deploy Storage Sync blade select a name for the Resource, subscription, resource group and location.

    When the Azure File Sync is ready we need to create a Sync group. Sync group is something like the DFS Replication Group. It is a group that consists of an Azure File Share and many local file servers that syncs a folder.

    Press “+Sync group” it will open the new “Sync group” blade. There provide a name for the Sync group and select the storage account and the Azure File Share created before.

    The Sharegroup is ready with the cloud endpoint. The next step is to add the first local file server.Register the local servers
    Navigate to https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-server-registration for information on how to download the agent, install it and register the server. After that press “Add server endpoint”

    At the “Add server endpoint” blade, select the registered server and add the path to the folder that has the data you want to sync. With Cloud Tiering you select a percent of the volume of the local server. When the capacity of the volume reaches this number then Azure File Share makes the files that are less frequently accessed cloud only. The file icon on the server get transparent and if anyone double clicks the file then it is downloaded instantly.

    Register the second server the same way as the first and finally the share group will have two server endpoints. At my example the second server had no data, just the folder, and the Azure File Sync synced all files from server A.
    Create a DFS Namespace
    The next step is to create a DFS Namespace, just the namespace with the two local servers. Add the folders of both servers and you are ready.

    Also if you browse the Azure File Share, all files are accessible

    Notes from the field
    Adding or changing a file at the first server, almost instantly replicates to Azure File Share and to the second server.
    Altering a file at both servers instantly it will keep the last accessed by timestamp as is and the other file will be renamed by adding the server name at the file name, as the example “enaneoarxeio-AzureFS2.txt” where AzureFS2 is the server name.
    You can add an Azure Backup and have a Cloud Backup of all your files.
    [/url]
    The post Azure File Sync & DFS Namespace appeared first on Apostolidis IT Corner.


    Source
  20. proximagr
    Custom pfSense on Azure Rm | a complete guide
    A complete guide on how to create a pfSense VM on a local Hyper-V server, prepare it for Microsoft Azure, upload the disk to Azure and create a multi-NIC VM.
    Download the latest image from https://www.pfsense.org/download/

    Open Hyper-V Manager create a Generation 1 VM. I added 4096 ram, 2 cores, use VHD, add an extra NIC (for second interface) and select the downloaded ISO. (create a fixed VHD as Azure supports only fixed VHDs for custom VMs)

    Start the VM and at the first screen press enter.

    At all screens I accepted the default settings. Finally at the reboot prompt remove the installation ISO.
    There is no need to setup VLANs, select the second interface for WAN and the first for LAN.


    Once the pfSense is ready press 2 and change the LAN (hn0) interface IP to one at your network. Then select the option 14 to enable SSH.

    Now we can login with putty, with username admin password pfsense and press 8 for Shell access.

    The first thing is to update the packages running:
    pkg upgrade Python
    Then install Python, as it is requirement for the Azure Linux Agent.
    Search for Python packages running:
    pkg search python

    Install the latest Python package, setup tools and bash:
    pkg install -y python27-2.7.14
    pkg search setuptoolspkg install py27-setuptools-36.2.2ln -s /usr/local/bin/python /usr/local/bin/python2.7pkg install -y bash Azure Linux Agent
    ref: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/classic/freebsd-create-upload-vhd
    pkg install gitgit clone https://github.com/Azure/WALinuxAgent.gicd WALinuxAgentgit taggit checkout WALinuxAgent-2.1.1git checkout WALinuxAgent-2.0.16python setup.py installln -sf /usr/local/sbin/waagent /usr/sbin/waagent
    check the agent is running:
    waagent -Version

    One final step before uploading the VHD to Azure is to set the LAN interface as dhcp.
    This can be done by the web interface, go to https://lanaddress, login using admin / pfsense, and go to interfaces / LAN and select DHCPas ipv4 configuration.

    Now, shutdown the pfSense and upload it to Azure Storage.
    I use the Storage Explorer, https://azure.microsoft.com/en-us/features/storage-explorer/ a free and powerful tool to manage Azure Storage. Login to your Azure Account and press Upload. Select as Blob type: “Page blob”

    After the upload is completed we can create a multiple NIC VM. This cannot be accomplished from GUI. We will create this using PowerShell.
    $ResourceGroupName = "******"$pfresourcegroup = "*******"$StorageAccountName = "******"$vnetname = "*****"$NSGname = "******"$location = "West Europe"$vnet = Get-AzureRmVirtualNetwork -Name $vnetname -ResourceGroupName $ResourceGroupName$backendSubnet = Get-AzureRMVirtualNetworkSubnetConfig -Name default -VirtualNetwork $vnet$vmName="pfsense"$vmSize="Standard_F1"$vnet = Get-AzureRmVirtualNetwork -Name $vnetname -ResourceGroupName $ResourceGroupName$pubip = New-AzureRmPublicIpAddress -Name "PFPubIP" -ResourceGroupName $pfresourcegroup -Location $location -AllocationMethod Dynamic$nic1 = New-AzureRmNetworkInterface -Name "EXPFN1NIC1" -ResourceGroupName $pfresourcegroup -Location $location -SubnetId $vnet.Subnets[0].Id -PublicIpAddressId $pubip.Id$nic2 = New-AzureRmNetworkInterface -Name "EXPFN1NIC2" -ResourceGroupName $pfresourcegroup -Location $location -SubnetId $vnet.Subnets[0].Id$VM = New-AzureRmVMConfig -VMName $vmName -VMSize $vmSize$VM | Set-AzureRmVMOSDisk ` -VhdUri https://********.blob.core.windows.net/vhds/pfsensefix.vhd ` -Name pfsenseos -CreateOption attach -Linux -Caching ReadWrite$vm = Add-AzureRmVMNetworkInterface -VM $vm -Id $nic1.Id$vm = Add-AzureRmVMNetworkInterface -VM $vm -Id $nic2.Id$vm.NetworkProfile.NetworkInterfaces.Item(0).Primary = $trueNew-AzureRMVM -ResourceGroupName $pfresourcegroup -Location $locationName -VM $vm -Verbose
    Once the VM is created, go to the VM’s blade and scroll down to “Boot diagnostics”. There you can see a screenshot of the VM’s monitor.

    Then go to the Networking section and SSH to the Public IP.

    and also we can login to the Web Interface of the pfSense


    In my case I have added both NICs at the same Subnet, but at a production environment add the LAN interface to the backend subnet and the WAN interface to the DMZ (public) subnet.
    Of course more NICs can be added to the VM, one for each Subnet at our environment.Route external traffic through the pfSense
    We cannot change the gateway at an Azure VM, but we can use routing tables to route the traffic through the pfSense.
    From the Azure Portal, select New and search for Route table.

    We need to configure two things. One is to associate the Route table to a Subnet and the second is to create a Route.

    Open the “Route table” and click the “Routes”. Press “Add route” and in order to route all outbound traffic through the pfSense then add for Address prefix “0.0.0.0”, next hop type Virtual appliance” and Net hop address the ip address of the pfSense’s LAN interface IP.

    Then go to the “Subnets” and associate the required subnets.

     
    [/url]
    The post Custom pfSense on Azure Rm | a complete guide appeared first on Apostolidis IT Corner.


    Source
  21. proximagr
    After my previous post, the internal load balancer with two VMs, this is a scenario using the External Load Balancer. The configuration includes a Load Balancer with a Static Public IP at the frond end and two VMs at the back end. The load balancer has two static routes for RDP, one for each VM and one load balance rule, the TCP port 80, common for web sites and applications. It uses a probe that checks a web page on both hosts to verify if they are active.
     
    Lets start. First we need to install the AzureRm module. If not Windows 10 then first install the https://www.microsoft.com/en-us/download/details.aspx?id=48729<br/>Then Open Powershell ISE and execute the following commands. I have added a lot of comments to help customize based to the needs.
    Set-ExecutionPolicy RemoteSigned
    Install-Module AzureRM
    Login-AzureRmAccount
     
    #Define the variables
    $ResourceGroupName = "myresourcegroup"
    $StorageAccountName = "mystorageaccount"
    $vnetname = "VNET-01"
    $NSGname = "NSG-01"
    $locationName = "West Europe"
    $publicipname = "mypublicip"
    $vnet = Get-AzureRmVirtualNetwork -Name $vnetname -ResourceGroupName $ResourceGroupName
     
    #Create a new resource group
    New-AzureRmResourceGroup -Name $ResourceGroupName -Location $locationName
     
    #Create storage account
    New-AzureRmStorageAccount `
    -ResourceGroupName $resourcegroupName `
    -Name $storageaccountName `
    -Type Standard_LRS `
    -Location $locationName
     
    #Create Virtual Network and a private IP address for front end IP pool
    $FESubnet = New-AzureRmVirtualNetworkSubnetConfig -Name FE-SUBNET -AddressPrefix 10.0.0.16/28
    $BESubnet = New-AzureRmVirtualNetworkSubnetConfig -Name BE-SUBNET -AddressPrefix 10.0.0.32/28
     
    $vnet = New-AzureRmVirtualNetwork `
    -Name $vnetname `
    -ResourceGroupName $ResourceGroupName `
    -Location $locationName `
    -AddressPrefix 10.0.0.0/24 -Subnet $FESubnet,$BESubnet
     
    $FESubnet = Get-AzureRmVirtualNetworkSubnetConfig -Name FE-SUBNET -VirtualNetwork $vnet
    $BESubnet = Get-AzureRmVirtualNetworkSubnetConfig -Name BE-SUBNET -VirtualNetwork $vnet
     
    #Create Public IP
    $publicIP = New-AzureRmPublicIpAddress `
    -Name PublicIp `
    -ResourceGroupName $ResourceGroupName `
    -Location $locationName `
    –AllocationMethod Static `
    -DomainNameLabel $publicipname
     
    #Create FrontEnd IP pool and BackEnd address pool
    $APPfrontendIP = New-AzureRmLoadBalancerFrontendIpConfig `
    -Name APP-LB-Frontend `
    -PublicIpAddress $publicIP
     
    $APPbeaddresspool= New-AzureRmLoadBalancerBackendAddressPoolConfig -Name "APP-LB-backend"
     
    #Create load balancer rules, NAT rules, probe and load balancer
    $APPinboundNATRule1= New-AzureRMLoadBalancerInboundNatRuleConfig `
    -Name "RDP1" `
    -FrontendIpConfiguration $APPfrontendIP `
    -Protocol TCP `
    -FrontendPort 33389 `
    -BackendPort 3389
    $APPinboundNATRule2= New-AzureRMLoadBalancerInboundNatRuleConfig `
    -Name "RDP2" `
    -FrontendIpConfiguration $APPfrontendIP `
    -Protocol TCP `
    -FrontendPort 33390 `
    -BackendPort 3389
    $APPhealthProbe = New-AzureRMLoadBalancerProbeConfig `
    -Name "HealthProbe" `
    -RequestPath "/index.aspx" `
    -Protocol http `
    -Port 80 `
    -IntervalInSeconds 15 `
    -ProbeCount 2
    $APPlbrule = New-AzureRMLoadBalancerRuleConfig `
    -Name "HTTP" `
    -FrontendIpConfiguration $APPfrontendIP `
    -BackendAddressPool $APPbeAddressPool `
    -Probe $GAPPhealthProbe `
    -Protocol Tcp `
    -FrontendPort 80 `
    -BackendPort 80
    $APPLB = New-AzureRMLoadBalancer `
    -ResourceGroupName $ResourceGroupName `
    -Name "APP-LB" `
    -Location $locationName `
    -FrontendIpConfiguration $APPfrontendIP `
    -InboundNatRule $APPinboundNATRule1,$APPinboundNATRule2 `
    -LoadBalancingRule $APPlbrule `
    -BackendAddressPool $APPbeAddressPool `
    -Probe $APPhealthProbe
     
    #Create the network interfaces for the backend VMs
    $vnet = Get-AzureRMVirtualNetwork -Name $vnetname -ResourceGroupName $ResourceGroupName
    $APPbackendSubnet = Get-AzureRMVirtualNetworkSubnetConfig -Name FE-SUBNET -VirtualNetwork $vnet
     
    #Create 1st NIC with first NAT rule for RDP
    $APPbackendnic1 = New-AzureRMNetworkInterface `
    -ResourceGroupName $ResourceGroupName `
    -Name APP-lb-nic1-be `
    -Location $locationName `
    -PrivateIpAddress 10.0.0.21 `
    -Subnet $APPbackendSubnet `
    -LoadBalancerBackendAddressPool $APPLB.BackendAddressPools[0] `
    -LoadBalancerInboundNatRule $APPLB.InboundNatRules[0]
    #Create 2nd NIC with second NAT rule for RDP
    $APPbackendnic2 = New-AzureRMNetworkInterface `
    -ResourceGroupName $ResourceGroupName `
    -Name APP-lb-nic2-be `
    -Location $locationName `
    -PrivateIpAddress 10.0.0.22 `
    -Subnet $APPbackendSubnet `
    -LoadBalancerBackendAddressPool $APPLB.BackendAddressPools[0] `
    -LoadBalancerInboundNatRule $APPLB.InboundNatRules[1]
     
    #Create a Virtual Machine and assign the NIC
    # Set the existing virtual network and subnet index
    $subnetIndex=0
    $vnet=Get-AzureRMVirtualNetwork -Name $vnetName -ResourceGroupName $resourcegroupName
     
    #Create Availability Set
    $availabilitysetName="APP-AS"
    New-AzureRmAvailabilitySet –Name $availabilitysetName –ResourceGroupName $resourcegroupName -Location $locationName
     
    # First VM
    # Specify the name, size, and existing availability set
    $vmName="APP-01"
    $vmSize="Standard_A1"
    $availabilitysetName="APP-AS"
    $availabilitysetSet=Get-AzureRmAvailabilitySet –Name $availabilitysetName –ResourceGroupName $resourcegroupName
    $vm=New-AzureRmVMConfig -VMName $vmName -VMSize $vmSize -AvailabilitySetId $availabilitysetSet.Id
     
    #Add a 1023 GB additional data disk
    $diskSize=1023
    $diskLabel="AS1Data"
    $diskName="AS1Data"
    $storageAccount=Get-AzureRmStorageAccount -ResourceGroupName $resourcegroupName -Name $storageaccountName
    $vhdURI=$storageAccount.PrimaryEndpoints.Blob.ToString() + "vhds/" + $vmName + $diskName + ".vhd"
    Add-AzureRmVMDataDisk -VM $vm -Name $diskLabel -DiskSizeInGB $diskSize -VhdUri $vhdURI -CreateOption empty
     
    #Specify the image and local administrator account, and then add the NIC
    #To find the Publisher, Offer and SKU use the Get-AzureRmVMImagePublisher, Get-AzureRmVMImageOffer and Get-AzureRmVMImageSku commands
    $pubName="MicrosoftWindowsServer"
    $offerName="WindowsServer"
    $skuName="2012-R2-Datacenter"
    $cred=Get-Credential -Message "Type the name and password of the local administrator account."
    $vm=Set-AzureRmVMOperatingSystem -VM $vm -Windows -ComputerName $vmName -Credential $cred
    $vm=Set-AzureRmVMSourceImage -VM $vm -PublisherName $pubName -Offer $offerName -Skus $skuName -Version "latest"
    $vm=Add-AzureRmVMNetworkInterface -VM $vm -Id $backendnic1.Id
     
    #Specify the OS disk name and create the VM / For Create NEW OS Disk
    $diskName="OSDisk"
    $storageAccount=Get-AzureRmStorageAccount -ResourceGroupName $resourcegroupName -Name $storageaccountName
    $osDiskUri=$storageAccount.PrimaryEndpoints.Blob.ToString() + "vhds/" + $vmName + $diskName + ".vhd"
    $vm=Set-AzureRmVMOSDisk -VM $vm -Name $diskName -VhdUri $osDiskUri -CreateOption fromImage
    New-AzureRmVM -ResourceGroupName $resourcegroupName -Location $locationName -VM $vm
     
    #Second VM
    # Specify the name, size, and existing availability set
    $vmName="APP-02"
    $vmSize="Standard_A1"
    $availabilitysetName="APP-AS"
    $availabilitysetSet=Get-AzureRmAvailabilitySet –Name $availabilitysetName –ResourceGroupName $resourcegroupName
    $vm=New-AzureRmVMConfig -VMName $vmName -VMSize $vmSize -AvailabilitySetId $availabilitysetSet.Id
     
    #Add a 1023 GB additional data disk
    $diskSize=1023
    $diskLabel="AS2Data"
    $diskName="AS2Data"
    $storageAccount=Get-AzureRmStorageAccount -ResourceGroupName $resourcegroupName -Name $storageaccountName
    $vhdURI=$storageAccount.PrimaryEndpoints.Blob.ToString() + "vhds/" + $vmName + $diskName + ".vhd"
    Add-AzureRmVMDataDisk -VM $vm -Name $diskLabel -DiskSizeInGB $diskSize -VhdUri $vhdURI -CreateOption empty
     
    #Specify the image and local administrator account, and then add the NIC
    #To find the Publisher, Offer and SKU use the Get-AzureRmVMImagePublisher, Get-AzureRmVMImageOffer and Get-AzureRmVMImageSku commands
    $pubName="MicrosoftWindowsServer"
    $offerName="WindowsServer"
    $skuName="2012-R2-Datacenter"
    $cred=Get-Credential -Message "Type the name and password of the local administrator account."
    $vm=Set-AzureRmVMOperatingSystem -VM $vm -Windows -ComputerName $vmName -Credential $cred
    $vm=Set-AzureRmVMSourceImage -VM $vm -PublisherName $pubName -Offer $offerName -Skus $skuName -Version "latest"
    $vm=Add-AzureRmVMNetworkInterface -VM $vm -Id $backendnic2.Id
     
    #Specify the OS disk name and create the VM / For Create NEW OS Disk
    $diskName="OSDisk"
    $storageAccount=Get-AzureRmStorageAccount -ResourceGroupName $resourcegroupName -Name $storageaccountName
    $osDiskUri=$storageAccount.PrimaryEndpoints.Blob.ToString() + "vhds/" + $vmName + $diskName + ".vhd"
    $vm=Set-AzureRmVMOSDisk -VM $vm -Name $diskName -VhdUri $osDiskUri -CreateOption fromImage
    New-AzureRmVM -ResourceGroupName $resourcegroupName -Location $locationName -VM $vm
     
    Source: http://www.e-apostolidis.gr/microsoft/azurerm-create-external-load-balancer-with-two-vms/
  22. proximagr
    <p>I was looking for a way to have a list with many details about VMs of Azure Classic deployment. Some of the details are VM Name, HostName, Service Name, IP address, Instance Size, Availability Set, Operating System, Disk Name (OS), SourceImageName (OS), MediaLink (OS), HostCaching (OS), Subnet, DataDisk Name, DataDisk HostCaching, DataDisk MediaLink, DataDisk Size.</p>
    <p>I started with PowerShell ISE and some technet search and after a lot of test I created this script:</p><pre class="crayon-plain-tag">Add-AzureAccount
    Select-AzureSubscription -SubscriptionId xxxxxxx-xxxxxxxx-xxxxxx-xxxxxx
    $VMlist = ForEach ($VM in (Get-AzureVM))
    { Get-AzureOSDisk -VM $VM | Select @{Label="VM";Expression={$VM.Name}},`
    @{Label="HostName";Expression={$VM.HostName}},`
    @{Label="Service";Expression={$VM.ServiceName}},`
    @{Label="IP";Expression={$VM.IpAddress}},`
    @{Label="InstanceSize";Expression={$VM.InstanceSize}},`
    @{Label="AvailabilitySet";Expression={$VM.AvailabilitySetName}},`
    OS,DiskName,SourceImageName,MediaLink,HostCaching, `
    @{Label="Subnet";Expression={(Get-AzureSubnet -VM $VM)}},`
    @{Label="DataDiskName";Expression={(Get-AzureDataDisk -VM $VM).DiskName}},`
    @{Label="DDHostCaching";Expression={(Get-AzureDataDisk -VM $VM).HostCaching}},`
    @{Label="DDMediaLink";Expression={(Get-AzureDataDisk -VM $VM).MediaLink}},`
    @{Label="DDSize";Expression={(Get-AzureDataDisk -VM $VM).LogicalDiskSizeInGB}}
    }
    $VMlist | Sort VM,SourceImageName | Export-CSV C:vms_alldata.csv -NoTypeInformation</pre><p>Just open the vms_alldata.csv with Excel, convert test to columns and insert table and voila:</p>
    <p><a href="http://www.e-apostolidis.gr/wp-content/uploads/2016/05/allvms.jpg"><imgclass="alignnone wp-image-990 size-full" src="http://www.e-apostolidis.gr/wp-content/uploads/2016/05/allvms.jpg" alt="allvms" width="1017" height="58" srcset="http://www.e-apostolidis.gr/wp-content/uploads/2016/05/allvms.jpg 1017w, http://www.e-apostolidis.gr/wp-content/uploads/2016/05/allvms-300x17.jpg 300w, http://www.e-apostolidis.gr/wp-content/uploads/2016/05/allvms-768x44.jpg 768w, http://www.e-apostolidis.gr/wp-content/uploads/2016/05/allvms-660x38.jpg 660w" sizes="(max-width: 1017px) 100vw, 1017px" /></a></p>
    <p><a class="a2a_button_email" href="http://www.addtoany.com/add_to/email?linkurl=http%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fclassic-azure-vm-details%2F&linkname=Classic%20Azure%20VM%20Details"title="Email" rel="nofollow" target="_blank"><img src="http://www.e-apostolidis.gr/wp-content/plugins/add-to-any/icons/email.png" width="16" height="16" alt="Email"/></a><a class="a2a_button_print" href="http://www.addtoany.com/add_to/print?linkurl=http%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fclassic-azure-vm-details%2F&linkname=Classic%20Azure%20VM%20Details" title="Print" rel="nofollow" target="_blank"><img src="http://www.e-apostolidis.gr/wp-content/plugins/add-to-any/icons/print.png" width="16" height="16" alt="Print"/></a><a class="a2a_dd a2a_target addtoany_share_save" href="https://www.addtoany.com/share#url=http%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fclassic-azure-vm-details%2F&title=Classic%20Azure%20VM%20Details" id="wpa2a_2"><img src="http://www.e-apostolidis.gr/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></p><p>The post <a rel="nofollow" href="http://www.e-apostolidis.gr/microsoft/azure/classic-azure-vm-details/">Classic Azure VM Details</a> appeared first on <a rel="nofollow" href="http://www.e-apostolidis.gr">Proxima's IT Corner</a>.</p>


    <a href="http://www.e-apostolidis.gr/microsoft/azure/classic-azure-vm-details/"class='bbc_url' rel='nofollow external'>Source</a>
  23. proximagr
    Application Security Groups to simplify your Azure VMs network security
    Application Security Groups helps to manage the security of the Azure Virtual Machines by grouping them according the applications that runs on them. It is a feature that allows the application-centric use of Network Security Groups.

    An example is always the best way to better understand a feature. So let’s say that in a Subnet we have some Web Servers and some Database Servers. The access rules of the Subnet’s Network Security Group to allow http, https & database access to those servers will be something like this:

    Using only the Network Security Groups functionality we need to add the IP addresses of the servers to use them to the access lists. There are two major difficulties here:
    For every rule we need to add all the IPs of the servers that will be included. If there is an IP address change (e.g by adding or removing a server) then all the relative rules must change.
    Use Application Security Groups
    Now, lets see how we can bypass this complexity by using Application Security Groups, combined with Network Security Groups.
    Create two Application Security Groups, one for the Web Servers and one for the Database Servers
    At the Azure Portal, search for Application Security Groups

    Provide a name and a Resource Group

    Create one more with name Database Servers and at the Resource Group you will have those two Application Security Groups:

    Then go each Virtual Machine and attach the relevant ASG.
    Click the Virtual Machine and then go to the Networking settings blade, and press the “Configure the application security groups”

    Select the relevant ASG and press save:

    Do the same for all your servers. Finally open the Network Security Group. Open the https rule, at my example is the “https2WebServers” rule. Change the Destination to “Application Security Group” and for Destination application security group select the Web Servers.

    Same way change the database access rule and for Source add the “Database Server” ASG and for destination the “Web Servers” ASG. Now the NSG will look like this:

    Now on when removing a VM from the Web Servers farm of the Database servers cluster there is no need to change anything at the NSG. When adding a new VM, the only thing we need to do is to attach the VM to the relative Application Security Group.
    A Virtual Machine can be attached to more than one Application Security Group. This helps in cases of multi-application servers.
    There are only two requirements:
    All network interfaces used in an ASG must be within the same VNet If ASGs are used in the source and destination, they must be within the same VNet

  24. proximagr
    Validate Azure Resource Move with Postman
    At this post we will see how easily we can move azure resources to new resource groups or subscriptions and how we can validate if the azure resources are eligible to move without initiate the move. Move Azure Resources to new resource groups or subscriptions
    Azure Resource Manager allow you to easily move resources to new resource groups or subscriptions. It is a pretty simple process. From the Azure Portal, open a Resource Group, and from the top options click Move. You can select if you want to move to another resource group or subscription.

    On the next page you can select the resources you want to move and click OK. Once you click OK, the Azure Resource Manager starts to validate the move requests. Checks if the selected resources are eligible to move and also if they have any dependencies that will cause the move to fail.

    After the validation, and if the validation is successful, the resource move starts. There is no option in the portal to just validate the move request without starting the move. Validate Resource Move with Postman
    To validate the resources move you need to use post / get operations. The https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-move-resources#validate-move document descibes the parameters that we must use to validate is the resources are eligible to move. To validate if the resources are eligible to move we need to send a URI with Authorization token. A free and easy application to help us with the post /get requests is the Postman. You can download the latest release form this link: https://www.getpostman.com/downloads/
    Download and install the Postman and open the application. We need to perform a Post request to ask the ARM if the specific resources are eligible to move and then a GET request to view the ARM response.

    At the Postman select POST and at the POST request URL enter:
    https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{sourceResourceGroupName}/validateMoveResources?api-version=2019-05-01
    My test case URL:
    https://management.azure.com/subscriptions/784f8ed8-33f0-497c-b1c8-1ca9833be590/resourceGroups/devrg/validateMoveResources?api-version=2019-05-01
    Then at the Body, select RAW -> json and paste the request:
    { “resources”: [“<resource-id-1>”, “<resource-id-2>”], “targetResourceGroup”: “/subscriptions/<subscription-id>/resourceGroups/<target-group>” }
    at my example that I want to validate two resources, the devrg VM and the Managed disk I entered:
    {
    “resources”: [“/subscriptions/784f8ed8-33f0-497c-b1c8-1ca9833be590/resourceGroups/devrg/providers/Microsoft.Compute/virtualMachines/devrgvm”, “/subscriptions/784f8ed8-33f0-497c-b1c8-1ca9833be590/resourceGroups/DEVRG/providers/Microsoft.Compute/disks/devrgvm_OsDisk_1_5da9dad62662418b9bb3f02496e88604”],
    “targetResourceGroup”: “/subscriptions/784f8ed8-33f0-497c-b1c8-1ca9833be590/resourceGroups/target”
    }
    Create Authorization Token
    Finally we need an authorization token to access the ARM API. At the Azure Portal open the cloud shell, buy clicking the icon at the top right menu bar.

    Enter the below command to create a service principal at the Azure Active Directory:
    az ad sp create-for-rbac -n “my-access-app”
    The output will be as the below screenshot:

    You will get the application ID, URL, tenant ID and password. Next at the Postman press the + button to create a new tab

    At the Postman’s new tab create a new POST and enter:
    https://login.microsoftonline.com/{{tenantId}}/oauth2/token
    My test:
    https://login.microsoftonline.com/85ed7d07-ffa3-44da-a22a-38c51ba14d0e/oauth2/token
    Then at the Body property, select “x-www-form-urlencoded” and enter the following KEYs: Key Value grant_type client_credentials client_id this is the appId of the access app client_secret this is the password of the access app resource https://management.azure.com
    my test:

    Once you press “Send” it will return the “access_tocket”. This is the Authorization: Bearer <bearer-token> needed for the resource move validation.
    Send the validation request
    Back to the first tab of the Postman, where we are preparing the move validation POST request, select “Authorization”, at the TYPE select “Bearer Token” and at the Token field paste the “access_tocken” from above. Then press “Send”

    If all the details are correct, it will return a status of “202 Accepted”. This means that the ARM has started the validation. Copy the “Location” value because we will need it below.

    The next step is to create a GET request to view the validation result. The GET request consists of the location URL and the Authorization token. As we did before, open a new Tab at the Postman, select GET request, at the GET URL paste the “Location” URL, at the TYPE select “Bearer Token” and at the Token field enter the “access_token”.
    Receive the validation results
    Press enter to GET the validation results. f the move operation validates successfully, you receive the 204 status code and nothing at the Body.
    If the move validation fails, you receive an error message, like the below. At my example the validation returned failed. The error message explains what caused the failure. At my example the VM is being backed up so the disks have restore points. Also at the message it gives us the link to check for more information.

  25. proximagr
    Azure offers free smtp relay using the SendGrid application. SendGrid is a cloud service that provides email delivery and marketing campaigns. The specific offer is for up to 25.000 emails per month. Also this offers provides full reporting and analytics and 24/7 support.
    At this post we will see how to create a SendGrid free account that can be used for many purposes, like:
    Send emails through an application using the SendGrid API Send email campaigns, newsletters, etc using the SendGrid SMTP service


    At the Azure Portal, portal.azure.com, search for sendgrid and click the “SendGrid Email Delivery”

    The SendGrid account wizard will open. Fill the name and password, select subscription and resource group and choose the F1 free pricing tier. Also fill the contact information, accept the legal terms and press “Create”
    Once the SendGrid Account is created, navigate to it and select Manage
    The SendGrid portal will open. Navigate to the Settings / API Keys to Create an API Key.
    Enter a name for the key. For permissions you only need send emails So select Restricted Access and add “Mail Send”. Press create & view to create the key.
    You will only see the key once, upon creation. After that there is no way to see the key again, so copy and keep it safe.
    SMTP Service
    We are ready to send emails using any host that supports SMTP. The settings are:
    Server: smtp.sendgrid.net Username: apikey Password: “The API Key you created before” Ports: SSL 465, Unencrypted: 25 , TLS 586 More about SendGrid SMTP: https://sendgrid.com/docs/API_Reference/SMTP_API/integrating_with_the_smtp_api.html

    API Usage:
    https://sendgrid.com/docs/for-developers/sending-email/api-getting-started/
×
×
  • Create New...