Archive

Posts Tagged ‘Azure’

Do you have questions on Containers? #AskBenArmstrong

April 19, 2018 Leave a comment

Fundamentally, Containers are an isolated, resource controlled, and portable runtime environment which runs on a host machine or virtual machine and allows you to run an application or process which is packaged with all the required dependencies and configuration files on its own.

When you containerize an application, only the components needed to run this application and of course the application itself are combined into an image, which are used to create the Containers.

How are you utilising containers? Do you have questions on Containers? On Tuesday, 24th April, Microsoft Program Manager Ben Armstrong, will be answering your questions on Containers. It is a rare opportunity. Don’t miss out.

  • Date and Time: Tuesday, Apr 24, 2018, 4pm CEST (7am PDT / 10am EDT) Duration: Approx. 1 hour
  • Date and Time: Tuesday, Apr 24, 2018, 10am PDT / 1pm EDT (7pm CEST) Duration: Approx. 1 hour

You can also ask questions through twitter until Tuesday by including #AskBenArmstrong.

Webminar

Serial Console access for both #Linux and #Windows #Azure VMs #COM1 #SerialConsole

March 27, 2018 Leave a comment

SerialConsole-PrivatePreviewWindows
Source:
 https://azure.microsoft.com/en-us/blog/virtual-machine-serial-console-access/

Now, you can debug fstab error on a Linux VM for example, with direct serial-based access and fix issues with the little effort. It’s like having a keyboard plugged into the server in Microsoft datacenter but in the comfort of your office.

Serial Console for Virtual Machines is available in all global regions! This serial connection is to COM1 serial port of the virtual machine and provides access to the virtual machine and are not related to virtual machine’s network / operating system state.

All data is sent back and forth is encrypted on the wire.All access to the serial console is currently logged in the boot diagnostics logs of the virtual machine. Access to these logs are owned and controlled by the Azure virtual machine administrator.

You can access it by going to the Azure portal and visiting the Support + Troubleshooting section.

Security Access Requirements

Serial Console access requires you to have VM Contributor or higher privileges to the virtual machine. This will ensure connection to the console is kept at the highest level of privileges to protect your system. Make sure you are using role-based access control to limit to only those administrators who should have access. All data sent back and forth is encrypted in transit.

Access to Serial console is limited to users who have VM Contributors or above access to the virtual machine. If your AAD tenant requires Multi-Factor Authentication then access to the serial console will also need MFA as its access is via Azure portal.

How to enable it:

For Linux VMs: this capability requires no changes to existing Linux VM’s and it will just start working.

For Windows VMs: it requires a few additional steps to enable it:

  1. Virtual machine MUST have boot diagnostics enabled
  2. The account using the serial console must have Contributor role for VM and the boot diagnostics storage account.
  3. Open the Azure portal
  4. In the left menu, select virtual machines.
  5. Click on the VM in the list. The overview page for the VM will open.
  6. Scroll down to the Support + Troubleshooting section and click on serial console (Preview) option. A new pane with the serial console will open and start the connection.

Note: For all platform images starting in March, Microsoft have already taken the required steps to enable the Special Administration Console (SAC) which is exposed via the Serial Console.

 

 

Key features of the new Microsoft Azure Site Recovery Deployment Planner

December 19, 2017 2 comments

Azure Site Recovery Deployment Planner is now GA with support for both Hyper-V and VMware.

Disaster Recovery cost to Azure is now added in the report. It gives compute, storage, network and Azure Site Recovery license cost per VM.

ASR Deployment Planner does a deep, ASR-specific assessment of your on-premises environment. It provides recommendations that are required by Azure Site Recovery for successful DR operations such as replication, failover, and DR-Drill of your VMware or Hyper-V virtual machines.  

Also, if you intend to migrate your on-premises workloads to Azure, use Azure Migrate for migration planning. Azure Migrate assesses on-premises workloads and provides guidance

 Key features of the tool are:

  1. Estimated Network bandwidth required for initial replication(IR) and delta replication.
  2. Storage type(standard or premium storage) requirement for each VM.
  3. Total number of standard and premium storage accounts to be provisioned.
  4. For VMware, it provides the required number of Configuration Server and Process Server to be deployed on on-prem.
  5. For Hyper-V, it provides additional storage requirements on on-premises.
  6. For Hyper-V, the number of VMs that can be protected in parallel (in a batch) and protection order of each batch for successful initial replication.
  7. For VMware, the number of VMs that can be protected in parallel to complete initial replication in a given time.
  8. Throughput that ASR can get from on-premises to Azure. 
  9. VM eligibility assessment based on number of disks, size of the disk  and IOPS, OS type.   
  10. Estimate DR cost for the target Azure  region in the specific currency.


When to use ASR Deployment Planner and Azure Migrate?

  • DR from VMware/Hyper-V to Azure
  • Migration from VMware to Azure

 

Download the tool and learn more about VMware to Azure Deployment Planner and Hyper-V to Azure Deployment planner.

 

 

 

Extending Microsoft OMS to monitor Squid Proxy running in Linux with a plugin – part 1/3 #MSOMS

November 24, 2016 1 comment

Since Microsoft released OMS, I have been an early adopter and evangelist for the solution. Not only it is simple to deploy but it gives you a full spectrum of many of the workloads you have either on-premises or in the cloud and it does not matter which cloud. Be it Azure, AWS, Google and many others.

So, as I was advising on OMS for a customer, I found that they were running Squid Proxy servers. The Squid proxy server is one of the most famous proxy servers in the world and it has been utilised for years in many organisations. For that reason I then I decided to look at how OMS could leverage the monitoring for Squid.

squi3

As you can see here: https://github.com/Microsoft/OMS-Agent-for-Linux/tree/master/installer/conf/omsagent.d there are already many plugins for OMS to  monitor Windows and many Linux OS as well, DNS, Network, SQL, MySQL, Postgree, VMware, MongoDB, Security, Audit, Change Tracking and so on.

But, there was no Squid plugin and that’s where I brought back my past years of experience as a developer and although that was a long, long time go, I was able to developer in ruby a Squid plugin for Microsoft OMS.

How I developed it?

PART 1 : LOG Files

  1. I started but investigating the squid log on /var/log/squid/access.log and then I research REGEX expressions to extract information out of it. Below is a extract of it

1479696836.902    134 10.1.1.4 TCP_MISS/301 488 open http://cnn.com/ – HIER_DIRECT/151.101.0.73 –
1479696848.110    242 10.1.1.4 TCP_MISS/400 486 open http://www.sydney.com/ – HIER_DIRECT/54.253.253.77 text/html
1479696860.004    407 10.1.1.4 TCP_MISS/301 636 open http://www.7news.com.au/ – HIER_DIRECT/203.84.217.229 text/html

The initial difficult part for me was of to decouple the date/time to get it on a human readable format. So, after long hours of research and playing along, I decided for the following REGEX :

 REGEX =/(?<eventtime>(\d+))\.\d+\s+(?<duration>(\d+))\s+(?<sourceip>(\d+\.\d+\.\d+\.\d+))\s+(?<cache>(\w+))\/(?<status>(\d+))\s+(?<bytes>(\d+)\s+)(?<response>(\w+)\s+)(?<url>([^\s]+))\s+(?<user>(\w+|\-))\s+(?<method>(\S+.\S+))/
(If you have a better one, please feel free to shot me)

 

  1. I then wrote a squidparserlog.rb in ruby to parse the Squid access.log file and turn it into a OMS format
class SquidLogParserLib
require ‘date’
require ‘etc’
require_relative ‘oms_common’
require ‘fluent/parser’
    def initialize(error_handler)
@error_handler = error_handler
end
    REGEX =/(?<eventtime>(\d+))\.\d+\s+(?<duration>(\d+))\s+(?<sourceip>(\d+\.\d+\.\d+\.\d+))\s+(?<cache>(\w+))\/(?<status>(\d+))\s+(?<bytes>(\d+)\s+)(?<response>(\w+)\s+)(?<url>([^\s]+))\s+(?<user>(\w+|\-))\s+(?<method>(\S+.\S+))/
    def parse(line)
      data = {}
time = Time.now.to_f
      begin
REGEX.match(line) { |match|
data[‘Host’] = OMS::Common.get_hostname
          timestamp = Time.at( match[‘eventtime’].to_i() )
data[‘EventTime’] = OMS::Common.format_time(timestamp)
data[‘EventDate’] = timestamp.strftime( ‘%Y-%m-%d’ )
data[‘Duration’] = match[‘duration’].to_i()
data[‘SourceIP’] = match[‘sourceip’]
data[‘cache’] = match[‘cache’]
data[‘status’] = match[‘status’]
data[‘bytes’] = match[‘bytes’].to_i()
data[‘httpresponse’] = match[‘response’]
data[‘bytes’] = match[‘bytes’].to_i()
data[‘url’] = match[‘url’]
data[‘user’] = match[‘user’]
data[‘method’] = match[‘method’]}
rescue => e
@error_handler.logerror(“Unable to parse the line #{e}”)
end
      return time, data
end   #def
   end   #class
3. Finally, I wrote the squid.conf for OMS
# enhanced parse log with date format , which pass the path for the log to the SquidLogParser and tag it as oms.api.Squid. By doing this, you will end up with 11 custom fields in OMS for the LOG TYPE Squid_CL
<source>
type tail
format SquidLogParser
path /var/log/squid/access.log
pos_file /var/opt/microsoft/omsagent/state/var_log_squid_access.pos
tag oms.api.Squid
log_level error
</source>
squid-fields

 

On my next article I will go through the next part, which is getting Squid Proxy Statistics in OMS, along with the full code.

squid2.png

 

Windows 2016 released and with it Hyper-V and System Center

September 27, 2016 Leave a comment

Microsoft released today at the Microsoft Ignite conference in Atlanta the newest release of Windows Server 2016!

Windows Server 2016 is jam-packed with innovation and customer response has been overwhelming, with more than half a million devices running the final Technical Preview. These customers range from large global enterprises to private cloud hosters to organizations of every size from every corner of the globe – Erin Chapple, General Manager, Windows Server

 

Windows Server 2016 delivers powerful innovation across three areas:

  • Advanced Multi-layer Security: Use Shielded Virtual Machines to help protect your virtual machines from a compromised fabric as well as improve your compliance. Shielded Virtual Machines are encrypted using BitLocker and will run on healthy hosts. To help prevent attacks and detect suspicious activity with new features to control privileged access, protect virtual machines and harden the platform against emerging threats.Watch an introduction to Shielded Virtual Machines
  • Software-defined Datacenter with Hyper-V: Run your datacenter with the utmost confidence with an automated, resilient server operating system. Azure utilises Windows Server and Hyper-V at a massive scale. Windows Servers delivers a more flexible and cost-efficient operating system for any datacenter, using software-defined compute, storage and network features inspired by Azure. Explore server virtualization with Hyper-V
  • Cloud-ready Application Platform: Run your existing apps on Windows Server 2016 without modifying them. Take advantage of enhanced security and efficiency features in the fabric. Applications are at the heart of every organization and its ability to serve customers and compete effectively for their loyalty.  Windows Server 2016 delivers new ways to deploy and run both existing and cloud-native applications – whether on-premises or in Microsoft Azure – using new capabilities such as Windows Server Containers and the lightweight Nano Server deployment option.  Learn more about containers  and Learn more about Azure Service Fabric on Windows Server 2016

 

Availability: Windows Server 2016 is available for evaluation starting today

Note: Volume licensing customers will be able to download fully licensed software at General Availability in mid-October.

Azure Automation: Calling a PowerShell from a WebApp

April 15, 2016 Leave a comment

I am working on a project that requires an Azure PowerShell to be called from a WebApp. Without entering in the details of the app, I faced a problem when writing the PowerShell script when it came to the authentication and running the PowerShell script from the Azure Automation portal is not my scenario.

webhook-overview-image

Automation: The figure shows an External App calling a Microsoft Azure Webhook to starts a runbook

Before I start, let’s have a look on the authentication Methods. The following table summarizes the different authentication methods for each environment supported by Azure Automation and the article describing how to setup authentication for your runbooks.

Method Environment Article
Azure AD User Account Azure Resource Manager and Azure Service Management Authenticate Runbooks with Azure AD User account
Azure AD Service Principal object Azure Resource Manager Authenticate Runbooks with Azure Run As account
Windows Authentication On-Premises Datacenter Authenticate Runbooks for Hybrid Runbook Workers
AWS Credentials Amazon Web Services Authenticate Runbooks with Amazon Web Services (AWS)

So, what methods I found to start the PowerShell from my WebApp?

  • Option 1: Webapp calling a PowerShell Azure RM Automation Runbook.
  • Option 2: Webapp calling an Azure Automation webhooks. Great way of doing it. A webhook allows you to start a particular runbook in Azure Automation through a single HTTP request. The webhook would allow external services such as my custom application to start runbooks.
  • Option 3: Webapp calling a PowerShell script. The issue here becomes the authentication.

 

Let’s start with Option 1. I will discuss the other options in the next posts

 

Option 1: Webapp calling a PowerShell Azure RM Automation Runbook

You can use PowerShell Workflow (recommended as you can use parallel processing to perform multiple actions in parallel) or PowerShell Script. More info here.

Note: You can’t convert runbooks from one type to another.

Create an Azure automation account

1.1.         Log in to the Azure portal.

1.2.         Click New > Management > Automation Account

1.3.         In the Add Automation Account blade, configure your Automation Account details (e.g. Name)

1.4.         From your automation account, click the Assets part to open the Assets blade to create a new credential.

1.5.         Click the Credentials part to open the Credentials blade.

1.6.         Click Add a credential at the top of the blade.

1.7.         Complete the form and click Create to save the new credential. For more info see Credential assets in Azure Automation

 

Create a PowerShell script/workflow with the commands required for your solution (for example: get a list of VM’s)

$cred = Get-AutomationPSCredential –Name “Replace with the Crendential NAME”

Add-AzureRMAccount –Credential $cred Select-AzureSubscription –SubscriptionName “replace your Subscription NAME”

Get-AzureVM

 

Create an Azure Automation Runbook

1.8.    In the Azure Portal, click on Automation Accounts and select the Automation account you created previously

1.9.    Click on the Runbooks tile to open the list of runbooks.

1.10.    Click on the Add a runbook button and then Import.

1.11.    Click Runbook file to select the file to import

1.12.    If the Name field is enabled, then you have the option to change it. The runbook name must start with a letter and can have letters, numbers, underscores, and dashes.

1.13.    Select a runbook type taking into account the restrictions listed above.

1.14.    The new runbook will appear in the list of runbooks for the Automation Account.

1.15.    You must publish the runbook before you can run it.

Alternatively, to import a runbook from a script file with Windows PowerShell:

$AutomationAcct = “Your Automation Account Name”

$runbookName = “TestRunbook”

$scriptPath = “c:\MyRunbooks\TestRunbook.ps1”

Set-AzureAutomationRunbookDefinition -AutomationAccountName $AutomationAcct -Name $runbookName -Path $ scriptPath -Overwrite

Publish-AzureAutomationRunbook -AutomationAccountName $AutomationAcct –Name $runbookName

 

Create an ASP.NET website which will call a PowerShell command.

The Webapp should call the following PowerShell:

Start-AzureAutomationRunbook –AutomationAccountName “replace with your Automation Account NAME created in step 1.3″ –Name ” replace with your runbook name. for eample:MyGetVMRunbook ”

For more info, click here

Next Post: Option 2 and 3….

Categories: Cloud, Microsoft Tags: , ,

Azure ASR’s SLA-backed enhanced VMware to Azure solution is now ready to replicate your on-premises workloads to Azure

January 14, 2016 Leave a comment

You heard right. Microsoft has launched an enhanced version of its Azure Site Recovery (ASR) targeted especially for VMware customers.

asr-new

The concept of ASR is very simple: organisations will be able to replicate their VMware virtual machines (VMs) to Azure, update and then run them in Azure as a disaster recovery option. They will be charged a small amount by VM but won’t have to pay for compute or storage until the VM is up and running in Azure.

To note, Azure Site Recovery, as part of Microsoft Operations Management Suite (OMS), enables your organisation to gain control and manage your workloads no matter the source: Azure, AWS, Windows Server, Linux, VMware or OpenStack.

 

Some of the key ASR characteristics:

  • With non-disruptive recovery testing, you can easily test the failover of your VMware virtual machines to Azure within minutes, and validate your workload’s performance in Azure, without impacting on-going replication or the production workload.
  • With ASR-integrated failback, start replicating your Azure virtual machines back to your on-premises ESXi environment, and failback to the original or an alternate location when your on-premises site is once again available for use.
  • Heterogeneous workload support, automated VMware vCenter Server discovery
  • Continuous data protection (CDP), one-click failovers with ASR Recovery Plan
  • Rich health monitoring and e-mail notifications.

I’ve been working with ASR for a while and I definitely recommend it.

Ready to start using ASR? Check out additional product information, to start replicating your workloads to Microsoft Azure using Azure Site Recovery today. You can use the powerful replication capabilities of Site Recovery for 31 days at no charge for every new physical server or virtual machine that you replicate.

You can read the announcement at https://azure.microsoft.com/en-us/blog/ga-enhanced-migration-and-disaster-recovery-for-vmware-virtual-machines-and-physical-servers-to-azure-using-asr/