Home Blog Page 3

ftp.exe doesn’t work in Azure – Fail to send PORT command in FTP with NAT – 500 Illegal PORT command.

0

Well this was such a journey for me, and when I read the answer from Microsoft support I thought, I really need to blog on this.

One application, maybe a old one, was using ftp.exe commands to execute some operations, at some point it needed to be migrated in Azure.
People asked me to investigate to an issue, the ftp.exe command was able to log to cddis.gsfc.nasa.gov but, after that, no way to execute ftp commands from the Azure VM, for example like the ls command, see below.

I tried many different tests, disabling firewalls, NSG, trying different OS etc…
The curious thing for me was the fact that the same command was able to work from another Windows Server and my laptop (both not in Azure).
See below the same command running on my laptop

At some point I raise a request to the Microsoft support using the portal, something I recommend to use for any EA customer, they are really good and fast.

I report the official answer for any benefit.

“Thank you for contacting Microsoft Support. My name is XXXXXXXXXXX.  I am the Support Professional who will be driving this Service Request forward.
You may reach me using the contact information listed below in my signature, referencing the SR number: 123123123123.
My understanding is that you are unable to execute commands in your FTP site.
We will consider the case resolved once we have been able to help you achieve the same.
We will now begin working together to resolve your issue. If you do not agree with the scope defined above, or would like to amend it, please let me know as soon as possible.

I have reviewed on your concerns and based on my findings, below are my responses:
I understand that you configured Active FTP  in Azure and is unable to executes commands. Active FTP is not supported in Azure environment, also the default Windows command line

ftp.exe, doesn’t work in Azure. The command tends to initiate an Active connection and refers to  the private IP of the client VM (VM Name LXX-XXX-C02, DIPs 10.XXX.XXX.11),
whereas trying to initiate a connection to a public IP and thus fails.

Kindly refer to this link for more information. ”

I think the statement “ftp.exe, doesn’t work in Azure.” is something really important to know, how to solve this?

You can easily use other tools like Winscp.

I hope this can help.

Azure RDP connectivity error – CredSSP encryption oracle remediation SOLVED

0

You can occur in this error during you are trying to connect to a VM via RDP.

This is a very annoying error and I am writing a post to keep note of that and maybe help other people on solving this quickly.

Execute gpedit.msc in the Windows command.

In the Local Security Policy Editor navigate into:

Computer Configuration >Administrative Templates >System>Credentials Delegation>Encryption Oracle Remediation

Set Encryption Oracle Remediation to Enabled and Protection Level to Vulnerable.

Azure Billing WARNING: Offer id MS-AZR-0017P is not supported SOLVED

0

When you try to execute the PowerShell Cmdlet Get-AzureRmConsumptionUsageDetail or other Cmdlet from AzureRM.Consumption module.

This situation may happen for many reasons, for example you are trying to use a not supported Azure Subscription type, you can check the supported types in the list below.

https://azure.microsoft.com/en-us/support/legal/offer-details/

You won’t see this offer in the list because this is the Enterprise Agreement offering code.
For me the message error was a bit misleading, and after some investigation I found that the issue is due by a not updated AzureRM.Consumption module version.

To solve this issue you need to start a PowerShell console as Administrator, and you need to update your Azure module using the command below:

Install-Module
-Name
AzureRM
-Repository
PSGallery
-Force


and after that I would recommend an update

Update-Module
-Name
AzureRM

Now close all your PowerShell consoles instances running and reopen again.

My top strategies for costs optimization and governance in Microsoft Azure (Subscriptions distribution)

0

Cost optimization is a very complex topic in any cloud scenario, especially at the enterprise level, I like to share some shorts but extremely useful advice on that, I will write more and, maybe I will also record a video.

In the last year I tested many different strategies, and I learned a lot from these, the first important lesson is that there is not a real universal solution for that, you need to accommodate the best practices to your company business strategy.

From my experience it is extremely important to follow, what I like to call, the Azure Scaffold Law (ASL), following the ASL you can keep your Azure strategy focused in the most important pillars.

Look at the article below

https://docs.microsoft.com/en-us/azure/architecture/cloud-adoption/appendix/azure-scaffold

Microsoft recently updated the picture below; I think because of the subscription group and more focused on the operational side, which makes sense.

The picture above shows what is important and to take care about in Microsoft Azure, but I think that the old one was more focused about the pillars (see below).

In my opinion, the old one represents the distribution of the most important components; the new one is grouping all together subscriptions and RG, what I define as the distribution strategy.

Maybe I would isolate Subscriptions from RG; they are two different critical components.

Subscription is the real key in any costing strategy.

Obviously, I am speaking for Enterprise Agreement (EA), if you have a single subscription contract, you are forced on managing your distribution strategy using Resource Groups and Tags, no other options on that.

In an enterprise scenario the using of Subscriptions is crucial, and for many reasons, cost isolation, multi-tenants isolation, security and abstractions and more.

In my experience, the best strategy is to create a top subscription that you can call Base and from that subscription create
all other subscription, see below.

At the Base subscription we can configure shared asset like ExpressRoute or Firewalls Appliances etc…

From the Base we can use peering to connect and share the connectivity and the assets.

It is very simple; we need to keep in mind the two basic principles of subscription: Isolation and single billing container.

Subscription is one of the most important components in Microsoft Azure with RBAC and Policies, using these three components you create your entire Azure strategy.

The costing management is another story, very related with subscription but, in term of reporting and distribution, it is very dependent by the platforms and tools available.

Below my actual view based on my experience:

MEP (Microsoft Enterprise Portal), totally based on the concept of Account<>Subscription, you can use it if you are confident on providing administrative access to the subscriptions, something that I don’t recommend, it is good to have just 2 Owners accounts in all the subscriptions, same 2 accounts in all of them.
We need to keep always in mind that a subscription Owner can easily cancel an entire subscription, he can also grant any security access to it and a lot more, too risk.

Cloudyn, good as reading/reporting dashboard, a lot of features to filter your data etc…, I am just using it for that reason only.

Power Bi, really good with Azure Consumption and you can create good reporting using Power BI desktop, I think it is good if you like to provide nice fancy reports to your management.

Azure consumption API, it definitely what you need to create technical cost reporting for your finance department, a lot of APIs exposed, so it is really good to create excel reporting or inside your applications, especially if you look to integrate your applications with Azure Costs Provider.

ServiceNow, another great strategy is integrating ServiceNow with Microsoft Azure ARM, using this way we can control everything happens in our cloud, also creating an approval process and, why not, directly providing the cost allocation to the financial department.

WPC 2018 Milan – Microsoft Azure from 0 to 100

0

I am very happy to confirm my presence at WPC 2018 and with a great session, I want to thank Overnet Education for this opportunity now become an annual appointment.
WPC 2018 is the most important IT conference in Italy with hundreds of amazing sessions and innovative content.

This year I am going to present a very interesting session, the meaning of the session is simple, provide to the attendees all they need to work with Microsoft Azure in the best and productive way.

I will explain how to approach to Azure, the top governance strategies, naming standards, costs and finance strategies, top security and networking strategies, optimization, cost saving and a lot more.

The session is all based on my personal experience, just a couple of slides and 100% practice, I will share with the attendees the challenges I faced, my results and, with not, my mistakes and the chicken ways as well

It is a unique session full of information and high-quality material, at the end of the session I will provide all the material and documentation

It is a can’t-miss session, see you there!

AzureLeap – How to optimize your Azure environment at the TOP using Azure Advisor

0

Azure Advisor (AzA) is a free service in Azure Portal that we can use to optimise many critical areas like, Costs, Performances, Security and HA.

We can access to AzA searching Advisor in the Azure Portal.

The Advisor portal provides a great overview of our possible issues

Each feature monitored use different parameters, for example, the VM are monitored for 14 days and so on.

AzA monitors the usage of VM, SQL Server and Networking, and we can export our recommendations in excel or pdf, which is very useful for working with the different departments.

Selecting a specific recommendation we can have a very clear taxonomy

We can dismiss and manage our recommendation which is important for a customization management

There are a lot of great feature inside, for example the possibility of automate and execute the recommendations, below is the case of SQL Server index performance optimization.

A great feature I like to use is the Azure Advisor APIs

https://docs.microsoft.com/en-us/rest/api/advisor/

Using the APIs, we can automate the generation or our recommendation.

I strongly recommend the using of Azure Advisor as you top support to maintain your Azure environment in good conditions and saving costs.

AzureLeap – How-to save our costs and money in Azure – Azure Reserved Instances

0

Saving costs, it is the most crucial topic in any cloud scenario, we use a lot of resources, and it can be very complicated in understanding what we can optimize or reduced to save our costs, I need to work a lot on this area and we have different options for saving cost, in this post I am going to show you a great one, Azure Reserved Instances (Azure RI), and we can apply it on the VMs and SQL Server.

https://azure.microsoft.com/en-us/pricing/reserved-vm-instances/

Azure RI is a very good option to do that, it provides a significant cost saving, up to 80% over pay-as-you-go, which is a lot, but it also provide other great advantages like budget predictability, flexibility and more.



Azure RI provides a significant saving cost on Windows Server workload; it is very flexible because we can change or cancel Azure RI at any time.
Very important it is also the Azure Hybrid Benefit which is related to Azure RI, if we are migrating our on-premise VM into Azure, we can use all cost about licensing and reuse them in the cloud.
The same concept of Azure HB is applied to Azure RI to save the costs, the combining of these two can provide us with a great cost benefit, up to 70% of saving.

How exactly is this relation?

Azure HB can be applied or not to the VM, if it is applied then there is no charge within Azure, and the customer is responsible for their on-premise SA and subscription payments in according with their license agreement, if Azure HB is not applied then the RI is calculated on the usage of the number of cores.

We can cancel the Azure RI at any time with a 12% of early cancellation fee with a limit of 50k $ per calendar / year for EA account.
Another great point is the Auto-fit which essentially apply the benefit of Azure RI to all the VM of the same family and datacentre; this allows us to maximise our saving cost and value.

The assignment is very important because we can assign Azure RI at almost any level, Account level, subscription level, so any time we spin up a VM that match our Azure RI, the benefit is applied.

The usage of Azure RI is distributed and applied across all our VM, great info below:

https://docs.microsoft.com/en-us/azure/billing/billing-understand-vm-reservation-charges

How to buy and create it?

From the Azure Portal search for Reservation


Select VM or SQL Server


Select Shared if you want to apply Azure RI at account billing level or Subscription for the single subscription.

After setting the parameter, you will have the exact cost you will pay for.



AzureLeap – Azure Backup strategies and costs

0

We have different options to backup our data, customized options using tools like AZCopy and Azure storage, even Azure Function, we can speak about these option in another post or video, the top Azure stack is Azure Backup.

Azure Backup is the stack we need to backup all our data in Azure and from the Othe n-Premise environment.

The using of Azure Back is straightforward but, of course, backup our resource involve storage, different availability strategies and most important costs, let go trough the most important things to know.

Why Azure Backup?

What we normally need to backup are , SQL Server database, VM and files, and we can backup using our own strategy, below a classic approach.

For SQL Server I recommend the using of Hallengren scripts to create your backkup plan (https://ola.hallengren.com/) and then copy your backups in a Azure storage account using AZCopy (https://azure.microsoft.com/en-us/blog/azcopy-5-1-release/).

For VM, create your snapshots and copy in the Azure Storage account as above.

For files simply copy in the Azure Storage account as above or you can use a File Server strategy using Azure FileSync https://argonsys.com/learn-microsoft-cloud/library/step-by-step-azure-file-sync-on-premises-file-servers-to-azure-files-storage-sync-service-afs-cloud-msignite/ , awesome stack.

We can use Azure Backup to backup our File Sync file share which provide a total availabilty.

The point is that we also need to create our backup governance, we need to manage all the infrastructure, in an enterprise scenario is quite impossible to centralize that.

Another interesting option is using our centralized backup system, for example like Quest Rapid Recovery (QRR) (https://www.quest.com) running in a VM and copy the QRR files in the storage account, QRR offers Azure integration out-of-the box, but also in this case we still need to manage our QRR VM and infrastructure.

QRR offer the possibility of installing a QRR VM ready to go in Azure and backup directly from on-premise, or directly configure an Azure storage account directly in QRR on-premise VM.

https://www.quest.com/video/how-do-rapid-recovery-and-azure-work-together-for-offsite-backups8121458/

Azure Backup will cover all of that with Azure Backup Service, which a centrilized service based on a service consuming cost that we can organize and planning following our requirements.

Azure Backup has also some other interesting option to know, we can install the Azure Backup in our VM and we can perfomr a Windows Server System State (WSSS), the WSSS is a service which will backup all the important VM configuration and OS data automatically like, IIS Metadata, Active Directory dta, the System Registry and more.

We can restore our internal OS system metadata very easily, also a single file if required.

https://azure.microsoft.com/en-us/blog/windows-server-system-state-backup-azure-ga/

What we need for very large data files, Up to 100 TP, Azure Backup is part of Azure Recovery Services Vault (ARSV) https://docs.microsoft.com/en-us/azure/backup/backup-azure-manage-windows-server , and ARSV provides the Azure Data Box Service, in this way we can directly integrate our Azure Data Box https://azure.microsoft.com/en-gb/services/storage/databox/ in on-premise.

Another important point, personally the top one, to consider is the security.

The backup is the the best prevention and defence against ransomware https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/10-significant-ransomware-attacks-2017/ .

We also need to consider that a criminal also attack the backup files and storage and not just the databases and files, we need to protect all.

Azure Backup provides encryption files with multiple layers authentication and of course, RBAC https://docs.microsoft.com/en-us/azure/role-based-access-control/overview , this is something we need to manage by our own in a classic backup scenario.

About costs.

We can easily calculate our cost using the pricing calculator https://azure.microsoft.com/en-us/pricing/details/backup/ , sometime I see people straggling a bit understanding how it works.

We have different voicies, first we can do the backup for Azure VM and On-Premise and the second tab for SQL Server on Azure VM, the VM backup doesn’t cover the SQL Server database backup in the VM.

We also have the Backup for Azure VMs and on-premises servers which is the cost for the Backup Service and we have the Backup Storage which is the cost just for the Account storage.

AzureLeap – How to get started with Microsoft Azure – My TOP TIPS.

0


I had a quite complicated period of my life and I’m finally back in the field with my blog and all my passion for technology.

First of all, I like to thank the company and my dear friends for the kind support in that period. I am a lucky guy having such nice people closed to me, now let go back to the techy stuff.

I hope this article can support people that are approaching on Azure and make the life easier, I will write more about that.

In the last year, I had the opportunity of working in Azure in a very intensive way, in my company we use any technology, we are always looking for right technology for the right solution.

Microsoft Azure is a vast environment, and it offers an enormous number of components, for a single component I mean for example Active Directory, now I think it is over the 650.

Before joining this amazing company, I was using Azure especially in the integration area, which was my specialisation.

My role requires me to be able to work in any area of Azure, from the infrastructure, security, integration, operational, governance, data and more, it is extremely challenging and it is extremely interesting because I am able to build a clear wide vision of this amazing technology environment.

A couple of months ago, during the Global Integration Bootcamp in London, I presented a session in which I was explaining my personal experience on Azure, and I received so many amazing feedbacks, so I decided to share more about that.

Before joining this company, I was working in the integration space, and I was focused on that area only, I realised just now that I was using a very little part of Azure and how much huge is it.

In this article, I’d like to provide the most important advice and tips about Microsoft Azure, these are good for any level, for the beginner who needs to start working in Azure and to the most experienced who can take some useful notes and ideas.

Learning

For the person who is starting, you cannot start reading the documentation about the Azure Scaffold without any idea about what it is speaking about, for that reason I recommend you to take a couple of training before.

Azure is huge, if you don’t have a clear idea about the base then you may have many problems in the future, I reccomend to start from the bottom, the infrastructure and networking.
For example, you cannot have an idea why you have performances problem on your service/VM or web site without an idea about how the networking works, and you cannot work with your data in a good way without a clear idea about the storage system in Azure.

You can use many resources but, like me, you don’t have any time to waste, watching sessions or webcast can be a solution when you are already familiar and you like just to check if any update, but in my opinion are not the solution, I recommend you these options that I normally use.

– Microsoft Academy

It is free and very well organised, nothing to say about it, you can find very good material.

https://mva.microsoft.com/

– Pluralsight

in my opinion a top-class service, and the pricing it is very cheap for the great quality of the content, I recommend you to start with very basic courses like below.

To start infrastructure.

https://app.pluralsight.com/library/courses/managing-infrastructure-microsoft-azure-getting-started/table-of-contents

https://app.pluralsight.com/library/courses/azure-vms-getting-started/table-of-contents

and networking I recommend to start with the bases, it is not about Azure, it is focused on networking, I personally recommend these two courses to anybody at any level.

https://app.pluralsight.com/library/courses/networking-fundamentals-pt1/table-of-contents

https://app.pluralsight.com/library/courses/networking-fundamentals-pt2/table-of-contents

When networking concept is good then I recommend these

https://app.pluralsight.com/library/courses/microsoft-azure-networking-implementing/table-of-contents

https://app.pluralsight.com/library/courses/architecting-azure-solutions-70-534-infrastructure-networking/table-of-contents

https://app.pluralsight.com/library/courses/manage-azure-virtual-networks-vpn-gateway/table-of-contents

– YouTube

Yes, definitely a top resource for learning, there are different options, the top one is the Microsoft Azure channel and the Azure Friday with a lot of very well done short videos able to explain you in a minute any component.

https://www.youtube.com/channel/UC0m-80FnNY2Qb7obvTL_2fA

an example about Azure Friday below

https://www.youtube.com/watch?v=O7wl0-P7HAw&list=PLLasX02E8BPDT2Z2pdCHNCkENpcQWy5n6

– Microsoft MSDN

The team provides great material, you cannot start working on Azure without a reading of these documents.

Before to start any action on Azure you need to have a look at the Azure OnBoarding documents here..

http://ninocrudele.com/azureleap-azure-onboarding-resources

Especially for the Azure Enterprise Scaffold.

https://docs.microsoft.com/en-gb/azure/architecture/cloud-adoption-guide/subscription-governance

The critical thing to know before the start working on Azure

There are some important things to know, below my personal top list:

– PowerShell

Use PowerShell, organize your job using it, it is important to know that Microsoft works a lot on the portal UI and it changes frequently, sometimes a feature changes places because is more convenient and usable, in other words, sometimes you can face some changes in the UI.

Using PowerShell and scripting you will be more consistent.

The Azure quick start template is what you need to keep in mind

https://github.com/Azure/azure-quickstart-templates

– Documentation

No many words to say here, AzureDockit is the top tools, it is not expensive and it provides you a fantastic documentation, the time you save using it is huge.

https://www.azuredockit.com/

– Performances

There is one important thing to know about that and many people miss, the Azure backbone is the main Microsoft network infrastructure behind any virtual network and all Microsoft traffic goes across it.

The Azure Backbone is a very high-performance network, in order to use the Azure Backbone you need to use Peering or VPN Gateway, without using these features you are travelling outside the backbone.

– Naming Standard

Don’t start working on Azure without a clear naming standard, this is a MUST.

The most important areas to know before starting are the Azure scaffold areas and, one of this is exactly the naming standard.

See below the Azure Scaffold Areas.


https://docs.microsoft.com/en-gb/azure/architecture/cloud-adoption-guide/subscription-governance

As you can see, there are other areas like Tags, Resource groups and so on, read this document and you need to have clear each of these and especially the importance of these areas.

– Multiple Subscriptions vs Resource groups.

This is a very old story, there is a very good reason to use multiple subscriptions and, in the same case, it is the only one and best option, some of these below.

Microsoft creates a unique billing for subscription, for example, if you need to charge in different subsidiaries and companies.

You need to use different tenants per subscriptions.

Some services like ExpressRoute are a lot more manageable per subscription.

In any Azure infrastructure, at an Enterprise level, you should have multiple subscriptions.

I like to organise in multiple subscriptions and I like the idea of using the main Base subscription, as you can see below, a structure like that is extremely extendable and able to provide a lot more control, below a little example.


 

 

 

 

 

 

 

You can connect the subscription by peering or VPN gateways.

AzureLeap

http://ninocrudele.com/azureleap

This is a community project I started time ago, at the moment is an area in my blog where I collect the most important information about my job and I share what I think it is very important and critical to know for the everyday job.

I am keeping update this area.

Stay tuned!


@AzureLeap SmartTip – Create and attach a new VHD to an Azure VM

0

The easiest and most accessible way to create and attach a new disk to a Azure VM is doing as below.
You don’t need to shut down

the VM.

Select your VM and select disks.

Click Create Disk

Set your properties and click create.

Click save and wait the job done.

Log into your VM and open the Computer Management and select your new partition.

Right click and select Initialize.

Right click again and select new volume.

 

All next/next and job done.