Home Blog Page 4

AzureLeap SmarTip – Allocate and deallocate network cards in Azure

0

Sometimes we need to face issues or we need to solve and fix critical problem and configuration in our Azure network, especially VM.

I face many issues because misconfigurations or people change network settings or we just want to quickly try different network settings very fast.

For example, we need to move a VM in another VNET, try a different network setting for test, or we need to replace or fix critical network issues in the VM, for example someone completely changed the internal network card in the VM and we are not able to connect to that VM anymore.

There are many solutions on that, one of these and, in my opinion very smart, is reallocating the network card in the VM.

To deallocate the network card, select your VM, and select Networking.

Note

If your VM has a single network card you will need to stop the VM completely from the Azure console.

Click on attach network card and create or select the new one, it needs to in the same region, and click ok.

Now you can start your VM with a new network configuration.

AzureLeap – Azure Onboarding Resources

0

This is the onboarding resources list, I will keep this guideline updated.

Enrollment

Onboarding Guide to the Microsoft Azure Enterprise Portal (Direct Enrollment)

https://wazcommunity.files.wordpress.com/2017/01/azuredirecteacustomeronboardingguide_en.pdf

Scaffold, Organisation and Architecture

Azure Enterprise Scaffold

This article provides a starting point for technical professionals to address the need for governance, and balance it with the need for agility. It introduces the concept of an enterprise scaffold that guides organizations in implementing and managing their Azure subscriptions.

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-subscription-governance

Azure Onboarding Guide for IT Organizations

The purpose of this document is to provide an overview, guidance, and best practices for enterprise IT departments to introduce, consume, and manage Microsoft Azure-based services within their organization. The target audience is enterprise architects, cloud architects, system architects, and IT managers.

http://download.microsoft.com/download/F/F/F/FFF60E6C-DBA1-4214-BEFD-3130C340B138/Azure_Onboarding_Guide_for_IT_Organizations_EN_US.pdf

Azure Services 101 Cards

Main board for each important service with providing information regarding:

  • Overview
  • Pricing
  • Technical documentation

http://azureinteractives.azurewebsites.net/Azure101Cards/default.html

Products available by region

This is the link you need to evaluate if a product is available in a specific region.
Azure is generally available in 36 regions around the world, with plans announced for 6 additional regions. We place a high priority on geographic expansion to enable higher performance and to support your requirements and preferences regarding data location.

Graphical version.

https://azure.microsoft.com/en-gb/regions/

Diagram version.

https://azure.microsoft.com/en-gb/regions/services/

Cloud Design Patterns

The board with the common patterns and solutions

http://azureinteractives.azurewebsites.net/CloudDesignPatterns/default.html

Security and Operation Management

Guideline providing the key products per area.

http://azureinteractives.azurewebsites.net/AzureSecurity/default.html

Azure Architecture Center

Then main guide for Azure Architecture

https://docs.microsoft.com/en-us/azure/architecture

 

Tools

AzureDockit

Number one tools for azure documentation.

https://www.azuredockit.com/

 

Operational and Management

Azure Resource Manager vs. classic deployment: Understand deployment models and the state of your resources

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-deployment-model

Azure Quickstart Templates

https://azure.microsoft.com/en-gb/resources/templates

 

 

 

 

 

 

Azure PowerShell TOP scripts

0

This is a list of the most used and useful PowerShell commands I use in Microsoft Azure, I will keep this guideline updated time to time.

Install PowerShell navigating in the link below and selecting PowerShell (Specific OS) at the bottom

https://azure.microsoft.com/en-us/downloads/

 

Script

Comment

https://github.com/Azure/azure-powershell

To install Azure PowerShell

http://ninocrudele.com/azure-and-powershell-installation-and-quick-fixes

To install Azure PowerShell and some quick fixes

Find-Module -Name AzureRM | install-module -AllowClobber

To install the AzureRM module and force all overriding

Update-Help -Force

To force an update of the AzureRM modules

$PSVersionTable.PSVersion

Check your PowerShell version

Login-AzureRmAccount

Used to login into azure account

Set-AzureRmContext -SubscriptionName ‘mysubscription’

To switch between the subscriptions

https://gallery.technet.microsoft.com/Set-Azure-Resource-Manager-f7509ec4

Changing the availability group in an existing Azure VM is not currently available in the Azure Portal.

Get-ExecutionPolicy

Check the script execution policy setting

Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Confirm

Set the script execution policy setting

git –version

Check that git is accessible from PowerShell.
If git is not recognized as the name of a command verify that you have Git installed. If not, install Git from https://git-scm.com

Get-AzureRmVMSize -Location $locName | Select Name

Get all tiers available per reagion

Enter-PSSession -ComputerName 10.0.0.1 -Credential Get-Credential

Start a remote session (Enable the WinRM in the NSG)

https://gallery.technet.microsoft.com/scriptcenter/List-all-VMs-in-all-fc092c02

Get all Azure VM in All Subscriptions

Get-AzureRmVMSize -ResourceGroupName “Name” -VMName “Name”

Get Azure VM sizes

 

AzureLeap – Azure Network Optimisation checklist

0

This is a checklist for network optimisation in azure, I will keep this list updated

Use accelerated Networking

Virtual machines must be created with Accelerated Networking enabled. This feature cannot be enabled on existing virtual machines. You can follow the steps below to enable accelerated networking

https://docs.microsoft.com/en-us/azure/virtual-network/create-vm-accelerated-networking-powershell

Use Receive Side Scaling (RSS) can reach higher maximal throughput

RSS may be disabled by default in a Windows VM. To determine whether RSS is enabled, and enable it if it’s currently disabled, complete the following steps:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-optimize-network-bandwidth

Perform a network latency test

http://www.azurespeed.com/

Perform a network latency test from the local machine

Check which datacentre is better and closer

http://azurespeedtest.azurewebsites.net/

Perform a deeper network latency test from the local machine

Used to profile and measure Windows networking performance, NTttcp is one of the primary tools Microsoft engineering teams leverage to validate network function and utility, especially if you have to test from a VM in the on-premise environment.

https://gallery.technet.microsoft.com/NTttcp-Version-528-Now-f8b12769

AzureLeap – Azure Networking Troubleshooting Guideline

This is a troubleshooting guideline for Azure networking

http://ninocrudele.com/microsoft-azure-networking-troubleshooting-guideline

AzureLeap – Microsoft Azure Networking Troubleshooting Guideline

0

This is a troubleshooting guideline for Azure networking, I will keep this guideline updated.

Performing a network troubleshooting is a very complex job, especially when on-premise environment and different data centres are involved.

Azure Network Watcher

Microsoft Azure provides Azure Network Watcher, it is a complete solution to assist you with network troubleshooting, monitoring and more.
We also need to use other tools as support like Wireshark, Microsoft Message Analyzer and CapAnalysis for packets analysis and it runs in Linux only but very powerful and open source.

First of all we need to enable the Azure Network Watcher (ANW) and in order to do that we need to search for Network Watcher and select the same region where our VM or resources we want to troubleshoot are located.

Note:

The important point is that the ANW need to be enabled in all the same regions that our resources we want to troubleshoot are located.

The ANW will create a resource group for you for each region

You will see the ANW partially enabled

Network Security Group rules

To check the NSG associated to our VM we need to select the ANW and select Security group viewer and you will be able to select the RG you want, the VM inside the RG and the network interface.

Here we can check the effective rules applied for inbound and outbound, we can also check for the subnet, the network interfaces and the default rules.

We can download the excel spreadsheet to do statistics and reporting and send the rules to the IT admins and have a call with them.

Network Security Group access

We know the rules now but we like to test these ports and check if we have some not unsecured or vulnerable ports opened or if we have the ports we need properly setup.

In order to do that we need to select IP flow verify, select our NSG, VM as before and we can start checking our ports, for example we can start checking or RDP connectivity like below

We can see that it is enabled and we can see the rule

In the other case we see if the port it is denied and the rule as well

Network Topology

This is very useful to understand how the network is composed, select Network Topology, the subscription, NSG and VN and you will have all the topology, you can also download the SVG file.
Below I created an NLB with a couple of VM to create a bit more complex scenario.

Check the connectivity

This is the most important check because we test the connectivity between our server and network with others and external VM and networks.
Think about the classic scenario where we have performances issues and we need to understand if the reason is the network or CPU or other, this is a saving life feature.

We can have connectivity issues for a lot of different reasons and sometime the cause of our performances problem could be the CPU, Disk, the storage, using ANW we can easily check the network performances.

In order to do that we need to install the Network Watcher Agent NWA in both the machines, to install the NWA in an Azure VM we need to select the VM, select extensions

And select the NWA for Windows

Select the Connectivity Check in ANW and set the source and destination machine

ANW will check the connectivity and issues, for example in this case I see found an issue in the NLB.

NWA MSDN documentation here

AzureLeap – Azure Security Health Check with Azure TechCenter

0

Azure Security TechCenter is a primary resource to manage our security in Azure

How do we need to use it?

AST provides any information we need to improve our security, a lot of best practices and most important the security guidance.

The most important areas are:

The top one is the Microsoft Security Advisory

The service is totally free and you can register here

Using the Security Guidance, we can check the latest updates and issues

I found very useful the possibility to download the Excel format.

Very important the Azure Security Blog, where we can find the most important news and with papers.

Security bulletins to check the lasts releases and news.

The Security Update Guide is the authoritative source of information on Microsoft security updates.

The Report a Computer Security Vulnerability, If you have a critical security issue or vulnerability.

The Microsoft Technical Security Notifications, it helps protect your computing environment by keeping up to date on Microsoft technical security notifications

AzureLeap – troubleshoot unexpected shutdown and automatic updated in your Azure VMs

0

Sometimes we experience an unexpected shutdown in our VMs in Azure, to troubleshoot that I recommend these steps.

Open the event viewer

and filter the System Windows Log for these events number

6005,6006,6008,6009, 1074, 1076

the current event ids show you all the VM reboots, the service restarts (6…) and the shutdown types (1074)

When you have the message then check the shutdown reason code in the description and in the site below you can find the description

https://msdn.microsoft.com/en-us/library/aa376885%28VS.85%29.aspx?f=255&MSPPError=-2147217396

When you have the exact time, you can check the Application and the other Windows logs for specific errors.

Sometime the restart is due by the Window Update service and the best way to check this is looking in the Windows update logs.
You can find this log into C:\Windows\WindowsUpdate.log

In this log you will find any operation performed by the update service, even the restarted.

If you like to disable the automatic restart, you can do that opening the Local Group Policy Editor.

Search for Edit group policy

Navigate into:

Computer Configuration\Administrator Templates\Windows Components\Windows Update

Enable the No auto-restart policy as below.

 

AzureLeap – Improve productivity with Azure Quickstart Templates

0

Microsoft Azure portal is very well organised and it offers a lot of features to make our operational activities easier.
However the portal is often updated and for that reason I always recommend using PowerShell and ARM template to operate.
The using of scripting and ARMs templates keep our teams and departments always aligned with our internal standards without taking the risk of any internal reengineering of knowledge update.

The Azure Quickstart Templates is a very productive way offered by Microsoft to create our resource in Azure, let make an example.

Many time we need to do the same operations like, creating VMs, networks, NLBs and more, one of the first operation when we need to create VMS is Load Balancer and rules.

For example, to create a resource like an NLB navigate go to the Azure Quickstart Templates site and search for virtual network or NLB and select the template.

The interesting thing is the possibilities offered by the portal, we can get the script from GitHub and use it or we can use the portal directly.

The second option is interesting and this improves a lot our productivity.

We can also edit our template and save it.

AzureLeap – Azure Onboarding Resources

0

This is the onboarding resources list, I will keep this guideline updated.

Scaffold, Organisation and Architecture

Azure Enterprise Scaffold

This article provides a starting point for technical professionals to address the need for governance, and balance it with the need for agility. It introduces the concept of an enterprise scaffold that guides organizations in implementing and managing their Azure subscriptions.

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-subscription-governance

Azure Onboarding Guide for IT Organizations

The purpose of this document is to provide an overview, guidance, and best practices for enterprise IT departments to introduce, consume, and manage Microsoft Azure-based services within their organization. The target audience is enterprise architects, cloud architects, system architects, and IT managers.

http://download.microsoft.com/download/F/F/F/FFF60E6C-DBA1-4214-BEFD-3130C340B138/Azure_Onboarding_Guide_for_IT_Organizations_EN_US.pdf

Azure Services 101 Cards

Main board for each important service with providing information regarding:

  • Overview
  • Pricing
  • Technical documentation

http://azureinteractives.azurewebsites.net/Azure101Cards/default.html

Products available by region

This is the link you need to evaluate if a product is available in a specific region.
Azure is generally available in 36 regions around the world, with plans announced for 6 additional regions. We place a high priority on geographic expansion to enable higher performance and to support your requirements and preferences regarding data location.

Graphical version.

https://azure.microsoft.com/en-gb/regions/

Diagram version.

https://azure.microsoft.com/en-gb/regions/services/

Cloud Design Patterns

The board with the common patterns and solutions

http://azureinteractives.azurewebsites.net/CloudDesignPatterns/default.html

Security and Operation Management

Guideline providing the key products per area.

http://azureinteractives.azurewebsites.net/AzureSecurity/default.html

Azure Architecture Center

Then main guide for Azure Architecture

https://docs.microsoft.com/en-us/azure/architecture

 

Tools

AzureDockit

Number one tools for azure documentation.

https://www.azuredockit.com/

 

Operational and Management

Azure Resource Manager vs. classic deployment: Understand deployment models and the state of your resources

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-deployment-model

Azure Quickstart Templates

https://azure.microsoft.com/en-gb/resources/templates

 

 

 

 

 

 

AzureLeap – How To Share Files in Microsoft Azure and On-Premise

0

To share file in Microsoft Azure, especially between on-premise and cloud, a very good option is Azure File Share, it is reliable and secure.

Enter in the Azure Portal and create a Storage Account.

Access in the Storage Account, select overview and Files.

Add a new file share.

Now you can directly upload files and create directory from the UI.

Let have a look how to share this, click connect and select the best option for you to share the storage, I selected the net use.

Open the command prompt in the machine you like to add the share and rune the command below:

cmdkey /add:STORAGE-ACCOUNT-NAME.file.core.windows.net /user:STORAGE-ACCOUNT-NAME /pass:STORAGE-ACCOUNT-KEY

Reading the connection string generated by the portal below

net use Z: \\ STORAGE-ACCOUNT-NAME.file.core.windows.net\misfmfileshare /u:AZURE\ STORAGE-ACCOUNT-NAME
STORAGE-ACCOUNT-KEY

You can find these information below:

Click on the storage account and select Access Keys, copy the first key.

STORAGE-ACCOUNT-NAME:
copy the storage account name.

STORAGE-ACCOUNT-KEY: copy the first key.