Microsoft Azure Hub-Spoke model by Enterprise Design 1 of 4
Microsoft Virtual Datacenter Transition to Azure (Hybrid Cloud) Microsoft Azure Hub-Spoke Architecture This Enterprise reference architecture shows how to implement a hub-spoke topology in Azure. The hub is a virtual network (VNet) in Azure that acts as a central point of connectivity to your on-premises network. The spokes are VNets that peer with the hub, and can be used to isolate workloads. Traffic flows between the on-premises datacenter and the hub through an ExpressRoute or VPN gateway connection. Read the complete Blogpost Journey to the Azure Cloud hereStep-By-Step: Manage file storage growth with Azure File Sync
At this point I’m sure you’re heard about Azure File Sync. If you have not, Azure File Sync (AFS) is a service that centralizes your file shares in Azure Files, while keeping the flexibility, performance, and compatibility of an on-premises file server. In essence, it transforms your File Server into a quick cache of your Azure file share. It’s a great way to deal with shrinking storage space in your environment by using AFS to tier your files to the cloud and ensure you never run out of space locally. the Article walks you through the setup.
Azure: Moving VHD to Azure with PowerShell and create VM image
Credits Original Article: https://wikiazure.com/compute/mover-vhd-hacia-azure-usando-powershell/ Introduction This is a guide for moving a VHD to Azure using PowerShell with Azure Resource Manager 5.1 module. Then in the Azure portal, we will create an image from the VHD, this will help us to be able to provision VMs from that image. Issue This guide is provided as an alternative solution for provisioning a KEMP LoadMaster virtual machine on an Azure subscription with the Enterprise Agreement in case there are limitations for the current region to provision the KEMP LoadMaster directly from the Azure marketplace. Note: You can move an exported VHD from a local virtualization tool or from another cloud. The use of managed disks for the new virtual machine simplifies the administration of the virtual machine and provides better availability when the virtual machine is placed in an availability set. Solution Move VHD to Azure using PowerShell and create an image object from the OS Disk Prerequisites: Active Azure subscription - Azure Free Account Azure Powershell 5.x - Azure Resource Manager Module VHD of the KEMP LoadMaster - Download VHD A resource group previously provisioned in the Azure subscription - see Creating Resource Groups using PowerShell Validate that the VHD is fixed size, that means it cannot be 10.1GB or 10.01GB in that case expand the size of the disk to 11GB using hyper-v manager Steps to move VHD to Azure using PowerShell 1. We will open Powershell on our local computer and access our Azure subscription through the command: "AzureRM.Profile \ Login-AzureRmAccount" 2. To simplify the process we will use two variables: The name of the Azure subscription and the ID of the Azure subscription by executing the following commands (replace the name and ID of your subscription): $Subscription = "Your Subscription Name" $SubscriptionId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" 3. We will select the current subscription as Default, for that we execute the following command: "Get-AzureRmSubscription -SubscriptionId" 4 d 278909 -xxxx-xxxx-xxxx-xxxxxxxx "-TenantId" 683 bfafa-xxxx-xxxx-a 787 -xxxxxxxxx "| Set-AzureRmContext" 4. Proceed to create a Storage Account / Storage Account through the following command: $storageAccount = New-AzureRmStorageAccount -ResourceGroupName "DRendon" ` -Name "kempvdhtestingdr" ` -SkuName Standard_LRS ` -Location "eastus" $ctx = $ storageAccount.Context 5. Now we are going to generate the container for our blob storage: $containerName = "kempvdhcontainerdr" new-azurestoragecontainer -Name $ containerName -Context $ctx -Permission blob 6. Store in a variable the location of the VHD: $localPath = 'C:\Users\daver\Downloads\VLM-trial\LoadMaster-VLM-Microsoft-HyperV\vlm2.vhd' 7. Assign a variable to name the VHD: $vhdName = 'kempVhdtest.vhd' 8. Proceed to move the VHD to the blob storage: $urlOfUploadedImageVhd = ( 'https://kempvdhtestingdr.blob.core.windows.net/kempvdhcontainerdr' + '/' + $vhdName) Add-AzureRmVhd -ResourceGroupName "DRendon" -Destination $ urlOfUploadedImageVhd ` -LocalFilePath $localPath -OverWrite "Add-AzureRmVhd cmdlet uploads on-premises virtual hard disks, in .vhd file format, to a blob storage account as fixed virtual hard disks" There are other optional parameters that we can make use of: AsJob: Run cmdlet in the background and return a Job to track progress. BaseImageUriToPatch: Specifies the URI to a base image blob in Azure Blob Storage DefaultProfile: The credentials, account, tenant, and subscription used for communication with Azure. NumberOfUploaderThreads: Specifies the number of uploader threads to be used when uploading the .vhd file. OverWrite: Indicates that this cmdlet overwrites an existing blob in the specified destination URI, if one exists. The VHD migration process will start right away and depending on the size it could take a couple of minutes: Once the upload has been successful you should see something like this: Now there are 2 options to create the image: from PowerShell or from the Azure Portal. Creating the image of the Virtual Machine Option 1. Creating the image of the Virtual Machine using PowerShell 1. Let's create an image object and then store it in the variable $ imageConfig $location = 'EastUS' $imageConfig = New-AzureRmImageConfig -Location $ location 2. Then we are going to set the properties of the operating system disk in the object of the image using the Set-AzureRmImageOsDisk command: $imageConfig = Set-AzureRmImageOsDisk -Image $imageConfig -OsType Windows -OsState Generalized ` -BlobUri $urlOfUploadedImageVhd 3. Now proceed to generate the image: $image = New-AzureRmImage -ImageName $imageName -ResourceGroupName $resourceGroupName -Image $imageConfig Option 2. Creating the image of the Virtual Machine in Azure Once the migration process is completed, go to the storage account to verify that the VHD is correctly listed: 2. Now go create a new resource, search for "image" then click on the image as shown below: 3. Provide the parameters required to provision the image from the VHD as follows: You will see a notification if the image was created correctly: Now we can create the virtual machines from this image when we need it: Script Download Here is the complete script on VHD migration with Azure Powershell 5.x, you can also download it from here: https://gallery.technet.microsoft.com/Move-your-VHD-to-Azure-e16f9fd6 AzureRM.Profile\Login-AzureRmAccount $subscriptionName = "Your Subscription Name" $subscriptionId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" $tenantId ="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" $resourceGroupName = 'DRendon' $location = 'EastUS' $vhdName = 'kemp360central-v1.25.vhd' $imageName = 'kempcentral25' $containerName = "kempcentraldrtestcontainer" $storageAccountName = "kempcentraldrtest" Select-AzureRmSubscription -SubscriptionId $subscriptionId #Select your default subscription on ARM Get-AzureRmSubscription -SubscriptionId $subscriptionId -TenantId $tenantId | Set-AzureRmContext #create new storage account $storageAccount = New-AzureRmStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName -SkuName Standard_LRS -Location $location $ctx = $storageAccount.Context #create container new-azurestoragecontainer -Name $containerName -Context $ctx -Permission blob #set the local path from the vhd $localPath = 'C:\Users\daver\Downloads\kemp360central\kemp360central-v1.25.vhd' # set the url of the image and move the vhd, also use the -overwrite option since process might fail sporadically # -overwrite solves the error Add-AzureRmVhd : The pipeline was not run because a pipeline is already running. # Pipelines cannot be run concurrently $urlOfUploadedImageVhd = ('https://' + $storageAccountName + '.blob.core.windows.net/' + $containerName + '/' + $vhdName) Add-AzureRmVhd -ResourceGroupName $resourceGroupName -Destination $urlOfUploadedImageVhd ` -LocalFilePath $localPath -OverWrite # Create a managed image from the uploaded VHD $imageConfig = New-AzureRmImageConfig -Location $location #set the managed disk from the image $imageConfig = Set-AzureRmImageOsDisk -Image $imageConfig -OsType Windows -OsState Generalized ` -BlobUri $urlOfUploadedImageVhd $image = New-AzureRmImage -ImageName $imageName -ResourceGroupName $resourceGroupName -Image $imageConfig Troubleshooting Discover questions Was the VHD uploaded to Azure Cloud or the OS on the VHD is from Azure Marketplace? What Operation System/version is installed on the VHD? Did you install Azure Guest Agent on the OS? Was the VHD OS generalized before shutdown? You should be able to identify what Linux OS type/version is running on your PC, install Guest Agent, generalize the OS before importing it to Azure Cloud. Steps you may apply in order to fix the issue Identify OS type/version, and install on it Guest Agent. Please review an article: Linux distributions endorsed on Azure Generalize the OS: How to create an image of a virtual machine or VHD Review the Azure documentation in order to prepare the OS. Following article contains steps how to prepare the OS and install required applications: Understanding and using the Azure Linux Agent Fix the size of the vhd, that is, the VHD size integer, i.e. 200GB, it cannot be 200.5GB or 200.05GB. Ensure that blob is formatted as VHD See Also Prepare a Windows VHD or VHDX to upload to Azure How to use Packer to create Windows virtual machine images in Azure List of supported images for Azure - The list says for stack but it is applicable for all of Azure. Other Languages: Spanish (es-MX): https://social.technet.microsoft.com/wiki/contents/articles/52416.mover-vhd-hacia-azure-usando-powershell-arm-es-mx.aspxMicrosoft Azure virtual datacenter HUB-Spoke Model: From a Network Perspective
Microsoft Azure Hub-Spoke Model When you have your Microsoft Azure Architectural Design in place like a HUB-Spoke model this Microsoft documentation can help you with the Security and networking design in Microsoft Azure Cloud services. The Virtual Data Center (VDC) isn’t just the application workloads in the cloud. It’s also the network, security, management, and infrastructure. Examples are DNS and directory services. It usually provides a private connection back to an on-premises network or datacenter. As more and more workloads move to Azure, it’s important to think about the supporting infrastructure and objects that these workloads are placed in. Think carefully about how resources are structured to avoid the proliferation of hundreds of workload islands that must be managed separately with independent data flow, security models, and compliance challenges. Read the complete blogpost with tips about Azure Security and Networking here
System Center 2019 – What’s new
Microsoft just launched Windows Server 2019 and Windows Admin Center, which also raised the interest in System Center 2019. At Microsoft Ignite, Microsoft was talking about what is new in System Center 2019, the future of System Center, and how it fits in with Windows Admin Center and other management tools. Check out what is new in System Center 2019 here: https://www.thomasmaurer.ch/2018/12/system-center-2019/Securing developer machines with Azure Bastion and DevTest Labs
Introduction Recently I have seen multiple enterprise customers struggling with the same issue which was how to give developers the right tools and connectivity to do their development work against Azure resources. Luckily, most of Azure services are reachable on HTTPS, which in most cases will be allowed and only a request to allow the URLS in the web proxy should be sufficient. But what with the non-https connections like RDP, SSH, SQL, Redis, etc.? Most of the time, non-HTTPS outbound traffic is blocked by the corporate firewall. When you initiate the same connection from another location - outside the corporate network or your mobile phone - these connection will work without any issue. Of course, with the assumption IP ACLs and Service Endpoints are correctly configured on the Azure resources to accept the traffic from this location. I have seen this very specific issue on how to allow TCP/1433 to an Azure SQL Database generating friction and frustrations for the developers, opening again the traditional discussions between the digital teams and infrastructure teams. I considered several options to solve this problem, but each of them hade pro's and cons: TCP/1433 over Internet: Pro: Easiest solution Con: Security teams have each time refused this. Query Editor in the Portal: Pro: Integrated in the Portal Con: Reduced feature set compared to SSMS Traffic is also initiated on port 1433 Go for Managed Instances Pro: Azure SQL available on private IP address, no hassle with outbound connectivity Con: High consumption costs Microsoft Peering on the ExpressRoute Pro: No outbound connectivity Con: Challenging to get this properly configured (Express Route, ISP, Route Filters, BGP announcements, etc.) Azure Bastion in combination with DevTest Labs With the announcement of the preview of Microsoft Azure Bastion, it's possible to create an seamless RDP and SSH session over HTTPS (TCP/443). As you can see, there is no real solution for traffic other than RDP and SSH, but we can use this Bastion host as in-between to access the Azure SQL from a developer virtual machine running in Azure. The first feedback from customers is that there is again an IaaS component (DevTest Labs) present, which I fully can understand, but for now there is no alternative to give a developer a full SSMS console than hosting it on a VM. Managing golden images like they used to do is not something they have in their plan when adopting PaaS Services. I'm convinced Azure DevTest Labs is a good alternative. Large list of available base images that can be customized with formulas (SKU, VNET, Private IP, etc.) Artifacts can be used to install developer tools (Git, Visual Studio Code, SQL Server Management Studio, etc.) Machine Auto-Start and Auto-Stop Integrated (What is turned off is less vulnerable) In combination with the DevTest Labs, I have decided to configure a service endpoint on the subnet where the DevTest Lab VMS reside. In this way, only the machines running in this VNET will be able to access the Azure SQL. Another Service Endpoint can be created for subnets that need access too. Additionally, an NSG can be applied on the AzureBastionSubnet where the access to the Bastion Host can be limited. In my case, I limited it to the IP addresses of the web proxy of the customer. This will cover connections from on-premise clients, clients connecting from home over VPN and any other traffic leaving the corporate proxy. Setup: I hope you find this solution helpful.
Managed Instance Reservation
Hey Guys, Can you explain to me how reservation price is calculated in the Azure Portal for Managed Instances? We have few managed instances running in Azure with 8vCores General Purpose. Microsoft documentation is saying that managed instance reservation for 3 years with Hybrid Benefit should cost 344EUR a month according to Reservation section in Azure Portal it is showing the price of 1,548.00 EUR per instance for 3 years? How is this calculated? https://azure.microsoft.com/en-in/pricing/details/sql-database/managed/Microsoft Azure and Vmworld 2018
Yes! You read that correctly. Microsoft will have a booth at VMworld this year. ( that's a couple of days away). It will be the first time in several years that we will have a booth at the Solutions Expo and both teams are very excited. What can you expect from Microsoft at Vmworld? Besides @exchangegoddess there??? ...Come hear about the cool things and integrations we are doing with VMware such as Horizon Cloud, NSX Cloud, IoT and vRealize Automation. I will be there along with Lior Kamrat (@LiorKamrat), Sr Program Manager and Jeramiah Dooley (@jdooley), Sr Cloud Ops Advocate. You can find us at the booth from from time to time or the vCommunity village. You could even bump into us at one the sessions. The conference is going to be super busy with lots to see and learn. If you want to know about Azure, the stuff we are doing with VMware, want to talk about VCDX or just have a cool conversation, don’t be shy and reach out to say hello. We'd love to talk to you! We may even have some cool stickers too. This year we will have a couple of VMworld sessions with Microsoft employees on stage so If you're building out your schedule check them out: What’s New with Horizon Cloud on Microsoft Azure [WIN3048BU] Speakers: Shikha Mittal, Director, Product Management, VMware Lior Kamrat, Sr. Program Manager, Microsoft Wednesday, Aug 29, 11:30 a.m. – 12:30 p.m. Deploy, Manage, and Get Value from IOT with Microsoft, Dell and VMware [IOT3680BU] Speakers: Ravishankar Chamarajnagar, Sr. Director, R&D, IoT, VMware Kevin Saye, IoT Architect, Microsoft Wednesday, Aug 29, 1:00 p.m. – 2:00 p.m. In addition, there are some other Microsoft Azure-related sessions that we highly recommend for learning more about Azure + VMware: VMware NSX Cloud – Getting Started [SPL-1922-01-NET_U] Life in a Multi-Cloud World: Choosing the Right Cloud Desktop Solution [WIN3489BU] Horizon Cloud on Azure: Technical Deep Dive [WIN3483BU] Horizon Cloud on Azure with expert Shikha Mittal [MTE5143U] How to Deploy a Desktop Solution in One Hour with Horizon Cloud on Azure [WIN1824QU] NSX Cloud Native public cloud (AWS and Azure) Networking and Security with Amol Tipnis [MTE5151U] Deploying Windows 10 VDI on Horizon Cloud with Lakshmana Prakash [MTE5147U] Introduction to NSX Cloud [NET1516BU] Automate IT – Hybrid Cloud [SPL-1906-03-CMP_U] VMware NSX Cloud – Getting Started [SPL-1922-01-NET_U] Hope to see you there! @ExchangeGoddess
