mountainss Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management


Leave a comment

#Microsoft Azure Security Center Investigation Dashboard (Preview) #Azure #Security #ASC #Cloud


Yesterday I was playing with Mimikatz (Hackertool) for Security pen tests and it was not working because Azure Security Center Quarantined the file 🙂

On my Surface I got an Azure monitoring Agent running

Microsoft Azure Security Center Investigation Dashboard

The Investigation feature in Security Center allows you to triage, understand the scope, and track down the root cause of a potential security incident.
The intent is to facilitate the investigation process by linking all entities (security alerts, users, computers and incidents) that are involved with the incident you are investigating. Security Center can do this by correlating relevant data with any involved entities and exposing this correlation in using a live graph that helps you navigate through the objects and visualize relevant information.

Microsoft Azure Security Center found also a rare SVCHOST Service on my Surface, and the ASC investigation dashboard gives you great overview of the security risk.

You can Run a Playbook based on this alert Rare SVCHOST Service

Try it yourself, more information about Azure Security Center Investigation Dashboard (Preview) can be found here

Microsoft azure Security Center

 

 

Advertisements


Leave a comment

Deep dive on Windows Server 2019 Updates by @WSV_GUY #Winserv #WAC #Hyperv

Deep Dive into Windows Server 2019 Updates with Jeff Woolsey Principal PM of the Windows Server Team.

What’s New in Windows Server 2019 Insider Preview Builds :

See here what’s New in Windows Server 2019 Insider Preview Builds

Windows Insider Program for Server allows you deploy the Windows Server 2019 Insider Preview builds in your enterprise. The docs cover the new enterprise features we’d like you to test and describes how to do the most common tasks.

Windows Insider Server program:
https://aka.ms/WindowsServerInsider
Download Windows Server 2019 preview:
https://aka.ms/WindowsServer2019Preview
Windows Admin Center:
https://aka.ms/DownloadWAC

Download Windows Server 2019 Insider Preview and Windows Admin Center Now !


Leave a comment

Connecting Windows Admin Center to #Microsoft Azure Subscription #WAC #Azure

To allow the Windows Admin Center gateway to communicate with Azure to leverage Azure Active Directory authentication for gateway access, or to create Azure resources on your behalf (for example, to protect VMs managed in Windows Admin Center using Azure Site Recovery), you will need to first register your Windows Admin Center gateway with Azure. You only need to do this once for your Windows Admin Center gateway – the setting is preserved when you update your gateway to a newer version.

In the following Step-by-Step Guide you will connect Windows Admin Center to your Microsoft Azure Subscription.

From here you have to copy the device Code and hit the Link device login ( https://aka.ms/devicelogin )
This will make the connection between Windows Admin Center and your Azure Subscription.

Paste the Code into here and Click on Continue.

Sign in your Azure Subscription.

From here you are connected to your Azure Subscription.

Select the right Azure Tenant and Click on Register.

Go to the Azure AD App Registration link.

Click on Settings


Click on Required Permissions and then on Grant permissions

Click on Yes.

Windows Admin Center has now Permission.

Microsoft Windows Admin Center (WAC) Gateway is now registered to your Azure Subscription and you can use Azure AD Multi-Factor Authentication and Azure Site Recovery to protect your Virtual Machines with WAC.

IMPORTANT : Before you can add Microsoft Azure VM’s to Windows Admin Center, you have to set the Azure Network Firewall portal settings and also the Microsoft Windows OS Firewall of the VM.

Networking Settings of the Azure VM.

Open for http WAC port 5985 and for https 5986.

To make the port more Secure you have these Options in the Firewall rule.

Now you have done this for Azure Networking in the portal, you have to do the same in the Firewall settings of the Virtual Machine Inside.

Allow Port 5985 and 5986.

More information about Azure Integration in Windows Admin Center here

 

Here you see my Azure VM in Windows Admin Center On-Premises.

Here you see my Azure Data Science VM in the Cloud via Windows Admin Center 😉


Leave a comment

Download the August 2018 #Developers Guide to #Azure #Cloud

If you are a developer or architect who wants to get started with Microsoft Azure, this book is for you! Written by developers for developers, this guide will show you how to get started with Azure and which services you can use to run your applications, store your data, incorporate intelligence, build IoT apps, and deploy your solutions in a more efficient and secure way.

Download the August 2018 Update of Developers Guide to Azure E-book here

Happy Reading and Building in the Microsoft Azure Cloud with this Awesome E-book !


Leave a comment

Scale and Upgrade your Azure Kubernetes Cluster #AKS #Containers #Azure #Kubernetes #DevOps #Cloud


I start with a 2 Node Kubernetes Cluster.

Azure Kubernetes Service (AKS) makes it simple to deploy a managed Kubernetes cluster in Azure. AKS reduces the complexity and operational overhead of managing Kubernetes by offloading much of that responsibility to Azure. As a hosted Kubernetes service, Azure handles critical tasks like health monitoring and maintenance for you. In addition, the service is free, you only pay for the agent nodes within your clusters, not for the masters.

When you have a Web App like Joomla CMS running on Microsoft Azure Kubernetes Services (AKS) and you need more capacity or performance, you can really easy Scale-Up and Scale-Down when needed. It is easy to scale an AKS cluster to a different number of nodes. Select the desired number of nodes and run the az aks scale command. When scaling down, nodes will be carefully cordoned and drained to minimize disruption to running applications. When scaling up, the az command waits until nodes are marked Ready by the Kubernetes cluster.

Scaling your Azure Kubernetes Cluster (AKS)

In the following step-by-step guide I’m scaling my AKS Cluster from 2 nodes to 4 node Kubernetes Cluster :

Here you can scale your Cluster to the right Size
Click on Save to execute.

One AKS Cluster can Scale-Up to 100 vCPU’s and 350 GB of Memory 😉

It’s updating now my 2 Node AKS Cluster to 4 Nodes.
( wait a couple of minutes )

Done !

In Visual Studio Code a got 4 Nodes

In the AKS Cluster Health Monitor you see the Update of the Config.

When you open the Kubernetes Dashboard you see the load on the 4 Nodes.

When you don’t need a 4 Node Cluster performance and/or capacity any more because of the workload, you can scale your Cluster back to 2 Node Cluster for example.

Scaling down to 2 Node AKS Cluster.

Back to 2 Node Azure Kubernetes Cluster.

Just Refresh in Visual Studio Code
2 Node Cluster Again.

And my Joomla CMS Web App is running on 2 Node AKS Cluster.

This was Scaling your Microsoft Azure Kubernetes Cluster (AKS), the Next step-by-step guide I’m Upgrading my Azure Kubernetes Cluster (AKS) to a New version.

Upgrading your Azure Kubernetes Cluster (AKS)

My Current version of AKS is 1.10.5

I’m Upgrading to Kubernetes version 1.10.6
Click on Save to Execute.

After +/- 10 minutes my AKS Cluster was Up-to-Date.

with kubectl version you see the Changes in Visual Studio Code (VSC)


And of course you get notified by the Azure Portal when your Upgrade is Done 🙂

When you like to work from Azure CLI or Cloudshell or VSC you can Upgrade your Kubernetes Cluster from here

More information about Azure Kubernetes Services (AKS) :

Kubernetes versions on GitHub

Kubernetes Documentation

Microsoft Azure AKS Docs

Hope this easy Quick Step-by-Step Guides are helpful for you and your Business.