Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management


Leave a comment

JOIN #Microsoft Inspire 2020 Global Event July 21-22 #MSInspire #Azure #AzureStack #Cloud #MVPBuzz #Innovation

Microsoft Inspire 2020 Global Event 🚀

Innovation. Leadership. Partnership.

Now is the time. Join your global partner community for the Microsoft Inspire digital event experience. Register today and get ready to extend your partner network as we explore what’s coming in the year ahead and work together to find shared solutions for our customers. Join Microsoft Inspire 2020 Global Event on July 21-22 Now at no Cost!

You will be Inspired by Microsoft New Technologies and Innovations !


Leave a comment

Manage Servers On-premises with Microsoft Azure Cloud Services #Azure #Arc #Security #Cloud #AzureMonitor #ASC

Microsoft Azure Arc Servers On-Premises and Azure Cloud Services

Earlier I wrote a blogpost about Microsoft Azure Arc services installation to manage on-premises Servers with Azure Cloud Services, like Azure Monitor and Azure Security Centre from the Cloud.
Here in this post you will see the Newest Microsoft Azure Cloud Services to Manage and Monitor your Servers on-premises with security and compliance included.

Azure Arc Extensions settings of the Server.

Here you can see we have installed the Microsoft Monitoring Agent for Azure Monitor and log analytics, second we have installed the dependency Agent for Windows for
insights, Performance and Service maps. Here you find more information about Virtual machine extension management with Azure Arc for servers (preview)  

After initial deployment of the Azure Arc for servers (preview) Connected Machine agent for Windows or Linux, you may need to reconfigure the agent, upgrade it, or remove it from the computer if it has reached the retirement stage in its lifecycle. You can easily manage these routine maintenance tasks manually or through automation, which reduces both operational error and expenses.

Managing and maintaining the Connected Machine agent

Azure Arc Insights Performance monitor

The Azure Arc Insights Performance monitor is there by default and installed with the following dashboards :

  • CPU Utilization
  • Available Memory
  • Logical disk IOPS
  • Logical disk MB/s
  • Logical disk Latency
  • Max logical disk used %
  • Bytes Sent Rate
  • Bytes Received Rate

Azure Arc Logs Analytics

Of course you can make your own custom Dashboards in the Azure Portal with your own triggers, so in this way you get the same Azure Monitor Innovative Tools for your On-Premises Servers. 😉

Within Microsoft Azure Arc Insights, you can also see a Service Map of the Server

Here is were the dependency agent comes in, you get a service map of the Server and see the communication lines with other resources. In this picture you see Server Yoda01 a Domain Controller of my MVPLAB.
You can see that there are three Clients are logged on the domain controller.

Microsoft Azure Security Center for Azure Arc Servers

 

One of the most powerful and important features of Microsoft Azure Cloud platform is Security! Microsoft Azure Security Center (ASC) is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud – whether they’re in Azure or not – as well as on premises.

Here you see my Azure Arc Servers (On-Premises) in Azure Security Center.

Azure Arc Server in Azure Security Center recommendations Summary

Five security assessments passed the test, but Azure Security assessment has two recommendations one is Medium Risk and one low.

Here you see the Security advise and the Remediation to take action on your Server.

Microsoft Azure Security Center Overview with the Overall Secure Score.

Security controls – Each control is a logical group of related security recommendations, and reflects your vulnerable attack surfaces. A control is a set of security recommendations, with instructions that help you implement those recommendations. Your score only improves when you remediate all of the recommendations for a single resource within a control.

To immediately see how well your organization is securing each individual attack surface, review the scores for each security control.

 Here you find More information about Azure Security Center Secure Score

To get your Azure Arc Servers (On-premises) complaint for the business and security, you can use Microsoft Azure Arc Policies

Azure Arc Policies to meet your Compliance state.

Conclusion

Microsoft is bringing Azure Cloud Power tools everywhere with Azure Arc Services to give you modern tools like Azure Monitor and Azure Security Center to keep you in control, Secure and Compliant for your business. Keep following Microsoft for Hybrid IT Management, because more awesome features are added every day in Microsoft Azure Cloud Services. Let’s start to get your Azure Security Score UP and UP 😉


Leave a comment

#Microsoft Windows Admin Center and Azure Backup Management #WAC #Azure

Microsoft Windows Admin Center

Microsoft Windows Admin Center is a web based App working in your modern browser like Edge or Chrome to manage your datacenter infrastructure. You can download it here
You can manage Windows Servers, Windows10 Desktops, Clusters, Hyperconverged Clusters, Storage Spaces Direct and more in a Hybrid environment and that’s what I like.
My Servers can be on-premises or in the Cloud like Azure and will manage them with Windows Admin Center.

Download the Windows Admin Center Overview Poster

Here you find all the Microsoft documentation about Windows Admin Center

Windows Admin Center and Azure backup integration

 

When you have Windows Admin Center running you can register with Microsoft Azure first in the settings of Windows Admin Center.

Register to your Azure Subscription, just follow the instructions.

Install Azure Backup Extension at Available extensions.

From here the basic settings are done and we will have a look at my MVP LAB to backup a virtual Server.

Windows Admin Center in Domain MVPLAB.CLOUD

I have selected stormtrooper01.mvplab.cloud Windows Server 2019 and on the left Azure Backup.

You can read here more about Microsoft Azure Backup

Click on setup Azure Backup.

Here you select the Azure Subscription and the Backup Vault
and this will be a system state backup.

Next Step is Backup Schedule and Encryption key.

IMPORTANT: Keep this Encryption key somewhere save !
You need this key for recovery and Microsoft does not have access to that key.

Azure Backup Schedule settings.

When you apply here it will setup the Azure backup agent and your policies.

Backup is scheduled.

Here I did the Backup by hand.

Here you see the backup in the Azure Backup Vault.
Backup done via Windows Admin Center 😉

Here you see a video from Microsoft Mechanics at Ignite with Jeff Woolsey

Follow Windows Admin Center here on Twitter

Don’t forget to give feedback or great ideas !


Leave a comment

Inside Azure Management E-Book Available ! #Azure #MVPBuzz #Management #Cloud

Inside Azure Management

This Inside Azure Management E-Book is a Must Have for All Azure Cloud Administrators! It’s made by Great Microsoft Most Valuable Professionals (MVP’s)
who are working always with Microsoft Azure Cloud Services. You can download this Awesome Inside Azure Management E-Book here.

If you want a hard copy of this Awesome E-Book you can order at Amazon

Here you can find the Authors of the Inside Azure Management E-Book on GitHub.

Thank you Guys for Sharing this with the Community 👍😎🚀


Leave a comment

#Microsoft Build 2020 Virtual Event May 19-20-21 Build your Schedule Now! #MSBuild #MVPBuzz

Microsoft Build 2020

Choose from 48 hours of continuous content to create your own digital event experience. Registration is free and is required to get full, interactive access to the digital event. Here you can register for Microsoft Build 2020 Virtual Event

The Session Catalog is Live ! Build your own Schedule here 

With 30+ Community talks, learning sessions, and skill-building activities exploring Minecraft, MakeCode, Visual Studio, AI, Azure, and more, there is something here for every student and every level of experience!

Check out the full list here or search by keyword to add lessons to your schedule.

Don’t miss this Awesome Event 👍😎🚀


Leave a comment

Microsoft Azure Monitor Overview #Cloud #Analytics #Hybrid #AzOps #Azure

Microsoft Azure Monitor

Monitor, diagnose, and gain insight into the performance and availability of your applications and services with Azure Monitor. In this video, you’ll learn how to use Azure Monitor to collect, analyze and act on telemetry from your cloud and on-premises environments.

Learn how to create time series charts of platform and resource metrics for visualization and analysis with Azure Monitor. Start in Azure Monitor to view metrics across multiple resources or start directly from individual resource blades. You will also learn how to add metrics charts to dashboards in the Azure portal for real-time monitoring and shared access across teams.

In this video, learn about action rules and how you can use them to configure actions and notifications for multiple alerts at scale across a subscription, resource group, and target resource.

In this video, learn how alerts enable you to proactively identify and address issues before it impacts the users of your system. Alerts are created on performance and availability data and can be associated with user-defined actions and notification mechanisms.

In this video, learn how to use source map support in Azure Monitor Application Insights to improve the diagnosis of client-side JavaScript errors. Source maps can be used to unminify call stacks found on the Application Insights end to end transaction details page.

Here you find more information about Microsoft Azure Monitor:


Microsoft Azure Monitor Documentation 

 

Get Started with Microsoft Azure Monitor

Follow Azure Monitor on Twitter 

Microsoft Azure Monitor & Security for Hybrid IT Community Group on LinkedIn

Keep in control of IT with Microsoft Azure Monitor


Leave a comment

Microsoft Azure Resource Graph is a Powerful Tool #Azure #Cloud #AzOps #Kusto #PowerShell

Welcome to Azure Resource Graph

Azure Resource Graph is a service in Azure that is designed to extend Azure Resource Management by providing efficient and performance resource exploration with the ability to query at scale across a given set of subscriptions so that you can effectively govern your environment. Azure Resource Graph enables full visibility into your environments by providing high performance and powerful query capability across all your resources.

From here you can experience the power of Azure Resource Graph by doing it yourself.

Https://shell.azure.com

You can use Microsoft Azure Resource Graph with different language support like :

  • With Azure CLI
  • With PowerShell
  • With Kusto in Azure Resource Graph Explorer

Start here when you like to work with Microsoft Azure CLI

From here we are going further with Azure PowerShell and Azure Resource Graph in CloudShell.
Login to https://shell.azure.com

Type following command : Install-Module -Name Az.ResourceGraph

Type Y

Type the Following Command: Get-Command -Module ‘Az.ResourceGraph’ -CommandType ‘Cmdlet’

From here we can start with Search in Azure Resource Graph

The first step to understanding queries with Azure Resource Graph is a basic understanding of the Query Language. If you aren’t already familiar with Azure Data Explorer, it’s recommended to review the basics to understand how to compose requests for the resources you’re looking for.

Samples


Command : Search-AzGraph -Query ‘Resources | project name, type | limit 5’

Without the Limit 5 you get all of your resources.

Command: Search-AzGraph -Query ‘Resources | project name, type | limit 10 | order by name asc’

Command: Search-AzGraph -Query “Resources | summarize count()”


Command: Search-AzGraph -Query “Resources | project name, location, type| where type =~ ‘Microsoft.Compute/virtualMachines’ | order by name desc”

Command: Search-AzGraph -Query “Resources | where type =~ ‘Microsoft.Compute/virtualMachines’ | project name, properties.storageProfile.osDisk.osType | top 15 by name desc”


Command: Search-AzGraph -Query “Resources | where type contains ‘publicIPAdresses’ and isnotempty(properties.ipAddress) | project properties.ipAddress | limit 100”

Handy to see your External IP Addresses in Azure 😉


Command: Search-AzGraph -Query “Resources | where tags.environment=~’internal’ | project name”

To find tour Tagged Resources in Azure.


Microsoft Azure Resource Graph Explorer in the Portal.

Here you can make your kusto queries and save them for Colleagues by sharing them.

Sharing your Kusto queries

Resources
| where type =~ ‘microsoft.compute/virtualmachines’
| extend nics=array_length(properties.networkProfile.networkInterfaces)
| mv-expand nic=properties.networkProfile.networkInterfaces
| where nics == 1 or nic.properties.primary =~ ‘true’ or isempty(nic)
| project vmId = id, vmName = name, vmSize=tostring(properties.hardwareProfile.vmSize), nicId = tostring(nic.id)
| join kind=leftouter (
Resources
| where type =~ ‘microsoft.network/networkinterfaces’
| extend ipConfigsCount=array_length(properties.ipConfigurations)
| mv-expand ipconfig=properties.ipConfigurations
| where ipConfigsCount == 1 or ipconfig.properties.primary =~ ‘true’
| project nicId = id, publicIpId = tostring(ipconfig.properties.publicIPAddress.id))
on nicId
| project-away nicId1
| summarize by vmId, vmName, vmSize, nicId, publicIpId
| join kind=leftouter (
Resources
| where type =~ ‘microsoft.network/publicipaddresses’
| project publicIpId = id, publicIpAddress = properties.ipAddress)
on publicIpId
| project-away publicIpId1

More information about Microsoft Azure Resource Graph Explorer

Conclusion

When you are the Microsoft Azure Administrator, the Resource Graph Explorer can be really Powerful and fast to get the right information you are looking for. When you invest in the kusto queries your can save them and Share with your Colleagues to serve your business needs. Hope this is useful for you and happy Scripting with Kusto, Powershell or Azure CLI in the Cloud


Leave a comment

#Microsoft Virtual Training Day | NL #Azure #Winserv #Cloud and More!

Microsoft Virtual Training Day | NL this Wednesday March 11th. This day will be full of technical sessions based on our Microsoft Learning Paths.

Explore the tracks

We offer 7 tracks including 5 sessions per track, based on the Learning Paths of Azure Cloud Native, Azure Data, Azure Infra & Ops, Business Applications, Power Platform, Modern Workplace and Surface. On the day itself you can join sessions of different tracks. Please register your sessions here :

http://aka.ms/mvtd


Leave a comment

Microsoft #Azure Private Link to your #Cloud Services

Azure Private Link provides the following benefits:

  • Privately access services on the Azure platform: Connect your virtual network to services in Azure without a public IP address at the source or destination. Service providers can render their services in their own virtual network and consumers can access those services in their local virtual network. The Private Link platform will handle the connectivity between the consumer and services over the Azure backbone network.
  • On-premises and peered networks: Access services running in Azure from on-premises over ExpressRoute private peering, VPN tunnels, and peered virtual networks using private endpoints. There’s no need to set up public peering or traverse the internet to reach the service. Private Link provides a secure way to migrate workloads to Azure.
  • Protection against data leakage: A private endpoint is mapped to an instance of a PaaS resource instead of the entire service. Consumers can only connect to the specific resource. Access to any other resource in the service is blocked. This mechanism provides protection against data leakage risks.
  • Global reach: Connect privately to services running in other regions. The consumer’s virtual network could be in region A and it can connect to services behind Private Link in region B.
  • Extend to your own services: Enable the same experience and functionality to render your service privately to consumers in Azure. By placing your service behind a standard Azure Load Balancer, you can enable it for Private Link. The consumer can then connect directly to your service using a private endpoint in their own virtual network. You can manage the connection requests using an approval call flow. Azure Private Link works for consumers and services belonging to different Azure Active Directory tenants.

Learn how to secure your Azure PaaS resources with Azure Private Link today at The Azure Academy :

Here you find more Information about Azure Private Link


Leave a comment

Upgrading and Monitoring Azure AKS Kubernetes Cluster #Azure #AKS #ContainerInsights

Microsoft Azure AKS Kubernetes Cluster

Azure Kubernetes Service (AKS) makes it simple to deploy a managed Kubernetes cluster in Azure. AKS reduces the complexity and operational overhead of managing Kubernetes by offloading much of that responsibility to Azure. As a hosted Kubernetes service, Azure handles critical tasks like health monitoring and maintenance for you. The Kubernetes masters are managed by Azure. You only manage and maintain the agent nodes.

Azure AKS Kubernetes Services in Resource Group.

When you go to settings of your Azure AKS Kubernetes Cluster and then to Upgrade, there you can see your version of Kubernetes and the New versions of Azure AKS Services. Before you upgrade :

  • Important : Never skip an Upgrade version of Azure AKS Kubernetes.

Here you find all the information about Azure AKS Kubernetes Change Log on GitHub 

You can Upgrade from here by clicking on version 1.15.5 and click on Save at the top.

Azure Activity log.

When the first upgrade is succeeded you can do the next version upgrade.

With Azure Monitoring Insights you can view the live data and see what’s going on.

Azure Monitoring Container Insights.

When the upgrade is completed, you want to see if your new Azure AKS Cluster Services is Healthy.
This Health (Preview) feature is handy to see if all Services are running good.


Azure Monitoring Insights Health of the AKS Kubernetes Services.

The Upgrades are of course also possible via Microsoft Azure Cloud Shell with Azure CLI

Azure CloudShell

To Upgrade your AKS Services via Microsoft Azure CLI

As a DevOps person you like to work with Microsoft Visual Studio Code
Deploying and managing your Azure AKS Kubernetes Cluster services from there with the right extensions.

Here you see also that the KubeProxyVersion is v1.15.7

The extension for developers building applications to run in Kubernetes clusters and for DevOps staff troubleshooting Kubernetes applications.

Features include:

  • View your clusters in an explorer tree view, and drill into workloads, services, pods and nodes.
  • Browse Helm repos and install charts into your Kubernetes cluster.
  • Intellisense for Kubernetes resources and Helm charts and templates.
  • Edit Kubernetes resource manifests and apply them to your cluster.
  • Build and run containers in your cluster from Dockerfiles in your project.
  • View diffs of a resource’s current state against the resource manifest in your Git repo
  • Easily check out the Git commit corresponding to a deployed application.
  • Run commands or start a shell within your application’s pods.
  • Get or follow logs and events from your clusters.
  • Forward local ports to your application’s pods.
  • Create Helm charts using scaffolding and snippets.
  • Bootstrap applications using Draft, and rapidly deploy and debug them to speed up the development loop.

Upgrade Azure AKS Kubernetes Services is Done 😉

When you manage and monitor your Azure AKS Kubernetes Cluster Services, have also a look at Microsoft Azure Advisor for new features and security issues :

Azure Advisor recommendations for Kubernetes services.

The cool thing is that Microsoft also give you the solution to solve a high risk :


Remediation steps.

Conclusion :

Microsoft Azure AKS Kubernetes is a managed services and made upgrading for customers really easy to do. You can monitor the upgrades and see the Health status of the Azure AKS Kubernetes services. You get free advise to improve the Services and this all keeps you in control and your business running.