mountainss Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management


Leave a comment

Upgrading Azure #Kubernetes Cluster and Set #Azure monitor Alerts on #AKS


Current version of Kubernetes on Microsoft Azure.

Upgrading Microsoft Azure Kubernetes Services

Azure Kubernetes Service (AKS) makes it simple to deploy a managed Kubernetes cluster in Azure. AKS reduces the complexity and operational overhead of managing Kubernetes by offloading much of that responsibility to Azure. As a hosted Kubernetes service, Azure handles critical tasks like health monitoring and maintenance for you. In addition, the service is free, you only pay for the agent nodes within your clusters, not for the masters.

AKS clusters support Role-Based Access Control (RBAC). An AKS cluster can also be configured to integrate with Azure Active Directory. In this configuration, Kubernetes access can be configured based on Azure Active Directory identity and group membership.
For more information, see, Integrate Azure Active Directory with AKS.

From here I will do a step-by-step Upgrade of a Microsoft Azure Kubernetes Cluster to a newer version and set Azure Monitor alert rule active for the future to get an Alert notification when a colleague is upgrading the AKS Services.

Here you see all the newer versions of Kubernetes.

Upgrading to version 1.11.1 of Kubernetes.

IMPORTANT NOTE :

When upgrading an AKS cluster, Kubernetes minor versions cannot be skipped. For example, upgrades between 1.8.x -> 1.9.x or 1.9.x -> 1.10.x are allowed, however 1.8 -> 1.10 is not. To upgrade, from 1.8 -> 1.10, you need to upgrade first from 1.8 -> 1.9 and then another do another upgrade from 1.9 -> 1.10

KubeCluster Activity Log

At the green arrow on this picture you can download the activities into CSV file. At the Red arrow you see the User ID who initiated the Upgrade of the Kubernetes Cluster. This is important information for Azure Alert monitoring.

10 minutes later Kubernetes Cluster is Upgraded to version 1.11.1

Upgrade is done.

We now do a minor Upgrade of Kubernetes from version 1.11.1 to 1.11.2 to get the newest version on Azure.
Click on 1.11.2 version and hit Save.

 

Microsoft Azure Monitoring Alerts

When you click on the second activity of the Upgrade you see at arrow 2 that you can add an Activity Log Alert by Azure monitoring.

Creating Rule Alerts.

  1. Define Alert condition is already set. We want an Alert notification on Upgrading KubeCluster.
  2. Define Alert details, must be set.
  3. Define Action Group, must be set to create the Alert Rule.

2. Define the Alert Details.

3. Define Action Group : Click on + New Action Group

Click on OK

Created Action Group name AKSAdmins

An action group is a collection of notification preferences defined by the user. Azure Monitor and Service Health alerts are configured to use a specific action group when the alert is triggered. Various alerts may use the same action group or different action groups depending on the user’s requirements.

More information on Creating and managing action groups in the Azure portal can be found here

For information on how to use Azure Resource Manager templates to configure action groups, see Action group Resource Manager templates.

 

From here you can Create the Alert Rule and make it Active.

Azure Monitor Alerts with one rule Enabled.

Here is our Active KubeCluster Alert Rule.

Now we will get a notification when a Colleague is Upgrading our KubeCluster in the Future 😉

KubeCluster is now running the latest available version of Kubernetes.

Kubernetes Cluster nodes are Healthy and running version 1.11.2

Here you see in the Kubernetes Dashboard the Node version of Kubernetes.

For Developers and DevOps it’s Great to work with Microsoft Visual Studio Code and the Azure Kubernetes Services (AKS) to work in a CI/CD Pipeline, to create continuous business applications in the Cloud.

Here is my Azure KubeCluster running in Visual Studio Code 🙂

And at last, most important thing is that my Application is running on my Azure Kubernetes Cluster for the Business My Test Site.

Hope this blogpost is useful for you and your business to manage your AKS Cluster in the Microsoft Cloud.

More information About Azure Kubernetes Service (AKS) :

 Upgrade an Azure Kubernetes Service (AKS) cluster via Azure CLI

Azure Kubernetes Service (AKS) Docs

Monitor Azure Kubernetes Service (AKS) container health (preview)

Microsoft Azure Kubernetes Services website Start Free here

Follow Containers in the Cloud Community Group on LinkedIn

Advertisements


Leave a comment

Installing #Azure Service Fabric Cluster on Windows Server 2019 Insiders #Containers #Winserv

Microsoft Azure Service Fabric Cluster

Azure Service Fabric is a distributed systems platform that makes it easy to package, deploy, and manage scalable and reliable microservices and containers. Service Fabric also addresses the significant challenges in developing and managing cloud native applications. Developers and administrators can avoid complex infrastructure problems and focus on implementing mission-critical, demanding workloads that are scalable, reliable, and manageable. Service Fabric represents the next-generation platform for building and managing these enterprise-class, tier-1, cloud-scale applications running in containers.

In the following Step-by-Step Guide I created a Standalone Microsoft Azure Service Fabric Cluster
on Windows Server 2019 Insiders Preview for DevOps testing :

First I downloaded the Contents of Service Fabric Standalone package for Windows Server here

Several sample cluster configuration files are installed with the setup package. ClusterConfig.Unsecure.DevCluster.json is the simplest cluster configuration: an unsecure, three-node cluster running on a single computer. Other config files describe single or multi-machine clusters secured with X.509 certificates or Windows security. You don’t need to modify any of the default config settings for this tutorial, but look through the config file and get familiar with the settings.

I made the Unsecure three-node Cluster running on Windows Server 2019 Insiders Preview in my MVPLAB.

 

Open Powershell in Administrator modus and run the Script :

.\CreateServiceFabricCluster.ps1 -ClusterConfigFilePath .\ClusterConfig.Unsecure.DevCluster.json -AcceptEULA

Connect-ServiceFabricCluster

 

Service Fabric Explorer (SFX) is an open-source tool for inspecting and managing Azure Service Fabric clusters. Service Fabric Explorer is a desktop application for Windows, macOS and Linux.

I Installed Azure Service Fabric Explorer to visualize the Cluster.

Here we got Azure Service Fabric 3-Node Cluster running on Windows Server 2019 Insiders

Azure Service Fabric CLI

The Azure Service Fabric command-line interface (CLI) is a command-line utility for interacting with and managing Service Fabric entities. The Service Fabric CLI can be used with either Windows or Linux clusters. The Service Fabric CLI runs on any platform where Python is supported.

Prior to installation, make sure your environment has both Python and pip installed.
The CLI supports Python versions 2.7, 3.5, 3.6, and 3.7. Python 3.x is the recommended version, since Python 2.7 will reach end of support soon.

You can download the latest Python version here

Check the Python version and the Pip version by typing :

python –version
Pip –version

The Pip version which is delivered via Python has to be updated with the following command :

python -m pip install –upgrade pip

We now have pip version 18.0 instead of 10.0.1

Installing Service Fabric CLI by command :

pip install -I sfctl

Done ! Service Fabric CLI is installed on my Windows 10 Surface.

sfctl -h 

Now we have installed Microsoft Azure Service Fabric Cluster on Windows Server 2019 Insiders Preview and the Service Fabric CLI on Windows 10, we now can connect to the 3-node Fabric Cluster via CLI.
Because we are working under Windows 10 and not on the host itself we have to set an endpoint connection :

sfctl cluster select –endpoint http://192.168.2.15:19080

sfctl cluster health

sfctl node list

Microsoft Visual Studio 2017 Enterprise and Service Fabric SDK

As a Developer or DevOps you like to work from Microsoft Visual Studio to deploy your Apps, Microservices or Containers to the Azure Service Fabric Cluster.

You need to install the Service Fabric SDK in Visual Studio before you can deploy :

Select Service Fabric Application at New Project

Visual Studio 2017 Enterprise : Service Fabric SDK must be installed

Installing Microsoft Azure Service Fabric SDK

Done.

Now you can make your Service Fabric Container.

Happy Developing 😉

More information on Microsoft Azure Service Fabric Cluster :

Service Fabric on GitHub

Add or remove nodes to a standalone Service Fabric cluster running on Windows Server :

Scaling your Azure Service Fabric Cluster

More info :

Microsoft Azure Service Fabric documentation

Microsoft Azure Service Fabric Cluster Learning Path


Leave a comment

#Microsoft Azure Security Center Investigation Dashboard (Preview) #Azure #Security #ASC #Cloud


Yesterday I was playing with Mimikatz (Hackertool) for Security pen tests and it was not working because Azure Security Center Quarantined the file 🙂

On my Surface I got an Azure monitoring Agent running

Microsoft Azure Security Center Investigation Dashboard

The Investigation feature in Security Center allows you to triage, understand the scope, and track down the root cause of a potential security incident.
The intent is to facilitate the investigation process by linking all entities (security alerts, users, computers and incidents) that are involved with the incident you are investigating. Security Center can do this by correlating relevant data with any involved entities and exposing this correlation in using a live graph that helps you navigate through the objects and visualize relevant information.

Microsoft Azure Security Center found also a rare SVCHOST Service on my Surface, and the ASC investigation dashboard gives you great overview of the security risk.

You can Run a Playbook based on this alert Rare SVCHOST Service

Try it yourself, more information about Azure Security Center Investigation Dashboard (Preview) can be found here

Microsoft azure Security Center

 

 


Leave a comment

Download the August 2018 #Developers Guide to #Azure #Cloud

If you are a developer or architect who wants to get started with Microsoft Azure, this book is for you! Written by developers for developers, this guide will show you how to get started with Azure and which services you can use to run your applications, store your data, incorporate intelligence, build IoT apps, and deploy your solutions in a more efficient and secure way.

Download the August 2018 Update of Developers Guide to Azure E-book here

Happy Reading and Building in the Microsoft Azure Cloud with this Awesome E-book !


Leave a comment

Download the Cloud Application Architecture Guide #Azure #Cloud #Architects #Apps

This 300 pages guide presents a structured approach for designing cloud applications that are scalable, resilient, and highly available. The guidance in this e-book is intended to help your architectural decisions regardless of your cloud platform, though we will be using Azure so we can share the best practices that we have learned from many years of customer engagements.
In the following chapters, we will guide you through a selection of important considerations and resources to help determine the best approach for your cloud application:

  1. Choosing the right architecture style for your application based on the kind of solution you are building.
  2. Choosing the most appropriate compute and data store technologies.
  3. Incorporating the ten high-level design principles to ensure your application is scalable, resilient, and manageable.
  4. Utilizing the five pillars of software quality to build a successful cloud application.
  5. Applying design patterns specific to the problem you are trying to solve

Download the Cloud Application Architecture Guide here


Leave a comment

#Build your Own Azure DevOps Project Pipeline #Cloud #Azure #DevOps #Pipeline

Microsoft Azure DevOps Projects

The Azure DevOps Project automates the setup of an entire Continuous Integration (CI) and Continuous Delivery (CD) pipeline to Azure. You can start with your existing code or use one of the provided sample applications, and then quickly deploy that application to various Azure services such as Virtual Machines, App Service, Azure Container Service, Azure SQL Database, and Azure Service Fabric.
The Azure DevOps project does all the work for the initial configuration of a DevOps pipeline including everything from setting up the initial Git repository, configuring the CI/CD pipeline, creating an Application Insights resource for monitoring, and providing a single view of the entire solution with the creation of an Azure DevOps Project dashboard on the Azure portal.

Learn how to use the Azure DevOps Project to create VSTS Release pipelines :

  1. Bring your own code with GitHub
  2. Deploy your ASP.NET App to Azure Virtual Machines
  3. Deploy your ASP.NET App and Azure SQL Database
  4. Deploy your App to Azure Container Service and Kubernetes
  5. Deploy your App to Azure Service Fabric

Microsoft Azure CI/CD Pipeline integrated with VSTS


Get started today with your Own Azure DevOps Project here


Leave a comment

#Microsoft Azure #Security Center Standard for Hybrid Security #Azure #Cloud #SIEM


Azure Security Center Standard includes:

Hybrid security – Get a unified view of security across all of your on-premises and cloud workloads. Apply security policies and continuously assess the security of your hybrid cloud workloads to ensure compliance with security standards. Collect, search, and analyze security data from a variety of sources, including firewalls and other partner solutions.
Advanced threat detection – Use advanced analytics and the Microsoft Intelligent Security Graph to get an edge over evolving cyber-attacks. Leverage built-in behavioral analytics and machine learning to identify attacks and zero-day exploits. Monitor networks, machines, and cloud services for incoming attacks and post-breach activity. Streamline investigation with interactive tools and contextual threat intelligence.
Access and application controls – Block malware and other unwanted applications by applying whitelisting recommendations adapted to your specific workloads and powered by machine learning. Reduce the network attack surface with just-in-time, controlled access to management ports on Azure VMs, drastically reducing exposure to brute force and other network attacks.

To add On-premises Servers

When your workspace is added :

  1. + Add Computers
  2. Download the right agent for Windows or Linux
  3. When you installed the agent you need the workspace ID and the key to finish the connection.
  4. When your Server doesn’t have a Internet connection you can work with the OMS Gateway.

Connect computers without Internet access using the OMS Gateway

Here you see the 3 machines from On-Premises in Azure Security Center

Security Recommendations

Apply Azure Disk Encryption for example.

Azure Security Center Recommendations

Azure Security Center Overview
I have something to do in my Test LAB 😉

Here you find more Technical docs for Microsoft Azure Security Center 

Microsoft Intelligent Security Graph for Providers

Hope this information about Microsoft Intelligent Azure Security Center will help your Business to stay Secure.