Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management


Leave a comment

Build your hybrid strategy with #AzureStack and Azure Stack HCI #HybridCloud #DevOps

Azure Stack HCI solutions are available for customers who want to run virtualized applications on modern hyperconverged infrastructure (HCI) to lower costs and improve performance. Azure Stack HCI solutions feature the same software-defined compute, storage, and networking software as Azure Stack, and can integrate with Azure for hybrid capabilities such as cloud-based backup, site recovery, monitoring, and more.
Adopting hybrid cloud is a journey and it is important to have a strategy that takes into account different workloads, skillsets, and tools. Microsoft is the only leading cloud vendor that delivers a comprehensive set of hybrid cloud solutions, so customers can use the right tool for the job without compromise.

Microsoft Announcing Azure Stack HCI: A new member of the Azure Stack family


Leave a comment

Bye Bye 2018 vs Hello 2019 #MVPbuzz #Azure #Cloud #AzureDevOps #Education #Code #Analytics

Happy New Year !

First of all Thank you for following me and Sharing Microsoft Cloud and Datacenter Management content on Social Media 🙂 Sharing & Learning Together is Better. 

Here some work I did for the Community in 2018 :

  •  I wrote 62 Blogposts in 2018 on https://mountainss.wordpress.com and shared them on LinkedIn,
    Twitter, Facebook and Microsoft Tech Community
  • Made a Blogpost Serie about :
    It’s all about your Datacenter transition to the Cloud by Design and by Security.
    Microsoft Azure Hub-Spoke model by Enterprise Design

  • Started Azure DevOps Community Group on LinkedIn
  • Together with Community Groups :  Microsoft Azure Monitor and Security for Hybrid IT and
    Containers in the Cloud

    @Jamesvandenberg
  • Welcome 577 New Followers on Twitter of the 5904 Followers 🙂
    More then 2.807.000 Tweet impressions in One year !
  • Started with Friday is MVPbuzz Day for Education to get Azure Cloud in the Classroom, working together with Teachers and Students in my Free time.
  • Working with Microsoft Learn in Teams for the Students.
  • Meetings and Speaking for Education, all about Azure and AzureStack Technologies.
  • Conferences, like the Global MVP Summit 2018, DevOps Amsterdam, Community Group meetings.
    Microsoft Ignite, Microsoft Build, Microsoft Connect events.
  • Almost every week Microsoft Product Group Intervention (PGI) sessions Online.
  • Sharing the News every Day via Twitter, Facebook, LinkedIn, Microsoft Tech Community, Blog

But what is coming in 2019 ?

Rocking with Azure in the Classroom !

I will continue every day sharing knowledge with the Community and continue my Free work on MVPbuzz Friday for Education to get Azure Cloud Technology in the Classroom for Teachers and Students.
The trend I see for 2019 is more Infrastructure and Security by Code with Microsoft Azure DevOps
and of course you have to be in Control with Microsoft Azure Monitor

I will write a blogpost in January 2019 about Microsoft Azure Hub-Spoke model by Enterprise Design 4 of 4 : Optimize your Azure Workload.

More Items in 2019 to come :

  • Microsoft Azure Security Center for Hybrid IT
  • Windows Server 2019 in combination with Azure Cloud Services.
  • More on Containers in the Cloud
  • Azure Stack and ASDK
  • Integration with Azure Cloud.
  • API Management
  • Azure DevOps Pipelines and Collabration
  • Azure IoT for Smart Cities and Buildings combined with AI Technology

2019 will be a Great year again with New Microsoft Technologies and Features for your business.


Leave a comment

#Microsoft Azure Hub-Spoke model by Enterprise Design 2 of 4 Lift and Shift #Azure #Hyperv #VMware

Microsoft Azure Hybrid Cloud Architecture HUB-Spoke Model

Microsoft Azure Hub-Spoke model

This blogpost about Microsoft Azure Hub-Spoke model by Enterprise Design 2 of 4 “Lift and Shift” is part of a Datacenter transition to Microsoft Azure Intelligent Cloud. It’s talking about Azure Architecture, Security, Assessment, Azure Policy, and implementation of the design. Here you find the first blogposts :

It’s important for your business to have your Azure Architectural design with Security in place before you start your “Lift and Shift” actions, think about Identity Management and Provisioning, RBAC for your Administrators and Super Users with Two-Factor Authentication. Security with Network Security Groups and Firewalls 

Azure Multi-Factor-Authentication (MFA)

Microsoft Azure Hub-Spoke model : “Lift and Shift”

 

Microsoft Azure HUB subscription for “Lift and Shift”

To “Lift and Shift” to the Azure HUB Subscription we have the following in place by Design :

  1. Azure Scaffold and Hierarchy (Governance)
  2. Virtual Networks (VNET) with the Subnets and IP-Number plan
  3. ExpressRoute VPN Connection with a backup failover Site-2-Site VPN connection to Azure.
  4. Resource Groups, like Active Directory, ADFS Farm, Authentication, SQL Backend.
  5. Resource Policies
  6. Resource Locks
  7. Network Security Groups (NSG)
  8. DNS
  9. Azure Firewall
  10. Azure internal Load Balancers.
  11. Azure Storage Accounts
  12. Azure Virtual Machine sizes
  13. Azure Virtual Machine Image
  14. Managed Disks and Encryption.
  15. Redundancy for Virtual Machines
  16. Azure Key Vault for Encryption.
  17. Azure Recovery Vault ( Backup)
  18. Azure Policy
  19. Managed Identities, Azure MFA, RBAC,ADFS
  20. Azure Monitor
  21. Azure Naming Convention
  22. Azure Tagging
  23. Azure Cost Management
  24. ARM (JSON) Deployment template (for New requests)

To help you more with your Azure Virtual Datacenter have a look here

 

Azure Hierarchy

Azure Scaffold

When creating a building, scaffolding is used to create the basis of a structure. The scaffold guides the general outline and provides anchor points for more permanent systems to be mounted. An enterprise scaffold is the same: a set of flexible controls and Azure capabilities that provide structure to the environment, and anchors for services built on the public cloud. It provides the builders (IT and business groups) a foundation to create and attach new services keeping speed of delivery in mind. Read more hereI did the “Lift and Shift” between quotes because it’s important to follow the process workflow to be successful in your Datacenter transition to the Microsoft Azure Cloud.

 

Here you find all the Microsoft Azure Migration information

 

 

App Migration to Azure: Your options explained by Jeremy Winter

The Azure Migrate service assesses on-premises workloads for migration to Azure. The service assesses the migration suitability of on-premises machines, performs performance-based sizing, and provides cost estimations for running on-premises machines in Azure. If you’re contemplating lift-and-shift migrations, or are in the early assessment stages of migration, this service is for you. After the assessment, you can use services such as Azure Site Recovery and Azure Database Migration Service, to migrate the machines to Azure.

In your datacenter you got all kind of different workloads and solutions like :

  • Hyper-V Clusters
  • VMware Clusters
  • SQL Clusters
  • Print Clusters
  • File Clusters
  • Web Farm
  • Two or three tiers solutions
  • Physical Servers
  • Different Storage solutions

When you do your Datacenter Assessment it’s important to get your workloads visible, because “Lift and Shift” with Azure Site Recovery (ASR) of a Virtual Machine is an different scenario then SQL database migration to Azure. That’s why Microsoft has different tooling like :

To get your dependencies in your Datacenter on the map, Microsoft has Azure Service Maps.

Service Map automatically discovers application components on Windows and Linux systems and maps the communication between services. With Service Map, you can view your servers in the way that you think of them: as interconnected systems that deliver critical services. Service Map shows connections between servers, processes, inbound and outbound connection latency, and ports across any TCP-connected architecture, with no configuration required other than the installation of an agent.

This is very handy to get insides of your Datacenter communication workloads.

More information on using Azure Service Maps here

Installation example of Hyper-V Virtual Machines with ASR

In the following step-by-step guide we will install the Azure Site Recovery Agent on a Hyper-V host and migrate a virtual machine to Microsoft azure in a “Lift and Shift” way.

First create a Recovery Services Vault => Click Add.

Then you go to your new created Recovery Vault and click on Getting started for Site Recovery. => Prepare infrastructure and follow the steps.

When you have selected Hyper-V VM to Azure, the next step is the ASR Deployment Planner tool kit. Here you find more information on Azure Site Recovery Deployment Planner user guide for Hyper-V-to-Azure production deployments.

Then in step 3 you will make your Hyper-V Site in Microsoft azure with the Right Hyper-V Servers.

Give your Hyper-V Site the right name, especially when you have a lot of Hyper-V Clusters with Different workloads.

Here is where the registration begins with the Azure Site Recovery (ASR) Agent installation on your Hyper-V Host.
Follow the five steps and make sure your Hyper-V Node can access Azure via secure port 443(https) via Proxy or firewall rules.

Install as Administrator the AzureSiteRecoveryProvider.exe file on the Hyper-V host.

Click on Next

Choose your Installation location and Click on Install.

The Azure Site Recovery agent is installed and need to be registered with your Azure Recovery Vault.
For this you need the key file from the Azure portal to download at step 4. Click on Register.

Browse to your downloaded key file from the Azure Portal Recovery Vault and click on Next.

When you have a proxy you can select that, otherwise select Next.

Now your Azure ASR Agent on Hyper-V is registered with your Azure Site Recovery Vault.

In the Azure Portal you will see your Hyper-V Node, in my Demo LAB it’s WAC01.MVPLAB.LOCAL.

In the next step you can choose an existing Storage account, or a new one with different specifications.

Check also after storage your network in azure.

In this step we create the replication policy.

Set your own settings.

The Replication policy is added to the configuration.

When you click on OK the Infrastructure is done.

We are now going to enable the replication :

Select your Source and location.

here you select your target Storage account, Resource Group and Network.

The connections are made between Hyper-V, ASR Vault and Storage.

Select the Virtual Machine(s) from the Hyper-V host to replicate for migration with ASR

Configure the properties.

Click on OK

From here the Replication will begin from Hyper-V Host to Azure  🙂

Azure Sire Recovery Replication Job status.

Replicated item(s)

To make your recovery plan and do the failover for migration to azure, you have to wait until the first replication is done for 100%.

Azure Site Recovery Plan for failover (Migration)

Make recovery Plan.

Click OK

The Target in the recovery plan can only be selected when the first replication is done.

Overview of the Azure Site Recovery Migration failover.

From the Hyper-V Host you can pause or see the replication health status.

Hyper-V Health Status

Azure Migrate Virtual Machines using Azure Site Recovery video with Microsoft Jeff Woolsey

Microsoft Azure Data Migration Assistant

To migrate your SQL Backend to Microsoft Azure, use this step-by-step instructions help you perform your first assessment for migrating to on-premises SQL Server, SQL Server running on an Azure VM, or Azure SQL Database, by using Data Migration Assistant.

Conclusion :

“Lift and Shift” Migration of your complete datacenter exists of different scenarios for your workloads to Microsoft Azure. With that said, Microsoft has for each scenario tooling available to get the job done. It’s all about a good Architectural Design, Security in place, People and process to get your Intelligent Azure Cloud up and running for your Business.

Next Blogpost Microsoft Azure Hub-Spoke model by Enterprise Design 3 of 4 :
SQL assessment and Data Migration to Azure


Leave a comment

BlueHat v18 Hardening #Hyperv through offensive security research #Security #Bluehatv18 #Bluehat

BlueHat v18 || Hardening Hyper-V through offensive security research

From Microsoft Security Response Center (MSRC) :

“Humans are susceptible to social engineering. Machines are susceptible to tampering. Machine learning is vulnerable to adversarial attacks. Singular machine learning models can be “gamed” leading to unexpected outcomes.”

In this talk, they compare the difficulty of tampering with cloud-based models and client-based models. Then discuss how they develop stacked ensemble models to make machine learning defenses less susceptible to tampering and significantly improve overall protection for customers. They talk about the diversity of base ML models and technical details on how they are optimized to handle different threat scenarios. Lastly, they describe suspected tampering activity they have witnessed using protection telemetry from over half a billion computers, and whether mitigation worked.

BlueHat v18 Content Now Available


Leave a comment

Watch the Live Stream Today of #Microsoft Ignite 2018 in Orlando 24 – 28 September #MSIgnite #Azure #Cloud #DevOps and More


Don’t miss the Live Stream of Microsoft Ignite 2018

Get the latest insights and skills from technology leaders and practitioners shaping the future of cloud, data, business intelligence, teamwork, and productivity. Immerse yourself with the latest tools, tech, and experiences that matter, and hear the latest updates and ideas directly from the experts.

Watch live https://www.microsoft.com/en-us/ignite as Microsoft CEO Satya Nadella lays out his vision for the future of tech, then watch other Microsoft leaders explore the most important tools and technologies coming in the next year. After the keynotes, select Microsoft Ignite sessions will stream live—take a deep dive into the future of your profession.


More then 700+ Sessions and 100+ Expert-led and self-paced workshops


#MSIgnite



Leave a comment

Deep dive on Windows Server 2019 Updates by @WSV_GUY #Winserv #WAC #Hyperv

Deep Dive into Windows Server 2019 Updates with Jeff Woolsey Principal PM of the Windows Server Team.

What’s New in Windows Server 2019 Insider Preview Builds :

See here what’s New in Windows Server 2019 Insider Preview Builds

Windows Insider Program for Server allows you deploy the Windows Server 2019 Insider Preview builds in your enterprise. The docs cover the new enterprise features we’d like you to test and describes how to do the most common tasks.

Windows Insider Server program:
https://aka.ms/WindowsServerInsider
Download Windows Server 2019 preview:
https://aka.ms/WindowsServer2019Preview
Windows Admin Center:
https://aka.ms/DownloadWAC

Download Windows Server 2019 Insider Preview and Windows Admin Center Now !


Leave a comment

Connecting Windows Admin Center to #Microsoft Azure Subscription #WAC #Azure

To allow the Windows Admin Center gateway to communicate with Azure to leverage Azure Active Directory authentication for gateway access, or to create Azure resources on your behalf (for example, to protect VMs managed in Windows Admin Center using Azure Site Recovery), you will need to first register your Windows Admin Center gateway with Azure. You only need to do this once for your Windows Admin Center gateway – the setting is preserved when you update your gateway to a newer version.

In the following Step-by-Step Guide you will connect Windows Admin Center to your Microsoft Azure Subscription.

From here you have to copy the device Code and hit the Link device login ( https://aka.ms/devicelogin )
This will make the connection between Windows Admin Center and your Azure Subscription.

Paste the Code into here and Click on Continue.

Sign in your Azure Subscription.

From here you are connected to your Azure Subscription.

Select the right Azure Tenant and Click on Register.

Go to the Azure AD App Registration link.

Click on Settings


Click on Required Permissions and then on Grant permissions

Click on Yes.

Windows Admin Center has now Permission.

Microsoft Windows Admin Center (WAC) Gateway is now registered to your Azure Subscription and you can use Azure AD Multi-Factor Authentication and Azure Site Recovery to protect your Virtual Machines with WAC.

IMPORTANT : Before you can add Microsoft Azure VM’s to Windows Admin Center, you have to set the Azure Network Firewall portal settings and also the Microsoft Windows OS Firewall of the VM.

Networking Settings of the Azure VM.

Open for http WAC port 5985 and for https 5986.

To make the port more Secure you have these Options in the Firewall rule.

Now you have done this for Azure Networking in the portal, you have to do the same in the Firewall settings of the Virtual Machine Inside.

Allow Port 5985 and 5986.

More information about Azure Integration in Windows Admin Center here

 

Here you see my Azure VM in Windows Admin Center On-Premises.

Here you see my Azure Data Science VM in the Cloud via Windows Admin Center 😉