Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management


Leave a comment

Don’t Miss this Awesome #Microsoft BUILD 2019 Event! #Azure #Cloud #MSBuild

Download the Mobile App here

Seattle May 6-8, 2019

Watch live as technology leaders from across industries share the latest breakthroughs and trends, and explore innovative ways to create solutions. After the keynotes, select Microsoft Build sessions will stream live—dive deep into what’s new and what’s next for developer tools and tech.

 

Watch the livestream here: https://www.microsoft.com/en-us/build

  • Discover and experience new ways to build, modernize, and migrate your applications. Get hands-on experiences with tools like Azure Kubernetes Service (AKS) that can help you dynamically scale your application infrastructure.
  • Quickly and easily build, train, and deploy your machine learning models using Azure Machine Learning, Azure Databricks, and ONNX. Uncover insights from all your content—documents, images, and media—with Azure Search and Cognitive Services.
  • Join Microsoft for hands-on learning to discover how tools like Visual Studio live share can help you collaborate with your peers instantly.
  • Come learn how to build an end-to-end continuous delivery pipeline that is fast and secure with Azure DevOps technologies. Spend less time maintaining your toolset and more time focusing on customer value.
  • Understand how frameworks like Xamarin and .NET can help you reach customers on all platforms. Learn how to use the same languages, APIs, and data structures across all mobile development platforms.
  • Learn how mixed reality helps you bring your work and data to life when you need it, and where you need it. Start building secure, collaborative mixed reality solutions today using intelligent services, best-in-class hardware, and cross-platform tools.
  • Learn to connect your devices to the cloud using flexible IoT solutions that integrate with your existing infrastructure. Collect untapped data and form valuable insights that help you create better customer experiences and generate new streams of revenue.

Book your Microsoft Build 2019 sessions via the BUILD Scheduler

Vision Keynote by CEO Satya Nadella

 

 

Windows Insider Program

Azure DevOps

Azure Monitor

Containers

Have a good look which sessions to follow because there are 431 sessions 👍🚀

JOIN Azure DevOps Community

https://www.linkedin.com/groups/12139259/ 

JOIN Containers in the Cloud Community

https://www.linkedin.com/groups/13539967/ 

JOIN Azure Monitor and Security Community https://www.linkedin.com/groups/13517115/ 


Leave a comment

#Microsoft SQL Always-On Cluster vs #SQL Managed Instance in #Azure

SQL Always-On Cluster in Azure

Before we start with building this SQL Always-On Cluster we already have some Azure SDK Components Active in the Azure Subscription to work with:

  • Virtual Network VNET-001 is already installed
  • Subnet-SQL and Subnet-Domaincontrollers
  • Network Security Groups (NSG) with the right rules active
  • Two domain controllers
  • Azure Keyvault ( for disk Encryption)

We deployed three Virtual Machines in an Availability Set :

  • Primary SQL Node VM01
  • Secondary SQL Node VM02
  • Witness Server

The deployment was with ARM Template :

VM Deployment

Copy and paste the JSON in your template editor like Visual Studio Code for Example or in the Azure Portal Template builder.

Visual Studio Code

Azure Portal Template

Read more how to deploy ARM Templates via Microsoft Azure Portal here

You also can create a Private or Public Repository on GitHub and store your ARM Templates there in a Library.

GitHub Learning Lab
Learn new skills by completing fun, realistic projects in your very own GitHub repository. Get advice and helpful feedback from our friendly Learning Lab bot.

Create a SQL Server 2014 Always On Availability Group in an existing Azure VNET and an existing Active Directory instance via GitHub :

https://github.com/Azure/azure-quickstart-templates/tree/master/sql-server-2014-alwayson-existing-vnet-and-ad

Configure Always On Availability Group in Azure VM manually :

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sql/virtual-machines-windows-portal-sql-availability-group-tutorial

Important Tip :

Don’t forget to get the right connectivity between Azure Load Balancer and the SQL Always-On Listener :

## Get the Cluster Resource Information:
Clear-Host
Get-ClusterResource `
| Where-Object {$_.ResourceType.Name -like “IP Address”} `
| Get-ClusterParameter `
| Where-Object {($_.Name -like “Network”) -or ($_.Name -like “Address”) -or ($_.Name -like “ProbePort”) -or ($_.Name -like “SubnetMask”)}

#############################################################

## Set Cluster Parameters:
$ClusterNetworkName = “Cluster Network 1” # the cluster network name (Use Get-ClusterNetwork on Windows Server 2012 of higher to find the name)
$IPResourceName = “IPlistener” # the IP Address resource name
$ListenerILBIP = “10.x.x.x” # the IP Address of the Internal Load Balancer (ILB). This is the static IP address for the load balancer you configured in the Azure portal.
[int]$ListenerProbePort = 80

Import-Module FailoverClusters

Get-ClusterResource $IPResourceName | Set-ClusterParameter -Multiple @{“Address”=”$ListenerILBIP”;”ProbePort”=$ListenerProbePort;”SubnetMask”=”255.255.255.255″;”Network”=”$ClusterNetworkName”;”EnableDhcp”=0}

############################################################

Before you start with your SQL workloads from On-premises Datacenter on Microsoft Azure, have a look if PaaS Azure SQL Managed Instances is something for your Organization with all the benefits.

What is Microsoft Azure SQL Managed Instance?

Managed instance is a new deployment option of Azure SQL Database, providing near 100% compatibility with the latest SQL Server on-premises (Enterprise Edition) Database Engine, providing a native virtual network (VNet) implementation that addresses common security concerns, and a business model favorable for on-premises SQL Server customers. The managed instance deployment model allows existing SQL Server customers to lift and shift their on-premises applications to the cloud with minimal application and database changes. At the same time, the managed instance deployment option preserves all PaaS capabilities (automatic patching and version updates, automated backups, high-availability ), that drastically reduces management overhead and TCO.

Read here more on Microsoft Docs about Azure SQL Services

Conclusion :

When you have a lot of SQL workloads and want to go to Microsoft Azure Cloud Services, analyze your existing workloads well and have a look first at Microsoft Azure SQL Managed Instances. With this Azure PaaS Service, you don’t have to manage the Complete Infrastructure like in a SQL Always-On Cluster (IaaS).

Have a good look at the requirements and Microsoft Data Migration Services can help you out.

SQL Server instance migration to Azure SQL Database managed instance

 


Leave a comment

Inside Azure Management (Preview) Free E-Book #Azure #Cloud #Management #MVPBuzz

Inside Azure Management

This Awesome Inside Azure Management E-book is a must have with Great content !

Chapter 1 – Intro
Chapter 2 – Implementing Governance in Azure
Chapter 3 – Migrating Workloads to Azure
Chapter 4 – Configuring Data Sources for Azure Log Analytics
Chapter 5 – Monitoring Applications
Chapter 6 – Monitoring Infrastructure
Chapter 7 – Configuring Alerting and notification
Chapter 8 – Monitor Databases
Chapter 9 – Monitoring Containers
Chapter 10 – Implementing Process Automation
Chapter 11 – Configuration Management
Chapter 12 – Monitoring Security-related Configuration
Chapter 13 – Data Backup for Azure Workloads
Chapter 14 – Implementing a Disaster Recovery Strategy
Chapter 15 – Update Management for VMs
Chapter 16 – Conclusion

It’s all about Azure Management in the Cloud written by Great Microsoft MVP’s.
Download the Free Inside Azure Management E-book here

 

Follow the Authors here :  Tao Yang, Stanislav Zhelyazkov, Pete Zerger, and Kevin Greene, along with Anders Bengtsson, CSA for Microsoft.

Thank you for all the work guys and Congrats on this Awesome E-Book ! 😉


Leave a comment

#Microsoft Azure Sentinel (Preview) Overview #Azure #Sentinel #Security #Analytics #SIEM

 

Microsoft Azure Sentinel

Microsoft Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.

  • Collect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds.
  • Detect previously undetected threats, and minimize false positives using Microsoft’s analytics and unparalleled threat intelligence.
  • Investigate threats with artificial intelligence, and hunt for suspicious activities at scale, tapping into years of cyber security work at Microsoft.
  • Respond to incidents rapidly with built-in orchestration and automation of common tasks.

In the following step-by-step guide you get a global overview of Azure Sentinel :

Search for Azure Sentinel in the Azure Portal.

Click on Create

Connect or add your Workspace.

Click on Add Azure Sentinel

Azure Sentinel is added to your workspace.

Azure Sentinel Overview

Security Analytics

Learn here more with Microsoft Azure Monitor analytics queries

Here you can play with Azure Log Analytics 😉

Here you can collect all your Security Cases

Azure Sentinel Build-In Dashboard Solutions

Azure AD Audit Logs

 

Linux Machines Security

When you have your Azure Sentinel Solutions in place with alerting rules and telemetry and analytics is coming to your workspace, Hunting is the next Threat management tool :

Azure sentinel Hunting

Working with Tags and Collaborate with Teammates

Launch Investigations and Bookmark

Working with Azure Notebooks for Azure Sentinel

Welcome to the Azure Sentinel repository! This repository contains out of the box detections, exploration queries, hunting queries, dashboards and playbooks to help you get ramped up with Azure Sentinel and provide you security content to secure your environment and hunt for threats. You can also submit any issues or feature requests as you onboard to Azure Sentinel. For questions and feedback, please contact AzureSentinel@microsoft.com

Azure Sentinel Notebooks on GitHub

 

Get started from here to Configure your Azure Sentinel Environment

Choose your Data Collections for Azure Sentinel Security

Lot of Choice already Build-in for you.

From here you can make your own Azure Sentinel Analytics Alert Rules.

Alert Rules

Create Alert rules with the right mappings, triggers, and scheduling, response automation.

Add your own playbooks for your Security

Unlock the power of AI for security with Machine Learning

Machine Learning in Azure Sentinel is built-in right from the beginning. We have thoughtfully designed the system with ML innovations aimed to make security analysts, security data scientists and engineers productive. One such innovation is Azure Sentinel Fusion built especially to reduce alert fatigue.

Building your Full Screen Dashboard for Monitoring

More information about Azure Sentinel Intelligent Security :

Start here free with Azure Sentinel Preview

Microsoft azure Sentinel Docs

Microsoft Azure Sentinel on GitHub

Join Microsoft Azure Monitor & Security for Hybrid IT Community

 


Leave a comment

Learn Azure in a Month of Lunches Free E-book #Azure #Cloud #Education

Learn Azure in a Month of Lunches breaks down the most important Azure concepts into bite-sized lessons with exercises and labs—along with project files available in GitHub—to reinforce your skills. Learn how to:
Use core Azure infrastructure and platform services—including how to choose which service for which task.
Plan appropriately for availability, scale, and security while considering cost and performance.
Integrate key technologies, including containers and Kubernetes, artificial intelligence and machine learning, and the Internet of Things.

You can download the Free Learn Azure in a Month of Lunches E-book here


Leave a comment

Optimize Security and Compliancy with #Azure Security Center #ASC #Cloud #GDPR

Microsoft Azure Security Center

When you have your Hybrid Cloud Enterprise Design ready in a Microsoft HUB-Spoke model and your Security in place, you can do your optimize on your Azure workloads and keep up-to-date for your compliancy. Microsoft Azure Security Center can support you in Security and Compliancy (GDPR). Here you see my former blogposts about Microsoft Azure HUB-Spoke model architecture and Security by design :

  1. Microsoft Azure Hub-Spoke model by Enterprise Design 1 of 4
  2. Microsoft Azure Policy and BluePrints Overview (Extra Blogpost)
  3. Microsoft Azure Hub-Spoke model by Enterprise Design 2 of 4 “Lift and Shift”
  4. Microsoft Azure Hub-Spoke model by Enterprise Design 3 of 4 Data Migration
  5. Managing and Working with Azure Network Security Groups (NSG) 

Security in software is always on the move and changing in this world, when you think you are ready something has changed already. That’s why I love Microsoft Azure Security Center to keep you posted and giving you advise on Security but also on Compliancy.

From here you see a high-level overview of these new possibilities in Microsoft Azure Security Center :

Security Center Overview

Microsoft Azure Security Center is working with the following navigation menu’s on the left :

  • General
  • Policy & Compliance
  • Resource Security Hygiene
  • Advanced Cloud Defense
  • Threat Protection
  • Automation & Orchestration

Microsoft Azure Secure Score Dashboard

Microsoft Azure Security Center is working with Overall Secure Score. In my Test LAB we have some work to do 😉
The Azure secure score reviews your security recommendations and prioritizes them for you, so you know which recommendations to perform first. This helps you find the most serious security vulnerabilities so you can prioritize investigation. Secure score is a tool that helps you assess your workload security posture.
Improve your secure score in Azure Security Center

Azure Security Center Recommendations

Microsoft Azure Security Center gives you advise to make your Security Score higher and you can improve immediately.

Open Subnet without NSG.

From here you can Enable a Network Security Group (NSG) on the Subnet and make your network more secure.

Creating NSG from Azure Security Center.

A subnet with NSG.

Azure Security Center Advise on Disk Encryption

  1. Description on Applying Disk Encryption on your Virtual Machines
  2. General Information, with Impact and Implementation Cost.
  3. Threats, what can happen when you don’t implement the security.
  4. Remediation Steps from Microsoft Azure Security Center
    Like this : Managing security recommendations in Azure Security Center

Security Center – Regulatory Compliance

I really like this feature in Azure Security Policy & Compliancy to help the business with GDPR and keep your Data Save by Security.

PCI DSS 3.2

ISO 27001

So now you can work on your Security and Compliance

SOC TSP

Here you find more information about Microsoft Azure Security Center

Microsoft Azure Security Center Playbooks

Integrate security solutions in Azure Security Center

 

Conclusion :

Security is a on-going process 24 hours -365 days to monitor, analyze, and prevent security issues. Working on Compliancy for your Business and making your own Security policies is important. Microsoft Azure Security Center can support you in this journey. When you Optimize your Azure workloads or make new solutions in Azure, keep it secure with Microsoft Azure Security Center.


Leave a comment

Whitepaper Achieving Compliant Data Residency and Security with #Azure #Cloud

Introduction

Security and compliance–basic elements of the trusted cloud–are top priorities for organizations today. This paper is designed to help customers ensure that their data is handled in a manner that meets their data protection, regulatory, and sovereignty requirements on the global cloud architecture of Microsoft Azure. Transparency and control are also essential to establishing and maintaining trust in cloud technology. Microsoft recognizes that restricted and regulated industries require additional details for their risk management and to ensure compliance at all times. Microsoft provides an industry-leading security and compliance portfolio. Security is built into the Azure platform, beginning with the development process, which is conducted in accordance with the Security Development Lifecycle (SDL), and includes technologies, controls and tools that address data management and governance, Active Directory identity and access controls, network and infrastructure security technologies and tools, threat protection, and encryption to protect data in transit and at rest. Microsoft also provides customers with choices to select and limit the types and locations of data storage on Azure. With the innovation of the security and compliance frameworks, customers in regulated industries can successfully run mission-critical workloads in the cloud and leverage all the advantages of the Microsoft hyperscale cloud. This simple approach can assist customers in meeting the data protection requirements of government regulations or company policies by helping them to:

Understand data protection obligations.

Understand the services and controls that Azure provides to help its customers meet those obligations.

Understand the evidence that customers need to assert compliance.

The paper is structured into these three sections, with each diving deeper into the security and technologies that help Microsoft customers to meet data protection requirements. The final section discusses specific requirements to which industries and organizations in selected European markets are subject.

Download this Awesome whitepaper, “Achieving compliant data residency and security with Azure.”

Learn here more on Compliance, Trust, Security and Responsibilities