Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management


Leave a comment

Windows Admin Center and Deploying Windows Server Insider Build 25099 Core #WindowsAdminCenter #Winserv #WIMVP

Windows Admin Center Version 2110.2 Build 1.3.2204.19002

Windows Admin Center is a customer-deployed, browser-based app for managing servers, clusters, hyper-converged infrastructure, and Windows PCs. It comes at no additional cost beyond Windows and is ready to use in production. Learn more about Windows Admin Center.

Benefits

  • Simple and modern management experience
  • Hybrid capabilities
  • Integrated toolset
  • Designed for extensibility

Languages
Chinese (Simplified), Chinese (Traditional), Czech, Dutch (Netherlands), English, French, German, Hungarian, Italian, Japanese, Korean, Polish, Portuguese (Brazil), Portuguese (Portugal), Russian, Spanish, Swedish (Sweden), Turkish

In the following step-by-step guide I will deploy Windows Server 2022 Insider Build 25099 Core Edition with Windows Admin Center tool together with some great features for managing Windows Servers in a secure hybrid way with Microsoft Azure Cloud services. Like Azure Defender for Cloud, Azure Backup Vault, Azure Monitor, Security and more.
So I have Windows Admin Center 2110.2 installed and I have a Windows Server 2022 Hyper-V Server for my Virtual Machines in my MVPLAB Domain.
Now we will deploy the new Windows Server 2022 Insider Preview Build 25099.

In WAC on my Hypervisor in Virtual Machines

When you explore and open your Hyper-V Host and go to Virtual Machines, you can Click on Add and then on New for Creating your Windows Server Insider VM.

Create a New Windows Server Insider VM called StormTrooper01

Here you can configure your new Windows Server 2022 Insider VM with the following :

  • What kind of Generation VM (Gen 2 Recommended)
  • The path of your Virtual Machine and the path of your virtual disk(s)
  • CPU and you can make nested Virtualization too
  • Memory and use of Dynamic Memory
  • Network select the Virtual Switch
  • Network Isolation by VLAN
  • Storage, Create the size of the Virtual Disk. Choose an ISO or Select an existing VHD(x)

I Created a New 70GB OS Disk
and I want to Install the New Windows Server Insider OS from ISO.
Click on Browse

Here you Browse Default on your Hyper-V Host and select the ISO.

When the Windows Server ISO is selected you can hit Create

We get the Notification that the virtual machine is successfully created.

Only the Virtual Machine is now made with your specs and visible on the Hyper-V Host.
Select the New Virtual Machine (StormTrooper01) click on Power and hit Start.

After you started the VM, you can double click on it and go to Connect.
Click on Connect to the Virtual Machine.

Now you are on the console via VM Connect.

Click on Install Now

We are installing Windows Server 2022 Insider Core edition, because we have WAC 😉

Installing Windows Server 2022 Insider Core Preview Build 25099 via Windows Admin Center

Create New Administrator Password.

And here we have Sconfig of the Windows Server 2022 Core.
via Virtual Machine Connect.

Now we can add and connect the New Virtual Machine with Windows Server 2022 Insider Preview Build in Windows Admin Center via IP-Address.

The Next step is to join the Windows Server 2022 Insider to my Domain MVPLAB.

Click on the Top on Edit Computer ID
Click on Domain and type your domain name.
Click op Next
Add your administrator account for joining the server
Reboot the VM.

Windows Server 2022 Insider Preview Core edition is domain joined.

Now we have the New Microsoft Windows Server 2022 Insider Preview Build 25099 running in Windows Admin Center, we can use all the tooling provided by WAC also in a Azure Hybrid way. Think about Azure Defender for Cloud, Azure Monitor. In Microsoft Windows Admin Center we also have a topic Azure Hybrid Center :

Here you see all the Azure Hybrid benefit features for your Windows Server 2022 Insider.

  • Microsoft Azure Arc
  • Azure Backup
  • Azure File Sync
  • Azure Site Recovery
  • Azure Network Adapter
  • Azure Monitor
  • Azure Update Management
  • and More…

Microsoft Azure and the Windows Admin Center Team made the wizards customer friendly and easy to get those Azure Hybrid services for your Windows Server.
When you have your Server running, you want to make backups and Monitoring your Server for management. And after that you want to be in control of your security of your new Server. In the following steps you see some examples on the same Windows Server 2022 Insider Preview Build:

Microsoft Azure Backup via WAC

Click on Azure Backup
Select your Azure Subscription and the Azure Backup Vault.
Select your data and make the schedule.

Enter the Encryption passphrase and Apply.

Here you have Azure Backup Vault working together with WAC.

Azure Defender for Cloud Security

Click op Microsoft Defender for Cloud
Click on Setup
Add the right Azure Subscription and Workspace
Click on Setup.

Configuring Azure Defender for Cloud agent and Subscription.

Azure Defender for Cloud in Windows Admin Center on your Windows Server 2022 Insider Preview Build.

In Windows Admin Center there is also a Security tab for the Windows Server.

Here you can see your Secured-Core status

Here you can see if your system is supported for this security features 🙂

Enable the supported features and Restart de Virtual Machine.

And here you see my status overview.

Further more you can manage RBAC in Windows Admin Center when you have to work with different kind of users.

You can find RBAC in settings.

Conclusion

Windows Server Insider Core edition and Windows Admin Center are working better together! You have all the tools you need to startup your Windows Server and
manage it with WAC. Windows Admin Center is getting better and better to manage your Hybrid Datacenter and keep you as an Administrator in Control!
So is how I manage my MVPLAB but also for Production workloads I use Windows Admin Center and the Azure Portal together. With Microsoft Azure Arc Services
Azure Hybrid becomes your solution where Windows Admin Center can Support you with making Azure Stack HCI Clusters with Azure Kubernetes for your DevOps environment.

Windows Admin Center Community Group on LinkedIn


Leave a comment

Apply #security principles to your #architecture to protect against attacks on your data and systems

Hope you started year 2022 in Good Health in a difficult pandemic time.

Starting 2022 by asking yourself, how is your Security by Design doing in 2022
Your Security is one of the most important aspects of any architecture for your Business.
It provides confidentiality, integrity, and availability assurances against attacks and abuse of your valuable data and systems. Losing these assurances can negatively impact your business operations and revenue, and your organization’s reputation.

Here you find Awesome information about Applying security principles to your architecture to protect against attacks on your data and systems:

Microsoft Architecture and Security Docs

Here you find more information about NIST Cybersecurity Framework

The Microsoft Cybersecurity Reference Architectures (MCRA) describe Microsoft’s cybersecurity capabilities. These References and diagrams can support you with implementing Security by design.

Microsoft Defender for Cloud

Microsoft Defender for Cloud (formerly known as Azure Security Center) community repository. This repository contains:

  • Security recommendations that are in private preview
  • Programmatic remediation tools for security recommendations
  • PowerShell scripts for programmatic management
  • Azure Policy custom definitions for at-scale management of Microsoft Defender for Cloud
  • Logic App templates that work with Defender for Cloud’s Logic App connectors (to automate response to Security alerts and recommendations)
  • Logic App templates that help you run regular tasks or reports within the scope of Microsoft Defender for Cloud
  • Custom workbooks to visualize Defender for Cloud data

Become a Microsoft Defender for Cloud Ninja

Security and Learning is a ongoing process, I always say Learning on the Job 😉 is important to keep Up-to-Date every day of the week. Microsoft Tech Community platform and Microsoft Learning can support you to get the knowledge.

Become a Microsoft Defender for Cloud Ninja here

Conclusion

Microsoft and the community has a lot of good security information to start with for your Data and Systems to keep your business solution as save as possible. Here they write New blogposts for the community about Defender for Cloud

Keep in Mind “Security is only as strong as the weakest component in the Chain”

So keep your Security up-to-date and do assessments on vulnerabilities to keep your data and systems secure. Monitoring => Alerting => Remediation is 24/7/365 Process with Security people in the business.


Leave a comment

Happy Holidays and I wish you a Healthy 2021 #Azure #Cloud #MVPBuzz #Winserv #Security #Healthcare

It’s a year full of misery with the Covid-19 virus around the world. People who lose their loved one, It’s a very sad time for all of us! Microsoft technologies are still going on strong with new features in Azure Cloud Services but also supporting the people who are working in the healthcare, data analytics, Microsoft Teams for Collaboration and much more. But what I want to say to all HealthCare people over the world : THANK YOU SO MUCH FOR ALL THE WORK YOU DO 👍
I have deep respect for you all !
Community, Microsoft Product Teams, MVP Lead, WIndows Insiders, I wish you and your family happy holidays and a Healthy 2021 with lot of Success! 🎄😍

 


Leave a comment

Join Windows Server Summit 2020 #Winserv #AzureStackHCI #WindowsAdminCenter

Learn about the latest Windows Server features and capabilities—directly from the Microsoft product team. Watch demos and discover best practices to modernize your workloads, whether you’re running Windows Server on-premises, in a hybrid environment, or on Azure.

Discover what’s New and Register here

Azure Stack HCI in Windows Admin Center

Here you find more information about the Great Microsoft Product Group Speakers on this Windows Server Summit 2020 Online virtual Event


Leave a comment

Manage Servers On-premises with Microsoft Azure Cloud Services #Azure #Arc #Security #Cloud #AzureMonitor #ASC

Microsoft Azure Arc Servers On-Premises and Azure Cloud Services

Earlier I wrote a blogpost about Microsoft Azure Arc services installation to manage on-premises Servers with Azure Cloud Services, like Azure Monitor and Azure Security Centre from the Cloud.
Here in this post you will see the Newest Microsoft Azure Cloud Services to Manage and Monitor your Servers on-premises with security and compliance included.

Azure Arc Extensions settings of the Server.

Here you can see we have installed the Microsoft Monitoring Agent for Azure Monitor and log analytics, second we have installed the dependency Agent for Windows for
insights, Performance and Service maps. Here you find more information about Virtual machine extension management with Azure Arc for servers (preview)  

After initial deployment of the Azure Arc for servers (preview) Connected Machine agent for Windows or Linux, you may need to reconfigure the agent, upgrade it, or remove it from the computer if it has reached the retirement stage in its lifecycle. You can easily manage these routine maintenance tasks manually or through automation, which reduces both operational error and expenses.

Managing and maintaining the Connected Machine agent

Azure Arc Insights Performance monitor

The Azure Arc Insights Performance monitor is there by default and installed with the following dashboards :

  • CPU Utilization
  • Available Memory
  • Logical disk IOPS
  • Logical disk MB/s
  • Logical disk Latency
  • Max logical disk used %
  • Bytes Sent Rate
  • Bytes Received Rate

Azure Arc Logs Analytics

Of course you can make your own custom Dashboards in the Azure Portal with your own triggers, so in this way you get the same Azure Monitor Innovative Tools for your On-Premises Servers. 😉

Within Microsoft Azure Arc Insights, you can also see a Service Map of the Server

Here is were the dependency agent comes in, you get a service map of the Server and see the communication lines with other resources. In this picture you see Server Yoda01 a Domain Controller of my MVPLAB.
You can see that there are three Clients are logged on the domain controller.

Microsoft Azure Security Center for Azure Arc Servers

 

One of the most powerful and important features of Microsoft Azure Cloud platform is Security! Microsoft Azure Security Center (ASC) is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud – whether they’re in Azure or not – as well as on premises.

Here you see my Azure Arc Servers (On-Premises) in Azure Security Center.

Azure Arc Server in Azure Security Center recommendations Summary

Five security assessments passed the test, but Azure Security assessment has two recommendations one is Medium Risk and one low.

Here you see the Security advise and the Remediation to take action on your Server.

Microsoft Azure Security Center Overview with the Overall Secure Score.

Security controls – Each control is a logical group of related security recommendations, and reflects your vulnerable attack surfaces. A control is a set of security recommendations, with instructions that help you implement those recommendations. Your score only improves when you remediate all of the recommendations for a single resource within a control.

To immediately see how well your organization is securing each individual attack surface, review the scores for each security control.

 Here you find More information about Azure Security Center Secure Score

To get your Azure Arc Servers (On-premises) complaint for the business and security, you can use Microsoft Azure Arc Policies

Azure Arc Policies to meet your Compliance state.

Conclusion

Microsoft is bringing Azure Cloud Power tools everywhere with Azure Arc Services to give you modern tools like Azure Monitor and Azure Security Center to keep you in control, Secure and Compliant for your business. Keep following Microsoft for Hybrid IT Management, because more awesome features are added every day in Microsoft Azure Cloud Services. Let’s start to get your Azure Security Score UP and UP 😉


Leave a comment

Inside Azure Management E-Book Available ! #Azure #MVPBuzz #Management #Cloud

Inside Azure Management

This Inside Azure Management E-Book is a Must Have for All Azure Cloud Administrators! It’s made by Great Microsoft Most Valuable Professionals (MVP’s)
who are working always with Microsoft Azure Cloud Services. You can download this Awesome Inside Azure Management E-Book here.

If you want a hard copy of this Awesome E-Book you can order at Amazon

Here you can find the Authors of the Inside Azure Management E-Book on GitHub.

Thank you Guys for Sharing this with the Community 👍😎🚀


Leave a comment

#Microsoft Azure Migrate Assessments in Action #VMWare to #Cloud

Azure Migrate

This blogpost is about the Microsoft Azure Migrate tool in the Cloud doing Azure Migrate assessments to see if your on-premises Datacenter is ready for Azure Cloud Services. Before you migrate your workloads with Azure Migrate to the Microsoft Azure Cloud, you want to know the costs before the migration and what your options are in the transition. For example when you have hardware in your on-premises Datacenter which is too high qua hardware specs like Memory, CPU and storage and you can do with less Compute power, then the performance assessments are really interesting. From here you see a step-by-step guide for VMWare workload assessment(s) to Azure Cloud.

Azure Migrate preparation for VMware workload

When you search for ‘Azure Migrate’ in your Azure Subscription and click on the services you will see the Azure Migrate Overview screen. When you don’t have a Microsoft Azure subscription yet, you can get one here

Click on Assess and Migrate Servers.

Before we go further with the server migration assessments for VMware, there are more Azure Migration tools available to do assessments and migrations like the following goals :

 

For Databases Microsoft Azure Migrate uses the Data Migration Assistant for the Assessment and the Data migration to Azure SQL Cloud.
The Data Migration Assistant (DMA) helps you upgrade to a modern data platform by detecting compatibility issues that can impact database functionality in your new version of SQL Server or Azure SQL Database. DMA recommends performance and reliability improvements for your target environment and allows you to move your schema, data, and uncontained objects from your source server to your target server.

 

To identify the right Azure SQL Database / Managed Instance SKU for your on-premises Database you can use the CLI with a Script :

Here you find more detailed information about the Data Migration Assistant

When you have a Virtual Desktop Infrastructure on-premises and you want to migrate to Windows Virtual Desktop (WVD) you can use this Azure Migrate tool :

ISV Lakeside with SysTrack

You can vote for the tools or scenarios that you would like to be integrated with Azure Migrate via this Online form

When you are in the beginning of your Cloud Transition journey, what will go first to the Cloud?

  1. On-premises mail to Microsoft Office 365
  2. File Server Clusters to Office 365 into Teams, Onedrive for Business
  3. From Apps On-premises to SaaS or Paas solutions
  4. From On-premises Websites to Azure Cloud Solutions like Azure Web App.
  5. From SQL Clusters On-Premises to Azure SQL Managed Instances in the Cloud
  6. And at last Migrate Servers to Azure IaaS

Of course there are much more scenarios like Lift and Shift or modernize your workload in the Cloud like moving to Azure Kubernetes Services for example instead of IaaS Virtual Machines.

So when you want to start moving your On-premises Website(s) or WebApp, Microsoft Azure Migrate Services has a tool for that too :

Assess any app with an endpoint scan. Download the Migration Assistant and start your .NET and PHP app migration to Azure App Service.

Click on Assess

and from here you can plan your migration.

At last when you have to move a big enterprise On-premises Datacenter to the Azure Cloud with a lot of Servers for example 10.000, you can use Azure Data Box Migration
The Microsoft Azure Data Box cloud solution lets you send terabytes of data into Azure in a quick, inexpensive, and reliable way. The secure data transfer is accelerated by shipping you a proprietary Data Box storage device. Each storage device has a maximum usable storage capacity of 80 TB and is transported to your datacenter through a regional carrier. The device has a rugged casing to protect and secure data during the transit.

Azure Data Box

When you want to read more about Microsoft Azure Migrate go to the website.

Microsoft Azure Migrate assessment for VMware platform

First we make the Azure Migrate Project ready in the Microsoft Azure Portal.

Select the right Azure Subscription and Resource group to collect the metadata reported by your On-premises environment. Give your Migrate project a name and select the geography.

Here you can select from different Assessment Tools
Select Azure Migrate Server Assessment

Here you can select from different Migration Tools
Select Azure Migrate Server Migration

Add your Tools in the Azure Portal.

Here you see both Microsoft Azure Migrate tools for the Assessment and the Migration as well.
We are going for the Assessment quick start, so click on discover

From here we select with VMware vShere Hypervisor, so you can download the Azure Migrate Appliance for VMware ( 12GB Ova file).

You can also work with an Import CSV file but that’s Preview.

Now you can download and Install the Azure Migrate Virtual Appliance on VMware.
Follow the instructions here

When you have installed the Microsoft Azure Migrate Virtual Appliance for VMware successfully in your environment and has access to all the Virtual Machines then you can run the setup in the Appliance to make connectivity with your Azure subscription.

This will check all the prerequisites and get the updates.

Getting access to vCenter Server with the right permissions.

Now when your Azure Migrate Virtual Appliance for VMware is ready and collecting metadata, we see in the Microsoft Azure Portal the discovery running :

Discovery is in Progress.

After a view minutes we have discovered the Servers running on VMware platform On-premises.

Discovered Servers

Now we have the Servers in our metadata, we can do the Assessment(s) to get all the information we want for preparing to migrate to Azure Cloud Services. Click on Assess.

From here you give the Assessment a name and then you go to the properties of the assessment by clicking on View All

Here you can set the parameters for the assessment for example based on :

  1. Reserved instances
  2. Storage types
  3. Sizing criterion like Performance-Based
  4. Percentile Utilization
  5. Azure VM series to use
  6. Discount
  7. VM Uptime
  8. Offer pricing like Enterprise Agreement Support or Pay-As-You-Go
  9. Hybrid Benefit offer.

Here I made different Azure Migrate Assessment groups with different parameters to see the difference in Costs.

Here you see for example Migrate As Is On-Premises and Performance-Based, but also an Azure Migrate Assessment without SQL Cluster Nodes. In this way you can make your own Azure Migrate Assessment with all your Servers or just a view Servers of your On-premises solution which you want to Migrate to Azure Cloud Services.

Overview of your Azure Migrate Assessment

Server is ready for migration

 

Server Ready but with conditions

Microsoft Azure Migrate gives you all the information to make the right decisions to migrate you workload from VMware to Microsoft Azure Cloud. When the Azure Migrate Assessment(s) are ready you can make a CSV export file to check the information before you migrate.

Overview of the Azure Migrate Assessment

Azure Migrate Assessment based on Performance for the VM
and there is a separated tab for Storage.

When your assessment is done, you can do the migration by replicating them to Microsoft Azure.

Here you can see the Azure Migrate for VMware (Agentless) steps

More Microsoft Azure Feature resources :

Dependency mapping helps you to visualize dependencies across machines

Setup Agentless Dependency visualization for assessment (Preview) 

Assess the readiness of a SQL Server data estate migrating to Azure SQL Database using the Data Migration Assistant

Conclusion

Microsoft Azure Migrate gives you insight information about your own On-Premises Datacenter by doing assessments to get the right migration information to move to Microsoft Azure Cloud. It gives you Azure Cloud costs before you do any migration at all, based on Total Cost of Owner (TCO) ship you can calculate if your solution in the Microsoft Azure Cloud is cheaper or not. Realize that’s it is not always about the money but also :

  • Innovations
  • Time to market
  • New Features
  • Flexibility
  • Scalability
  • Availability
  • Not owning hardware anymore
  • Less management (Hardware)

Hope this blog post helps you by your transition journey to Microsoft Azure Cloud


Leave a comment

#Microsoft Azure Sentinel (Preview) Overview #Azure #Sentinel #Security #Analytics #SIEM

 

Microsoft Azure Sentinel

Microsoft Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.

  • Collect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds.
  • Detect previously undetected threats, and minimize false positives using Microsoft’s analytics and unparalleled threat intelligence.
  • Investigate threats with artificial intelligence, and hunt for suspicious activities at scale, tapping into years of cyber security work at Microsoft.
  • Respond to incidents rapidly with built-in orchestration and automation of common tasks.

In the following step-by-step guide you get a global overview of Azure Sentinel :

Search for Azure Sentinel in the Azure Portal.

Click on Create

Connect or add your Workspace.

Click on Add Azure Sentinel

Azure Sentinel is added to your workspace.

Azure Sentinel Overview

Security Analytics

Learn here more with Microsoft Azure Monitor analytics queries

Here you can play with Azure Log Analytics 😉

Here you can collect all your Security Cases

Azure Sentinel Build-In Dashboard Solutions

Azure AD Audit Logs

 

Linux Machines Security

When you have your Azure Sentinel Solutions in place with alerting rules and telemetry and analytics is coming to your workspace, Hunting is the next Threat management tool :

Azure sentinel Hunting

Working with Tags and Collaborate with Teammates

Launch Investigations and Bookmark

Working with Azure Notebooks for Azure Sentinel

Welcome to the Azure Sentinel repository! This repository contains out of the box detections, exploration queries, hunting queries, dashboards and playbooks to help you get ramped up with Azure Sentinel and provide you security content to secure your environment and hunt for threats. You can also submit any issues or feature requests as you onboard to Azure Sentinel. For questions and feedback, please contact AzureSentinel@microsoft.com

Azure Sentinel Notebooks on GitHub

 

Get started from here to Configure your Azure Sentinel Environment

Choose your Data Collections for Azure Sentinel Security

Lot of Choice already Build-in for you.

From here you can make your own Azure Sentinel Analytics Alert Rules.

Alert Rules

Create Alert rules with the right mappings, triggers, and scheduling, response automation.

Add your own playbooks for your Security

Unlock the power of AI for security with Machine Learning

Machine Learning in Azure Sentinel is built-in right from the beginning. We have thoughtfully designed the system with ML innovations aimed to make security analysts, security data scientists and engineers productive. One such innovation is Azure Sentinel Fusion built especially to reduce alert fatigue.

Building your Full Screen Dashboard for Monitoring

More information about Azure Sentinel Intelligent Security :

Start here free with Azure Sentinel Preview

Microsoft azure Sentinel Docs

Microsoft Azure Sentinel on GitHub

Join Microsoft Azure Monitor & Security for Hybrid IT Community

 


Leave a comment

Optimize Security and Compliancy with #Azure Security Center #ASC #Cloud #GDPR

Microsoft Azure Security Center

When you have your Hybrid Cloud Enterprise Design ready in a Microsoft HUB-Spoke model and your Security in place, you can do your optimize on your Azure workloads and keep up-to-date for your compliancy. Microsoft Azure Security Center can support you in Security and Compliancy (GDPR). Here you see my former blogposts about Microsoft Azure HUB-Spoke model architecture and Security by design :

  1. Microsoft Azure Hub-Spoke model by Enterprise Design 1 of 4
  2. Microsoft Azure Policy and BluePrints Overview (Extra Blogpost)
  3. Microsoft Azure Hub-Spoke model by Enterprise Design 2 of 4 “Lift and Shift”
  4. Microsoft Azure Hub-Spoke model by Enterprise Design 3 of 4 Data Migration
  5. Managing and Working with Azure Network Security Groups (NSG) 

Security in software is always on the move and changing in this world, when you think you are ready something has changed already. That’s why I love Microsoft Azure Security Center to keep you posted and giving you advise on Security but also on Compliancy.

From here you see a high-level overview of these new possibilities in Microsoft Azure Security Center :

Security Center Overview

Microsoft Azure Security Center is working with the following navigation menu’s on the left :

  • General
  • Policy & Compliance
  • Resource Security Hygiene
  • Advanced Cloud Defense
  • Threat Protection
  • Automation & Orchestration

Microsoft Azure Secure Score Dashboard

Microsoft Azure Security Center is working with Overall Secure Score. In my Test LAB we have some work to do 😉
The Azure secure score reviews your security recommendations and prioritizes them for you, so you know which recommendations to perform first. This helps you find the most serious security vulnerabilities so you can prioritize investigation. Secure score is a tool that helps you assess your workload security posture.
Improve your secure score in Azure Security Center

Azure Security Center Recommendations

Microsoft Azure Security Center gives you advise to make your Security Score higher and you can improve immediately.

Open Subnet without NSG.

From here you can Enable a Network Security Group (NSG) on the Subnet and make your network more secure.

Creating NSG from Azure Security Center.

A subnet with NSG.

Azure Security Center Advise on Disk Encryption

  1. Description on Applying Disk Encryption on your Virtual Machines
  2. General Information, with Impact and Implementation Cost.
  3. Threats, what can happen when you don’t implement the security.
  4. Remediation Steps from Microsoft Azure Security Center
    Like this : Managing security recommendations in Azure Security Center

Security Center – Regulatory Compliance

I really like this feature in Azure Security Policy & Compliancy to help the business with GDPR and keep your Data Save by Security.

PCI DSS 3.2

ISO 27001

So now you can work on your Security and Compliance

SOC TSP

Here you find more information about Microsoft Azure Security Center

Microsoft Azure Security Center Playbooks

Integrate security solutions in Azure Security Center

 

Conclusion :

Security is a on-going process 24 hours -365 days to monitor, analyze, and prevent security issues. Working on Compliancy for your Business and making your own Security policies is important. Microsoft Azure Security Center can support you in this journey. When you Optimize your Azure workloads or make new solutions in Azure, keep it secure with Microsoft Azure Security Center.


Leave a comment

Creating VM Cluster on Azure #Cloud with Terraform #IaC #Azure #Terraform #Linux #Winserv

Type az and you should see this Azure CLI

Type Terraform and you should see the terraform commands

 

Install and configure Terraform to provision VMs and other infrastructure into Azure

Before you begin with Terraform and deploying your solution to Microsoft Azure you have to install Azure CLI and Terraform for your OS.

In the following step-by-step guide we will deploy a VM Cluster with Terraform into Microsoft Azure Cloud Services.

First we open Powershell in Administrator mode :

You should have your Terraform script ready.

It’s great to edit your Terraform script in Visual Studio Code

Create a Terraform configuration file
In this section, you create a file that contains resource definitions for your infrastructure.
Create a new file named main.tf.
Copy following sample resource definitions into the newly created main.tf file:


resource “azurerm_resource_group” “test” {
name = “acctestrg”
location = “West US 2”
}

resource “azurerm_virtual_network” “test” {
name = “acctvn”
address_space = [“10.0.0.0/16”]
location = “${azurerm_resource_group.test.location}”
resource_group_name = “${azurerm_resource_group.test.name}”
}

resource “azurerm_subnet” “test” {
name = “acctsub”
resource_group_name = “${azurerm_resource_group.test.name}”
virtual_network_name = “${azurerm_virtual_network.test.name}”
address_prefix = “10.0.2.0/24”
}

resource “azurerm_public_ip” “test” {
name = “publicIPForLB”
location = “${azurerm_resource_group.test.location}”
resource_group_name = “${azurerm_resource_group.test.name}”
public_ip_address_allocation = “static”
}

resource “azurerm_lb” “test” {
name = “loadBalancer”
location = “${azurerm_resource_group.test.location}”
resource_group_name = “${azurerm_resource_group.test.name}”

frontend_ip_configuration {
name = “publicIPAddress”
public_ip_address_id = “${azurerm_public_ip.test.id}”
}
}

resource “azurerm_lb_backend_address_pool” “test” {
resource_group_name = “${azurerm_resource_group.test.name}”
loadbalancer_id = “${azurerm_lb.test.id}”
name = “BackEndAddressPool”
}

resource “azurerm_network_interface” “test” {
count = 2
name = “acctni${count.index}”
location = “${azurerm_resource_group.test.location}”
resource_group_name = “${azurerm_resource_group.test.name}”

ip_configuration {
name = “testConfiguration”
subnet_id = “${azurerm_subnet.test.id}”
private_ip_address_allocation = “dynamic”
load_balancer_backend_address_pools_ids = [“${azurerm_lb_backend_address_pool.test.id}”]
}
}

resource “azurerm_managed_disk” “test” {
count = 2
name = “datadisk_existing_${count.index}”
location = “${azurerm_resource_group.test.location}”
resource_group_name = “${azurerm_resource_group.test.name}”
storage_account_type = “Standard_LRS”
create_option = “Empty”
disk_size_gb = “1023”
}

resource “azurerm_availability_set” “avset” {
name = “avset”
location = “${azurerm_resource_group.test.location}”
resource_group_name = “${azurerm_resource_group.test.name}”
platform_fault_domain_count = 2
platform_update_domain_count = 2
managed = true
}

resource “azurerm_virtual_machine” “test” {
count = 2
name = “acctvm${count.index}”
location = “${azurerm_resource_group.test.location}”
availability_set_id = “${azurerm_availability_set.avset.id}”
resource_group_name = “${azurerm_resource_group.test.name}”
network_interface_ids = [“${element(azurerm_network_interface.test.*.id, count.index)}”]
vm_size = “Standard_DS1_v2”

# Uncomment this line to delete the OS disk automatically when deleting the VM
# delete_os_disk_on_termination = true

# Uncomment this line to delete the data disks automatically when deleting the VM
# delete_data_disks_on_termination = true

storage_image_reference {
publisher = “Canonical”
offer = “UbuntuServer”
sku = “16.04-LTS”
version = “latest”
}

storage_os_disk {
name = “myosdisk${count.index}”
caching = “ReadWrite”
create_option = “FromImage”
managed_disk_type = “Standard_LRS”
}

# Optional data disks
storage_data_disk {
name = “datadisk_new_${count.index}”
managed_disk_type = “Standard_LRS”
create_option = “Empty”
lun = 0
disk_size_gb = “1023”
}

storage_data_disk {
name = “${element(azurerm_managed_disk.test.*.name, count.index)}”
managed_disk_id = “${element(azurerm_managed_disk.test.*.id, count.index)}”
create_option = “Attach”
lun = 1
disk_size_gb = “${element(azurerm_managed_disk.test.*.disk_size_gb, count.index)}”
}

os_profile {
computer_name = “hostname”
admin_username = “testadmin”
admin_password = “Password1234!”
}

os_profile_linux_config {
disable_password_authentication = false
}

tags {
environment = “staging”
}
}


Type : terraform init

You should see this screen.

Type : az login

We now logging into Microsoft Azure subscription.

https://microsoft.com/devicelogin

Insert the code from your Powershell screen.

Now we have the Terraform INIT running and we are connected to our Azure Subscription 😉

Type : terraform plan

It will refreshing the state and getting ready for deployment.

Type : terraform apply

and then type : yes <enter>

Terraform is now creating the azure resources

Azure resource group acctestrg is made

Terraform deployment VM Cluster on Azure is Ready 😉

Azure VM Cluster is running.

When you want to remove the complete Azure VM Cluster with terraform, it’s really easy :

Type : terraform destroy

and then type : yes <enter>

Azure resources are being deleted via terraform script

Terraform destroyed the Azure VM Cluster


All Azure Resources of the VM Cluster are removed.

Hope this step-by-step guide deploying infrastructure as Code with terraform will help you with your own Cloud solutions in Microsoft azure.

Ps. don’t forget to install Visual Studio Code Azure Terraform extension and play !

#MVPbuzz