It’s a year full of misery with the Covid-19 virus around the world. People who lose their loved one, It’s a very sad time for all of us! Microsoft technologies are still going on strong with new features in Azure Cloud Services but also supporting the people who are working in the healthcare, data analytics, Microsoft Teams for Collaboration and much more. But what I want to say to all HealthCare people over the world : THANK YOU SO MUCH FOR ALL THE WORK YOU DO 👍
I have deep respect for you all !
Community, Microsoft Product Teams, MVP Lead, WIndows Insiders, I wish you and your family happy holidays and a Healthy 2021 with lot of Success! 🎄😍
Learn about the latest Windows Server features and capabilities—directly from the Microsoft product team. Watch demos and discover best practices to modernize your workloads, whether you’re running Windows Server on-premises, in a hybrid environment, or on Azure.
Microsoft Azure Arc Servers On-Premises and Azure Cloud Services
Earlier I wrote a blogpost about Microsoft Azure Arc services installation to manage on-premises Servers with Azure Cloud Services, like Azure Monitor and Azure Security Centre from the Cloud.
Here in this post you will see the Newest Microsoft Azure Cloud Services to Manage and Monitor your Servers on-premises with security and compliance included.
Azure Arc Extensions settings of the Server.
Here you can see we have installed the Microsoft Monitoring Agent for Azure Monitor and log analytics, second we have installed the dependency Agent for Windows for
insights, Performance and Service maps. Here you find more information about Virtual machine extension management with Azure Arc for servers (preview)
After initial deployment of the Azure Arc for servers (preview) Connected Machine agent for Windows or Linux, you may need to reconfigure the agent, upgrade it, or remove it from the computer if it has reached the retirement stage in its lifecycle. You can easily manage these routine maintenance tasks manually or through automation, which reduces both operational error and expenses.
The Azure Arc Insights Performance monitor is there by default and installed with the following dashboards :
CPU Utilization
Available Memory
Logical disk IOPS
Logical disk MB/s
Logical disk Latency
Max logical disk used %
Bytes Sent Rate
Bytes Received Rate
Azure Arc Logs Analytics
Of course you can make your own custom Dashboards in the Azure Portal with your own triggers, so in this way you get the same Azure Monitor Innovative Tools for your On-Premises Servers. 😉
Within Microsoft Azure Arc Insights, you can also see a Service Map of the Server
Here is were the dependency agent comes in, you get a service map of the Server and see the communication lines with other resources. In this picture you see Server Yoda01 a Domain Controller of my MVPLAB.
You can see that there are three Clients are logged on the domain controller.
Microsoft Azure Security Center for Azure Arc Servers
One of the most powerful and important features of Microsoft Azure Cloud platform is Security! Microsoft Azure Security Center (ASC) is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud – whether they’re in Azure or not – as well as on premises.
Here you see my Azure Arc Servers (On-Premises) in Azure Security Center.
Azure Arc Server in Azure Security Center recommendations Summary
Five security assessments passed the test, but Azure Security assessment has two recommendations one is Medium Risk and one low.
Here you see the Security advise and the Remediation to take action on your Server.
Microsoft Azure Security Center Overview with the Overall Secure Score.
Security controls – Each control is a logical group of related security recommendations, and reflects your vulnerable attack surfaces. A control is a set of security recommendations, with instructions that help you implement those recommendations. Your score only improves when you remediate all of the recommendations for a single resource within a control.
To immediately see how well your organization is securing each individual attack surface, review the scores for each security control.
To get your Azure Arc Servers (On-premises) complaint for the business and security, you can use Microsoft Azure Arc Policies
Azure Arc Policies to meet your Compliance state.
Conclusion
Microsoft is bringing Azure Cloud Power tools everywhere with Azure Arc Services to give you modern tools like Azure Monitor and Azure Security Center to keep you in control, Secure and Compliant for your business. Keep following Microsoft for Hybrid IT Management, because more awesome features are added every day in Microsoft Azure Cloud Services. Let’s start to get your Azure Security Score UP and UP 😉
This Inside Azure Management E-Book is a Must Have for All Azure Cloud Administrators! It’s made by Great Microsoft Most Valuable Professionals (MVP’s)
who are working always with Microsoft Azure Cloud Services.You can download this Awesome Inside Azure Management E-Book here.
This blogpost is about the Microsoft Azure Migrate tool in the Cloud doing Azure Migrate assessments to see if your on-premises Datacenter is ready for Azure Cloud Services. Before you migrate your workloads with Azure Migrate to the Microsoft Azure Cloud, you want to know the costs before the migration and what your options are in the transition. For example when you have hardware in your on-premises Datacenter which is too high qua hardware specs like Memory, CPU and storage and you can do with less Compute power, then the performance assessments are really interesting. From here you see a step-by-step guide for VMWare workload assessment(s) to Azure Cloud.
Azure Migrate preparation for VMware workload
When you search for ‘Azure Migrate’in your Azure Subscription and click on the services you will see the Azure Migrate Overview screen. When you don’t have a Microsoft Azure subscription yet, you can get one here
Click on Assess and Migrate Servers.
Before we go further with the server migration assessments for VMware, there are more Azure Migration tools available to do assessments and migrations like the following goals :
For Databases Microsoft Azure Migrate uses the Data Migration Assistant for the Assessment and the Data migration to Azure SQL Cloud.
The Data Migration Assistant (DMA) helps you upgrade to a modern data platform by detecting compatibility issues that can impact database functionality in your new version of SQL Server or Azure SQL Database. DMA recommends performance and reliability improvements for your target environment and allows you to move your schema, data, and uncontained objects from your source server to your target server.
To identify the right Azure SQL Database / Managed Instance SKU for your on-premises Database you can use the CLI with a Script :
When you have a Virtual Desktop Infrastructure on-premises and you want to migrate to Windows Virtual Desktop (WVD) you can use this Azure Migrate tool :
ISV Lakeside with SysTrack
You can vote for the tools or scenarios that you would like to be integrated with Azure Migrate via this Online form
When you are in the beginning of your Cloud Transition journey, what will go first to the Cloud?
On-premises mail to Microsoft Office 365
File Server Clusters to Office 365 into Teams, Onedrive for Business
From Apps On-premises to SaaS or Paas solutions
From On-premises Websites to Azure Cloud Solutions like Azure Web App.
From SQL Clusters On-Premises to Azure SQL Managed Instances in the Cloud
And at last Migrate Servers to Azure IaaS
Of course there are much more scenarios like Lift and Shift or modernize your workload in the Cloud like moving to Azure Kubernetes Servicesfor example instead of IaaS Virtual Machines.
So when you want to start moving your On-premises Website(s) or WebApp, Microsoft Azure Migrate Services has a tool for that too :
At last when you have to move a big enterprise On-premises Datacenter to the Azure Cloud with a lot of Servers for example 10.000, you can use Azure Data Box Migration The Microsoft Azure Data Box cloud solution lets you send terabytes of data into Azure in a quick, inexpensive, and reliable way. The secure data transfer is accelerated by shipping you a proprietary Data Box storage device. Each storage device has a maximum usable storage capacity of 80 TB and is transported to your datacenter through a regional carrier. The device has a rugged casing to protect and secure data during the transit.
Microsoft Azure Migrate assessment for VMware platform
First we make the Azure Migrate Project ready in the Microsoft Azure Portal.
Select the right Azure Subscription and Resource group to collect the metadata reported by your On-premises environment. Give your Migrate project a name and select the geography.
Here you can select from different Assessment Tools Select Azure Migrate Server Assessment
Here you can select from different Migration Tools Select Azure Migrate Server Migration
Add your Tools in the Azure Portal.
Here you see both Microsoft Azure Migrate tools for the Assessment and the Migration as well.
We are going for the Assessment quick start, so click on discover
From here we select with VMware vShere Hypervisor, so you can download the Azure Migrate Appliance for VMware ( 12GB Ova file).
You can also work with an Import CSV file but that’s Preview.
When you have installed the Microsoft Azure Migrate Virtual Appliance for VMware successfully in your environment and has access to all the Virtual Machines then you can run the setup in the Appliance to make connectivity with your Azure subscription.
This will check all the prerequisites and get the updates.
Getting access to vCenter Server with the right permissions.
Now when your Azure Migrate Virtual Appliance for VMware is ready and collecting metadata, we see in the Microsoft Azure Portal the discovery running :
Discovery is in Progress.
After a view minutes we have discovered the Servers running on VMware platform On-premises.
Discovered Servers
Now we have the Servers in our metadata, we can do the Assessment(s) to get all the information we want for preparing to migrate to Azure Cloud Services. Click on Assess.
From here you give the Assessment a name and then you go to the properties of the assessment by clicking on View All
Here you can set the parameters for the assessment for example based on :
Reserved instances
Storage types
Sizing criterion like Performance-Based
Percentile Utilization
Azure VM series to use
Discount
VM Uptime
Offer pricing like Enterprise Agreement Support or Pay-As-You-Go
Hybrid Benefit offer.
Here I made different Azure Migrate Assessment groups with different parameters to see the difference in Costs.
Here you see for example Migrate As Is On-Premises and Performance-Based, but also an Azure Migrate Assessment without SQL Cluster Nodes. In this way you can make your own Azure Migrate Assessment with all your Servers or just a view Servers of your On-premises solution which you want to Migrate to Azure Cloud Services.
Overview of your Azure Migrate Assessment
Server is ready for migration
Server Ready but with conditions
Microsoft Azure Migrate gives you all the information to make the right decisions to migrate you workload from VMware to Microsoft Azure Cloud. When the Azure Migrate Assessment(s) are ready you can make a CSV export file to check the information before you migrate.
Overview of the Azure Migrate Assessment
Azure Migrate Assessment based on Performance for the VM
and there is a separated tab for Storage.
When your assessment is done, you can do the migration by replicating them to Microsoft Azure.
Microsoft Azure Migrate gives you insight information about your own On-Premises Datacenter by doing assessments to get the right migration information to move to Microsoft Azure Cloud. It gives you Azure Cloud costs before you do any migration at all, based on Total Cost of Owner (TCO) ship you can calculate if your solution in the Microsoft Azure Cloud is cheaper or not. Realize that’s it is not always about the money but also :
Innovations
Time to market
New Features
Flexibility
Scalability
Availability
Not owning hardware anymore
Less management (Hardware)
Hope this blog post helps you by your transition journey to Microsoft Azure Cloud
Microsoft Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.
Collect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds.
Detect previously undetected threats, and minimize false positives using Microsoft’s analytics and unparalleled threat intelligence.
Investigate threats with artificial intelligence, and hunt for suspicious activities at scale, tapping into years of cyber security work at Microsoft.
Respond to incidents rapidly with built-in orchestration and automation of common tasks.
In the following step-by-step guide you get a global overview of Azure Sentinel :
When you have your Azure Sentinel Solutions in place with alerting rules and telemetry and analytics is coming to your workspace, Hunting is the next Threat management tool :
Azure sentinel Hunting
Working with Tags and Collaborate with Teammates
Launch Investigations and Bookmark
Working with Azure Notebooks for Azure Sentinel
Welcome to the Azure Sentinel repository! This repository contains out of the box detections, exploration queries, hunting queries, dashboards and playbooks to help you get ramped up with Azure Sentinel and provide you security content to secure your environment and hunt for threats. You can also submit any issues or feature requests as you onboard to Azure Sentinel. For questions and feedback, please contact AzureSentinel@microsoft.com
Get started from here to Configure your Azure Sentinel Environment
Choose your Data Collections for Azure Sentinel Security
Lot of Choice already Build-in for you.
From here you can make your own Azure Sentinel Analytics Alert Rules.
Alert Rules
Create Alert rules with the right mappings, triggers, and scheduling, response automation.
Add your own playbooks for your Security
Unlock the power of AI for security with Machine Learning
Machine Learning in Azure Sentinel is built-in right from the beginning. We have thoughtfully designed the system with ML innovations aimed to make security analysts, security data scientists and engineers productive. One such innovation is Azure Sentinel Fusion built especially to reduce alert fatigue.
Building your Full Screen Dashboard for Monitoring
More information about Azure Sentinel Intelligent Security :
When you have your Hybrid Cloud Enterprise Design ready in a Microsoft HUB-Spoke model and your Security in place, you can do your optimize on your Azure workloads and keep up-to-date for your compliancy. Microsoft Azure Security Center can support you in Security and Compliancy (GDPR). Here you see my former blogposts about Microsoft Azure HUB-Spoke model architecture and Security by design :
Security in software is always on the move and changing in this world, when you think you are ready something has changed already. That’s why I love Microsoft Azure Security Center to keep you posted and giving you advise on Security but also on Compliancy.
From here you see a high-level overview of these new possibilities in Microsoft Azure Security Center :
Security Center Overview
Microsoft Azure Security Center is working with the following navigation menu’s on the left :
General
Policy & Compliance
Resource Security Hygiene
Advanced Cloud Defense
Threat Protection
Automation & Orchestration
Microsoft Azure Secure Score Dashboard
Microsoft Azure Security Center is working with Overall Secure Score. In my Test LAB we have some work to do 😉
The Azure secure score reviews your security recommendations and prioritizes them for you, so you know which recommendations to perform first. This helps you find the most serious security vulnerabilities so you can prioritize investigation. Secure score is a tool that helps you assess your workload security posture. Improve your secure score in Azure Security Center
Azure Security Center Recommendations
Microsoft Azure Security Center gives you advise to make your Security Score higher and you can improve immediately.
Open Subnet without NSG.
From here you can Enable a Network Security Group (NSG) on the Subnet and make your network more secure.
Creating NSG from Azure Security Center.
A subnet with NSG.
Azure Security Center Advise on Disk Encryption
Description on Applying Disk Encryption on your Virtual Machines
General Information, with Impact and Implementation Cost.
Threats, what can happen when you don’t implement the security.
Security is a on-going process 24 hours -365 days to monitor, analyze, and prevent security issues. Working on Compliancy for your Business and making your own Security policies is important. Microsoft Azure Security Center can support you in this journey. When you Optimize your Azure workloads or make new solutions in Azure, keep it secure with Microsoft Azure Security Center.
Create a Terraform configuration file
In this section, you create a file that contains resource definitions for your infrastructure.
Create a new file named main.tf.
Copy following sample resource definitions into the newly created main.tf file:
resource “azurerm_resource_group” “test” {
name = “acctestrg”
location = “West US 2”
}
Hybrid security – Get a unified view of security across all of your on-premises and cloud workloads. Apply security policies and continuously assess the security of your hybrid cloud workloads to ensure compliance with security standards. Collect, search, and analyze security data from a variety of sources, including firewalls and other partner solutions. Advanced threat detection – Use advanced analytics and the Microsoft Intelligent Security Graph to get an edge over evolving cyber-attacks. Leverage built-in behavioral analytics and machine learning to identify attacks and zero-day exploits. Monitor networks, machines, and cloud services for incoming attacks and post-breach activity. Streamline investigation with interactive tools and contextual threat intelligence. Access and application controls – Block malware and other unwanted applications by applying whitelisting recommendations adapted to your specific workloads and powered by machine learning. Reduce the network attack surface with just-in-time, controlled access to management ports on Azure VMs, drastically reducing exposure to brute force and other network attacks.
To add On-premises Servers
When your workspace is added :
+ Add Computers
Download the right agent for Windows or Linux
When you installed the agent you need the workspace ID and the key to finish the connection.
When your Server doesn’t have a Internet connection you can work with the OMS Gateway.
When you have installed Microsoft Visual Studio Code which is Free and Open Source with Git integration, Debugging and lot of Extensions available,
You activate the Microsoft Azure App Service extension in VSC.
Azure App Service Extension
You can install really easy more Azure Extensions here.
On the Left you will see your Azure Subscription and by pushing the + you will create a new Azure WebApp.
After this it will install your Microsoft Azure Web App in the Cloud in a couple of seconds 🙂
When you open the Azure Portal you will see your App Service plan running.
From here you can configure your Azure Web App for Continues Delivery, and use different tools like VSC, Kudu or Azure App Service Editor.
Azure Web Apps enables you to build and host web applications in the programming language of your choice without managing infrastructure. It offers auto-scaling and high availability, supports both Windows and Linux, and enables automated deployments from GitHub, Visual Studio Team Services, or any Git repo.
And to come back at Microsoft Visual Studio Code, you can manage and Build your Azure Web App from here too :
Azure Web App Services in VSC
Hope this first step by step Guide is useful for you to start with Microsoft Azure Web App and Visual Studio Code to make your Pipeline.
More Information at Visual Studio Code