Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management


Leave a comment

Azure Arc Security remediation on Azure Stack HCI Cluster #Azure #Security #ASC #AzureStackHCI

Azure ARC Services

Microsoft Azure Arc enables you to manage your entire environment, with a single pane of glass, by projecting your existing resources into Azure Resource Manager. You can now manage virtual machines, Kubernetes clusters, and databases as if they are running in Azure. Regardless of where they live, you can use familiar Azure services and management capabilities. Azure Arc enables you to continue using traditional ITOps, while introducing DevOps practices to support new cloud native patterns in your environment.

IT Management with Azure ARC

With Microsoft Windows Admin Center I Build a Microsoft Azure Stack HCI Cluster and the Nodes are connected with Azure Arc Services. In the following steps you will see a security feature of Microsoft Azure Arc Services with remediation of the Risks on the Azure Stack HCI Cluster On-premises.

Azure Arc Security Remediation

Here you see the Azure Arc Servers with Azure Stack HCI

On Skywalker01 Node we have two Security Risks

When you click on the risk, you see the description and the remediation steps to solve this risk issue. Here you can also see the remediation script:

Automatic Remediation Script. 

Select the Azure workspace ID and when you don’t have one you can Create new Workspace in Azure.
Select the resource, in my case Skywalker01
Click on remediate resource.

Remediation in progress

The Microsoft Azure Monitor Agent extension in Azure Arc is successfully installed.

Done.

I did the same for Skywalker02 Azure Stack HCI Cluster Node.

The Next Medium Risk is a Vulnerability assessment on the Azure Stack HCI Cluster nodes. Just follow the steps of the wizard.

Azure Arc Security Vulnerability Assessment with Azure Defender

Click on remediate.

This one will use Qualys in Azure Defender.

Click on remediate resource.

The vulnerability scanner included with Azure Security Center is powered by Qualys. Qualys’ scanner is one of the leading tools for real-time identification of vulnerabilities. It’s only available with Azure Defender for servers. You don’t need a Qualys license or even a Qualys account – everything’s handled seamlessly inside Security Center.

Here you find more information about Azure Defender’s integrated vulnerability assessment solution for Azure and hybrid machines

Azure Arc Insights Monitor

Azure Arc Insights of the Azure Stack HCI Cluster Node

Because we have installed the Microsoft Azure Monitor extension in Azure Arc on this Azure Stack HCI Node Server, telemetry and analytics will do his job for Monitoring in Azure and data will be collected. In Azure maps you see the connectivity of the Server.

 

Here you can see the Fired Alerts by severity and Investigate 🙂

You can monitor the Traffic

Here you find more information about Insights and Maps for your Servers

Conclusion

Here you see the power of Hybrid IT management via Microsoft Azure Arc services and get Azure Cloud services for your On-premises Servers. You have the Free Microsoft Windows Admin Center Tool and integration with Azure Arc for all the innovative tools like Azure Monitor, Azure Security Center, Azure Defender, Update management and more. I hope you see the benefits too, Get started Today !

JOIN the Microsoft Azure Monitor & Security for Hybrid IT Community

 


Leave a comment

Start your DevOps pipeline in the Azure Cloud

This blogpost can support your DevOps journey to make your Continuous Integration and Continuous Delivery (CI CD) for companies and or customers.

What is DevOps?

People, Process, and Technology to continually provide value to customers.

While adopting DevOps practices automates and optimizes processes through technology, it all starts with the culture inside the organization—and the people who play a part in it. The challenge of cultivating a DevOps culture requires deep changes in the way people work and collaborate. But when organizations commit to a DevOps culture, they can create the environment for high-performing teams to develop.

My name is James van den Berg and I’m a MVP in Cloud and Datacenter Management on my DevOps journey as an IT Infrastructure Guy managing datacenters on-prem and in the Microsoft Azure Cloud. Today It’s not only a Virtual Machine or a Website to deploy for your customers, it’s much more then that like :

  • Time to market, deploy your solution fast without waiting on dependencies because you automated your process with a CI CD Pipeline.
  • Security and Monitoring to keep you in Controle.
  • Working together with different Teams who are each responsible for a part of the solution.
  • The complete DevOps Pipeline must be Compliant

Here you can start with Azure DevOps on Microsoft Learn platform.

Read More on the Microsoft Tech Community about the step-by-step guide, you will see how easy it can be to Build your own first pipeline!


Leave a comment

Manage Servers On-premises with Microsoft Azure Cloud Services #Azure #Arc #Security #Cloud #AzureMonitor #ASC

Microsoft Azure Arc Servers On-Premises and Azure Cloud Services

Earlier I wrote a blogpost about Microsoft Azure Arc services installation to manage on-premises Servers with Azure Cloud Services, like Azure Monitor and Azure Security Centre from the Cloud.
Here in this post you will see the Newest Microsoft Azure Cloud Services to Manage and Monitor your Servers on-premises with security and compliance included.

Azure Arc Extensions settings of the Server.

Here you can see we have installed the Microsoft Monitoring Agent for Azure Monitor and log analytics, second we have installed the dependency Agent for Windows for
insights, Performance and Service maps. Here you find more information about Virtual machine extension management with Azure Arc for servers (preview)  

After initial deployment of the Azure Arc for servers (preview) Connected Machine agent for Windows or Linux, you may need to reconfigure the agent, upgrade it, or remove it from the computer if it has reached the retirement stage in its lifecycle. You can easily manage these routine maintenance tasks manually or through automation, which reduces both operational error and expenses.

Managing and maintaining the Connected Machine agent

Azure Arc Insights Performance monitor

The Azure Arc Insights Performance monitor is there by default and installed with the following dashboards :

  • CPU Utilization
  • Available Memory
  • Logical disk IOPS
  • Logical disk MB/s
  • Logical disk Latency
  • Max logical disk used %
  • Bytes Sent Rate
  • Bytes Received Rate

Azure Arc Logs Analytics

Of course you can make your own custom Dashboards in the Azure Portal with your own triggers, so in this way you get the same Azure Monitor Innovative Tools for your On-Premises Servers. 😉

Within Microsoft Azure Arc Insights, you can also see a Service Map of the Server

Here is were the dependency agent comes in, you get a service map of the Server and see the communication lines with other resources. In this picture you see Server Yoda01 a Domain Controller of my MVPLAB.
You can see that there are three Clients are logged on the domain controller.

Microsoft Azure Security Center for Azure Arc Servers

 

One of the most powerful and important features of Microsoft Azure Cloud platform is Security! Microsoft Azure Security Center (ASC) is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud – whether they’re in Azure or not – as well as on premises.

Here you see my Azure Arc Servers (On-Premises) in Azure Security Center.

Azure Arc Server in Azure Security Center recommendations Summary

Five security assessments passed the test, but Azure Security assessment has two recommendations one is Medium Risk and one low.

Here you see the Security advise and the Remediation to take action on your Server.

Microsoft Azure Security Center Overview with the Overall Secure Score.

Security controls – Each control is a logical group of related security recommendations, and reflects your vulnerable attack surfaces. A control is a set of security recommendations, with instructions that help you implement those recommendations. Your score only improves when you remediate all of the recommendations for a single resource within a control.

To immediately see how well your organization is securing each individual attack surface, review the scores for each security control.

 Here you find More information about Azure Security Center Secure Score

To get your Azure Arc Servers (On-premises) complaint for the business and security, you can use Microsoft Azure Arc Policies

Azure Arc Policies to meet your Compliance state.

Conclusion

Microsoft is bringing Azure Cloud Power tools everywhere with Azure Arc Services to give you modern tools like Azure Monitor and Azure Security Center to keep you in control, Secure and Compliant for your business. Keep following Microsoft for Hybrid IT Management, because more awesome features are added every day in Microsoft Azure Cloud Services. Let’s start to get your Azure Security Score UP and UP 😉


Leave a comment

Download the Microsoft Azure Migrate E-Book for your Cloud Migration #Azure #Migrate #Cloud

Microsoft Azure Migrate E-Book

Download this e-book to learn about Azure Migrate, Microsoft’s central hub of tools for cloud migration. In this e-book, Microsoft will cover:

  • What is Azure Migrate
  • How Azure Migrate can help your migration journey
  • Running a datacenter discovery and assessment
  • Migrating your infrastructure, applications, and data
  • Additional learning resources

Download the Free Azure Migrate E-Book here

More information about Microsoft Azure Migrate Tools on my Blog :

Microsoft Azure Migrate Assessments in Action VMWare to Cloud


Leave a comment

#Microsoft Build 2020 Virtual Event May 19-20-21 Build your Schedule Now! #MSBuild #MVPBuzz

Microsoft Build 2020

Choose from 48 hours of continuous content to create your own digital event experience. Registration is free and is required to get full, interactive access to the digital event. Here you can register for Microsoft Build 2020 Virtual Event

The Session Catalog is Live ! Build your own Schedule here 

With 30+ Community talks, learning sessions, and skill-building activities exploring Minecraft, MakeCode, Visual Studio, AI, Azure, and more, there is something here for every student and every level of experience!

Check out the full list here or search by keyword to add lessons to your schedule.

Don’t miss this Awesome Event 👍😎🚀


Leave a comment

How to Migrate your VDI Infrastructure to #Azure Windows Virtual Desktop #WVD

Azure Migrate VDI to Windows Virtual Desktop (WVD)

Microsoft Azure Migrate services makes the transition to Azure Cloud services for customers easier to make the right decisions after you did an assessment.

Assessment and migration feature available in Azure Migrate Portal:

  • Servers: Assess on-premises servers and migrate them to Azure virtual machines.
  • Databases: Assess on-premises databases and migrate them to Azure SQL Database or to an Azure SQL Database managed instance.
  • Web applications: Assess on-premises web applications and migrate them to Azure App Service by using the Azure App Service Migration Assistant.
  • Virtual desktops: Assess your on-premises virtual desktop infrastructure (VDI) and migrate it to Windows Virtual Desktop in Azure.
  • Data: Migrate large amounts of data to Azure quickly and cost-effectively using Azure Data Box products.

Lakeside SysTrack assessment tool for VDI

One of the feature is the Assessment and Migration of VDI ( Microsoft RDS, VMware, Citrix ) to Azure Windows Virtual Desktop Cloud infrastructure.
Lakeside Software’s Windows Virtual Desktop Assessment with SysTrack is a cloud hosted data analytics solution that enables IT to capture detailed metrics and data about end user environments. This on-demand tool provides IT with a self service platform to assess and quantify user, application and infrastructure requirements in order to successfully transform a desktop environment. Leveraging this tool, IT can accelerate time to value and ensure that their environments are right-sized to best meet end user requirements.

In the Following Microsoft Mechanics video you see How to migrate Virtual Desktop Infrastructure (VDI) to Azure and Windows Virtual Desktop :

Hope this will help you with your transition to the Microsoft Azure Cloud 👍😎🚀

Windows Virtual Desktop Docs


Leave a comment

Microsoft Azure Monitor Overview #Cloud #Analytics #Hybrid #AzOps #Azure

Microsoft Azure Monitor

Monitor, diagnose, and gain insight into the performance and availability of your applications and services with Azure Monitor. In this video, you’ll learn how to use Azure Monitor to collect, analyze and act on telemetry from your cloud and on-premises environments.

Learn how to create time series charts of platform and resource metrics for visualization and analysis with Azure Monitor. Start in Azure Monitor to view metrics across multiple resources or start directly from individual resource blades. You will also learn how to add metrics charts to dashboards in the Azure portal for real-time monitoring and shared access across teams.

In this video, learn about action rules and how you can use them to configure actions and notifications for multiple alerts at scale across a subscription, resource group, and target resource.

In this video, learn how alerts enable you to proactively identify and address issues before it impacts the users of your system. Alerts are created on performance and availability data and can be associated with user-defined actions and notification mechanisms.

In this video, learn how to use source map support in Azure Monitor Application Insights to improve the diagnosis of client-side JavaScript errors. Source maps can be used to unminify call stacks found on the Application Insights end to end transaction details page.

Here you find more information about Microsoft Azure Monitor:


Microsoft Azure Monitor Documentation 

 

Get Started with Microsoft Azure Monitor

Follow Azure Monitor on Twitter 

Microsoft Azure Monitor & Security for Hybrid IT Community Group on LinkedIn

Keep in control of IT with Microsoft Azure Monitor


Leave a comment

Windows Insiders – WSL 2 – Windows Terminal #WIMVP #WindowsInsiders #Kali #Azure

Windows Insiders Preview Build 19613

If you like to test the new features of Windows 10 and give feedback to the Microsoft product team, then the Windows Insiders Program is the place to Join. Here you can become a Windows Insider

I’m a Windows Insider since 2014 and a Windows Insider MVP since July 2019 and I love the collaboration with the Community and with the Microsoft Product Team to make a better product like Windows 10 together.

On my windows Insiders Build version 19613, I like to have my tools and Apps installed like :

I’m in the Microsoft Windows Insiders FAST Ring, and I want to test everything like Windows 10 operating system but my Tools must also be working on every new Windows Insiders Build.

Installing WSL 2 and Windows Terminal on Windows Insider Build version

Open Powerhell in Administrator modus

dism.exe /online /enable-feature /featurename:Microsoft-WindowsSubsystem-Linux /all /norestart

dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart

When both dism commands are successfully completed, you have to restart your machine.

wsl –set-default-version 2

Now you have set WSL 2 version in the basic, but you have to install a Linux distro where you can find
here in the Microsoft Store

I installed Kali Linux distro from the Microsoft Store.

Enter a New User name and password.

Kali Linux distro is now running on WSL 2 on my Windows Insiders Build.

One of the Cool features in Windows Insiders Build version 19613 is that you can use your File explorer for Kali Linux 😉


Linux in Windows Insider Explorer.

Exploring Kali Linux

And of course updating the Kali Linux distro with

Sudo apt-get update

And at last…….

sudo apt-get upgrade

The Next tool is Windows Terminal (Preview) from the Microsoft Store

Just Click on Get ( in the Microsoft Store)

Click on Launch

This Windows Terminal Preview version on Windows Insiders can run :

  • Command Prompt
  • Powershell
  • Kali Linux distro (WSL 2)
  • Azure CloudShell

From here I can Manage and Install Microsoft Azure Cloud Services with Cloud Shell running on my Windows Insiders Build
for testing all the new features and this goes really easy :

Click next to PowerShell in the pulldown bar on Azure Cloud Shell and copy the Code
into the next URL https://microsoft.com/devicelogin

Enter here your Code from Windows Terminal.

Done you are logged-In Azure via Windows Terminal on Windows Insiders Build.

Azure Cloud Shell in Windows Terminal 😉

Conclusion

The Windows Insiders Program is Awesome to join when you like to test the Newest features of Windows 10 but also the Tools and applications running on the newest Windows Insiders Build version are Cool. When you work with Fast ring releases and Preview versions of tools you can hit a bug, or something is not working. That’s the moment you give feedback in the Windows Insider Feedback HUB to support the Microsoft Windows Insiders Product Team to fix the Bug.

Together we are building for the future of Windows 10 !

Windows Insider Program Feedback Hub.

And as a Windows Insider you can earn Badges for your Support 😉


Leave a comment

Microsoft Azure Resource Graph is a Powerful Tool #Azure #Cloud #AzOps #Kusto #PowerShell

Welcome to Azure Resource Graph

Azure Resource Graph is a service in Azure that is designed to extend Azure Resource Management by providing efficient and performance resource exploration with the ability to query at scale across a given set of subscriptions so that you can effectively govern your environment. Azure Resource Graph enables full visibility into your environments by providing high performance and powerful query capability across all your resources.

From here you can experience the power of Azure Resource Graph by doing it yourself.

Https://shell.azure.com

You can use Microsoft Azure Resource Graph with different language support like :

  • With Azure CLI
  • With PowerShell
  • With Kusto in Azure Resource Graph Explorer

Start here when you like to work with Microsoft Azure CLI

From here we are going further with Azure PowerShell and Azure Resource Graph in CloudShell.
Login to https://shell.azure.com

Type following command : Install-Module -Name Az.ResourceGraph

Type Y

Type the Following Command: Get-Command -Module ‘Az.ResourceGraph’ -CommandType ‘Cmdlet’

From here we can start with Search in Azure Resource Graph

The first step to understanding queries with Azure Resource Graph is a basic understanding of the Query Language. If you aren’t already familiar with Azure Data Explorer, it’s recommended to review the basics to understand how to compose requests for the resources you’re looking for.

Samples


Command : Search-AzGraph -Query ‘Resources | project name, type | limit 5’

Without the Limit 5 you get all of your resources.

Command: Search-AzGraph -Query ‘Resources | project name, type | limit 10 | order by name asc’

Command: Search-AzGraph -Query “Resources | summarize count()”


Command: Search-AzGraph -Query “Resources | project name, location, type| where type =~ ‘Microsoft.Compute/virtualMachines’ | order by name desc”

Command: Search-AzGraph -Query “Resources | where type =~ ‘Microsoft.Compute/virtualMachines’ | project name, properties.storageProfile.osDisk.osType | top 15 by name desc”


Command: Search-AzGraph -Query “Resources | where type contains ‘publicIPAdresses’ and isnotempty(properties.ipAddress) | project properties.ipAddress | limit 100”

Handy to see your External IP Addresses in Azure 😉


Command: Search-AzGraph -Query “Resources | where tags.environment=~’internal’ | project name”

To find tour Tagged Resources in Azure.


Microsoft Azure Resource Graph Explorer in the Portal.

Here you can make your kusto queries and save them for Colleagues by sharing them.

Sharing your Kusto queries

Resources
| where type =~ ‘microsoft.compute/virtualmachines’
| extend nics=array_length(properties.networkProfile.networkInterfaces)
| mv-expand nic=properties.networkProfile.networkInterfaces
| where nics == 1 or nic.properties.primary =~ ‘true’ or isempty(nic)
| project vmId = id, vmName = name, vmSize=tostring(properties.hardwareProfile.vmSize), nicId = tostring(nic.id)
| join kind=leftouter (
Resources
| where type =~ ‘microsoft.network/networkinterfaces’
| extend ipConfigsCount=array_length(properties.ipConfigurations)
| mv-expand ipconfig=properties.ipConfigurations
| where ipConfigsCount == 1 or ipconfig.properties.primary =~ ‘true’
| project nicId = id, publicIpId = tostring(ipconfig.properties.publicIPAddress.id))
on nicId
| project-away nicId1
| summarize by vmId, vmName, vmSize, nicId, publicIpId
| join kind=leftouter (
Resources
| where type =~ ‘microsoft.network/publicipaddresses’
| project publicIpId = id, publicIpAddress = properties.ipAddress)
on publicIpId
| project-away publicIpId1

More information about Microsoft Azure Resource Graph Explorer

Conclusion

When you are the Microsoft Azure Administrator, the Resource Graph Explorer can be really Powerful and fast to get the right information you are looking for. When you invest in the kusto queries your can save them and Share with your Colleagues to serve your business needs. Hope this is useful for you and happy Scripting with Kusto, Powershell or Azure CLI in the Cloud


Leave a comment

#Microsoft Virtual Training Day | NL #Azure #Winserv #Cloud and More!

Microsoft Virtual Training Day | NL this Wednesday March 11th. This day will be full of technical sessions based on our Microsoft Learning Paths.

Explore the tracks

We offer 7 tracks including 5 sessions per track, based on the Learning Paths of Azure Cloud Native, Azure Data, Azure Infra & Ops, Business Applications, Power Platform, Modern Workplace and Surface. On the day itself you can join sessions of different tracks. Please register your sessions here :

http://aka.ms/mvtd