mountainss Cloud and Datacenter Management Blog

Microsoft SystemCenter blogsite about virtualization on-premises and Cloud


Leave a comment

Deploying Containers on #Kubernetes Cluster in #Docker for Windows CE and on #Azure AKS

Kubernetes Custer via Docker for Windows CE Edge

Docker CE for Windows is Docker designed to run on Windows 10. It is a native Windows application that provides an easy-to-use development environment for building, shipping, and running dockerized apps. Docker CE for Windows uses Windows-native Hyper-V virtualization and networking and is the fastest and most reliable way to develop Docker apps on Windows. Docker CE for Windows supports running both Linux and Windows Docker containers.
Download Docker for Windows Community Edition Edge here

From Docker for Windows version 18.02 CE Edge includes a standalone Kubernetes server and client, as well as Docker CLI integration. The Kubernetes server runs locally within your Docker instance, is not configurable, and is a single-node cluster.

I’m using Docker for Windows CE version 18.05.0

Now your Single node Kubernetes Cluster is running.

To get the Kubernetes Dashboard you have to install it with Kubectl :

kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

Run kubectl proxy

Keep this running.

Go with your browser to : http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login  and you can skip kubeconfig for now.

You are now in the Kubernetes Dashboard.

Now it’s time to make your first containers (Pods) on Kubernetes.
Click on +CREATE in the upper right corner.

For example code I used a yaml script to deploy Nginx with 3 replicas

Deploying the Nginx Containers (Pods)

Nginx is running on Kubernetes.

With Microsoft Visual Studio Code and the Kubernetes extension you can play with Nginx Containers (pods) locally on your laptop.

When you need more capacity and want to scale-up with more Containers (Pods) for your solution, you can use Microsoft Azure Cloud with Azure Kubernetes Services

Monitor Azure Kubernetes Service (AKS) with container health (Preview) and with Analytics

 

Advertisements


Leave a comment

#Microsoft Build 2018 Sessions and Content Overview #Azure #AzureStack #MSBuild2018

Microsoft Build 2018 – Technology Keynote: Microsoft Azure

With Scott Guthrie @scottgu


Inside Azure Datacenter Architecture

with Mark Russinovich @markrussinovich


Architecting and Building Hybrid Cloud Apps for Azure and Azure Stack.
With Filippo Seracini @pipposera and Ricardo Mendes @rifmendes from the AzureStack Team

Container DevOps in Azure
With Jessica Deen @jldeen and Steven Murawski @stevenmurawski


Best Practices with Azure & Kubernetes

Follow @rimmanehme

Microsoft Azure CosmosDB @ Build 2018 The Catalyst for next Generation Apps


From Zero to Azure with Python & VSC


Secure the intelligent edge with Azure Sphere


Satya Nadella – Vision Keynote

Here you can find all the Microsoft Build 2018 Sessions and content.


Leave a comment

Build a Company in #Azure Video

Content
– The Azure Portal 00:05:00
– Networking in Azure 00:10:12
– Azure Virtual Machines 00:22:16
– Containers and Kubernetes Orchestration 00:50:57
– Directory Services and Azure AD 01:03:39
– DevTest Labs 01:18:23
– Backup and Disaster Recovery 01:29:48
– WebApps 01:37:15
– Automating Social Media 01:55:05
– Bots and Cognitive Service APIs 02:11:44
– Securing the Azure Cloud 02:23:45

Thanks to Daniel baker 😉

Azure Citadel site


Leave a comment

Free E-book Introduction to Windows #Containers #Winserv #Docker #DevOps

With the introduction of container support in Windows Server 2016, we open a world of opportunities
that takes traditional monolithic applications on a journey to modernize them for better agility.
Containers are a stepping stone that can help IT organizations understand what key items in modern
IT environments, such as DevOps, Agile, Scrum, Infrastructure as Code, Continuous Integration, and
Continuous Deployment, to name just a few, can do and how these organizations can adopt all of
these elements and more to their enterprises.
As a result of Microsoft’s strong strategic partnership with Docker—the de facto standard in container
management software—enterprises can minimize the time required to onboard and run Windows Containers.
Docker presents a single API surface and standardizes tooling for working across public
and private container solutions as well as Linux and Windows Container deployments.

Download this awesome Introduction to Windows Containers E-book here

Microsoft Azure Containers in the Cloud


Leave a comment

Docker CE for Windows10 Edge and #Kubernetes Feature Overview #Docker #Containers #DevOps

Docker CE for Windows is Docker designed to run on Windows 10. It is a native Windows application that provides an easy-to-use development environment for building, shipping, and running dockerized apps. Docker CE for Windows uses Windows-native Hyper-V virtualization and networking and is the fastest and most reliable way to develop Docker apps on Windows. Docker CE for Windows supports running both Linux and Windows Docker containers.

You can download Docker CE for Windows (Edge) here

After you installed Docker for Windows CE (Edge) on Windows 10, go to docker Settings for activating the New Feature Kubernetes..

Select Enable Kubernetes.
(I selected also Show system containers (Advanced ) to see more information.)

Click on Install

You can run the installation in the Background if you want.

Here you see the Status of the Kubernetes Cluster.

kubectl config get-context
Docker-for-desktop Kubernetes Cluster is active

You can see the Status in Docker Settings too.

kubectl get services

kubectl get nodes

Kubectl cluster-info

When you run docker images
You will see the Kubernetes images for the Cluster.

When you selected the Advanced feature in Docker settings earlier you can
see the running containers with Docker ps command

With Kitematic you get a GUI console to manage Docker Container Images, from here you can pull Container images from Docker HUB

Download Kitematic here and install.

 

When you installed Kitematic you can see on your left all the Kubernetes Containers and when you select a running Container you can see the active logs.

More settings to Explore.

When you start Powershell in Administrator modus, you can use the kubectl command line interface and with –help you get the information on the Kubernetes commands. Here you find more information with examples at Kubernetes site

With Microsoft Visual Studio Code you can use the Docker for Windows CE Edge Kubernetes Cluster to Develop your Apps.

Intstall the Visual Studio Code Kubernetes Tools extension.

Install Kubernetes-Snippets is handy for Developing

When your Kubernetes local project is successful, you can deploy an Azure Kubernetes Service (AKS) or a Microsoft Azure Container Service to run your project in the Cloud for production.

Azure Container Service (AKS)
Azure Container Service (AKS) manages your hosted Kubernetes environment, making it quick and easy to deploy and manage containerized applications without container orchestration expertise. It also eliminates the burden of ongoing operations and maintenance by provisioning, upgrading, and scaling resources on demand, without taking your applications offline.

Here you find more information on Microsoft Azure Container Services for Kubernetes

Hope this overview helps you with developing apps in Containers with Docker, Kubernetes and Azure.


Leave a comment

#Microsoft Azure Security Center Overview #Cloud #Security #HybridCloud #Azure

Microsoft Azure Security Center provides unified security management and advanced threat protection across hybrid cloud workloads. With Security Center, you can apply security policies across your workloads, limit your exposure to threats, and detect and respond to attacks.

You can select an existing Log Analytics workspace to store data collected by Security Center. To use your existing Log Analytics workspace:
• The workspace must be associated with your selected Azure subscription.
• At a minimum, you must have read permissions to access the workspace.

You can edit the default security policy for each of your Azure subscriptions in Security Center. To modify a security policy, you must be an owner, contributor, or security administrator of the subscription. To configure security policies in Security Center, do the following:
1. Sign in to the Azure portal.
2. On the Security Center dashboard, under General, select Security policy.
3. Select the subscription that you want to enable a security policy for.
4. In the Policy Components section, select Security policy.
This is the default policy that’s assigned by Security Center. You can turn on or off the available security recommendations.
5. When you finish editing, select Save.

Here you find more on Set security policies in Azure Security Center

Some policies need the upgrade Enhanced Security

Contact information for Notifications

Azure Security Center provides unified security management and advanced threat protection for workloads running in Azure, on-premises, and in other clouds. It delivers visibility and control over hybrid cloud workloads, active defenses that reduce your exposure to threats, and intelligent detection to help you keep pace with rapidly evolving cyber attacks.
Pricing tiers
Security Center is offered in two tiers:
The Free tier is automatically enabled on all Azure subscriptions, and provides security policy, continuous security assessment, and actionable security recommendations to help you protect your Azure resources.
The Standard tier extends the capabilities of the Free tier to workloads running in private and other public clouds, providing unified security management and threat protection across your hybrid cloud workloads. The Standard tier also adds advanced threat detection capabilities, which uses built-in behavioral analytics and machine learning to identify attacks and zero-day exploits, access and application controls to reduce exposure to network attacks and malware, and more. The Standard tier is free for the first 60 days. Read here more…….

What are OS Security Configurations?
Azure Security Center monitors security configurations using a set of over 150 recommended rules for hardening the OS, including rules related to firewalls, auditing, password policies, and more. If a machine is found to have a vulnerable configuration, a security recommendation is generated.
Customization of the rules can help organizations to control which configuration options are more appropriate for their environment. This feature enables users to set a customized assessment policy and apply it on all applicable machines in the subscription.

Note
• Currently OS Security Configuration customization is available for Windows Server 2008, 2008R2, 2012, 2012R2 operating systems only.
• The configuration applies to all VMs and computers connected to all workspaces under the selected subscription.
• OS Security Configuration customization is available only on Security Center’s Standard tier.

Download the Baseline configuration JSON file

You can make a Custom Baseline with Visual Studio Code and Upload to Azure

Microsoft Azure Security Center QuickStart :

Configure Security Policy

Managing security recommendations in Azure Security Center

Security health monitoring in Azure Security Center

Managing and responding to security alerts in Azure Security Center

Documentation :

Microsoft Azure Security Center Documentation 

Microsoft Azure Security Center Forum

Planning guide
This guide covers a set of steps and tasks that you can follow to optimize your use of Security Center based on your organization’s security requirements and cloud management model. To take full advantage of Security Center, it is important to understand how different individuals or teams in your organization use the service to meet secure development and operations, monitoring, governance, and incident response needs. The key areas to consider when planning to use Security Center are:

Security Roles and Access Controls
Security Policies and Recommendations
Data Collection and Storage
Ongoing non-Azure resources
Ongoing Security Monitoring
Incident Response

Here you will learn how to plan for each one of those areas and apply those recommendations based on your requirements.

All Events view in Azure Security Center

Upgrade to standard Tier for Hybrid Security

Search with analytics

Queries can be used to search terms, identify trends, analyze patterns, and provide many other insights based on your data.

Have a look and play with Azure Log Analytics.

Getting Started with the Analytics Portal

in this tutorial you will learn to write Azure Log Analytics queries. When completing this tutorial you will know how to:

  • Understand queries’ structure
  • Sort query results
  • Filter query results
  • Specify a time range
  • Select which fields to include in the results
  • Define and use custom fields
  • Aggregate and group results

Getting Started with Queries

Azure Security Center gives you Recommendations

For example to Encrypt your Virtual Machines in Azure with a Link

Integrated Azure security solutions
Security Center makes it easy to enable integrated security solutions in Azure. Benefits include:

Simplified deployment: Security Center offers streamlined provisioning of integrated partner solutions. For solutions like antimalware and vulnerability assessment, Security Center can provision the needed agent on your virtual machines, and for firewall appliances, Security Center can take care of much of the network configuration required.
Integrated detections: Security events from partner solutions are automatically collected, aggregated, and displayed as part of Security Center alerts and incidents. These events also are fused with detections from other sources to provide advanced threat-detection capabilities.
Unified health monitoring and management: Customers can use integrated health events to monitor all partner solutions at a glance. Basic management is available, with easy access to advanced setup by using the partner solution.

More on Integrated Azure Security Solutions

Compute Security Overview

Compute Security and Components view

Networking Security Overview

Storage & Data Security Overview

Identity and Access Overview in Azure Security Center

Application Whitelisting

Just in time virtual machine (VM) access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed.

Attack scenario
Brute force attacks commonly target management ports as a means to gain access to a VM. If successful, an attacker can take control over the VM and establish a foothold into your environment.

One way to reduce exposure to a brute force attack is to limit the amount of time that a port is open. Management ports do not need to be open at all times. They only need to be open while you are connected to the VM, for example to perform management or maintenance tasks. When just in time is enabled, Security Center uses Network Security Group (NSG) rules, which restrict access to management ports so they cannot be targeted by attackers.

More on Just in Time Virtual Machine

Security Alerts

Azure Security Center’s advanced detection capabilities, helps you identify active threats targeting your Microsoft Azure resources and provides you with the insights needed to respond quickly

More on Azure Security Center detection capabilities

Custom Alert Rules

What are custom alert rules in Security Center?

Security Center has a set of predefined security alerts, which are triggered when a threat, or suspicious activity takes place. In some scenarios, you may want to create a custom alert to address specific needs of your environment.

Custom alert rules in Security Center allow you to define new security alerts based on data that is already collected from your environment. You can create queries, and the result of these queries can be used as criteria for the custom rule, and once this criteria is matched, the rule is executed. You can use computers security events, partner’s security solution logs or data ingested using APIs to create your custom queries.

More information about Custom Alert Rules in Azure Security Center

Threat Intelligence

Azure Security Center Playbooks

What is security playbook in Security Center?
Security playbook is a collection of procedures that can be executed from Security Center once a certain playbook is triggered from selected alert. Security playbook can help to automate and orchestrate your response to a specific security alert detected by Security Center. Security Playbooks in Security Center are based on Azure Logic Apps, which means you can use the templates that are provided under the security category in Logic Apps templates, you can modify them based on your needs, or you can create new playbooks using Azure Logic Apps workflow, and using Security Center as your trigger.

More on Azure Security Center Playbook

Hope this Microsoft Azure Security Center Overview will help to make your Hybrid IT more Secure !


Leave a comment

Awesome #Microsoft Azure 101 Cards and Interactive Sites #Azure #Cloud

Microsoft Azure Services 101 Cards

From here you can get the Azure Container Instances Information

Go and see for your self the Microsoft Azure 101 Cards

Microsoft Interactives :

  • Azure Products
  • Cloud Design Patterns
  • Azure Security and Operations Management

Microsoft Azure Security Interactive