Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management


Leave a comment

Learn Azure in a Month of Lunches Free E-book #Azure #Cloud #Education

Learn Azure in a Month of Lunches breaks down the most important Azure concepts into bite-sized lessons with exercises and labs—along with project files available in GitHub—to reinforce your skills. Learn how to:
Use core Azure infrastructure and platform services—including how to choose which service for which task.
Plan appropriately for availability, scale, and security while considering cost and performance.
Integrate key technologies, including containers and Kubernetes, artificial intelligence and machine learning, and the Internet of Things.

You can download the Free Learn Azure in a Month of Lunches E-book here


Leave a comment

How to monitor your #Kubernetes clusters – Best Practices Series #AKS #AzureMonitor

Get best practices on how to monitor your Kubernetes clusters from field experts in this episode of the Kubernetes Best Practices Series. In this intermediate level deep dive, you will learn about monitoring and logging in Kubernetes from Dennis Zielke, Technology Solutions Professional in the Global Black Belts Cloud Native Applications team at Microsoft.

Multi-cluster view from Azure Monitor

Azure Monitor provides a multi-cluster view showing the health status of all monitored AKS clusters deployed across resource groups in your subscriptions. It shows AKS clusters discovered that are not monitored by the solution. Immediately you can understand cluster health, and from here you can drill down to the node and controller performance page, or navigate to see performance charts for the cluster. For AKS clusters discovered and identified as unmonitored, you can enable monitoring for that cluster at any time.

Understand AKS cluster performance with Azure Monitor for containers

Container Live Logs provides a real-time view into your Azure Kubernetes Service (AKS) container logs (stdout/stderr) without having to run kubectl commands. When you select this option, new pane appears below the containers performance data table on the Containers view, and it shows live logging generated by the container engine to further assist in troubleshooting issues in real time.
Live logs supports three different methods to control access to the logs:

AKS without Kubernetes RBAC authorization enabled
AKS enabled with Kubernetes RBAC authorization
AKS enabled with Azure Active Directory (AD) SAML based single-sign on

You even can search in the Container Live Logs for Troubleshooting and history.

View Container Live logs with Azure Monitoring for AKS | Kubernetes | Containers 


Leave a comment

Bye Bye 2018 vs Hello 2019 #MVPbuzz #Azure #Cloud #AzureDevOps #Education #Code #Analytics

Happy New Year !

First of all Thank you for following me and Sharing Microsoft Cloud and Datacenter Management content on Social Media 🙂 Sharing & Learning Together is Better. 

Here some work I did for the Community in 2018 :

  •  I wrote 62 Blogposts in 2018 on https://mountainss.wordpress.com and shared them on LinkedIn,
    Twitter, Facebook and Microsoft Tech Community
  • Made a Blogpost Serie about :
    It’s all about your Datacenter transition to the Cloud by Design and by Security.
    Microsoft Azure Hub-Spoke model by Enterprise Design

  • Started Azure DevOps Community Group on LinkedIn
  • Together with Community Groups :  Microsoft Azure Monitor and Security for Hybrid IT and
    Containers in the Cloud

    @Jamesvandenberg
  • Welcome 577 New Followers on Twitter of the 5904 Followers 🙂
    More then 2.807.000 Tweet impressions in One year !
  • Started with Friday is MVPbuzz Day for Education to get Azure Cloud in the Classroom, working together with Teachers and Students in my Free time.
  • Working with Microsoft Learn in Teams for the Students.
  • Meetings and Speaking for Education, all about Azure and AzureStack Technologies.
  • Conferences, like the Global MVP Summit 2018, DevOps Amsterdam, Community Group meetings.
    Microsoft Ignite, Microsoft Build, Microsoft Connect events.
  • Almost every week Microsoft Product Group Intervention (PGI) sessions Online.
  • Sharing the News every Day via Twitter, Facebook, LinkedIn, Microsoft Tech Community, Blog

But what is coming in 2019 ?

Rocking with Azure in the Classroom !

I will continue every day sharing knowledge with the Community and continue my Free work on MVPbuzz Friday for Education to get Azure Cloud Technology in the Classroom for Teachers and Students.
The trend I see for 2019 is more Infrastructure and Security by Code with Microsoft Azure DevOps
and of course you have to be in Control with Microsoft Azure Monitor

I will write a blogpost in January 2019 about Microsoft Azure Hub-Spoke model by Enterprise Design 4 of 4 : Optimize your Azure Workload.

More Items in 2019 to come :

  • Microsoft Azure Security Center for Hybrid IT
  • Windows Server 2019 in combination with Azure Cloud Services.
  • More on Containers in the Cloud
  • Azure Stack and ASDK
  • Integration with Azure Cloud.
  • API Management
  • Azure DevOps Pipelines and Collabration
  • Azure IoT for Smart Cities and Buildings combined with AI Technology

2019 will be a Great year again with New Microsoft Technologies and Features for your business.


Leave a comment

#Microsoft #AzureDevOps – Azure Pipelines, #Azure Boards + GitHub with @AbelSquidHead #LoECDA

Azure DevOps for CI/CD

Azure DevOps Services is a cloud service for collaborating on code development. It provides an integrated set of features that you access through your web browser or IDE client. The features are included, as follows:

  • Git repositories for source control of your code
  • Build and release services to support continuous integration and delivery of your apps
  • Agile tools to support planning and tracking your work, code defects, and issues using Kanban and Scrum methods
  • Many tools to test your apps, including manual/exploratory testing, load testing, and continuous testing
  • Highly customizable dashboards for sharing progress and trends
  • Built-in wiki for sharing information with your team

The Azure DevOps ecosystem also provides support for adding extensions and integrating with other popular services, such as: Campfire, Slack, Trello, UserVoice, and more, and developing your own custom extensions.

Start your CI/CD Pipelines Today with Azure DevOps

More information about Microsoft Azure DevOps :

Microsoft Azure DevOps Docs

Azure DevOps Community Group on LinkedIn

Azure DevOps PODCAST

and stay up-to-date on Azure DevOps via Twitter :

The #LoECDA Team

@AzureDevOps

@DonovanBrown

@AbelSquidHead

@jldeen

@damovisa

@StevenMurawski


Leave a comment

View Container Live logs with #Azure Monitoring #AKS #Kubernetes #Containers #AzureDevOps

Monitoring Azure Kubernetes Cluster

Azure Monitor for containers is a feature designed to monitor the performance of container workloads deployed to either Azure Container Instances or managed Kubernetes clusters hosted on Azure Kubernetes Service (AKS). Monitoring your containers is critical, especially when you’re running a production cluster, at scale, with multiple applications.
Azure Monitor for containers gives you performance visibility by collecting memory and processor metrics from controllers, nodes, and containers that are available in Kubernetes through the Metrics API. Container logs are also collected. After you enable monitoring from Kubernetes clusters, these metrics and logs are automatically collected for you through a containerized version of the Log Analytics agent for Linux and stored in your Log Analytics workspace.

Here you find awesome documentation about Understanding AKS cluster performance with Azure Monitor for containers

What I really like is that you now can see the Container Live logs from the Azure portal and see what is going on in the background of a Container 🙂

Activate Azure Kubernetes Container Live Logs

Here you see the Container Live logs

This feature provides a real-time view into your Azure Kubernetes Service (AKS) container logs (stdout/stderr) without having to run kubectl commands. When you select this option, new pane appears below the containers performance data table on the Containers view, and it shows live logging generated by the container engine to further assist in troubleshooting issues in real time.
Live logs supports three different methods to control access to the logs:

  1. AKS without Kubernetes RBAC authorization enabled
  2. AKS enabled with Kubernetes RBAC authorization
  3. AKS enabled with Azure Active Directory (AD) SAML based single-sign on

You even can search in the Container Live Logs for Troubleshooting and history :

Search on ssh

Azure Monitor for containers uses a containerized version of the Log Analytics agent for Linux. After initial deployment, there are routine or optional tasks you may need to perform during its lifecycle.
Because of this agent you can work with Log Analytics in Azure Monitor :

Log Analytics on Containers.

Here you find more on Log Analytics query language

Conclusion :

When you have your production workload running on Azure Kubernetes Clusters, It’s important to monitor to keep you in Control of the solution in Microsoft Azure and watch for improvements like performance for the business. With Container Live logs you can see what is going on in the Containers when you have issues and that’s great for troubleshooting to get your problem solved fast. Get your workload into Azure Containers and make your Azure DevOps CI/CD Pipelines in the Cloud.

Join the LinkedIn Community Groups for :

Containers in the Cloud

Azure DevOps Community

Microsoft Azure Monitor & Security for Hybrid IT


Leave a comment

Managing and Working with #Azure Network Security Groups (NSG) #Security #IaC #AzureDevOps

Microsoft Azure Network Security Group (NSG)

When you are implementing your Microsoft Azure Design like a HUB-Spoke model you have to deal with security of your Azure environment (Virtual Datacenter). One of them are Network Security Groups to protect your Virtual networks and make communication between Azure subnets possible in a Secure Azure Virtual Datacenter.

You really have to plan your Azure Virtual networks and implement it by Architectural Design. Now I’m writing about Azure Network Security Groups which is important, but there are more items to deal with like :

  1.  Naming Conventions in your Azure Virtual Datacenter
  2.  Azure Subscriptions ( who is Owner, Contributor, or Reader? )
  3.  Azure Regions ( Where is my Datacenter in the world? )
  4.  Azure VNET and Sub-Nets ( IP-addresses )
  5.  Security of your Virtual Networks ( Traffic filtering, Routing )
  6.  Azure Connectivity ( VNET Peering between Azure Subscriptions, VPN Gateway )
  7.  Permissions (RBAC)
  8.  Azure Policy ( Working with Blue prints )

Here you can read more about these Microsoft Azure items

How to Manage Microsoft Azure Network Security Groups (NSG) ?

IMPORTANT: Before you start with Azure Network Security Groups, test every ARM JSON Script first in your Dev-Test Azure Subscription before you do production. Talk with your Cloud Administrators, because when you implement Infrastructure as Code (IaC) and work with ARM Templates you can delete manual settings in NSG’s for example, which will give you troubles like no protocol communication between subnets.

When you start new in Microsoft Azure, It’s easy to make your Azure security baseline for all of your Network Security Groups (NSG’s) by Azure Resource Manager (ARM) templates.

When you have a Microsoft Azure HUB-Spoke model with for example four Azure Subscriptions and a lot of Azure Virtual Networks – Subnets, you got a lot of NSG’s to manage and you don’t want to manage those manually. So there are different ways to manage Azure Network Security Groups via ARM Templates. For example :

ARM Templates from the Azure Portal

Make your ARM Baseline template.

Edit your parameters and Deploy.

Here you saw a standard Virtual Machine Deployment, but you can add of course all of your Azure Resource Manager templates here including your NSG Base Line template. In this way your deployments are documented ( Scripts).

Another awesome solution is Microsoft Azure DevOps for your Deployments in Azure.

Azure DevOps Services is a cloud service for collaborating on code development. It provides an integrated set of features that you access through your web browser or IDE client. The features are included, as follows:

  • Git repositories for source control of your code
  • Build and release services to support continuous integration and delivery of your apps
  • Agile tools to support planning and tracking your work, code defects, and issues using Kanban and Scrum methods
  • Many tools to test your apps, including manual/exploratory testing, load testing, and continuous testing
  • Highly customizable dashboards for sharing progress and trends
  • Built-in wiki for sharing information with your team

The Azure DevOps ecosystem also provides support for adding extensions and integrating with other popular services, such as: Campfire, Slack, Trello, UserVoice, and more, and developing your own custom extensions.
Choose Azure DevOps Services when you want the following results:

  • Quick set up
  • Maintenance-free operations
  • Easy collaboration across domains
  • Elastic scale
  • Rock-solid security

You’ll also have access to cloud load testing, cloud build servers, and application insights.

Azure DevOps Repo for your Templates

From here you can make your Infrastructure as Code (IaC) Pipelines together with your Cloud Administrator Team 😉

When you have your Azure DevOps Private Repository in place and you like to work with Visual Studio for example, you can connect to your Repo and Check-in your NSG ARM Script but Deploy with Visual Studio to your Azure Virtual Datacenter.

Azure NSG Template Deployment via Visual Studio

Microsoft Visual Studio 2019 Preview is available for download here

Here you can download Microsoft Visual Studio Community Edition

And there is Microsoft Open Source Visual Studio Code

Azure DevOps Repo in Visual Studio Code.

Microsoft Visual Studio Code work with Extensions :

Azure DevOps Repo Extension

Azure DevOps Pipelines Extension

So you see there are enough ways to deploy ARM Templates and this is not all, because you can also use Azure Cloudshell for example or other CLI command-line interfaces. But now we want to set the NSG Baseline for our Azure Subscription. A good start is to see the possibilities in the JSON scripting for Network Security Groups.
Here you find the settings and explanation of Azure Components.

For Microsoft Azure NSG Template :

Azure NSG Baseline Template

To create a Microsoft.Network/networkSecurityGroups resource, add the following JSON to the resources section of your template.
The Microsoft Azure Quick Create Templates on Github can help you to make your own NSG Template for example.

————————————————————————–

“apiVersion”: “2017-06-01”,
“type”: “Microsoft.Network/networkSecurityGroups”,
“name”: “[parameters(‘parkingzoneNSGName’)]”,
“location”: “[parameters(‘location’)]”,
“properties”: {
“securityRules”: [
/* {
“name”: “Allow_RDP_Internet”,
“properties”: {
“description”: “Allow RDP”,
“protocol”: “Tcp”,
“sourcePortRange”: “*”,
“destinationPortRange”: “3389”,
“sourceAddressPrefix”: “Internet”,
“destinationAddressPrefix”: “*”,
“access”: “Allow”,
“priority”: 500,
“direction”: “Inbound”
}, */
{
“name”: “AllowAzureCloudWestEuropeOutBound”,
“properties”: {
“protocol”: “*”,
“sourcePortRange”: “*”,
“destinationPortRange”: “*”,
“sourceAddressPrefix”: “*”,
“destinationAddressPrefix”: “AzureCloud.WestEurope”,
“access”: “Allow”,
“priority”: 999,
“direction”: “Outbound”
}
},
{
“name”: “DenyInternetOutBound”,
“properties”: {
“protocol”: “*”,
“sourcePortRange”: “*”,
“destinationPortRange”: “*”,
“sourceAddressPrefix”: “*”,
“destinationAddressPrefix”: “Internet”,
“access”: “Deny”,
“priority”: 2000,
“direction”: “Outbound”
}
}
]
}
},

————————————————————–

By Default is Internet available in a NSG ! So here you see that Internet is not allowed only the AzureCloud West Europe resources because some Azure SDK Component work via ” Public internet” ( Microsoft IP-Addresses).
(RDP protocol is marked and not set in this example for Security reasons)

Internet by Default Rules, so you must set your security Rules !

Conclusion :

You really have to implement Azure Security by Design, make your Base-line with ARM Templates in a Private Repo for your Azure Network Security Groups with the Correct RBAC Configuration for your Cloud Administrator Team. Don’t make them manually and do settings manually when you have a lot of NSG’s ! Versions of your ARM templates are documented in your Repository 😉
Test Always first in a Dev-Test Azure Subscription or in Azure DevOps with a Test plan before you implement in Production.

 


Leave a comment

Installation of #AzureDevOps Server 2019 RC1 for your Team Work #DevOps #Winserv

What is Azure DevOps Server?

Collaborative software development tools for the entire team

Previously known as Team Foundation Server (TFS), Azure DevOps Server is a set of collaborative software development tools, hosted on-premises. Azure DevOps Server integrates with your existing IDE or editor, enabling your cross-functional team to work effectively on projects of all sizes.

In the following Step-by-Step Guide we will install Microsoft Azure DevOps Server 2019 RC1

 

Start the Wizard to Configure the Azure DevOps Server

Choose your Deployment Type

Choose your Scenario

Select your language

Here you can choose for your SQL Backend

Click on edit for your Site settings of Azure DevOps

Click on Next to complete

Your Microsoft Azure DevOps Windows Server 2019 RC1 is running for your Team.

Azure DevOps Community Project 😉

Here you can do your settings, like in Azure DevOps.

Azure DevOps Server Administration Console

The installation of Microsoft Azure DevOps Windows Server 2019 RC is straight forward and Great for On-premises when you can’t use Internet.

Here you find more information on Microsoft Docs to get Started Today for your Business

JOIN Azure DevOps Community Group on LinkedIn