mountainss Cloud and Datacenter Management Blog

Microsoft SystemCenter blogsite about virtualization on-premises and Cloud


Leave a comment

#Microsoft Introduction to Windows Admin Center #Winserv #Windows10 #Azure #hyperv #AzureStack

Microsoft is introducing the New Windows Admin Center ( former Project Honolulu )

Last weekend I made my MVPLAB.LOCAL domain with Project Honolulu version 1803 and Windows Server Insider version.

I Made my Domain controller first and later a Cluster with the Windows Server Insider Build version 17639

With Microsoft Windows Admin Center it’s great to manage Windows Server Core version Servers, you got a great GUI interface and you still have a small footprint for your Server OS with Core 🙂

Windows Admin Center is a new, locally-deployed, browser-based management tool set that lets you manage your Windows Servers with no Azure or cloud dependency. Windows Admin Center gives you full control over all aspects of your server infrastructure and is particularly useful for managing servers on private networks that are not connected to the Internet.
Windows Admin Center is the modern evolution of “in-box” management tools, like Server Manager and MMC. It complements System Center and Operations Management Suite – it’s not a replacement.

Architecture

In my MVPLAB.LOCAL I was busy to make a Gateway to Azure for Hybrid Cloud Management :

But with the Microsoft announcement of Windows Admin Center version 1804 yesterday, I will Upgrade my MVPLAB 😉

Download Windows Admin Center here

Advertisements


Leave a comment

Impressions of Microsoft #MSTechSummit in Amsterdam 2018 #MVPbuzz

Microsoft Tech Summit 2018 Amsterdam

It’s Really Awesome to Help Microsoft on the #MSTechSummit in Amsterdam for the community doing Q&A on the Microsoft Experts Center Booth and talking with customers on real scenarios about moving to the Microsoft Azure Cloud. Questions like What are the best practices, and what can I do with Microsoft Azure Stack in my own datacenter. Where can I get more information ? Solving problems for the customer by giving them directions where they can find the solution. Supporting customers with the On-Demand LABS and answering the questions they have, It’s just Great to be a Microsoft MVP Cloud and Datacenter Management and support the Community in this way on the Microsoft Tech Summit 2018 in Amsterdam 🙂

Here you see some impressions of the two days Event :

The Entrance in Amsterdam RAI on the Day before the Event

Getting registered as a Speaker on the Day before the MSTechSummit begins.

The Azure Keynote with Tad Brockway

Impressive Virtual Machine on Azure Cloud Services

Supporting the Community on the Experts Booth doing Q&A

And of course you can meet Great Microsoft employees from Redmond 🙂

On the Picture with Seth Juarez He Likes Machine Learning and AI
and of course working on CH9
 

And on the Picture with Jeff Woolsey from the Microsoft Server Team.
Install Project Honolulu for Remote Management 😉

And YES you can do Clustering on Microsoft Azure !
Have a look at Robert Smit his Blog Site

Meeting MVP mate from Austria Toni Pohl
He is developing cloud solutions with Office365 and Azure

The HUB

A full House for the Break-Out Session Azure Stack with Natalia Mackevicius

She is Director PM Azure Stack

Community Center and Experts Booth
Join the Microsoft Tech Community Today
#MVPbuzz

Microsoft LABS on Demand are Ready to Rock !

Thank you Microsoft and Community for this Awesome Event !
Microsoft Tech Summit 2018 Amsterdam


Leave a comment

AWESOME #Microsoft Azure E-Books for your #Cloud Journey Today #Azure #AzureStack

Download Azure Strategy and Implementation Guide Here

Each organization has a unique journey to the cloud based on its own starting point, its history, its culture, and its goals. This document is designed to meet you wherever you are on that journey and help you build or reinforce a solid foundation around cloud application development and operations, service management, and governance.  An important concept covered in this book is a strategy for identifying and moving specific workloads based on their actual value to the business. Some emerge in a new form infused with cloud design principals that were otherwise not available in the past. Others receive targeted improvements to extend their lifetimes. Still others move as-is, using the “lift and shift” approach that requires minimal change. Because of the unique capabilities of the Microsoft Cloud and the Microsoft Azure platform, workloads that must remain on-premises because of latency or compliance requirements can fully participate in the journey because of the ability for an organization to run Azure services on-premises using Azure Stack. A Great E-book to Start your journey to the Cloud

Download The Developers Guide to Microsoft Azure SE here

Microsoft created The Developer’s Guide to Microsoft Azure to help you on your journey to the cloud, whether you’re just considering making the move or you’ve already decided and are underway. This eBook was written by developers for developers. And it is specifically meant to give you, as a developer, a fundamental knowledge of what Azure is all about, what it offers you and your organization and how to take advantage of it all.

Download the Microsoft Azure Virtual Datacenter E-Book here

This guide is intended for enterprise IT architects and executives. Using the lens of the physical datacenter, the guide discusses an approach to designing secure, trusted virtual datacenters on the Azure platform. Azure Virtual Datacenter is not a specific product or service but rather a way to think about cloud infrastructures. It offers proven practices and guidance to help smooth your migration to the cloud. At the end of this guide, you can learn about the upcoming Virtual Datacenter Automation guidance. This guidance includes a collection of scripts and Azure Resource Manager templates that will help you build an Azure Virtual Datacenter using the trusted extension model.

Download the Microsoft azure Virtual Datacenter Lift and Shift Guide here

This guide is a starting point when considering the migration of existing applications and services. The processes described below are meant to be iterative. By working to identify a first round of candidates for lift and shift, you will build an understanding of what’s required to host and maintain applications in Azure, along with increasing the accuracy of cost estimates. This knowledge will make identifying subsequent candidates much easier. Note that the Azure platform is continuously adding features and services, and costs can change (generally lower) as new capabilities come online. Although applications and services might not be candidates for lift and shift migrations now, they might be in the future, and any iterative review process should take platform changes into account.

May these Awesome Azure E-books help you to build your Cloud Services Today


Leave a comment

Infrastructure as a Service (IaaS) with Microsoft #Azure #Cloud #AzureStack #HybridCloud

Break down video of the essentials needed to plan and implement your solutions on Microsoft Azure IaaS. This 7-minute intro covers compute, virtual machines, containers, networking, storage and management options in Microsoft Azure.

When you transform your datacenter on-premises to Microsoft Azure Cloud Service, these Architecture references can help you
to make the right chooses for your business needs. The Azure Architecture Center contains guidance for building end-to-end solutions on Microsoft Azure. Here you will find reference architectures, best practices, design patterns, scenario guides, and reference implementations.

Start here for your Microsoft Azure Architecture designs

Microsoft Azure Architecture Center

On the left site of this page you can download the complete content of Microsoft Azure Architecture Center into a PDF file 😉
Looks like this :

When your transition and your Architecture is done on Paper you can move save to Microsoft Azure Cloud Services.

Accelerate your digital transformation:
Now is the time to move to Azure and reap the rewards of cloud technology, including the ability to scale up or down quickly, pay only for what you use, and save on compute power. Whether you are deploying new virtual machines, moving a few workloads, or migrating your datacenters as part of your hybrid cloud strategy, the Azure Hybrid Benefit provides big savings as you move to the cloud.

Have a look at the Microsoft Azure Hybrid Use Benefit

Here you find some handy links to Microsoft Azure Cloud Services :

Microsoft Azure Products Technical docs

Microsoft Azure SDK and Tools

Getting started with Microsoft Azure products

Microsoft Azure Resources

Here you find the Whitepaper of Azure Virtual Datacenter Lift and Shift Guide but also an E-book of Azure Virtual Datacenter from the Azure CAT Guidance Team which can help you to start your transition of your datacenter to the Microsoft Azure Cloud.

 

Microsoft Mechanics all Azure

When you have workloads in your on-premises Datacenter which may not run in any public Cloud or via Internet, you can run Microsoft Azure in your Datacenter via Microsoft Azure Stack.

Build modern applications across hybrid cloud environments

Azure Stack is an extension of Azure, bringing the agility and fast-paced innovation of cloud computing to on-premises environments. Only Azure Stack lets you deliver Azure services from your organization’s datacenter, while balancing the right amount of flexibility and control—for truly-consistent hybrid cloud deployments.

Microsoft Azure Stack Overview

Hope this blogpost will help you out with your journey to the Microsoft Azure Cloud.


Leave a comment

#Microsoft Azure Security Center Overview #Cloud #Security #HybridCloud #Azure

Microsoft Azure Security Center provides unified security management and advanced threat protection across hybrid cloud workloads. With Security Center, you can apply security policies across your workloads, limit your exposure to threats, and detect and respond to attacks.

You can select an existing Log Analytics workspace to store data collected by Security Center. To use your existing Log Analytics workspace:
• The workspace must be associated with your selected Azure subscription.
• At a minimum, you must have read permissions to access the workspace.

You can edit the default security policy for each of your Azure subscriptions in Security Center. To modify a security policy, you must be an owner, contributor, or security administrator of the subscription. To configure security policies in Security Center, do the following:
1. Sign in to the Azure portal.
2. On the Security Center dashboard, under General, select Security policy.
3. Select the subscription that you want to enable a security policy for.
4. In the Policy Components section, select Security policy.
This is the default policy that’s assigned by Security Center. You can turn on or off the available security recommendations.
5. When you finish editing, select Save.

Here you find more on Set security policies in Azure Security Center

Some policies need the upgrade Enhanced Security

Contact information for Notifications

Azure Security Center provides unified security management and advanced threat protection for workloads running in Azure, on-premises, and in other clouds. It delivers visibility and control over hybrid cloud workloads, active defenses that reduce your exposure to threats, and intelligent detection to help you keep pace with rapidly evolving cyber attacks.
Pricing tiers
Security Center is offered in two tiers:
The Free tier is automatically enabled on all Azure subscriptions, and provides security policy, continuous security assessment, and actionable security recommendations to help you protect your Azure resources.
The Standard tier extends the capabilities of the Free tier to workloads running in private and other public clouds, providing unified security management and threat protection across your hybrid cloud workloads. The Standard tier also adds advanced threat detection capabilities, which uses built-in behavioral analytics and machine learning to identify attacks and zero-day exploits, access and application controls to reduce exposure to network attacks and malware, and more. The Standard tier is free for the first 60 days. Read here more…….

What are OS Security Configurations?
Azure Security Center monitors security configurations using a set of over 150 recommended rules for hardening the OS, including rules related to firewalls, auditing, password policies, and more. If a machine is found to have a vulnerable configuration, a security recommendation is generated.
Customization of the rules can help organizations to control which configuration options are more appropriate for their environment. This feature enables users to set a customized assessment policy and apply it on all applicable machines in the subscription.

Note
• Currently OS Security Configuration customization is available for Windows Server 2008, 2008R2, 2012, 2012R2 operating systems only.
• The configuration applies to all VMs and computers connected to all workspaces under the selected subscription.
• OS Security Configuration customization is available only on Security Center’s Standard tier.

Download the Baseline configuration JSON file

You can make a Custom Baseline with Visual Studio Code and Upload to Azure

Microsoft Azure Security Center QuickStart :

Configure Security Policy

Managing security recommendations in Azure Security Center

Security health monitoring in Azure Security Center

Managing and responding to security alerts in Azure Security Center

Documentation :

Microsoft Azure Security Center Documentation 

Microsoft Azure Security Center Forum

Planning guide
This guide covers a set of steps and tasks that you can follow to optimize your use of Security Center based on your organization’s security requirements and cloud management model. To take full advantage of Security Center, it is important to understand how different individuals or teams in your organization use the service to meet secure development and operations, monitoring, governance, and incident response needs. The key areas to consider when planning to use Security Center are:

Security Roles and Access Controls
Security Policies and Recommendations
Data Collection and Storage
Ongoing non-Azure resources
Ongoing Security Monitoring
Incident Response

Here you will learn how to plan for each one of those areas and apply those recommendations based on your requirements.

All Events view in Azure Security Center

Upgrade to standard Tier for Hybrid Security

Search with analytics

Queries can be used to search terms, identify trends, analyze patterns, and provide many other insights based on your data.

Have a look and play with Azure Log Analytics.

Getting Started with the Analytics Portal

in this tutorial you will learn to write Azure Log Analytics queries. When completing this tutorial you will know how to:

  • Understand queries’ structure
  • Sort query results
  • Filter query results
  • Specify a time range
  • Select which fields to include in the results
  • Define and use custom fields
  • Aggregate and group results

Getting Started with Queries

Azure Security Center gives you Recommendations

For example to Encrypt your Virtual Machines in Azure with a Link

Integrated Azure security solutions
Security Center makes it easy to enable integrated security solutions in Azure. Benefits include:

Simplified deployment: Security Center offers streamlined provisioning of integrated partner solutions. For solutions like antimalware and vulnerability assessment, Security Center can provision the needed agent on your virtual machines, and for firewall appliances, Security Center can take care of much of the network configuration required.
Integrated detections: Security events from partner solutions are automatically collected, aggregated, and displayed as part of Security Center alerts and incidents. These events also are fused with detections from other sources to provide advanced threat-detection capabilities.
Unified health monitoring and management: Customers can use integrated health events to monitor all partner solutions at a glance. Basic management is available, with easy access to advanced setup by using the partner solution.

More on Integrated Azure Security Solutions

Compute Security Overview

Compute Security and Components view

Networking Security Overview

Storage & Data Security Overview

Identity and Access Overview in Azure Security Center

Application Whitelisting

Just in time virtual machine (VM) access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed.

Attack scenario
Brute force attacks commonly target management ports as a means to gain access to a VM. If successful, an attacker can take control over the VM and establish a foothold into your environment.

One way to reduce exposure to a brute force attack is to limit the amount of time that a port is open. Management ports do not need to be open at all times. They only need to be open while you are connected to the VM, for example to perform management or maintenance tasks. When just in time is enabled, Security Center uses Network Security Group (NSG) rules, which restrict access to management ports so they cannot be targeted by attackers.

More on Just in Time Virtual Machine

Security Alerts

Azure Security Center’s advanced detection capabilities, helps you identify active threats targeting your Microsoft Azure resources and provides you with the insights needed to respond quickly

More on Azure Security Center detection capabilities

Custom Alert Rules

What are custom alert rules in Security Center?

Security Center has a set of predefined security alerts, which are triggered when a threat, or suspicious activity takes place. In some scenarios, you may want to create a custom alert to address specific needs of your environment.

Custom alert rules in Security Center allow you to define new security alerts based on data that is already collected from your environment. You can create queries, and the result of these queries can be used as criteria for the custom rule, and once this criteria is matched, the rule is executed. You can use computers security events, partner’s security solution logs or data ingested using APIs to create your custom queries.

More information about Custom Alert Rules in Azure Security Center

Threat Intelligence

Azure Security Center Playbooks

What is security playbook in Security Center?
Security playbook is a collection of procedures that can be executed from Security Center once a certain playbook is triggered from selected alert. Security playbook can help to automate and orchestrate your response to a specific security alert detected by Security Center. Security Playbooks in Security Center are based on Azure Logic Apps, which means you can use the templates that are provided under the security category in Logic Apps templates, you can modify them based on your needs, or you can create new playbooks using Azure Logic Apps workflow, and using Security Center as your trigger.

More on Azure Security Center Playbook

Hope this Microsoft Azure Security Center Overview will help to make your Hybrid IT more Secure !


Leave a comment

Awesome #Microsoft Azure 101 Cards and Interactive Sites #Azure #Cloud

Microsoft Azure Services 101 Cards

From here you can get the Azure Container Instances Information

Go and see for your self the Microsoft Azure 101 Cards

Microsoft Interactives :

  • Azure Products
  • Cloud Design Patterns
  • Azure Security and Operations Management

Microsoft Azure Security Interactive