mountainss Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management


Leave a comment

#Microsoft Azure Hub-Spoke model by Enterprise Design 1 of 4 #Azure #Cloud

 

Azure Hub-Spoke Architecture

Microsoft Azure Hub-Spoke Architecture

This Enterprise reference architecture shows how to implement a hub-spoke topology in Azure. The hub is a virtual network (VNet) in Azure that acts as a central point of connectivity to your on-premises network. The spokes are VNets that peer with the hub, and can be used to isolate workloads. Traffic flows between the on-premises datacenter and the hub through an ExpressRoute or VPN gateway connection.

We only use the Azure Private peering

For this Hybrid Cloud Strategy we made four Microsoft Azure Subscriptions via the EA Portal :

  1. Azure HUB Subscription for the connectivity via Azure ExpressRoute to On-premises Datacenter.
  2. Azure Spoke 1 for Production workload and Cloud Services
  3. Azure Spoke 2 for Test and Acceptance Cloud Services
  4. Azure Spoke 3 for Future plans

The naming convention rules and restrictions for Azure resources and a baseline set of recommendations for naming conventions. You can use these recommendations as a starting point for your own conventions specific to your needs.

The choice of a name for any resource in Microsoft Azure is important because:

  • It is difficult to change a name later.
  • Names must meet the requirements of their specific resource type.

Consistent naming conventions make resources easier to locate. They can also indicate the role of a resource in a solution.The key to success with naming conventions is establishing and following them across your applications and organizations.

Azure connectivity and RBAC Identity

This tenant is federated with via ADFS and Azure Connect to Office 365. Identity management is provisioned
via Microsoft Identity Manager 2016 (MIM2016). With this already in place, we can Configure Microsoft Azure RBAC in the subscriptions.

Access management for cloud resources is a critical function for any organization that is using the cloud. Role-based access control (RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.

RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access management of resources in Azure.

Business Development

For Business Development we have a separated Active Directory in one forest and also federated via ADFS to Microsoft Office 365. For this environment we build one Azure subscription with a temporary Site-to-Site VPN connection to On-premises datacenter for the “Lift and Shift” migration via Azure-Site-Recovery (ASR)

S2S VPN IKE v2 tunnel with Cisco and Azure.

Azure Virtual Networks

Next step is to build the connections between the Azure HUB Subscription and the Azure Spoke subscription(s) when every Microsoft Azure subscription has It’s own Virtual Network (VNET). This is called VNET peering.

Virtual network peering enables you to seamlessly connect two Azure virtual networks. Once peered, the virtual networks appear as one, for connectivity purposes. The traffic between virtual machines in the peered virtual networks is routed through the Microsoft backbone infrastructure, much like traffic is routed between virtual machines in the same virtual network, through private IP addresses only. Azure supports:

  • VNet peering – connecting VNets within the same Azure region
  • Global VNet peering – connecting VNets across Azure regions

Here you see my step-by-step VNET peering creation from HUB to Spoke 1 :

Go to the VNET of the Azure HUB Subscription. and then to Peerings => Add.

Here you make the connection with Spoke 1 Azure subscription.

For Azure HUB is Peering to Spoke 1 Done.

Now we go to the VNET of Azure Subscription Spoke 1 to make the connection.

Go to VNET => Peerings => Click on Add in the Azure Spoke 1 Subscription

Connect here to the Azure HUB

The VNET Peering between Azure HUB subscription and Spoke 1 is Connected.

In this order you have to make the other VNET Peerings from the Azure HUB subscription to the other Spoke Subscriptions so that the network connectivity between VNETs is working. Because we have the Azure Internet Edge in the HUB for the other subscriptions.

In the Azure Reference Architecture we also do Security by Design in the Cloud with Firewall and Azure Network Security Groups (NSG) and every Azure component get it’s own Tag for Security Groups and Billing – Usage.

Azure Storage

In every Microsoft Azure Subscription (HUB and Spoke ) we created a Storage Account. You can choose for different kind of storage in Microsoft Azure.

Durable and highly available. Redundancy ensures that your data is safe in the event of transient hardware failures. You can also opt to replicate data across datacenters or geographical regions for additional protection from local catastrophe or natural disaster. Data replicated in this way remains highly available in the event of an unexpected outage.
Secure. All data written to Azure Storage is encrypted by the service. Azure Storage provides you with fine-grained control over who has access to your data.
Scalable. Azure Storage is designed to be massively scalable to meet the data storage and performance needs of today’s applications.
Managed. Microsoft Azure handles maintenance and any critical problems for you.
Accessible. Data in Azure Storage is accessible from anywhere in the world over HTTP or HTTPS. Microsoft provides SDKs for Azure Storage in a variety of languages — .NET, Java, Node.js, Python, PHP, Ruby, Go, and others — as well as a mature REST API. Azure Storage supports scripting in Azure PowerShell or Azure CLI. And the Azure portal and Azure Storage Explorer offer easy visual solutions for working with your data.

Azure Storage includes these data services:
Azure Blobs: A massively scalable object store for text and binary data.
Azure Files: Managed file shares for cloud or on-premises deployments.
Azure Queues: A messaging store for reliable messaging between application components.
Azure Tables: A NoSQL store for schemaless storage of structured data.

Creating your Azure Storage accounts by Design.

One of our Architecture Security by Design policy, is to Encrypt all the storage in Azure via Microsoft Azure Key vault.

Deploying Azure IaaS Virtual Machine with ARM Templates

Enterprise organizations with more then ten employees managing IT datacenters are working by process and order to do the job for the business. When they are all using the Azure Portal and deploy Virtual Machines manually you will get a mess and things can go wrong. In Microsoft Azure you have the Azure Resource Manager for deploying  JSON ARM Templates. With these Azure Resource Manager Templates you can automate your workload deployments in Microsoft Azure. For example : We build a JSON template to deploy a Windows Server in the right Azure Subscription in the right Azure Resource Group and with the following extensions to it :

  • Antimalware agent installed
  • Domain joined in the right OU (Active Directory)
  • Azure Log analytics agent installed ( Connected to Azure Monitor and SCOM )
  • Encryption by default.

Using with our Azure naming conventions and Azure policy we always deploy consistent without making mistakes or by wrong typing in the Azure portal. When you write and make your ARM templates for different workloads, you can store them in Azure DevOps Repo ( Repository) and you can connect your private repo to GitHub.

Making ARM templates works really Awesome with Microsoft Visual Studio Code which is opensource and free of charge. You can add your favorite VSC extensions to work with like Azure Resource Manager.

 Our Azure ARM Template to deploy Virtual Machines into Azure HUB-Spoke model with VSC

Azure monitoring and Recovery Service Vault

To manage your Azure Hybrid Cloud environment you have to monitor everything to keep in control of your Virtual Datacenter. And of course you have to plan your business continuity with Azure Recovery Services (Backup) by Design. We made in every Azure Subscription an Azure Recovery Services Vault for making Backups. This is because you don’t want backup traffic over your VNET peering’s. In the Azure HUB subscription we made a second Azure Site Recovery (ASR) Vault for the “Lift & Shift” migration of On-premises Virtual Machines to the landing zone in Azure HUB.

With Microsoft Azure Monitor we use Log Analytics and Service maps and with the same OMS agent on the Virtual Machine, we still can use Microsoft System Center Operation Manager (SCOM) connected to the same agent 🙂

When you have 45 locations, 45.000 students with BYOD and 10.000 Managed workstations, you will monitor 24 x 7 to keep everything running for your Business. Monitoring Express Route with a Backup connection is a must for your Hybrid Virtual Datacenter. Here you have more information about monitoring Express Route Circuit

Monitoring our Express Route

With this all installed in Microsoft Azure by Design, we have the policy Security First !

Microsoft Azure Security Center

Azure Security Center provides unified security management and advanced threat protection across hybrid cloud workloads. With Security Center, you can apply security policies across your workloads, limit your exposure to threats, and detect and respond to attacks.

We are already installing Azure Threat Protection (ATP) for our On-premises Datacenter for Security.

Azure Security Center

We still have a lot to configure in Microsoft Azure to get the Basic Architecture Design in place. When that is done, I will make three more blogposts about this datacenter transformation :

  • “Lift and Shift” migration with ASR for Virtual Machines on Hyper-V and VMware.
  • SQL assessment and Data Migration to Azure
  • Optimize of all Workloads in Microsoft Azure.

Hope this blogpost will help you too with your Datacenter transition to Microsoft Azure Cloud.

Advertisements

Happy Holidays – Merry Christmas and Happy New Year !

Leave a comment


Leave a comment

#Microsoft Azure Log Analytics Query Playground Available #MSOMS #Azure #Analytics #HybridCloud

Azure Log Analytics

You can access Log Analytics through the OMS portal or the Azure portal which run in any browser and provide you with access to configuration settings and multiple tools to analyze and act on collected data. From the portal you can leverage log searches where you construct queries to analyze collected data, dashboards which you can customize with graphical views of your most valuable searches, and solutions which provide additional functionality and analysis tools.

If you have no current monitoring in place for your Azure environment, you should start with Azure Monitor which collects and analyzes monitoring data for your Azure resources. Log Analytics can collect data from Azure Monitor to correlate it with other data and provide additional analysis.
If you want to monitor your on-premises environment or you have existing monitoring using services such as Azure Monitor or System Center Operations Manager, then Log Analytics can add significant value. It can collect data directly from your agents and also from these other tools into a single repository. Analysis tools in Log Analytics such as log searches, views, and solutions work against all collected data providing you with centralized analysis of your entire environment.

Microsoft Azure log analytics is very powerful for Hybrid IT management and getting you in control of your Hybrid Cloud Datacenter(s).

Select Data by type

You can change the chart here

Computers sending Heartbeat with date and time

Here you can export to Excel, PowerBI or Share the Query

Set your Query in a Time range

Here you find Online documentation and Query Reference guide

Start Today with Azure Log Analytics !

To play free with Microsoft Azure Log Analytics and Query on all the solutions there is a Demo environment available.

More links for Microsoft Azure Log Analytics :

Azure Log Analytics Query Language

Azure Log Analytics Query Examples

Azure Log Analytics website

Azure Log Analytics tech Docs Online

Microsoft Azure Management Blog

Microsoft Operations Management Suit (OMS) Blog

Social Media :

Microsoft Azure on Twitter

Microsoft OMS on Facebook #MSOMS

Get started with the Microsoft Azure Log Analytics Query Language today to get you and your Business in Control with innovative Hybrid IT Management.

 

 


Leave a comment

Monitoring Microsoft Azure Cloud Services and On-premises Datacenters #Azure #MSOMS #Cloud

Microsoft Azure Monitor

There are a range of tools for monitoring your Azure environment, from the application code running on Azure to the services and infrastructure hosting your application. These tools work together to offer comprehensive cloud monitoring and include:

  • Azure Monitor – the Azure service that operates as a consolidated pipeline for all monitoring data from Azure services. It gives you access to performance metrics and events that describe the operation of the Azure infrastructure and any Azure services you are using. Azure Monitor is a monitoring data pipeline for your Azure environment, and offers that data directly into Log Analytics as well as 3rd party tools where you can gain insight into that data and combine it with data from on premises or other cloud resources.
  • Application Insights – the Azure service that offers application performance monitoring and user analytics. It monitors the code you’ve written and applications you’ve deployed on Azure, on-premises, or other clouds. By instrumenting your application with the Application Insights SDK you can get access to a range of data including response times of dependencies, exception traces, debugging snapshots, and execution profiles. It provides powerful tools for analyzing this application telemetry while developing and operating your application. It deeply integrates with Visual Studio to enable you to get right to the problem line(s) of code so you can fix it, and offers usage analytics to analyze customer usage of your applications for product managers as well.

Overview of Application Insights for DevOps

  • Log Analytics –  is an Azure service that ingests log and metric data from Azure services (via Azure Monitor), Azure VMs, and on-premises or other cloud infrastructure and offers flexible log search and out-of-the box analytics on top of this data. It provides rich tools to analyze data across sources, allows complex queries across all logs, and can proactively alert on specified conditions. You can even collect custom data into its central repository so you can query and visualize it. You can also take advantage of Log Analytic’s built-in solutions to immediately gain insights into the security and functionality of your infrastructure.

Log Analytics Documentation

Azure Monitor enables you to consume telemetry to gain visibility into the performance and health of your workloads on Azure. The most important type of Azure telemetry data is the metrics (also called performance counters) emitted by most Azure resources. Azure Monitor provides several ways to configure and consume these metrics for monitoring and troubleshooting.

Telemetry data is important

Because telemetry data is sending every minute, you get near to real-time monitoring of your data and/or your IT Solution.

Alerts on Azure Monitor data

Azure Monitor provides several ways to interact with metrics, including charting them in the portal, accessing them through the REST API, or querying them using PowerShell or CLI. Here you find a complete list of all metrics currently available with Azure Monitor’s metric pipeline.

There are three types of alerts off of data available from Azure Monitor — metric alerts, near real-time metric alerts (preview) and Activity Log alerts.

  1. Metric alerts – This alert triggers when the value of a specified metric crosses a threshold that you assign. The alert generates a notification when the alert is “Activated” (when the threshold is crossed and the alert condition is met) as well as when it is “Resolved” (when the threshold is crossed again and the condition is no longer met)
  2. Near real-time metric alerts (preview) – These alerts are similar to metric alerts but differ in a few ways. Firstly, as the name suggests these alerts can trigger in near real-time (as fast as 1 min). They also support monitoring multiple(currently two) metrics. The alert generates a notification when the alert is “Activated” (when the thresholds for each metric are crossed at the same time and the alert condition is met) as well as when it is “Resolved” (when at least one metric crosses the threshold again and the condition is no longer met).
  3. Activity log alerts – A streaming log alert that triggers when an Activity Log event is generated that matches filter criteria that you have assigned. These alerts have only one state, “Activated,” since the alert engine simply applies the filter criteria to any new event. These alerts can be used to become notified when a new Service Health incident occurs or when a user or application performs an operation in your subscription, for example, “Delete virtual machine.”

Alerts overview

 

When you go to the Microsoft Azure Portal and click on the left side on Monitor you can start your Solutions and configure them.

To Gain visibility and control across your hybrid cloud with simplified security and operations management there is Microsoft Operations Management Suite (OMS)

Here you find a lot of Hybrid Solutions to monitor and find the benefits of Cloud management with Log Analytics.

Understanding alerts in Log Analytics :

 

Alerts are created by alert rules that automatically run log searches at regular intervals. If the results of the log search match particular criteria then an alert record is created. The rule can then automatically run one or more actions to proactively notify you of the alert or invoke another process. Different types of alert rules use different logic to perform this analysis.

In addition to creating an alert record in the Log Analytics repository, alerts can take the following actions.

  • Email. Send an email to proactively notify you of a detected issue.
  • Runbook. An alert in Log Analytics can start a runbook in Azure Automation. This is typically done to attempt to correct the detected issue. The runbook can be started in the cloud in the case of an issue in Azure or another cloud, or it could be started on a local agent for an issue on a physical or virtual machine.
  • Webhook. An alert can start a webhook and pass it data from the results of the log search. This allows integration with external services such as an alternate alerting system, or it may attempt to take corrective action for an external web site.

Here you find more on Understanding alerts in Log Analytics

To keep you in Control of monitoring, Microsoft made two Mobile Apps :

Microsoft Operations Management Suite Mobile App

Microsoft OMS on my Phone

And you got the Microsoft Azure Mobile App

For Microsoft Azure Monitoring there are all kind of Solutions in the Marketplace available :

Microsoft Azure Marketplace

Conclusion :

Monitoring your IT Solutions is really important for your Application Life Cycle management to get feedback for improvements and to get Customer satisfaction.
With Microsoft Monitoring from the Cloud with Azure and OMS you get more inside information via telemetry and log analytics to keep you Up-To-Date of
your IT Hybrid Infrastructure. Modern Hybrid Cloud Datacenter(s) need a Modern Secure Monitoring environment to keep yourself and your business in Control all the time in this rapidly fast changing IT World.
Monitoring via the Microsoft Cloud gives you :

  • More Security information, Alerts and Advice to prevent security leaks
  • Application improvements in your Life Cycle management
  • Automation of action plans on Events.
  • The Health of your IT Hybrid Cloud Services
  • Makes troubleshooting much easier with Diagnostics logs
  • Integration with on-premises IT Infrastructures
  • OMS assessments, like Active Directory, SQL, Upgrades, Malware, Security & Audits………… and More
  • Great Dashboards for DevOps, IT Administrators, IT Managers, or for your Customers.

To get More information and benefits about Monitoring and diagnostics for your Design ( Best Practices )

Hope this information is helpful to get you in control of monitoring your Hybrid Cloud Solutions.


Leave a comment

Watch all those Awesome Microsoft #MSIgnite 2017 video sessions #Azure #AzureStack #MSOMS

Empower IT and developer productivity with Microsoft Azure with @scottgu

Microsoft Azure virtual machine infrastructure innovation and automation

Microsoft Azure Stack Development Kit and why it matters

Manage hybrid cloud and transform your workplace with PowerShell and Azure Automation

See here all the Microsoft Ignite 2017 video sessions

Thank you Microsoft and MVP’s for those Awesome sessions at Ignite 2017


Leave a comment

JOIN #Microsoft Ignite 2017 Event and Download the Mobile App #Ignite #Ignite2017 @MS_Ignite

The Microsoft Ignite 2017 App s available

You can download the Microsoft Ignite 2017 App for your Mobile here

Don’t miss this Great Microsoft Ignite 2017 Event in Orlando Florida September 25-29, 2017 and Register for the last passes here

Have a look at the session Catalog and Choose your favorite topics at Microsoft Ignite 2017 here

Have lot’s of Fun and Great sessions to LEARN from with Awesome new Microsoft Technology !
#MVPbuzz

Follow Microsoft Ignite on Twitter => @MS_Ignite


Leave a comment

Inside the #Microsoft Operations Management Suite E-book #MSOMS #Azure by #MVPbuzz #MSFT

Description: This is the updated release (v2.0) of “Inside the Microsoft Operations Management Suite”, an end-to-end deep dive into the full range of Microsoft Operations Management Suite (OMS) features and functionality, complete with downloadable sample scripts.

The chapter list in this edition is shown below:

  • Chapter 1: Introduction and Onboarding
  • Chapter 2: Searching and Presenting OMS Data
  • Chapter 3: Process Automation
  • Chapter 4: Configuration Management
  • Chapter 5: Change & Update Management
  • Chapter 6: Extending OMS Using Log Search
  • Chapter 7: Alert Management
  • Chapter 8: Log Management & Performance Data
  • Chapter 9: Azure & Office 365 Solutions
  • Chapter 10: Service Map & Wire Data
  • Chapter 11: Network Performance Monitor
  • Chapter 12: Other OMS Solutions
  • Chapter 13: Assessment Solutions
  • Chapter 14: Security & Compliance
  • Chapter 15: Protection & Recovery
  • Chapter 16: ITSM Integration
  • Chapter 17: Custom OMS Solutions

Here you can download this Free Awesome Ebook Inside the Microsoft Operations Management Suite Version 2

 

Thank you all for this Great work !