Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management


Leave a comment

What’s New in Azure Security Center! #ASC #Security #Azure #SecOps #SIEM

What’s New in Azure Security Center

Security Center is in active development and receives improvements on an ongoing basis. To stay up to date with the most recent developments, this page provides you with information about new features, bug fixes, and deprecated functionality.

November 2020

Updates in November include:

Azure Defender

Microsoft Azure Defender Dashboard

Azure Security Center’s features cover the two broad pillars of cloud security:

  • Cloud security posture management (CSPM) – Security Center is available for free to all Azure users. The free experience includes CSPM features such as secure score, detection of security misconfigurations in your Azure machines, asset inventory, and more. Use these CSPM features to strengthen your hybrid cloud posture and track compliance with the built-in policies.
  • Cloud workload protection (CWP) – Security Center’s integrated cloud workload protection platform (CWPP), Azure Defender, brings advanced, intelligent, protection of your Azure and hybrid resources and workloads. Enabling Azure Defender brings a range of additional security features as described on this page. In addition to the built-in policies, when you’ve enabled any Azure Defender plan, you can add custom policies and initiatives. You can add regulatory standards – such as NIST and Azure CIS – as well as the Azure Security Benchmark for a truly customized view of your compliance.

Here you can read about Microsoft Azure Defender on Docs.

Additional threat protections in Azure Security Center

Microsoft Azure Security Center Team is working hard on additional threat protections for :

  • Threat protection for Azure Network Layer
  • Threat protection for Azure Resource Manager ( Preview)
  • Threat Protection for Azure Cosmos DB ( Preview)
  • Threat Protection for Azure WAF
  • Threat Protection for Azure DDoS Protection

More information about additional Threat protections here on Docs.

What is Azure Sentinel?

Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.

Read here more about Microsoft Azure Sentinel

Who to follow on Social Media for Azure Security Center

On twitter you have to follow Principal Program Manager at Microsoft C+AI Security Yuri Diogenes : @yuridiogenes

On YouTube you can subscribe to Azure Security Center in the Field ( #ascinthefield) YouTube

Microsoft Azure Security Center Website

Microsoft Azure Sentinel Website

On Microsoft Tech Community platform : Become an Azure Security Ninja

On LinkedIn JOIN the Microsoft Azure Monitor & Security for Hybrid IT Community Group

 


Leave a comment

Azure Arc Security remediation on Azure Stack HCI Cluster #Azure #Security #ASC #AzureStackHCI

Azure ARC Services

Microsoft Azure Arc enables you to manage your entire environment, with a single pane of glass, by projecting your existing resources into Azure Resource Manager. You can now manage virtual machines, Kubernetes clusters, and databases as if they are running in Azure. Regardless of where they live, you can use familiar Azure services and management capabilities. Azure Arc enables you to continue using traditional ITOps, while introducing DevOps practices to support new cloud native patterns in your environment.

IT Management with Azure ARC

With Microsoft Windows Admin Center I Build a Microsoft Azure Stack HCI Cluster and the Nodes are connected with Azure Arc Services. In the following steps you will see a security feature of Microsoft Azure Arc Services with remediation of the Risks on the Azure Stack HCI Cluster On-premises.

Azure Arc Security Remediation

Here you see the Azure Arc Servers with Azure Stack HCI

On Skywalker01 Node we have two Security Risks

When you click on the risk, you see the description and the remediation steps to solve this risk issue. Here you can also see the remediation script:

Automatic Remediation Script. 

Select the Azure workspace ID and when you don’t have one you can Create new Workspace in Azure.
Select the resource, in my case Skywalker01
Click on remediate resource.

Remediation in progress

The Microsoft Azure Monitor Agent extension in Azure Arc is successfully installed.

Done.

I did the same for Skywalker02 Azure Stack HCI Cluster Node.

The Next Medium Risk is a Vulnerability assessment on the Azure Stack HCI Cluster nodes. Just follow the steps of the wizard.

Azure Arc Security Vulnerability Assessment with Azure Defender

Click on remediate.

This one will use Qualys in Azure Defender.

Click on remediate resource.

The vulnerability scanner included with Azure Security Center is powered by Qualys. Qualys’ scanner is one of the leading tools for real-time identification of vulnerabilities. It’s only available with Azure Defender for servers. You don’t need a Qualys license or even a Qualys account – everything’s handled seamlessly inside Security Center.

Here you find more information about Azure Defender’s integrated vulnerability assessment solution for Azure and hybrid machines

Azure Arc Insights Monitor

Azure Arc Insights of the Azure Stack HCI Cluster Node

Because we have installed the Microsoft Azure Monitor extension in Azure Arc on this Azure Stack HCI Node Server, telemetry and analytics will do his job for Monitoring in Azure and data will be collected. In Azure maps you see the connectivity of the Server.

 

Here you can see the Fired Alerts by severity and Investigate 🙂

You can monitor the Traffic

Here you find more information about Insights and Maps for your Servers

Conclusion

Here you see the power of Hybrid IT management via Microsoft Azure Arc services and get Azure Cloud services for your On-premises Servers. You have the Free Microsoft Windows Admin Center Tool and integration with Azure Arc for all the innovative tools like Azure Monitor, Azure Security Center, Azure Defender, Update management and more. I hope you see the benefits too, Get started Today !

JOIN the Microsoft Azure Monitor & Security for Hybrid IT Community

 


Leave a comment

Deploying Azure Stack HCI Cluster with Windows Admin Center #WAC #AzureStackHCI #WindowsAdminCenter #Hyperv #AKS

Azure Stack HCI is a Hyper-Converged Infrastructure (HCI) cluster solution that hosts virtualized Windows and Linux workloads and their storage in a hybrid on-premises environment. Azure hybrid services enhance the cluster with capabilities such as cloud-based monitoring, Site Recovery, and VM backups, as well as a central view of all of your Azure Stack HCI deployments in the Azure portal. You can manage the cluster with your existing tools including Windows Admin Center, System Center, and PowerShell.

Azure Stack HCI, version 20H2 is a new operating system now in Public Preview and available for download. It’s intended for on-premises clusters running virtualized workloads, with hybrid-cloud connections built-in. As such, Azure Stack HCI is delivered as an Azure service and billed on an Azure subscription. Azure Stack HCI also now includes the ability to host the Azure Kubernetes Service; for details, see Azure Kubernetes Service on Azure Stack HCI.

Get Started with Azure Stack HCI and Windows Admin Center

Windows Admin Center is a locally deployed, browser-based app for managing Azure Stack HCI. The simplest way to install Windows Admin Center is on a local management PC (desktop mode), although you can also install it on a server (service mode).

If you install Windows Admin Center on a server, tasks that require CredSSP, such as cluster creation and installing updates and extensions, require using an account that’s a member of the Gateway Administrators group on the Windows Admin Center server. For more information, see the first two sections of Configure User Access Control and Permissions.

Before you begin, you have to know that Azure Stack HCI is still in Preview and not for Production usage ready. But I’m installing it in my MVPLAB for testing purpose only and learn all the New Features.

What’s New in Azure Stack HCI

Clusters running Azure Stack HCI, version 20H2 have the following new features as compared to Windows Server 2019-based solutions:

  • New capabilities in Windows Admin Center: With the ability to create and update hyper-converged clusters via an intuitive UI, Azure Stack HCI is easier than ever to use.
  • Stretched clusters for automatic failover: Multi-site clustering with Storage Replica replication and automatic VM failover provides native disaster recovery and business continuity to clusters that use Storage Spaces Direct.
  • Affinity and anti-affinity rules: These can be used similarly to how Azure uses Availability Zones to keep VMs and storage together or apart in clusters with multiple fault domains, such as stretched clusters.
  • Azure portal integration: The Azure portal experience for Azure Stack HCI is designed to view all of your Azure Stack HCI clusters across the globe, with new features in development.
  • GPU acceleration for high-performance workloads: AI/ML applications can benefit from boosting performance with GPUs.
  • BitLocker encryption: You can now use BitLocker to encrypt the contents of data volumes on Azure Stack HCI, helping government and other customers stay compliant with standards such as FIPS 140-2 and HIPAA.
  • Improved Storage Spaces Direct volume repair speed: Repair volumes quickly and seamlessly.

In the Following Step-by-Step guide we install Azure Stack HCI Cluster with Windows Admin Center.

 

Click on Add and then Create New Server Cluster.

Choose for Azure Stack HCI.

Here you can also choose for both Azure Stack HCI nodes are in the same Site or you have more Azure Stack HCI Nodes in Two Sites for disaster Recovery and Business Continuity.
In my MVPLAB I have all Azure Stack HCI nodes in One Site. More information about Microsoft Azure Stack HCI Stretching Clusters can be found here.

Prerequisites before you begin with Windows Admin Center wizard for Creating Azure Stack HCI Cluster.

This is what I like about Windows Admin Center, supporting you in all steps and choices for making an Azure Stack HCI Cluster with Storage Spaces Direct.

 

Specify your administrator Account and password and add the Azure Stack HCI Node Servers

Add the Nodes to the Domain.

Install Required Features on the Azure Stack HCI Node Servers

Install Updates on the Azure Stack HCI Node Servers

Here you get options from your hardware vendor
I don’t get this because it’s virtual.

Restart the Azure Stack HCI Node Servers and Click Next Networking

Networking adapters are UP and Running.

When you have Enough Nics in your Azure Stack HCI Node Server, you can choose here for a Teamed Management NIC.
I choose for a single management NIC.
Plan your Azure Stack HCI Node network

Configure your Production and Storage network

Here you can configure different Switches for your workloads.
Windows Admin Center will work with Software Defined Networking (SDN)
I Skipped this in my MVPLAB.

Before creating the Azure Stack HCI Cluster, we have to Validate the Cluster first.

When the Cluster Validation is done, you can download the Cluster Validation report.

Here we give the Cluster a Name and a static IP.
Click Create Cluster.

Microsoft Azure Stack HCI Cluster is created 😉
Click Next for Storage.

Click Next

I Got some small disks Click Next.

Storage is validated and suitable for Storage Spaces Direct.

Storage Spaces Direct is enabled on your Azure Stack HCI Cluster.
Click Next for SDN

Here you can configure the Network Controller for the Azure Stack HCI Cluster

Done your Azure Stack HCI Cluster is made 🙂

Here we have the Dashboard in Windows Admin Center of my Azure Stack HCI Cluster

Management of your Azure Stack HCI Cluster

Managing your Azure Stack HCI Cluster with Windows Admin Center is important, because I have connected WAC with my Azure Subscription I can use Azure Monitor.
From here the Cluster is also connected with my Analytics workspace of Azure Monitor.

Azure Stack HCI Cluster Nodes connected with Azure Monitor.

With Windows Admin Center you can manage the Azure Stack HCI updates with Cluster Aware Updating (CAU) without any downtime for your workloads.


Start Cluster Aware Updating

Click on Install

One Azure Stack HCI Node is waiting and the other is Installing.

Now the other Azure Stack HCI Node is Installing the Update.

Updates Succeeded on both Azure Stack HCI Nodes.

Microsoft Azure Stack HCI Cluster is Running

Create your Virtual Machine on Azure Stack HCI Cluster.

Conclusion

Windows Admin Center supports you all the way for making your Microsoft Azure Stack HCI Cluster in easy steps deployment wizard. Of course you can make also your own PowerShell deployment scripts when you have to make more Azure Stack HCI Clusters for different platforms like Deploying virtual machines or AKS Kubernetes Clusters for Container Applications or a SQL environment.
Here you find more information about PowerShell commands

After deploying Azure Stack HCI Clusters with your own PowerShell Script, you can add the Cluster into Windows Admin Center for IT Management.
The Installation time of the Cluster is really fast. I hope this will give you more inside information about the Preview of Microsoft Azure Stack HCI Cluster and Windows Admin Center better Together!
Next Step is AKS Kubernetes on Azure Stack HCI 😉

Kubernetes Containers on your Azure Stack HCI


Leave a comment

Start your DevOps pipeline in the Azure Cloud

This blogpost can support your DevOps journey to make your Continuous Integration and Continuous Delivery (CI CD) for companies and or customers.

What is DevOps?

People, Process, and Technology to continually provide value to customers.

While adopting DevOps practices automates and optimizes processes through technology, it all starts with the culture inside the organization—and the people who play a part in it. The challenge of cultivating a DevOps culture requires deep changes in the way people work and collaborate. But when organizations commit to a DevOps culture, they can create the environment for high-performing teams to develop.

My name is James van den Berg and I’m a MVP in Cloud and Datacenter Management on my DevOps journey as an IT Infrastructure Guy managing datacenters on-prem and in the Microsoft Azure Cloud. Today It’s not only a Virtual Machine or a Website to deploy for your customers, it’s much more then that like :

  • Time to market, deploy your solution fast without waiting on dependencies because you automated your process with a CI CD Pipeline.
  • Security and Monitoring to keep you in Controle.
  • Working together with different Teams who are each responsible for a part of the solution.
  • The complete DevOps Pipeline must be Compliant

Here you can start with Azure DevOps on Microsoft Learn platform.

Read More on the Microsoft Tech Community about the step-by-step guide, you will see how easy it can be to Build your own first pipeline!


Leave a comment

JOIN #Microsoft Inspire 2020 Global Event July 21-22 #MSInspire #Azure #AzureStack #Cloud #MVPBuzz #Innovation

Microsoft Inspire 2020 Global Event 🚀

Innovation. Leadership. Partnership.

Now is the time. Join your global partner community for the Microsoft Inspire digital event experience. Register today and get ready to extend your partner network as we explore what’s coming in the year ahead and work together to find shared solutions for our customers. Join Microsoft Inspire 2020 Global Event on July 21-22 Now at no Cost!

You will be Inspired by Microsoft New Technologies and Innovations !


Leave a comment

Manage Servers On-premises with Microsoft Azure Cloud Services #Azure #Arc #Security #Cloud #AzureMonitor #ASC

Microsoft Azure Arc Servers On-Premises and Azure Cloud Services

Earlier I wrote a blogpost about Microsoft Azure Arc services installation to manage on-premises Servers with Azure Cloud Services, like Azure Monitor and Azure Security Centre from the Cloud.
Here in this post you will see the Newest Microsoft Azure Cloud Services to Manage and Monitor your Servers on-premises with security and compliance included.

Azure Arc Extensions settings of the Server.

Here you can see we have installed the Microsoft Monitoring Agent for Azure Monitor and log analytics, second we have installed the dependency Agent for Windows for
insights, Performance and Service maps. Here you find more information about Virtual machine extension management with Azure Arc for servers (preview)  

After initial deployment of the Azure Arc for servers (preview) Connected Machine agent for Windows or Linux, you may need to reconfigure the agent, upgrade it, or remove it from the computer if it has reached the retirement stage in its lifecycle. You can easily manage these routine maintenance tasks manually or through automation, which reduces both operational error and expenses.

Managing and maintaining the Connected Machine agent

Azure Arc Insights Performance monitor

The Azure Arc Insights Performance monitor is there by default and installed with the following dashboards :

  • CPU Utilization
  • Available Memory
  • Logical disk IOPS
  • Logical disk MB/s
  • Logical disk Latency
  • Max logical disk used %
  • Bytes Sent Rate
  • Bytes Received Rate

Azure Arc Logs Analytics

Of course you can make your own custom Dashboards in the Azure Portal with your own triggers, so in this way you get the same Azure Monitor Innovative Tools for your On-Premises Servers. 😉

Within Microsoft Azure Arc Insights, you can also see a Service Map of the Server

Here is were the dependency agent comes in, you get a service map of the Server and see the communication lines with other resources. In this picture you see Server Yoda01 a Domain Controller of my MVPLAB.
You can see that there are three Clients are logged on the domain controller.

Microsoft Azure Security Center for Azure Arc Servers

 

One of the most powerful and important features of Microsoft Azure Cloud platform is Security! Microsoft Azure Security Center (ASC) is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud – whether they’re in Azure or not – as well as on premises.

Here you see my Azure Arc Servers (On-Premises) in Azure Security Center.

Azure Arc Server in Azure Security Center recommendations Summary

Five security assessments passed the test, but Azure Security assessment has two recommendations one is Medium Risk and one low.

Here you see the Security advise and the Remediation to take action on your Server.

Microsoft Azure Security Center Overview with the Overall Secure Score.

Security controls – Each control is a logical group of related security recommendations, and reflects your vulnerable attack surfaces. A control is a set of security recommendations, with instructions that help you implement those recommendations. Your score only improves when you remediate all of the recommendations for a single resource within a control.

To immediately see how well your organization is securing each individual attack surface, review the scores for each security control.

 Here you find More information about Azure Security Center Secure Score

To get your Azure Arc Servers (On-premises) complaint for the business and security, you can use Microsoft Azure Arc Policies

Azure Arc Policies to meet your Compliance state.

Conclusion

Microsoft is bringing Azure Cloud Power tools everywhere with Azure Arc Services to give you modern tools like Azure Monitor and Azure Security Center to keep you in control, Secure and Compliant for your business. Keep following Microsoft for Hybrid IT Management, because more awesome features are added every day in Microsoft Azure Cloud Services. Let’s start to get your Azure Security Score UP and UP 😉


Leave a comment

Download the Microsoft Azure Migrate E-Book for your Cloud Migration #Azure #Migrate #Cloud

Microsoft Azure Migrate E-Book

Download this e-book to learn about Azure Migrate, Microsoft’s central hub of tools for cloud migration. In this e-book, Microsoft will cover:

  • What is Azure Migrate
  • How Azure Migrate can help your migration journey
  • Running a datacenter discovery and assessment
  • Migrating your infrastructure, applications, and data
  • Additional learning resources

Download the Free Azure Migrate E-Book here

More information about Microsoft Azure Migrate Tools on my Blog :

Microsoft Azure Migrate Assessments in Action VMWare to Cloud


Leave a comment

#Microsoft Windows Admin Center and Azure Backup Management #WAC #Azure

Microsoft Windows Admin Center

Microsoft Windows Admin Center is a web based App working in your modern browser like Edge or Chrome to manage your datacenter infrastructure. You can download it here
You can manage Windows Servers, Windows10 Desktops, Clusters, Hyperconverged Clusters, Storage Spaces Direct and more in a Hybrid environment and that’s what I like.
My Servers can be on-premises or in the Cloud like Azure and will manage them with Windows Admin Center.

Download the Windows Admin Center Overview Poster

Here you find all the Microsoft documentation about Windows Admin Center

Windows Admin Center and Azure backup integration

 

When you have Windows Admin Center running you can register with Microsoft Azure first in the settings of Windows Admin Center.

Register to your Azure Subscription, just follow the instructions.

Install Azure Backup Extension at Available extensions.

From here the basic settings are done and we will have a look at my MVP LAB to backup a virtual Server.

Windows Admin Center in Domain MVPLAB.CLOUD

I have selected stormtrooper01.mvplab.cloud Windows Server 2019 and on the left Azure Backup.

You can read here more about Microsoft Azure Backup

Click on setup Azure Backup.

Here you select the Azure Subscription and the Backup Vault
and this will be a system state backup.

Next Step is Backup Schedule and Encryption key.

IMPORTANT: Keep this Encryption key somewhere save !
You need this key for recovery and Microsoft does not have access to that key.

Azure Backup Schedule settings.

When you apply here it will setup the Azure backup agent and your policies.

Backup is scheduled.

Here I did the Backup by hand.

Here you see the backup in the Azure Backup Vault.
Backup done via Windows Admin Center 😉

Here you see a video from Microsoft Mechanics at Ignite with Jeff Woolsey

Follow Windows Admin Center here on Twitter

Don’t forget to give feedback or great ideas !


Leave a comment

Inside Azure Management E-Book Available ! #Azure #MVPBuzz #Management #Cloud

Inside Azure Management

This Inside Azure Management E-Book is a Must Have for All Azure Cloud Administrators! It’s made by Great Microsoft Most Valuable Professionals (MVP’s)
who are working always with Microsoft Azure Cloud Services. You can download this Awesome Inside Azure Management E-Book here.

If you want a hard copy of this Awesome E-Book you can order at Amazon

Here you can find the Authors of the Inside Azure Management E-Book on GitHub.

Thank you Guys for Sharing this with the Community 👍😎🚀