mountainss Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management


Leave a comment

Managing and Working with #Azure Network Security Groups (NSG) #Security #IaC #AzureDevOps

Microsoft Azure Network Security Group (NSG)

When you are implementing your Microsoft Azure Design like a HUB-Spoke model you have to deal with security of your Azure environment (Virtual Datacenter). One of them are Network Security Groups to protect your Virtual networks and make communication between Azure subnets possible in a Secure Azure Virtual Datacenter.

You really have to plan your Azure Virtual networks and implement it by Architectural Design. Now I’m writing about Azure Network Security Groups which is important, but there are more items to deal with like :

  1.  Naming Conventions in your Azure Virtual Datacenter
  2.  Azure Subscriptions ( who is Owner, Contributor, or Reader? )
  3.  Azure Regions ( Where is my Datacenter in the world? )
  4.  Azure VNET and Sub-Nets ( IP-addresses )
  5.  Security of your Virtual Networks ( Traffic filtering, Routing )
  6.  Azure Connectivity ( VNET Peering between Azure Subscriptions, VPN Gateway )
  7.  Permissions (RBAC)
  8.  Azure Policy ( Working with Blue prints )

Here you can read more about these Microsoft Azure items

How to Manage Microsoft Azure Network Security Groups (NSG) ?

IMPORTANT: Before you start with Azure Network Security Groups, test every ARM JSON Script first in your Dev-Test Azure Subscription before you do production. Talk with your Cloud Administrators, because when you implement Infrastructure as Code (IaC) and work with ARM Templates you can delete manual settings in NSG’s for example, which will give you troubles like no protocol communication between subnets.

When you start new in Microsoft Azure, It’s easy to make your Azure security baseline for all of your Network Security Groups (NSG’s) by Azure Resource Manager (ARM) templates.

When you have a Microsoft Azure HUB-Spoke model with for example four Azure Subscriptions and a lot of Azure Virtual Networks – Subnets, you got a lot of NSG’s to manage and you don’t want to manage those manually. So there are different ways to manage Azure Network Security Groups via ARM Templates. For example :

ARM Templates from the Azure Portal

Make your ARM Baseline template.

Edit your parameters and Deploy.

Here you saw a standard Virtual Machine Deployment, but you can add of course all of your Azure Resource Manager templates here including your NSG Base Line template. In this way your deployments are documented ( Scripts).

Another awesome solution is Microsoft Azure DevOps for your Deployments in Azure.

Azure DevOps Services is a cloud service for collaborating on code development. It provides an integrated set of features that you access through your web browser or IDE client. The features are included, as follows:

  • Git repositories for source control of your code
  • Build and release services to support continuous integration and delivery of your apps
  • Agile tools to support planning and tracking your work, code defects, and issues using Kanban and Scrum methods
  • Many tools to test your apps, including manual/exploratory testing, load testing, and continuous testing
  • Highly customizable dashboards for sharing progress and trends
  • Built-in wiki for sharing information with your team

The Azure DevOps ecosystem also provides support for adding extensions and integrating with other popular services, such as: Campfire, Slack, Trello, UserVoice, and more, and developing your own custom extensions.
Choose Azure DevOps Services when you want the following results:

  • Quick set up
  • Maintenance-free operations
  • Easy collaboration across domains
  • Elastic scale
  • Rock-solid security

You’ll also have access to cloud load testing, cloud build servers, and application insights.

Azure DevOps Repo for your Templates

From here you can make your Infrastructure as Code (IaC) Pipelines together with your Cloud Administrator Team 😉

When you have your Azure DevOps Private Repository in place and you like to work with Visual Studio for example, you can connect to your Repo and Check-in your NSG ARM Script but Deploy with Visual Studio to your Azure Virtual Datacenter.

Azure NSG Template Deployment via Visual Studio

Microsoft Visual Studio 2019 Preview is available for download here

Here you can download Microsoft Visual Studio Community Edition

And there is Microsoft Open Source Visual Studio Code

Azure DevOps Repo in Visual Studio Code.

Microsoft Visual Studio Code work with Extensions :

Azure DevOps Repo Extension

Azure DevOps Pipelines Extension

So you see there are enough ways to deploy ARM Templates and this is not all, because you can also use Azure Cloudshell for example or other CLI command-line interfaces. But now we want to set the NSG Baseline for our Azure Subscription. A good start is to see the possibilities in the JSON scripting for Network Security Groups.
Here you find the settings and explanation of Azure Components.

For Microsoft Azure NSG Template :

Azure NSG Baseline Template

To create a Microsoft.Network/networkSecurityGroups resource, add the following JSON to the resources section of your template.
The Microsoft Azure Quick Create Templates on Github can help you to make your own NSG Template for example.

————————————————————————–

“apiVersion”: “2017-06-01”,
“type”: “Microsoft.Network/networkSecurityGroups”,
“name”: “[parameters(‘parkingzoneNSGName’)]”,
“location”: “[parameters(‘location’)]”,
“properties”: {
“securityRules”: [
/* {
“name”: “Allow_RDP_Internet”,
“properties”: {
“description”: “Allow RDP”,
“protocol”: “Tcp”,
“sourcePortRange”: “*”,
“destinationPortRange”: “3389”,
“sourceAddressPrefix”: “Internet”,
“destinationAddressPrefix”: “*”,
“access”: “Allow”,
“priority”: 500,
“direction”: “Inbound”
}, */
{
“name”: “AllowAzureCloudWestEuropeOutBound”,
“properties”: {
“protocol”: “*”,
“sourcePortRange”: “*”,
“destinationPortRange”: “*”,
“sourceAddressPrefix”: “*”,
“destinationAddressPrefix”: “AzureCloud.WestEurope”,
“access”: “Allow”,
“priority”: 999,
“direction”: “Outbound”
}
},
{
“name”: “DenyInternetOutBound”,
“properties”: {
“protocol”: “*”,
“sourcePortRange”: “*”,
“destinationPortRange”: “*”,
“sourceAddressPrefix”: “*”,
“destinationAddressPrefix”: “Internet”,
“access”: “Deny”,
“priority”: 2000,
“direction”: “Outbound”
}
}
]
}
},

————————————————————–

By Default is Internet available in a NSG ! So here you see that Internet is not allowed only the AzureCloud West Europe resources because some Azure SDK Component work via ” Public internet” ( Microsoft IP-Addresses).
(RDP protocol is marked and not set in this example for Security reasons)

Internet by Default Rules, so you must set your security Rules !

Conclusion :

You really have to implement Azure Security by Design, make your Base-line with ARM Templates in a Private Repo for your Azure Network Security Groups with the Correct RBAC Configuration for your Cloud Administrator Team. Don’t make them manually and do settings manually when you have a lot of NSG’s ! Versions of your ARM templates are documented in your Repository 😉
Test Always first in a Dev-Test Azure Subscription or in Azure DevOps with a Test plan before you implement in Production.

 

Advertisements


Leave a comment

Installing #Azure Service Fabric Cluster on Windows Server 2019 Insiders #Containers #Winserv

Microsoft Azure Service Fabric Cluster

Azure Service Fabric is a distributed systems platform that makes it easy to package, deploy, and manage scalable and reliable microservices and containers. Service Fabric also addresses the significant challenges in developing and managing cloud native applications. Developers and administrators can avoid complex infrastructure problems and focus on implementing mission-critical, demanding workloads that are scalable, reliable, and manageable. Service Fabric represents the next-generation platform for building and managing these enterprise-class, tier-1, cloud-scale applications running in containers.

In the following Step-by-Step Guide I created a Standalone Microsoft Azure Service Fabric Cluster
on Windows Server 2019 Insiders Preview for DevOps testing :

First I downloaded the Contents of Service Fabric Standalone package for Windows Server here

Several sample cluster configuration files are installed with the setup package. ClusterConfig.Unsecure.DevCluster.json is the simplest cluster configuration: an unsecure, three-node cluster running on a single computer. Other config files describe single or multi-machine clusters secured with X.509 certificates or Windows security. You don’t need to modify any of the default config settings for this tutorial, but look through the config file and get familiar with the settings.

I made the Unsecure three-node Cluster running on Windows Server 2019 Insiders Preview in my MVPLAB.

 

Open Powershell in Administrator modus and run the Script :

.\CreateServiceFabricCluster.ps1 -ClusterConfigFilePath .\ClusterConfig.Unsecure.DevCluster.json -AcceptEULA

Connect-ServiceFabricCluster

 

Service Fabric Explorer (SFX) is an open-source tool for inspecting and managing Azure Service Fabric clusters. Service Fabric Explorer is a desktop application for Windows, macOS and Linux.

I Installed Azure Service Fabric Explorer to visualize the Cluster.

Here we got Azure Service Fabric 3-Node Cluster running on Windows Server 2019 Insiders

Azure Service Fabric CLI

The Azure Service Fabric command-line interface (CLI) is a command-line utility for interacting with and managing Service Fabric entities. The Service Fabric CLI can be used with either Windows or Linux clusters. The Service Fabric CLI runs on any platform where Python is supported.

Prior to installation, make sure your environment has both Python and pip installed.
The CLI supports Python versions 2.7, 3.5, 3.6, and 3.7. Python 3.x is the recommended version, since Python 2.7 will reach end of support soon.

You can download the latest Python version here

Check the Python version and the Pip version by typing :

python –version
Pip –version

The Pip version which is delivered via Python has to be updated with the following command :

python -m pip install –upgrade pip

We now have pip version 18.0 instead of 10.0.1

Installing Service Fabric CLI by command :

pip install -I sfctl

Done ! Service Fabric CLI is installed on my Windows 10 Surface.

sfctl -h 

Now we have installed Microsoft Azure Service Fabric Cluster on Windows Server 2019 Insiders Preview and the Service Fabric CLI on Windows 10, we now can connect to the 3-node Fabric Cluster via CLI.
Because we are working under Windows 10 and not on the host itself we have to set an endpoint connection :

sfctl cluster select –endpoint http://192.168.2.15:19080

sfctl cluster health

sfctl node list

Microsoft Visual Studio 2017 Enterprise and Service Fabric SDK

As a Developer or DevOps you like to work from Microsoft Visual Studio to deploy your Apps, Microservices or Containers to the Azure Service Fabric Cluster.

You need to install the Service Fabric SDK in Visual Studio before you can deploy :

Select Service Fabric Application at New Project

Visual Studio 2017 Enterprise : Service Fabric SDK must be installed

Installing Microsoft Azure Service Fabric SDK

Done.

Now you can make your Service Fabric Container.

Happy Developing 😉

More information on Microsoft Azure Service Fabric Cluster :

Service Fabric on GitHub

Add or remove nodes to a standalone Service Fabric cluster running on Windows Server :

Scaling your Azure Service Fabric Cluster

More info :

Microsoft Azure Service Fabric documentation

Microsoft Azure Service Fabric Cluster Learning Path


Leave a comment

#Microsoft @shanselman Keynote: The Microsoft #Cloud Platform for Developers #Azure #Code #VisualStudio #DevOps

Just a command line or a click away – you now have the power to tap into dozens of global data centers and enact your will. Publish a website in seconds on Azure App Service, add Machine Learning intelligence with a couple of API calls, connect your internet of things or roll your own web stack from scratch in a VM – the choice is yours. In this demo-packed talk, Scott Hanselman will show you just how easy it for any developer to deliver mind blowing next-generation web applications and services powered by the cloud.

VisualStudio Online

Visual Studio Online Website { Connect();//2015 }


Leave a comment

USE #UserVoice for Feedback to the #Microsoft Developer Teams Make IT BETTER TOGETHER

MSFT UserVoice Feedback

Use Uservoice for getting features into Microsoft Products and give the Developer Teams your feedback.
It’s based on a voting system, the feature or special feedback with the most votes from users around the world will be picked out by the product team 🙂
Here you find some links to Microsoft Product Teams on Uservoice to give your feedback :

Feedback to Azure
MAKE IT BETTER TOGETHER 😉


Leave a comment

Complete #Microsoft Azure Cloud Services Overview #Azure #Cloud #HybridCloud

Microsoft Azure opensource banner

Any developer or IT professional can be productive with Azure. The integrated tools, pre-built templates and managed services make it easier to build and manage enterprise, mobile, Web and Internet of Things (IoT) apps faster, using skills you already have and technologies you already know. Microsoft is also the only vendor positioned as a Leader across Gartner’s Magic Quadrants for Cloud Infrastructure as a Service, Application Platform as a Service, and Cloud Storage Services for the second consecutive year.

Read Gartner’s Magic Quadrant for Cloud Infrastructure as a Service, for Cloud Storage Services and for Enterprise Application Platform as a Service.

Here you will see an Overview of all the possibilities with Microsoft Azure Services for Hybrid and Cloud solutions :

Azure Portal 01

Try Microsoft Azure for Free

Let’s start with all the possibilities with Compute from the Microsoft Azure Cloud :

Azure Portal Compute 01

Microsoft Azure Virtual Machines

You got a lot of choice in Azure what kind of Operating System you want to choose for your Virtual Machine in the Cloud :

Like all kind of Linux Machines :

Linux in Azure

Linux VM’s

Microsoft VM

Microsoft VM’s or choose your Own uploaded images

There is also an OpenSource VM Depot available.

Here you can find an Overview of Microsoft Azure Virtual Machine in the Cloud

 Web and Mobile newWeb and Mobile Services

In today’s world it is all about mobility and Applications. On your work, at School, at Home, and even when you do Sport like biking or running. I think that’s why
Microsoft makes One Platform Windows 10 to get the best experience with Applications on every Device.
Making your own websites is really Easy with Microsoft Azure and is Cool to work with.

Azure Web Mobile 01

Web Apps with SQL or MySQL Databases

Azure Web Mobile 04

PHP,CMS,Blog,Marketing Web Apps are possible

Here you can find more documentation about Azure App Service

App Services

Here you can find more documentation about Azure Web Apps

Here you can find more documentation about Azure Mobile Apps

Here you can find more documentation about Azure Logic Apps

To run all those Web Apps in the Cloud you need Storage and capacity to store your data save in the Cloud with high security policies.
Microsoft Azure has all kind of diffenrent Storage in the Cloud for your data.

Data and Storage

Microsoft Azure Data and Storage

Learn about Azure Storage, and how to create applications using Azure blobs, tables, queues, and files :

Microsoft Azure Storage Documentation

Learn how to use this fully-managed, scalable, NoSQL document database service :

DocumentDBDocumentDB

Microsoft Azure DocumentDB Documentation

Learn how to configure, monitor, and scale your SQL databases in Azure. Documentation, tutorials and more :

Microsoft Azure SQL documentation

High throughput, consistent low-latency data access to build fast, scalable applications :

Microsoft Azure Redis Cache Documentation

Learn how to use StorSimple for primary storage, backups, archive, and disaster recovery :

Microsoft Azure StorSimple Documentation

Search-as-a-service for web and mobile app development :

Microsoft Azure Search Documentation

Learn how to use this fully-managed, scalable, data warehouse service :

Microsoft Azure SQL Data Warehousing documentation

Of course when you have a lot of data, you like to analyze it for the business and make good Reports or Dashboard to
make the right decisions. Microsoft Azure Cloud Services has Data and Analytics :

Data and Analytics

Microsoft Azure Data and Analytics

Learn to create Hadoop clusters, process big data, develop solutions using streaming or historical data, and analyze the results :

Microsoft Azure HDInsight Documentation

Learn how data scientists and developers can embed predictive analytics into applications :

Microsoft Azure Machine Learning Documentation

Learn how to run real-time data analytics and event processing :

Microsoft Azure Stream Analytics Documentation

Learn how to compose data storage, movement, and processing services into streamlined data pipelines :

Microsoft Azure Data Factory Documentation

Learn how to receive telemetry from millions of devices :

Microsoft Events Hub Documentation

Learn how to enable reliable and secure bi-directional communications between millions of IoT devices and applications:

Microsoft Azure Internet of Things (IoT) Hub Documentation

A Hot item is Internet of Things or IoT, connect devices, machines, just things because it’s possible to get data or BIGDATA to work with.

IoT

Microsoft Azure Internet of Things

Get Connected with your Device and read here all the information you need about Internet of Things

To get connected with Microsoft Azure we have Software Defined Networking (SDN) in the Cloud to make your Infrastructure work.

Networking

Microsoft Azure Networking

Learn how to configure and monitor virtual networks in Azure :

Microsoft Azure Virtual Networks Documentation

Learn how ExpressRoute creates private connections between your infrastructure and Azure datacenters :

expressroute-basic

Microsoft Azure ExpressRoute

Microsoft Azure ExpressRoute Documentation

Learn how Traffic Manager distributes user traffic to hosted services within or across data centers :

Microsoft Azure Traffic Manager Documentation

Learn about Azure Load Balancing :

Microsoft Azure Load Balancer Documentation

Learn to configure DNS zones and records :

Microsoft Azure DNS Documentation

Learn about secure cross-premises connectivity between Azure and your infrastructure :

Microsoft Azure VPN Gateway Documentation

Learn to create an Application Gateway :

Microsoft Azure Application Gateway Documentation

Media Services is coming more and more from Cloud Services and is video streaming and watching TV interactive.

Media and CDN

Microsoft Azure Media and CDN

Making Video workflows easy from the Cloud :

Microsoft Azure Media Services Documentation

Improve the performance of your website, media, or mobile service by moving content closer to your end users :

Microsoft Azure CDN Documentation

When you are still working on an On-premises datacenter only, Microsoft makes it’s easy to transform your datacenter into Hybrid Cloud Scenarios.
You can think of a Twin Datacenter for your Core Business Applications, or save your longtime protection data into an Azure Backup Vault.

HybridIntegration

Microsoft Azure Hybrid Integration

Learn how to integrate the enterprise and the cloud with BizTalk Services :

Microsoft Azure BizTalk Services Documentation

Learn about flexible messaging in the cloud :

Microsoft Azure Servicebus Documentation

Learn how to backup your Azure virtual machines, and how to send backup data to Azure for long term retention :

Microsoft Azure Backup Documentation

Learn how to orchestrate protection of physical and virtual machines :

Microsoft Azure Site Recovery Documentation

When you got your Azure Cloud Solution working, you want to manage your Identities to give them secure access to your Azure Solution.

Security and Identity

Microsoft Azure Security and Identity

Learn how to manage identity and access of services and applications :

Microsoft Azure Active Directory Services Documentation

Consumer identity and access management in the cloud :

Microsoft Azure Active Directory B2C

Your domain controller as a service :

Microsoft Azure AD Domain Services Documentation

Learn how to enable added authentication for cloud and on-premises applications :

Microsoft Azure Multi-Factor Authentication Documentation

To make those Microsoft Solutions Available for everyone, you need Developers and Developer Environments.

Developer ServicesMicrosoft Azure Developer Services

Learn how to detect issues, diagnose crashes and track usage of your mobile apps, and web apps hosted anywhere: on Azure or on your own IIS or J2EE servers :

Microsoft Azure VisualStudio Applications Insights Documentation

Developers can also work in the Cloud with Microsoft Visual Studio Online :

VisualStudio Online

Here you find all the information you need for Visual Studio Online for Developers

Cloud Services needs management by ITpro’s or by Developers to keep your Azure Solution Up-to-Date and get your business innovated.

Management

Microsoft Azure Management

You have all kind of Management as you can see in the above picture.

Learn how to collaborate, deliver and scale across the entire DevOps lifecycle :

Microsoft Azure Preview Portal Documentation

Start creating Azure Scheduler jobs and job collections, and using advanced concepts such as history and recurrence :

Microsoft Azure Scheduler Documentation

Learn how to simplify cloud management with process automation :

Microsoft Azure Automation Documentation

Learn how to transform machine data into operational intelligence :

Microsoft Azure Operational Insights Documentation

Learn how to manage cryptographic keys and secrets :

Microsoft Azure Key Vault Documentation

Container Apps

Microsoft Container Apps

 This is a super simple “getting started” experience for deploying single and multi-container Dockerized applications utilizing Azure Resource Manager templates and the new Docker Extension

 Here you see an Example of a Container App from the Marketplace on the Azure Blog

In Microsoft Azure you got also on every item a Marketplace with templates and solutions from Vendors and OpenSource communities.

Marketplace

Microsoft Azure Market Place

Here you go to the Microsoft Azure Marketplace website with almost 3500 products

Azure Marketplace website

For Students you have Microsoft Dreamspark where you can get some of the Microsoft Azure features for students for Free !

 Dreamspark Students

I Hope this Microsoft Azure Overview is helpful for you to make the right decisions for your business, Development or study 🙂
– James van den Berg

MVP System Center Cloud and Datacenter Management.


Leave a comment

#Microsoft Visual Studio Code for Your Platform #Linux #OSx #Windows

Visual Studio Code

Code editing redefined and optimized for building and debugging modern web and cloud applications.
Visual Studio Code is free and available on your favorite platform — Linux, OS X, and Windows.

Download your Visual Studio Code Preview Today

0_8_0_summary VS Code

How to update to the lastest release :

The following shows you how to update to the latest release of Visual Studio Code.

Note: For Mac and Windows users, we have enabled the auto-update channel. If you’re prompted by VS Code, accept the newest update and it will get installed (you won’t need to do anything else to get the latest bits).

Auto-updates are not supported for Linux.

Updating on Linux

  • Download the VS Code zip file: 64-bit or 32-bit.
  • Open the zip and run Code

Updating on OS X

You need to do this only if auto-update did not complete.

  • Download the VS Code zip file from here.
  • Open the zip file and drag Code over to Applications.
  • Launch Code.

Updating on Windows

You need to do this only if auto-update did not complete.

Important: Close any running instances of VS Code before attempting to update (to avoid VS Code not being able to start after you update).

  • Run the installer from here.
  • If you have trouble with the Windows installer, download the VS Code zip file from here.

Common Questions

Q: How do I know which version I’m running?

A: In Linux and Windows, choose Help, About. In OS X, use Code, About Visual Studio Code.

Q: What are the supported operating system versions needed to run Visual Studio Code?

A: See Requirements for the supported OS versions.