Tag: Azure IaaS

How to Reduce the Costs of your Azure IaaS VMs

How to Reduce the Costs of your Azure IaaS VMs

Azure Infrastructure-as-a-service (IaaS) offers significant benefits over traditional virtualization. With benefits like the possibility to quickly spin up a couple of virtual machine in any Azure region around the world whenever you need it, is pretty powerful. There are a lot more benefits to Azure IaaS virtual machines. However, that’s not part of this blog. This blog post is focused on helping you saving money by reducing the costs when you are using Azure IaaS virtual machines (VM). Some of the tips here will help everyone out there; some tips only apply in specific cases.

Pick the right Azure VM series and the right Azure VM size.

Reduce cost by picking the right Azure VM size

Reduce cost by picking the right Azure VM size

First of all, obviously, you pay more for larger virtual machines. Something I realized by working with a lot of customers is that they take the on-premises VM size and use the equivalent size in Azure. Not realizing that the VM size they had was way to oversized. But since they had the static capacity on-prem, they didn’t’ care. Now when you pay for more capacity in the cloud, the story is different. So make sure you realize that the Azure VM sizes are not oversized. You can still change the size later to a larger virtual machine if needed. And if you are looking at tools like Azure Migrate to migrate your existing VMs to Azure IaaS, you will have some additional advantages. Azure Migrate assess your environment and helps you pick the right Azure VM size depending on performance data history. Azure Migrate works with Hyper-V and VMware virtual machines. If you want to know more about Azure Migrate, check out my blog post. If you are already running the virtual machine in Azure, Azure Advisor can be helpful to figure out that your virtual machine is underutilized. Picking the right size will help you to save money and reduce the cost of Azure IaaS VMs.



Reset RDP and Admin Password Azure VM

How to Reset RDP and Admin Password of an Azure VM

I think we all had that experience where we suddenly couldn’t use Remote Desktop Services (RDP) to access our Windows Server anymore. Luckily, if this happens to an Azure virtual machine (VM), we can use the VMAccess extension to reset the RDP configuration as well as the password of the Azure VM. You can reset the RDP configuration or the Azure virtual machine password using the Azure portal or Azure PowerShell.

Reset the administrator password of an Azure VM 🔓

To reset the password of an Azure VM, you can use the Azure portal or Azure PowerShell. If you take the portal path, log in to the Azure portal, go to the Azure VM, you want to reset the password. Under Support + Troubleshooting, click on Reset Password, and follow to the Reset Password wizard to update the credentials. Note that this is not supported for Active Directory Domain Controllers.

Reset Administrator Password of an Azure VM

Reset Administrator Password of an Azure VM

If you want to use Azure PowerShell, you can run the following commands:

$SubID = "SUBID" 
$RgName = "RESOURCE GROUP NAME" 
$VmName = "VM NAME" 
$Location = "LOCATION"
 
Connect-AzAccount 
Select-AzSubscription -SubscriptionId $SubID 
Set-AzVMAccessExtension -ResourceGroupName $RgName -Location $Location -VMName $VmName -Credential (get-credential) -typeHandlerVersion "2.0" -Name VMAccessAgent

This should help you to reset the password of an Azure Virtual Machine (VM) if you lost access to it. If you want to know more, read the following troubleshooting article on Microsoft Docs.

Reset RDP configuration 👩‍💻

If you can access your Azure Virtual Machine using RDP, you can reset the configuration, and this will enable Remote Desktop service in the VM and create a firewall rule for the default RDP port 3389. To reset the Remote Desktop Service (RDP) configuration, you again login to the Azure portal, select the virtual machine you want to reset the RDP configuration. Under Support + Troubleshooting, click on Reset Password, on the new blade select Reset configuration only, and click on update.

Reset Remote Desktop Services RDP of an Azure VM

Reset Remote Desktop Services RDP of an Azure VM

There is also an Azure PowerShell command available to do this:

$SubID = "SUBSCRIPTION ID" 
$RgName = "RESOURCE GROUP NAME" 
$VmName = "VM NAME" 
$Location = "LOCATION"
 
Connect-AzAccount 
Select-AzSubscription -SubscriptionId $SubID 
Set-AzVMAccessExtension -ResourceGroupName $RgName" -VMName $VmName" -Name "myVMAccess" -Location $Location -typeHandlerVersion "2.0" -ForceRerun

I hope this gives you an overview of how you can Reset your Remote Desktop Service of an Azure Virtual Machine (VM) if you lost access to it. If you want to know more, read the following troubleshooting article on Microsoft Docs. You can also use Azure PowerShell in Cloud Shell.

If you want to know more about how you migrate your virtual machines to Azure, check out my blog post about Azure Migrate.

 



Connect Azure VMs with Windows Admin Center

How to manage Azure VMs with Windows Admin Center

Windows Admin Center is a browser-based management tool to manage your servers, clusters, hyper-converged infrastructure, and Windows 10 PCs. You can deploy it anywhere you want. If you run on-prem, you can install it on a Windows Server running in your infrastructure, or you can also install Windows Admin Center on an Azure virtual machine (VM). In this post, we want to address scenarios where you have deployed Windows Admin Center on-premises, and you want to manage some Azure VMs. In this post, I am going to show you how you can manage Azure VMs with Windows Admin Center (WAC).

If you want to know more about Windows Admin Center in general, check out my blog post.

How to manage Azure IaaS VMs with your on-premises Windows Admin Center gateway

As mentioned before, you can also install a Windows Admin Center server running on Azure IaaS virtual machine, but more on that in another post. In this post, I will cover how you can connect to an Azure VM from your on-prem Windows Admin Center (WAC) installation. There are two ways you can connect from WAC to Azure VMs.

The first one would be using the public IP address of a virtual machine running in Azure. This would mean that you need to open the PowerShell remoting port in the network security group (NSG), to be able to connect. I wouldn’t recommend this scenario since this exposes your virtual machines to the public internet. However, if you want to know more about that solution, check out the Microsoft Docs.

What I wound recommend is that you use a VPN connection to connect to your Azure virtual network where your VM is running. However, I know that in a lot of cases, you might not have a Site-2-Site VPN connection to your Azure virtual network. To still be able to connect form Windows Admin Center to an Azure VM, you can use the Azure Network Adapter feature. The Azure Network Adapter will create a Point-2-Site VPN connection from your Windows Server to Azure. And we are going to use this feature on our WAC gateway, so the WAC gateway is able to reach the virtual machine in Azure.

Add Azure Network Adapter

Add Azure Network Adapter

First, you will need to add a new Azure Network Adapter. This can be done in the Network extension in Windows Admin Center. This will open up a wizard that will guide you through the setup and if needed also helps you to register WAC in Microsoft Azure.

Create Azure Network Adapter

Create Azure Network Adapter

The setup can take a while, depending on if you already have a VPN gateway in Azure or not. WAC will create all the necessary resources in Azure, and create the Point-to-Site VPN connection for you. Also, keep in mind that the VPN gateway is an additional resource and will have an additional cost.

Connect to an Azure Virtual network

Connect to an Azure Virtual network

Now you can add and connect to your virtual machine running in Azure, using the private IP address of the machine.

Connect Azure VMs with Windows Admin Center

Connect Azure VMs with Windows Admin Center

You add a server by directly entering the IP address or you can use the Add Azure Virtual Machine wizard, to discover the VM in your Azure subscription.

Add Azure VM in Windows Admin Center

Add Azure VM in Windows Admin Center

I hope this helps you to connect your Azure virtual machines security without exposing ports to the public internet. If you have a site-to-site VPN connection to your Azure virtual network, you can use this as well without the need of setting up Azure Network Adapter.

If you are interested in other Azure Hybrid services in Windows Admin Center, check out the following blog post including the video series: Configure Azure Hybrid Services in Windows Admin Center

Besides, you can also have a look at my other blog post about how to set up Azure hybrid cloud services.

If you want to download Windows Admin Center, check out the download page. If you have any questions, feel free to leave a comment.



Azure IaaS VM enable Update Management

How to Manage Updates for Azure IaaS VMs

As a lot of customers are moving their workloads to Azure and specifically moving virtual machines to Azure Infrastructure-as-a-service (IaaS), the question is how do I manage my Azure virtual machines (VMs) efficiently. The great thing about Azure IaaS, it is not just another virtualization platform. Azure IaaS also offers a lot of other benefits versus classic virtualization. Azure IaaS and Azure Management provide a lot of functionality to it make it more efficient to run and manage virtual machines. One of them is Azure Update Management. In this blog post, I am going to show you how you can efficiently manage updates for your Azure IaaS VMs.

Overview and benefits Azure Update Management ☁

The Azure Update Management solution is part of Azure Automation. And with Azure Update Management you can manage operating system updates for your Windows and Linux computers in Azure, in on-premises environments, or in other cloud providers. That is right, it is not only for your Azure VMs, it also works with all your environment and provides you with a single pane of glass for your Update Management. It allows you to quickly assess the status of available updates on all virtual machines and servers, and manage the process of installing required updates for servers.

  • Azure Update Management works with Azure IaaS VMs, on-premise servers and even servers running at other cloud service providers.
  • Update Management supports Linux and Windows servers
  • It is directly integrated into the Azure portal and onboarding of Azure VMs is very simple.
  • It works with existing update sources like Microsoft Update, WSUS or on Linux with private and public update repositories.
  • Azure Update Management can be integrated into System Center Configuration Manager. You can learn more about Azure Update Management and System Center Configuration Manager integration on Microsoft Docs.
  • You can onboard new Azure VMs automatically to Update Management in multiple subscriptions in the same tenant.
Architecture

Architecture

How to onboard Azure IaaS VMs ✈

Onboarding Azure VMs to Azure Update Management is fairly simple and there are many different ways you can enable Update Management for an Azure VM.

One thing I want to highlight is, that you can set up automatic enablement for future virtual machines. With that Azure virtual machines, you create in the future, will automatically be added to the Update Mangement solution.

Onboarding

Onboarding

Since this blog post is all about managing updates for Azure VMs, I will keep it short, but if you want to add servers running on-premises or at other service providers, you can have a look how you can configure Azure Update management from Windows Admin Center. If you are running Azure Stack, you can also easily add your Azure Stack VMs to the Update Management solution.

Update Assesment 📃

Azure Update Management Compliant Assessment

Azure Update Management Compliant Assessment

After you have enabled and connected your virtual machines, Azure Log Analytics and Update Management start to collect data and analyze it and creates a continuous assessment of your Azure VM infrastructure and the additional servers you added. It will let you know which servers are compliant and which updates are missing. In the Azure documentation for Azure Update Management, you can find the schedules and time new updates will be added to the assessment.

Manage and deploy updates to Azure VMs 🔧

After you know which servers are compliant or not, you can schedule an update deployment, to update your servers.

Update Azure VMs using Update Deployment

Update Azure VMs using Update Deployment

An update deployment configuration is done very easily.

  1. Enter a name for the update deployment
  2. Select which operating system you want to target with the deployment (Linux or Windows)
  3. Choose the machines you want to update. You can select specific Azure virtual machines, non-Azure machines, groups, AD, WSUS, SCCM groups and filters.
  4. Select the Update Classifications you want to deploy
  5. Include or exclude updates
  6. Schedule the deployment. You can also create recurring update deployments for example for monthly patching.
  7. Configure pre- and post-scripts
  8. Configure the maintenance window size
  9. Configure the reboot update after the updates are installed

View update deployments ✔

Update Azure VMs Status

Update Azure VMs Status

During and after the duration of the update deployment, you can see an overview of the deployment, which updates on which machine were installed and if they were successful.

Pricing – What does it cost? 💵

Now I know what you are thinking now, this is great, but I am sure Microsoft is making me pay for this. No! there are no charges for the service, you only pay for log data stored in the Azure Log Analytics service. You can find more pricing information here.

Conclusion and Learn more 🎓

Update Management is a great solution to keep your environment up to date. If you want to know more, check out Microsoft Docs or follow this tutorial to onboard Azure VMs. There is also a very good blog series by Microsoft MVP Samuel Erskine. If you don’t have Azure today, create an Azure Free account.

Create free Azure Account ☁

Create your Azure free account today and get started with 12 months of free services!

If you have any questions, let me know in the comments.



Azure Bastion Windows VM

Azure Bastion – Private RDP and SSH access to Azure VMs

Azure Bastion is a new service which enables you to have private and fully managed RDP and SSH access to your Azure virtual machines. If you wanted to access your Azure virtual machines using RDP or SSH today, and you were not using a VPN connection, you had to assign a public IP address to the virtual machine. You were able to secure the connection using Azure Just in Time VM access in Azure Security Center. However, this had still some drawbacks. With Azure Bastion you get a private and fully managed service, which you deploy to your Virtual Network, which then allows you to access your VMs directly from the Azure portal using your browser over SSL.

Azure Bastion Architecture

Source: Microsoft Docs

Azure Bastion brings a couple of advantages

  • Removes requirement for a Remote Desktop (RDP) client on your local machine
  • Removes element for a local SSH client
  • No need for local RDP or SSH ports (handy when your company blocks it)
  • Uses secure SSL/TLS encryption
  • No need to assign public IP addresses to your Azure Virtual Machine
  • Works in basically any modern browser on any device (Windows, macOS, Linux, etc.)
  • Better hardening and more straightforward Network Security Group (NSG) management
  • Can remove the need for a Jumpbox

If you want to know more directly here is the link to the Azure Bastion announcement blog and the Microsoft Docs.

Public Preview

Azure Bastion is currently in public preview. The public preview is limited to the following Azure public regions:

  • West US
  • East US
  • West Europe
  • South Central US
  • Australia East
  • Japan East

To participate in this preview, you need to register. Use these steps to register for the preview:

Register-AzureRmProviderFeature -FeatureName AllowBastionHost -ProviderNamespace Microsoft.Network
 
Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Network
 
Get-AzureRmProviderFeature -ProviderNamespace Microsoft.Network

To use the Azure Bastion service, you will also need to use the Azure Portal – Preview.

How to set up an Azure Bastion host for a private RDP and SSH access to Azure VMs

Create Azure Bastion Host

First, you will need to deploy Bastion Host in your virtual network (VNet). The Azure Bastion Host will need at least a /27 subnet.

AzureBastionSubnet

Access Azure virtual machines using Azure Bastion

Azure Bastion integrates natively in the Azure portal. The platform will automatically be detected if Bastion is deployed to the virtual network your virtual machine is in. To connect to a virtual machine, click on the connect button for the virtual machine. Now you can enter your username and password for the virtual machine.

Azure Portal connect to Linux VM SSH

This will now open up a web-based SSL RDP session in the Azure portal to the virtual machine. Again, there is no need to have a public IP address assigned to your virtual machine.

Private access to Azure Linux VM

 

Roadmap – more to come

As Yousef Khalidi (CVP Azure Networking) mentions in his preview announcement blog, the team will add more great capabilities, like Azure Active Directory and MFA support, as well as support for native RDP and SSH clients.

The Azure networking and compute team are doing more great work on creating a great Azure IaaS experience. I hope this gives you an overview of how you can get a private RDP or SSH access to your Azure VM. If you want to know more about the Azure Bastion service, check out the Microsoft Docs for more information. If you have any questions, feel free to leave a comment.



Azure IaaS Webinar

Join me for a Azure IaaS Masterclass Webinar!

This Wednesday, Altaro have invited me to give a webinar on Infrastructure as a Service with Microsoft Azure and you’re invited – it’s free to join!

Implementing Infrastructure as a Service is a great way of streamlining and optimizing your IT environment by utilizing virtualized resources from the cloud to complement your existing on-site infrastructure. It enables a flexible combination of the traditional on-premises data center alongside the benefits of cloud-based subscription services. If you’re not making use of this model, there’s no better opportunity to learn what it can do for you than in this upcoming webinar.

I’ll be joined by me good friend from Altaro, Technical Evangelist and Microsoft MVP Andy Syrewicze. I’ve done a few webinars with Andy over the years and it’s always a fun experience to work with him. We have also received great feedback from attendees saying they learnt a lot and enjoy the format in which we present.

The webinar will be primarily focused on showing how Azure IaaS solves real use cases by going through the scenarios live on air. Three use cases have been outlined already, however, the webinar format encourages those attending to suggest their own use cases when signing up and the two most popular suggestions will be added to the list. To submit your own use case request, simply fill out the suggestion box in the sign up form when you register!

Like all Altaro webinars, this will be presented live twice on the day (Wednesday 13th February). So if you can’t make the earlier session (2pm CET / 8am EST / 5am PST), just sign up for the later one instead (7pm CET / 1pm EST / 10am PST) – or vice versa. Both sessions cover the same content but having two live sessions gives more people the opportunity to ask their questions live on air and get instant feedback from us.

Save your seat for the webinar and learn more about Azure IaaS

Altaro Webinar Azure IaaS VMs



Altaro Webinar Journey to the Clouds

Webinar: Journey to the Clouds – Masterclass on Cloud Migration

Together with Altaro and my MVP colleagues Andy Syrewicze and Didier Van Hoye, I will be part of a free webinar called Journey to the Clouds- Masterclass on Cloud Migration. In this webinar we will dicsuss differnent cloud scenarios.

There are two options available depending on which time zone you are in.

  • Session 1: 2pm CEST – 5am PDT – 8am EDT
  • Session 2: 6pm CEST – 9am PDT – 12pm EDT

Join Webinar Journey to the Clouds

Want to migrate your datacenter into the cloud but unsure how to make the transition successfully? 3 Microsoft MVPs discuss your options in this upcoming panel webinar. Join Andy Syrewicze, Didier Van Hoye, and Thomas Maurer for a crash course on how you can plan your journey effectively and smoothly utilizing the exciting cloud technologies coming out of Microsoft.

Want to migrate your datacenter into the cloud but unsure how to make the transition successfully? 3 Microsoft MVPs discuss your options in this upcoming panel webinar.

Join Andy Syrewicze, Didier Van Hoye, and Thomas Maurer for a crash course on how you can plan your journey effectively and smoothly utilizing the exciting cloud technologies coming out of Microsoft including:

  • Windows Server 2019 and the Software-Defined Datacenter
  • New Management Experiences for Infrastructure with Windows Admin Center
  • Hosting an Enterprise Grade Cloud in your datacenter with Azure Stack
  • Taking your first steps into the public cloud with Azure IaaS

With cloud technologies improving exponentially migrating to a cloud-based model is a dilemma facing most organizations today. Cloud services such as Microsoft Azure, Azure Stack, and the software defined datacenter, offer numerous benefits but moving existing infrastructure into a cloud model is a challenging step.

 

Many IT Pros are justifiably wary of new platforms and cloud services are particularly worrisome involving core infrastructure elements hosted offsite. This is why some of the new technologies coming from Microsoft are so compelling as they are designed to help organizations make that transition slowly and at their own pace. This webinar covers both fully-serviced cloud offerings as well as smaller-scaled solutions that provide more accessible steps to realizing the benefits without fully committing.

 

After watching the experts discuss the details, you’ll see that the cloud doesn’t have to be an all or nothing discussion. The journey from on-prem to the cloud is different for every organization, as is the destination. This webinar will prepare you for your unique journey by revealing the available options and how to make the most out of them.

 

Join us for some insightful discussion, use-case examples, and tips for getting started with these new technologies. Sign up today.

 

We hope to see you there!