Tag: Azure IaaS

Azure IaaS VM enable Update Management

How to Manage Updates for Azure IaaS VMs

As a lot of customers are moving their workloads to Azure and specifically moving virtual machines to Azure Infrastructure-as-a-service (IaaS), the question is how do I manage my Azure virtual machines (VMs) efficiently. The great thing about Azure IaaS, it is not just another virtualization platform. Azure IaaS also offers a lot of other benefits versus classic virtualization. Azure IaaS and Azure Management provide a lot of functionality to it make it more efficient to run and manage virtual machines. One of them is Azure Update Management. In this blog post, I am going to show you how you can efficiently manage updates for your Azure IaaS VMs.

Overview and benefits Azure Update Management ☁

The Azure Update Management solution is part of Azure Automation. And with Azure Update Management you can manage operating system updates for your Windows and Linux computers in Azure, in on-premises environments, or in other cloud providers. That is right, it is not only for your Azure VMs, it also works with all your environment and provides you with a single pane of glass for your Update Management. It allows you to quickly assess the status of available updates on all virtual machines and servers, and manage the process of installing required updates for servers.

  • Azure Update Management works with Azure IaaS VMs, on-premise servers and even servers running at other cloud service providers.
  • Update Management supports Linux and Windows servers
  • It is directly integrated into the Azure portal and onboarding of Azure VMs is very simple.
  • It works with existing update sources like Microsoft Update, WSUS or on Linux with private and public update repositories.
  • Azure Update Management can be integrated into System Center Configuration Manager. You can learn more about Azure Update Management and System Center Configuration Manager integration on Microsoft Docs.
  • You can onboard new Azure VMs automatically to Update Management in multiple subscriptions in the same tenant.
Architecture

Architecture

How to onboard Azure IaaS VMs ✈

Onboarding Azure VMs to Azure Update Management is fairly simple and there are many different ways you can enable Update Management for an Azure VM.

One thing I want to highlight is, that you can set up automatic enablement for future virtual machines. With that Azure virtual machines, you create in the future, will automatically be added to the Update Mangement solution.

Onboarding

Onboarding

Since this blog post is all about managing updates for Azure VMs, I will keep it short, but if you want to add servers running on-premises or at other service providers, you can have a look how you can configure Azure Update management from Windows Admin Center. If you are running Azure Stack, you can also easily add your Azure Stack VMs to the Update Management solution.

Update Assesment 📃

Azure Update Management Compliant Assessment

Azure Update Management Compliant Assessment

After you have enabled and connected your virtual machines, Azure Log Analytics and Update Management start to collect data and analyze it and creates a continuous assessment of your Azure VM infrastructure and the additional servers you added. It will let you know which servers are compliant and which updates are missing. In the Azure documentation for Azure Update Management, you can find the schedules and time new updates will be added to the assessment.

Manage and deploy updates to Azure VMs 🔧

After you know which servers are compliant or not, you can schedule an update deployment, to update your servers.

Update Azure VMs using Update Deployment

Update Azure VMs using Update Deployment

An update deployment configuration is done very easily.

  1. Enter a name for the update deployment
  2. Select which operating system you want to target with the deployment (Linux or Windows)
  3. Choose the machines you want to update. You can select specific Azure virtual machines, non-Azure machines, groups, AD, WSUS, SCCM groups and filters.
  4. Select the Update Classifications you want to deploy
  5. Include or exclude updates
  6. Schedule the deployment. You can also create recurring update deployments for example for monthly patching.
  7. Configure pre- and post-scripts
  8. Configure the maintenance window size
  9. Configure the reboot update after the updates are installed

View update deployments ✔

Update Azure VMs Status

Update Azure VMs Status

During and after the duration of the update deployment, you can see an overview of the deployment, which updates on which machine were installed and if they were successful.

Pricing – What does it cost? 💵

Now I know what you are thinking now, this is great, but I am sure Microsoft is making me pay for this. No! there are no charges for the service, you only pay for log data stored in the Azure Log Analytics service. You can find more pricing information here.

Conclusion and Learn more 🎓

Update Management is a great solution to keep your environment up to date. If you want to know more, check out Microsoft Docs or follow this tutorial to onboard Azure VMs. There is also a very good blog series by Microsoft MVP Samuel Erskine. If you don’t have Azure today, create an Azure Free account.

Create free Azure Account ☁

Create your Azure free account today and get started with 12 months of free services!

If you have any questions, let me know in the comments.



Azure Bastion Windows VM

Azure Bastion – Private RDP and SSH access to Azure VMs

Azure Bastion is a new service which enables you to have private and fully managed RDP and SSH access to your Azure virtual machines. If you wanted to access your Azure virtual machines using RDP or SSH today, and you were not using a VPN connection, you had to assign a public IP address to the virtual machine. You were able to secure the connection using Azure Just in Time VM access in Azure Security Center. However, this had still some drawbacks. With Azure Bastion you get a private and fully managed service, which you deploy to your Virtual Network, which then allows you to access your VMs directly from the Azure portal using your browser over SSL.

Azure Bastion Architecture

Source: Microsoft Docs

Azure Bastion brings a couple of advantages

  • Removes requirement for a Remote Desktop (RDP) client on your local machine
  • Removes element for a local SSH client
  • No need for local RDP or SSH ports (handy when your company blocks it)
  • Uses secure SSL/TLS encryption
  • No need to assign public IP addresses to your Azure Virtual Machine
  • Works in basically any modern browser on any device (Windows, macOS, Linux, etc.)
  • Better hardening and more straightforward Network Security Group (NSG) management
  • Can remove the need for a Jumpbox

If you want to know more directly here is the link to the Azure Bastion announcement blog and the Microsoft Docs.

Public Preview

Azure Bastion is currently in public preview. The public preview is limited to the following Azure public regions:

  • West US
  • East US
  • West Europe
  • South Central US
  • Australia East
  • Japan East

To participate in this preview, you need to register. Use these steps to register for the preview:

Register-AzureRmProviderFeature -FeatureName AllowBastionHost -ProviderNamespace Microsoft.Network
 
Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Network
 
Get-AzureRmProviderFeature -ProviderNamespace Microsoft.Network

To use the Azure Bastion service, you will also need to use the Azure Portal – Preview.

How to set up an Azure Bastion host for a private RDP and SSH access to Azure VMs

Create Azure Bastion Host

First, you will need to deploy Bastion Host in your virtual network (VNet). The Azure Bastion Host will need at least a /27 subnet.

AzureBastionSubnet

Access Azure virtual machines using Azure Bastion

Azure Bastion integrates natively in the Azure portal. The platform will automatically be detected if Bastion is deployed to the virtual network your virtual machine is in. To connect to a virtual machine, click on the connect button for the virtual machine. Now you can enter your username and password for the virtual machine.

Azure Portal connect to Linux VM SSH

This will now open up a web-based SSL RDP session in the Azure portal to the virtual machine. Again, there is no need to have a public IP address assigned to your virtual machine.

Private access to Azure Linux VM

 

Roadmap – more to come

As Yousef Khalidi (CVP Azure Networking) mentions in his preview announcement blog, the team will add more great capabilities, like Azure Active Directory and MFA support, as well as support for native RDP and SSH clients.

The Azure networking and compute team are doing more great work on creating a great Azure IaaS experience. I hope this gives you an overview of how you can get a private RDP or SSH access to your Azure VM. If you want to know more about the Azure Bastion service, check out the Microsoft Docs for more information. If you have any questions, feel free to leave a comment.



Azure IaaS Webinar

Join me for a Azure IaaS Masterclass Webinar!

This Wednesday, Altaro have invited me to give a webinar on Infrastructure as a Service with Microsoft Azure and you’re invited – it’s free to join!

Implementing Infrastructure as a Service is a great way of streamlining and optimizing your IT environment by utilizing virtualized resources from the cloud to complement your existing on-site infrastructure. It enables a flexible combination of the traditional on-premises data center alongside the benefits of cloud-based subscription services. If you’re not making use of this model, there’s no better opportunity to learn what it can do for you than in this upcoming webinar.

I’ll be joined by me good friend from Altaro, Technical Evangelist and Microsoft MVP Andy Syrewicze. I’ve done a few webinars with Andy over the years and it’s always a fun experience to work with him. We have also received great feedback from attendees saying they learnt a lot and enjoy the format in which we present.

The webinar will be primarily focused on showing how Azure IaaS solves real use cases by going through the scenarios live on air. Three use cases have been outlined already, however, the webinar format encourages those attending to suggest their own use cases when signing up and the two most popular suggestions will be added to the list. To submit your own use case request, simply fill out the suggestion box in the sign up form when you register!

Like all Altaro webinars, this will be presented live twice on the day (Wednesday 13th February). So if you can’t make the earlier session (2pm CET / 8am EST / 5am PST), just sign up for the later one instead (7pm CET / 1pm EST / 10am PST) – or vice versa. Both sessions cover the same content but having two live sessions gives more people the opportunity to ask their questions live on air and get instant feedback from us.

Save your seat for the webinar and learn more about Azure IaaS

Altaro Webinar Azure IaaS VMs



Altaro Webinar Journey to the Clouds

Webinar: Journey to the Clouds – Masterclass on Cloud Migration

Together with Altaro and my MVP colleagues Andy Syrewicze and Didier Van Hoye, I will be part of a free webinar called Journey to the Clouds- Masterclass on Cloud Migration. In this webinar we will dicsuss differnent cloud scenarios.

There are two options available depending on which time zone you are in.

  • Session 1: 2pm CEST – 5am PDT – 8am EDT
  • Session 2: 6pm CEST – 9am PDT – 12pm EDT

Join Webinar Journey to the Clouds

Want to migrate your datacenter into the cloud but unsure how to make the transition successfully? 3 Microsoft MVPs discuss your options in this upcoming panel webinar. Join Andy Syrewicze, Didier Van Hoye, and Thomas Maurer for a crash course on how you can plan your journey effectively and smoothly utilizing the exciting cloud technologies coming out of Microsoft.

Want to migrate your datacenter into the cloud but unsure how to make the transition successfully? 3 Microsoft MVPs discuss your options in this upcoming panel webinar.

Join Andy Syrewicze, Didier Van Hoye, and Thomas Maurer for a crash course on how you can plan your journey effectively and smoothly utilizing the exciting cloud technologies coming out of Microsoft including:

  • Windows Server 2019 and the Software-Defined Datacenter
  • New Management Experiences for Infrastructure with Windows Admin Center
  • Hosting an Enterprise Grade Cloud in your datacenter with Azure Stack
  • Taking your first steps into the public cloud with Azure IaaS

With cloud technologies improving exponentially migrating to a cloud-based model is a dilemma facing most organizations today. Cloud services such as Microsoft Azure, Azure Stack, and the software defined datacenter, offer numerous benefits but moving existing infrastructure into a cloud model is a challenging step.

 

Many IT Pros are justifiably wary of new platforms and cloud services are particularly worrisome involving core infrastructure elements hosted offsite. This is why some of the new technologies coming from Microsoft are so compelling as they are designed to help organizations make that transition slowly and at their own pace. This webinar covers both fully-serviced cloud offerings as well as smaller-scaled solutions that provide more accessible steps to realizing the benefits without fully committing.

 

After watching the experts discuss the details, you’ll see that the cloud doesn’t have to be an all or nothing discussion. The journey from on-prem to the cloud is different for every organization, as is the destination. This webinar will prepare you for your unique journey by revealing the available options and how to make the most out of them.

 

Join us for some insightful discussion, use-case examples, and tips for getting started with these new technologies. Sign up today.

 

We hope to see you there!



Azure to Azure Site Recovery

Disaster recovery for Azure IaaS virtual machines using ASR

Microsoft today announced the public preview of disaster recovery for Azure IaaS virtual machines. This is Azure Site Recovery (ASR) for the Azure-to-Azure scenario. With that, you can replicate Azure virtual machines (VMs) from one Azure Region to another Azure Region, without deploying any other infrastructure components such as software appliances. Cross-region disaster recovery (DR) feature is now available in all Azure public regions where ASR is available. Let’s have a quick look at how you can achieve Disaster Recovery for Azure VMs.

The Azure documentation describes it the following way:

In addition to the built-in Azure infrastructure capabilities and features that contribute to a robust and resilient availability strategy for workloads running on Azure VMs, there are several reasons why you need to plan for disaster recovery between Azure regions yourself:

  • Your compliance guidelines for specific apps and workloads require a Business continuity and Disaster Recovery (BCDR) strategy.
  • You want the ability to protect and recover Azure VMs based on your business decisions, and not only based on inbuilt Azure functionality.
  • You need to be able to test failover and recovery following your business and compliance needs, with no impact on production.
  • You need to be able to failover to the recovery region in the event of a disaster and failback to the source region seamlessly.

Azure to Azure VM replication using Site Recovery helps you to do all the above.

Azure to Azure Site Recovery Setup

To set this up, you have to create an Azure Recovery Vault. This Recovery vault cannot be in the same region as the source virtual machines, because if the region is down, you will not have access to the vault.

Azure ASR Configuration Settings

From that, you can choose to create a new Replication and select the virtual machines you want to replicate. You can select the virtual machines you want to replicate. In the end, you choose the target location and create the needed target resources and start the replication.

This will now allow you to failover your virtual machines to another Azure region.

Azure ASR Failover

Source Microsoft

There are some limitations right now, like no support for managed disks or limited operating system support. Check out the Azure Site Recovery support matrix for replicating from Azure to Azure for more support information.

Azure Site Recovery now allows you to replicate Virtual Machines from:

Azure Site Recovery Overview

  • On-premise Hyper-V Servers
  • On-Premise Hyper-V using System Center Virtual Machine Manager
  • On-Premise Physical Servers
  • Virtual Machines from AWS
  • Virtual Machines from another Azure Region

I hope this blog post gives you an overview of how you can use Azure Site Recovery (ASR) for disaster recovery (DR) of Azure IaaS VMs. By the way, if you want to configure on-premises Hyper-V to Azure disaster recovery using ASR, check my blog post about how you can configure this, using Windows Admin Center. If you have any questions, please let me know in the comments.



WAP Register SPF

Windows Azure Pack – Virtual Machine Cloud

One of the big features of Windows Azure Pack right now is the integration of a Infrastructure as a Service offering or in other words Virtual Machine Cloud. VM Cloud allows you to integrate your existing System Center Virtual Machine Manager 2012 R2 and Hyper-V environment over SPF (Service Provider Foundation) API, so you can create a offering similar to the Windows Azure IaaS experience.

I had the chance working on several Windows Azure Pack projects where we have integrated the Virtual Machine Cloud and created offerings for service providers as well as for enterprise companies for internal use. Two parts of I really like about the solution in the integration of Hyper-V Network Virtualization and the integration of VM Roles, which are basically a solution to deploy services instead of just Virtual Machines. Microsoft also finally fixed the issue we had in App Controller and other products to connect to a Virtual Machine via the Hyper-V Console from outside your organization by using a Remote Desktop Gateway.

Architecture

To deploy the VM Cloud or IaaS offering in Windows Azure Pack you need several roles, services and components. If you want to know more about the Windows Azure Pack Architecture, check out the following blog post.

Windows Azure Pack VM Cloud Architecture

Picture Source: TechNet

  • Hyper-V – You need a Hyper-V environment for hosting virtual machines.
  • System Center Virtual Machine Manager – In a VM Cloud environment you need your Hyper-V resources to connect to a Virtual Machine Manager. You can connect multiple Virtual Machine Manager servers so called VMM stamps. If you are using Hyper-V Network Virtualization (NVGRE) make sure you build a highly available VMM Cluster for each stamp.
  • Service Provider Foundation – To bring those VMM stamps inside Windows Azure Pack you need an API solution called Service Provider Foundation. Every VMM stamp has to be registered in Windows Azure Pack trough a Service Provider Foundation Endpoint.
  • Windows Azure Pack Tenant Portal – The Portal for tenants/customers to manage Virtual Machines
  • Windows Azure Pack Admin Portal – The Portal for Administrator to register new VMM stamps and create offerings for customers.
  • Service Management API – You always need this if you deploy Windows Azure Pack.
  • SQL Server – SQL Server for Windows Azure Pack, SPF and Virtual Machine Manager
  • RD Gateway – Remote Desktop Gateway for the Console Connection to the Virtual Machine
  • System Center Operations Manager – If you just want to monitor your VM environment or you want to do chargeback you need Operations Manager and Service Reporting.

How to setup VM Cloud in Windows Azure Pack

After you have setup your environment you have to register your Service Provider Foundation and VMM in Windows Azure Pack. Enter the address of the SPF Endpoint and the address of the VMM Server.

WAP Register SPF

You can than add VMM servers or VMM Stamps to the Windows Azure Pack.

VMMStamp in WAP

You can now select the Cloud you want to use for your offering. If you create a new plan you can select which VMM stamp and cloud should be used for the offering. You can limit resources like Virtual Machine count, CPU cores, RAM, Storage, VM Networks, Templates and more inside plans and add-ons. You can than offer these plans and add-ons to your customers.

WAP VM Cloud Plan

As another part you can extend the solution by adding a SMA Web Service endpoint to the Windows Azure Pack and configure it for the Virtual Machine Clouds. With this solution you can link SMA Runbooks to actions in Windows Azure Pack VM Cloud, SPF and Virtual Machine Manager.

WAP Link SMA Runbook to VMM Action

If you need to enable Console access to the Virtual Machine to the tenant users, you also have to register a Remote Desktop Gateway. This will allow user to access the Virtual Machine without having a IP address set inside the VM.

Tenant VM Console Access WAP

Remember there are much more steps you have to do. For example configuring the fabric in System Center Virtual Machine Manager or configuring the Remote Desktop Gateway to have access to the Hyper-V hosts. And if you are doing NVGRE (Hyper-V Network Virtualization) you may also want to have NVGRE Gateways in place so customers can leave the Virtual Network and connect to the physical network or the internet. So setting this thing up is one part but having it designed and configured the right way is another.