Tag: Cloud

Last updated by at .

HPE Azure Stack Innovation Center

Let’s talk about the HPE Azure Stack Innovation Center

Together with HPE, I did some short videos about HPE Azure Stack and the HPE Azure Stack Innovation Center in Geneva. The videos are very short to just give you a quick idea about the different scenarios and the benefits of the Innovation Center as well as the HPE solutions. If you want to know more about it, you can check out my blog and look for my articles on Azure Stack and Azure.

About the Azure Stack Innovation Centers

To help you get started on your journey with Microsoft Azure Stack, HPE and Microsoft have built Azure Stack Innovation Centers. Staffed by HPE and Microsoft experts, and leveraging the latest industry-leading Azure Stack hardware and software solutions, the Azure Stack Innovation Centers are designed to help simplify and accelerate your hybrid cloud journey.

In simple words, the Innovation Centers are a place to try out Azure Stack multi-node systems, do proof of concepts and test your real-world workloads. We used the Azure Stack Innovations Centers to work with customers, to try out their workloads directly on a full multi-node system. This helps to better understand the benefits and challenges for the specific customer workloads and get some hands-on experience. It is also a great possibility to test out the Azure Stack Operator capabilities and tasks.

Thomas Maurer about the HPE Azure Stack Innovation Center

Thomas Maurer talks about how the HPE Microsoft Azure Innovation Center helps partners and customers on Azure Stack Implementation projects!



Microsoft Certified Azure Administrator Associate

Passed Microsoft Certified: Azure Administrator

After the announcement of the new Microsoft Azure certifications at Microsoft Inspire in Las Vegas, I decided to take the beta exam which was available to upgrade my current Azure certifications. Since I had already passed Exam 70-533 Implementing Microsoft Azure Infrastructure Solutions, I needed exam AZ-102 to do the transition. Today I got confirmation that I passed the Microsoft exam AZ-102 and earned the Microsoft Certified Azure Administrator Associate certification.

I already took the new available beta Exam for the Microsoft Certified Azure Architect at Microsoft Ignite, however for the results I still need to wait a bit.

What is Exam AZ-102 Microsoft Certified: Azure Administrator Associate

The new certifications are based on different job roles, like Azure Administrator, Azure Developer and Azure Architect. You can read more about the new Azure Certifications here on my blog.

Earning Azure Administrator Associate certification demonstrates understanding of services across the IT lifecycle, and ability to take requests for infrastructure services, applications, and environments. Candidates for this certification are typically Azure Administrators who manage cloud services spanning storage, security, networking, and compute cloud capabilities. They recommend services to use for optimal performance and scale, as well as provision, size, monitor, and adjust resources.

This is great news to start in the day while I am flying to a customer in Paris today for some more Azure work.

Exam Preparation

The skills measured in AZ-102 are a mix from AZ-100 and AZ-101 and will focus on Azure Infrastructure and deployment, Azure Integration and Azure Security.

I often get asked how I prepared for exams such as this. Obviously it makes sense to certify the knowledge you already have. I usually use Microsoft free online courses on Channel 9, Virtual Academy and now the new Microsoft Learn. However, I realized that also the Azure Documentation is a great resource to learn. I recommend you check the skills needed for the exam, in this case AZ-102 and read the specific Azure Documentation for these topics, and also try it out.



Azure Stack Backup with Azure Backup Server

Protect Azure Stack Tenant Workloads with Azure Backup Server

If you are running Azure Stack in your datacenter, you also want to backup workloads running on Azure Stack. This blog post covers how you can backup Azure Stack tenant workloads with Azure Backup Server. Azure Backup allows you to protect on-premise workloads running on different platforms as well as on Azure Stack and store long-term data in Azure.

Why protecting Azure Stack workloads with Azure Backup Server

Microsoft Azure Backup Server is included as a free download with Azure Backup that enables cloud backups and disk backups for workloads like SQL, SharePoint and Exchange regardless if these workloads are running on Hyper-V, VMware, Physical servers or Azure Stack. It also provides a central console to protect these workloads. If you compare this to the Azure Backup Agent, where you have to configure the agent on every single server. The Azure Backup Server also allows you to not only do file backup, but also backup of applications like SharePoint, SQL Server, Exchange and more. This gives you flexibility and centralized management to back up your infrastructure as a service (IaaS) workloads on Azure Stack.



HPE Azure Stack

HPE OneView for Microsoft Azure Log Analytics

Today, I got some great news, which I missed in the last couple of weeks. HPE announced that their HPE OneView for Microsoft Azure Log Analytics 1.0 Preview, or short OV4ALA, is now available. OV4ALA is a integration that provides a bridge between HPE hardware infrastructure and Azure Log Analytics. This basically allows you to extend your HPE hardware monitoring to the Microsoft Cloud.

The OV4ALA is an Azure Resource Manager solutions which provides you with dashboards for your on-premises HPE hardware infrastructure. This includes systems like:

  • HPE OneView Appliances
  • Server Hardware
  • Server Profiles
  • Logical Interconnects
  • Physical Interconnects
  • Storage Systems
  • Storage Pools
  • Storage Volumes
  • SAS Interconnects
  • Drive Enclosures
  • Alerts

HPE OneView for Microsoft Azure Log Analytics Description

Every item in the dashboard provides a link to the underlying Log Analytics search query, which allows you to create powerful and detailed custom searches for long term event correlation and trend analysis.  Searches can also be combined with data from non-HPE sources, such as OS, VM, and application information. A set of pre-defined saved searches is included to help navigate the HPE log records generated by the solution.

It also includes Azure Automation runbooks that drive the automatic generation of log records from information collected from on-premise instances of HPE OneView and HPE Synergy, leveraging the Azure Hybrid Runbook Worker.

This solution requires an on-premises component (HPE PowerShell Module for Log Analytics) that must be properly installed and configured where HPE OneView and HPE Synergy are located. This module acts as a proxy between the on-premises instances of HPE OneView and HPE Synergy and Azure Log Analytics running in the Azure public cloud.

This solution is being released as a Technical Preview, and HPE does not provide any formal customer support for HPE OneView for Microsoft Azure Log Analytics at this time. This preview is provided “as-is” and is excluded from service level agreements and limited warranty. The customer assumes all risks in using this preview version. Features available in the preview are subject to change, including removal, prior to the general availability release. The fully supported generally available version is planned for later this year.

This is great news, especially when you run an HPE Azure Stack solution, which also comes with OneView. With the Azure Stack OMS Solutions you can send alerts and warnings from the Azure Stack software to Azure Log Analytics. Now with the HPE OneView for Microsoft Azure Log Analytics solution, you can also forward the HPE hardware monitoring of Azure Stack to Azure Log Analytics, which will make it a central place for your Azure Stack monitoring.

Check out more information about OV4ALA on the HPE blog. Thanks for Roland Frehner from HPE for the link.



You can now watch Microsoft’s underwater Datacenter and fish on Live Webcams

A couple of months back Microsoft provided a look at Project Natick, which is basically Microsoft’s project to host datacenter in underwater. This brings obviously some challenges but also some advantages like cooling etc. Today Microsoft also added some public webcam streams to Project Natick, which allows you to watch the Underwater Datacenter and some fish.

Microsoft Project Natick Webcam

About Microsoft Project Natick

Project Natick seeks to understand the benefits and difficulties in deploying subsea datacenters worldwide. Phase two extends the research we accomplished in phase one by deploying a full-scale datacenter module in the North Sea, powered by renewable energy.

 

  • Project Natick is a research project to build an underwater datacenter. Microsoft is investigating the numerous potential benefits that a standard, manufacturable, deployable undersea datacenter could provide to cloud users all over the world.
  • The Natick Phase 1 vessel was operated on the seafloor approximately one kilometer off the Pacific coast of the United States from August to November of 2015.
  • Phase 2 of Natick aims to demonstrate that we can economically manufacture full scale undersea datacenter modules and deploy them in under 90 days from decision to power on. The Phase 2 vessel was deployed at the European Marine Energy Centre located in the Orkney Islands, UK in June of 2018.
  • Project Natick reflects Microsoft’s ongoing quest for cloud datacenter solutions that offer less resource intensive options, rapid provisioning, lower costs, and high agility in meeting customer needs.

If you want to know more about Microsoft Project Natick, check out the website:

Microsoft Project Natick Website

 



Thomas Maurer Speaking at Experts Live

Speaking at Experts Live Europe 2018 in Prague

You must have heard about the awesome conference in the heart of Europe, called Experts Live Europe. Today, I am honored and proud to announce that I will be speaking at Experts Live Europe 2018 in Prague at October 24.-26. Since the first European edition back in 2013, I have presented several sessions at each event previously hosted in Bern, Basel and Berlin. I will speak about my favorite topic Azure Stack and will also present another session about Windows Server. The timing of Experts Live Europe is great this year (October), which allows me and other speakers to present the latest updates learned and shared at Microsoft Ignite (September).

I am also excited about the new location. After Bern and Basel in Switzerland, and two years in Berlin, Germany, Experts Live Europe comes to the beautiful city of Prague.

My Sessions at Experts Live Europe 2018

I am proud to present two sessions to cover topics like Azure, Azure Stack, Windows Server and Hyper-V.

Azure Stack - Your Cloud Your Datacenter

Microsoft released Azure Stack as an Azure appliance for your datacenter. Learn what Azure Stack is, what challenges it solves, how you deploy, manage and operate a Azure Stack in your datacenter. Learn about the features and services you will get by offering Azure Stack to your customers and how you can build a true Hybrid Cloud experience. In this presentation Thomas Maurer (Microsoft MVP) will guide you through the highly anticipated innovations and experience during the Azure Stack Early Adaption Program and Azure Stack Technology Adoption Program (TAP).

Windows Server 2019 - The Next Generation of Software-Defined Datacenter

Join this session for the best of Windows Server 2019, about the new innovation and improvements of Windows Server. Learn how Microsoft enhances the SDDC feature like Hyper-V, Storage and Networking and get the most out of the new Azure Hybrid Integration and Container features. You’ll get an overview about the new, exciting improvements that are in Windows Server and how they’ll improve your day-to-day job.   In this presentation Thomas Maurer (Microsoft MVP) will guide you through the highly anticipated innovations in Windows Server 2019 and the Semi-Annual Channel including: ○ Windows Server Containers ○ Azure Integration ○ Hyper-V features ○ Storage ○ Networking ○ Security ○ Windows Server Containers And more!

Besides 2 days of break out sessions, you will also have one extra day with three great technical workshops about Cloud Security, Workplace and Automation.

About Experts Live Europe

Experts Live Europe is one of Europe’s largest community conferences with a focus on Microsoft cloud, datacenter and workplace management. Top experts from around the world present discussion panels, ask-the-experts sessions and breakout sessions and cover the latest products, technologies and solutions. It’s the time of the year to learn, network, share and make valuable connections.

 

Experts Live VIP Party in the Cloud

The famous Speakers & Sponsors VIP Party of Experts Live Europe will take place on Wednesday, October 24th. This is a great opportunity to network with our speakers and sponsors in a fun and easy-going setting. Tickets for the VIP Party are limited due to location capacity, so if you don’t want to miss out, make sure you register fast!
The VIP Party will take place in Cloud9 Sky Bar & Lounge, at the rooftop of the Hilton hotel in Prague. The Sky Bar is famous for its stunning panorama views of the city, the signature cocktails, the rooftop terrace and the vibrant atmosphere.

It still takes a couple of months until October, but I am already very excited for another Experts Live Conference. I really hope to see you there, so make sure you get a ticket as soon as possible!



Inked Azure Security Center Just in time VM access_LI

Azure – Just in Time VM access

If you run virtual machines with public IP address connected to the internet, attackers immediately try to run attacks against it. Brute force attacks commonly target management ports, like RDP or SSH, to gain access to a VM. If the attacker is successful, he can take control over the VM and access other resources in the environment. To address that issue it is highly recommended to reduce the ports open, especially for the management ports. However, sometimes you will need to open to ports for some of the virtual machines for management tasks. Microsoft Azure has a simple way to address this issue, called Just in time virtual machine (VM) access. Just in time VM access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed.

How does Azure Just in Time VM Access work

In the Azure Security Center you can enable just in time VM access, this will create a Network Security Rule (NSG) to lock down inbound traffic to the Azure VM. During the initial JIT VM access configuration, you will be configuring the ports specified, which will be managed by Azure Security Center, these ports will be locked down by the Azure Security Center using an NSGs.

Configure Azure just in time VM access

Inked Configure Just in time VM access_LI

Azure JIT VM access is configured in the Azure Security Center. To configure and enable JIT on a virtual machine open up the Azure Security Center and click on Just in time VM access.

Here you will find three states, Configured, Recommended and No recommendation.

  • Configured – VMs that have been configured to support just in time VM access. The data presented is for the last week and includes for each VM the number of approved requests, last access date and time, and last user.
  • Recommended – VMs that can support just in time VM access but have not been configured to. We recommend that you enable just in time VM access control for these VMs. See Configuring a just in time access policy.
  • No recommendation – Reasons that can cause a VM not to be recommended are:
    • Missing NSG – The just in time solution requires an NSG to be in place.
    • Classic VM – Security Center just in time VM access currently supports only VMs deployed through Azure Resource Manager. A classic deployment is not supported by the just in time solution.
    • Other – A VM is in this category if the just in time solution is turned off in the security policy of the subscription or the resource group, or that the VM is missing a public IP and doesn’t have an NSG in place.

To configure you click on Recommended and select the Virtual Machine, for which you want to enable JIT.

Click on Enable JIT on VMs and configure the ports which should be managed by Just in time VM Access. Just in time VM access will recommend some default ports like RDP, SSH and PowerShell Remoting. You can also add other ports to the virtual machine if you want or need to.

Requesting Just in time VM Access for Azure Virtual Machine

Request Just in time VM access

On the Configured section, you can select the VM you want to request access to and click on Request access. You can now select the ports you want to be open for a specific time and a specific IP address. This will open up the ports and after 2-3 minutes you will be able to access the virtual machine.

To send such a request, the user which requests access to the Virtual Machine needs to have write access to the virtual machines in the Azure Role-Based Access Control (RBAC).

Auditing Azure just in time VM access activity

Of course all the request get logged and can be reviewed in the Activity Log.

Licensing of Azure just in time VM access

Azure just in time VM access is licensed over Azure Security Center and needs the Standard Tier to be enabled for the specific virtual machine.

I hope this gives you an idea how you can leverage Just in time VM access in Azure for your workloads.