Tag: IaaS

Azure Stack Partner Series MyCloudDoor

Azure Stack Hub Partner Solutions Series – myCloudDoor

Together with the Azure Stack Hub team, I am on a journey to explore the ways our customers and partners use, deploy, manage, and build solutions on the Azure Stack Hub platform. Today, Tiberiu and I had the chance to speak to myCloudDoor. MyCloudDoor is an Azure Stack Hub partner and Preferred SI that focused on managed services and creating value for its customers throughout the world. They have a wide range of customers across many verticals. Join the myCloudDoor team as we explore how they provide value and solve customer issues using Azure and Azure Stack Hub.

You can read more about the video series I created with Tiberiu Radu (Azure Stack Hub PM @rctibi) on our introduction blog: Azure Stack Hub Partner solution video series to show how our customers and partners use Azure Stack Hub in their Hybrid Cloud environment. In this series, as we will meet customers that are deploying Azure Stack Hub for their own internal departments, partners that run managed services on behalf of their customers, and a wide range of in-between as we look at how our various partners are using Azure Stack Hub to bring the power of the cloud on-premises.

 

Links mentioned through the video:

I hope this video was helpful and you enjoyed watching it. If you have any questions, feel free to leave a comment below. If you want to learn more about the Microsoft Azure Stack portfolio, check out my blog post.



Azure Stack Hub Partner Solutions Series – Salt

Azure Stack Hub Partner Solutions Series – Salt

Together with the Tiberiu Radu (Azure Stack Hub PM @rctibi), we created a new Azure Stack Hub Partner solution video series to show how our customers and partners use Azure Stack Hub in their Hybrid Cloud environment. In this series, as we will meet customers that are deploying Azure Stack Hub for their own internal departments, partners that run managed services on behalf of their customers, and a wide range of in-between as we look at how our various partners are using Azure Stack Hub to bring the power of the cloud on-premises.

Today, I want you to introduce you to Azure Stack Hub Partner Salt. Salt is a Service Provider that has won the Microsoft Partner of the Year 3 times since 2017. Their business focuses on bringing a multi-tenanted Azure Stack Hub environment in the Caribbean Islands. Join them as they tell us more about their journey towards becoming a trusted advisor to their customers and learn more about the types of workloads planned with Azure Stack Hub.

Links mentioned through the video:

I hope this video was helpful and you enjoyed watching it. If you have any questions, feel free to leave a comment below. If you want to learn more about the Microsoft Azure Stack portfolio, check out my blog post.



Automanage for Azure virtual machines

Automanage for Azure virtual machines

For me, one of the most impressive announcements at Microsoft Ignite, next to many of the Azure Arc and Azure Stack announcements, was the announcement of the Azure Automanage for virtual machines (VMs) public preview. As you know, Microsoft Azure offers many management services for Azure virtual machines (VMs). However, finding and configured these services can be some work. Azure Automanage for virtual machines helps to address precisely that. Azure Automanage for virtual machines is a service that eliminates the need to discover, know how to onboard, and how to configure certain services in Azure that would benefit your virtual machine.

In summary, Azure Automanage provides the following features to reduced cost by automating Windows Server management, improved workload uptime with optimized operations, and implementation of security best practices.

  • Intelligently onboards virtual machines to select best practices Azure services
  • Automatically configures each service per Azure best practices.
  • Monitors for drift and corrects for it when detected.
  • Provides a simple experience (point, click, set, forget)

You can find more information on Microsoft Docs.



Azure Stack Hub Partner Solutions Series - Datacom

Azure Stack Hub Partner Solutions Series – Datacom

Together with the Azure Stack Hub team, we are starting a journey to explore the ways our customers and partners use, deploy, manage, and build solutions on the Azure Stack Hub platform. Together with the Tiberiu Radu (Azure Stack Hub PM @rctibi), we created a new Azure Stack Hub Partner solution video series to show how our customers and partners use Azure Stack Hub in their Hybrid Cloud environment. In this series, as we will meet customers that are deploying Azure Stack Hub for their own internal departments, partners that run managed services on behalf of their customers, and a wide range of in-between as we look at how our various partners are using Azure Stack Hub to bring the power of the cloud on-premises.

Datacom is an Azure Stack Hub partner that provides both multi-tenant environments, as well as dedicated ones. They focus on providing value to their customers and meeting them where they are by providing managed services as well as complete solutions. Datacom focuses on a number of customers ranging from large government agencies as well as enterprise customers. Join the Datacom team as we explore how they provide value and solve customer issues using Azure and Azure Stack Hub.

Links mentioned through the video:

I hope this video was helpful and you enjoyed watching it. If you have any questions, feel free to leave a comment below. If you want to learn more about the Microsoft Azure Stack portfolio, check out my blog post.



Azure Automatic VM Guest OS Patching

How to configure Azure Automatic VM guest OS patching

If you want to keep your Azure virtual machines (VMs) up-to-date, then there is a service called Azure Update Management, which helps you to manage updates on your Azure VM guest operating system. However, this needed some additional planning and configuration. To make patching of your Azure virtual machines (VMs) easier, there is a new option called Automatic VM guest patching, which helps ease update management by safely and automatically patching virtual machines to maintain security compliance.

Automatic VM guest patching is now available in public preview for Windows virtual machines on Azure.

With Azure automatic VM guest patching enabled, the VM is assessed periodically to check for available operating system patches for that Azure VM. Updates classified as ‘Critical’ or ‘Security’ are automatically downloaded and installed on the VM during off-peak hours. This patch orchestration is managed and handled by Azure and patches are applied following availability-first principles.

In a nutshell, Azure automatic VM guest patching has the following capabilities:

  • Patches classified as Critical or Security are automatically downloaded and applied on the VM.
  • Patches are applied during off-peak hours in the VM’s time zone.
  • Patch orchestration is managed by Azure and patches are applied following availability-first principles.
  • Virtual machine health, as determined through platform health signals, is monitored to detect patching failures.
  • Works for all VM sizes.

Patches are installed within 30 days of the monthly Windows Update release, following availability-first orchestration described below. Patches are installed only during off-peak hours for the VM, depending on the time zone of the VM. The VM must be running during the off-peak hours for patches to be automatically installed. If a VM is powered off during a periodic assessment, the VM will be automatically assessed and applicable patches will be installed automatically during the next periodic assessment when the VM is powered on.

You can find more information on Azure automatic VM guest patching on Microsoft Docs.

How to enable Azure Automatic VM guest OS patching

To enable Azure automatic VM guest OS (operating system) patching, we currently have a couple of requirements.

  • Currently, only Windows VMs are supported (Preview). Currently, Windows Server 2012 R2, 2016, 2019 Datacenter SKUs are supported. (and more are added periodically).
  • Only VMs created from certain OS platform images are currently supported in the preview. Which means custom images are currently not supported in the preview.
  • The virtual machine must have the Azure VM Agent installed.
  • The Windows Update service must be running on the virtual machine.
  • The virtual machine must be able to access Windows Update endpoints. If your virtual machine is configured to use Windows Server Update Services (WSUS), the relevant WSUS server endpoints must be accessible.
  • Use Compute API version 2020-06-01 or higher.

These requirements might change in the future during the preview phase (for the current requirements check out Microsoft Docs).

During the preview, this feature requires a one-time opt-in for the feature InGuestAutoPatchVMPreview per subscription. You can run the following Azure PowerShell or Azure CLI command.

Azure PowerShell:

# Register AzProvider
Register-AzProviderFeature -FeatureName InGuestAutoPatchVMPreview -ProviderNamespace Microsoft.Compute
 
# Check the registration status
Get-AzProviderFeature -FeatureName InGuestAutoPatchVMPreview -ProviderNamespace Microsoft.Compute
 
# Once the feature is registered for your subscription, complete the opt-in process by changing the Compute resource provider.
Register-AzResourceProvider -ProviderNamespace Microsoft.Compute

Now you can enable automatic VM guest patching for your Azure virtual machines within that subscription. To do that you can currently use the REST API, Azure PowerShell, or the Azure CLI.

With Azure CLI, you can use the az vm get-instance-view .

az vm update --resource-group test-autopatch-rg--name azwinvm01 --set osProfile.windowsConfiguration.enableAutomaticUpdates=true osProfile.windowsConfiguration.patchSettings.patchMode=AutomaticByPlatform

You can see that there are two important parameters for this cmdlet. First the -enableAutoUpdate and secondly the -PatchMode. There are currently three different patch orchestration modes you can configure.

AutomaticByPlatform

  • This mode enables automatic VM guest patching for the Windows virtual machine and subsequent patch installation is orchestrated by Azure.
  • Setting this mode also disables the native Automatic Updates on the Windows virtual machine to avoid duplication.
  • This mode is only supported for VMs that are created using the supported OS platform images above.

AutomaticByOS

  • This mode enables Automatic Updates on the Windows virtual machine, and patches are installed on the VM through Automatic Updates.
  • This mode is set by default if no other patch mode is specified.

Manual

  • This mode disables Automatic Updates on the Windows virtual machine.
  • This mode should be set when using custom patching solutions.

If you need more control, I recommend that you have a look at Azure Update Management, which is already publicly available and also supports Windows and Linux servers running in Azure or on-premises.

To verify whether automatic VM guest patching has completed and the patching extension is installed on the VM, you can review the VM’s instance view.

az vm get-instance-view --resource-group test-autopatch-rg --name azwinvm01

This will show you the following result:

Azure Automatic VM Guest OS Patching Status

Azure Automatic VM Guest OS Patching Status

You can also create the patch assessment on-demand.

Invoke-AzVmPatchAssessment -ResourceGroupName "myResourceGroup" -VMName "myVM"

I hope this provides you with an overview of the new Azure automatic VM guest patching feature. If you want to have some advanced capabilities to manage updates for your Azure VMs and even your servers running on-premises, check out Azure Update Management. This will provide you with some advanced settings and your own maintenance schedules. If you have any questions, feel free to leave a comment.



Learn about Windows Server Hybrid and Azure IaaS VMs

Learn Windows Server Hybrid and Azure IaaS VMs

A couple of weeks back I promoted a post about how you can learn about Windows Server on Azure and a post on ITOpsTalk for New Microsoft Learn Modules for Azure and Windows Server IT Pros. This week I got another message by colleague Orin Thomas (Cloud Advocate and Author of the Windows Server 2019 Book), that a lot more Microsoft Learn modules have been published, covering Windows Server Hybrid and Windows Server on Azure IaaS VMs (Infrastructure-as-a-Service).

Learn about Windows Server Hybrid and Windows Server Azure IaaS VMs 🎓

Here is a full list of Microsoft Learn modules to learn about Windows Server Hybrid and Windows Server Azure IaaS VMs (virtual machines). This includes many of the Azure Hybrid Cloud services you can use together with Azure, like Azure Arc, Azure File Sync, Azure Site Recovery, and many more. These Microsoft Learn modules also cover a lot of the Azure Management services to manage your Windows Server virtual machines running on Azure, like Azure Monitor, Azure Update Management, networking, and much more.

I hope you enjoy the new Microsoft Learn modules for Windows Server Hybrid and Windows Server on Azure IaaS. If you have any questions feel free to leave a comment below. If you are looking forward to take some exams, also check out my Microsoft exam study guides, for example for:

Happy Learning!



Windows Server on Microsoft Azure

Learn about Windows Server on Microsoft Azure

As many of you know, Microsoft Azure is the best cloud to run Windows Server workloads. Last week the team published two new Microsoft Learn Learning paths, where you can learn more about how to run Windows Server on Azure. The first two learning paths available are “implement Windows Server IaaS VM networking” and “implement Windows Server IaaS VM Identity”. These two learning paths offer a couple of modules around the specific topics.

Implement Windows Server IaaS VM networking

In this learning path, you’ll learn about Azure IaaS networking and identity. After completing the learning path, you’ll be able to implement IP addressing, manage DNS, and deploy and manage domain controllers in Azure.

Modules

  • Implement Windows Server IaaS VM IP addressing and routing
    In this module, you’ll learn how to manage Microsoft Azure virtual networks (VNets) and IP address configuration for Windows Server infrastructure as a service (IaaS) virtual machines (VM)s.
  • Implement DNS for Windows Server IaaS VMs
    In this module, you’ll learn to configure DNS for Windows Server IaaS VMs, choose the appropriate DNS solution for your organization’s needs, and run a DNS server in a Windows Server Azure IaaS VM.
  • Implement Windows Server IaaS VM network security
    In this module, you will focus on how to improve the network security for Windows Server infrastructure as a service (IaaS) virtual machines (VMs) and how to diagnose network security issues with those VMs.

You can find the full learning path on Microsoft Learn.

Implement Windows Server IaaS VM Identity

After completing this learning path, you’ll know how to implement identity in Azure. You’ll be able to extend an existing on-premises Active Directory identity service into Azure.

Modules

You can find the full learning path on Microsoft Learn.

Prerequisites for the learning paths

Before you take the learning path, make sure you are familiar with the prerequisites.

  • Experience with managing Windows Server operating system and Windows Server workloads in on-premises scenarios, including AD DS, DNS, DFS, Hyper-V, and File and Storage Services.
  • Experience with common Windows Server management tools (implied by the first prerequisite).
  • Basic knowledge of core Microsoft compute, storage, networking, and virtualization technologies (implied by the first prerequisite).
  • Basic knowledge of on-premises resiliency Windows Server-based compute and storage technologies (Failover Clustering, Storage Spaces).
  • Basic experience with implementing and managing IaaS services in Microsoft Azure.
  • Basic knowledge of Azure Active Directory.
  • Basic understanding security-related technologies (firewalls, encryption, multi-factor authentication, SIEM/SOAR).
  • Basic knowledge of PowerShell scripting.
  • An understanding of the following concepts as related to Windows Server technologies:
    • High Availability and Disaster Recovery
    • Automation
    • Monitoring

Learn more

There are even more learning paths for different technologies available on Microsoft Learn. If you want to learn more about Windows Server on Azure, check out the following resources:

  • Windows Server on Azure (link)
  • Ultimate Guide to Windows Server on Azure (link)
  • Migration Guide for Windows Server (link)
  • Windows virtual machines in Azure (link)

Windows Server on Azure is not just great because of the unmatched security features or the hybrid integration, Microsoft Azure also offers three years of extended security updates for your Windows Server 2008 and 2008 R2 servers for free, and the option to of bringing your on-premises licenses to the cloud, which provide substantial cost savings.

I hope this blog post was helpful to make you aware of the different options to learn about Windows Server on Azure. If you have additional resources or any questions, feel free to leave a comment.