Tag: Microsoft Azure

Last updated by at .

Sep202018September 20, 2018September 21, 20180Commentby Thomas Maurer
Windows Server 2019 Azure Network Adapter

Windows Server Azure Network Adapter

Posted in Cloud, Hyper-V, Microsoft, Microsoft Azure, Microsoft Azure Stack, Virtualization, Windows Server, Windows Server 2019

In my series about Windows Server 2019, I have a new feature I want to introduce you to. Windows Server 2019 Azure Network Adapter is one of the Hybrid Cloud efforts Microsoft is making in Windows Server 2019. A lot of workloads are running cross cloud and require connections to virtual machines running in Azure. To achieve this there are several options like Site-to-Site VPN, Azure Express Route or Point-to-Site VPN. With Windows Admin Center and Windows Server 2019 Azure Network Adapter, you get a one-click experience to connect your Windows Server with your Azure Virtual Network using a Point-to-Site VPN connection.

Even this is might not for every enterprise scenario, there are a lot of scenarios where you might quickly want to connect a server to Azure. The Azure Network Adapter functionality gives you that feature with a one click button. And by the way it also works on Windows Server 2012 R2 and higher.

Read More

Sep042018September 4, 2018September 4, 20181Commentby Thomas Maurer
Azure Stack Backup with Azure Backup Server

Protect Azure Stack Tenant Workloads with Azure Backup Server

Posted in Cloud, Hardware, Microsoft, Microsoft Azure, Microsoft Azure Stack, Virtualization, Work

If you are running Azure Stack in your datacenter, you also want to backup workloads running on Azure Stack. This blog post covers how you can backup Azure Stack tenant workloads with Azure Backup Server. Azure Backup allows you to protect on-premise workloads running on different platforms as well as on Azure Stack and store long-term data in Azure.

Why protecting Azure Stack workloads with Azure Backup Server

Microsoft Azure Backup Server is included as a free download with Azure Backup that enables cloud backups and disk backups for workloads like SQL, SharePoint and Exchange regardless if these workloads are running on Hyper-V, VMware, Physical servers or Azure Stack. It also provides a central console to protect these workloads. If you compare this to the Azure Backup Agent, where you have to configure the agent on every single server. The Azure Backup Server also allows you to not only do file backup, but also backup of applications like SharePoint, SQL Server, Exchange and more. This gives you flexibility and centralized management to back up your infrastructure as a service (IaaS) workloads on Azure Stack.

Read More

Aug212018August 21, 2018August 21, 20180Commentby Thomas Maurer
HPE Azure Stack

HPE OneView for Microsoft Azure Log Analytics

Posted in Cloud, Hardware, HP, Microsoft, Microsoft Azure, Microsoft Azure Stack, Operations Management Suite, Work

Today, I got some great news, which I missed in the last couple of weeks. HPE announced that their HPE OneView for Microsoft Azure Log Analytics 1.0 Preview, or short OV4ALA, is now available. OV4ALA is a integration that provides a bridge between HPE hardware infrastructure and Azure Log Analytics. This basically allows you to extend your HPE hardware monitoring to the Microsoft Cloud.

The OV4ALA is an Azure Resource Manager solutions which provides you with dashboards for your on-premises HPE hardware infrastructure. This includes systems like:

  • HPE OneView Appliances
  • Server Hardware
  • Server Profiles
  • Logical Interconnects
  • Physical Interconnects
  • Storage Systems
  • Storage Pools
  • Storage Volumes
  • SAS Interconnects
  • Drive Enclosures
  • Alerts

HPE OneView for Microsoft Azure Log Analytics Description

Every item in the dashboard provides a link to the underlying Log Analytics search query, which allows you to create powerful and detailed custom searches for long term event correlation and trend analysis.  Searches can also be combined with data from non-HPE sources, such as OS, VM, and application information. A set of pre-defined saved searches is included to help navigate the HPE log records generated by the solution.

It also includes Azure Automation runbooks that drive the automatic generation of log records from information collected from on-premise instances of HPE OneView and HPE Synergy, leveraging the Azure Hybrid Runbook Worker.

This solution requires an on-premises component (HPE PowerShell Module for Log Analytics) that must be properly installed and configured where HPE OneView and HPE Synergy are located. This module acts as a proxy between the on-premises instances of HPE OneView and HPE Synergy and Azure Log Analytics running in the Azure public cloud.

This solution is being released as a Technical Preview, and HPE does not provide any formal customer support for HPE OneView for Microsoft Azure Log Analytics at this time. This preview is provided “as-is” and is excluded from service level agreements and limited warranty. The customer assumes all risks in using this preview version. Features available in the preview are subject to change, including removal, prior to the general availability release. The fully supported generally available version is planned for later this year.

This is great news, especially when you run an HPE Azure Stack solution, which also comes with OneView. With the Azure Stack OMS Solutions you can send alerts and warnings from the Azure Stack software to Azure Log Analytics. Now with the HPE OneView for Microsoft Azure Log Analytics solution, you can also forward the HPE hardware monitoring of Azure Stack to Azure Log Analytics, which will make it a central place for your Azure Stack monitoring.

Check out more information about OV4ALA on the HPE blog. Thanks for Roland Frehner from HPE for the link.


Jul232018July 23, 2018August 14, 20180Commentby Thomas Maurer
AzsReadinessChecker

Azure Stack Readiness Checker – AzsReadinessChecker

Posted in Cloud, Microsoft, Microsoft Azure, Microsoft Azure Stack, PowerShell, Work

Since I am dealing with a lot of Azure Stack installations I also want to share some interesting tools you can leverage like the Azure Stack Capacity Calculator and others. One of the latest I want to share with you is the Azure Stack Readiness Checker PowerShell module called AzsReadinessChecker. This PowerShell module helps you to run validations of your environment and resources before you deploy Azure Stack. The AzsReadinessChecker module for example validates things like:

  • Certificates
  • Azure Active Directory
  • Azure Accounts
  • Azure Subscriptions

The Start-AzsREadinessChecker cmdlet also helps to generate a Certificate Signing Request (CSR) which you can summit to your CA or your CA provider to get the specific certificates.

Read More

Jul172018July 17, 2018August 14, 20181Commentby Thomas Maurer
Microsoft Azure Certifications

New Microsoft Azure Certifications announced

Posted in Certification, Cloud, Microsoft, Microsoft Azure, Work

This week Microsoft Inspire takes place in Las Vegas, unfortunately I couldn’t make it this year. However, some of my colleagues from itnetX Switzerland and itnetX are there, don’t miss them and visit our booth! During the first day keynote at Microsoft Inspire, Microsoft quickly announced 3 new Azure Certifications for Administrators, Developers and Architects. You can already take the beta exams for the Azure Certified Administrator with more information on the Microsoft Learning Blog.

New Microsoft Azure Certifications

The three new Microsoft Azure Certifications are:

  • Microsoft Certified Azure Developer
  • Microsoft Certified Azure Administrator
  • Microsoft Certified Azure Architect
Read More

Jul042018July 4, 2018August 14, 20180Commentby Thomas Maurer
Inked Azure Security Center Just in time VM access_LI

Azure – Just in Time VM access

Posted in Cloud, Microsoft, Microsoft Azure, PowerShell, Virtualization, Windows Server, Work

If you run virtual machines with public IP address connected to the internet, attackers immediately try to run attacks against it. Brute force attacks commonly target management ports, like RDP or SSH, to gain access to a VM. If the attacker is successful, he can take control over the VM and access other resources in the environment. To address that issue it is highly recommended to reduce the ports open, especially for the management ports. However, sometimes you will need to open to ports for some of the virtual machines for management tasks. Microsoft Azure has a simple way to address this issue, called Just in time virtual machine (VM) access. Just in time VM access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed.

How does Azure Just in Time VM Access work

In the Azure Security Center you can enable just in time VM access, this will create a Network Security Rule (NSG) to lock down inbound traffic to the Azure VM. During the initial JIT VM access configuration, you will be configuring the ports specified, which will be managed by Azure Security Center, these ports will be locked down by the Azure Security Center using an NSGs.

Configure Azure just in time VM access

Inked Configure Just in time VM access_LI

Azure JIT VM access is configured in the Azure Security Center. To configure and enable JIT on a virtual machine open up the Azure Security Center and click on Just in time VM access.

Here you will find three states, Configured, Recommended and No recommendation.

  • Configured – VMs that have been configured to support just in time VM access. The data presented is for the last week and includes for each VM the number of approved requests, last access date and time, and last user.
  • Recommended – VMs that can support just in time VM access but have not been configured to. We recommend that you enable just in time VM access control for these VMs. See Configuring a just in time access policy.
  • No recommendation – Reasons that can cause a VM not to be recommended are:
    • Missing NSG – The just in time solution requires an NSG to be in place.
    • Classic VM – Security Center just in time VM access currently supports only VMs deployed through Azure Resource Manager. A classic deployment is not supported by the just in time solution.
    • Other – A VM is in this category if the just in time solution is turned off in the security policy of the subscription or the resource group, or that the VM is missing a public IP and doesn’t have an NSG in place.

To configure you click on Recommended and select the Virtual Machine, for which you want to enable JIT.

Click on Enable JIT on VMs and configure the ports which should be managed by Just in time VM Access. Just in time VM access will recommend some default ports like RDP, SSH and PowerShell Remoting. You can also add other ports to the virtual machine if you want or need to.

Requesting Just in time VM Access for Azure Virtual Machine

Request Just in time VM access

On the Configured section, you can select the VM you want to request access to and click on Request access. You can now select the ports you want to be open for a specific time and a specific IP address. This will open up the ports and after 2-3 minutes you will be able to access the virtual machine.

To send such a request, the user which requests access to the Virtual Machine needs to have write access to the virtual machines in the Azure Role-Based Access Control (RBAC).

Auditing Azure just in time VM access activity

Of course all the request get logged and can be reviewed in the Activity Log.

Licensing of Azure just in time VM access

Azure just in time VM access is licensed over Azure Security Center and needs the Standard Tier to be enabled for the specific virtual machine.

I hope this gives you an idea how you can leverage Just in time VM access in Azure for your workloads.


Jul012018July 1, 2018August 14, 20180Commentby Thomas Maurer
Microsoft MVP Award 2018

Microsoft MVP 2018-2019 Cloud and Datacenter Management

Posted in Award, Certification, Cloud, Hyper-V, Microsoft, Microsoft Azure, Microsoft Azure Stack, Microsoft MVP, Private Cloud, System Center, Virtualization, Windows, Windows Server, Work

I am proud to announce that I was awarded today by Microsoft, with the Microsoft Most Valuable Professional (MVP) Award for 2018-2019 in two major categories Cloud and Datacenter Management and Microsoft Azure. This is my 7th Microsoft MVP award since 2012, and I couldn’t be more excited about this one.

Dear

Thomas Maurer,

We’re once again pleased to present you with the 2018-2019 Microsoft Most Valuable Professional (MVP) award in recognition of your exceptional technical community leadership. We appreciate your outstanding contributions in the following technical communities during the past year:

 

·   Cloud and Datacenter Management

The Microsoft MVP award title is a huge honor and it stand for the contributions I have been doing in the IT community as an Microsoft expert for the past years. The Microsoft MVP award also comes with some benefits, like a NDA and access to the Microsoft Product Groups, as well as the yearly Microsoft MVP Global Summit on the Microsoft Campus in Redmond. But one of the biggest benefit overall is that it gives you the opportunity to speak at different conferences all over the world. This and having the chance to speak with people from all over the world, which share the same passion is priceless.

Who are MVPs?

Microsoft Most Valuable Professionals, or MVPs, are technology experts who passionately share their knowledge with the community. They are always on the “bleeding edge” and have an unstoppable urge to get their hands on new, exciting technologies. They have very deep knowledge of Microsoft products and services, while also being able to bring together diverse platforms, products and solutions, to solve real world problems. MVPs make up a global community of over 4,000 technical experts and community leaders across 90 countries and are driven by their passion, community spirit, and quest for knowledge. Above all and in addition to their amazing technical abilities, MVPs are always willing to help others – that’s what sets them apart.

 

Source https://mvp.microsoft.com/en-us/Overview

I need to thank many people which are helping me to achieve this and making the most out of it. I would like to thank my employer itnetX which is supporting me in the best possible way all these years, my current and former colleagues from which I can learn a lot, the Microsoft MVP community and of course Microsoft employees in Redmond and all over the world, to work with us and collect feedback. Last but definitely not least, I have to thank my girlfriend, which not only helps me out with many things, but also needs to be patient, with my extra work so many times. She is also one of my biggest and also most critical supporters. She helps me to understand things better, promote my activities better, fixing my blog post 😉 and makes all the traveling more joyful.

If you want to know more about the Microsoft MVP Program, check out the Microsoft Most Valuable Professional website.



  • Follow Me

  • About

    Thomas Maurer

    My Name is Thomas Maurer. Microsoft MVP. Work as a Solutions Architect and Technology Lead for itnetX, a consulting and engineering company located in Switzerland. I am focused on Microsoft Technologies, especially Microsoft Cloud & Datacenter solutions based Microsoft System Center, Microsoft Virtualization and Microsoft Azure.

    Microsoft MVP

  • Sponsor

  • Sponsor

    Starwind vSAN

  • Sponsor

    Vembu BDR Suite

  • Sponsor

    Altaro Hyper-V eBook