Azure VMs Reboot and Maintenance Alerts

How to enable the Azure VMs reboot alert in azure portal, as this been problem where to raise an alert and what services need chose to select those alert and how to add those alert in through Azure alerts or native solution -Log analytics .

In this blog post i am sharing my experience to enable the alerts if VMs got reboot, stopped, deallocated, started and other operation which may cause the business impact.

We can configure the below Alert through Azure Alerts.

Restart alert-2.jpg

 

Step:1- Alert Configuration 

  • Select the VMs or services you want to configure the alerts.
  • Go to monitoring tab and click on Alerts.
  • Click on the Add Activity Log Alerts.

Restart alert1.jpg

Step 2: Alert Configuration as per Service Monitoring .

  • Once you will click on Add Alerts, you will get the below windows.
  • Select the Log Alert name
  • Descriptions
  • Subscription
  • Proper Resource Group Name.
  • Event Category : Administrator 
  • Resource Type. Virtual Machine (Microsoft.compute/Virtual Machine)
  • Resource Group.
  • Operation Name: Restart .
  • Level : Critical , Low Medium.
  • Status: Started,  Failed , Succeeded.
  • Select the

Restart alert.jpg

Step-3: Email Alert Settings.

  • Click on Action
  • Add New Group
  • Select the Name
  • Email ID
  • Select Ok
  • Alert Notification has been created.

Email Alert set.jpg

 

 

Advertisements

AD Authentication for Azure Storage(Public Preview)

It’s been query for almost all the customers and others Azure community members, How to control the storage accounts from specific user ID but at that time there is limitation and “Azure AD Authentication for Azure Storage is not available.” 

It’s most awaited features and improvements of MS azure team and now it’s available for azure Blob storage accounts and Azure queue storage accounts not for Azure File Server.

Recently Microsoft Azure has released the Ad authentication for Azure storage accounts which will help us to provide security and control more granular level.

We can enable the access using the RBAC Roles and can control the access using the azure AD users and can control for specific ID rather then earlier we do share the SAS and Storage accounts key where was the chances to misuse those credentials

Azure Rback_Storage

 Storage Accounts Authentication

  • Please select the storage accounts you want to give the access to users. 
  • Select the IAM
  • Click on Add
  • Select the below Roles :
  • Storage Blob Data Contribute Roles:  It will allow the read, write and delete access to azure storage blob containers and Data.

  • Storage Blob Data reader Roles: It will allow the read access to azure storage blob containers and Data.

  • Storage Queue Data Contribute Roles: It will allow the read, write and delete access to azure storage queue and queue message.

  • Storage Queue Data reader Roles: It will allow the read access to azure storage queue and message.

azure ad authentication.jpg

 

AD Authentication for Azure Storage:

  • Azure AD integration is available for the Blob and Queue services only in the preview.
  • Azure AD integration is available for GPv1, GPv2, and Blob storage accounts in all public regions.
  • It will supports only storage accounts created with the Resource Manager deployment model .
  • Support for caller identity information in Azure Storage Analytics logging is coming soon.
  • Azure AD authorization of access to resources in standard storage accounts is currently supported. Authorization of access to page blobs in premium storage accounts will be supported soon.
  • Azure Storage supports both built-in and custom RBAC roles. You can assign roles scoped to the subscription, the resource group, the storage account, or an individual container or queue.
  • The Azure Storage client libraries that currently support Azure AD integration include:

Please refer the MS Docs:

Authenticate access to Azure Storage using Azure Active Directory

AAD Authentication Reference

 

Azure Storage Encryption

 

It’s been a query for most of customer, how to encrypt data of Azure storage accounts as azure storage  is public cloud and not sure if my storage account data been compromised. Even more on this how we can get an audit complain for azure storage accounts data and many more query .

Now Azure storage encryption feature will help your keen our data encrypted and now can decrypt your data without your permission if you are using “your Own Key” to encrypt the data.

 

Key Feature of Storage Accounts Encryption.

  • Azure Storage  encryption services protects our data at rest.
  • Azure Storage encrypts our data as it’s written in MS Azure  data centers and automatically decrypts for customers based on there usages or Access to the data.
  • Data is encrypted using Microsoft Managed Keys for Azure Blobs, Tables, Files and Queues.
  • We can choose to bring our own key for encryption for Azure Blobs and Files.
  • Encryption for Tables and Queues will always use Microsoft Managed Keys.
Note: After enabling Storage Service Encryption, “only new data will be encrypted” and “Existing files in the storage account will be get encrypted by a background encryption process.”
Lets start and see how we can encrypt the Storage Accounts.

Step 1: Storage Accounts Encryption

  • Select the Storage Accounts you want to get encrypted.
  • Select Encryption Tab under Setting Pane.
  • Click on the encryption.
  • Here you will found Option
  • Enter your Owner Key
  • Select from key Vault.

I am selecting the second option as i don’t have key vault or Own Key.

Azure Storage account1.jpg

Step-2: Azure Key Vault Creations

  • Click on All services and Search Key Vault.
  • Click on the Key Vault
  • Provide the Name
  • Pricing Tire
  • Access Policy
  • Virtual Network if you wan to allow key with in your networks or restrict from Internet.

keyvault.jpg

Step-3: Azure Encryption Creations

  • Select the Key Vault
  • Select the Key under the Settings Pane.
  • Click on Generate/Import Key.
  • Provide the Name of the key
  • Security Key Type
  • RSA Key Size.
  • Can set the Activation date and Expiration Data.

encryption eky.jpg

Step-4: Azure Storage Accounts Verification.

  • Verify the key Vault
  • Verify the encryption key and select the Correct key.
  • Click on the Save
  • It will take some time and save the settings.
  • Storage Accounts encryption has been enabled.

Verifications steps.jpg

 

Azure Storage:Azure AD Integration,Storage endpoints and Soft delete.

It’s been a while we are conducting the session and thought of to cover the storage session (Deep Drive of  Azure Tables and Queue) and Try to covered New Features like Azure storage Endpoints ,Azure AD Integrations, Configure VM MSI etc.

We have conducted the 4 session on azure Storage .Which i will be sharing in my next Blogs.

As Part of our AzureTalk free webinar ,I have given the session on storage  where i have covered the below Topics.

  • Azure Tables and Queue
  • Azcopy
  • Azure Storage Services Endpoints and Firewal
  • Azure AD Integration and Authentications .
  • Configure VM MSI.
  • Soft Delete (Public Preview)
  • Demo

Azure Storage Accounts: Blob Storage and File Storage

It’s been a while we are conducting the session and thought of to cover the storage session (Deep Drive of  Blob storage and File Storage )and where we have covered the New feature which is available now in storage accounts and try to explain in such a way that ,It’s easy understand even for new Azure learns.

We have conducted the 4 session on azure Storage .Which i will be sharing in my next Blogs.

As Part of our AzureTalk free webinar ,I have given the session on storage  where i have covered the below Topics.

  • Azure Storage Accounts Types
  • Blob Storage and File Storage
  • Use Case of Blob storage and file storage.
  • File Storage Creations.
  • Demo

 

 

 

Azure for Beginners Series :Azure Storage Accounts-

 

It’s been a while we are conducting the session and thought of to cover the storage session and where we have covered the New feature which is available now in storage accounts and try to explain in such a way that ,It’s easy understand even for new Azure learns.

We have conducted the 4 session on azure Storage .Which i will be sharing in my next Blogs.

As Part of our AzureTalk free webinar ,I have given the session on storage  where i have covered the below Topics.

  • Azure Storage Accounts
  • Storage Accounts V1 Vs V2.
  • Types of Storage Accounts.
  • Azure Storage Accounts Replications Scope
  • Pre-Requisite of Azure Storage Accounts Creations.

 

Azure VMs: Run Command

#microsoft #Azure #AzureCommunity #Rcloudweb #MicrosoftMVP #MVPbuzz #Azure #AzureStack #Cloud #HybridCloud

I am Happy and surprised to see , Microsoft commitments towards improvements of the services are quite amazing, I am using MS Azure services since when it is classic model (ASM) and it’s has very limited feature but when MS has started his “Resource Manager Journey”, It’s improving the lots of services  and adding new feature day on day.

I am little bit surprise with this new Feature “Run Command” which is enable in Azure VMs Operations properties ,it’s will provide the “Powershell to execute the command,  can enable the Administrator accounts and even more you can reset the password , set the remote ports” and many more which can’t be done through portal earlier.

Which will generally help to troubleshot the VMs related query.

Now you can easily get the IP configuration from the portal and enables lots of new below mention things. Below are list of the commands.

Name

Description

RunPowerShellScript

Executes a PowerShell script

EnableAdminAccount

Enable administrator account

EnableRemotePS

Enable remote PowerShell
IPConfig

List IP configuration

RDPSettings

Verify RDP Listener Settings

ResetAccountPassword

Reset built-in Administrator account password

ResetRDPCert

Restore RDP Authentication mode to defaults

SetRDPPort

Set Remote Desktop port

I am writing in my blogs how you can enable the those features.

Step:1  Run the Powershell script .

  • Click on the VMs which you want to enable the Run Commands.
  • Co to Operations and select the Run Command.
  • Select the PowerShell script to Run.

first screenshot.jpg

  • Select the PowerShell Script
  • Please Write or Past the PowerShell script .
  • Run the Powershell Commands for the same.
  • You will get an output in “Black” Screen.

Runcommand1.jpg

Step:2  Enabling Admin Accounts .

If you missed or forget an user ID and password or required to enable the run command you can enable it from the portal.

  • Click on EnableAdminAccount
  • Select script
  • Click on Run , your admin account will be enabled.

Runcommand_ADMINACCOUNT ENABLE.jpg

Step:3  Enable-RemotePS

Enable-PSRemoting cmdlet help the computer to receive Windows PowerShell remote commands.

  • Click on the RemotePS command
  • Run the Script
  • Then remote PS command will get enabled.

runcommd remote PS.jpg

Step:4  IP-Config details 

In Most of the cases if VMs are down due to some  changes we are unable to track the change in that case you will get IPConfig/All details from this command.

  • Click on Run Command.
  • Click on IP config
  • Click on the script
  • Run the Script .

IPconfig.jpg

Step:5  RDS Settings 

If you want to what is your VMs RDP setting you can run this commandlets.

  • Click on Run Command.
  • Click on RDP Settings
  • Click on the script
  • Run the Script .

RDPSetings.jpg

Step:6 Reset Admin Accounts Passwords

If you forget your administrator user account password, then using this command you can reset the password.

  • Click on Run Command.
  • Click on ResetAccountPassword
  • Click on the script
  • Run the Script .

user Name and password reset.jpg

Step:7 Reset RDcert

  • Click on Run Command.
  • Click on ResetRDcert
  • Click on the script
  • Run the Script .

resetRDP cert.jpg

Step:8 Reset RDP Ports

If some has changed the RDP ports , then you can reset from the below commands.

  • Click on Run Command.
  • Click on ResetRDP Port
  • Click on the script
  • Run the Script .

reset RDP POrt.jpg

Azure VMs Redeploy

Scenarios to be used for Azure VMs redeploy.

  • Due to Hardware failure from MS team.
  • If you are unable to connect to VMs.
  • Unable to take the RDP.
  • In case of the migrating VMs from one Host to Another Azure Host etc.

 

Before Redeploy Verification Steps.

  • Please make sure you have configured the backup properly.
  • Save IP related Information and reversed the IP address.
  • Save the VMs configuration settings.
  • Please remove the data from temporary drive if VMs reboot, all data will be lose.
  • VMs will not be available during Redeployment starts.

Steps: Azure VMs Redeploy.

  • Logging to Azure Portal: – AzurePortal
  • Select the VM Select the VM you need to redeploy
  • Go to Support + Troubleshooting
  • Select the Redeploy
  • Click ok

Redeploy_1

  • Select the VMs
  • Click on the Redeploy option.
  • Read the instruction Carefully.
  • Click on redeploy.

Redeploy_2

Once the Redeployment is completed , Please log in to the VMs and Verify.

Redeploy_3

Redeploy_4.jpg

Azure Backup Reports

I have seen couple of scenarios where customer, Auditors or Management requires to understand the backup report. Generally few below question comes which we have answered as consultant or as team to our customer or Management  about backup.

  • How many VMs We have configured the Backup?

  • How Much Storage space using for my Azure Backup?

  • How to get the backup reports which will help my auditor to understand if backup are taken properly ?

  • What is health status of my Azure Backups VMs/other services ?

  • How many backup jobs are failed?

  • What would be the Job Duration of My VMs Backup/Other services?

And may query which has been asked.

Hence thought of to  write the blogs to configure the backup reports which will help community and organization to understand there Backups and can provide the data when it’s needed.

Step :1 Prerequisite 

  • Identify the Azure Backup Vaults where we want to configure the Backup Reports.
  • Backup Logs Retentationin Days: 30 Days, 90 Days or 1 Year.
  • Storage Accounts where we can retrieved the Backup logs .
  • Power BI Subscription or Can try for free subscription .
  • Storage Accounts and Key

Step :2 Backup Report Configuration From Recovery Vault.

  • Click on the all services
  • Search with “Backup”
  • Select the recovery Vault

Backup-1

  • Select the  Recovery Vault you want to configure the backup.

Backup-2

  • Select the Backup Report
  • Select the Diagnostic Settings
  • Start configuring it for backup report.
  • Once the Configuration is done select the Sign in to Power BI subscription.

Backup-3

  • Once you will click on the Diagnostic Settings you will get the below configuration .
  • Provide the Backup reports Name.
  • Check  the Archive to Storage account Option.
  • Verify the Region and Select the Subscription.
  • Select the Storage account you want to store the Backup Logs.
  • Select the Backup Logs like: Azure Backup Reports,Azure site recovery Jobs Etc.
  • Select the retention Period.

Note: If you want to keep the backup for long time then you can set the retention period is 0 Days.

Once the Diagnostic Accounts settings are set then it will take at lease 24-48 hrs to store the logs in storage accounts.

Backup-4

Step :2 Power Bi Backup report Configurations.

Once you will done with the Diagnostic setting configuration then you can configure the backup Report.

  • Click on the Sign in Button.
  • It will open up the Power BI URL.
  •  Please signup if you don’t have account ,if you have accounts, Please signin.

Backup-6

  • Select the Get Data
  • Select the get under My Organization Tab as per below Screenshot.

Backup-7

  • Click on Apps.
  • Select the Azure Backup Module and select the “Get it now” Option.

Backup-8

Once you will click here you will get an option to provide the Azure Storage Account Name and Key.

  • Go to the Azure portal and search the storage account.
  • Click on the storage accounts.
  • Select the Storage account, Under settings select the access key.
  • Copy the Storage account Name.
  • Copy the storage Key .

Backup-9

  • Provide the Storage Account Name.

Backup-10

  • Provide the Azure storage accounts Key.
  • Click on Sign in

Backup-11

Once yo will sign in your Backup Report will be populated Power BI instance .

Step :2 Power Bi Backup Dashboard 

  • Once the Backup Report App Configure
  • Please click on the Apps.
  • Please click on the Azure Backup Icons

Backup-12

  • Once you will click on the Backup Report.
  • We will able to view the Azure Backup report Dashboard.
  • We can easily find the Azure Backup instance.
  • Backup Size, Jobs success and many More options.

Backup-13

Now Backup reports has been configured Properly.

If you like the Blogs, Please do comments, Share,Follow, Like and comments in Blogs.

https://azure4you.com/

 

AzureTalk Beginners Series-“Azure Storage Account”

It’s great Opportunities to have Beginners series session in AzureTalk Platform , Where we will share the Azure Knowledge with 2800 Members which includes Architects , MVP, Azure Solution Specialist and various Industry Leaders etc.

Today’s I have Talked About Azure Storage Accounts and  How MS Azure storage accounts are beneficial and used for all the services in terms of IaaS,PaaS, SaaS or Third Party any application, Which will require the storage accounts.

Another Interesting Part is to understand the Storage accounts Types which Storage account General Purpose V1 Vs V2 Vs Blob. Try to explain clearly.

How the Azure storage accounts replications work and how you can upgrade General purpose V1 to V2 , Has Shown.

Agenda

  • Azure Storage Account Introduction
  • Storage Account V1 Vs V2
  • Types of Storage Accounts
  • Azure Storage Account Replication Scope
  • Prerequisite of Azure Storage account Creation

SharePoint Document Library Challenges: Item Thresholds + Limits

Author/Written By :Rahul Kadamb From – NucleusTechnologies

“”Got an opportunities to publish a blog one of my Friends Rahul Kadamb For this documents will  you to on SharePoint .

 

Introduction – If you are the SharePoint user you must have encountered the issue of threshold limit of 5000 which people apparently presume its mean that you can’t save data in the library up to 5000 files.  Even newly started companies can reach this limit within few months which means they can’t rely on SharePoint for storing excessive data. So, there must be some other way around.

SharePoint is by default configured with 5000 threshold limits for library files which means if the files in library exceed this limit then queries will fail. In fact, the issue is not storing the file but with accessing and displaying them. The SharePoint threshold limit is constituted by Microsoft to display items in given limit.

Let me clear you about SharePoint List first. It is a container which contains rows and columns to store data SharePoint, like an Excel spreadsheet. These records of content are called “list items”.

The reason for introducing 5000 threshold limits on Library document:

Whenever you access any list or document from library, a search query executes on the backend to return required result. If you have 10,000 files stored in a single document library and wants to display that folder you won’t be able to view all 10,000 files on one page. Only 5000 items will be displayed because of that threshold implication. Just to show all those 10,000 items/ files, the server, on the other hand, would have to execute a lot of queries and processing.

Let’s take an example to understand the reason for this threshold 5000 limit. Assume that you are having a book without index page and you must find a word. Now without having an index page, you’ll have to read every single line to find that specific word. Same goes for searching any file/item within a document library.

Different organizations use SharePoint differently. Some of them feel secure while using SharePoint on-premises whereas some want to save their data on the cloud by using SharePoint online. In both cases, there are solutions to tackle this situation.

SharePoint on-premises:

The best part in SharePoint on-premises setup is that you have the option to increase this threshold limit level. But before increasing this limit you should be aware of the risk factors. By increasing this limit your server performance could be slow down.

SharePoint Online:

In SharePoint Online, you don’t have this privilege to exceed this threshold limit in Central administration. To deal with this situation in SharePoint online the best solution is to index the columns. Before reaching the threshold limit you should index the files and documents which you want to access very frequently. Once you reach the threshold limit there is no way to index the columns.

Just a heads up, any change in the limit or restrictions applied to the shared environment will affect every customer within that tenant.

 

The solution for SharePoint threshold limit:

Option 1: Increase the list view threshold limit

If you are using SharePoint on-premises, you can increase the limit of the threshold limit of the list view and library. Along with this solution Microsoft warns users to not go for this solution as it cause performance issues. This feature isn’t available in SharePoint online.

(For SharePoint 2013)

Steps 1: Login into central Administrator

Step 2: Go to Application Management->Manage Web Applications

Step 3: Select the Web Application for which you want to change the list view threshold limit.

Step 4: Go to ribbon bar select General Setting popup menu, click on menu Resource Throttling. (here you can change the list view threshold limit).

sharepoint1

 

Option 2: Create and categorize different document libraries

The best and easiest solution to browse entire library without decreasing the server performance and view all files/ items in a single view is that you should create multiple libraries based on categories, departments, and projects. This is not only a solution to this problem I will also help you in managing and accessing files in a more organized way.

Steps 1: Login into central Administrator

Step 2: then in upper right corner you’ll find a gear icon sharepoint-4.jpg , click on that icon a pop-up menu will display showing Site Contents.

Step 3: Click on Add App  sharepointimage-2

 

Step 4: From there, you can create different list and library available on the SharePoint server (as shown on the screenshot listed below).

sharepointimage-3.png

Option 3: Usage of metadata and column indexing

Even after organizing items/file in categories in different document libraries doesn’t solve your problem then you need to rely on metadata. Metadata is an effective way to manage SharePoint document Library. Use of metadata makes files easily searchable. Also indexing the library columns make searching more efficient using queries.

Summary

After reading the article, you must have got the idea that there are multiple settings which you can choose to increase the threshold limit of 5000 for library items. But these settings may make the speed of opening and querying of different items slow, unable to load, or even corrupt. To save yourself from facing such hardships, you must divide the heavy load of a SharePoint account by migrating items to another SharePoint account.

Use the Kernel Migrator for SharePoint which is the perfect tool made to migrate SharePoint mailboxes to another SharePoint account. SharePoint Migration tool can migrate unlimited number of files and folders (of any size) along with their complete content like pages, documents, lists, record libraries, and structure and permissions etc.

Azure AD Identity Protection

In my last blog , I have shared my experience Why and how we have enable the Privileged Identity Management  with P2 Azure Active Directory Access .

I am help you how we can protect the Azure AD identity and how we can find the the vulnerability and close , As this is very sensitive area and It’s need an protection .

It will help you to protract your users  , Access review, Risk Sign off of users and can configured for User Flagged for users, MFA Registration, Flagged user risk Policy Sign in Risk policy, Alerts.

Step-1:  Enabling the services.

  • Click on All services
  • Search the Azure Ad Identity Services Protraction.
  • Click on Enable
  • It will take some time to enable.Azure AD Identiy Management14.JPG

Step: 2- Overview 

In Overview you will see the Dashboard

  • User Flagged Risk
  • Risk Events
  • vulnerability
  • Priority

Azure AD Identiy Management.JPG

Step-3: Getting Started

It will help you find the Identity Protraction Documents and help you configure the services.

getting started

Step-4: User Flagged for Risk

  • Add the All the users.
  • Select the Condition and Select the As per policy , High, Medium and above and low and above.
  • Select the Controls 
    • Multi-factor Authentication.
    • Password change.
    • Require multi factor authentication.
  • Review Numbers of users impacted.
  • Enforce the policy.
  • It will take 2 to 3 mints to enforce the policy.

user-risk-plociy-2.jpg

Step-5 Risk Events 

  • In this Scenario  , We will add our Data centers Location and IP address which will help, if some once trying to access the services out of my IP range then it will trigger an alert.
  • Click on the Add IP location .
  • Click on the location
  • Add the location name and upload the IP address and add manually.
  • Configure it.

risk events1.jpg

Step-6: Vulnerabilities

It will help us to detect , How many user are have multi-factor authentication , How many users has require a change and it will give all the Vulnerabilities .

Azure AD Identiy Management-vernabulity .JPG

Step-7: Multi factor Authentication.

  • It will help us to enable the multi factor authentication for azure users .
  • In Control We can add Require Multi factor authentication.
  • Review will hep to review the access and provide the data.

Azure AD Identiy Management-MFA

Impacted Risk Dashboard

Azure AD Identiy Management-MFA Estimated Impact

Step-9:  User Risk Policy.

It will help us to reduce the risk and provide the report as per policy configuration.

user-risk-plociy-21.jpg

Step-9:  Sign in Risk Policy.

It will help to mitigate the issue related to sign in like, user needs to change the password and Multi-factor authentication.

sign-in-risk-plociy.jpg

Step-10:  Alert  and Weekly Digest

It will help us to configure the alert and weekly Digest will help of summery user at risk, Sign risk etc and provide the consolidated Reports.

 

#Microsoft #Azure#Cloud#AzureTalk

 

Azure Access Review

I am just going through the portal and found the Access review services in Azure portal found very useful so thought of create an Blog.

How access review services will help an access review of guest users, Application and Organization users, As it’s been hard to monitor each and every users/Application and guest users but to meet certain compliance we might required to have an access review on our azure subscription of users. Hence Thought of the share my ideas on how we can achieve this.

Most of the organization using the third party tool for access review and integrating azure subscription on this , I just walking though how easy if you will get things in one place like access review services.

Step:-1 How to On-board the Access Review Services.

  • Click on the All services in our Azure Subscription.
  • Search Access Reviews
  • Click on the Access Review

Access review 1

Step:2 On-board Access Reviews 

  • Click on Onbord services
  • Click on Create
  • After that your services will start on-boarding and apply the default policy.

azure-access-review-1.jpg

Step-3 : Quick Start 

  • Click on Quick Start and Follow the documents which will help you to configure the Access review services and how you will get benefited .

Access Review2

Step-4 Overview 

  • Access Review Overview you will be able to see the dashboard of your access review.
    • Guest User
    • Members
    • Guest App Access
  • App Access
  • in Control you can see the how many users apply for access ,Completed request and Applied Access.
    • Active Users
    • Completed
    • Applied Users
  • You will be able to see the Reviewed Apps and Reviewed Groups.

access-review3.jpg

 Step-5: Add Programs

  • In Add Programs you can add your Customize your Dashboard while configuration of the Add Programs.

access review 3

Step-6: Controls.

  • Click on Controls.
  • Add New Controls.
  • Provide the Review Name
  • Description, Why we are creating the Reviews
  • Start Date will start from the You create the services.
  • Frequency can be: One time, Weekly, Monthly, Yearly .
  • End Date
  • Users: Mamber of Groups review or Application Review.
  • Select the Groups yo want to review.
  • Reviewer : Group Owner , Selected users or Members(Self)
  • Programs Link: Default or program
  • Upon Completion settings
    • No Change
    • Remove Access
    • Approve Access
    • Take Recommendation .
  • Advance Settings
    • Show Notification can be enabled.
    • Require Reason for Approval.
    • Mail Notification can be enabled.
    • Reminders can be enabled.

Access review 4

Once that is done you will get your report as per schedule Date.

 

70-533 Exam Preparation Tips and Tricks

In this Blog, I am sharing my Experience , How i have cleared the 70-533 -Implementing Microsoft Azure Infrastructure Solutions Exam.

As i have been spoken and received an massage from my couple of followers requesting to share the tips and Tricks on how i have passed on 70-735 exam.Hence sharing the thoughts on this.

I have seen many people who has fear of Exam whether i will pass or not ,as been not giving any exam from 3 to 4 years or some other reason which is really common scenario , Hence We have to fight with our fear and take an step towards our carrier /Certification which might play an important role in carrier and justify our expertise .

The first part i did it , Removed the fear from my mind and thought it’s just an normal or my 10th Board Exam and which i have to clear any how.

Before appearing to any exam, I will preparing the course content related to exam which help to understand , What are the challenges i am going to face during the preparation and what are possible scenarios may come to 70-533 Exam.

Few Things Which i majorly Focus on this training.

  • Understand the Course Content of 70-533 Exam :Course Content :Implementing Microsoft Azure Infrastructure Solutions
  • List out the Each and every section and more focus on the part where you will get 15 to 35 % Question from Modules as per course content.
  • My Focus area was –
  • Create and Manage compute Resources ,(20 to 25%)
  • Implementation of Virtual networks, (15 to 20%)
  • Manage Azure Security and recovery services ,  (25 to 30%)
  • Designing and Implementation of Storage Strategy .(10 to 15%)
  • Designing and Implementation of Azure App Services (10 to 15%)

Then rest of other modules which i have covered as per course content .

How Do i Prepare for Exam ?

There are various way to prepare the exam.

If you wants you can go through our Azure Talk session which will really help of clearing the exam and help you to understand Azure Component. It’s help Many Azure training and Pass the exam.

I have prepared from the below Online Training Sites which will help you to pass the exam. Even you can register for free trail and get trained for exam preparation.

Do More Lab and Labs which is very Important Part.

  • Free Azure Labs :240
  • Even you can Create the Free Azure Subscription which will help you to explore your knowledge and hands of experience. Create Free Azure Subscription
  •  Even you would like to have more labs you can follow my other Blogs where i have covers most 70-533 related topics which will help you to understand easily.

 

How to Attend the 70-533 Exam.

Note: Below are the suggestion is Related to my real experience which i have observers, Followers or Reader may not get  same Scenario it may differs as per Microsoft Exam Policy.

When i was attending an exam, I am well prepared and trained with No fear and have confident to clear the exam.

Even i have done 100 of labs again and again which makes confident of Exam Day

Before you start the exam , Please have few point in minds.

  • Once you will click on start exam ,One window will appear , Please go through it you might have 10 mints to read the instruction before the Exam Start.
  • Once you will done with Instruction part , Main question will be appear .
  • In my Case i got few Optional  Question Where we have answer those question without moving to next question, if you moved then you won’t come to previous question.
  • Second Part you will get All the Scenarios Based Question  and i would suggest ,Please read carefully and answer you question and  In this section we have couple of option.
  • Top End you will Question with Scenario
  • In Left hand side you will get an option for time window.
  • Middle you will get 4 option or you need to match the answer while drag and drop.
  • Down you will get 3 option :
    • Review : IF you are not sure that answer is correct , Please click on review if you wont click on the review then you won’t be able modify your answer and might your answer will locked. 

    • Next: IF you are sure that answer is correct , Please click next and your answer will locked. 

    • Submit : If you are sure that you answer is correct then Please click on submit the answer .

70-533

All the Suggestion and ideas is based on my experience which i want to share with my followers.

Please do like , Share , Subscribe ….

 

Azure AD Privileged Identity Management

Just Thought of to cover the Azure access review in this blogs Because most of the organization looking to provide the secure subscription access to their users and partners and how they archive this task.In current trends most of the organization are using third party tools.

In this blogs i am covering the few things :

  • How we can secure the our Azure infrastructure ,
  • How we can review the access of users/Partners/Vendors etc.
  • we can see the feature of audit logs of azure ad access review policy which will help us keep the data for auditing  purpose if its require.

What is Azure AD Privileged Identity  Management ?  

User AD PIM solution , We can manage, Control and monitor the access with in the organization

  • We can Review the Access of Users .
  • We can Approve/Reject the Access .
  • Using PIM we can provide the time Based Access .
  • We can manage the Directory Role using PIM Solution.

How to Create An Azure AD PIM:

Prerequisite:–

  • Azure Ad Premium 2 License Required to get all the feature
  • P2 License cost may come approx 600 RS/M.

Step: 1

  • Click on All services
  • Search the Azure Privileged Identity Management
  • Click on this
  • Pre1.jpg

Step: 2:–

  • Click on Quick Start.
  • Enable the One month Free Azure AD P2 License .

 

Pre2

How to Activate the 1 month Free P2 License.

  • Click on the My Role
  • It will ask to enable the Free trail for Azure Ad services P2  License .
  • Click on the role
  • Signup

6

Click on the Azure Ad Premium: 2

3

Once you will click on that it will start activating the Azure AD P2 License .

Once that is done , We will explore the more option.

5

Once the Azure AD P2 is enabled you will be able to View and access the below option.

My Roles:

  • It will provide the information, What kind of role you have in subscription .
  • It will give an access to activate the other tole as well if your administrator has assigned to it.
  • It will give the option for eligible role and Expired Role option as well if Role is time bound.

ad1.JPG

MY Request :

  • In my Requested, If i have requested for an access or Any role assignment , then it will show in My Request tab basically just show the request.

:ad2.JPG

Approve Requests:

  • IF you are a security admin and you need to approved  or reject the access , We can do it from here.

ad3.jpg

Review Access 

If we want to review the access of our user access we can do that ,while selecting the Review Access tab and get the data and keep it for auditing purpose.

access review.JPG

Azure AD Identity Role:

It will show what AD roles , User has apart from the subscription Role.

  • We will have 2 View
  • Admin View : which will have audit history other directory Role .

admin view

  • My View : Which will show only account activation part of Ad Role.

my view

Azure Resources :

Azure Resources tab will show you want kind of recourse you have and you can add multiple resources or subscription which is in one ID can be discover.

ad-1.JPG

My Audit History 

In My audit history , We will have the audit logs in azure and help security administrator to understand the task by perform by him or his team . If required , we can keep those logs for auditing purpose.

ad-2.JPG

 

 

Azure SQL(PaaS): Geo-Replication (DR)

I have seen couple of scenario where most of the clients and customer really wants to go with SQL (PaaS) services but they are not moving because if an case SQL PaaS services got crashed due to some technical issue there was option to recover the services or fail back the services with limited time frame.

Now its possible through Geo replication where you can configure the secondary database in paired region and start the replication, When ever your SQL PaaS services are unavailable at that time you can click on the fail-over option and with your estimated time SQL Database will available for you .

Lets see how we can enable the Geo-Replication for Azure Services.

Step:1  Preparing for Geo Replications 

  • Please select the Azure SQL (PaaS) Database which we needs to have Geo-Replications .
  • Select the Region you wants to have your Database secondary region for replication, You can select more the 1 region but has to configured one at time.
  • Once you will select the region you are done with this steps.

SQL-13.jpg

Step:2 (a) -Secondary SQL server Details 

  • Select the Region you want to create the SQL DBs secondary site.
  • Database Name will be selected automatically.
  • Secondary site type is readable.
  • IF you have already configured the elastic pool then we will select the elastic pool.
  • Target server if you don’t have then create New Once (Provide the Name, SQL login Name and password)
  • click OK.
  • Select the pricing tire (Basic,Standard , Premium)
  • Click ok .

SQL-14

Step:2 (b) Pricing Tire Section based on you Current Database configuration.

SQL-15

Step:2 (C) Verification of Secondary Database site and click ok.

SQL-16

Step:3  SQL Secondary site creation. 

  • Once you will click on ok
  • Secondary site will star creating .
  • Once secondary site will be created , it will start replication of Database.
  • Once the Database replication is completed , you will get option for fail-over.

SQL-17

Step:4  Failover the SQL Database.

  • My Primary site is completed replicated to secondary site.
  • Now i want do a failover .
  • Click on the Forced Failover.
  • It will start the failover process.
  • Once it is completed you will the secondary database is active.
  • Once you are done with failover your activity is completed.

SQL-18

Security Center: Azure SQL Vulnerability Assessment (Preview)

I have been seen couple of scenarios  where most of the organization are looking for Azure SQL Vulnerability tools which will help them analysis the Vulnerability and sent an notification that there is something wrong or we are missing some security checks.

Now MS Azure an announce the preview feature which will help us to enable the SQL Vulnerability and  discover, track, and remediate potential database vulnerabilities for Azure and on-premises.

Lets Configure the  SQL Vulnerability (Preview) feature for our SQL DBS.

Step:1 Prerequisite 

  • Identified the SQL Database
  • Storage account to keep logs.

Step: 2 Configuration of SQL Vulnerability

  • Select the Database
  • Go to settings and select the SQL Vulnerability.

SQL-8.jpg

Click on the settings

sql-9.jpg

  • Select the Storage Accounts and Click Save
  • Once that is done your SQL Vulnerability assignments will be enable

sql-10.jpg

Step:3 Scan the SQL Vulnerability 

  • Click on the Scan
  • After that execution of Vulnerability assessments will start the provide you the result and Risk

SQL-11.JPG

 

Step:4 validation 

  • As per the below Screen there are 3 Threads which we needs to fix .
  • There might be alert .
  • We have 2 Medium Risk and 2 Low risks.
  • If you click on each risk it will provide you the solution to fix that risks.

SQL-12

(10 Years):Azure SQL Database Long-term backup retention(Preview)

In my previous organization has asked me how can retain the Azure SQL (PasS) services Backup for 10 years and i was searching that option but didn’t get .

But now that is possible Through  Long-term backup retention(Preview) to retain your Azure SQL Database backup for 10 years with the backup vault that option is in Preview and lets how we can configure the Azure SQL Database backup for 10 years with recovery Vault  .

Step-1 :  Identification Of SQL Database 

  • Click on the SQL Database
  • Select the Azure SQL Server Name

SQL3

Step:2 Long Term Backup Retention Configuration.

  • Go to Settings
  • Select the Long Term Backup Retention Tab

SQL4

  • Select the Preview Items
  • Accept the term and Condition .
  • Select the Database you want retain more than 1 years.

SQL5

Step :3 Long Term Backup Configuration 

  • Select the Backup Recovery Vault if you have created
  • If you don’t have recovery Vault ,Please create one Recovery Vault.
  • Select the Backup Retention for 1 year to 10 Years.
  • Click on

SQL6

Save the Configuration and you SQL Database backup is configured for 10 years.

SQL7

SQL Backup is enabled for 10 years.

Azure Backups for VMs (IAAS)

“In Azure Backup Blogs series i will be writing the blogs for Azure VMs Backup and Pass services Backup , How backup services are help us and what configuring and prerequisite are required for backup.”

Backups are common terms  if you talk about Data Protraction, Compliance etc.

Backup are really important  part of the services or servers which will save lots of time and data in case of storage corruption , Application reconfiguration loss of corruption.

Backups are really help full when there is data loss or system corruption etc.

Lets how the azure Backup will help us in all the scenarios.

 Azure Backup:

MS azure has introduce the Azure Backup Vault feature for classic where you can take the backups of azure VMs and restore it when ever it is required.

Note: In Azure classic there are 2 different services Azure Site recovery and Backup Vaults.

“Later 2016 MS has launched the Azure Site recovery which includes the Backup and Backup Vault both which help us to take the backup of Azure VMs and do DR using the site recovery services for VMs. “

Azure Backup Conman Scenarios 

Below are the common scenarios which are conman in case of loss the data or accidentals deletion , We will be able to restore the Data  from Backup or Azure Backup.

  • Save the Organization Historical Data
  • Application Configuration Data
  • Server Data (Windows/Linux etc)
  • Files and Folders etc

Backup of Azure VMs 

Prerequisite

  • Azure Recovery Backup Vault.
  • Storage Accounts
  • Azure Subscription.
  • Number of VMs that needs to Backup

Step-1 Create the Backup Vault

  • Click on Create Resources
  • Select the Monitoring and Managements
  • Select Backup and Site recovery
  • Provide the Name
  • Subscription Details
  • Location
  • Click on Create

Backup1.jpg

Once the backup Vault is created ,Please go to Backup-vault.

Steps:2 Protract the VMs. 

  • Click on the Backup Vault
  • Click on Backup +

backup2.jpg

Step-3 Create the Backup Policy 

  • Select the Backup Goals
  • Select the Azure
  • Select the VMs type Azure VMs
  • Click on Backup
  • It will route to Backup Policy
  • Create a new Backup Policy
  • Select Ok

Backup3

Step-4 Backup Policy 

  • Provide the Backup Policy Name
  • Backup Frequency  (Daily, Monthly , Weekly and yearly )
  • Select the time you want to take the Backup
  • Click on Create .

Backup4

Step 5 : VMs Selection for Azure Backup 

  • You can Select the Items of Backup
  • Select the VMs you want to take the Backup
  • click ok

Backup5

Step-6 Enable the Backup

  • Click on Enable the Backup
  • It will validate the Prerequisites
  • It will automatically install  the Backup agent .
  • Start protracting the VMs.

Backup6

Steps:7 Backup initiation 

Once the Backup services is enabled then backup will start as per schedule and you can see it in Backup Process .

  • Click on the Backup Items
  • Click on the Azure Virtual Machines
  • Click on the Azure Backup Items

Backup7.jpg

Steps:7 Start the Backup Jobs 

  • Click on Backup Now.
  • Now your Backup has been started .

Backup8

Steps:7 Azure Backup Validation 

  • You can check the backup Jobs is in progress .
  • Enjoy with your backup configuration.

Backup9.jpg

Azure SQL DBs Creation(Pass)

In this Blogs i will shearing my experience how to create the Azure SQL Serves and SQL Database , I have seen couple of scenarios where azure learners  has dought between On-premises SQL Servers and Azure SQL Server (Pass)  and so thought of create blogs to clear the understanding on this and show then how useful Azure Pass services are.

 

SQL Server (IAAS)

  • SQL server on Azure VMs or on-premises are same .We need to download and install the SQL servers from MS download center or MSDN superscription.
  • We need to maintain the SQL Server Licensing
  • We need to install and configure manually as that will take almost 1 to 2 hrs to get it installed and configured.
  • We need to backup Manually or schedule the Backup for Azure Databases.

Azure SQL Server (PAAS)

  • We can use this Services (DBaaS) Database as services
  • It’s backed by Software Define services which is called as SaaS.
  • Easy to take the backup in Azure
  • Easy to fail-over and replicate to another region.
  • Recover the DBs from backup.
  • Automatic Backup Scheduled
  • Cost is much lower then Azure SQL On-premises
  • Advance Security Feature

Azure SQL DBs Creation

Step-1 Prerequisites

  • Azure SQL DBs Name
  • Azure SQL Configuration
  • Region
  • SQL Server Name
  • SQL server user Name and passwords
  • Select ok
  • Create the SQL Servers DBS.

SQL1.jpg

Your Azure SQL Database is created you can check that SQL Database in azure Resources.

 

 

 

 

 

 

 

 

Azure VMs Restoration

In my azure journey i have seen couple of incidents where VMs get cashed and we need to recover the Azure VMs from the backup vault.

MS Azure has enabled the feature that you can restore the VMs backup from the VMs no need to go to site recovery and search for the VMs , Then try to restore the VMs.

In this blog i am going to explain how to restore the complete VMs.

  • Files Recovery
  • Application Restoration or Full Backup Restoration.

Restoration of Azure VMs.

  • Click on the VMs you want to restore
  • Go to operations and Select the Backup

restore1.JPG

 

Step 2: Backup Selections. 

  • If you want to start the backup then select the backup Now.
  • Select the File recovery option to recover the files only
  • Select the Restore VMs to recover the Complete VMs.

restore2.jpg

Step:3 Restore VMs.

  • Click on the Restore Points
  • Select the latest Restoration Point to recover the VMs.
  • Select ok.
  • Click on the Restore VMs.
  • Your VMs will start the redeploying in azure Portal

restore3.JPG

Step: 5 File Recovery

  • Once you will click on file recovery you will get an option to select the recovery Point.
  • Download the Script
  • Create the password
  • Unmounted the disk after recovery
  • You are done with the recovery .

restore4.JPG

Azure Training: Azure VMs Operation Feature (Preview)

In this training videos I have shared my real time experience on enabling  the azure Inventory , change tracking and update management .

Which will help us to manage the azure VMs as quickly as i can  and shown how the Azure VMS DR can build.

I have seen couple of scenario where various  group of members are asking that how we can manage the inventory and how to know what changes are there. 

Hence thought to provide the session our AzureTalk Group and below is more details about Azure Preview Services 

Azure VMs Inventory : It will help you to manage you azure inventory and help us to manage the Azure Virtual machine inventory .

Azure Change Tracking : It will help us  to  track the changes in VMs through portal which will help to fix the issue soon there then logging to servers and check the changes..

Update Management  :  It’s Part of the OMS and helps to get analyze the patches and deploy the updates in azure Vms . Now that option is available (Preview) which will help us to find out the patches from Virtual machines while going to operation Tab. That is the easy way to deploy the critical,security and other recommended patches. 

 

 

This Training video will help your to enable the azure Inventory , Change Tracking , Update management , Azure Vms DR and Backup configuration in details.

So any azure learners can have quick view and learn the new thing .

Join the Azure-talk Group:  https://www.kloudezy.com/AzureTalkGroup.html

 

Azure Training# Azure VMs

In this Training video i have over the Azure VMs overview and details information about the azure VMs .

Azure VMs Configuration Overview : Which will help to understand the azure VMs instance size, location, Private IP, Public IP address and graphical Dashboard of the host utilization of CPU, memory , Disk read/write etc.

 

Azure VMs Monitoring: Azure VMs monitoring help us to configure the azure VMs monitoring and configure the alert which will help to fix the issue with in time line.

 

 

Azure VMs Troubleshooting:  It will help get the azure VMs troubleshooting conman scenario and help us to fix the issue.

  • Azure VMs Connectivity Issue.
  • Azure Vms Unable to take Remote.
  • User Name and password expire or forget.
  • Remote desktop connect couldn’t establish.
  • VMs are not working .

 

Azure Resource Movement to New Resource Group : Azure learners has been asking this question more and more to me hence thought this to my training.

How to migrate resource from one resource Group to another as they want to establish process or migrate the resources between the Resource Group.

 

Join the Azure-talk Group:  https://www.kloudezy.com/AzureTalkGroup.html

Azure Training Part-4

Azure Training# Azure Subscription and Azure VMs

 

Azure Subscription and Azure VMs

  • Concept of Azure Subscription

  • Virtual Machine Introduction ,Availability and scalability .

  • Azure Resource Group Vs Azure Resource Manager 

  • IaaS and Azure Virtual Machine 

Presenter : Niraj Kumar

Speaker: Lalit Rawat

 

 

Join the Azure-talk Group:  https://www.kloudezy.com/AzureTalkGroup.html

Azure Training Part-3

Azure Training:Introduction to Microsoft Azure

“I have seen that most of azure learners still requires to understand the basic concept of the azure services and how they can implement the services and I have received request that azure learners need a session for  beginners, Hence i thought to started the azure for beginners series online  and providing the free training .”

Introduction of series will help azure learners to understand the basic concept of azure and   which i have covers in my  Session.

  • Why we required Azure Cloud.
  • Why to use cloud if we have already on-premises Data Center .
  • How it will help us to save Cost.
  • Cloud Models and Terminology.
  • Difference between IAAS, PASS, SASS.
  • Azure Portal Overview

 Learning from this Training’s.

  • Azure Cloud Models and technology.
  • Azure Subscription Creation .
  • Azure Services Category .
  • Azure IAAS,PASS,SAAS services .
  • IAAS,PASS,SAAS services use .
  • Live Scenario of Cloud services .

 

Azure Training Part-2

Storage Account GSv2 Configuration

Azure Storage GSv2 Part-1

Storage Account GSv2 Configuration

Read-access geo-redundant storage (RA-GRS)


  • Secure Transfer  etc option.
  • Then Create the Storage Account.

Azure storage 1

Main Difference is Highlighted 

General Purpose V2                                               General Purpose V1

azure-storage-2.jpg

Azure Storage V2 Has only 3 Replication Policy RA-GRS,GRS and LRS but Storage Accounts V1 has 4 Replication Policy : LRG,ZRS, GRS,RA-GRS.

 

More Information Please follow:

Create and Manager Storage Accounts

Features of Storage Accounts:General Purpose GPv2 ,GPV1 and Blob Storage

Azure Storage account options

  • General Purpose v2 (GPv2) :
  • Storage accounts provide all the latest features, and supports Blobs, Files, Queues, and Tables.
  • These latest features include blob-level tiering, archive storage, higher scale account limits, and storage events.
  • Storage pricing has been designed to deliver the lowest GB prices, and industry competitive transaction prices.Blob Storage
  •  Storage accounts provide all the latest features for block blobs, but only support Block Blobs.
  • Blob-Storage Pricing is broadly similar to that in General Purpose v2.
  • Microsoft encourage most users to use General Purpose v2 rather than using Blob Storage accounts.General Purpose v1 (GPv1)
  • Storage accounts provide use of all Azure Storage Services, but It may not have the latest features or the lowest GB pricing.
  • Cool and archive storage are not supported in GPv1.
  • Storage pricing is lower for transactions, so workloads with high churn or high read rates may benefited with this types of storage accounts.
  • We can upgrade either a GPv1 or Blob Storage accounts to a GPv2 account at any time using the portal, CLI, or PowerShell.
  • Change cannot be reversed, and no other changes are permitted.

Pricing and billing.

Storage Account General Purpose V2 Cost is : 1446.91 and   General Purpose V1 cost is  1588.69

storage pricing

Storage Accounts General Purpose V1:-

storage pricing-2

As per Microsoft Pricing and Billing Model:-

  • Storage costs: In addition to the amount of data stored, the cost of storing data varies depending on the storage tier. The per-gigabyte cost decreases as the tier gets cooler.
  • Data access costs: Data access charges increase as the tier gets cooler. For data in the cool and archive storage tier, you are charged a per-gigabyte data access charge for reads.
  • Transaction costs: There is a per-transaction charge for all tiers that increases as the tier gets cooler.
  • Geo-Replication data transfer costs: This only applies to accounts with geo-replication configured, including GRS and RA-GRS. Geo-replication data transfer incurs a per-gigabyte charge.
  • Outbound data transfer costs: Outbound data transfers (data that is transferred out of an Azure region) incur billing for bandwidth usage on a per-gigabyte basis, consistent with general-purpose storage accounts.
  • Changing the storage tier: Changing the account storage tier from cool to hot incurs a charge equal to reading all the data existing in the storage account. However, changing the account storage tier from hot to cool incurs a charge equal to writing all the data into the cool tier (GPv2 accounts only).

For More Details , Please follow below Link:-

Azure Storage account options

All in One:Azure Learning for Azure Infra +Azure Developers + Azure Architect

edxReference Taken form the Microsoft EDX and Referred Microsoft EDX courses

Please go and register in Microsoft EDX Site .

Please Sign UP in the Microsoft EDX Site

https://www.edx.org/school/microsoft

Azure Infra +Azure Developers + Azure Architect Beginners Coursers:

SQL DataBase + SharePoint  Administrator Can focus on the Below Course

Beginners +Development Engineer Can focus on the below Courses:

 

My Udhay published the below Post in his blog. Please go through his Blog .

http://thinkvirtualization.in/microsoft-cloud-society-azure-cloud/

All in one place to learn Azure path and certified, Be the Azure Master get recognized and rewarded from Microsoft!!! Badge to our Bio.

https://cloudsociety.microsoft.com/signup.aspx

Get learning:
Cloud Infrastructure Learning Path.
Free online Azure training

https://cloudsociety.microsoft.com/azure-certification-training.aspx

Get Certification:
Cloud Infrastructure Certification Path.
Earn your demanding Azure Cloud Certification

 

Learn Weekly Trending New Technologies

https://cloudsociety.microsoft.com/engage-cloudsocietytuesdays.aspx

Setup and Configuration of File sync Server

File Sync Server part-1

File Sync Server Prerequisite

  1. Create an Storage Account
  2. Create the File Server (Creation of Azure File Server )
  3. On-premises Machine with 2012 R2 or 2016R2 with Latest Powershall (5.1)
  • Get-Module PowerShellGet -list | Select-Object Name,Version,Path
  • # Install the Azure Resource Manager modules from the PowerShell Gallery
    Install-Module AzureRM -AllowClobber

4: Name, Subscription, Resource Group and Location.

5: File Location Should be D:\FolderName

Step-1 : Login to Azure Portal and Select the File Storage Account

Please Login to Azure Subscription (Azure Portal)

  • Click on Storage Account
  • Select the File Sync Server Azure File Sync1

    Step 2-Create the File Sync Server

  • Please Provide the File Sync Server Name
  • Subscription
  • Resource Group Name
  • Location (It is available in Few Location like West US)

Azure File Sync2

Step-3: Create the Sync Group

Click on the Sync Group

Azure File Sync3

  • Provide the Sync Group Name
  • Select the Subscription
  • Select the Storage Account
  • Select the File Server

Azure File Sync4

azure-file-sync5.jpg

  • Please Download the Azure Storage Sync Agent
  • Installed on the Server 2012 R2 or 2016 Server in You on-premises

azure-file-sync6.jpg

  • Login to the server and Turn of the internet security : Test Purpose not  Recomanded.  for Production Environment.

azure-file-sync7.jpg

  • Selected the File as per your Server Requirements.

Azure File Sync8

  • Installed the Storage Sync Agent Setup

file sync setup1

  • Accept the Term and Condition

file sync setup2

  • Select the Folder Location for installation Files

file sync setup3

  • Select Collect Data Necessary to Identify and Fix the Problem.

file sync setup5

  • Select the Microsoft Update .

file sync setup4

  • Click on Finish

file sync setup6

You will get an Pre-requisite error as as powershell version is old.

Please use the Pre-requisite section command line to update the power-shell.

Azure File Sync9

Please find the below Command.

  • Get-Module PowerShellGet -list | Select-Object Name,Version,Path
  • # Install the Azure Resource Manager modules from the PowerShell Gallery
    Install-Module AzureRM -AllowClobber

Azure File Sync10

  • Sign in and Register the Server
  • Click on Sign and you will get Azure Portal login Windows.
  • Please provide the user ID and password.
  • Azure File Sync101

Azure File Sync12

  • Select the Subscription Name
  • Select the Resource Group
  • Select the Storage Sync Services.

Azure File Sync14

  • Click on Register and Sign-in Again

Azure File Sync15

  • Registration Success Full

Azure File Sync16

  • Once you will register the server you will see in File sync Register Server list .

Azure File Sync18

  • Click on Add Server Endpoint

Azure File Sync19

Add Server Endpoint

  • Register Server
  • Path
  • Cloud Tearing : How much free space you want.

Azure File Sync20

  • Your Cloud Endpoint is created.Azure File Sync21
  • Verify your Cloud point is Healthy
  • Azure File Sync22
  • Verify the Files in Azure File Share and you have Successfully Deploy the File sync Server.
  • Azure File Sync23

 

 

 

Azure File Sync Server Overview

 

What is Azure File Sync?

  • Azure File sync server help us to manger the file server centralized without downtime.
  • It will sync the files to azure and manage your Files cache to on-premises/Azure to provide the access or share across the Globe.

As per Microsoft :

  • Azure File Sync (preview) allows us to centralize our organization’s file shares in Azure Files without giving up the flexibility, performance, and compatibility of an on-premises file server.

  • It does this by transforming our Windows Servers into a quick cache of your Azure File share.

  • We can use any protocol available on Windows Server to access your data locally (including SMB, NFS, and FTPS) and we can have as many caches as you need across the world.

Azure File Sync terminology

Storage Sync Service

  • Storage Sync Service is the top-level Azure resource representing Azure File Sync and Storage Sync Service resource is a peer of the Storage Account resource. It can be deployed into Azure Resource Groups.
  • Need top level of Storage accounts is required because the storage sync services can create sync relationship with multiple Storage accounts via multiple sync Groups .
  • A subscription can have multiple Storage Sync Service resources deployed.

Sync Group

  • Sync Group are the set of files for sync topology which will have sets of file which you want to manage wit Azure file share.
  • Ex: If you have 2 distinct sets of file then you need to create Two sync Groups and need to add endpoint to each.
  • Storage Sync services can hosted as many Sync Groups as you need.

Registered Server

  • Registered Server object represents a trust-relationship between Our On-Premises server (or cluster) and the Storage Sync Service.
  • We can register as many servers to a Storage Sync Service instance as we want to add
  • Server (or cluster) can only be registered with one Storage Sync Service at any given time.

Azure File Sync agent

Azure File sync 3 services which is running in background.

  • FileSyncSvc.exe:
  • Background Windows service Which is  responsible for monitoring changes on Server Endpoints and for initiating sync sessions to Azure.
  • StorageSync.sys:  Azure File Sync file system filter, which is responsible for tiering files to Azure Files (when cloud tiering is enabled).
  • PowerShell management cmdlets: PowerShell cmdlets tha  we use to interact with the Microsoft.StorageSync Azure resource provider.
  • We can find these at the following (default) locations:
    • C:\Program Files\Azure\StorageSyncAgent\StorageSync.Management.PowerShell.Cmdlets.dll
    • C:\Program Files\Azure\StorageSyncAgent\StorageSync.Management.ServerCmdlets.dll

      Azure File Sync  OS Compatibility

      Version Supported SKUs Supported deployment options
      Windows Server 2016 Datacenter and Standard Full (server with a UI)
      Windows Server 2012 R2 Datacenter and Standard Full (server with a UI)

      File system features :

    • Feature Support status Notes
      Access control lists (ACLs) Fully supported Windows ACLs are preserved by Azure File Sync, and are enforced by Windows Server on Server Endpoints. Windows ACLs are not (yet) supported by Azure Files if files are accessed directly in the cloud.
      Hard links Skipped
      Symbolic links Skipped
      Mount points Partially supported Mount points might be the root of a Server Endpoint, but they are skipped if they are contained in a Server Endpoint’s namespace.
      Junctions Skipped
      Reparse points Skipped
      NTFS compression Fully supported
      Sparse files Fully supported Sparse files sync (are not blocked), but they sync to the cloud as a full file. If the file contents change in the cloud (or on another server), the file is no longer sparse when the change is downloaded.
      Alternate Data Streams (ADS) Preserved, but not synced
    • Feature Supported BY File Sync: 
    • Windows Server Failover Clustering is supported in Azure File Sync for the “File Server for general use not for Clustered Share Volume.
    • Data Deduplication

    • Azure File Sync supports Windows Server Data Duplication enabled on the volume.
    • Encryption solutions

      • BitLocker encryption
      • Azure Rights Management Services (Azure RMS) (and legacy Active Directory RMS)
    • Azure File Sync is known not to work with:

      • NTFS Encrypted File System (EFS)

 

Retiring Virtual Machines and Azure Cloud Services from the classic portal

Retiring Virtual Machines and Azure Cloud Services from the classic portal

Starting November 15, 2017, both Azure Virtual Machines and Azure Cloud Services will be available only in the Azure portal. Access from the classic portal will no longer be supported. If you were using the classic portal for OS images, please use PowerShell instead.

For details on how to get started in the Azure portal, refer to the Virtual Machines and Azure Cloud Services documentation.

New features for Virtual Machines in the Azure portal include:

  • Ability to add classic disks to a VM
  • Ability to add classic images to a VM

New features for Azure Cloud Services in the Azure portal include:

  • Deployment-related operation logs
  • Ability to update one or more roles at a time

Learn more about the upcoming capabilities of Cloud Services.

 

Referred and Updated By Microsoft :

https://azure.microsoft.com/en-in/updates/retiring-virtual-machine-and-cloud-services-from-classic-portal/

Setup and Configure Azure Billing: CloudYN

What is Cloudyn-Azure cost Management?

  • Azure Cost Management by Cloudyn allows you to track cloud usage and expenditures for your Azure resources and other cloud providers including AWS and Google.
  • Easy-to-understand & Customized  dashboard reports.
  • Which will help with cost allocation and showbacks/chargebacks .
  • Cost Management helps optimize your cloud spending by identifying underutilized resources that you can then manage and adjust.

User of Cloudyn-Azure cost Management.

  • Monitor usage and spending
  • Manage costs
  • Improve efficiency

Pre-Requisite to Configure ClOYDYN- AZURE Cost Management

  • User has Global Administrator /Services Administrator Rights
  • Tenant ID
  • Offer ID

CLOYDYN-Configuring Azure Cost Management

  • Log in to azure subscription (https://portal.azure.com/)
  • Click on cost management
  • Click on the Azure Cost management  .
  • Click on  Go to Cost Management.

Cost management

 

Cost management1

 

 

Cost management2

Organization Name

  • Please provide your Organization Name

Roles to Enrolment

  • Azure Enterprise Enrollment Administrator
  • Microsoft CSP Partner Program Administrator
  • Azure Individual Subscription owner
  • None of the Above
  • Cost management2

Azure Cost Management

  • Organization Name

Registration

  • ClOUDYN Account Name
  • Tenant ID
  • Offer ID- Name
  • Offer ID can selected from Drop Down Menu.

Cost management3

  • Start Configuration the Cost  Management.
  • It will take 30-40 Mints to Collect the Data.
  • It may take more time to configure and it depends on the azure subscription Data and Resource of Azure Subscription.
  • Once the Cloudyn will done with Data collection.

Cost management4

  • It will ask you to provide the permission to access your Azure subscription
  • You will have to accept the term and Condition.
  • Please click on the Go Cloudyn to go to Cloudyn Portal.

Cost management5

CloudYN DASHBOARD 

cloudYN Dash board.JPG

Management DashBoard:

Cost Entity Summary : Provide Global View of managed  Cost Entities

Cost over time : We can view our actual cost over time.

Asset controller: Visualize your cloud usage and performance trends all in one place

 Cost by device: View your actual costs per service

management dashboard

Cost ConTroller

Cost Over Time: View your actual cost over time
Monthly Cost Trends :View costs for last month, month-to-date, and monthly projections
12 Months Planner: View projected costs for next 12 months
Cost bt Services : View your actual cost per service
Cost By Account : View your actual cost per account
Cost Trend by Day : View your actual daily costs 
Cosy Trend By Month : View your actual monthly costs

Cost Controller.png

Asset Controller

Compute Instances : View your instances activity over time
Disks :View all your disks – both available and in-use
Instance Type Distribution :View breakdown of all compute instances by instance type
Computer Instance Daily Trends:View breakdown of all instances running during last 30 days

Asset Controller

Setup and configure:Azure Billing, Subscription management, RBAC, EA Subscription and CloudYN

How to register new cost management tool CLOUDCYN and dashboard showcase.
Azure subscription basic management on resources level like resource provider control registration/unregister,Quota- compute, storage etc… , Policies management.

RBAC, Directory management and subscription profile management, individual Subscription cost understanding.
How to sign up for new subscription.
Azure subscription management in EA.
Managing Azure EA subscription like Department, Accounts, Subscriptions.
-Understanding Azure EA billing Dashboard.
-Difference between subscription vs tenant

File Server Migration to Azure Using Azcopy Utility

What is AzCopy ?

Azcopy is command line utility designed to copy the data from Microsoft azure Blob, Files, Table Storage using the simple command line .

Below are the scenario we can use the Azcopy Utility.

  • On-premises File server to Azure File Storage Vise-versa.

  • Between Azure storage Accounts.

  • Between two different subscription Azure storage accounts.

  • We can copy the data Form Classic (ASM) mode to ARM model.

  • We can download/Upload and copy  the Blob ,File, Table (Export and Import) storage using the Azcopy Command.

  • Resume interrupted operations

It is buildup with .Net framework and can be use in  windows and Linux platform.

 How to Download  & Install the Azcopy Utility ?

 Please download the Azcopy Command line utility using the below link.

Please do copy and paste the below URL in the browse after that it will automatically download the Azcopy Utility.

 http://aka.ms/downloadazcopy(DownloadAzCopy)

  • Once the We will download the setup.

  • Right Click on MicrosoftAzurestorageTool and Run the As in administrator.

  • We will get the welcome Page and then click Next

Installtion 1

  • Accept the End-User License Agreement and Click Next.

Installtion 2

  • Select the  Destination folder we want to keep the installation files.Click Next.

installtion 3

  • We will get the Azcopy installation page, Click on Installation  and Install the AzCopy Utility.

installtion 4

  • Once it is install , It is install Click on Finish and now your Azcopy utility is installed on your Windows system.

installtion 5

Method 1:-

Once It is installed you can search on your PC Azcopy and open Run as Administrator.

 

Open Azcopy storate command

You will get below Command line utility to use to migrate the files, download the blobs etc for storage accounts.

  • Azutilites

Method-2

  • Open a CMD Command and then go to Azcopy location :

  • C:\Program Files (x86)\Microsoft SDKs\Azure\AzCopy\

  • Run the Azcopy Command.CMD azcopy

Migrating On_premises File to Azure File Storage Accounts Using Azcopy

Step 1: Create the Storage account

  • Login to Azure portal (https://portal.azure.com) using the Azure subscription Credentials.
  • Click on + Sign :
  • Click on Storage ;
  • Select the Storage accounts-Blob,File,Table,Storage:
  • Provide the Name of Storage as per our organization standard:
  • Select the Deployment model:
  • Account Kind:
  • Performance :
  • Replications:
  • Secure Transfer :
  • REsourceGroup and Location We want create the storage accounts:

Storage account Creation.jpg

  • Once the Storage Account is created , Please create the File Storage accounts.
  • We can also move the data to Azure Container as well if required.

Note: Please make sure all the .Vhd File has to move to azure blob container under Page blob if you are planning  t0 use the .Vhd file for customized or Specialized image. 

Step 2: Create the File Storage

Click on the Files

File storage

  • Add the Fileshare

  • Provide the fileserver Name

  • Quota :100 GB.

Note: File storage can store the 5 TB Data  which is the limit by default for file storage.

File storage1

Click on the Properties and Copy the Sharepath (URL).

File storage2

Step -3 Accessing the Source Key

  • Select the Storage account
  • Go to Settings
  • Select the Access Key  and Copy the Primary access Key
  • keep the information on notepad.

Source key.jpg

 

Step-4 Run the AzCopy Command in Azcopy utilities.

Please do use the below command to move the files to azure file servers.

AzCopy /Source:E:\Rcloudweb(Your On-premises server location) /Dest:https://Fileserver.file.core.windows.net/rcloudweb/(Azure File storage location) /DestKey:key of your storage Account /S(switch is used to copy the complete folder)

Please find the below Example Screenshot of Azcopy command which is successfully run.

Azcopy Command.jpg

Step-5 Migrating Files Verification.

As you can see below i have successfully migrated my file and folders successfully.

Verfication..jpg

 

Copy across file shares

AzCopy /Source:https://rcloudweb1.file.core.windows.net/rcloudweb1/ /Dest:https://rcloudweb2.file.core.windows.net/rcloudweb2/ /SourceKey:key1(Rcloudweb1 storage access key) /DestKey:key2 (Rcloudweb2 storage access key)/S

File Download

AzCopy /Source:https://rcloudweb.file.core.windows.net/rcloudweb/rcloudweb1/ /Dest:C:\rcloudweb /SourceKey:key (Rcloudweb storage access key) /Pattern:abc.txt

Download all files

AzCopy /Source:https://rcloudweb.file.core.windows.net/rcloudweb/ /Dest:C:\rcloudweb /SourceKey:key (Rcloudweb storage access key) /S

Copy single blob within Storage account

AzCopy /Source:https://rcloudweb1.blob.core.windows.net/rcloudweb1 /Dest:https://rcloudweb2.blob.core.windows.net/rcloudweb2 /SourceKey:key(Rcloudweb1 storage access key)/DestKey:key (Rcloudweb2 storage access key)/Pattern:rcloudfile.txt

For  More Azure Azcopy Command , you can got to Microsoft azcopy documents by following below links.

https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy

Configuration of Load Balance in Azure

Azure Load Balancer  Setup and Configuration

Once the Azure Load Balancer is create , Then search for Load balancer then select the load balancer.

Click on Overview:

Overview : 

It will show all the Azure Network load balancer like Backed IP address, Health Probs Load Balancing rule, NAT rules Subscription ID  and other Details.

azure load banalcer _overview

Activities Logs:

Activities logs are the just like a events logs of your services or It will show complete activity logs on your Azure Network load balancer .

azure load banalcer activity logs.JPG

 

Access Control (IAM) :

It is Role based access authentication for Network load balancer , If you want some from you team to manage the Network load balancer or you want to restricts the access to other department that you can add that user in IAM and limited the access to particular user.

azure load banalcer IAM access

Tags:

Tags are name/value pairs that enable you to categorize resources and view consolidated billing by applying the same tag to multiple resources and resource groups.

azure load banalcer tags

Diagnose  and Solve Problem: 

It is MS azure Knowledge-base solution , It is collection of common scenarios solution where we can go through the solution and try to fix the issue Common Scenario  are below and more you can find in azure portal.

  •  Load Balanced VMs are not receiving traffic
  • VMs behind Load Balancer (LB) not responding to requests
  • ADFS & SharePoint connections fail behind Load Balancer over VPN
  • My issue is not listed

azure load banalcer diagnose and slove problems

Azure load balancer Front End Pool:

Front end pool has public IP (PIP) addresses for incoming network traffic

azure load banalcer _frontendip

Back-end address pool:

  • It contains network interfaces (NICs) for the virtual machines to receive network traffic from the load balancer.
  •  The virtual machine will be selected in the backend pool should be target for the load balance traffic of this rule.

We can add the Vms in backend Pool as per below mention .

  • Single Virtual Machine : We can add the Single Virtual Machine in Backend pool.
  • Availability Set: Best Option which Microsoft suggested ,that We will add the Availability set in Azure load balancer which will provide the better reliability and performance for azure Load balancer.

When we will add the availability set , all the Vms will be added automatically as a part of availability set to Backend pool .

azure load balancer Backend pool0

We will be able to see the below configuration if we are adding the Single VMs.

Please do set the Vms you want to add the VMs in backendpool.

backendpool1

We can select the Availability Set as per below configuration based on the requirements.

  • Name : As per your organization standard .
  • IP Version: IPv4 or IPv6
  • Associated with Single Virtual Machine or Availability set.

azure load banalcer _backedpool

Health Probes : 

Protocol: Load Balancer will work on HTTP or TCP protocol , Please select which protocol you want to route the traffic for your applications .

Port: You can select the port number where you want to allow the traffic  and https port 443 or TCP port 80.

Interval: The amount of time between probs attempts

Unhealthy Threshold: The number of consecutive probe failures that must occur before a virtual machine is considered unhealthy.

azure load balancer health probe

Load Balancing Rule

We can configure the Load balancing rule based on the application requirements.We can enable the below configuration for load balancing.

Interval: The amount of time between probs attempts

Unhealthy Threshold: The number of consecutive probe failures that must occur before a virtual machine is considered unhealthy.

Front End IP address: Client will communicate on load balancer on selected IP address services will have their traffic routes to the target machine by this NAT rule

Backend Port: You can choose to route traffic to the virtual machines in the backend pool using a different port than the one clients use to communicate with the load balancer.

Backend Pool: The virtual machine will be selected in the backend pool should be targeted for the load balance traffic of this rule.

Health Probe: The selected probe used by this rule to determine which virtual machine in backend pool are healthy and can receive load balanced traffic.

Session Persistence: Session persistence specifies that traffic from a client should be handled by the same virtual machine in the backend pool for the duration of a session”None: specifies that successive requests from the same client may be handled by any virtual machine:client IP” specifies that successive request form the same client IO address will be handled by the same virtual machine.
“Client IP and protocol” specifies that successive requests from the same client IP address and protocol combination will be handled by the same virtual machine.
Idle Timeout: Keep a TCP or HTTP connection open without relying on clients to send keep-alive messages.

Floting IP: We recommend using this feature only when configuring a SQL always on availability Group listener . It can be enabled only when creating a rule and if the port and a backed port matches.

load balancingRule

Inbound NAT Rules

Contains rules mapping a public port on the load balancer to a port for a specific virtual machine in the back-end address pool.

Name: Please provide the Name as per your organization Standard .

Frontend IP address: Client will communicate on load balancer on selected IP address and services will have their traffic routes to the target machine by this NAT rule

IP version: The IP version of the front end IP address must match the IP version of the target network IP configuration. Public load balances support IPv4 and IPv6. Internal load balancers support IPv4.
Network IP Configuration: The IP configuration that will receive traffic for the chosen Virtual machine. The IP version of the IP configuration much match the IP version of the front-end IP address.
Port Mapping:By default, traffic is routed to the target virtual machine on the same port that clients use to communicate with the load balancer. You can specify a custom port mapping to route traffic to a different port on the target virtual machine.

Services: We can select the custom services like HTTP, SSH,TCP MangoDB, Cosmos DB etc 

Associated to : You can select the VM which you want to traffic should be route first on that Application based on the requirements.

Protocol :Based on your services you need to select the TCP/HTTP Protocol.

Port: Based on your services you need to select the TCP/HTTP port to route the traffic like port number 80 or 443 etc.

Network IP Configuration : It will be by default configure as per your VMs configuration and associated to Vms Internal IP address .

Port Mapping: If we want to Map custom of default port to our application we can select this option or let it  default option selected.

Floting IP  :We recommend using this feature only when configuring a SQL always on availability Group listener . It can be enabled only when creating a rule and if the port and a backend port matches.

Target Port: It will be same port you have configure your application  and you have target the same port for traffic to route between applications.

Inbound NAT Rules

Properties :

IT will show where you are resources has been deployed and what is the configuration etc.

Loadbancer_Properties

Lock

We can avoid the deleting the services while configuration of lock option.

NLB_Lock

Diagnostic Logs:- 

It will shows your  application logs and it will help to analyze the issue  and troubleshoot further if there is any problem with the applications.Diagnostics Log

 

For Deep Drive Please do Refer Microsoft Azure Load Balancer Docs: PFB below link.

MS-Link: Azure Load balancer.

 

How to Create the Load Balance in Azure

What is Azure Load Balancer?

Azure Load Balancer delivers high availability and network performance to your applications.

It is a Layer 4 (TCP, UDP) load balancer that distributes incoming traffic among healthy instances of services defined in a load-balanced set.

Note: Basically Used to load balance your Vms, Web applications and route the traffic based on the NAT rules configured on Load balancer.

Azure Load Balancer configuration

  • Internet-facing load balancing : Load balance incoming Internet traffic to virtual machines.
  • Internal load balancing :
    • Load balance traffic between virtual machines in a virtual network,
    • Load Balance   virtual machines in cloud services or on-premises computers
    • Load Balance  Virtual machines in a cross-premises virtual network.
  • Forward external traffic to a specific virtual machine.

All resources in the Azure cloud need a public IP address to be reachable from the Internet.

Cloud infrastructure in Azure uses non-routable IP addresses for its resources.

Azure uses network address translation (NAT) with public IP addresses to communicate to the Internet.

Azure Load Balancer Setup and Configuration

  • Login to Azure portal, and sign in with your Azure account.
  • Click New > Networking > Load balancer.
  • Create load balancer

azure load banalcer 1.jpg

  • Enter a Name for your load balancer.
  • Select Types Public or Internal.
  • We can use internal load balancers to balance traffic from private IP addresses.
  • Public load balancers can balance traffic originating from public IP addresses.
  • Select the Public IP address and create new Public IP address
  • Select the subscription
  • Create the Resource Group or select the existing Resource Group
  • We can choose the location based out of region.
  • Click on Create .

azure load banalcer _frontendip.JPGazure load banalcer 2

We will see the below validation Page and Load balancer will be created with in 5 to 10 minutes.

azure load banalcer 3

Azure Load Balancer  Configuration

 

Once the Azure Load Balancer is create , Then search for Load balancer then select the load balancer.

Click on Overview:

Overview : 

It will show all the Azure Network load balancer like Backed IP address, Health Probs Load Balancing rule, NAT rules Subscription ID  and other Details.

azure load banalcer _overview

Activities Logs:

Activities logs are the just like a events logs of your services or It will show complete activity logs on your Azure Network load balancer .

azure load banalcer activity logs.JPG

 

Access Control (IAM) :

It is Role based access authentication for Network load balancer , If you want some from you team to manage the Network load balancer or you want to restricts the access to other department that you can add that user in IAM and limited the access to particular user.

azure load banalcer IAM access

Tags:

Tags are name/value pairs that enable you to categorize resources and view consolidated billing by applying the same tag to multiple resources and resource groups.

azure load banalcer tags

Diagnose  and Solve Problem: 

It is MS azure Knowledge-base solution , It is collection of common scenarios solution where we can go through the solution and try to fix the issue Common Scenario  are below and more you can find in azure portal.

  •  Load Balanced VMs are not receiving traffic
  • VMs behind Load Balancer (LB) not responding to requests
  • ADFS & SharePoint connections fail behind Load Balancer over VPN
  • My issue is not listed

azure load banalcer diagnose and slove problems

Azure load balancer Front End Pool:

Front end pool has public IP (PIP) addresses for incoming network traffic

azure load banalcer _frontendip

Back-end address pool:

  • It contains network interfaces (NICs) for the virtual machines to receive network traffic from the load balancer.
  •  The virtual machine will be selected in the backend pool should be target for the load balance traffic of this rule.

We can add the Vms in backend Pool as per below mention .

  • Single Virtual Machine : We can add the Single Virtual Machine in Backend pool.
  • Availability Set: Best Option which Microsoft suggested ,that We will add the Availability set in Azure load balancer which will provide the better reliability and performance for azure Load balancer.

When we will add the availability set , all the Vms will be added automatically as a part of availability set to Backend pool .

azure load balancer Backend pool0

We will be able to see the below configuration if we are adding the Single VMs.

Please do set the Vms you want to add the VMs in backendpool.

backendpool1

We can select the Availability Set as per below configuration based on the requirements.

  • Name : As per your organization standard .
  • IP Version: IPv4 or IPv6
  • Associated with Single Virtual Machine or Availability set.

azure load banalcer _backedpool

Health Probes : 

Protocol: Load Balancer will work on HTTP or TCP protocol , Please select which protocol you want to route the traffic for your applications .

Port: You can select the port number where you want to allow the traffic  and https port 443 or TCP port 80.

Interval: The amount of time between probs attempts

Unhealthy Threshold: The number of consecutive probe failures that must occur before a virtual machine is considered unhealthy.

azure load balancer health probe

Load Balancing Rule

We can configure the Load balancing rule based on the application requirements.We can enable the below configuration for load balancing.

Interval: The amount of time between probs attempts

Unhealthy Threshold: The number of consecutive probe failures that must occur before a virtual machine is considered unhealthy.

Front End IP address: Client will communicate on load balancer on selected IP address services will have their traffic routes to the target machine by this NAT rule

Backend Port: You can choose to route traffic to the virtual machines in the backend pool using a different port than the one clients use to communicate with the load balancer.

Backend Pool: The virtual machine will be selected in the backend pool should be targeted for the load balance traffic of this rule.

Health Probe: The selected probe used by this rule to determine which virtual machine in backend pool are healthy and can receive load balanced traffic.

Session Persistence: Session persistence specifies that traffic from a client should be handled by the same virtual machine in the backend pool for the duration of a session”None: specifies that successive requests from the same client may be handled by any virtual machine:client IP” specifies that successive request form the same client IO address will be handled by the same virtual machine.
“Client IP and protocol” specifies that successive requests from the same client IP address and protocol combination will be handled by the same virtual machine.
Idle Timeout: Keep a TCP or HTTP connection open without relying on clients to send keep-alive messages.

Floting IP: We recommend using this feature only when configuring a SQL always on availability Group listener . It can be enabled only when creating a rule and if the port and a backed port matches.

load balancingRule

Inbound NAT Rules

Contains rules mapping a public port on the load balancer to a port for a specific virtual machine in the back-end address pool.

Name: Please provide the Name as per your organization Standard .

Frontend IP address: Client will communicate on load balancer on selected IP address and services will have their traffic routes to the target machine by this NAT rule

IP version: The IP version of the front end IP address must match the IP version of the target network IP configuration. Public load balances support IPv4 and IPv6. Internal load balancers support IPv4.
Network IP Configuration: The IP configuration that will receive traffic for the chosen Virtual machine. The IP version of the IP configuration much match the IP version of the front-end IP address.
Port Mapping:By default, traffic is routed to the target virtual machine on the same port that clients use to communicate with the load balancer. You can specify a custom port mapping to route traffic to a different port on the target virtual machine.

Services: We can select the custom services like HTTP, SSH,TCP MangoDB, Cosmos DB etc 

Associated to : You can select the VM which you want to traffic should be route first on that Application based on the requirements.

Protocol :Based on your services you need to select the TCP/HTTP Protocol.

Port: Based on your services you need to select the TCP/HTTP port to route the traffic like port number 80 or 443 etc.

Network IP Configuration : It will be by default configure as per your VMs configuration and associated to Vms Internal IP address .

Port Mapping: If we want to Map custom of default port to our application we can select this option or let it  default option selected.

Floting IP  :We recommend using this feature only when configuring a SQL always on availability Group listener . It can be enabled only when creating a rule and if the port and a backend port matches.

Target Port: It will be same port you have configure your application  and you have target the same port for traffic to route between applications.

Inbound NAT Rules

Properties :

IT will show where you are resources has been deployed and what is the configuration etc.

Loadbancer_Properties

Lock

We can avoid the deleting the services while configuration of lock option.

NLB_Lock

Diagnostic Logs:- 

It will shows your  application logs and it will help to analyze the issue  and troubleshoot further if there is any problem with the applications.Diagnostics Log

 

For Deep Drive Please do Refer Microsoft Azure Load Balancer Docs: PFB below link.

MS-Link: Azure Load balancer.

 

AzureTalk(Azure AD and Storage Accounts)

What is AzureTalk?
AzureTalk is open community  to learn the Microsoft Azure  and we have more than Approx 2600  members in this this Group where we are helping Azure learners for there real time environment problems and discussing various  new features about MS azure platforms.

Azure Storage Account:

We discussed following topics on Azure Storage.

  • Azure Storage Overview
  • Types of Storage Account and performance tiers
  • Storage Replication Scope (LRS, ZRS, GRS, RA-GRS)
  • Types of Storage (Blob, File, Table, Queue)
  • Managed VM disk
  • Securing Storage
    • SSE( Storage Service Encryption)
    • ADE(Azure Disk Encryption)
    • SAS Signature
    • Secure Transfer required
  • Storage Access Tools( PowerShell, Azure Storage Explorer, AzCopy)
  • Azure Storage Demo

The recorded session is made available for viewing and you can watch entire AzureTalk on  storage here.

 

AzureTalk Storage Presentation:

AzureTalk Storage Demo 

 

AzureTalk: Azure AD IAM

Azure AD Connect part-2

 

 

 

Azure AD Premium 

 

Azure : SSO with ADFS.

Azure Interview Q & A-part1

 What is the advantage to move to cloud?

Flexibility : We can restructure of our Environment is needed and you can create the an number of services based on our requirements.

Pay As you GO : PAY as you go option is good , Only pay for the services you used in a months or Day/Hrs. basis.

Hybrid Capability: We can integrate our on-premises Environment to azure using Site recovery or other Microsoft tool which will help us to extent our data center to azure .

Securing you Data : We can use the azure encryption ,Security center, key vault etc. application for securing the data which is resides in azure.

Scale on Demand : We can scale up the IAAS PASS SAAS services as per our demands.

Example: If customer ask he need 10 servers with in 1 day how we can process or is it possible , Yes it is possible using Windows azure and not even one day we can give it with 1-2 Hours Using the cloud services. If we need to in on-premises it might take 3-4 months to process and configure the server.

Integrative Data Solution: We can integrate the Data solution with azure like SQL server, Bigdata, Visual studio Etc.

Backup : We can directly take the backup in azure storage accounts with minimal charges and no need to buy additional hardware (backup tape HDD, File server etc.).

Disaster Recovery: We can use the Recovery Vault which known as Site recovery vault in azure to do Disaster recovery in azure without any problem.

What is storage account?

Azure Storage is massively scalable, so you can store and process hundreds of terabytes of data to support the big data scenarios required by scientific, financial analysis, and media applications.

  • Difference between LRS And ZRS storage Account?
  • Locally redundant storage (LRS).Locally redundant storage maintains three copies of your data. LRS is replicated three times within a single data center in a single region. LRS protects your data from normal hardware failures, but not from the failure of a single data center.
  • Zone-redundant storage (ZRS).Zone-redundant storage maintains three copies of your data. ZRS is replicated three times across two to three facilities, either within a single region or across two regions, providing higher durability than LRS. ZRS ensures that your data is durable within a single region.
  • Create and Manage the Azure storage accounts

What is file  storage ?

File storage offers shared storage for applications using the standard SMB 2.1 or SMB 3.0 protocol. Microsoft Azure virtual machines and cloud services can share file data across application components via mounted shares, and on-premises applications can access file data in a share via the File storage API.

Pre-requisite of  create and  WebApps?

  • Azure Subscription.
  • Storage account
  • SQL Database Connection
  • SSL certificate
  • Network security Group configuration.
  • Custom DNS
  • Data source
  •  Deployments Credentials if you are using the FTP.
  • Deployments Option like Visual Studio Onedrive ,local git etc
  • We should know the application version(.net4.5,4.3 python 32bit etc ) while migrating or creating the webapps

What is CDN?

The Microsoft Azure Content Delivery Network (CDN) offers developers a global solution for delivering high-bandwidth content that is hosted in Azure or any other location. Using the CDN, you can cache publicly available objects loaded from Azure blob storage, a web application, virtual machine, application folder, or other HTTP/HTTPS location. The CDN cache can be held at strategic locations to provide maximum bandwidth for delivering content to users. The CDN is typically used for delivering static content such as images, style sheets, documents, files, client-side scripts, and HTML pages.

 

How you plan Disaster Recovery if I have 10 Vms running on Hyper-V on-Prem and VMware Environment?

  • We will Set up Azure environment for migration.
  • we will Prepare the configuration server
  • we will Prepare for automatic discovery and push installation
  • we will create a Recovery Services vault
  • we will Select the protection goal and start protecting servers.
  • we will Set up the source environment
  • Run Site Recovery Unified Setup
  • we have to setup the target server.
  • Set up replication settings
  • Plan capacity
  • Prepare VMs for replication
  • we will enable the Enable replication
  • we will run a test failover

How to migrate the on-premises server to azure using site recovery ?

  • Please follow the step by step setup below  to migrate on-premises to azure .
  • I always refer below azure documents  as they are updated one.

How to configure the Backup for Azure Vms and on-Prem Vms?

  1. Configure the vault
  2. Install and register the agent
  3. Back up your files and folders

Backing up Azure virtual machines

  1. Discover and Register Azure virtual machines
  2. Install the VM Agent on the virtual machine
  3. Create the backup policy
  4. Initial backup

How to migrate the File servers to Azure?

  • Create Azure file storage account as per user requirements
  • Under storage account, create the file storage and need to assign the storage quota
  • Create the file share and directories as per customer requirement
  • Upload on premise data to Azure file share directory
  • Configure shared access signatures(SAS) via the REST API or the client libraries.
  • Generate tokens with specific permission as required by the client
  • Install the storage explorer to migrate the data from on premise to azure file server
  • Install and configure the Azure copy client On- premise server to migrate the data to the azure storage account
  • Configure Azure file share access and signature for storage account to access the file server
  • Initiate data migration process
  • Upload and download files to and from On-premise file share sever

 How many types of storage account azure have?

Premier Storage Account: Microsoft Azure Premium Storage delivers high-performance, low-latency disk support for virtual machines (VMs) running I/O-intensive workloads. VM disks that use Premium Storage store data on solid state drives (SSDs). You can migrate your application’s VM disks to Azure Premium Storage to take advantage of the speed and performance of these disks.

Azure Storage is the cloud storage solution for modern applications that rely on durability, availability, and scalability to meet the needs of their customers.

Difference Between ASR and ARM?

ASM

ARM

   
This is an old portal which provides Cloud
service for Iaas Workload and few specific Paas Workload
They are new portal provides service for all
Workload of IaaS and PaaS
Access over the Url:
https://manage.windowsazure.com
which  termed as V1 portal.
Access over the Url: https://portal.azure.com
which  termed as V2 portal  having Blade design Portal View
Azure Service Manager are XML driven REST API Azure Service Manager are JSON driven REST API
Had a concept of Affinity Group which has been
deprecated
They have container concept called Resource
Group which is logical set of correlated cloud resources which can span
multiple region and services
Private Azure Portal can be built using
Windows Azure Pack
Private Azure Portal can be built using  Azure Stack
Removal or Deletion is not easy as Azure Resource
Manager
Removal of resource is easier by deleting the
resource group (RSG) which will help to delete all the resource present in
the RSG
Deployment can be performed using PowerShell
script
Deployment can be performed using ARM
templates which provide simple orchestration and rollback function. They have
their own PowerShell Module
Features and function are not available Role Based Access Control Feature is Present
Features and function are not available Resource from the resource group can be moved
between within the same region
Features and function are not available Resource Tagging which is name-pair value
assigned to resource group which can have up to 15 tags per resources
Features and function are not available Massive and Parallel Deployment of VM’s
possible with Asynchronous Operations
Features and function are not available We can have custom policy created to restrict
the operation that can be performed
Features and function are not available Azure Resource Explorer  – https://resources.azure.com/ which helps
for more understanding on resources and for deployment
Features and function are not available  Resource Locks provides the policy to
enforce lock level that prevent from accident deletion

How to migrate the On-Prem servers to azure?

Pre-requisite to create the VM.

  • Click the New button found on the upper left-hand corner of the Azure portal.
  • Select Compute from the New blade, select Windows Server 2016 Datacenter from the Compute blade, and then click the Create
  • Fill out the virtual machine Basics The user name and password entered here is used to log in to the virtual machine. For Resource group, create a new one. A resource group is a logical container into which Azure resources are created and collectively managed. When complete, click OK.
  • Choose a size for the VM and click Select.
  • On the settings blade, select Yes under Use managed disks, keep the defaults for the rest of the settings, and click OK.
  • On the summary page, click Ok to start the virtual machine deployment.
  • To monitor deployment status, click the virtual machine. The VM can be found on the Azure portal dashboard, or by selecting Virtual Machines from the left-hand menu. When the VM has been created, the status changes from Deploying to Running.

How to deploy the Custom image?

  1. In the Azure portalConnectto the virtual machine. For instructions, see How to sign in to a virtual machine running Windows Server.
  2. Open a Command Prompt window as an administrator.
  3. Change the directory to %windir%\system32\sysprep, and then run sysprep.exe.
  4. The System Preparation Tooldialog box appears. Do the following:
    • In System Cleanup Action, select Enter System Out-of-Box Experience (OOBE)and make sure that Generalize is checked. For more information about using Sysprep, see How to Use Sysprep: An Introduction.
    • In Shutdown Options, select Shutdown.
    • Click OK.
  5. Sysprep shuts down the virtual machine, which changes the status of the virtual machine in the Azure classic portal to Stopped.
  6. In the Azure portal, click Virtual Machines (classic)and select the virtual machine you want to capture. The VM images (classic) group is listed under Compute when you view More services.
  7. On the command bar, click Capture.

The Capture the Virtual Machine dialog box appears.

  1. In Image name, type a name for the new image. In Image label, type a label for the new image.
  2. Click I’ve run Sysprep on the virtual machine. This checkbox refers to the actions with Sysprep in steps 3-5. An image mustbe generalized by running Sysprep before you add a Windows Server image to your set of custom images.
  3. Once the capture completes, the new image becomes available in the Marketplace, in the ComputeVM images (classic)

What azure VPN and how many types of Azure VPN we can configure in azure?

Site to Site VPN :

A Site-to-Site (S2S) VPN gateway connection is a connection over IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device located on-premises that has a public IP address assigned to it and is not located behind a NAT. S2S connections can be used for cross-premises and hybrid configurations

Point to Site VPN: A Point-to-Site (P2S) configuration lets you create a secure connection from an individual client computer to a virtual network. P2S is a VPN connection over SSTP (Secure Socket Tunneling Protocol). Point-to-Site connections are useful when you want to connect to your VNet from a remote location, such as from home or a conference, or when you only have a few clients that need to connect to a virtual network. P2S connections do not require a VPN device or a public-facing IP address. You establish the VPN connection from the client computer.

Vnet to Vnet : Connecting a virtual network to another virtual network (VNet-to-VNet) is similar to connecting a VNet to an on-premises site location. Both connectivity types use a VPN gateway to provide a secure tunnel using IPsec/IKE. You can even combine VNet-to-VNet communication with multi-site connection configurations. This lets you establish network topologies that combine cross-premises connectivity with inter-virtual network connectivity.

Azure Virtual network setup and configuration

Azure Site to site VPN Configuration Step-step

 What is express route?

ExpressRoute is a direct, dedicated connection from your WAN (not over the public Internet) to Microsoft Services, including Azure. Site-to-Site VPN traffic travels encrypted over the public Internet. Being able to configure Site-to-Site VPN and ExpressRoute connections for the same virtual network has several advantages.

You can configure a Site-to-Site VPN as a secure failover path for ExpressRoute, or use Site-to-Site VPNs to connect to sites that are not part of your network, but that are connected through ExpressRoute. Notice that this configuration requires two virtual network gateways for the same virtual network, one using the gateway type ‘Vpn’, and the other using the gateway type ‘ExpressRoute’.

  1. How you can troubleshoot if VM is not working?
  2. We can reset the VM configuration.
  3. If user has forget the password of the VM local account how we can change?

Ans:- you can found the answer here i have provide the information in details:  Windows Azure VM troubleshootings

Is it possible to host the VM in another region and connect to different region?

Yes, We need to setup the interconnectivity while creation the  V-net to V-net  connection between both the region than only we can connect.

How to Assign Static IP address in azure Vms?

Please follow the below blog to assign the static IP address.

Assign Static IP address to azure Vms.

Azure interview question

What is traffic Manager and how to configure it ?

  • Azure Traffic Manager allows us to control the distribution of user traffic for service endpoints which resides in different datacenters.
  • Service endpoints supported by Traffic Manager including Azure VMs, Web Apps, and cloud services. We can also use Traffic Manager with external, non-Azure endpoints

Use below link to get more detail on azure traffic manager.Configuration and setup the traffic Manager

What is Azure DNS Server and how to configure it ?

  • Azure DNS or DNS is responsible for translating (or resolving) a website or service name to its IP address.
  • Azure DNS is a hosting service for DNS domains, providing name resolution using Microsoft Azure infrastructure.
  • Hosting your domains in Azure, We can manage our DNS records using the same credentials, APIs, tools, and billing as we are using for other Azure services.

More Details Please follow below links:

Azure DNS serve setup and configuration

Azure DNS Records and limitation

Note: References and answers have been taken from Microsoft Azure Documents. Requesting  the viewers to please refer microsoft azure documents or contact me if  in depth knowledge is required.

Refer this:  https://docs.microsoft.com/en-us/azure/#pivot=services

Troubleshooting Azure Vm

Troubleshoot Remote Desktop connections to an Azure virtual machine

  • Reset Remote Desktop configuration & Password .
  • Check Network Security Group rules / Cloud Services endpoints.
  • Review VM console logs.
  • Reset the NIC for the VM.
  • Check the VM Resource Health.
  • Reset your VM password.
  • Restart your VM.
  • Redeploy your VM.

Troubleshoot Azure Vms:

Scenario-1 : When user has forgot the Azure VM  local administrator password   and if something went on the Azure Remote Desktop Connection then we will use the below solution.

1: Reset your RDP connection & Passwords. This troubleshooting step resets the RDP configuration when Remote Connections are disabled or Windows Firewall rules are blocking RDP.

Reset the Remote Desktop service configuration & Password .

  • Select your Windows virtual machine then click Support + Troubleshooting > Reset password  to reset the password.
  • Select drop down Menu then select the reset configuration only  to reset the remote configuration of The VMS.
  • Click Update and It will apply as per your selected services.

Azure VM Passwrod Reset and Configuration

Scenario-2:- If we are unable to connect to Azure using RDP then there might be chances that it is blocking by the NSG or Azure Endpoint is not allowing the RDP . So we have make an exception in NSG/Endpoint rule to allow RDP access.

 

Step2: Check the Network Security Group/Cloud Services Endpoints in Classic Mode (ASM)

  • Logging to Azure Portal: – https:// Portal.azure.com
  • Select the VM àSelect the VM you need to allow the RDP Connection
  • Go to Settings
  • Select the Network Interface
  • Click on the Network Properties

NSG1.jpg

Select the NSG Group and click on Edit if required.

NSG2

  • GO to Settings and click on the inbound NSG security Rule.
  • Select the Inbound Security Rule
  • Allow the 3389 port to connect to remote desktop.
  • If you need to deny any specific range of ip address or port please select deny.

NSG3

Scenario-3: VM resource health will be useful on when something is went wrong form Azure data center or your VM got corrupted . So it will tell the health of your Azure VMs or services.

Step -3: Check the VM Resource Health.

This troubleshooting step verifies there are no known issues with the Azure platform that may impact connectivity to the VM.

Select your VM in the Azure portal. Scroll down the settings pane to the Support + Troubleshooting section near bottom of the list. Click the Resource Health button. A healthy VM reports as being Available.

You can try troubleshoot Tool for more troubleshooting of Vms.

Resource health.JPG

Scenario 4: Suppose you have made the some changes on your VMs like (Winodws update, Network settings configuration, software installation ) or any other changes which cause the remote desktop connectivity loss . Then we can reboot the server .

Most of the common scenario reboot will fix the issue.

Step:4- Restart your VM. This troubleshooting step can correct any underlying issues the VM itself is having.

Select your VM in the Azure portal and click the Overview Tab. Click the Restart button:

Most of the issue are resolved by Restarting the VM but make sure you will reboot the vm during the non-business Hours.

VM restart.jpg

Step-5 Diagnostics settings: Please enable the diagnostic settings to understand what is issue is there in VM.

Please enable the Diagnostic setting so it will collect all the logs and it will be easy to understand the issue

diagnostic settings.JPG

Once you will configure the DIagnostic Setting , You will be able to configure the logs,Performance counter , Crash Dumps ,Dinks  and Agent Status.

Please go head and click Each tab and try to understand the troubleshooting scenario and configure the logs as per your Project/Customer requirements. 

diagnostic settings1.JPG

 

Step 6: Re-deploy the VM:  You can use this scenario only if no solution will work , then it will help you get new VM instance with Same image , Data and application configuration.

Note: Redeploying your virtual machine, which will migrate it to a new Azure host. If you continue, the virtual machine will be restarted and you will lose any data on the temporary drive (which is created with Azure VM image). While the redeployment is in progress, the virtual machine will be unavailable.

Production Data and application will not harm while performing this steps.

  • Logging to Azure Portal: – https:// Portal.azure.com
  • Select the VM Select the VM you need to redeploy
  • Go to Support + Troubleshooting
  • Select the Redeploy
  • Click ok
  • Once the redeploy will be completed then please try to reconnect the VM.

Redeploy.JPG

Step 7:- Always Refer the Azure Advisor Recommendations.

  • Logging to Azure Portal: – https:// Portal.azure.com 
  • Select the VM Select the VM you need to check the Advisory  Recommendation 
  • Go to Support + Troubleshooting
  • Select the Advisor Recommendations.
  • Now you see the azure advisory recommendation for your Vms.

Azure Advisor Recomandation.jpg

 

 

Azure Traffic manager

 

What is Azure Traffic Manager ‘

Azure Traffic Manager allows us to control the distribution of user traffic for service endpoints which resides in different datacenters.

Service endpoints supported by Traffic Manager including Azure VMs, Web Apps, and cloud services. We can also use Traffic Manager with external, non-Azure endpoints

What is the Azure Traffic Manager benefits ?

  • Improve availability of critical applications

Traffic Manager delivers high availability for our applications by monitoring our services endpoints and providing automatic failover when an endpoint goes down.

 

  • Improve responsiveness for high-performance applications

Azure allows you to run cloud services or websites in datacenters located around the world. Traffic Manager improves application responsiveness by directing traffic to the endpoints with the lowest network latency for the client.

 

  • Perform service maintenance without downtime

We can perform planned maintenance operations on our applications without downtime. Traffic Manager directs traffic to alternative endpoints while the on-going maintenance .

 

  • Combine on-premises and Cloud-based applications

Traffic Manager supports external, non-Azure endpoints enables it to be used with hybrid cloud and on-premises deployments, including the “burst-to-cloud,” “migrate-to-cloud,” and “failover-to-cloud” scenarios.

 

  • Distribute traffic for large, complex deployments

Traffic manager use the nested Traffic Manager profiles, traffic-routing methods so it can be combined to create sophisticated and flexible rules to support the larger &  more complex deployments.

Create the Azure Traffic Manager :–

  • Click on Search
  • Search Traffic Manager
  • Select Traffic manager
  • Add Traffic Manager

Traffice manager2

Click on Add Buttons

Traffice manager3

Provide the Traffic Manager name :

Routing method : Select the Routing method as per o your organization Requirements.

  • Performance Method

Performance traffic routing method allows you to direct traffic to the endpoint with the lowest latency from the client’s network

  • Weighted Method:

Common traffic routing method pattern is to provide a set of identical endpoints, which include cloud services and websites, and send traffic to each in a round-robin fashion

  • Priority Method: 
  • It is use for website mode, As Azure Websites already provides failover functionality for websites within a datacenter (also known as a region). Traffic Manager provides failover for websites in different datacenters.
  • Geographic Method

Geographic traffic routing method allows you to direct traffic to specific endpoints based on the geographic location where the requests originate

Then click on Create. Once the Traffic manager is created select the traffic manager and see the properties.

Traffice manager4

Overvices:

This Tab will show you how and where your traffic manager services are deployed .

  • Resource Group
  • DNS server
  • Subscription
  • Routing method etc

overview

Access Control (IAM) :

It is Role based access authentication for Traffic manger , If you want someone from you team to manage the Azure traffic Manager or you want to restricts the access to other department that you want to  add that user in IAM and limited the access to particular user.

IAM.JPG

Activity Log:

It will show the traffic manager activity logs which will help us to manager traffic manager incase it is not working.

Activity Logs.jpg

Tags: 

Tags are name/value pairs that enable you to categorize resources and view consolidated billing by applying the same tag to multiple resources and resource groups

Tags

Diagnose and Solve Problems

This will help us to analyze the issue and provide link which will help us to troubleshoot the Traffic manager related issue.

Diagnostics and solve problem

Configuration

Configuration tab will show how you have configured the traffice manager and you can change the setting as per your requirements.

Performance : We can use this method when our endpoints are deployed in different geographic location, and you want to use the one with the lowest latency.

Priority: We can use this method when we want to select an endpoint which has highest priority and available

Weighted: We will use the method when we want to distribute traffic across a set of endpoint as per the weights provided.

DNS TTL :The Value controls how often the clients local caching name server will query the traffic manager system for updated DNS entries. Any changes that occurs with traffic manager such as traffic routing method changes or changes in the availability of added endpoints .IT will take this period of time to be refreshed throughout the global system of DNS server.

Endpoints: Traffic manager Can monitor your services to ensure they are available for monitoring to workforces, We must set it up the same way for every endpoint with in this profile.

We can specify the protocol ,the post and the relative path. Traffic manager will try to access the file specified in the relative path via the defined protocol and port too check for uptime.

Port: Port number of the services.

Path: Define the path of the services.

Probing Interval:-Configure the time interval between endpoints health probes.

Tolerated Number of Failure: Configure the number of health probe failures tolerated before an endpoint failure is triggered you can enter a number between 0 and 9

Probe Timeout :- Configure the time required before an endpoint health probe time out. The value must be at least 5 and smaller than the probing interval value.

configuration

Traffic manager Endpoints

Click on the Add Tab

Add the Endpoints which you want to create based on your services and as per your organization requirements.

Below are the 3 traffic Endpoints.

  • Azure endpoints are used for services hosted in Azure.
  • External endpoints are used for services hosted outside Azure, either on-premises or with a different hosting provider.
  • Nested endpoints are used to combine Traffic Manager profiles to create more flexible traffic-routing schemes to support the needs of larger, more complex deployments.

Please provide the Name Of the Endpoint.

Targeted Resources: Select the below Services where we want to enable the Traffic manager endpoints.

Cloud Services: This services basically used in Classic deployment model.

App Services : If you want to apply the traffic manager for your web apps you can try here.

App Services Slot : It is basically used for azure web apps slot like testing/Dev etc environments.

Public IP address : Traffic manager can be applied on Public to address when ever traffic is more in public ip it will route the traffic based on your configuration.

cccc

Properties: 

Properties is something where you can found all the resource related information.

Properties.jpg

Lock

Add Lock is something where you can remove the access to delete the access or Provide the read only access.

Add locks

Automation

This can be used for automated the traffic manager creation and configuration.

automation

Assign Static IP Address In Azure VM.

Why we assign static IP/Private  address in Vms/Services ?

Application requirements – Web applications, SQL database, Domain servers etc need to connect with fixed IP/Static IP address.

if it’s a Web application/SQL database VM then it’s important to have static IP address so Web application/SQL Database  settings always can refer the same ip address and there will be no change .

Security – when VM uses static IP addresses we can create firewall rules and deploy the Application easily. So we can control over the internet or applications traffic flow.

As in Azure, static IP address (public) is count as a service so there will be addition charge for it.

Why it is needs in Windows Azure Environments.

In Windows azure platform if you are creating an web application ,vm or  other services then Dynamic IP address will assign automatically and can be changed to Static IP address.

Note: I would always suggest that if you are moving the On-premises workloads to Azure or running critical application on Azure then please change dynamic IP address to static IP address so We no need to change the application configuration regularly in case of reboot or application failed due to heavy traffic etc.

Difference Between Static IP Address and Dynamic IP Address:-

Static IP address: Static IP address is your fixed IP Address So it can not change automatically and Your application will rum smoothly as per your configuration.  We use Static IP address for most trusted devices. Example: Web application,SQL server Load balancer, Network Devices etc.

Dynamic IP Address:  Dynamic IP Address is something which is assign automatically to our device by DHCP Server and it can be changed while rebooting the VMs, restarting Web application and every time it will assign the new ip address form the DHCP.

 How to Assign the Static IP address in Azure VM using the Resource manager Portal.

  • Select the VM you want to Assign the public IP address
  • Click on the Overview
  • Select the Public IP address
  • Select the Configuration
  • Change the Mode Dynamic to Static .
  • If you would like to add your DNS IP address then please provide the DNS IP address which is register with your DNS provider.

static IP 1

Select the Statu Dynamic to Static and save it. Changes will take max 5 min to complete

Static IP

 

Connect On premise with RAAS

 

RRAS Server setup and  Configuration for Site to Site connection

Please connect RAAS server you want to configure the Site to site VPN connection using the RAAS

Prerequisite:

Please go to the Ethernet card or NiC card network properties.

  • Unchecke  all the settings except for  TCP/IPv4 protocol.
  • Go to the properties of TCP/IPv4 and Select the properties.
    • IP Address
    • Gateway
    • DNS Servers

RAAS net1

  • Select the  TCP/Ip V4 and Click on properties.
  • Thank click on advance

 

RAAS net2

  • Click on the WINS
  • Disable NetBIOS over TCP

RAAS net 3

  • Please install the Remote Access services in Server 2012 R2 ,2008,or 2016 Server as per your requirement.
  • Open Server Manager. Select Manage -> Add Roles and Features.

On the Add Roles and Features Wizard ->Add Roles and Features.

  • Before You Begin: Click Next

RAAS1Installation Type: Role-based -> Click NextRAAS2

  • Server Selection: Select a server from the server pool -> RRAS-Server -> Click Next

RAAS3

  • Server Roles: Check Remote Access -> Click Next

RAAS4

  • Features: Click Next

RAAS5

RAAS6

  • Remote Access: Click Next
    • Role Services:
      • Direct Access and VPN (RAS)
        • Click Add Features on the pop-up window
      • Routing
      • Click Next
  • Web Server Role (IIS): Click Next
    • Role Services
      • Accept Defaults: Click Next

RAAS7

Web server Role will Install automatically with Remote access services.

RAAS8

 

RAAS9

 

  • Confirmation: Click Install

RAAS 10

Once it is Install  Pleas close the setup.

Open the Routing and Remote Access Server Setup Wizard

Routing and remote 1

  1. Configure and enable Routing and Remote Access

remote and routing 3

Once you will click configure and enable routing Remote access you will get welcome wizard.

Routing and remote 4

Click on Secure Connection between 2 private network.

Routing and remote 6

Demand Dial Connection Click Yes

routing and remote 7

Assign Address Automatically

routing and remote 8

Completing the Routing and Remote Access Server Setup Wizard: Click Finish

routing and remote 9

The Demand-Dial Interface Wizard will appear.

  1. Welcome to the Demand-Dial Interface Wizard: Click Next

deman-Dial in 1

Interface Name: Type in Remote access  or As per your organization standard Name , click Next

deman-Dial in 2

Connection Type: Select Connect using virtual private network (VPN), click Next

deman-Dial in 3

VPN Type: Select IKEv2, click Next

deman-Dial in 4

Provide the Virtual network gateway Public IP address which is required to connect to azure network.

deman-Dial in 5

Select Route IP Packets on this interface.

deman-Dial in 6

Provide the IP address range of your azure VNet configuration so it will start using you Vnet configuring

deman-Dial in 7

Provide Azure Connection Shared key (PSK) for authentication.

deman-Dial in 8

Finish the setup.

deman-Dial in 10

 

Site to Site VPN connection Setup  and Configuration

  • Please longing to Azure Portal
  • Click on Networking –> Click on connection
  • Select the Basic Configuration:
  • Provide the connection Type: Site to Site (IPSec)
  • Subscription Name:
  • Resource Group name
  • Location of your Vnet

connection 1

Please Select the gateway which you have created in Same Region.

Second virtual network Gateway is your local network Gateway select the same.

Please Provide the connection name

Please provide the shared access key to use to provide in you RAAS server to authenticate the Site to site VPN connection.

connection4

Once this is done , Please check and verify the connection:

Check The Status : It should Be connected not connecting

Check the Data in and out it should not be in one way data in or out. Then there is some configuration need to re-verify of your connection will not established.

connection 10

Now Enjoy useing your On-premises connectivity to azure and do more testing for learning purpose & it is not f

 

Connect to you On-premises Network From Azure: Site to Site VPN (ARM)

What is Site to Site VPN

Site-to-site VPN is a type of VPN connection that is created between on your azure and On-premises locations. It provides the ability to connect geographically separate locations or networks & usually over the public Internet connection or a WAN connection.

A Site-to-Site VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. this types of VPN connection required a VPN device located on-premises that has an externally facing public IP address assigned to it.

How to Create Site to Site VPN

 

Prerequisite: —

Verify Below Criteria before you will create the site to site connection:-

  • Please Verify in which Azure model (Classic or Resource manager )you want to create the Site to site connection. These two models are not completely compatible with each other.

 

  • Before we start the configuration and deployment we should know on which model we need to deploy as both the model are not compatible with each other.

 

  • Microsoft has always  recommend to use the Resource Manager deployment model.

 

  • It’s very important point to verify the compatible VPN device which supports the Site to site, Multi site etc. VPN connectivity through route based protocol and Network Engineer who will configure this Device because MS has so many vendor who will provide the their image.

 

  • We required an externally facing public IPv4 IP address for our VPN device. This IP address cannot be located behind a NAT.

 

  • If we are not unfamiliar with the IP address ranges located in your on-premises network configuration, Please coordinate with your network administrator who can provide the IP Range, Subnet and other required details.

 

  • When We  create this configuration, We must specify the IP address range prefixes that Azure will route to your on-premises location.

 

  • None of the subnets of our  on-premises network can overlap with the virtual network subnets that we want to connect .

Step: 1:- Create Virtual network using below link.

Setup and Configuration Vnet

To create Teh Vnet we should have below required details and if you are working with project then please contact your network administrator before you will proceed further.

Below things are optional and it is not related to any network , For example i will provide the details

  • Virtual Network Name: Rcloud
  • Address Space Range: 
    • 10.30.10.0/16
    • 10.14.0.0/16 (optional for this exercise)
  • Subnets:
    • FrontEnd: 10.30.10.0/24
    • BackEnd: 10.14.0.0/24 (optional for this exercise)
  • Subnet Gateway: 10.31.255.0/27
  • Resource Group: Rcloud
  • Location: East US
  • DNS Server:  We can choose the default IP address of DNS serve till the time you didn’t integrate your VPN to Azure.
  • Virtual Network Gateway Name: Rcloud
  • Public IP Name: VNet1GWIP
  • VPN Type: Route-based
  • Connection Type: Site-to-site (IPsec)
  • Gateway Type: VPN
  • Local Network Gateway Name: Rcloud1
  • Connection Name: Azure to On premises

Step2: Specify a DNS server

DNS is not required to create a Site-to-Site connection. However, if we want to have name resolution for resources that are deployed to your virtual network.

We should specify a DNS server either Default or On-premises DNS Server.

This setting lets us specify the DNS server that we want to use for name resolution for this virtual network.

Virtual network DNS1

Step 3: Create the gateway subnet

Virtual network gateway uses specific subnet called the ‘GatewaySubnet’. The gateway subnet contains the IP addresses that are used by the VPN gateway services.

  • When we create a gateway subnet, it must be named ‘GatewaySubnet’. Naming a subnet ‘GatewaySubnet’ tells Azure where to create the gateway services.
  • If we name the subnet something else, Our VPN gateway configuration will fail.
  • The IP addresses in the GatewaySubnet are allocated to the gateway services. When we create the GatewaySubnet, We specify the number of IP addresses that the subnet contains.
  • The size of the GatewaySubnet that we specify always depends on the VPN gateway configuration that we want to create.
  • Hence it is possible to create a GatewaySubnet as small as /29 and Microsoft recommend that we can create a larger subnet that includes more addresses by selecting /27 or /28.
  • Using a larger gateway subnet allows for enough IP addresses to accommodate possible future configurations.
  1. In Azure portal, navigate to the virtual network for which you want to create a virtual network gateway.
  2. In the Settingssection of your VNet blade, click Subnets to expand the Subnets blade.
  3. On the Subnetsblade, click +Gateway subnet at the top. This will open the Add subnet

S2S gateway

Add the Subnet gateway

S2Ssubnet range

Step-4: Create a VPN Or Virtual Network gateway.

Prerequisite :-

Virtual Network Gateway name: Please provide the Virtual network name your organization naming convention.

Gateway Type : Vnet gate way are 2 Types. It is basically how you wan to connect to your on-premises VPN devices.

VPN Types are :

Site to Site :

A Site-to-Site (S2S) VPN gateway connection is a connection over IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. S2S connection requires a VPN device located on-premises that has a public IP address assigned to it and is not located behind a NAT.

S2S connections can be used for cross-premises and hybrid configurations.

Note: It is connection over the Public IP which extend your data center using the VPN device to Azure.

  • Point to site :A Point-to-Site (P2S) VPN gateway connection allows you to create a secure connection to your virtual network from an individual client computer. P2S is a VPN connection over SSTP (Secure Socket Tunneling Protocol).

Note: It is a connection where you can connect your Azure VMs useing a VPN connection.

  • Express Route : Microsoft Azure Express Route lets you extend your on-premises networks into the Microsoft cloud over a dedicated private connection facilitated by a connectivity provider

Note: It is private connection from your datacenter to Azure by Dedicated private Facilitated by your ISP which will allow O365,O365 Dynamics MS azure or cloud services  connect directly using as Site to site or Point to Site  connectivity.

Services Point-to-Site Site-to-Site ExpressRoute
Azure Supported Services Cloud Services and Virtual Machines Cloud Services and Virtual Machines Public Peering
Power BI
Dynamics 365 for Operations (formerly known as Dynamics AX Online)
Most of the Azure services with a few exceptions below
CDN
Visual Studio Team Services Load Testing
Multi-factor Authentication
Traffic ManagerMicrosoft peering
Office 365
Dynamics 365 (formerly known as CRM Online)
Dynamics 365 for Sales
Dynamics 365 for Customer Service
Dynamics 365 for Field Service
Dynamics 365 for Project Service
Typical Bandwidths Typically < 100 Mbps aggregate Typically < 1 Gbps aggregate 50 Mbps, 100 Mbps, 200 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, 5 Gbps, 10 Gbps
Protocols Supported Secure Sockets Tunneling Protocol (SSTP) IPsec Direct connection over VLANs, NSP’s VPN technologies (MPLS, VPLS,…)
Routing RouteBased (dynamic) We support PolicyBased (static routing) and RouteBased (dynamic routing VPN) BGP
Connection resiliency active-passive active-passive or active-active active-active
Typical use case Prototyping, dev / test / lab scenarios for cloud services and virtual machines Dev / test / lab scenarios and small scale production workloads for cloud services and virtual machines Access to all Azure services (validated list), Enterprise-class and mission critical workloads, Backup, Big Data, Azure as a DR site

SKU: Below are SKU are provided by Microsoft team.

SKU S2S/VNet-to-VNet P2S Aggregate
Tunnels Connections Throughput
VpnGw1 Max. 30 Max. 128 500 Mbps
VpnGw2 Max. 30 Max. 128 1 Gbps
VpnGw3 Max. 30 Max. 128 1.25 Gbps
Basic Max. 10 Max. 128 100 Mbps

Public IP : We  have create the new public IP address which will be use for virtual network gateway . Please provide the name as per your organization naming convention.

Subscription : Under which subscription you need to create the Vnet gateway

Resources Group :You Resource Group name under  you have created teh Virtual Network

Location: Location of your VPN devices location or near to your data center.

1: Go to search Button  and search Virtual network gateway

virtual network Gateway1

Click on Add Virtual Network.

azure virtual network 2

Provide the Configuration As per your organization required.

virtual network Gateway2

Click Create and it will take around 45 min to complete.

Step-5: Create the Local Network Gateway

Local network gateway refers to your on-premises location.which gives you site name which you can specify in azure ,Than specify the IP address of the on-premises VPN device to where you will create a connection. we also specify the IP address prefixes that will be routed through the VPN gateway to the VPN device.

The address prefixes you specify are the prefixes located on your on-premises network. If we have on-premises network changes or we need to change the public IP address for the VPN device, we can easily update the values later.

  1. In the portal All resources, click Add Button
  2.  Click Networking – Select – Local network gateway, then click to search. This will return a list. Click Local network gateway to open the local network gateway properties, then click Create to open the Create local network gateway .
  3. Please provide the Public IP Address of your RAAS Device or VPN Device IP
  4. Just type on Google What is my IP you will get the Public IP address. this is recommend only for testing purpose RAAS device.
  5. local network Gateway.JPG
  6. Click on Create , Once the Local  network created please configure the VPN device and configure the Site to site connection using the local network gateway and virtual network gateway.

RAAS VPN Device configuration & S2S connection

Azure VPN or Virtual Network (Vnets)

What Azure Virtual Networks ?

Azure Virtual Networks is secure way to connect Azure resources & each other with virtual networks (VNets).A VNet is a represent of your own network in the cloud.
VNet is a logical isolation of the Azure cloud dedicated to your subscription. We can also connect VNet to our on-premises network.

Azure Virtual Network capabilities

  •  Isolation:  

VNets are isolated  & We can create separate VNets for development, testing, and production using the same CIDR address blocks. We can create multiple VNets that use different CIDR address blocks and connect networks together. We can segment a VNet into multiple subnets. Azure provides internal name resolution for VMs and Cloud Services role instances connected to a VNet. We can optionally configure a VNet using our DNS servers, instead of using Azure internal name resolution.

“CIDR : Classless Inter-Domain Routing, called as super-netting is a way to allow more flexible allocation of Internet Protocol (IP) addresses than it was possible with the original system of IP address classes or Basically it defines the range of IP address.”

  • Internet connectivity:

Azure VMs and Cloud Services role instances connected to VNet, so they have access to the Internet and We will enable the inbound access to specific resources based on requirements.

  • Azure resource connectivity:

Azure resources such as Cloud Services and VMs can connect to the same VNet. The resources can connect to each other using private IP addresses, even if they are in different subnets.
Azure provides default routing between subnets, VNets, and on-premises networks, so we don’t have to configure and manage routes.

  • VNet connectivity:

VNet can be connected to each other & connect to any VNet to communicate with any resource on any other VNet.

  • On-premises connectivity:

VNet can be connected to on-premises networks through private network connections between our network and Azure,or through a site-to-site VPN connection over the Internet.

  • Traffic filtering:

VM and Cloud Services instances role can be filtered inbound and outbound traffic by source IP address and port, destination IP address and port,and protocol in network traffic.

  • Routing:

You can optionally override Azure’s default routing by configuring your own routes,or using BGP routes through a network gateway

How to Create the Virtual Networks ?

  • Please logging to the Azure portal & if you don’t have azure portal than please,

    sign up for a free one-month trial.

  • Click on the New (Plus Tab)
  • Select networking
  • Select the virtual network
  • Please provide the Virtual Network Name
  • Address Spaces  (The virtual network’s address range in CIDR notion) – Please ask your network administrator to provide the Address space if you are planning to configure in Production Environment.
  • Pleas Provide the Subnet name as per your requirements because you might be remember during the VPN configuration or VM creation.
  • Subnet Address range:The subnet’s address range in CIDR notation.It must be contained by the address space of the virtual network. The address range of a subnet which is in use can’t be edited .
  • Note: Please ask your network administrator to provide the Address space if you are planning to configure in Production Environment.
  • Subscription Name 
  • Resource Group name :- Pleas keep all the resource in the same Resource group so while creating the S2S ,P2S etc VPN it will work fine.
  • location : Please select the location as per your nearest region
  • Click on Create and wait for 5 to 10 minutes.

azure vpn1

  • Once it is created it will be looks like below.
  • Please check the Vnet Properties and configuration.

vpn1

Overview: In overview tab it will show the address range ,location,subscription and other related details of your Vnets.

VPN overview

Activity Logs

 

VPN activity logs

Tags:Tags are name/value pairs that enable you to categorize resources and view consolidated billing by applying the same tag to multiple resources and resource groups

VPN tags

Address Spaces : The virtual network’s address range in CIDR notion

VPN address space

Connected Devices: This tab will show how many devices or services are connected to this V-net.

vpn connected devices

Subnets: We can add the addition subnet if it is required and we can Subnet gateway to create the site to site VPN.

subnets

DNS Servers: We can add the default or custom domain server as per our requirements.

VPN DNS

Peering: Enables resources connected to different Azure VNets within the same Azure location to communicate with each other. The bandwidth and latency across the VNets is the same as if the resources were connected to the same VNet.

VPN peering1

We can add the peer network as per our requirements. 

  • Provide the Name
  • peer Details (ARM or ASM)
  • Subscription ID
  • Virtual Network apart form your network or Vnet yo want to peer.
  • Enable the configuration Allow forward traffic/gateway Transit/Remote gateway.

vpn peering

Properties: It will show your properties of you Vnet.

VPN properties

Locks: In this tab we can lock the resource Group of Vent group for deleting/Editing.

VPN lock

Automation Script: It is used to deploy Vnet with ARM script.

vpn automation script

Diagram : This will show how many devices are connected .

Diagram

Note:- I will cover Site to site VPN in next Blogs. Please do like and comments if you like the blog.

 

 

Azure DNS Records and limitations

DNS records

 Record names

Azure DNS are specified by using the relative names and fully qualified domain name (FQDN) includes the zone name.

Note:-  Relative record name ‘www’ in the zone ‘Rcloud.com’ than the fully qualified record name would be ‘www.Rcloud.com’.

Record types

Every DNS record has a name & type. DNS Records are organized into various types according to the data they contain. Most common type is an ‘A’ record, which maps a name to an IPv4 address & another common type is an ‘MX’ record, which maps a name to a mail server.

Azure DNS supports all common DNS record types: A, AAAA, CNAME, MX, NS, PTR, SOA, SRV, and TXT.

Note that SPF records are represented using TXT records.

Record sets

Record set are where you will have 2 different IP address associated with one domain Name.

If you have an commercial website and your websites require 2 different IP address for failover or reduce the traffic then you can use the record set.

Azure DNS manages all DNS records using record sets. A record set (also known as a resource record set) is the collection of DNS records in a zone that have the same name and the same type.

How to create Record Set:-

  • Select the DNS server
  • Click on Record Set
  • Add the record set

recordset1

Time-to-live

Time to live, or TTL, specifies how long each record is cached by clients before being re-queried. The TTL value is  3600 seconds or 1 hour and we can customized between 1 and 2,147,483,647 seconds.

Wildcard records:

Wild card records are  sent the query with the matching domain name unless there no closer matching name from non-wildcard record set.

Note: We can create the wild card record with ‘*’  ie: ‘*”rcloud’.

A Record:- 

A record maps a domain to the physical IP address of hosting domain. Internet traffic uses the A record to find the computer hosting on your domain’s DNS settings.

The value of an A record is always an IP address, and multiple A records can be configured for one domain name.

A record

AAA Record:- 

A record is to the IPv4 address space, the AAAA record (also known as a quad-A record) is to the IPv6 address space.

AAA Record

CNAME records:

CNAME record called as  Canonical Name record  ) is a type of resource record in the Domain Name System (DNS) used to specify domain name is an alias for another domain canonical domain.

  • Click on Record Set
  • Add the CNAME record
  • Provide the name
  • Type: Cname
  • TTL Value as per your origination
  • TTL unit as per your origination
  • Allias for your CNAME records.

Cname record

MX Record

Mail exchanger record (MX record) is a type of resource record in the Domain Name System that specifies a mail server responsible for accepting email messages on behalf of a recipient’s domain

MX record

NS Records

NS record is a DNS record that lists an authoritative name server for a domain. A domain name can have multiple NS records

nsrecord

Service record (SRV record)

Service record (SRV record) is a specification of data in the Domain Name System defining the location, i.e. the hostname and port number, of servers for specified services.

SRV record

TXT record (short for text record) is a type of resource record in the Domain Name System (DNS) used to provide the ability to associate with some custom name  and unformatted text with a host.

TXT record

PTR Records

The Pointer (PTR) record provides data for reverse DNS, which is used for logging the domain name and verification purposes. Also called inverse DNS.

ptr record

 

Azure DNS Limits

Continue reading “Azure DNS Records and limitations”

Bring your on Azure DNS

What is Azure DNS  (Domain Name System)?

Azure DNS or DNS is responsible for translating (or resolving) a website or service name to its IP address.

Azure DNS is a hosting service for DNS domains, providing name resolution using Microsoft Azure infrastructure.

Hosting your domains in Azure, We can manage our DNS records using the same credentials, APIs, tools, and billing as we are using for other Azure services.

Advantage and Feature of azure DNS

  • Reliability and performance 

Azure DNS are hosted on azure global network of DNS, So we can use to any cast networking and each DNS query is answered by the closed available DNS server.
It will provide fast performance and high availability for your domains.

AnyCast is a process for routing network traffic where the sender delivers packets to a destination that is nearest to sender location.

  • Seamless integration –

The Azure DNS service are used to manage DNS records for your Azure services and it can be used to provide DNS for our external resources as well.
Azure DNS is integrated are available in the Azure portal and it uses the same credentials, billing and support contract as your other Azure services.

  • Security –

The Azure DNS service is based on Azure Resource Manager. It’s benefits from Resource Manager features such as role-based access control, audit logs, and resource locking. Our domains and records can be managed with Azure portal, Azure PowerShell cmdlets & cross-platform Azure CLI.
Applications requiring automatic DNS management can integrate with the service via the REST API and SDKs.

Creating  Azure DNS Server

Please follow the below notes before creating a DNS zone in Azure DNS:

  • The name of the zone must be unique within the resource group, and the zone must not exist already. Otherwise, the operation fails.
  • The same zone name can be reused in a different resource group or a different Azure subscription.
  • Where multiple zones share the same name, each instance is assigned different name server addresses.
  • Only one set of addresses can be configured with the domain name registrar.

DNS zones

DNS zone is used to host the DNS records for a particular domain. If we need host our domain in Azure DNS, We need to create a DNS zone for that domain name and  Each DNS record for our domain & then created inside this DNS zone.

Example: The domain ‘Rcloud.com’ may contain several DNS records, such as ‘mail.rcloud.com’ (for a mail server) and ‘www.rcloud.com’ (for a web site).

Prerequisite :-

  • Azure Subscription Access.
  • Name of DNS server as per your organization .
  • Your subscription , you need to create the Azure DNS server .
  • Resource Group.
  • Resource Group location

Creating DNS server in Azure

DNS1

Click on DNS server and Click on add buttons.

dns2

  • Provide the DNS Server name
  • Subscription name
  • Resource Group
  • Resource group location
  • Click on create.

DNS 3

Once your DNS Azure DNS server will created than you will get all the record created on the Azure DNS server.

DNS 4

DNS zones

DNS zone is used to host the DNS records for a particular domain. If we need host our domain in Azure DNS, We need to create a DNS zone for that domain name and  Each DNS record for our domain & then created inside this DNS zone.

Example: The domain ‘Rcloud.com’ may contain several DNS records, such as ‘mail.rcloud.com’ (for a mail server) and ‘www.rcloud.com’ (for a web site).

 

Blobs, File, Tables and queue storage configuration

Storage account are covered below sub storage accounts where your data will store and data will be segregated in storage account as per your services accordingly.

Blob Storage:

Blob storage stores unstructured object data.A blob can be any type of text or binary data, such as a document, media file, or application installer.Blob storage is also referred to as Object storage.

Table storage:

Table Storage stores structured data sets. Table storage is a NoSQL key-attribute data store, which allows for rapid development and fast access to large quantities of data.

Queue storage:

Queue Storage provides reliable messaging for workflow processing and for communication between components of cloud services.

File storage:

File Storage offers shared storage for legacy applications using the standard SMB protocol. Azure virtual machines and cloud services can share file data across application components via mounted shares, and on-premises applications can access file data in a share via the File service REST API.

Container 

Azure Container services is part of blob services and are used to keep the .VHD files etc.

if you are creating the VMS then the VHD files will be store in the Container.

Even it is type of blob where your data will keep your data ,files and folders to access from  different sources.

Blob1

CORS:

It is basically use for development work and website configuration.

CORS is an HTTP feature that enables a web application running under one domain to access resources in another domain. Web browsers implement a security restriction known as same-origin policy that prevents a web page from calling APIs in a different domain. CORS provides a secure way to allow one domain (the origin domain) to call APIs in another domain.
You can set CORS rules individually for each of the storage services (i.e. blob, file, queue, table). Once you set the CORS rules for the service, then a properly authenticated request made against the service from a different domain will be evaluated to determine whether it is allowed according to the rules you have specified.

 

Example: Javacode has loaded to as part of  http://www.rcloud.com can’t issue request at to any other domain such as http://www.TestRcloud.com.

Allow Origins:
A comma-separated list of origin domains that will allowed via Cors, or “*” to allow domains.
there are limited to 64 origin domains. each allowed origin can have up to 256 Characters.

Allowed Verbs:
The methods (HTTPS Request verbs) that the origin domain may use for a cors request.
like Delete,get, Head, mearge, Post Option Put.

Allowed headers:
The request headers that the origin domain may specify on the CORS request. there are the limited to 64 defined headers and 2 prefixed headers. Each headers cab be up to 256 characters

Exposed Headers:

The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer.

Maximum Age (Seconds):
The maximum Amount time that a browser cache the preflight option request.

Cors

 

Costom Domain

It is use to set the custom domain such as you origination name with Azure Blobs.

so we ever you will browse your costum domain name thee it will automatically directed your request to Azure blobs which you have configured custom domain.

Configure a custom domain for accessing blob data in your Azure storage account, like www.contoso.com. There are two methods you can use to set up a custom domain.

  1. Create a CNAME record with your DNS provider that points from your domain (like www.rcloud.com) to rcloud1.blob.core.windows.net. This method is simpler, but results in a brief downtime while Azure verifies the domain registration.
  2. Create a CNAME record with your DNS provider that points from the “Rcld” sub-domain (like asverify.www.rcloud.com) to Rcld.rcloud1.blob.core.windows.net. After this step completes, you can create a CNAME record that points to rcloud1.blob.core.windows.net. This method does not incur any downtime. To use this method, select the “Use indirect CNAME validation” checkbox

Encryption 

Storage service encryption protects your data . Azure Storage encrypts your data as it’s written in our data centers, and automatically decrypts it for you as you access it.
Currently, this feature is available for Azure Blobs and Files.
Note that after enabling Storage Service Encryption, only new data will be encrypted, and any existing files in this storage account will remain unencrypted.
encryption
Azure Content Delivery Network

The Azure Content Delivery Network (CDN) is designed to send audio, video, images, and other files faster and more reliably to customers using servers that are closest to the users.

This dramatically increases speed and availability, resulting in significant user experience improvements.

 

CDN

Azure Search

Azure Search  is a search solution that makes it easy for developers to add robust full-text search experiences to web and mobile applications.

Azure Search

Metrics

Azure metrics are used to show your total request , Latency and success percentage .

Which will help us to understand how many web request are fails/Success   and howz the latency we are getting the azure web apps.

Azure metrics

 

Usage

This will shows , Usage of the blobs and containers counts etc.

You can add alert while clicking on edit buttons and add the alert as per your requirements.

usage

File Storage

File storage account is used to keep and share the data for development work , Files share , VHDs etc. It is only supported till 5 TB of data.

We can create multiple Azure file share server and limit of  5 TB storage of Data.

FILE

file server

CORS:

File storage account also supports the cores. Please take a look of azure Blobs section to know more about cores.

Cors

Encryption 

Storage service encryption protects your data . Azure Storage encrypts your data as it’s written in our data centers, and automatically decrypts it for you as you access it.
Currently, this feature is available for Azure Blobs and Files.
Note that after enabling Storage Service Encryption, only new data will be encrypted, and any existing files in this storage account will remain unencrypted.
encryption

Metrics

Azure metrics are used to show your total request , Latency and success percentage .

Which will help us to understand how many web request are fails/Success   and howz the latency we are getting the azure web apps.

Azure metrics

 

Queue Services:

Queue Storage provides reliable messaging for workflow processing and for communication between components of cloud services.

queue

CORS:

File storage account also supports the cores. Please take a look of azure Blobs section to know more about cores.

Cors

Metrics

Azure metrics are used to show your total request , Latency and success percentage .

Which will help us to understand how many web request are fails/Success   and howz the latency we are getting the azure web apps.

Azure metrics

Create & manage Azure Storage account

How to Create Storage account

1: Sign in to the Azure portal.

2: On the Hub menu Click on search then search storage ->select  Storage -> Storage account.

storage account0

3: Enter a name of  your storage account as per your organization standard Name.

4: Specify the deployment model to be used: Resource Manager or Classic.

Resource Manager is the recommended deployment model .

5: Select the type of storage account: General purpose or Blob storage.

“If General purpose was selected, then specify the performance tier: Standard or Premium. The default is Standard.”

6: Select the replication option for the storage account: LRS, GRS, RA-GRS, or ZRS. The default is RA-GRS. For more details on Azure Storage replication.

Note: Pleas follow my blog to understand the storage and LRS, GRS, RA-GRS, or ZRS.  https://rcloudweb.wordpress.com/2017/06/21/azure-storage-account-overview-easy-to-understand/

7:  Please Select the subscription in which you want to create the new storage account.

8: Specify a new resource group or select an existing resource group. For more information on resource groups

9: Select the geographic location for your storage account: Ex- East US, Central US, West US etc.

10: Click Create to create the storage account.

storage account1

11: Select to pin to Dashboard if you want your services would be shown to Azure dashboard after creating .

Storage account endpoints: 

Azure account Endpoint are useful for the accessing the blob services,Table Services,Queue services & File services to access the data , Share the Data etc.

YourStorageAccountName = Storage account Name provided by you while creating the storage Account  and it will follow the naming convention as per Storage services blew.

Blob service: http://YourStorageAccountName.blob.core.windows.net

Table service: http://YourStorageAccountName.core.windows.net

Queue service: http://YourStorageAccountName.queue.core.windows.net

File service: http://YourStorageAccountName.file.core.windows.net

Manage your storage account

Once the We have created the storage account the please look it the Storage account settings in Details below

Overview:  It will show all the storage accounts and there usage etc details.

It will show your all the Storage account types like : Blob storage, Tables storage, File  storage  and Queue storage. While clicking on those storage you can access these  sub storage .

storage account3

Azure storage oveview

Activities Logs: Activities logs are the just like a events logs of your services or It will show complete activity logs on your storage account.

activity logs

Access Control (IAM) : It is Role based access authentication for storage accounts , If you want some from you team to manage the storage accounts or you want to restricts the access to other department that you can add that user in IAM and limited the access to particular user.

Access Control

Tags: Tags are name/value pairs that enable you to categorize resources and view consolidated billing by applying the same tag to multiple resources and resource groups.

tags

Diagnose  and Solve Problem:  It is MS azure Knowledgebase solution , It is collection of common scenarios solution where we can go through the solution and try to fix the issue Common Scenario  are below and more you can find in azure portal.

  • I can’t delete my storage account
  • Move Data to, from, or within Azure Storage
  • Need help with Import/Export
  • My VM/Disk is slow My storage service is slow

Diagnose and Solve Problems

Access Keys:- Use access keys to authenticate your applications when making requests to this Azure storage account. Store your access keys securely – for example, using Azure Key Vault – and don’t share them. We recommend regenerating your access keys regularly. You can found two access keys so that you can maintain connections using one key while regenerating the other.

Access key are used to access the Azure storage account and it components : File storage, Blob Storage etc.

access keys

Configuration : The cost of your storage account depends on the usage and the options you choose below.

If we want to change the configuration then we can change while selecting the below option .

Performance : We can chooses Standard and Premium storage accounts basses on the organization needs.

Secure Transfer: IF you wan to transfer data or files securely then please enable this option.

Replication : You can change the Replication option like LRS,ZRS,GRS,RA-GRS

Configuration

shared access signature : A shared access signature (SAS) is a URI that grants restricted access rights to Azure Storage resources. You can provide a shared access signature to clients who should not be trusted with your storage account key but whom you wish to delegate access to certain storage account resources. By distributing a shared access signature URI to these clients, you grant them access to a resource for a specified period of time

Note: Basically it is used for the development work and if you want to share some Development data or API work to client with restricted access please try this.

Shared access Signature

Properties : Storage account properties is basically show what is configuration you have choose while creation of storage account : like: location, Name , Resource ID etc.

properties

Automation Script:  Automate deploying resources with Azure Resource Manager templates in a single, coordinated operation. Define resources and configurable input parameters and deploy with script or code

“If you want to create the Create the storage account  using JASON then u can try this option.”

Automation Script

For Blobs, File, Tables and queue storage properties and configuration will add in next Blog.