Azure VMs Reboot and Maintenance Alerts

How to enable the Azure VMs reboot alert in azure portal, as this been problem where to raise an alert and what services need chose to select those alert and how to add those alert in through Azure alerts or native solution -Log analytics .

In this blog post i am sharing my experience to enable the alerts if VMs got reboot, stopped, deallocated, started and other operation which may cause the business impact.

We can configure the below Alert through Azure Alerts.

Restart alert-2.jpg

 

Step:1- Alert Configuration 

  • Select the VMs or services you want to configure the alerts.
  • Go to monitoring tab and click on Alerts.
  • Click on the Add Activity Log Alerts.

Restart alert1.jpg

Step 2: Alert Configuration as per Service Monitoring .

  • Once you will click on Add Alerts, you will get the below windows.
  • Select the Log Alert name
  • Descriptions
  • Subscription
  • Proper Resource Group Name.
  • Event Category : Administrator 
  • Resource Type. Virtual Machine (Microsoft.compute/Virtual Machine)
  • Resource Group.
  • Operation Name: Restart .
  • Level : Critical , Low Medium.
  • Status: Started,  Failed , Succeeded.
  • Select the

Restart alert.jpg

Step-3: Email Alert Settings.

  • Click on Action
  • Add New Group
  • Select the Name
  • Email ID
  • Select Ok
  • Alert Notification has been created.

Email Alert set.jpg

 

 

Advertisements

AD Authentication for Azure Storage(Public Preview)

It’s been query for almost all the customers and others Azure community members, How to control the storage accounts from specific user ID but at that time there is limitation and “Azure AD Authentication for Azure Storage is not available.” 

It’s most awaited features and improvements of MS azure team and now it’s available for azure Blob storage accounts and Azure queue storage accounts not for Azure File Server.

Recently Microsoft Azure has released the Ad authentication for Azure storage accounts which will help us to provide security and control more granular level.

We can enable the access using the RBAC Roles and can control the access using the azure AD users and can control for specific ID rather then earlier we do share the SAS and Storage accounts key where was the chances to misuse those credentials

Azure Rback_Storage

 Storage Accounts Authentication

  • Please select the storage accounts you want to give the access to users. 
  • Select the IAM
  • Click on Add
  • Select the below Roles :
  • Storage Blob Data Contribute Roles:  It will allow the read, write and delete access to azure storage blob containers and Data.

  • Storage Blob Data reader Roles: It will allow the read access to azure storage blob containers and Data.

  • Storage Queue Data Contribute Roles: It will allow the read, write and delete access to azure storage queue and queue message.

  • Storage Queue Data reader Roles: It will allow the read access to azure storage queue and message.

azure ad authentication.jpg

 

AD Authentication for Azure Storage:

  • Azure AD integration is available for the Blob and Queue services only in the preview.
  • Azure AD integration is available for GPv1, GPv2, and Blob storage accounts in all public regions.
  • It will supports only storage accounts created with the Resource Manager deployment model .
  • Support for caller identity information in Azure Storage Analytics logging is coming soon.
  • Azure AD authorization of access to resources in standard storage accounts is currently supported. Authorization of access to page blobs in premium storage accounts will be supported soon.
  • Azure Storage supports both built-in and custom RBAC roles. You can assign roles scoped to the subscription, the resource group, the storage account, or an individual container or queue.
  • The Azure Storage client libraries that currently support Azure AD integration include:

Please refer the MS Docs:

Authenticate access to Azure Storage using Azure Active Directory

AAD Authentication Reference

 

Azure Storage Encryption

 

It’s been a query for most of customer, how to encrypt data of Azure storage accounts as azure storage  is public cloud and not sure if my storage account data been compromised. Even more on this how we can get an audit complain for azure storage accounts data and many more query .

Now Azure storage encryption feature will help your keen our data encrypted and now can decrypt your data without your permission if you are using “your Own Key” to encrypt the data.

 

Key Feature of Storage Accounts Encryption.

  • Azure Storage  encryption services protects our data at rest.
  • Azure Storage encrypts our data as it’s written in MS Azure  data centers and automatically decrypts for customers based on there usages or Access to the data.
  • Data is encrypted using Microsoft Managed Keys for Azure Blobs, Tables, Files and Queues.
  • We can choose to bring our own key for encryption for Azure Blobs and Files.
  • Encryption for Tables and Queues will always use Microsoft Managed Keys.
Note: After enabling Storage Service Encryption, “only new data will be encrypted” and “Existing files in the storage account will be get encrypted by a background encryption process.”
Lets start and see how we can encrypt the Storage Accounts.

Step 1: Storage Accounts Encryption

  • Select the Storage Accounts you want to get encrypted.
  • Select Encryption Tab under Setting Pane.
  • Click on the encryption.
  • Here you will found Option
  • Enter your Owner Key
  • Select from key Vault.

I am selecting the second option as i don’t have key vault or Own Key.

Azure Storage account1.jpg

Step-2: Azure Key Vault Creations

  • Click on All services and Search Key Vault.
  • Click on the Key Vault
  • Provide the Name
  • Pricing Tire
  • Access Policy
  • Virtual Network if you wan to allow key with in your networks or restrict from Internet.

keyvault.jpg

Step-3: Azure Encryption Creations

  • Select the Key Vault
  • Select the Key under the Settings Pane.
  • Click on Generate/Import Key.
  • Provide the Name of the key
  • Security Key Type
  • RSA Key Size.
  • Can set the Activation date and Expiration Data.

encryption eky.jpg

Step-4: Azure Storage Accounts Verification.

  • Verify the key Vault
  • Verify the encryption key and select the Correct key.
  • Click on the Save
  • It will take some time and save the settings.
  • Storage Accounts encryption has been enabled.

Verifications steps.jpg

 

Azure Storage:Azure AD Integration,Storage endpoints and Soft delete.

It’s been a while we are conducting the session and thought of to cover the storage session (Deep Drive of  Azure Tables and Queue) and Try to covered New Features like Azure storage Endpoints ,Azure AD Integrations, Configure VM MSI etc.

We have conducted the 4 session on azure Storage .Which i will be sharing in my next Blogs.

As Part of our AzureTalk free webinar ,I have given the session on storage  where i have covered the below Topics.

  • Azure Tables and Queue
  • Azcopy
  • Azure Storage Services Endpoints and Firewal
  • Azure AD Integration and Authentications .
  • Configure VM MSI.
  • Soft Delete (Public Preview)
  • Demo

Azure Storage Accounts: Blob Storage and File Storage

It’s been a while we are conducting the session and thought of to cover the storage session (Deep Drive of  Blob storage and File Storage )and where we have covered the New feature which is available now in storage accounts and try to explain in such a way that ,It’s easy understand even for new Azure learns.

We have conducted the 4 session on azure Storage .Which i will be sharing in my next Blogs.

As Part of our AzureTalk free webinar ,I have given the session on storage  where i have covered the below Topics.

  • Azure Storage Accounts Types
  • Blob Storage and File Storage
  • Use Case of Blob storage and file storage.
  • File Storage Creations.
  • Demo

 

 

 

Azure for Beginners Series :Azure Storage Accounts-

 

It’s been a while we are conducting the session and thought of to cover the storage session and where we have covered the New feature which is available now in storage accounts and try to explain in such a way that ,It’s easy understand even for new Azure learns.

We have conducted the 4 session on azure Storage .Which i will be sharing in my next Blogs.

As Part of our AzureTalk free webinar ,I have given the session on storage  where i have covered the below Topics.

  • Azure Storage Accounts
  • Storage Accounts V1 Vs V2.
  • Types of Storage Accounts.
  • Azure Storage Accounts Replications Scope
  • Pre-Requisite of Azure Storage Accounts Creations.

 

Azure VMs Redeploy

Scenarios to be used for Azure VMs redeploy.

  • Due to Hardware failure from MS team.
  • If you are unable to connect to VMs.
  • Unable to take the RDP.
  • In case of the migrating VMs from one Host to Another Azure Host etc.

 

Before Redeploy Verification Steps.

  • Please make sure you have configured the backup properly.
  • Save IP related Information and reversed the IP address.
  • Save the VMs configuration settings.
  • Please remove the data from temporary drive if VMs reboot, all data will be lose.
  • VMs will not be available during Redeployment starts.

Steps: Azure VMs Redeploy.

  • Logging to Azure Portal: – AzurePortal
  • Select the VM Select the VM you need to redeploy
  • Go to Support + Troubleshooting
  • Select the Redeploy
  • Click ok

Redeploy_1

  • Select the VMs
  • Click on the Redeploy option.
  • Read the instruction Carefully.
  • Click on redeploy.

Redeploy_2

Once the Redeployment is completed , Please log in to the VMs and Verify.

Redeploy_3

Redeploy_4.jpg

Azure Backup Reports

I have seen couple of scenarios where customer, Auditors or Management requires to understand the backup report. Generally few below question comes which we have answered as consultant or as team to our customer or Management  about backup.

  • How many VMs We have configured the Backup?

  • How Much Storage space using for my Azure Backup?

  • How to get the backup reports which will help my auditor to understand if backup are taken properly ?

  • What is health status of my Azure Backups VMs/other services ?

  • How many backup jobs are failed?

  • What would be the Job Duration of My VMs Backup/Other services?

And may query which has been asked.

Hence thought of to  write the blogs to configure the backup reports which will help community and organization to understand there Backups and can provide the data when it’s needed.

Step :1 Prerequisite 

  • Identify the Azure Backup Vaults where we want to configure the Backup Reports.
  • Backup Logs Retentationin Days: 30 Days, 90 Days or 1 Year.
  • Storage Accounts where we can retrieved the Backup logs .
  • Power BI Subscription or Can try for free subscription .
  • Storage Accounts and Key

Step :2 Backup Report Configuration From Recovery Vault.

  • Click on the all services
  • Search with “Backup”
  • Select the recovery Vault

Backup-1

  • Select the  Recovery Vault you want to configure the backup.

Backup-2

  • Select the Backup Report
  • Select the Diagnostic Settings
  • Start configuring it for backup report.
  • Once the Configuration is done select the Sign in to Power BI subscription.

Backup-3

  • Once you will click on the Diagnostic Settings you will get the below configuration .
  • Provide the Backup reports Name.
  • Check  the Archive to Storage account Option.
  • Verify the Region and Select the Subscription.
  • Select the Storage account you want to store the Backup Logs.
  • Select the Backup Logs like: Azure Backup Reports,Azure site recovery Jobs Etc.
  • Select the retention Period.

Note: If you want to keep the backup for long time then you can set the retention period is 0 Days.

Once the Diagnostic Accounts settings are set then it will take at lease 24-48 hrs to store the logs in storage accounts.

Backup-4

Step :2 Power Bi Backup report Configurations.

Once you will done with the Diagnostic setting configuration then you can configure the backup Report.

  • Click on the Sign in Button.
  • It will open up the Power BI URL.
  •  Please signup if you don’t have account ,if you have accounts, Please signin.

Backup-6

  • Select the Get Data
  • Select the get under My Organization Tab as per below Screenshot.

Backup-7

  • Click on Apps.
  • Select the Azure Backup Module and select the “Get it now” Option.

Backup-8

Once you will click here you will get an option to provide the Azure Storage Account Name and Key.

  • Go to the Azure portal and search the storage account.
  • Click on the storage accounts.
  • Select the Storage account, Under settings select the access key.
  • Copy the Storage account Name.
  • Copy the storage Key .

Backup-9

  • Provide the Storage Account Name.

Backup-10

  • Provide the Azure storage accounts Key.
  • Click on Sign in

Backup-11

Once yo will sign in your Backup Report will be populated Power BI instance .

Step :2 Power Bi Backup Dashboard 

  • Once the Backup Report App Configure
  • Please click on the Apps.
  • Please click on the Azure Backup Icons

Backup-12

  • Once you will click on the Backup Report.
  • We will able to view the Azure Backup report Dashboard.
  • We can easily find the Azure Backup instance.
  • Backup Size, Jobs success and many More options.

Backup-13

Now Backup reports has been configured Properly.

If you like the Blogs, Please do comments, Share,Follow, Like and comments in Blogs.

https://azure4you.com/

 

Azure AD Identity Protection

In my last blog , I have shared my experience Why and how we have enable the Privileged Identity Management  with P2 Azure Active Directory Access .

I am help you how we can protect the Azure AD identity and how we can find the the vulnerability and close , As this is very sensitive area and It’s need an protection .

It will help you to protract your users  , Access review, Risk Sign off of users and can configured for User Flagged for users, MFA Registration, Flagged user risk Policy Sign in Risk policy, Alerts.

Step-1:  Enabling the services.

  • Click on All services
  • Search the Azure Ad Identity Services Protraction.
  • Click on Enable
  • It will take some time to enable.Azure AD Identiy Management14.JPG

Step: 2- Overview 

In Overview you will see the Dashboard

  • User Flagged Risk
  • Risk Events
  • vulnerability
  • Priority

Azure AD Identiy Management.JPG

Step-3: Getting Started

It will help you find the Identity Protraction Documents and help you configure the services.

getting started

Step-4: User Flagged for Risk

  • Add the All the users.
  • Select the Condition and Select the As per policy , High, Medium and above and low and above.
  • Select the Controls 
    • Multi-factor Authentication.
    • Password change.
    • Require multi factor authentication.
  • Review Numbers of users impacted.
  • Enforce the policy.
  • It will take 2 to 3 mints to enforce the policy.

user-risk-plociy-2.jpg

Step-5 Risk Events 

  • In this Scenario  , We will add our Data centers Location and IP address which will help, if some once trying to access the services out of my IP range then it will trigger an alert.
  • Click on the Add IP location .
  • Click on the location
  • Add the location name and upload the IP address and add manually.
  • Configure it.

risk events1.jpg

Step-6: Vulnerabilities

It will help us to detect , How many user are have multi-factor authentication , How many users has require a change and it will give all the Vulnerabilities .

Azure AD Identiy Management-vernabulity .JPG

Step-7: Multi factor Authentication.

  • It will help us to enable the multi factor authentication for azure users .
  • In Control We can add Require Multi factor authentication.
  • Review will hep to review the access and provide the data.

Azure AD Identiy Management-MFA

Impacted Risk Dashboard

Azure AD Identiy Management-MFA Estimated Impact

Step-9:  User Risk Policy.

It will help us to reduce the risk and provide the report as per policy configuration.

user-risk-plociy-21.jpg

Step-9:  Sign in Risk Policy.

It will help to mitigate the issue related to sign in like, user needs to change the password and Multi-factor authentication.

sign-in-risk-plociy.jpg

Step-10:  Alert  and Weekly Digest

It will help us to configure the alert and weekly Digest will help of summery user at risk, Sign risk etc and provide the consolidated Reports.

 

#Microsoft #Azure#Cloud#AzureTalk

 

Azure Access Review

I am just going through the portal and found the Access review services in Azure portal found very useful so thought of create an Blog.

How access review services will help an access review of guest users, Application and Organization users, As it’s been hard to monitor each and every users/Application and guest users but to meet certain compliance we might required to have an access review on our azure subscription of users. Hence Thought of the share my ideas on how we can achieve this.

Most of the organization using the third party tool for access review and integrating azure subscription on this , I just walking though how easy if you will get things in one place like access review services.

Step:-1 How to On-board the Access Review Services.

  • Click on the All services in our Azure Subscription.
  • Search Access Reviews
  • Click on the Access Review

Access review 1

Step:2 On-board Access Reviews 

  • Click on Onbord services
  • Click on Create
  • After that your services will start on-boarding and apply the default policy.

azure-access-review-1.jpg

Step-3 : Quick Start 

  • Click on Quick Start and Follow the documents which will help you to configure the Access review services and how you will get benefited .

Access Review2

Step-4 Overview 

  • Access Review Overview you will be able to see the dashboard of your access review.
    • Guest User
    • Members
    • Guest App Access
  • App Access
  • in Control you can see the how many users apply for access ,Completed request and Applied Access.
    • Active Users
    • Completed
    • Applied Users
  • You will be able to see the Reviewed Apps and Reviewed Groups.

access-review3.jpg

 Step-5: Add Programs

  • In Add Programs you can add your Customize your Dashboard while configuration of the Add Programs.

access review 3

Step-6: Controls.

  • Click on Controls.
  • Add New Controls.
  • Provide the Review Name
  • Description, Why we are creating the Reviews
  • Start Date will start from the You create the services.
  • Frequency can be: One time, Weekly, Monthly, Yearly .
  • End Date
  • Users: Mamber of Groups review or Application Review.
  • Select the Groups yo want to review.
  • Reviewer : Group Owner , Selected users or Members(Self)
  • Programs Link: Default or program
  • Upon Completion settings
    • No Change
    • Remove Access
    • Approve Access
    • Take Recommendation .
  • Advance Settings
    • Show Notification can be enabled.
    • Require Reason for Approval.
    • Mail Notification can be enabled.
    • Reminders can be enabled.

Access review 4

Once that is done you will get your report as per schedule Date.

 

70-533 Exam Preparation Tips and Tricks

In this Blog, I am sharing my Experience , How i have cleared the 70-533 -Implementing Microsoft Azure Infrastructure Solutions Exam.

As i have been spoken and received an massage from my couple of followers requesting to share the tips and Tricks on how i have passed on 70-735 exam.Hence sharing the thoughts on this.

I have seen many people who has fear of Exam whether i will pass or not ,as been not giving any exam from 3 to 4 years or some other reason which is really common scenario , Hence We have to fight with our fear and take an step towards our carrier /Certification which might play an important role in carrier and justify our expertise .

The first part i did it , Removed the fear from my mind and thought it’s just an normal or my 10th Board Exam and which i have to clear any how.

Before appearing to any exam, I will preparing the course content related to exam which help to understand , What are the challenges i am going to face during the preparation and what are possible scenarios may come to 70-533 Exam.

Few Things Which i majorly Focus on this training.

  • Understand the Course Content of 70-533 Exam :Course Content :Implementing Microsoft Azure Infrastructure Solutions
  • List out the Each and every section and more focus on the part where you will get 15 to 35 % Question from Modules as per course content.
  • My Focus area was –
  • Create and Manage compute Resources ,(20 to 25%)
  • Implementation of Virtual networks, (15 to 20%)
  • Manage Azure Security and recovery services ,  (25 to 30%)
  • Designing and Implementation of Storage Strategy .(10 to 15%)
  • Designing and Implementation of Azure App Services (10 to 15%)

Then rest of other modules which i have covered as per course content .

How Do i Prepare for Exam ?

There are various way to prepare the exam.

If you wants you can go through our Azure Talk session which will really help of clearing the exam and help you to understand Azure Component. It’s help Many Azure training and Pass the exam.

I have prepared from the below Online Training Sites which will help you to pass the exam. Even you can register for free trail and get trained for exam preparation.

Do More Lab and Labs which is very Important Part.

  • Free Azure Labs :240
  • Even you can Create the Free Azure Subscription which will help you to explore your knowledge and hands of experience. Create Free Azure Subscription
  •  Even you would like to have more labs you can follow my other Blogs where i have covers most 70-533 related topics which will help you to understand easily.

 

How to Attend the 70-533 Exam.

Note: Below are the suggestion is Related to my real experience which i have observers, Followers or Reader may not get  same Scenario it may differs as per Microsoft Exam Policy.

When i was attending an exam, I am well prepared and trained with No fear and have confident to clear the exam.

Even i have done 100 of labs again and again which makes confident of Exam Day

Before you start the exam , Please have few point in minds.

  • Once you will click on start exam ,One window will appear , Please go through it you might have 10 mints to read the instruction before the Exam Start.
  • Once you will done with Instruction part , Main question will be appear .
  • In my Case i got few Optional  Question Where we have answer those question without moving to next question, if you moved then you won’t come to previous question.
  • Second Part you will get All the Scenarios Based Question  and i would suggest ,Please read carefully and answer you question and  In this section we have couple of option.
  • Top End you will Question with Scenario
  • In Left hand side you will get an option for time window.
  • Middle you will get 4 option or you need to match the answer while drag and drop.
  • Down you will get 3 option :
    • Review : IF you are not sure that answer is correct , Please click on review if you wont click on the review then you won’t be able modify your answer and might your answer will locked. 

    • Next: IF you are sure that answer is correct , Please click next and your answer will locked. 

    • Submit : If you are sure that you answer is correct then Please click on submit the answer .

70-533

All the Suggestion and ideas is based on my experience which i want to share with my followers.

Please do like , Share , Subscribe ….

 

Azure AD Privileged Identity Management

Just Thought of to cover the Azure access review in this blogs Because most of the organization looking to provide the secure subscription access to their users and partners and how they archive this task.In current trends most of the organization are using third party tools.

In this blogs i am covering the few things :

  • How we can secure the our Azure infrastructure ,
  • How we can review the access of users/Partners/Vendors etc.
  • we can see the feature of audit logs of azure ad access review policy which will help us keep the data for auditing  purpose if its require.

What is Azure AD Privileged Identity  Management ?  

User AD PIM solution , We can manage, Control and monitor the access with in the organization

  • We can Review the Access of Users .
  • We can Approve/Reject the Access .
  • Using PIM we can provide the time Based Access .
  • We can manage the Directory Role using PIM Solution.

How to Create An Azure AD PIM:

Prerequisite:–

  • Azure Ad Premium 2 License Required to get all the feature
  • P2 License cost may come approx 600 RS/M.

Step: 1

  • Click on All services
  • Search the Azure Privileged Identity Management
  • Click on this
  • Pre1.jpg

Step: 2:–

  • Click on Quick Start.
  • Enable the One month Free Azure AD P2 License .

 

Pre2

How to Activate the 1 month Free P2 License.

  • Click on the My Role
  • It will ask to enable the Free trail for Azure Ad services P2  License .
  • Click on the role
  • Signup

6

Click on the Azure Ad Premium: 2

3

Once you will click on that it will start activating the Azure AD P2 License .

Once that is done , We will explore the more option.

5

Once the Azure AD P2 is enabled you will be able to View and access the below option.

My Roles:

  • It will provide the information, What kind of role you have in subscription .
  • It will give an access to activate the other tole as well if your administrator has assigned to it.
  • It will give the option for eligible role and Expired Role option as well if Role is time bound.

ad1.JPG

MY Request :

  • In my Requested, If i have requested for an access or Any role assignment , then it will show in My Request tab basically just show the request.

:ad2.JPG

Approve Requests:

  • IF you are a security admin and you need to approved  or reject the access , We can do it from here.

ad3.jpg

Review Access 

If we want to review the access of our user access we can do that ,while selecting the Review Access tab and get the data and keep it for auditing purpose.

access review.JPG

Azure AD Identity Role:

It will show what AD roles , User has apart from the subscription Role.

  • We will have 2 View
  • Admin View : which will have audit history other directory Role .

admin view

  • My View : Which will show only account activation part of Ad Role.

my view

Azure Resources :

Azure Resources tab will show you want kind of recourse you have and you can add multiple resources or subscription which is in one ID can be discover.

ad-1.JPG

My Audit History 

In My audit history , We will have the audit logs in azure and help security administrator to understand the task by perform by him or his team . If required , we can keep those logs for auditing purpose.

ad-2.JPG

 

 

Azure SQL(PaaS): Geo-Replication (DR)

I have seen couple of scenario where most of the clients and customer really wants to go with SQL (PaaS) services but they are not moving because if an case SQL PaaS services got crashed due to some technical issue there was option to recover the services or fail back the services with limited time frame.

Now its possible through Geo replication where you can configure the secondary database in paired region and start the replication, When ever your SQL PaaS services are unavailable at that time you can click on the fail-over option and with your estimated time SQL Database will available for you .

Lets see how we can enable the Geo-Replication for Azure Services.

Step:1  Preparing for Geo Replications 

  • Please select the Azure SQL (PaaS) Database which we needs to have Geo-Replications .
  • Select the Region you wants to have your Database secondary region for replication, You can select more the 1 region but has to configured one at time.
  • Once you will select the region you are done with this steps.

SQL-13.jpg

Step:2 (a) -Secondary SQL server Details 

  • Select the Region you want to create the SQL DBs secondary site.
  • Database Name will be selected automatically.
  • Secondary site type is readable.
  • IF you have already configured the elastic pool then we will select the elastic pool.
  • Target server if you don’t have then create New Once (Provide the Name, SQL login Name and password)
  • click OK.
  • Select the pricing tire (Basic,Standard , Premium)
  • Click ok .

SQL-14

Step:2 (b) Pricing Tire Section based on you Current Database configuration.

SQL-15

Step:2 (C) Verification of Secondary Database site and click ok.

SQL-16

Step:3  SQL Secondary site creation. 

  • Once you will click on ok
  • Secondary site will star creating .
  • Once secondary site will be created , it will start replication of Database.
  • Once the Database replication is completed , you will get option for fail-over.

SQL-17

Step:4  Failover the SQL Database.

  • My Primary site is completed replicated to secondary site.
  • Now i want do a failover .
  • Click on the Forced Failover.
  • It will start the failover process.
  • Once it is completed you will the secondary database is active.
  • Once you are done with failover your activity is completed.

SQL-18

Security Center: Azure SQL Vulnerability Assessment (Preview)

I have been seen couple of scenarios  where most of the organization are looking for Azure SQL Vulnerability tools which will help them analysis the Vulnerability and sent an notification that there is something wrong or we are missing some security checks.

Now MS Azure an announce the preview feature which will help us to enable the SQL Vulnerability and  discover, track, and remediate potential database vulnerabilities for Azure and on-premises.

Lets Configure the  SQL Vulnerability (Preview) feature for our SQL DBS.

Step:1 Prerequisite 

  • Identified the SQL Database
  • Storage account to keep logs.

Step: 2 Configuration of SQL Vulnerability

  • Select the Database
  • Go to settings and select the SQL Vulnerability.

SQL-8.jpg

Click on the settings

sql-9.jpg

  • Select the Storage Accounts and Click Save
  • Once that is done your SQL Vulnerability assignments will be enable

sql-10.jpg

Step:3 Scan the SQL Vulnerability 

  • Click on the Scan
  • After that execution of Vulnerability assessments will start the provide you the result and Risk

SQL-11.JPG

 

Step:4 validation 

  • As per the below Screen there are 3 Threads which we needs to fix .
  • There might be alert .
  • We have 2 Medium Risk and 2 Low risks.
  • If you click on each risk it will provide you the solution to fix that risks.

SQL-12

(10 Years):Azure SQL Database Long-term backup retention(Preview)

In my previous organization has asked me how can retain the Azure SQL (PasS) services Backup for 10 years and i was searching that option but didn’t get .

But now that is possible Through  Long-term backup retention(Preview) to retain your Azure SQL Database backup for 10 years with the backup vault that option is in Preview and lets how we can configure the Azure SQL Database backup for 10 years with recovery Vault  .

Step-1 :  Identification Of SQL Database 

  • Click on the SQL Database
  • Select the Azure SQL Server Name

SQL3

Step:2 Long Term Backup Retention Configuration.

  • Go to Settings
  • Select the Long Term Backup Retention Tab

SQL4

  • Select the Preview Items
  • Accept the term and Condition .
  • Select the Database you want retain more than 1 years.

SQL5

Step :3 Long Term Backup Configuration 

  • Select the Backup Recovery Vault if you have created
  • If you don’t have recovery Vault ,Please create one Recovery Vault.
  • Select the Backup Retention for 1 year to 10 Years.
  • Click on

SQL6

Save the Configuration and you SQL Database backup is configured for 10 years.

SQL7

SQL Backup is enabled for 10 years.

Azure Backups for VMs (IAAS)

“In Azure Backup Blogs series i will be writing the blogs for Azure VMs Backup and Pass services Backup , How backup services are help us and what configuring and prerequisite are required for backup.”

Backups are common terms  if you talk about Data Protraction, Compliance etc.

Backup are really important  part of the services or servers which will save lots of time and data in case of storage corruption , Application reconfiguration loss of corruption.

Backups are really help full when there is data loss or system corruption etc.

Lets how the azure Backup will help us in all the scenarios.

 Azure Backup:

MS azure has introduce the Azure Backup Vault feature for classic where you can take the backups of azure VMs and restore it when ever it is required.

Note: In Azure classic there are 2 different services Azure Site recovery and Backup Vaults.

“Later 2016 MS has launched the Azure Site recovery which includes the Backup and Backup Vault both which help us to take the backup of Azure VMs and do DR using the site recovery services for VMs. “

Azure Backup Conman Scenarios 

Below are the common scenarios which are conman in case of loss the data or accidentals deletion , We will be able to restore the Data  from Backup or Azure Backup.

  • Save the Organization Historical Data
  • Application Configuration Data
  • Server Data (Windows/Linux etc)
  • Files and Folders etc

Backup of Azure VMs 

Prerequisite

  • Azure Recovery Backup Vault.
  • Storage Accounts
  • Azure Subscription.
  • Number of VMs that needs to Backup

Step-1 Create the Backup Vault

  • Click on Create Resources
  • Select the Monitoring and Managements
  • Select Backup and Site recovery
  • Provide the Name
  • Subscription Details
  • Location
  • Click on Create

Backup1.jpg

Once the backup Vault is created ,Please go to Backup-vault.

Steps:2 Protract the VMs. 

  • Click on the Backup Vault
  • Click on Backup +

backup2.jpg

Step-3 Create the Backup Policy 

  • Select the Backup Goals
  • Select the Azure
  • Select the VMs type Azure VMs
  • Click on Backup
  • It will route to Backup Policy
  • Create a new Backup Policy
  • Select Ok

Backup3

Step-4 Backup Policy 

  • Provide the Backup Policy Name
  • Backup Frequency  (Daily, Monthly , Weekly and yearly )
  • Select the time you want to take the Backup
  • Click on Create .

Backup4

Step 5 : VMs Selection for Azure Backup 

  • You can Select the Items of Backup
  • Select the VMs you want to take the Backup
  • click ok

Backup5

Step-6 Enable the Backup

  • Click on Enable the Backup
  • It will validate the Prerequisites
  • It will automatically install  the Backup agent .
  • Start protracting the VMs.

Backup6

Steps:7 Backup initiation 

Once the Backup services is enabled then backup will start as per schedule and you can see it in Backup Process .

  • Click on the Backup Items
  • Click on the Azure Virtual Machines
  • Click on the Azure Backup Items

Backup7.jpg

Steps:7 Start the Backup Jobs 

  • Click on Backup Now.
  • Now your Backup has been started .

Backup8

Steps:7 Azure Backup Validation 

  • You can check the backup Jobs is in progress .
  • Enjoy with your backup configuration.

Backup9.jpg

Azure SQL DBs Creation(Pass)

In this Blogs i will shearing my experience how to create the Azure SQL Serves and SQL Database , I have seen couple of scenarios where azure learners  has dought between On-premises SQL Servers and Azure SQL Server (Pass)  and so thought of create blogs to clear the understanding on this and show then how useful Azure Pass services are.

 

SQL Server (IAAS)

  • SQL server on Azure VMs or on-premises are same .We need to download and install the SQL servers from MS download center or MSDN superscription.
  • We need to maintain the SQL Server Licensing
  • We need to install and configure manually as that will take almost 1 to 2 hrs to get it installed and configured.
  • We need to backup Manually or schedule the Backup for Azure Databases.

Azure SQL Server (PAAS)

  • We can use this Services (DBaaS) Database as services
  • It’s backed by Software Define services which is called as SaaS.
  • Easy to take the backup in Azure
  • Easy to fail-over and replicate to another region.
  • Recover the DBs from backup.
  • Automatic Backup Scheduled
  • Cost is much lower then Azure SQL On-premises
  • Advance Security Feature

Azure SQL DBs Creation

Step-1 Prerequisites

  • Azure SQL DBs Name
  • Azure SQL Configuration
  • Region
  • SQL Server Name
  • SQL server user Name and passwords
  • Select ok
  • Create the SQL Servers DBS.

SQL1.jpg

Your Azure SQL Database is created you can check that SQL Database in azure Resources.

 

 

 

 

 

 

 

 

Azure VMs Restoration

In my azure journey i have seen couple of incidents where VMs get cashed and we need to recover the Azure VMs from the backup vault.

MS Azure has enabled the feature that you can restore the VMs backup from the VMs no need to go to site recovery and search for the VMs , Then try to restore the VMs.

In this blog i am going to explain how to restore the complete VMs.

  • Files Recovery
  • Application Restoration or Full Backup Restoration.

Restoration of Azure VMs.

  • Click on the VMs you want to restore
  • Go to operations and Select the Backup

restore1.JPG

 

Step 2: Backup Selections. 

  • If you want to start the backup then select the backup Now.
  • Select the File recovery option to recover the files only
  • Select the Restore VMs to recover the Complete VMs.

restore2.jpg

Step:3 Restore VMs.

  • Click on the Restore Points
  • Select the latest Restoration Point to recover the VMs.
  • Select ok.
  • Click on the Restore VMs.
  • Your VMs will start the redeploying in azure Portal

restore3.JPG

Step: 5 File Recovery

  • Once you will click on file recovery you will get an option to select the recovery Point.
  • Download the Script
  • Create the password
  • Unmounted the disk after recovery
  • You are done with the recovery .

restore4.JPG

Azure Training: Azure VMs Operation Feature (Preview)

In this training videos I have shared my real time experience on enabling  the azure Inventory , change tracking and update management .

Which will help us to manage the azure VMs as quickly as i can  and shown how the Azure VMS DR can build.

I have seen couple of scenario where various  group of members are asking that how we can manage the inventory and how to know what changes are there. 

Hence thought to provide the session our AzureTalk Group and below is more details about Azure Preview Services 

Azure VMs Inventory : It will help you to manage you azure inventory and help us to manage the Azure Virtual machine inventory .

Azure Change Tracking : It will help us  to  track the changes in VMs through portal which will help to fix the issue soon there then logging to servers and check the changes..

Update Management  :  It’s Part of the OMS and helps to get analyze the patches and deploy the updates in azure Vms . Now that option is available (Preview) which will help us to find out the patches from Virtual machines while going to operation Tab. That is the easy way to deploy the critical,security and other recommended patches. 

 

 

This Training video will help your to enable the azure Inventory , Change Tracking , Update management , Azure Vms DR and Backup configuration in details.

So any azure learners can have quick view and learn the new thing .

Join the Azure-talk Group:  https://www.kloudezy.com/AzureTalkGroup.html

 

Azure Training# Azure VMs

In this Training video i have over the Azure VMs overview and details information about the azure VMs .

Azure VMs Configuration Overview : Which will help to understand the azure VMs instance size, location, Private IP, Public IP address and graphical Dashboard of the host utilization of CPU, memory , Disk read/write etc.

 

Azure VMs Monitoring: Azure VMs monitoring help us to configure the azure VMs monitoring and configure the alert which will help to fix the issue with in time line.

 

 

Azure VMs Troubleshooting:  It will help get the azure VMs troubleshooting conman scenario and help us to fix the issue.

  • Azure VMs Connectivity Issue.
  • Azure Vms Unable to take Remote.
  • User Name and password expire or forget.
  • Remote desktop connect couldn’t establish.
  • VMs are not working .

 

Azure Resource Movement to New Resource Group : Azure learners has been asking this question more and more to me hence thought this to my training.

How to migrate resource from one resource Group to another as they want to establish process or migrate the resources between the Resource Group.

 

Join the Azure-talk Group:  https://www.kloudezy.com/AzureTalkGroup.html

Azure Training Part-4

Azure Training# Azure Subscription and Azure VMs

 

Azure Subscription and Azure VMs

  • Concept of Azure Subscription

  • Virtual Machine Introduction ,Availability and scalability .

  • Azure Resource Group Vs Azure Resource Manager 

  • IaaS and Azure Virtual Machine 

Presenter : Niraj Kumar

Speaker: Lalit Rawat

 

 

Join the Azure-talk Group:  https://www.kloudezy.com/AzureTalkGroup.html

Azure Training Part-3

Azure Training:Introduction to Microsoft Azure

“I have seen that most of azure learners still requires to understand the basic concept of the azure services and how they can implement the services and I have received request that azure learners need a session for  beginners, Hence i thought to started the azure for beginners series online  and providing the free training .”

Introduction of series will help azure learners to understand the basic concept of azure and   which i have covers in my  Session.

  • Why we required Azure Cloud.
  • Why to use cloud if we have already on-premises Data Center .
  • How it will help us to save Cost.
  • Cloud Models and Terminology.
  • Difference between IAAS, PASS, SASS.
  • Azure Portal Overview

 Learning from this Training’s.

  • Azure Cloud Models and technology.
  • Azure Subscription Creation .
  • Azure Services Category .
  • Azure IAAS,PASS,SAAS services .
  • IAAS,PASS,SAAS services use .
  • Live Scenario of Cloud services .

 

Azure Training Part-2

Storage Account GSv2 Configuration

Azure Storage GSv2 Part-1

Storage Account GSv2 Configuration

Read-access geo-redundant storage (RA-GRS)


  • Secure Transfer  etc option.
  • Then Create the Storage Account.

Azure storage 1

Main Difference is Highlighted 

General Purpose V2                                               General Purpose V1

azure-storage-2.jpg

Azure Storage V2 Has only 3 Replication Policy RA-GRS,GRS and LRS but Storage Accounts V1 has 4 Replication Policy : LRG,ZRS, GRS,RA-GRS.

 

More Information Please follow:

Create and Manager Storage Accounts

Features of Storage Accounts:General Purpose GPv2 ,GPV1 and Blob Storage

Azure Storage account options

  • General Purpose v2 (GPv2) :
  • Storage accounts provide all the latest features, and supports Blobs, Files, Queues, and Tables.
  • These latest features include blob-level tiering, archive storage, higher scale account limits, and storage events.
  • Storage pricing has been designed to deliver the lowest GB prices, and industry competitive transaction prices.Blob Storage
  •  Storage accounts provide all the latest features for block blobs, but only support Block Blobs.
  • Blob-Storage Pricing is broadly similar to that in General Purpose v2.
  • Microsoft encourage most users to use General Purpose v2 rather than using Blob Storage accounts.General Purpose v1 (GPv1)
  • Storage accounts provide use of all Azure Storage Services, but It may not have the latest features or the lowest GB pricing.
  • Cool and archive storage are not supported in GPv1.
  • Storage pricing is lower for transactions, so workloads with high churn or high read rates may benefited with this types of storage accounts.
  • We can upgrade either a GPv1 or Blob Storage accounts to a GPv2 account at any time using the portal, CLI, or PowerShell.
  • Change cannot be reversed, and no other changes are permitted.

Pricing and billing.

Storage Account General Purpose V2 Cost is : 1446.91 and   General Purpose V1 cost is  1588.69

storage pricing

Storage Accounts General Purpose V1:-

storage pricing-2

As per Microsoft Pricing and Billing Model:-

  • Storage costs: In addition to the amount of data stored, the cost of storing data varies depending on the storage tier. The per-gigabyte cost decreases as the tier gets cooler.
  • Data access costs: Data access charges increase as the tier gets cooler. For data in the cool and archive storage tier, you are charged a per-gigabyte data access charge for reads.
  • Transaction costs: There is a per-transaction charge for all tiers that increases as the tier gets cooler.
  • Geo-Replication data transfer costs: This only applies to accounts with geo-replication configured, including GRS and RA-GRS. Geo-replication data transfer incurs a per-gigabyte charge.
  • Outbound data transfer costs: Outbound data transfers (data that is transferred out of an Azure region) incur billing for bandwidth usage on a per-gigabyte basis, consistent with general-purpose storage accounts.
  • Changing the storage tier: Changing the account storage tier from cool to hot incurs a charge equal to reading all the data existing in the storage account. However, changing the account storage tier from hot to cool incurs a charge equal to writing all the data into the cool tier (GPv2 accounts only).

For More Details , Please follow below Link:-

Azure Storage account options

All in One:Azure Learning for Azure Infra +Azure Developers + Azure Architect

edxReference Taken form the Microsoft EDX and Referred Microsoft EDX courses

Please go and register in Microsoft EDX Site .

Please Sign UP in the Microsoft EDX Site

https://www.edx.org/school/microsoft

Azure Infra +Azure Developers + Azure Architect Beginners Coursers:

SQL DataBase + SharePoint  Administrator Can focus on the Below Course

Beginners +Development Engineer Can focus on the below Courses:

 

My Udhay published the below Post in his blog. Please go through his Blog .

http://thinkvirtualization.in/microsoft-cloud-society-azure-cloud/

All in one place to learn Azure path and certified, Be the Azure Master get recognized and rewarded from Microsoft!!! Badge to our Bio.

https://cloudsociety.microsoft.com/signup.aspx

Get learning:
Cloud Infrastructure Learning Path.
Free online Azure training

https://cloudsociety.microsoft.com/azure-certification-training.aspx

Get Certification:
Cloud Infrastructure Certification Path.
Earn your demanding Azure Cloud Certification

 

Learn Weekly Trending New Technologies

https://cloudsociety.microsoft.com/engage-cloudsocietytuesdays.aspx

Retiring Virtual Machines and Azure Cloud Services from the classic portal

Retiring Virtual Machines and Azure Cloud Services from the classic portal

Starting November 15, 2017, both Azure Virtual Machines and Azure Cloud Services will be available only in the Azure portal. Access from the classic portal will no longer be supported. If you were using the classic portal for OS images, please use PowerShell instead.

For details on how to get started in the Azure portal, refer to the Virtual Machines and Azure Cloud Services documentation.

New features for Virtual Machines in the Azure portal include:

  • Ability to add classic disks to a VM
  • Ability to add classic images to a VM

New features for Azure Cloud Services in the Azure portal include:

  • Deployment-related operation logs
  • Ability to update one or more roles at a time

Learn more about the upcoming capabilities of Cloud Services.

 

Referred and Updated By Microsoft :

https://azure.microsoft.com/en-in/updates/retiring-virtual-machine-and-cloud-services-from-classic-portal/

Azure Interview Q & A-part1

 What is the advantage to move to cloud?

Flexibility : We can restructure of our Environment is needed and you can create the an number of services based on our requirements.

Pay As you GO : PAY as you go option is good , Only pay for the services you used in a months or Day/Hrs. basis.

Hybrid Capability: We can integrate our on-premises Environment to azure using Site recovery or other Microsoft tool which will help us to extent our data center to azure .

Securing you Data : We can use the azure encryption ,Security center, key vault etc. application for securing the data which is resides in azure.

Scale on Demand : We can scale up the IAAS PASS SAAS services as per our demands.

Example: If customer ask he need 10 servers with in 1 day how we can process or is it possible , Yes it is possible using Windows azure and not even one day we can give it with 1-2 Hours Using the cloud services. If we need to in on-premises it might take 3-4 months to process and configure the server.

Integrative Data Solution: We can integrate the Data solution with azure like SQL server, Bigdata, Visual studio Etc.

Backup : We can directly take the backup in azure storage accounts with minimal charges and no need to buy additional hardware (backup tape HDD, File server etc.).

Disaster Recovery: We can use the Recovery Vault which known as Site recovery vault in azure to do Disaster recovery in azure without any problem.

What is storage account?

Azure Storage is massively scalable, so you can store and process hundreds of terabytes of data to support the big data scenarios required by scientific, financial analysis, and media applications.

  • Difference between LRS And ZRS storage Account?
  • Locally redundant storage (LRS).Locally redundant storage maintains three copies of your data. LRS is replicated three times within a single data center in a single region. LRS protects your data from normal hardware failures, but not from the failure of a single data center.
  • Zone-redundant storage (ZRS).Zone-redundant storage maintains three copies of your data. ZRS is replicated three times across two to three facilities, either within a single region or across two regions, providing higher durability than LRS. ZRS ensures that your data is durable within a single region.
  • Create and Manage the Azure storage accounts

What is file  storage ?

File storage offers shared storage for applications using the standard SMB 2.1 or SMB 3.0 protocol. Microsoft Azure virtual machines and cloud services can share file data across application components via mounted shares, and on-premises applications can access file data in a share via the File storage API.

Pre-requisite of  create and  WebApps?

  • Azure Subscription.
  • Storage account
  • SQL Database Connection
  • SSL certificate
  • Network security Group configuration.
  • Custom DNS
  • Data source
  •  Deployments Credentials if you are using the FTP.
  • Deployments Option like Visual Studio Onedrive ,local git etc
  • We should know the application version(.net4.5,4.3 python 32bit etc ) while migrating or creating the webapps

What is CDN?

The Microsoft Azure Content Delivery Network (CDN) offers developers a global solution for delivering high-bandwidth content that is hosted in Azure or any other location. Using the CDN, you can cache publicly available objects loaded from Azure blob storage, a web application, virtual machine, application folder, or other HTTP/HTTPS location. The CDN cache can be held at strategic locations to provide maximum bandwidth for delivering content to users. The CDN is typically used for delivering static content such as images, style sheets, documents, files, client-side scripts, and HTML pages.

 

How you plan Disaster Recovery if I have 10 Vms running on Hyper-V on-Prem and VMware Environment?

  • We will Set up Azure environment for migration.
  • we will Prepare the configuration server
  • we will Prepare for automatic discovery and push installation
  • we will create a Recovery Services vault
  • we will Select the protection goal and start protecting servers.
  • we will Set up the source environment
  • Run Site Recovery Unified Setup
  • we have to setup the target server.
  • Set up replication settings
  • Plan capacity
  • Prepare VMs for replication
  • we will enable the Enable replication
  • we will run a test failover

How to migrate the on-premises server to azure using site recovery ?

  • Please follow the step by step setup below  to migrate on-premises to azure .
  • I always refer below azure documents  as they are updated one.

How to configure the Backup for Azure Vms and on-Prem Vms?

  1. Configure the vault
  2. Install and register the agent
  3. Back up your files and folders

Backing up Azure virtual machines

  1. Discover and Register Azure virtual machines
  2. Install the VM Agent on the virtual machine
  3. Create the backup policy
  4. Initial backup

How to migrate the File servers to Azure?

  • Create Azure file storage account as per user requirements
  • Under storage account, create the file storage and need to assign the storage quota
  • Create the file share and directories as per customer requirement
  • Upload on premise data to Azure file share directory
  • Configure shared access signatures(SAS) via the REST API or the client libraries.
  • Generate tokens with specific permission as required by the client
  • Install the storage explorer to migrate the data from on premise to azure file server
  • Install and configure the Azure copy client On- premise server to migrate the data to the azure storage account
  • Configure Azure file share access and signature for storage account to access the file server
  • Initiate data migration process
  • Upload and download files to and from On-premise file share sever

 How many types of storage account azure have?

Premier Storage Account: Microsoft Azure Premium Storage delivers high-performance, low-latency disk support for virtual machines (VMs) running I/O-intensive workloads. VM disks that use Premium Storage store data on solid state drives (SSDs). You can migrate your application’s VM disks to Azure Premium Storage to take advantage of the speed and performance of these disks.

Azure Storage is the cloud storage solution for modern applications that rely on durability, availability, and scalability to meet the needs of their customers.

Difference Between ASR and ARM?

ASM

ARM

   
This is an old portal which provides Cloud
service for Iaas Workload and few specific Paas Workload
They are new portal provides service for all
Workload of IaaS and PaaS
Access over the Url:
https://manage.windowsazure.com
which  termed as V1 portal.
Access over the Url: https://portal.azure.com
which  termed as V2 portal  having Blade design Portal View
Azure Service Manager are XML driven REST API Azure Service Manager are JSON driven REST API
Had a concept of Affinity Group which has been
deprecated
They have container concept called Resource
Group which is logical set of correlated cloud resources which can span
multiple region and services
Private Azure Portal can be built using
Windows Azure Pack
Private Azure Portal can be built using  Azure Stack
Removal or Deletion is not easy as Azure Resource
Manager
Removal of resource is easier by deleting the
resource group (RSG) which will help to delete all the resource present in
the RSG
Deployment can be performed using PowerShell
script
Deployment can be performed using ARM
templates which provide simple orchestration and rollback function. They have
their own PowerShell Module
Features and function are not available Role Based Access Control Feature is Present
Features and function are not available Resource from the resource group can be moved
between within the same region
Features and function are not available Resource Tagging which is name-pair value
assigned to resource group which can have up to 15 tags per resources
Features and function are not available Massive and Parallel Deployment of VM’s
possible with Asynchronous Operations
Features and function are not available We can have custom policy created to restrict
the operation that can be performed
Features and function are not available Azure Resource Explorer  – https://resources.azure.com/ which helps
for more understanding on resources and for deployment
Features and function are not available  Resource Locks provides the policy to
enforce lock level that prevent from accident deletion

How to migrate the On-Prem servers to azure?

Pre-requisite to create the VM.

  • Click the New button found on the upper left-hand corner of the Azure portal.
  • Select Compute from the New blade, select Windows Server 2016 Datacenter from the Compute blade, and then click the Create
  • Fill out the virtual machine Basics The user name and password entered here is used to log in to the virtual machine. For Resource group, create a new one. A resource group is a logical container into which Azure resources are created and collectively managed. When complete, click OK.
  • Choose a size for the VM and click Select.
  • On the settings blade, select Yes under Use managed disks, keep the defaults for the rest of the settings, and click OK.
  • On the summary page, click Ok to start the virtual machine deployment.
  • To monitor deployment status, click the virtual machine. The VM can be found on the Azure portal dashboard, or by selecting Virtual Machines from the left-hand menu. When the VM has been created, the status changes from Deploying to Running.

How to deploy the Custom image?

  1. In the Azure portalConnectto the virtual machine. For instructions, see How to sign in to a virtual machine running Windows Server.
  2. Open a Command Prompt window as an administrator.
  3. Change the directory to %windir%\system32\sysprep, and then run sysprep.exe.
  4. The System Preparation Tooldialog box appears. Do the following:
    • In System Cleanup Action, select Enter System Out-of-Box Experience (OOBE)and make sure that Generalize is checked. For more information about using Sysprep, see How to Use Sysprep: An Introduction.
    • In Shutdown Options, select Shutdown.
    • Click OK.
  5. Sysprep shuts down the virtual machine, which changes the status of the virtual machine in the Azure classic portal to Stopped.
  6. In the Azure portal, click Virtual Machines (classic)and select the virtual machine you want to capture. The VM images (classic) group is listed under Compute when you view More services.
  7. On the command bar, click Capture.

The Capture the Virtual Machine dialog box appears.

  1. In Image name, type a name for the new image. In Image label, type a label for the new image.
  2. Click I’ve run Sysprep on the virtual machine. This checkbox refers to the actions with Sysprep in steps 3-5. An image mustbe generalized by running Sysprep before you add a Windows Server image to your set of custom images.
  3. Once the capture completes, the new image becomes available in the Marketplace, in the ComputeVM images (classic)

What azure VPN and how many types of Azure VPN we can configure in azure?

Site to Site VPN :

A Site-to-Site (S2S) VPN gateway connection is a connection over IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device located on-premises that has a public IP address assigned to it and is not located behind a NAT. S2S connections can be used for cross-premises and hybrid configurations

Point to Site VPN: A Point-to-Site (P2S) configuration lets you create a secure connection from an individual client computer to a virtual network. P2S is a VPN connection over SSTP (Secure Socket Tunneling Protocol). Point-to-Site connections are useful when you want to connect to your VNet from a remote location, such as from home or a conference, or when you only have a few clients that need to connect to a virtual network. P2S connections do not require a VPN device or a public-facing IP address. You establish the VPN connection from the client computer.

Vnet to Vnet : Connecting a virtual network to another virtual network (VNet-to-VNet) is similar to connecting a VNet to an on-premises site location. Both connectivity types use a VPN gateway to provide a secure tunnel using IPsec/IKE. You can even combine VNet-to-VNet communication with multi-site connection configurations. This lets you establish network topologies that combine cross-premises connectivity with inter-virtual network connectivity.

Azure Virtual network setup and configuration

Azure Site to site VPN Configuration Step-step

 What is express route?

ExpressRoute is a direct, dedicated connection from your WAN (not over the public Internet) to Microsoft Services, including Azure. Site-to-Site VPN traffic travels encrypted over the public Internet. Being able to configure Site-to-Site VPN and ExpressRoute connections for the same virtual network has several advantages.

You can configure a Site-to-Site VPN as a secure failover path for ExpressRoute, or use Site-to-Site VPNs to connect to sites that are not part of your network, but that are connected through ExpressRoute. Notice that this configuration requires two virtual network gateways for the same virtual network, one using the gateway type ‘Vpn’, and the other using the gateway type ‘ExpressRoute’.

  1. How you can troubleshoot if VM is not working?
  2. We can reset the VM configuration.
  3. If user has forget the password of the VM local account how we can change?

Ans:- you can found the answer here i have provide the information in details:  Windows Azure VM troubleshootings

Is it possible to host the VM in another region and connect to different region?

Yes, We need to setup the interconnectivity while creation the  V-net to V-net  connection between both the region than only we can connect.

How to Assign Static IP address in azure Vms?

Please follow the below blog to assign the static IP address.

Assign Static IP address to azure Vms.

Azure interview question

What is traffic Manager and how to configure it ?

  • Azure Traffic Manager allows us to control the distribution of user traffic for service endpoints which resides in different datacenters.
  • Service endpoints supported by Traffic Manager including Azure VMs, Web Apps, and cloud services. We can also use Traffic Manager with external, non-Azure endpoints

Use below link to get more detail on azure traffic manager.Configuration and setup the traffic Manager

What is Azure DNS Server and how to configure it ?

  • Azure DNS or DNS is responsible for translating (or resolving) a website or service name to its IP address.
  • Azure DNS is a hosting service for DNS domains, providing name resolution using Microsoft Azure infrastructure.
  • Hosting your domains in Azure, We can manage our DNS records using the same credentials, APIs, tools, and billing as we are using for other Azure services.

More Details Please follow below links:

Azure DNS serve setup and configuration

Azure DNS Records and limitation

Note: References and answers have been taken from Microsoft Azure Documents. Requesting  the viewers to please refer microsoft azure documents or contact me if  in depth knowledge is required.

Refer this:  https://docs.microsoft.com/en-us/azure/#pivot=services

Troubleshooting Azure Vm

Troubleshoot Remote Desktop connections to an Azure virtual machine

  • Reset Remote Desktop configuration & Password .
  • Check Network Security Group rules / Cloud Services endpoints.
  • Review VM console logs.
  • Reset the NIC for the VM.
  • Check the VM Resource Health.
  • Reset your VM password.
  • Restart your VM.
  • Redeploy your VM.

Troubleshoot Azure Vms:

Scenario-1 : When user has forgot the Azure VM  local administrator password   and if something went on the Azure Remote Desktop Connection then we will use the below solution.

1: Reset your RDP connection & Passwords. This troubleshooting step resets the RDP configuration when Remote Connections are disabled or Windows Firewall rules are blocking RDP.

Reset the Remote Desktop service configuration & Password .

  • Select your Windows virtual machine then click Support + Troubleshooting > Reset password  to reset the password.
  • Select drop down Menu then select the reset configuration only  to reset the remote configuration of The VMS.
  • Click Update and It will apply as per your selected services.

Azure VM Passwrod Reset and Configuration

Scenario-2:- If we are unable to connect to Azure using RDP then there might be chances that it is blocking by the NSG or Azure Endpoint is not allowing the RDP . So we have make an exception in NSG/Endpoint rule to allow RDP access.

 

Step2: Check the Network Security Group/Cloud Services Endpoints in Classic Mode (ASM)

  • Logging to Azure Portal: – https:// Portal.azure.com
  • Select the VM àSelect the VM you need to allow the RDP Connection
  • Go to Settings
  • Select the Network Interface
  • Click on the Network Properties

NSG1.jpg

Select the NSG Group and click on Edit if required.

NSG2

  • GO to Settings and click on the inbound NSG security Rule.
  • Select the Inbound Security Rule
  • Allow the 3389 port to connect to remote desktop.
  • If you need to deny any specific range of ip address or port please select deny.

NSG3

Scenario-3: VM resource health will be useful on when something is went wrong form Azure data center or your VM got corrupted . So it will tell the health of your Azure VMs or services.

Step -3: Check the VM Resource Health.

This troubleshooting step verifies there are no known issues with the Azure platform that may impact connectivity to the VM.

Select your VM in the Azure portal. Scroll down the settings pane to the Support + Troubleshooting section near bottom of the list. Click the Resource Health button. A healthy VM reports as being Available.

You can try troubleshoot Tool for more troubleshooting of Vms.

Resource health.JPG

Scenario 4: Suppose you have made the some changes on your VMs like (Winodws update, Network settings configuration, software installation ) or any other changes which cause the remote desktop connectivity loss . Then we can reboot the server .

Most of the common scenario reboot will fix the issue.

Step:4- Restart your VM. This troubleshooting step can correct any underlying issues the VM itself is having.

Select your VM in the Azure portal and click the Overview Tab. Click the Restart button:

Most of the issue are resolved by Restarting the VM but make sure you will reboot the vm during the non-business Hours.

VM restart.jpg

Step-5 Diagnostics settings: Please enable the diagnostic settings to understand what is issue is there in VM.

Please enable the Diagnostic setting so it will collect all the logs and it will be easy to understand the issue

diagnostic settings.JPG

Once you will configure the DIagnostic Setting , You will be able to configure the logs,Performance counter , Crash Dumps ,Dinks  and Agent Status.

Please go head and click Each tab and try to understand the troubleshooting scenario and configure the logs as per your Project/Customer requirements. 

diagnostic settings1.JPG

 

Step 6: Re-deploy the VM:  You can use this scenario only if no solution will work , then it will help you get new VM instance with Same image , Data and application configuration.

Note: Redeploying your virtual machine, which will migrate it to a new Azure host. If you continue, the virtual machine will be restarted and you will lose any data on the temporary drive (which is created with Azure VM image). While the redeployment is in progress, the virtual machine will be unavailable.

Production Data and application will not harm while performing this steps.

  • Logging to Azure Portal: – https:// Portal.azure.com
  • Select the VM Select the VM you need to redeploy
  • Go to Support + Troubleshooting
  • Select the Redeploy
  • Click ok
  • Once the redeploy will be completed then please try to reconnect the VM.

Redeploy.JPG

Step 7:- Always Refer the Azure Advisor Recommendations.

  • Logging to Azure Portal: – https:// Portal.azure.com 
  • Select the VM Select the VM you need to check the Advisory  Recommendation 
  • Go to Support + Troubleshooting
  • Select the Advisor Recommendations.
  • Now you see the azure advisory recommendation for your Vms.

Azure Advisor Recomandation.jpg

 

 

Assign Static IP Address In Azure VM.

Why we assign static IP/Private  address in Vms/Services ?

Application requirements – Web applications, SQL database, Domain servers etc need to connect with fixed IP/Static IP address.

if it’s a Web application/SQL database VM then it’s important to have static IP address so Web application/SQL Database  settings always can refer the same ip address and there will be no change .

Security – when VM uses static IP addresses we can create firewall rules and deploy the Application easily. So we can control over the internet or applications traffic flow.

As in Azure, static IP address (public) is count as a service so there will be addition charge for it.

Why it is needs in Windows Azure Environments.

In Windows azure platform if you are creating an web application ,vm or  other services then Dynamic IP address will assign automatically and can be changed to Static IP address.

Note: I would always suggest that if you are moving the On-premises workloads to Azure or running critical application on Azure then please change dynamic IP address to static IP address so We no need to change the application configuration regularly in case of reboot or application failed due to heavy traffic etc.

Difference Between Static IP Address and Dynamic IP Address:-

Static IP address: Static IP address is your fixed IP Address So it can not change automatically and Your application will rum smoothly as per your configuration.  We use Static IP address for most trusted devices. Example: Web application,SQL server Load balancer, Network Devices etc.

Dynamic IP Address:  Dynamic IP Address is something which is assign automatically to our device by DHCP Server and it can be changed while rebooting the VMs, restarting Web application and every time it will assign the new ip address form the DHCP.

 How to Assign the Static IP address in Azure VM using the Resource manager Portal.

  • Select the VM you want to Assign the public IP address
  • Click on the Overview
  • Select the Public IP address
  • Select the Configuration
  • Change the Mode Dynamic to Static .
  • If you would like to add your DNS IP address then please provide the DNS IP address which is register with your DNS provider.

static IP 1

Select the Statu Dynamic to Static and save it. Changes will take max 5 min to complete

Static IP

 

Connect On premise with RAAS

 

RRAS Server setup and  Configuration for Site to Site connection

Please connect RAAS server you want to configure the Site to site VPN connection using the RAAS

Prerequisite:

Please go to the Ethernet card or NiC card network properties.

  • Unchecke  all the settings except for  TCP/IPv4 protocol.
  • Go to the properties of TCP/IPv4 and Select the properties.
    • IP Address
    • Gateway
    • DNS Servers

RAAS net1

  • Select the  TCP/Ip V4 and Click on properties.
  • Thank click on advance

 

RAAS net2

  • Click on the WINS
  • Disable NetBIOS over TCP

RAAS net 3

  • Please install the Remote Access services in Server 2012 R2 ,2008,or 2016 Server as per your requirement.
  • Open Server Manager. Select Manage -> Add Roles and Features.

On the Add Roles and Features Wizard ->Add Roles and Features.

  • Before You Begin: Click Next

RAAS1Installation Type: Role-based -> Click NextRAAS2

  • Server Selection: Select a server from the server pool -> RRAS-Server -> Click Next

RAAS3

  • Server Roles: Check Remote Access -> Click Next

RAAS4

  • Features: Click Next

RAAS5

RAAS6

  • Remote Access: Click Next
    • Role Services:
      • Direct Access and VPN (RAS)
        • Click Add Features on the pop-up window
      • Routing
      • Click Next
  • Web Server Role (IIS): Click Next
    • Role Services
      • Accept Defaults: Click Next

RAAS7

Web server Role will Install automatically with Remote access services.

RAAS8

 

RAAS9

 

  • Confirmation: Click Install

RAAS 10

Once it is Install  Pleas close the setup.

Open the Routing and Remote Access Server Setup Wizard

Routing and remote 1

  1. Configure and enable Routing and Remote Access

remote and routing 3

Once you will click configure and enable routing Remote access you will get welcome wizard.

Routing and remote 4

Click on Secure Connection between 2 private network.

Routing and remote 6

Demand Dial Connection Click Yes

routing and remote 7

Assign Address Automatically

routing and remote 8

Completing the Routing and Remote Access Server Setup Wizard: Click Finish

routing and remote 9

The Demand-Dial Interface Wizard will appear.

  1. Welcome to the Demand-Dial Interface Wizard: Click Next

deman-Dial in 1

Interface Name: Type in Remote access  or As per your organization standard Name , click Next

deman-Dial in 2

Connection Type: Select Connect using virtual private network (VPN), click Next

deman-Dial in 3

VPN Type: Select IKEv2, click Next

deman-Dial in 4

Provide the Virtual network gateway Public IP address which is required to connect to azure network.

deman-Dial in 5

Select Route IP Packets on this interface.

deman-Dial in 6

Provide the IP address range of your azure VNet configuration so it will start using you Vnet configuring

deman-Dial in 7

Provide Azure Connection Shared key (PSK) for authentication.

deman-Dial in 8

Finish the setup.

deman-Dial in 10

 

Site to Site VPN connection Setup  and Configuration

  • Please longing to Azure Portal
  • Click on Networking –> Click on connection
  • Select the Basic Configuration:
  • Provide the connection Type: Site to Site (IPSec)
  • Subscription Name:
  • Resource Group name
  • Location of your Vnet

connection 1

Please Select the gateway which you have created in Same Region.

Second virtual network Gateway is your local network Gateway select the same.

Please Provide the connection name

Please provide the shared access key to use to provide in you RAAS server to authenticate the Site to site VPN connection.

connection4

Once this is done , Please check and verify the connection:

Check The Status : It should Be connected not connecting

Check the Data in and out it should not be in one way data in or out. Then there is some configuration need to re-verify of your connection will not established.

connection 10

Now Enjoy useing your On-premises connectivity to azure and do more testing for learning purpose & it is not f

 

Connect to you On-premises Network From Azure: Site to Site VPN (ARM)

What is Site to Site VPN

Site-to-site VPN is a type of VPN connection that is created between on your azure and On-premises locations. It provides the ability to connect geographically separate locations or networks & usually over the public Internet connection or a WAN connection.

A Site-to-Site VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. this types of VPN connection required a VPN device located on-premises that has an externally facing public IP address assigned to it.

How to Create Site to Site VPN

 

Prerequisite: —

Verify Below Criteria before you will create the site to site connection:-

  • Please Verify in which Azure model (Classic or Resource manager )you want to create the Site to site connection. These two models are not completely compatible with each other.

 

  • Before we start the configuration and deployment we should know on which model we need to deploy as both the model are not compatible with each other.

 

  • Microsoft has always  recommend to use the Resource Manager deployment model.

 

  • It’s very important point to verify the compatible VPN device which supports the Site to site, Multi site etc. VPN connectivity through route based protocol and Network Engineer who will configure this Device because MS has so many vendor who will provide the their image.

 

  • We required an externally facing public IPv4 IP address for our VPN device. This IP address cannot be located behind a NAT.

 

  • If we are not unfamiliar with the IP address ranges located in your on-premises network configuration, Please coordinate with your network administrator who can provide the IP Range, Subnet and other required details.

 

  • When We  create this configuration, We must specify the IP address range prefixes that Azure will route to your on-premises location.

 

  • None of the subnets of our  on-premises network can overlap with the virtual network subnets that we want to connect .

Step: 1:- Create Virtual network using below link.

Setup and Configuration Vnet

To create Teh Vnet we should have below required details and if you are working with project then please contact your network administrator before you will proceed further.

Below things are optional and it is not related to any network , For example i will provide the details

  • Virtual Network Name: Rcloud
  • Address Space Range: 
    • 10.30.10.0/16
    • 10.14.0.0/16 (optional for this exercise)
  • Subnets:
    • FrontEnd: 10.30.10.0/24
    • BackEnd: 10.14.0.0/24 (optional for this exercise)
  • Subnet Gateway: 10.31.255.0/27
  • Resource Group: Rcloud
  • Location: East US
  • DNS Server:  We can choose the default IP address of DNS serve till the time you didn’t integrate your VPN to Azure.
  • Virtual Network Gateway Name: Rcloud
  • Public IP Name: VNet1GWIP
  • VPN Type: Route-based
  • Connection Type: Site-to-site (IPsec)
  • Gateway Type: VPN
  • Local Network Gateway Name: Rcloud1
  • Connection Name: Azure to On premises

Step2: Specify a DNS server

DNS is not required to create a Site-to-Site connection. However, if we want to have name resolution for resources that are deployed to your virtual network.

We should specify a DNS server either Default or On-premises DNS Server.

This setting lets us specify the DNS server that we want to use for name resolution for this virtual network.

Virtual network DNS1

Step 3: Create the gateway subnet

Virtual network gateway uses specific subnet called the ‘GatewaySubnet’. The gateway subnet contains the IP addresses that are used by the VPN gateway services.

  • When we create a gateway subnet, it must be named ‘GatewaySubnet’. Naming a subnet ‘GatewaySubnet’ tells Azure where to create the gateway services.
  • If we name the subnet something else, Our VPN gateway configuration will fail.
  • The IP addresses in the GatewaySubnet are allocated to the gateway services. When we create the GatewaySubnet, We specify the number of IP addresses that the subnet contains.
  • The size of the GatewaySubnet that we specify always depends on the VPN gateway configuration that we want to create.
  • Hence it is possible to create a GatewaySubnet as small as /29 and Microsoft recommend that we can create a larger subnet that includes more addresses by selecting /27 or /28.
  • Using a larger gateway subnet allows for enough IP addresses to accommodate possible future configurations.
  1. In Azure portal, navigate to the virtual network for which you want to create a virtual network gateway.
  2. In the Settingssection of your VNet blade, click Subnets to expand the Subnets blade.
  3. On the Subnetsblade, click +Gateway subnet at the top. This will open the Add subnet

S2S gateway

Add the Subnet gateway

S2Ssubnet range

Step-4: Create a VPN Or Virtual Network gateway.

Prerequisite :-

Virtual Network Gateway name: Please provide the Virtual network name your organization naming convention.

Gateway Type : Vnet gate way are 2 Types. It is basically how you wan to connect to your on-premises VPN devices.

VPN Types are :

Site to Site :

A Site-to-Site (S2S) VPN gateway connection is a connection over IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. S2S connection requires a VPN device located on-premises that has a public IP address assigned to it and is not located behind a NAT.

S2S connections can be used for cross-premises and hybrid configurations.

Note: It is connection over the Public IP which extend your data center using the VPN device to Azure.

  • Point to site :A Point-to-Site (P2S) VPN gateway connection allows you to create a secure connection to your virtual network from an individual client computer. P2S is a VPN connection over SSTP (Secure Socket Tunneling Protocol).

Note: It is a connection where you can connect your Azure VMs useing a VPN connection.

  • Express Route : Microsoft Azure Express Route lets you extend your on-premises networks into the Microsoft cloud over a dedicated private connection facilitated by a connectivity provider

Note: It is private connection from your datacenter to Azure by Dedicated private Facilitated by your ISP which will allow O365,O365 Dynamics MS azure or cloud services  connect directly using as Site to site or Point to Site  connectivity.

Services Point-to-Site Site-to-Site ExpressRoute
Azure Supported Services Cloud Services and Virtual Machines Cloud Services and Virtual Machines Public Peering
Power BI
Dynamics 365 for Operations (formerly known as Dynamics AX Online)
Most of the Azure services with a few exceptions below
CDN
Visual Studio Team Services Load Testing
Multi-factor Authentication
Traffic ManagerMicrosoft peering
Office 365
Dynamics 365 (formerly known as CRM Online)
Dynamics 365 for Sales
Dynamics 365 for Customer Service
Dynamics 365 for Field Service
Dynamics 365 for Project Service
Typical Bandwidths Typically < 100 Mbps aggregate Typically < 1 Gbps aggregate 50 Mbps, 100 Mbps, 200 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, 5 Gbps, 10 Gbps
Protocols Supported Secure Sockets Tunneling Protocol (SSTP) IPsec Direct connection over VLANs, NSP’s VPN technologies (MPLS, VPLS,…)
Routing RouteBased (dynamic) We support PolicyBased (static routing) and RouteBased (dynamic routing VPN) BGP
Connection resiliency active-passive active-passive or active-active active-active
Typical use case Prototyping, dev / test / lab scenarios for cloud services and virtual machines Dev / test / lab scenarios and small scale production workloads for cloud services and virtual machines Access to all Azure services (validated list), Enterprise-class and mission critical workloads, Backup, Big Data, Azure as a DR site

SKU: Below are SKU are provided by Microsoft team.

SKU S2S/VNet-to-VNet P2S Aggregate
Tunnels Connections Throughput
VpnGw1 Max. 30 Max. 128 500 Mbps
VpnGw2 Max. 30 Max. 128 1 Gbps
VpnGw3 Max. 30 Max. 128 1.25 Gbps
Basic Max. 10 Max. 128 100 Mbps

Public IP : We  have create the new public IP address which will be use for virtual network gateway . Please provide the name as per your organization naming convention.

Subscription : Under which subscription you need to create the Vnet gateway

Resources Group :You Resource Group name under  you have created teh Virtual Network

Location: Location of your VPN devices location or near to your data center.

1: Go to search Button  and search Virtual network gateway

virtual network Gateway1

Click on Add Virtual Network.

azure virtual network 2

Provide the Configuration As per your organization required.

virtual network Gateway2

Click Create and it will take around 45 min to complete.

Step-5: Create the Local Network Gateway

Local network gateway refers to your on-premises location.which gives you site name which you can specify in azure ,Than specify the IP address of the on-premises VPN device to where you will create a connection. we also specify the IP address prefixes that will be routed through the VPN gateway to the VPN device.

The address prefixes you specify are the prefixes located on your on-premises network. If we have on-premises network changes or we need to change the public IP address for the VPN device, we can easily update the values later.

  1. In the portal All resources, click Add Button
  2.  Click Networking – Select – Local network gateway, then click to search. This will return a list. Click Local network gateway to open the local network gateway properties, then click Create to open the Create local network gateway .
  3. Please provide the Public IP Address of your RAAS Device or VPN Device IP
  4. Just type on Google What is my IP you will get the Public IP address. this is recommend only for testing purpose RAAS device.
  5. local network Gateway.JPG
  6. Click on Create , Once the Local  network created please configure the VPN device and configure the Site to site connection using the local network gateway and virtual network gateway.

RAAS VPN Device configuration & S2S connection

Azure VPN or Virtual Network (Vnets)

What Azure Virtual Networks ?

Azure Virtual Networks is secure way to connect Azure resources & each other with virtual networks (VNets).A VNet is a represent of your own network in the cloud.
VNet is a logical isolation of the Azure cloud dedicated to your subscription. We can also connect VNet to our on-premises network.

Azure Virtual Network capabilities

  •  Isolation:  

VNets are isolated  & We can create separate VNets for development, testing, and production using the same CIDR address blocks. We can create multiple VNets that use different CIDR address blocks and connect networks together. We can segment a VNet into multiple subnets. Azure provides internal name resolution for VMs and Cloud Services role instances connected to a VNet. We can optionally configure a VNet using our DNS servers, instead of using Azure internal name resolution.

“CIDR : Classless Inter-Domain Routing, called as super-netting is a way to allow more flexible allocation of Internet Protocol (IP) addresses than it was possible with the original system of IP address classes or Basically it defines the range of IP address.”

  • Internet connectivity:

Azure VMs and Cloud Services role instances connected to VNet, so they have access to the Internet and We will enable the inbound access to specific resources based on requirements.

  • Azure resource connectivity:

Azure resources such as Cloud Services and VMs can connect to the same VNet. The resources can connect to each other using private IP addresses, even if they are in different subnets.
Azure provides default routing between subnets, VNets, and on-premises networks, so we don’t have to configure and manage routes.

  • VNet connectivity:

VNet can be connected to each other & connect to any VNet to communicate with any resource on any other VNet.

  • On-premises connectivity:

VNet can be connected to on-premises networks through private network connections between our network and Azure,or through a site-to-site VPN connection over the Internet.

  • Traffic filtering:

VM and Cloud Services instances role can be filtered inbound and outbound traffic by source IP address and port, destination IP address and port,and protocol in network traffic.

  • Routing:

You can optionally override Azure’s default routing by configuring your own routes,or using BGP routes through a network gateway

How to Create the Virtual Networks ?

  • Please logging to the Azure portal & if you don’t have azure portal than please,

    sign up for a free one-month trial.

  • Click on the New (Plus Tab)
  • Select networking
  • Select the virtual network
  • Please provide the Virtual Network Name
  • Address Spaces  (The virtual network’s address range in CIDR notion) – Please ask your network administrator to provide the Address space if you are planning to configure in Production Environment.
  • Pleas Provide the Subnet name as per your requirements because you might be remember during the VPN configuration or VM creation.
  • Subnet Address range:The subnet’s address range in CIDR notation.It must be contained by the address space of the virtual network. The address range of a subnet which is in use can’t be edited .
  • Note: Please ask your network administrator to provide the Address space if you are planning to configure in Production Environment.
  • Subscription Name 
  • Resource Group name :- Pleas keep all the resource in the same Resource group so while creating the S2S ,P2S etc VPN it will work fine.
  • location : Please select the location as per your nearest region
  • Click on Create and wait for 5 to 10 minutes.

azure vpn1

  • Once it is created it will be looks like below.
  • Please check the Vnet Properties and configuration.

vpn1

Overview: In overview tab it will show the address range ,location,subscription and other related details of your Vnets.

VPN overview

Activity Logs

 

VPN activity logs

Tags:Tags are name/value pairs that enable you to categorize resources and view consolidated billing by applying the same tag to multiple resources and resource groups

VPN tags

Address Spaces : The virtual network’s address range in CIDR notion

VPN address space

Connected Devices: This tab will show how many devices or services are connected to this V-net.

vpn connected devices

Subnets: We can add the addition subnet if it is required and we can Subnet gateway to create the site to site VPN.

subnets

DNS Servers: We can add the default or custom domain server as per our requirements.

VPN DNS

Peering: Enables resources connected to different Azure VNets within the same Azure location to communicate with each other. The bandwidth and latency across the VNets is the same as if the resources were connected to the same VNet.

VPN peering1

We can add the peer network as per our requirements. 

  • Provide the Name
  • peer Details (ARM or ASM)
  • Subscription ID
  • Virtual Network apart form your network or Vnet yo want to peer.
  • Enable the configuration Allow forward traffic/gateway Transit/Remote gateway.

vpn peering

Properties: It will show your properties of you Vnet.

VPN properties

Locks: In this tab we can lock the resource Group of Vent group for deleting/Editing.

VPN lock

Automation Script: It is used to deploy Vnet with ARM script.

vpn automation script

Diagram : This will show how many devices are connected .

Diagram

Note:- I will cover Site to site VPN in next Blogs. Please do like and comments if you like the blog.

 

 

Azure DNS Records and limitations

DNS records

 Record names

Azure DNS are specified by using the relative names and fully qualified domain name (FQDN) includes the zone name.

Note:-  Relative record name ‘www’ in the zone ‘Rcloud.com’ than the fully qualified record name would be ‘www.Rcloud.com’.

Record types

Every DNS record has a name & type. DNS Records are organized into various types according to the data they contain. Most common type is an ‘A’ record, which maps a name to an IPv4 address & another common type is an ‘MX’ record, which maps a name to a mail server.

Azure DNS supports all common DNS record types: A, AAAA, CNAME, MX, NS, PTR, SOA, SRV, and TXT.

Note that SPF records are represented using TXT records.

Record sets

Record set are where you will have 2 different IP address associated with one domain Name.

If you have an commercial website and your websites require 2 different IP address for failover or reduce the traffic then you can use the record set.

Azure DNS manages all DNS records using record sets. A record set (also known as a resource record set) is the collection of DNS records in a zone that have the same name and the same type.

How to create Record Set:-

  • Select the DNS server
  • Click on Record Set
  • Add the record set

recordset1

Time-to-live

Time to live, or TTL, specifies how long each record is cached by clients before being re-queried. The TTL value is  3600 seconds or 1 hour and we can customized between 1 and 2,147,483,647 seconds.

Wildcard records:

Wild card records are  sent the query with the matching domain name unless there no closer matching name from non-wildcard record set.

Note: We can create the wild card record with ‘*’  ie: ‘*”rcloud’.

A Record:- 

A record maps a domain to the physical IP address of hosting domain. Internet traffic uses the A record to find the computer hosting on your domain’s DNS settings.

The value of an A record is always an IP address, and multiple A records can be configured for one domain name.

A record

AAA Record:- 

A record is to the IPv4 address space, the AAAA record (also known as a quad-A record) is to the IPv6 address space.

AAA Record

CNAME records:

CNAME record called as  Canonical Name record  ) is a type of resource record in the Domain Name System (DNS) used to specify domain name is an alias for another domain canonical domain.

  • Click on Record Set
  • Add the CNAME record
  • Provide the name
  • Type: Cname
  • TTL Value as per your origination
  • TTL unit as per your origination
  • Allias for your CNAME records.

Cname record

MX Record

Mail exchanger record (MX record) is a type of resource record in the Domain Name System that specifies a mail server responsible for accepting email messages on behalf of a recipient’s domain

MX record

NS Records

NS record is a DNS record that lists an authoritative name server for a domain. A domain name can have multiple NS records

nsrecord

Service record (SRV record)

Service record (SRV record) is a specification of data in the Domain Name System defining the location, i.e. the hostname and port number, of servers for specified services.

SRV record

TXT record (short for text record) is a type of resource record in the Domain Name System (DNS) used to provide the ability to associate with some custom name  and unformatted text with a host.

TXT record

PTR Records

The Pointer (PTR) record provides data for reverse DNS, which is used for logging the domain name and verification purposes. Also called inverse DNS.

ptr record

 

Azure DNS Limits

Continue reading “Azure DNS Records and limitations”

Blobs, File, Tables and queue storage configuration

Storage account are covered below sub storage accounts where your data will store and data will be segregated in storage account as per your services accordingly.

Blob Storage:

Blob storage stores unstructured object data.A blob can be any type of text or binary data, such as a document, media file, or application installer.Blob storage is also referred to as Object storage.

Table storage:

Table Storage stores structured data sets. Table storage is a NoSQL key-attribute data store, which allows for rapid development and fast access to large quantities of data.

Queue storage:

Queue Storage provides reliable messaging for workflow processing and for communication between components of cloud services.

File storage:

File Storage offers shared storage for legacy applications using the standard SMB protocol. Azure virtual machines and cloud services can share file data across application components via mounted shares, and on-premises applications can access file data in a share via the File service REST API.

Container 

Azure Container services is part of blob services and are used to keep the .VHD files etc.

if you are creating the VMS then the VHD files will be store in the Container.

Even it is type of blob where your data will keep your data ,files and folders to access from  different sources.

Blob1

CORS:

It is basically use for development work and website configuration.

CORS is an HTTP feature that enables a web application running under one domain to access resources in another domain. Web browsers implement a security restriction known as same-origin policy that prevents a web page from calling APIs in a different domain. CORS provides a secure way to allow one domain (the origin domain) to call APIs in another domain.
You can set CORS rules individually for each of the storage services (i.e. blob, file, queue, table). Once you set the CORS rules for the service, then a properly authenticated request made against the service from a different domain will be evaluated to determine whether it is allowed according to the rules you have specified.

 

Example: Javacode has loaded to as part of  http://www.rcloud.com can’t issue request at to any other domain such as http://www.TestRcloud.com.

Allow Origins:
A comma-separated list of origin domains that will allowed via Cors, or “*” to allow domains.
there are limited to 64 origin domains. each allowed origin can have up to 256 Characters.

Allowed Verbs:
The methods (HTTPS Request verbs) that the origin domain may use for a cors request.
like Delete,get, Head, mearge, Post Option Put.

Allowed headers:
The request headers that the origin domain may specify on the CORS request. there are the limited to 64 defined headers and 2 prefixed headers. Each headers cab be up to 256 characters

Exposed Headers:

The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer.

Maximum Age (Seconds):
The maximum Amount time that a browser cache the preflight option request.

Cors

 

Costom Domain

It is use to set the custom domain such as you origination name with Azure Blobs.

so we ever you will browse your costum domain name thee it will automatically directed your request to Azure blobs which you have configured custom domain.

Configure a custom domain for accessing blob data in your Azure storage account, like www.contoso.com. There are two methods you can use to set up a custom domain.

  1. Create a CNAME record with your DNS provider that points from your domain (like www.rcloud.com) to rcloud1.blob.core.windows.net. This method is simpler, but results in a brief downtime while Azure verifies the domain registration.
  2. Create a CNAME record with your DNS provider that points from the “Rcld” sub-domain (like asverify.www.rcloud.com) to Rcld.rcloud1.blob.core.windows.net. After this step completes, you can create a CNAME record that points to rcloud1.blob.core.windows.net. This method does not incur any downtime. To use this method, select the “Use indirect CNAME validation” checkbox

Encryption 

Storage service encryption protects your data . Azure Storage encrypts your data as it’s written in our data centers, and automatically decrypts it for you as you access it.
Currently, this feature is available for Azure Blobs and Files.
Note that after enabling Storage Service Encryption, only new data will be encrypted, and any existing files in this storage account will remain unencrypted.
encryption
Azure Content Delivery Network

The Azure Content Delivery Network (CDN) is designed to send audio, video, images, and other files faster and more reliably to customers using servers that are closest to the users.

This dramatically increases speed and availability, resulting in significant user experience improvements.

 

CDN

Azure Search

Azure Search  is a search solution that makes it easy for developers to add robust full-text search experiences to web and mobile applications.

Azure Search

Metrics

Azure metrics are used to show your total request , Latency and success percentage .

Which will help us to understand how many web request are fails/Success   and howz the latency we are getting the azure web apps.

Azure metrics

 

Usage

This will shows , Usage of the blobs and containers counts etc.

You can add alert while clicking on edit buttons and add the alert as per your requirements.

usage

File Storage

File storage account is used to keep and share the data for development work , Files share , VHDs etc. It is only supported till 5 TB of data.

We can create multiple Azure file share server and limit of  5 TB storage of Data.

FILE

file server

CORS:

File storage account also supports the cores. Please take a look of azure Blobs section to know more about cores.

Cors

Encryption 

Storage service encryption protects your data . Azure Storage encrypts your data as it’s written in our data centers, and automatically decrypts it for you as you access it.
Currently, this feature is available for Azure Blobs and Files.
Note that after enabling Storage Service Encryption, only new data will be encrypted, and any existing files in this storage account will remain unencrypted.
encryption

Metrics

Azure metrics are used to show your total request , Latency and success percentage .

Which will help us to understand how many web request are fails/Success   and howz the latency we are getting the azure web apps.

Azure metrics

 

Queue Services:

Queue Storage provides reliable messaging for workflow processing and for communication between components of cloud services.

queue

CORS:

File storage account also supports the cores. Please take a look of azure Blobs section to know more about cores.

Cors

Metrics

Azure metrics are used to show your total request , Latency and success percentage .

Which will help us to understand how many web request are fails/Success   and howz the latency we are getting the azure web apps.

Azure metrics

Create & manage Azure Storage account

How to Create Storage account

1: Sign in to the Azure portal.

2: On the Hub menu Click on search then search storage ->select  Storage -> Storage account.

storage account0

3: Enter a name of  your storage account as per your organization standard Name.

4: Specify the deployment model to be used: Resource Manager or Classic.

Resource Manager is the recommended deployment model .

5: Select the type of storage account: General purpose or Blob storage.

“If General purpose was selected, then specify the performance tier: Standard or Premium. The default is Standard.”

6: Select the replication option for the storage account: LRS, GRS, RA-GRS, or ZRS. The default is RA-GRS. For more details on Azure Storage replication.

Note: Pleas follow my blog to understand the storage and LRS, GRS, RA-GRS, or ZRS.  https://rcloudweb.wordpress.com/2017/06/21/azure-storage-account-overview-easy-to-understand/

7:  Please Select the subscription in which you want to create the new storage account.

8: Specify a new resource group or select an existing resource group. For more information on resource groups

9: Select the geographic location for your storage account: Ex- East US, Central US, West US etc.

10: Click Create to create the storage account.

storage account1

11: Select to pin to Dashboard if you want your services would be shown to Azure dashboard after creating .

Storage account endpoints: 

Azure account Endpoint are useful for the accessing the blob services,Table Services,Queue services & File services to access the data , Share the Data etc.

YourStorageAccountName = Storage account Name provided by you while creating the storage Account  and it will follow the naming convention as per Storage services blew.

Blob service: http://YourStorageAccountName.blob.core.windows.net

Table service: http://YourStorageAccountName.core.windows.net

Queue service: http://YourStorageAccountName.queue.core.windows.net

File service: http://YourStorageAccountName.file.core.windows.net

Manage your storage account

Once the We have created the storage account the please look it the Storage account settings in Details below

Overview:  It will show all the storage accounts and there usage etc details.

It will show your all the Storage account types like : Blob storage, Tables storage, File  storage  and Queue storage. While clicking on those storage you can access these  sub storage .

storage account3

Azure storage oveview

Activities Logs: Activities logs are the just like a events logs of your services or It will show complete activity logs on your storage account.

activity logs

Access Control (IAM) : It is Role based access authentication for storage accounts , If you want some from you team to manage the storage accounts or you want to restricts the access to other department that you can add that user in IAM and limited the access to particular user.

Access Control

Tags: Tags are name/value pairs that enable you to categorize resources and view consolidated billing by applying the same tag to multiple resources and resource groups.

tags

Diagnose  and Solve Problem:  It is MS azure Knowledgebase solution , It is collection of common scenarios solution where we can go through the solution and try to fix the issue Common Scenario  are below and more you can find in azure portal.

  • I can’t delete my storage account
  • Move Data to, from, or within Azure Storage
  • Need help with Import/Export
  • My VM/Disk is slow My storage service is slow

Diagnose and Solve Problems

Access Keys:- Use access keys to authenticate your applications when making requests to this Azure storage account. Store your access keys securely – for example, using Azure Key Vault – and don’t share them. We recommend regenerating your access keys regularly. You can found two access keys so that you can maintain connections using one key while regenerating the other.

Access key are used to access the Azure storage account and it components : File storage, Blob Storage etc.

access keys

Configuration : The cost of your storage account depends on the usage and the options you choose below.

If we want to change the configuration then we can change while selecting the below option .

Performance : We can chooses Standard and Premium storage accounts basses on the organization needs.

Secure Transfer: IF you wan to transfer data or files securely then please enable this option.

Replication : You can change the Replication option like LRS,ZRS,GRS,RA-GRS

Configuration

shared access signature : A shared access signature (SAS) is a URI that grants restricted access rights to Azure Storage resources. You can provide a shared access signature to clients who should not be trusted with your storage account key but whom you wish to delegate access to certain storage account resources. By distributing a shared access signature URI to these clients, you grant them access to a resource for a specified period of time

Note: Basically it is used for the development work and if you want to share some Development data or API work to client with restricted access please try this.

Shared access Signature

Properties : Storage account properties is basically show what is configuration you have choose while creation of storage account : like: location, Name , Resource ID etc.

properties

Automation Script:  Automate deploying resources with Azure Resource Manager templates in a single, coordinated operation. Define resources and configurable input parameters and deploy with script or code

“If you want to create the Create the storage account  using JASON then u can try this option.”

Automation Script

For Blobs, File, Tables and queue storage properties and configuration will add in next Blog.

 

Azure Storage Account Overview & Easy to understand.

Azure Storage Account

Azure storage account is Cloud based azure storage solution , Where you can store your .VHD’s,Data,Tables,queues etc files.

Azure storage provides the following four services to store the different types of Data within the Azure Platform.

  • Blob storage:

Blob Storage stores unstructured object data.A blob can be any type of text or binary data, such as a document, media file, or application installer.Blob storage is also referred to as Object storage.

  • Table storage: 

Table Storage stores structured datasets. Table storage is a NoSQL key-attribute data store, which allows for rapid development and fast access to large quantities of data.

  • Queue storage:

Queue Storage provides reliable messaging for workflow processing and for communication between components of cloud services.

  • File storage:

File Storage offers shared storage for legacy applications using the standard SMB protocol. Azure virtual machines and cloud services can share file data across application components via mounted shares, and on-premises applications can access file data in a share via the File service REST API.

Below are the stracturacle Windows Azure Storage Diagram to understand work Flow Easily.

About_Storage

Types of Azure Storage Accounts:

Standard Storage Account:

I will gives you the access to Azure Storage services such as Tables, Queues, Files, Blobs and Azure virtual machine disks under a single account.

“Standard Storage is normal HDDs disks and delivers cost-effective storage compare to Premium storage disk. Standard storage can be replicated locally in one datacenter, or be geo-redundant with primary and secondary data centers.”

Premium Storage Account:

Azure Premium Storage delivers high-performance, low-latency disk support for virtual machines (VMs) with input/output (I/O)-intensive workloads. VM disks that use Premium Storage store data on solid-state drives (SSDs). To take advantage of the speed and performance of premium storage disks, you can migrate existing VM disks to Premium Storage.

Azure Storage Accounts: Replication for durability and high availability.

It is important, While creating the azure storage account you need choose the below option based on your data, Application and other services criticality and choose the below option very carefully while creating the storage account.

As it is defining your replication and High availability for your Azure Environments.

  • Locally redundant storage (LRS).

Locally redundant storage maintains three copies of your data. LRS is replicated three times within a single data center in a single region.

LRS protects your data from normal hardware failures, but not from the failure of a single data center.

  • Zone-redundant storage (ZRS).

Zone-redundant storage maintains three copies of your data. ZRS is replicated three times across two to three facilities,either within a single region or across two regions, providing higher durability than LRS. ZRS ensures that your data is durable within a single region.

  • Geo-redundant storage (GRS).

GRS maintains six copies of your data. With GRS, your data is replicated three times within the primary region, and is also replicated three times in a secondary region hundreds of miles away from the primary region.

Providing the highest level of durability. In the event of a failure at the primary region, Azure Storage will failover to the secondary region. GRS ensures that your data is durable in two separate regions.

  • Read-access geo-redundant storage (RA-GRS).

It’s replicates your data to a secondary geographic location, and also provides read access to your data in the secondary location.

It’s allows you to access your data from either the primary or the secondary location, in the event that one location becomes unavailable.

It is the default option for your storage account by default when you create it.

 

 

How to Create A Free Azure Subscription

What is Azure Subscription ?

A Windows Azure subscription grants you access to Windows Azure services,resources Monitoring services etc and  provide you the access to manage the subscription, billing, usage, administration work in both the portals. (ASM & ARM).

How to Create the Free Azure subscription.

1:-Go to https://account.windowsazure.com/Subscriptions. Use your admin account Window Live ID for authorization.

What is live ID: Live it is Microsoft E-mail id which contain the domain Name like username@Hotmail,@outlook.com,@live.com etc

 

2: You will find following screen with list of active subscriptions. To add a new subscription Click on “+ add subscription” button available at the bottom.

AdD the subscription according to your Organization or if it for personal user then select according to your usage (Free trail). Please find the below support plan.

  • Free trail
  • Pay As you GO
  • Developer Support
  • Professional Direct Support
  • Standard Support
  • Azure n open etc

Subscription 1

Please provide your below Require Details.

  • Name
  • Address
  • Phone Number
  • Verification code
  • Credit card information.
  • Office address
  • in Click on agree the lincences and agreements.
  • Click on purchase .

It will take 10-15 minutes to Make ready the Azure subscription for you.

azure subscription2

Once the subrication is ready Please login to

1: https://manage.windowsazure.com for ASM portal.

2: https://portal.azure.com  for ARM portal.