Azure VMs Reboot and Maintenance Alerts

How to enable the Azure VMs reboot alert in azure portal, as this been problem where to raise an alert and what services need chose to select those alert and how to add those alert in through Azure alerts or native solution -Log analytics .

In this blog post i am sharing my experience to enable the alerts if VMs got reboot, stopped, deallocated, started and other operation which may cause the business impact.

We can configure the below Alert through Azure Alerts.

Restart alert-2.jpg

 

Step:1- Alert Configuration 

  • Select the VMs or services you want to configure the alerts.
  • Go to monitoring tab and click on Alerts.
  • Click on the Add Activity Log Alerts.

Restart alert1.jpg

Step 2: Alert Configuration as per Service Monitoring .

  • Once you will click on Add Alerts, you will get the below windows.
  • Select the Log Alert name
  • Descriptions
  • Subscription
  • Proper Resource Group Name.
  • Event Category : Administrator 
  • Resource Type. Virtual Machine (Microsoft.compute/Virtual Machine)
  • Resource Group.
  • Operation Name: Restart .
  • Level : Critical , Low Medium.
  • Status: Started,  Failed , Succeeded.
  • Select the

Restart alert.jpg

Step-3: Email Alert Settings.

  • Click on Action
  • Add New Group
  • Select the Name
  • Email ID
  • Select Ok
  • Alert Notification has been created.

Email Alert set.jpg

 

 

Advertisements

AD Authentication for Azure Storage(Public Preview)

It’s been query for almost all the customers and others Azure community members, How to control the storage accounts from specific user ID but at that time there is limitation and “Azure AD Authentication for Azure Storage is not available.” 

It’s most awaited features and improvements of MS azure team and now it’s available for azure Blob storage accounts and Azure queue storage accounts not for Azure File Server.

Recently Microsoft Azure has released the Ad authentication for Azure storage accounts which will help us to provide security and control more granular level.

We can enable the access using the RBAC Roles and can control the access using the azure AD users and can control for specific ID rather then earlier we do share the SAS and Storage accounts key where was the chances to misuse those credentials

Azure Rback_Storage

 Storage Accounts Authentication

  • Please select the storage accounts you want to give the access to users. 
  • Select the IAM
  • Click on Add
  • Select the below Roles :
  • Storage Blob Data Contribute Roles:  It will allow the read, write and delete access to azure storage blob containers and Data.

  • Storage Blob Data reader Roles: It will allow the read access to azure storage blob containers and Data.

  • Storage Queue Data Contribute Roles: It will allow the read, write and delete access to azure storage queue and queue message.

  • Storage Queue Data reader Roles: It will allow the read access to azure storage queue and message.

azure ad authentication.jpg

 

AD Authentication for Azure Storage:

  • Azure AD integration is available for the Blob and Queue services only in the preview.
  • Azure AD integration is available for GPv1, GPv2, and Blob storage accounts in all public regions.
  • It will supports only storage accounts created with the Resource Manager deployment model .
  • Support for caller identity information in Azure Storage Analytics logging is coming soon.
  • Azure AD authorization of access to resources in standard storage accounts is currently supported. Authorization of access to page blobs in premium storage accounts will be supported soon.
  • Azure Storage supports both built-in and custom RBAC roles. You can assign roles scoped to the subscription, the resource group, the storage account, or an individual container or queue.
  • The Azure Storage client libraries that currently support Azure AD integration include:

Please refer the MS Docs:

Authenticate access to Azure Storage using Azure Active Directory

AAD Authentication Reference

 

Azure Storage Encryption

 

It’s been a query for most of customer, how to encrypt data of Azure storage accounts as azure storage  is public cloud and not sure if my storage account data been compromised. Even more on this how we can get an audit complain for azure storage accounts data and many more query .

Now Azure storage encryption feature will help your keen our data encrypted and now can decrypt your data without your permission if you are using “your Own Key” to encrypt the data.

 

Key Feature of Storage Accounts Encryption.

  • Azure Storage  encryption services protects our data at rest.
  • Azure Storage encrypts our data as it’s written in MS Azure  data centers and automatically decrypts for customers based on there usages or Access to the data.
  • Data is encrypted using Microsoft Managed Keys for Azure Blobs, Tables, Files and Queues.
  • We can choose to bring our own key for encryption for Azure Blobs and Files.
  • Encryption for Tables and Queues will always use Microsoft Managed Keys.
Note: After enabling Storage Service Encryption, “only new data will be encrypted” and “Existing files in the storage account will be get encrypted by a background encryption process.”
Lets start and see how we can encrypt the Storage Accounts.

Step 1: Storage Accounts Encryption

  • Select the Storage Accounts you want to get encrypted.
  • Select Encryption Tab under Setting Pane.
  • Click on the encryption.
  • Here you will found Option
  • Enter your Owner Key
  • Select from key Vault.

I am selecting the second option as i don’t have key vault or Own Key.

Azure Storage account1.jpg

Step-2: Azure Key Vault Creations

  • Click on All services and Search Key Vault.
  • Click on the Key Vault
  • Provide the Name
  • Pricing Tire
  • Access Policy
  • Virtual Network if you wan to allow key with in your networks or restrict from Internet.

keyvault.jpg

Step-3: Azure Encryption Creations

  • Select the Key Vault
  • Select the Key under the Settings Pane.
  • Click on Generate/Import Key.
  • Provide the Name of the key
  • Security Key Type
  • RSA Key Size.
  • Can set the Activation date and Expiration Data.

encryption eky.jpg

Step-4: Azure Storage Accounts Verification.

  • Verify the key Vault
  • Verify the encryption key and select the Correct key.
  • Click on the Save
  • It will take some time and save the settings.
  • Storage Accounts encryption has been enabled.

Verifications steps.jpg

 

Azure Storage:Azure AD Integration,Storage endpoints and Soft delete.

It’s been a while we are conducting the session and thought of to cover the storage session (Deep Drive of  Azure Tables and Queue) and Try to covered New Features like Azure storage Endpoints ,Azure AD Integrations, Configure VM MSI etc.

We have conducted the 4 session on azure Storage .Which i will be sharing in my next Blogs.

As Part of our AzureTalk free webinar ,I have given the session on storage  where i have covered the below Topics.

  • Azure Tables and Queue
  • Azcopy
  • Azure Storage Services Endpoints and Firewal
  • Azure AD Integration and Authentications .
  • Configure VM MSI.
  • Soft Delete (Public Preview)
  • Demo

Azure Storage Accounts: Blob Storage and File Storage

It’s been a while we are conducting the session and thought of to cover the storage session (Deep Drive of  Blob storage and File Storage )and where we have covered the New feature which is available now in storage accounts and try to explain in such a way that ,It’s easy understand even for new Azure learns.

We have conducted the 4 session on azure Storage .Which i will be sharing in my next Blogs.

As Part of our AzureTalk free webinar ,I have given the session on storage  where i have covered the below Topics.

  • Azure Storage Accounts Types
  • Blob Storage and File Storage
  • Use Case of Blob storage and file storage.
  • File Storage Creations.
  • Demo

 

 

 

Azure for Beginners Series :Azure Storage Accounts-

 

It’s been a while we are conducting the session and thought of to cover the storage session and where we have covered the New feature which is available now in storage accounts and try to explain in such a way that ,It’s easy understand even for new Azure learns.

We have conducted the 4 session on azure Storage .Which i will be sharing in my next Blogs.

As Part of our AzureTalk free webinar ,I have given the session on storage  where i have covered the below Topics.

  • Azure Storage Accounts
  • Storage Accounts V1 Vs V2.
  • Types of Storage Accounts.
  • Azure Storage Accounts Replications Scope
  • Pre-Requisite of Azure Storage Accounts Creations.

 

Azure VMs Redeploy

Scenarios to be used for Azure VMs redeploy.

  • Due to Hardware failure from MS team.
  • If you are unable to connect to VMs.
  • Unable to take the RDP.
  • In case of the migrating VMs from one Host to Another Azure Host etc.

 

Before Redeploy Verification Steps.

  • Please make sure you have configured the backup properly.
  • Save IP related Information and reversed the IP address.
  • Save the VMs configuration settings.
  • Please remove the data from temporary drive if VMs reboot, all data will be lose.
  • VMs will not be available during Redeployment starts.

Steps: Azure VMs Redeploy.

  • Logging to Azure Portal: – AzurePortal
  • Select the VM Select the VM you need to redeploy
  • Go to Support + Troubleshooting
  • Select the Redeploy
  • Click ok

Redeploy_1

  • Select the VMs
  • Click on the Redeploy option.
  • Read the instruction Carefully.
  • Click on redeploy.

Redeploy_2

Once the Redeployment is completed , Please log in to the VMs and Verify.

Redeploy_3

Redeploy_4.jpg

Azure Backup Reports

I have seen couple of scenarios where customer, Auditors or Management requires to understand the backup report. Generally few below question comes which we have answered as consultant or as team to our customer or Management  about backup.

  • How many VMs We have configured the Backup?

  • How Much Storage space using for my Azure Backup?

  • How to get the backup reports which will help my auditor to understand if backup are taken properly ?

  • What is health status of my Azure Backups VMs/other services ?

  • How many backup jobs are failed?

  • What would be the Job Duration of My VMs Backup/Other services?

And may query which has been asked.

Hence thought of to  write the blogs to configure the backup reports which will help community and organization to understand there Backups and can provide the data when it’s needed.

Step :1 Prerequisite 

  • Identify the Azure Backup Vaults where we want to configure the Backup Reports.
  • Backup Logs Retentationin Days: 30 Days, 90 Days or 1 Year.
  • Storage Accounts where we can retrieved the Backup logs .
  • Power BI Subscription or Can try for free subscription .
  • Storage Accounts and Key

Step :2 Backup Report Configuration From Recovery Vault.

  • Click on the all services
  • Search with “Backup”
  • Select the recovery Vault

Backup-1

  • Select the  Recovery Vault you want to configure the backup.

Backup-2

  • Select the Backup Report
  • Select the Diagnostic Settings
  • Start configuring it for backup report.
  • Once the Configuration is done select the Sign in to Power BI subscription.

Backup-3

  • Once you will click on the Diagnostic Settings you will get the below configuration .
  • Provide the Backup reports Name.
  • Check  the Archive to Storage account Option.
  • Verify the Region and Select the Subscription.
  • Select the Storage account you want to store the Backup Logs.
  • Select the Backup Logs like: Azure Backup Reports,Azure site recovery Jobs Etc.
  • Select the retention Period.

Note: If you want to keep the backup for long time then you can set the retention period is 0 Days.

Once the Diagnostic Accounts settings are set then it will take at lease 24-48 hrs to store the logs in storage accounts.

Backup-4

Step :2 Power Bi Backup report Configurations.

Once you will done with the Diagnostic setting configuration then you can configure the backup Report.

  • Click on the Sign in Button.
  • It will open up the Power BI URL.
  •  Please signup if you don’t have account ,if you have accounts, Please signin.

Backup-6

  • Select the Get Data
  • Select the get under My Organization Tab as per below Screenshot.

Backup-7

  • Click on Apps.
  • Select the Azure Backup Module and select the “Get it now” Option.

Backup-8

Once you will click here you will get an option to provide the Azure Storage Account Name and Key.

  • Go to the Azure portal and search the storage account.
  • Click on the storage accounts.
  • Select the Storage account, Under settings select the access key.
  • Copy the Storage account Name.
  • Copy the storage Key .

Backup-9

  • Provide the Storage Account Name.

Backup-10

  • Provide the Azure storage accounts Key.
  • Click on Sign in

Backup-11

Once yo will sign in your Backup Report will be populated Power BI instance .

Step :2 Power Bi Backup Dashboard 

  • Once the Backup Report App Configure
  • Please click on the Apps.
  • Please click on the Azure Backup Icons

Backup-12

  • Once you will click on the Backup Report.
  • We will able to view the Azure Backup report Dashboard.
  • We can easily find the Azure Backup instance.
  • Backup Size, Jobs success and many More options.

Backup-13

Now Backup reports has been configured Properly.

If you like the Blogs, Please do comments, Share,Follow, Like and comments in Blogs.

https://azure4you.com/

 

Azure AD Identity Protection

In my last blog , I have shared my experience Why and how we have enable the Privileged Identity Management  with P2 Azure Active Directory Access .

I am help you how we can protect the Azure AD identity and how we can find the the vulnerability and close , As this is very sensitive area and It’s need an protection .

It will help you to protract your users  , Access review, Risk Sign off of users and can configured for User Flagged for users, MFA Registration, Flagged user risk Policy Sign in Risk policy, Alerts.

Step-1:  Enabling the services.

  • Click on All services
  • Search the Azure Ad Identity Services Protraction.
  • Click on Enable
  • It will take some time to enable.Azure AD Identiy Management14.JPG

Step: 2- Overview 

In Overview you will see the Dashboard

  • User Flagged Risk
  • Risk Events
  • vulnerability
  • Priority

Azure AD Identiy Management.JPG

Step-3: Getting Started

It will help you find the Identity Protraction Documents and help you configure the services.

getting started

Step-4: User Flagged for Risk

  • Add the All the users.
  • Select the Condition and Select the As per policy , High, Medium and above and low and above.
  • Select the Controls 
    • Multi-factor Authentication.
    • Password change.
    • Require multi factor authentication.
  • Review Numbers of users impacted.
  • Enforce the policy.
  • It will take 2 to 3 mints to enforce the policy.

user-risk-plociy-2.jpg

Step-5 Risk Events 

  • In this Scenario  , We will add our Data centers Location and IP address which will help, if some once trying to access the services out of my IP range then it will trigger an alert.
  • Click on the Add IP location .
  • Click on the location
  • Add the location name and upload the IP address and add manually.
  • Configure it.

risk events1.jpg

Step-6: Vulnerabilities

It will help us to detect , How many user are have multi-factor authentication , How many users has require a change and it will give all the Vulnerabilities .

Azure AD Identiy Management-vernabulity .JPG

Step-7: Multi factor Authentication.

  • It will help us to enable the multi factor authentication for azure users .
  • In Control We can add Require Multi factor authentication.
  • Review will hep to review the access and provide the data.

Azure AD Identiy Management-MFA

Impacted Risk Dashboard

Azure AD Identiy Management-MFA Estimated Impact

Step-9:  User Risk Policy.

It will help us to reduce the risk and provide the report as per policy configuration.

user-risk-plociy-21.jpg

Step-9:  Sign in Risk Policy.

It will help to mitigate the issue related to sign in like, user needs to change the password and Multi-factor authentication.

sign-in-risk-plociy.jpg

Step-10:  Alert  and Weekly Digest

It will help us to configure the alert and weekly Digest will help of summery user at risk, Sign risk etc and provide the consolidated Reports.

 

#Microsoft #Azure#Cloud#AzureTalk

 

Azure Access Review

I am just going through the portal and found the Access review services in Azure portal found very useful so thought of create an Blog.

How access review services will help an access review of guest users, Application and Organization users, As it’s been hard to monitor each and every users/Application and guest users but to meet certain compliance we might required to have an access review on our azure subscription of users. Hence Thought of the share my ideas on how we can achieve this.

Most of the organization using the third party tool for access review and integrating azure subscription on this , I just walking though how easy if you will get things in one place like access review services.

Step:-1 How to On-board the Access Review Services.

  • Click on the All services in our Azure Subscription.
  • Search Access Reviews
  • Click on the Access Review

Access review 1

Step:2 On-board Access Reviews 

  • Click on Onbord services
  • Click on Create
  • After that your services will start on-boarding and apply the default policy.

azure-access-review-1.jpg

Step-3 : Quick Start 

  • Click on Quick Start and Follow the documents which will help you to configure the Access review services and how you will get benefited .

Access Review2

Step-4 Overview 

  • Access Review Overview you will be able to see the dashboard of your access review.
    • Guest User
    • Members
    • Guest App Access
  • App Access
  • in Control you can see the how many users apply for access ,Completed request and Applied Access.
    • Active Users
    • Completed
    • Applied Users
  • You will be able to see the Reviewed Apps and Reviewed Groups.

access-review3.jpg

 Step-5: Add Programs

  • In Add Programs you can add your Customize your Dashboard while configuration of the Add Programs.

access review 3

Step-6: Controls.

  • Click on Controls.
  • Add New Controls.
  • Provide the Review Name
  • Description, Why we are creating the Reviews
  • Start Date will start from the You create the services.
  • Frequency can be: One time, Weekly, Monthly, Yearly .
  • End Date
  • Users: Mamber of Groups review or Application Review.
  • Select the Groups yo want to review.
  • Reviewer : Group Owner , Selected users or Members(Self)
  • Programs Link: Default or program
  • Upon Completion settings
    • No Change
    • Remove Access
    • Approve Access
    • Take Recommendation .
  • Advance Settings
    • Show Notification can be enabled.
    • Require Reason for Approval.
    • Mail Notification can be enabled.
    • Reminders can be enabled.

Access review 4

Once that is done you will get your report as per schedule Date.

 

70-533 Exam Preparation Tips and Tricks

In this Blog, I am sharing my Experience , How i have cleared the 70-533 -Implementing Microsoft Azure Infrastructure Solutions Exam.

As i have been spoken and received an massage from my couple of followers requesting to share the tips and Tricks on how i have passed on 70-735 exam.Hence sharing the thoughts on this.

I have seen many people who has fear of Exam whether i will pass or not ,as been not giving any exam from 3 to 4 years or some other reason which is really common scenario , Hence We have to fight with our fear and take an step towards our carrier /Certification which might play an important role in carrier and justify our expertise .

The first part i did it , Removed the fear from my mind and thought it’s just an normal or my 10th Board Exam and which i have to clear any how.

Before appearing to any exam, I will preparing the course content related to exam which help to understand , What are the challenges i am going to face during the preparation and what are possible scenarios may come to 70-533 Exam.

Few Things Which i majorly Focus on this training.

  • Understand the Course Content of 70-533 Exam :Course Content :Implementing Microsoft Azure Infrastructure Solutions
  • List out the Each and every section and more focus on the part where you will get 15 to 35 % Question from Modules as per course content.
  • My Focus area was –
  • Create and Manage compute Resources ,(20 to 25%)
  • Implementation of Virtual networks, (15 to 20%)
  • Manage Azure Security and recovery services ,  (25 to 30%)
  • Designing and Implementation of Storage Strategy .(10 to 15%)
  • Designing and Implementation of Azure App Services (10 to 15%)

Then rest of other modules which i have covered as per course content .

How Do i Prepare for Exam ?

There are various way to prepare the exam.

If you wants you can go through our Azure Talk session which will really help of clearing the exam and help you to understand Azure Component. It’s help Many Azure training and Pass the exam.

I have prepared from the below Online Training Sites which will help you to pass the exam. Even you can register for free trail and get trained for exam preparation.

Do More Lab and Labs which is very Important Part.

  • Free Azure Labs :240
  • Even you can Create the Free Azure Subscription which will help you to explore your knowledge and hands of experience. Create Free Azure Subscription
  •  Even you would like to have more labs you can follow my other Blogs where i have covers most 70-533 related topics which will help you to understand easily.

 

How to Attend the 70-533 Exam.

Note: Below are the suggestion is Related to my real experience which i have observers, Followers or Reader may not get  same Scenario it may differs as per Microsoft Exam Policy.

When i was attending an exam, I am well prepared and trained with No fear and have confident to clear the exam.

Even i have done 100 of labs again and again which makes confident of Exam Day

Before you start the exam , Please have few point in minds.

  • Once you will click on start exam ,One window will appear , Please go through it you might have 10 mints to read the instruction before the Exam Start.
  • Once you will done with Instruction part , Main question will be appear .
  • In my Case i got few Optional  Question Where we have answer those question without moving to next question, if you moved then you won’t come to previous question.
  • Second Part you will get All the Scenarios Based Question  and i would suggest ,Please read carefully and answer you question and  In this section we have couple of option.
  • Top End you will Question with Scenario
  • In Left hand side you will get an option for time window.
  • Middle you will get 4 option or you need to match the answer while drag and drop.
  • Down you will get 3 option :
    • Review : IF you are not sure that answer is correct , Please click on review if you wont click on the review then you won’t be able modify your answer and might your answer will locked. 

    • Next: IF you are sure that answer is correct , Please click next and your answer will locked. 

    • Submit : If you are sure that you answer is correct then Please click on submit the answer .

70-533

All the Suggestion and ideas is based on my experience which i want to share with my followers.

Please do like , Share , Subscribe ….

 

Azure AD Privileged Identity Management

Just Thought of to cover the Azure access review in this blogs Because most of the organization looking to provide the secure subscription access to their users and partners and how they archive this task.In current trends most of the organization are using third party tools.

In this blogs i am covering the few things :

  • How we can secure the our Azure infrastructure ,
  • How we can review the access of users/Partners/Vendors etc.
  • we can see the feature of audit logs of azure ad access review policy which will help us keep the data for auditing  purpose if its require.

What is Azure AD Privileged Identity  Management ?  

User AD PIM solution , We can manage, Control and monitor the access with in the organization

  • We can Review the Access of Users .
  • We can Approve/Reject the Access .
  • Using PIM we can provide the time Based Access .
  • We can manage the Directory Role using PIM Solution.

How to Create An Azure AD PIM:

Prerequisite:–

  • Azure Ad Premium 2 License Required to get all the feature
  • P2 License cost may come approx 600 RS/M.

Step: 1

  • Click on All services
  • Search the Azure Privileged Identity Management
  • Click on this
  • Pre1.jpg

Step: 2:–

  • Click on Quick Start.
  • Enable the One month Free Azure AD P2 License .

 

Pre2

How to Activate the 1 month Free P2 License.

  • Click on the My Role
  • It will ask to enable the Free trail for Azure Ad services P2  License .
  • Click on the role
  • Signup

6

Click on the Azure Ad Premium: 2

3

Once you will click on that it will start activating the Azure AD P2 License .

Once that is done , We will explore the more option.

5

Once the Azure AD P2 is enabled you will be able to View and access the below option.

My Roles:

  • It will provide the information, What kind of role you have in subscription .
  • It will give an access to activate the other tole as well if your administrator has assigned to it.
  • It will give the option for eligible role and Expired Role option as well if Role is time bound.

ad1.JPG

MY Request :

  • In my Requested, If i have requested for an access or Any role assignment , then it will show in My Request tab basically just show the request.

:ad2.JPG

Approve Requests:

  • IF you are a security admin and you need to approved  or reject the access , We can do it from here.

ad3.jpg

Review Access 

If we want to review the access of our user access we can do that ,while selecting the Review Access tab and get the data and keep it for auditing purpose.

access review.JPG

Azure AD Identity Role:

It will show what AD roles , User has apart from the subscription Role.

  • We will have 2 View
  • Admin View : which will have audit history other directory Role .

admin view

  • My View : Which will show only account activation part of Ad Role.

my view

Azure Resources :

Azure Resources tab will show you want kind of recourse you have and you can add multiple resources or subscription which is in one ID can be discover.

ad-1.JPG

My Audit History 

In My audit history , We will have the audit logs in azure and help security administrator to understand the task by perform by him or his team . If required , we can keep those logs for auditing purpose.

ad-2.JPG

 

 

Security Center: Azure SQL Vulnerability Assessment (Preview)

I have been seen couple of scenarios  where most of the organization are looking for Azure SQL Vulnerability tools which will help them analysis the Vulnerability and sent an notification that there is something wrong or we are missing some security checks.

Now MS Azure an announce the preview feature which will help us to enable the SQL Vulnerability and  discover, track, and remediate potential database vulnerabilities for Azure and on-premises.

Lets Configure the  SQL Vulnerability (Preview) feature for our SQL DBS.

Step:1 Prerequisite 

  • Identified the SQL Database
  • Storage account to keep logs.

Step: 2 Configuration of SQL Vulnerability

  • Select the Database
  • Go to settings and select the SQL Vulnerability.

SQL-8.jpg

Click on the settings

sql-9.jpg

  • Select the Storage Accounts and Click Save
  • Once that is done your SQL Vulnerability assignments will be enable

sql-10.jpg

Step:3 Scan the SQL Vulnerability 

  • Click on the Scan
  • After that execution of Vulnerability assessments will start the provide you the result and Risk

SQL-11.JPG

 

Step:4 validation 

  • As per the below Screen there are 3 Threads which we needs to fix .
  • There might be alert .
  • We have 2 Medium Risk and 2 Low risks.
  • If you click on each risk it will provide you the solution to fix that risks.

SQL-12

(10 Years):Azure SQL Database Long-term backup retention(Preview)

In my previous organization has asked me how can retain the Azure SQL (PasS) services Backup for 10 years and i was searching that option but didn’t get .

But now that is possible Through  Long-term backup retention(Preview) to retain your Azure SQL Database backup for 10 years with the backup vault that option is in Preview and lets how we can configure the Azure SQL Database backup for 10 years with recovery Vault  .

Step-1 :  Identification Of SQL Database 

  • Click on the SQL Database
  • Select the Azure SQL Server Name

SQL3

Step:2 Long Term Backup Retention Configuration.

  • Go to Settings
  • Select the Long Term Backup Retention Tab

SQL4

  • Select the Preview Items
  • Accept the term and Condition .
  • Select the Database you want retain more than 1 years.

SQL5

Step :3 Long Term Backup Configuration 

  • Select the Backup Recovery Vault if you have created
  • If you don’t have recovery Vault ,Please create one Recovery Vault.
  • Select the Backup Retention for 1 year to 10 Years.
  • Click on

SQL6

Save the Configuration and you SQL Database backup is configured for 10 years.

SQL7

SQL Backup is enabled for 10 years.

Azure Backups for VMs (IAAS)

“In Azure Backup Blogs series i will be writing the blogs for Azure VMs Backup and Pass services Backup , How backup services are help us and what configuring and prerequisite are required for backup.”

Backups are common terms  if you talk about Data Protraction, Compliance etc.

Backup are really important  part of the services or servers which will save lots of time and data in case of storage corruption , Application reconfiguration loss of corruption.

Backups are really help full when there is data loss or system corruption etc.

Lets how the azure Backup will help us in all the scenarios.

 Azure Backup:

MS azure has introduce the Azure Backup Vault feature for classic where you can take the backups of azure VMs and restore it when ever it is required.

Note: In Azure classic there are 2 different services Azure Site recovery and Backup Vaults.

“Later 2016 MS has launched the Azure Site recovery which includes the Backup and Backup Vault both which help us to take the backup of Azure VMs and do DR using the site recovery services for VMs. “

Azure Backup Conman Scenarios 

Below are the common scenarios which are conman in case of loss the data or accidentals deletion , We will be able to restore the Data  from Backup or Azure Backup.

  • Save the Organization Historical Data
  • Application Configuration Data
  • Server Data (Windows/Linux etc)
  • Files and Folders etc

Backup of Azure VMs 

Prerequisite

  • Azure Recovery Backup Vault.
  • Storage Accounts
  • Azure Subscription.
  • Number of VMs that needs to Backup

Step-1 Create the Backup Vault

  • Click on Create Resources
  • Select the Monitoring and Managements
  • Select Backup and Site recovery
  • Provide the Name
  • Subscription Details
  • Location
  • Click on Create

Backup1.jpg

Once the backup Vault is created ,Please go to Backup-vault.

Steps:2 Protract the VMs. 

  • Click on the Backup Vault
  • Click on Backup +

backup2.jpg

Step-3 Create the Backup Policy 

  • Select the Backup Goals
  • Select the Azure
  • Select the VMs type Azure VMs
  • Click on Backup
  • It will route to Backup Policy
  • Create a new Backup Policy
  • Select Ok

Backup3

Step-4 Backup Policy 

  • Provide the Backup Policy Name
  • Backup Frequency  (Daily, Monthly , Weekly and yearly )
  • Select the time you want to take the Backup
  • Click on Create .

Backup4

Step 5 : VMs Selection for Azure Backup 

  • You can Select the Items of Backup
  • Select the VMs you want to take the Backup
  • click ok

Backup5

Step-6 Enable the Backup

  • Click on Enable the Backup
  • It will validate the Prerequisites
  • It will automatically install  the Backup agent .
  • Start protracting the VMs.

Backup6

Steps:7 Backup initiation 

Once the Backup services is enabled then backup will start as per schedule and you can see it in Backup Process .

  • Click on the Backup Items
  • Click on the Azure Virtual Machines
  • Click on the Azure Backup Items

Backup7.jpg

Steps:7 Start the Backup Jobs 

  • Click on Backup Now.
  • Now your Backup has been started .

Backup8

Steps:7 Azure Backup Validation 

  • You can check the backup Jobs is in progress .
  • Enjoy with your backup configuration.

Backup9.jpg

Azure SQL DBs Creation(Pass)

In this Blogs i will shearing my experience how to create the Azure SQL Serves and SQL Database , I have seen couple of scenarios where azure learners  has dought between On-premises SQL Servers and Azure SQL Server (Pass)  and so thought of create blogs to clear the understanding on this and show then how useful Azure Pass services are.

 

SQL Server (IAAS)

  • SQL server on Azure VMs or on-premises are same .We need to download and install the SQL servers from MS download center or MSDN superscription.
  • We need to maintain the SQL Server Licensing
  • We need to install and configure manually as that will take almost 1 to 2 hrs to get it installed and configured.
  • We need to backup Manually or schedule the Backup for Azure Databases.

Azure SQL Server (PAAS)

  • We can use this Services (DBaaS) Database as services
  • It’s backed by Software Define services which is called as SaaS.
  • Easy to take the backup in Azure
  • Easy to fail-over and replicate to another region.
  • Recover the DBs from backup.
  • Automatic Backup Scheduled
  • Cost is much lower then Azure SQL On-premises
  • Advance Security Feature

Azure SQL DBs Creation

Step-1 Prerequisites

  • Azure SQL DBs Name
  • Azure SQL Configuration
  • Region
  • SQL Server Name
  • SQL server user Name and passwords
  • Select ok
  • Create the SQL Servers DBS.

SQL1.jpg

Your Azure SQL Database is created you can check that SQL Database in azure Resources.

 

 

 

 

 

 

 

 

Azure VMs Restoration

In my azure journey i have seen couple of incidents where VMs get cashed and we need to recover the Azure VMs from the backup vault.

MS Azure has enabled the feature that you can restore the VMs backup from the VMs no need to go to site recovery and search for the VMs , Then try to restore the VMs.

In this blog i am going to explain how to restore the complete VMs.

  • Files Recovery
  • Application Restoration or Full Backup Restoration.

Restoration of Azure VMs.

  • Click on the VMs you want to restore
  • Go to operations and Select the Backup

restore1.JPG

 

Step 2: Backup Selections. 

  • If you want to start the backup then select the backup Now.
  • Select the File recovery option to recover the files only
  • Select the Restore VMs to recover the Complete VMs.

restore2.jpg

Step:3 Restore VMs.

  • Click on the Restore Points
  • Select the latest Restoration Point to recover the VMs.
  • Select ok.
  • Click on the Restore VMs.
  • Your VMs will start the redeploying in azure Portal

restore3.JPG

Step: 5 File Recovery

  • Once you will click on file recovery you will get an option to select the recovery Point.
  • Download the Script
  • Create the password
  • Unmounted the disk after recovery
  • You are done with the recovery .

restore4.JPG

Azure Training: Azure VMs Operation Feature (Preview)

In this training videos I have shared my real time experience on enabling  the azure Inventory , change tracking and update management .

Which will help us to manage the azure VMs as quickly as i can  and shown how the Azure VMS DR can build.

I have seen couple of scenario where various  group of members are asking that how we can manage the inventory and how to know what changes are there. 

Hence thought to provide the session our AzureTalk Group and below is more details about Azure Preview Services 

Azure VMs Inventory : It will help you to manage you azure inventory and help us to manage the Azure Virtual machine inventory .

Azure Change Tracking : It will help us  to  track the changes in VMs through portal which will help to fix the issue soon there then logging to servers and check the changes..

Update Management  :  It’s Part of the OMS and helps to get analyze the patches and deploy the updates in azure Vms . Now that option is available (Preview) which will help us to find out the patches from Virtual machines while going to operation Tab. That is the easy way to deploy the critical,security and other recommended patches. 

 

 

This Training video will help your to enable the azure Inventory , Change Tracking , Update management , Azure Vms DR and Backup configuration in details.

So any azure learners can have quick view and learn the new thing .

Join the Azure-talk Group:  https://www.kloudezy.com/AzureTalkGroup.html

 

Azure Training# Azure VMs

In this Training video i have over the Azure VMs overview and details information about the azure VMs .

Azure VMs Configuration Overview : Which will help to understand the azure VMs instance size, location, Private IP, Public IP address and graphical Dashboard of the host utilization of CPU, memory , Disk read/write etc.

 

Azure VMs Monitoring: Azure VMs monitoring help us to configure the azure VMs monitoring and configure the alert which will help to fix the issue with in time line.

 

 

Azure VMs Troubleshooting:  It will help get the azure VMs troubleshooting conman scenario and help us to fix the issue.

  • Azure VMs Connectivity Issue.
  • Azure Vms Unable to take Remote.
  • User Name and password expire or forget.
  • Remote desktop connect couldn’t establish.
  • VMs are not working .

 

Azure Resource Movement to New Resource Group : Azure learners has been asking this question more and more to me hence thought this to my training.

How to migrate resource from one resource Group to another as they want to establish process or migrate the resources between the Resource Group.

 

Join the Azure-talk Group:  https://www.kloudezy.com/AzureTalkGroup.html

Azure Training Part-4

Azure Training# Azure Subscription and Azure VMs

 

Azure Subscription and Azure VMs

  • Concept of Azure Subscription

  • Virtual Machine Introduction ,Availability and scalability .

  • Azure Resource Group Vs Azure Resource Manager 

  • IaaS and Azure Virtual Machine 

Presenter : Niraj Kumar

Speaker: Lalit Rawat

 

 

Join the Azure-talk Group:  https://www.kloudezy.com/AzureTalkGroup.html

Azure Training Part-3

Azure Training:Introduction to Microsoft Azure

“I have seen that most of azure learners still requires to understand the basic concept of the azure services and how they can implement the services and I have received request that azure learners need a session for  beginners, Hence i thought to started the azure for beginners series online  and providing the free training .”

Introduction of series will help azure learners to understand the basic concept of azure and   which i have covers in my  Session.

  • Why we required Azure Cloud.
  • Why to use cloud if we have already on-premises Data Center .
  • How it will help us to save Cost.
  • Cloud Models and Terminology.
  • Difference between IAAS, PASS, SASS.
  • Azure Portal Overview

 Learning from this Training’s.

  • Azure Cloud Models and technology.
  • Azure Subscription Creation .
  • Azure Services Category .
  • Azure IAAS,PASS,SAAS services .
  • IAAS,PASS,SAAS services use .
  • Live Scenario of Cloud services .

 

Azure Training Part-2

Storage Account GSv2 Configuration

Azure Storage GSv2 Part-1

Storage Account GSv2 Configuration

Read-access geo-redundant storage (RA-GRS)


  • Secure Transfer  etc option.
  • Then Create the Storage Account.

Azure storage 1

Main Difference is Highlighted 

General Purpose V2                                               General Purpose V1

azure-storage-2.jpg

Azure Storage V2 Has only 3 Replication Policy RA-GRS,GRS and LRS but Storage Accounts V1 has 4 Replication Policy : LRG,ZRS, GRS,RA-GRS.

 

More Information Please follow:

Create and Manager Storage Accounts

Features of Storage Accounts:General Purpose GPv2 ,GPV1 and Blob Storage

Azure Storage account options

  • General Purpose v2 (GPv2) :
  • Storage accounts provide all the latest features, and supports Blobs, Files, Queues, and Tables.
  • These latest features include blob-level tiering, archive storage, higher scale account limits, and storage events.
  • Storage pricing has been designed to deliver the lowest GB prices, and industry competitive transaction prices.Blob Storage
  •  Storage accounts provide all the latest features for block blobs, but only support Block Blobs.
  • Blob-Storage Pricing is broadly similar to that in General Purpose v2.
  • Microsoft encourage most users to use General Purpose v2 rather than using Blob Storage accounts.General Purpose v1 (GPv1)
  • Storage accounts provide use of all Azure Storage Services, but It may not have the latest features or the lowest GB pricing.
  • Cool and archive storage are not supported in GPv1.
  • Storage pricing is lower for transactions, so workloads with high churn or high read rates may benefited with this types of storage accounts.
  • We can upgrade either a GPv1 or Blob Storage accounts to a GPv2 account at any time using the portal, CLI, or PowerShell.
  • Change cannot be reversed, and no other changes are permitted.

Pricing and billing.

Storage Account General Purpose V2 Cost is : 1446.91 and   General Purpose V1 cost is  1588.69

storage pricing

Storage Accounts General Purpose V1:-

storage pricing-2

As per Microsoft Pricing and Billing Model:-

  • Storage costs: In addition to the amount of data stored, the cost of storing data varies depending on the storage tier. The per-gigabyte cost decreases as the tier gets cooler.
  • Data access costs: Data access charges increase as the tier gets cooler. For data in the cool and archive storage tier, you are charged a per-gigabyte data access charge for reads.
  • Transaction costs: There is a per-transaction charge for all tiers that increases as the tier gets cooler.
  • Geo-Replication data transfer costs: This only applies to accounts with geo-replication configured, including GRS and RA-GRS. Geo-replication data transfer incurs a per-gigabyte charge.
  • Outbound data transfer costs: Outbound data transfers (data that is transferred out of an Azure region) incur billing for bandwidth usage on a per-gigabyte basis, consistent with general-purpose storage accounts.
  • Changing the storage tier: Changing the account storage tier from cool to hot incurs a charge equal to reading all the data existing in the storage account. However, changing the account storage tier from hot to cool incurs a charge equal to writing all the data into the cool tier (GPv2 accounts only).

For More Details , Please follow below Link:-

Azure Storage account options

Retiring Virtual Machines and Azure Cloud Services from the classic portal

Retiring Virtual Machines and Azure Cloud Services from the classic portal

Starting November 15, 2017, both Azure Virtual Machines and Azure Cloud Services will be available only in the Azure portal. Access from the classic portal will no longer be supported. If you were using the classic portal for OS images, please use PowerShell instead.

For details on how to get started in the Azure portal, refer to the Virtual Machines and Azure Cloud Services documentation.

New features for Virtual Machines in the Azure portal include:

  • Ability to add classic disks to a VM
  • Ability to add classic images to a VM

New features for Azure Cloud Services in the Azure portal include:

  • Deployment-related operation logs
  • Ability to update one or more roles at a time

Learn more about the upcoming capabilities of Cloud Services.

 

Referred and Updated By Microsoft :

https://azure.microsoft.com/en-in/updates/retiring-virtual-machine-and-cloud-services-from-classic-portal/

Azure Interview Q & A-part1

 What is the advantage to move to cloud?

Flexibility : We can restructure of our Environment is needed and you can create the an number of services based on our requirements.

Pay As you GO : PAY as you go option is good , Only pay for the services you used in a months or Day/Hrs. basis.

Hybrid Capability: We can integrate our on-premises Environment to azure using Site recovery or other Microsoft tool which will help us to extent our data center to azure .

Securing you Data : We can use the azure encryption ,Security center, key vault etc. application for securing the data which is resides in azure.

Scale on Demand : We can scale up the IAAS PASS SAAS services as per our demands.

Example: If customer ask he need 10 servers with in 1 day how we can process or is it possible , Yes it is possible using Windows azure and not even one day we can give it with 1-2 Hours Using the cloud services. If we need to in on-premises it might take 3-4 months to process and configure the server.

Integrative Data Solution: We can integrate the Data solution with azure like SQL server, Bigdata, Visual studio Etc.

Backup : We can directly take the backup in azure storage accounts with minimal charges and no need to buy additional hardware (backup tape HDD, File server etc.).

Disaster Recovery: We can use the Recovery Vault which known as Site recovery vault in azure to do Disaster recovery in azure without any problem.

What is storage account?

Azure Storage is massively scalable, so you can store and process hundreds of terabytes of data to support the big data scenarios required by scientific, financial analysis, and media applications.

  • Difference between LRS And ZRS storage Account?
  • Locally redundant storage (LRS).Locally redundant storage maintains three copies of your data. LRS is replicated three times within a single data center in a single region. LRS protects your data from normal hardware failures, but not from the failure of a single data center.
  • Zone-redundant storage (ZRS).Zone-redundant storage maintains three copies of your data. ZRS is replicated three times across two to three facilities, either within a single region or across two regions, providing higher durability than LRS. ZRS ensures that your data is durable within a single region.
  • Create and Manage the Azure storage accounts

What is file  storage ?

File storage offers shared storage for applications using the standard SMB 2.1 or SMB 3.0 protocol. Microsoft Azure virtual machines and cloud services can share file data across application components via mounted shares, and on-premises applications can access file data in a share via the File storage API.

Pre-requisite of  create and  WebApps?

  • Azure Subscription.
  • Storage account
  • SQL Database Connection
  • SSL certificate
  • Network security Group configuration.
  • Custom DNS
  • Data source
  •  Deployments Credentials if you are using the FTP.
  • Deployments Option like Visual Studio Onedrive ,local git etc
  • We should know the application version(.net4.5,4.3 python 32bit etc ) while migrating or creating the webapps

What is CDN?

The Microsoft Azure Content Delivery Network (CDN) offers developers a global solution for delivering high-bandwidth content that is hosted in Azure or any other location. Using the CDN, you can cache publicly available objects loaded from Azure blob storage, a web application, virtual machine, application folder, or other HTTP/HTTPS location. The CDN cache can be held at strategic locations to provide maximum bandwidth for delivering content to users. The CDN is typically used for delivering static content such as images, style sheets, documents, files, client-side scripts, and HTML pages.

 

How you plan Disaster Recovery if I have 10 Vms running on Hyper-V on-Prem and VMware Environment?

  • We will Set up Azure environment for migration.
  • we will Prepare the configuration server
  • we will Prepare for automatic discovery and push installation
  • we will create a Recovery Services vault
  • we will Select the protection goal and start protecting servers.
  • we will Set up the source environment
  • Run Site Recovery Unified Setup
  • we have to setup the target server.
  • Set up replication settings
  • Plan capacity
  • Prepare VMs for replication
  • we will enable the Enable replication
  • we will run a test failover

How to migrate the on-premises server to azure using site recovery ?

  • Please follow the step by step setup below  to migrate on-premises to azure .
  • I always refer below azure documents  as they are updated one.

How to configure the Backup for Azure Vms and on-Prem Vms?

  1. Configure the vault
  2. Install and register the agent
  3. Back up your files and folders

Backing up Azure virtual machines

  1. Discover and Register Azure virtual machines
  2. Install the VM Agent on the virtual machine
  3. Create the backup policy
  4. Initial backup

How to migrate the File servers to Azure?

  • Create Azure file storage account as per user requirements
  • Under storage account, create the file storage and need to assign the storage quota
  • Create the file share and directories as per customer requirement
  • Upload on premise data to Azure file share directory
  • Configure shared access signatures(SAS) via the REST API or the client libraries.
  • Generate tokens with specific permission as required by the client
  • Install the storage explorer to migrate the data from on premise to azure file server
  • Install and configure the Azure copy client On- premise server to migrate the data to the azure storage account
  • Configure Azure file share access and signature for storage account to access the file server
  • Initiate data migration process
  • Upload and download files to and from On-premise file share sever

 How many types of storage account azure have?

Premier Storage Account: Microsoft Azure Premium Storage delivers high-performance, low-latency disk support for virtual machines (VMs) running I/O-intensive workloads. VM disks that use Premium Storage store data on solid state drives (SSDs). You can migrate your application’s VM disks to Azure Premium Storage to take advantage of the speed and performance of these disks.

Azure Storage is the cloud storage solution for modern applications that rely on durability, availability, and scalability to meet the needs of their customers.

Difference Between ASR and ARM?

ASM

ARM

   
This is an old portal which provides Cloud
service for Iaas Workload and few specific Paas Workload
They are new portal provides service for all
Workload of IaaS and PaaS
Access over the Url:
https://manage.windowsazure.com
which  termed as V1 portal.
Access over the Url: https://portal.azure.com
which  termed as V2 portal  having Blade design Portal View
Azure Service Manager are XML driven REST API Azure Service Manager are JSON driven REST API
Had a concept of Affinity Group which has been
deprecated
They have container concept called Resource
Group which is logical set of correlated cloud resources which can span
multiple region and services
Private Azure Portal can be built using
Windows Azure Pack
Private Azure Portal can be built using  Azure Stack
Removal or Deletion is not easy as Azure Resource
Manager
Removal of resource is easier by deleting the
resource group (RSG) which will help to delete all the resource present in
the RSG
Deployment can be performed using PowerShell
script
Deployment can be performed using ARM
templates which provide simple orchestration and rollback function. They have
their own PowerShell Module
Features and function are not available Role Based Access Control Feature is Present
Features and function are not available Resource from the resource group can be moved
between within the same region
Features and function are not available Resource Tagging which is name-pair value
assigned to resource group which can have up to 15 tags per resources
Features and function are not available Massive and Parallel Deployment of VM’s
possible with Asynchronous Operations
Features and function are not available We can have custom policy created to restrict
the operation that can be performed
Features and function are not available Azure Resource Explorer  – https://resources.azure.com/ which helps
for more understanding on resources and for deployment
Features and function are not available  Resource Locks provides the policy to
enforce lock level that prevent from accident deletion

How to migrate the On-Prem servers to azure?

Pre-requisite to create the VM.

  • Click the New button found on the upper left-hand corner of the Azure portal.
  • Select Compute from the New blade, select Windows Server 2016 Datacenter from the Compute blade, and then click the Create
  • Fill out the virtual machine Basics The user name and password entered here is used to log in to the virtual machine. For Resource group, create a new one. A resource group is a logical container into which Azure resources are created and collectively managed. When complete, click OK.
  • Choose a size for the VM and click Select.
  • On the settings blade, select Yes under Use managed disks, keep the defaults for the rest of the settings, and click OK.
  • On the summary page, click Ok to start the virtual machine deployment.
  • To monitor deployment status, click the virtual machine. The VM can be found on the Azure portal dashboard, or by selecting Virtual Machines from the left-hand menu. When the VM has been created, the status changes from Deploying to Running.

How to deploy the Custom image?

  1. In the Azure portalConnectto the virtual machine. For instructions, see How to sign in to a virtual machine running Windows Server.
  2. Open a Command Prompt window as an administrator.
  3. Change the directory to %windir%\system32\sysprep, and then run sysprep.exe.
  4. The System Preparation Tooldialog box appears. Do the following:
    • In System Cleanup Action, select Enter System Out-of-Box Experience (OOBE)and make sure that Generalize is checked. For more information about using Sysprep, see How to Use Sysprep: An Introduction.
    • In Shutdown Options, select Shutdown.
    • Click OK.
  5. Sysprep shuts down the virtual machine, which changes the status of the virtual machine in the Azure classic portal to Stopped.
  6. In the Azure portal, click Virtual Machines (classic)and select the virtual machine you want to capture. The VM images (classic) group is listed under Compute when you view More services.
  7. On the command bar, click Capture.

The Capture the Virtual Machine dialog box appears.

  1. In Image name, type a name for the new image. In Image label, type a label for the new image.
  2. Click I’ve run Sysprep on the virtual machine. This checkbox refers to the actions with Sysprep in steps 3-5. An image mustbe generalized by running Sysprep before you add a Windows Server image to your set of custom images.
  3. Once the capture completes, the new image becomes available in the Marketplace, in the ComputeVM images (classic)

What azure VPN and how many types of Azure VPN we can configure in azure?

Site to Site VPN :

A Site-to-Site (S2S) VPN gateway connection is a connection over IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device located on-premises that has a public IP address assigned to it and is not located behind a NAT. S2S connections can be used for cross-premises and hybrid configurations

Point to Site VPN: A Point-to-Site (P2S) configuration lets you create a secure connection from an individual client computer to a virtual network. P2S is a VPN connection over SSTP (Secure Socket Tunneling Protocol). Point-to-Site connections are useful when you want to connect to your VNet from a remote location, such as from home or a conference, or when you only have a few clients that need to connect to a virtual network. P2S connections do not require a VPN device or a public-facing IP address. You establish the VPN connection from the client computer.

Vnet to Vnet : Connecting a virtual network to another virtual network (VNet-to-VNet) is similar to connecting a VNet to an on-premises site location. Both connectivity types use a VPN gateway to provide a secure tunnel using IPsec/IKE. You can even combine VNet-to-VNet communication with multi-site connection configurations. This lets you establish network topologies that combine cross-premises connectivity with inter-virtual network connectivity.

Azure Virtual network setup and configuration

Azure Site to site VPN Configuration Step-step

 What is express route?

ExpressRoute is a direct, dedicated connection from your WAN (not over the public Internet) to Microsoft Services, including Azure. Site-to-Site VPN traffic travels encrypted over the public Internet. Being able to configure Site-to-Site VPN and ExpressRoute connections for the same virtual network has several advantages.

You can configure a Site-to-Site VPN as a secure failover path for ExpressRoute, or use Site-to-Site VPNs to connect to sites that are not part of your network, but that are connected through ExpressRoute. Notice that this configuration requires two virtual network gateways for the same virtual network, one using the gateway type ‘Vpn’, and the other using the gateway type ‘ExpressRoute’.

  1. How you can troubleshoot if VM is not working?
  2. We can reset the VM configuration.
  3. If user has forget the password of the VM local account how we can change?

Ans:- you can found the answer here i have provide the information in details:  Windows Azure VM troubleshootings

Is it possible to host the VM in another region and connect to different region?

Yes, We need to setup the interconnectivity while creation the  V-net to V-net  connection between both the region than only we can connect.

How to Assign Static IP address in azure Vms?

Please follow the below blog to assign the static IP address.

Assign Static IP address to azure Vms.

Azure interview question

What is traffic Manager and how to configure it ?

  • Azure Traffic Manager allows us to control the distribution of user traffic for service endpoints which resides in different datacenters.
  • Service endpoints supported by Traffic Manager including Azure VMs, Web Apps, and cloud services. We can also use Traffic Manager with external, non-Azure endpoints

Use below link to get more detail on azure traffic manager.Configuration and setup the traffic Manager

What is Azure DNS Server and how to configure it ?

  • Azure DNS or DNS is responsible for translating (or resolving) a website or service name to its IP address.
  • Azure DNS is a hosting service for DNS domains, providing name resolution using Microsoft Azure infrastructure.
  • Hosting your domains in Azure, We can manage our DNS records using the same credentials, APIs, tools, and billing as we are using for other Azure services.

More Details Please follow below links:

Azure DNS serve setup and configuration

Azure DNS Records and limitation

Note: References and answers have been taken from Microsoft Azure Documents. Requesting  the viewers to please refer microsoft azure documents or contact me if  in depth knowledge is required.

Refer this:  https://docs.microsoft.com/en-us/azure/#pivot=services

Assign Static IP Address In Azure VM.

Why we assign static IP/Private  address in Vms/Services ?

Application requirements – Web applications, SQL database, Domain servers etc need to connect with fixed IP/Static IP address.

if it’s a Web application/SQL database VM then it’s important to have static IP address so Web application/SQL Database  settings always can refer the same ip address and there will be no change .

Security – when VM uses static IP addresses we can create firewall rules and deploy the Application easily. So we can control over the internet or applications traffic flow.

As in Azure, static IP address (public) is count as a service so there will be addition charge for it.

Why it is needs in Windows Azure Environments.

In Windows azure platform if you are creating an web application ,vm or  other services then Dynamic IP address will assign automatically and can be changed to Static IP address.

Note: I would always suggest that if you are moving the On-premises workloads to Azure or running critical application on Azure then please change dynamic IP address to static IP address so We no need to change the application configuration regularly in case of reboot or application failed due to heavy traffic etc.

Difference Between Static IP Address and Dynamic IP Address:-

Static IP address: Static IP address is your fixed IP Address So it can not change automatically and Your application will rum smoothly as per your configuration.  We use Static IP address for most trusted devices. Example: Web application,SQL server Load balancer, Network Devices etc.

Dynamic IP Address:  Dynamic IP Address is something which is assign automatically to our device by DHCP Server and it can be changed while rebooting the VMs, restarting Web application and every time it will assign the new ip address form the DHCP.

 How to Assign the Static IP address in Azure VM using the Resource manager Portal.

  • Select the VM you want to Assign the public IP address
  • Click on the Overview
  • Select the Public IP address
  • Select the Configuration
  • Change the Mode Dynamic to Static .
  • If you would like to add your DNS IP address then please provide the DNS IP address which is register with your DNS provider.

static IP 1

Select the Statu Dynamic to Static and save it. Changes will take max 5 min to complete

Static IP

 

Azure DNS Records and limitations

DNS records

 Record names

Azure DNS are specified by using the relative names and fully qualified domain name (FQDN) includes the zone name.

Note:-  Relative record name ‘www’ in the zone ‘Rcloud.com’ than the fully qualified record name would be ‘www.Rcloud.com’.

Record types

Every DNS record has a name & type. DNS Records are organized into various types according to the data they contain. Most common type is an ‘A’ record, which maps a name to an IPv4 address & another common type is an ‘MX’ record, which maps a name to a mail server.

Azure DNS supports all common DNS record types: A, AAAA, CNAME, MX, NS, PTR, SOA, SRV, and TXT.

Note that SPF records are represented using TXT records.

Record sets

Record set are where you will have 2 different IP address associated with one domain Name.

If you have an commercial website and your websites require 2 different IP address for failover or reduce the traffic then you can use the record set.

Azure DNS manages all DNS records using record sets. A record set (also known as a resource record set) is the collection of DNS records in a zone that have the same name and the same type.

How to create Record Set:-

  • Select the DNS server
  • Click on Record Set
  • Add the record set

recordset1

Time-to-live

Time to live, or TTL, specifies how long each record is cached by clients before being re-queried. The TTL value is  3600 seconds or 1 hour and we can customized between 1 and 2,147,483,647 seconds.

Wildcard records:

Wild card records are  sent the query with the matching domain name unless there no closer matching name from non-wildcard record set.

Note: We can create the wild card record with ‘*’  ie: ‘*”rcloud’.

A Record:- 

A record maps a domain to the physical IP address of hosting domain. Internet traffic uses the A record to find the computer hosting on your domain’s DNS settings.

The value of an A record is always an IP address, and multiple A records can be configured for one domain name.

A record

AAA Record:- 

A record is to the IPv4 address space, the AAAA record (also known as a quad-A record) is to the IPv6 address space.

AAA Record

CNAME records:

CNAME record called as  Canonical Name record  ) is a type of resource record in the Domain Name System (DNS) used to specify domain name is an alias for another domain canonical domain.

  • Click on Record Set
  • Add the CNAME record
  • Provide the name
  • Type: Cname
  • TTL Value as per your origination
  • TTL unit as per your origination
  • Allias for your CNAME records.

Cname record

MX Record

Mail exchanger record (MX record) is a type of resource record in the Domain Name System that specifies a mail server responsible for accepting email messages on behalf of a recipient’s domain

MX record

NS Records

NS record is a DNS record that lists an authoritative name server for a domain. A domain name can have multiple NS records

nsrecord

Service record (SRV record)

Service record (SRV record) is a specification of data in the Domain Name System defining the location, i.e. the hostname and port number, of servers for specified services.

SRV record

TXT record (short for text record) is a type of resource record in the Domain Name System (DNS) used to provide the ability to associate with some custom name  and unformatted text with a host.

TXT record

PTR Records

The Pointer (PTR) record provides data for reverse DNS, which is used for logging the domain name and verification purposes. Also called inverse DNS.

ptr record

 

Azure DNS Limits

Continue reading “Azure DNS Records and limitations”

Blobs, File, Tables and queue storage configuration

Storage account are covered below sub storage accounts where your data will store and data will be segregated in storage account as per your services accordingly.

Blob Storage:

Blob storage stores unstructured object data.A blob can be any type of text or binary data, such as a document, media file, or application installer.Blob storage is also referred to as Object storage.

Table storage:

Table Storage stores structured data sets. Table storage is a NoSQL key-attribute data store, which allows for rapid development and fast access to large quantities of data.

Queue storage:

Queue Storage provides reliable messaging for workflow processing and for communication between components of cloud services.

File storage:

File Storage offers shared storage for legacy applications using the standard SMB protocol. Azure virtual machines and cloud services can share file data across application components via mounted shares, and on-premises applications can access file data in a share via the File service REST API.

Container 

Azure Container services is part of blob services and are used to keep the .VHD files etc.

if you are creating the VMS then the VHD files will be store in the Container.

Even it is type of blob where your data will keep your data ,files and folders to access from  different sources.

Blob1

CORS:

It is basically use for development work and website configuration.

CORS is an HTTP feature that enables a web application running under one domain to access resources in another domain. Web browsers implement a security restriction known as same-origin policy that prevents a web page from calling APIs in a different domain. CORS provides a secure way to allow one domain (the origin domain) to call APIs in another domain.
You can set CORS rules individually for each of the storage services (i.e. blob, file, queue, table). Once you set the CORS rules for the service, then a properly authenticated request made against the service from a different domain will be evaluated to determine whether it is allowed according to the rules you have specified.

 

Example: Javacode has loaded to as part of  http://www.rcloud.com can’t issue request at to any other domain such as http://www.TestRcloud.com.

Allow Origins:
A comma-separated list of origin domains that will allowed via Cors, or “*” to allow domains.
there are limited to 64 origin domains. each allowed origin can have up to 256 Characters.

Allowed Verbs:
The methods (HTTPS Request verbs) that the origin domain may use for a cors request.
like Delete,get, Head, mearge, Post Option Put.

Allowed headers:
The request headers that the origin domain may specify on the CORS request. there are the limited to 64 defined headers and 2 prefixed headers. Each headers cab be up to 256 characters

Exposed Headers:

The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer.

Maximum Age (Seconds):
The maximum Amount time that a browser cache the preflight option request.

Cors

 

Costom Domain

It is use to set the custom domain such as you origination name with Azure Blobs.

so we ever you will browse your costum domain name thee it will automatically directed your request to Azure blobs which you have configured custom domain.

Configure a custom domain for accessing blob data in your Azure storage account, like www.contoso.com. There are two methods you can use to set up a custom domain.

  1. Create a CNAME record with your DNS provider that points from your domain (like www.rcloud.com) to rcloud1.blob.core.windows.net. This method is simpler, but results in a brief downtime while Azure verifies the domain registration.
  2. Create a CNAME record with your DNS provider that points from the “Rcld” sub-domain (like asverify.www.rcloud.com) to Rcld.rcloud1.blob.core.windows.net. After this step completes, you can create a CNAME record that points to rcloud1.blob.core.windows.net. This method does not incur any downtime. To use this method, select the “Use indirect CNAME validation” checkbox

Encryption 

Storage service encryption protects your data . Azure Storage encrypts your data as it’s written in our data centers, and automatically decrypts it for you as you access it.
Currently, this feature is available for Azure Blobs and Files.
Note that after enabling Storage Service Encryption, only new data will be encrypted, and any existing files in this storage account will remain unencrypted.
encryption
Azure Content Delivery Network

The Azure Content Delivery Network (CDN) is designed to send audio, video, images, and other files faster and more reliably to customers using servers that are closest to the users.

This dramatically increases speed and availability, resulting in significant user experience improvements.

 

CDN

Azure Search

Azure Search  is a search solution that makes it easy for developers to add robust full-text search experiences to web and mobile applications.

Azure Search

Metrics

Azure metrics are used to show your total request , Latency and success percentage .

Which will help us to understand how many web request are fails/Success   and howz the latency we are getting the azure web apps.

Azure metrics

 

Usage

This will shows , Usage of the blobs and containers counts etc.

You can add alert while clicking on edit buttons and add the alert as per your requirements.

usage

File Storage

File storage account is used to keep and share the data for development work , Files share , VHDs etc. It is only supported till 5 TB of data.

We can create multiple Azure file share server and limit of  5 TB storage of Data.

FILE

file server

CORS:

File storage account also supports the cores. Please take a look of azure Blobs section to know more about cores.

Cors

Encryption 

Storage service encryption protects your data . Azure Storage encrypts your data as it’s written in our data centers, and automatically decrypts it for you as you access it.
Currently, this feature is available for Azure Blobs and Files.
Note that after enabling Storage Service Encryption, only new data will be encrypted, and any existing files in this storage account will remain unencrypted.
encryption

Metrics

Azure metrics are used to show your total request , Latency and success percentage .

Which will help us to understand how many web request are fails/Success   and howz the latency we are getting the azure web apps.

Azure metrics

 

Queue Services:

Queue Storage provides reliable messaging for workflow processing and for communication between components of cloud services.

queue

CORS:

File storage account also supports the cores. Please take a look of azure Blobs section to know more about cores.

Cors

Metrics

Azure metrics are used to show your total request , Latency and success percentage .

Which will help us to understand how many web request are fails/Success   and howz the latency we are getting the azure web apps.

Azure metrics