Successfully completed the training course “Implementing Azure Infrastructure Solutions” @ the Microsoft Partner, Silver Learning, MTC Training
What is OMS? .
Is it.. System Center Online rebranded?
OMS is used to gather logs centrally and make decisions upon this information.
What can you do with Operations Management Suite (OMS)?
PaaS application which is running on Azure
Use it to manage on prem or azure based VMs
How do you create and OMS setup
Ideal concept, Log all the information to a storage account. OMS will trawl the logs to make use of the information. The default agent in a VM has the information to transfer to a storage account and passing it to OMS.
Grab solutions from a portal.
- Check status of patches
- Change management
- Log queries
- Identify weakness in the environment
How you access OMS
OMS workspace is accessed via a web browser to view the information.
OMS free version holds data for upto 7 days
OMS costs for per machine monitoring
Identify Weakness or Issues.
For example No End Point security on VMs might be flagged
A recommendation to install a 3rd party tool.
Example : Deep Security – Trend Micro. An Azure recommended product for end point protection appears on the list in the filtered market place
What is a container?
A container is a live and running copy of an image which may have been customised.
An image is a read only copy of an image before it was running as a container
How do you implement containers in Azure
Two options, containers we deploy ourselves and containers Microsoft manage
Container can be running on Windows 2016 or Linux OS
CPU and Ram assigned to each individual container
Containers Limited security risk?
Microsoft offers Hyper-V running containers for those concerned
Azure container covers this way.
Others offer shared application containers.
Notes around Docker?
A docker file is like a script to build the container which takes a source and makes an app on an image, which makes a container as its running.
Docker has other tools: Docker toolbox, Docker client and Kitematic (GUI client)
How to Install Docker for Windows
Quick install guide :
1) Navigate to https://docs.docker.com/docker-for-windows/install/#download-docker-for-windows
2) On the Install Docker for Windows page, click Get Docker for Windows (Stable).
3) When prompted whether to run or save Docker for Windows Installer.exe, click Run.
4) Once the installation completed, click Close and log out.
When you make a mistake deploying a docker-machine .. Ie.. Forget to enter a region… But the machine builds and you enter an error state.
Start again by removing the docker-machine
Launch CMD as admin : docker-machine rm “machine name”
Kubernetes a management tools to for Docker. An alternative Docker Swarm for large scale
Deploy Kubernetes cluster for Linux containers
DCOS getting started with Kubernetes
Step 1 : Install Command Line Tool For PowerShell
Step 2: Launch PowerShell as Administrator
Type in the following
# get the Azure RM module installed first
# import the module for use
Step 3: Getting started with IaaS & PowerShell scripts
#Create a resource group
New-AzureRmResourceGroup -Name Project1ResourceGroup -Location “West Europe”
#Create a new subnet and store in a variable
$Project1Subnet1 = New-AzureRmVirtualNetworkSubnetConfig -Name Project1Subnet1 -AddressPrefix “10.0.1.0/24”
#Create new network and add the subnet stored in variable
$virtualNetwork = New-AzureRmVirtualNetwork -Name ProjectNetwork -ResourceGroupName Project1ResourceGroup -Location “West Europe” -AddressPrefix “10.0.0.0/16” -Subnet $Project1Subnet1
#add additional subnet to the network
Add-AzureRmVirtualNetworkSubnetConfig -Name Project2Subnet2 -VirtualNetwork $virtualNetwork -AddressPrefix “10.0.2.0/24”
$virtualNetwork | Set-AzureRmVirtualNetwork
Sign up to GitHub.. Create your own repository https://github.com/
Git Hub Desktop to grab a bunch of files… Full Git hub desktop to sync https://desktop.github.com/
PaaS / App Service
Check out the Azure App Service gallery of applications
Most Web Apps would use Autoscaling
When deploying web apps, consider integration and deployment options.. GitHub, DropBox, Visual Studio etc
Additional features include Azure WebJobs or Functions (functions for background tasks)
How you connect to the web apps could be a hybrid connection or VPN
Azure virtual network is available for the web apps ( standard upwards)
Authentication and Authorization ( Azure AD is optional, but there are easy connections to Facebook, Amazon, Google etc )
Mobile Services to Mobile apps
Work flow is built in to Office 365
If you get twiter post… Send mail. Etc flow
Traffic Manager has a cost (multi region coverage)
Load-Balancing single sites (free)
Planning and Implementing storage, backup and recovery methods
Blob storage, Table storage, Queue storage, or File Storage
Content Delivery Network
Videos / Office 365 back end Skype Business runs on it to handle to mass meetings, converting the presenters meeting to MP4 video and distribute via CDNs
CDNs cached copies in multi regions
1st connection costs
2nd onwards uses the cached copy
Use your own method, Use Azure backup, backup on prem, backup in the Azure
All done via DPM
Backing up VMs in Azure is fast. Incremental is the option and then its one option to do a full restore of a VM
DPM will dedupe the OS section of the VM in Azure, Hyper-V and vSphere VMs
Azure Site Recovery
Orchestration, replication and failover.
Switched off replica server in IaaS
Replicate , VMware VMs, Physical, Hyper-V VMs, Hyper-V hosts
Documentation on the setup of VMware VMs to Azure using Azure Site Recovery
Site Recovery concept to migrate to Azure
VMs types and sizes
Only supported virtual machine type in Azure is “VHD”. VHDX is not currently supported.
Note : Managed disks are now preferred to use instead of storage accounts in legacy Classic Azure
Before migrating VMs to Azure, identify the workloads are supported in a virtual machine. 3rd party vendors may only support their software as PaaS instead of IaaS
2x VMs are better than 1x. I.E your solution is much better if its scalable. Try to utilise VMs in an “availability set”. Servers suitable for availability sets are identical machines file wise. This would give you high availability in the event of failure.
Alternatively, if you only want 1x a virtual machine (example domain controller or DNS), go for solid state (disks with an “s” in the name) and Microsoft have a better SLA for up time.
Managed Disks or Unmanaged Disks
Managed disks go with the VMs,
Try the Market Place for machine images
Scale sets provide VM auto scaling
- Create rules for scaling
- DSC config
- Pure compute box with data at the backend
i.e Stateless work loads
Suggestion, for stateless servers, the backend database wont be SQL, it would be the Azure flat file or Azure Cosmos or some read/cache option.
Disk encryption and Azure Key Vault..thoughts
Requirement? Keys are stored in Azure key vault (secure area, no access).
But the drives aren’t physical, so to steal a physical disk would be very challenging to locate.
To steal an virtual drive and mount, its the administrator mistake? Lost or weak admin password?
Define the DNS server IP
Defining Peerings for vNETS. This allows routes between vNETS
Public IPs will fall in to a network security group for a default firewall. Its purely a basic firewall.
Use Market place to find a 3rd party firewall to lock down internet facing servers (fastest option)
Alternatively route via on prem firewall (slowest option) or route via another cloud firewall (second fastest)
Network Security Group
Inbound and Outbound security groups
By default network security groups have a public IP address and an RDP allow connection.
Network security groups can be assigned to a network card, a subnet or the subnet a load balancer sits within.
Cost : Networks and Network Security Groups are Free
Create your own route tables. Then you have options to assign routes to a subnet or a virtual machine.
Additionally configure the Windows Firewall settings on a virtual machine.
(My thoughts and opinions, are my own @stephenhackers)
Azure – What are the options?
IaaS, PaaS & SaaS
IaaS – Virtual Servers in the Cloud.
Easiest/ Logical method of moving to the cloud is IaaS. Drag your on prem Virtual Machines in the cloud. Basically transferring your on prem virtual machines in to the Cloud (Azure).
In event of failure on prem option, to run in azure, or migrate to azure
Active Directory – Azure AD connect. In a Hybrid environment
PaaS – Azure App Service
Storage, back and recovery services
More advanced – AI – Audio to Text PaaS
Complete Software solution
What is the exam?
Exam : 70-533 Implementing Microsoft Azure Infrastructure Solutions.
Expect 1-4 questions are PowerShell based
In theory, you will need another exam to qualify for the certification MCSE Cloud
Why move to Azure?
Cost saving option – Turning off services over night will massively save money IaaS.
Pay As You Go : Azure for your dev environment
Note : Geographic areas and some cost more to host and some have limited features.
West Europe would appear to be the best option for local businesses in Sunderland (UK).
But – Check features are available in a region.
Pricing Calculator / Estimator
Location to learn information https://docs.microsoft.com/en-us/azure/
DevOPS : How to deploy to Azure . https://docs.microsoft.com/en-gb/vsts/deploy-azure/
Market Place : Search for products available on Azure
Azure Services / Categories
Compute, Networking, Data and Storage, Web & Mobile, Other services include AD, automation, logging, monitoring
Visual studio or visual studio code (free option)
Resource templates. Json files
Log Analytics and ( Operations Management Suite )
Centralised location for gathering log information
Patch management view
Change management view
Thought : Could this be described as a new version of System Center, SCOM, WSUS, but a cloud version?
Resource Groups and RBAC
Setup Resource Groups & Tags
Setup Access Control (IAM) Roles (RBAC)
Basic PowerShell Commands
Networking and Providers
Location Providers – UK is London
AT&T NetBond, British Telecom, Colt, Equinix, InterCloud, Internet Solutions – Cloud Connect, Interxion, Jisc, Level 3 Communications, Megaport, MTN, NTT Communications, Orange, Tata Communications, Telecity Group, Telehouse – KDDI, Telenor, Verizon, Vodafone, Zayo Group+
Azure Virtual Networks
Choose the IP address spaces. Don’t use a subnet where you might duplicate your on prem servers.
Azure utilises some IPs .. So smallest subnet /29 subnet
Azure Load Balancer – Overview
Internal, Internet, Application Gateway, Traffic manager
SSL offload & WAF
PaaS DNS is quite limited or Create a VM hosting VMs for internal DNS / Domain Controller.
Deploy to azure ( for speed, test it out at your own risk )
(My thoughts and opinions, are my own @stephenhackers)
This is my interpterion of VMware vRealise Orchestrator at a high level. VMware vRealise Orchestrator is a centralised location to create workflows, create actions and define configuration elements to automate tasks. In ddition there is a useful tool built-in which can auto generate documentation based on your workflows created.
so, how does vRO compare to my previous work?
My first impression of vRO, is the tool reiterates the structure I have been putting in place via PowerShell scripts on previous projects and demonstrations.
See my previous work on bulk virtual machine deployments:
The scriptable tasks are more interesting. You can predefine properties/variables to use within the script tasks.
Some nice key features :
- Descriptions area for workflows
- Version control work flows.
- Simple Output to System.log
Is there a similar alternative product I’ve used.
Some of vRO features do have similarities to an alternative product I have recently been using called Octopus. Octopus has the options to create processes, add scripts including PowerShell and version control each release and control releases.
Moving on to more advance scriptable tasks in vRO, decisions can then be defined based on If …Else statements to define the output. When scripting within workflows, a simple but effective feature is when a variable is entered in a script, the variable name changes colour.
Out the box options
There are some out the box options such as VMware tools and Virtual Hardware upgrades with vRO workflows.
There are many more advanced topics and work flows. Feel free to share your favourite work flows or developed work flow on twitter @stephenhackers
Note : All opinions are my own.