Friday, November 24, 2017

Enable Log Analytics in Azure

As I mentioned in my previous post. to use the OMS Log analytics feature, you can enable the Azure log analytics to collect the data from the Azure hosted instances.

To enable this, you can go in to the More Service in Azure Portal and search for Log Analytics.

clip_image001

Then select  create new and give a OMS workspace name.

You can create a new resource group or can select the existing resource group with the servers that you ant to monitor there.

Then select the location where you want to deploy this service.

Initially you can go with the free pricing tier which enables 500MB daily limit.

clip_image002

Then you can select the Virtual machine and in the next select the correct the virtual machines that you want to log the events.

clip_image003

Go into the selected VM and click connect. Once that is done, you will see the status as This Workspace.

clip_image004

Once you go into the Log Analytics Usage blade, you will be able to see the data consumption. Means you can plan, whether you can go with the free pricing tier or need to purchase some other tier.

image

Thursday, November 23, 2017

Azure Log Analytics


Azure Log  analytics are used in the Operation Management suit to collect the availability and the performance of the cloud  and the on-premise environments.

As you can see in the below diagram, you should be able to monitor and get the log information from the Azure hosted VMs, SCOM managed Servers and VM with the OMS agents.

image

At the center of Log Analytics is the OMS repository which is hosted in the Azure cloud.

Data is connected into the data source and then you have a chance of selecting the mothered that you want to filter them. As you can see in the below diagram, Log search can be done through the OMS itself and then you can select the option whether you want to send the alert to a specific Ticketing tool or a recipient, Download the data which can be used in the Power BI to do the reporting, or exporting as a CSV file.

image

This is a sample image of Azure Activity Log in the OMS. I will post the step by step guide about the OMS configuration .

image

SNAGHTML44bb8917

To start this you can use the OMS free data plan package which comes with an 500 MB daily upload limit.

If you have an azure subscription already then, go into OMS portal.

Friday, November 17, 2017

Troubleshoot the Azure site to Site VPN issues.


I  have experienced that most of the time the Azure site to site configuration, making issues in the initial setup because of not following the correct steps.

For an example Some Firewall / Routers support only the “ RouteBased configuration” and not the  “PolicyBased configuration ”. Then you need to select the correct configuration method initially.

Even the IKE version needs to be 2 not 1. I saw sometimes those small mistakes kills your whole day.

Before starting the configuration you can refer the below mentioned Microsoft documentation,

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices

Here you will be able to find the deployment guide for most of the known Firewall and Routes with the “ RouteBased configuration” and the “PolicyBased configuration ” methods.

You can download the step by step guide for the firewall configuration and for Azure VPN setup details are also in the document.

Friday, November 3, 2017

Azure Site-To-Site VPN configuration


Steps to create a S2S VPN is mentioned below.

If you have not set up the virtual network gateway then you can follow my previous post about  Azure Point to site Configuration.

There you can find the details about the Virtual Network Gateway setup.


Next, you can open the Virtual Network Gateway and click on connect. I have already set up one connection and you can click on the add button to start with a new VPN setup.

image


Then you can give a name for the VPN and select the collection type. Here I have selected VNet-to-VNet as I was planning to configure S2S VPN.

First give a name for the configuration then select the VPN as the type to create the VPN gateway.

Then you need to select correct Virtual network which you need to establish the connection and the IP address for the destination.

image


For the Network Gateway again you can give a name IP address and the address space.

clip_image003

You can give the same Preshared key which you have entered in the destination gateway.

image

Or else later you can change that by goin into the Settings > Preshared Keyimage


Once you Save that VPN status is Connecting.

clip_image005


You can get the Connected status if you have done the both the side configuration properly    Smile

Wednesday, November 1, 2017

Azure Point to Site VPN Configuration

Steps to configure P2S VPN is mentioned below and you can follow the steps to configure your site to point VPN.


There are mainly four categories of VPN provided by the Azure for the time. Those are.

  1. Point-to-Site (VPN over IKEv2 or SSTP)

  2. Site-to-Site and Multi-Site (IPsec/IKE VPN tunnel)

                               –> Site to Site and Multi Site VPN service

  3. VNet-to-VNet connections (IPsec/IKE VPN tunnel)

  4. Site-to-Site and ExpressRoute coexisting connections


If  you want more information or the connectivity information, you can click on the links and find them.

If you want more information about the Azure VPN pricing, then click on this Link


To start the S2S configuration, you need to go into

Virtual network gateways > Select the Gateway that you have created earlier 

Then select Point-To-Site Configuration and click configure now.

If you have not created your Virtual Network Gateway, you can follow my blog post which is describe about that.


image

Then give an address pool which you want to use and select the tunnel types below.


Select SSTP protocol.

SSTP(Secure Socket Tunneling Protocol) is a new form of VPN tunnel with features that allow traffic to pass through firewalls that block PPTP and L2TP/IPsec traffic. SSTP provides a mechanism to encapsulate PPP traffic over the SSL channel of the HTTPS protocol. The use of PPP allows support for strong authentication methods such as EAP-TLS. The use of HTTPS means traffic will flow through TCP port 443, a port commonly used for Web access. Secure Sockets Layer (SSL) provides transport-level security with enhanced key negotiation, encryption, and integrity checking.

image

I have selected the Azure Certificate as the authentication type. And to use the certificate you need to Generate a Root and a Client certificate.

Steps to create the certificate can be found here.

Once you copy and paste the Certificate you will be able to save the new configuration.

Next the Download VPN client tab will be active and you will able to download the VPN client from that.

image

You can generate the client Certificate by using the below command,

makecert.exe -n "CN=AzureClientVPNCert" -pe -sky exchange -m 96 -ss My -in "AzureClientVPNCert" -is my -a sha1

image

Then import the certificate into the Personal Certificate folder and install the VPN client on the PC which you want to use this VPN.

image

If you have imported the Client Certificate correctly, then you will be able to connect your client VPN without any issues.


image

You can download the generated Certificate from https://gallery.technet.microsoft.com/Azure-Point-to-VPN-3613dbeb location.

This will help you to do the initial testing.