Friday, June 29, 2018

Fully configured virtual machine create using PowerShell Script


If you are very concern on the naming-convention of your services when you are deploying your Azure hosted VM's then you can try the below mentioned script. This is purely support for Windows Server deployment.

Here I have done some additional work and took all the services into one place where you can do the changes in the first place and then run the deployment.


Steps are listed below.

1. First login into the AzureRM using the PowerShell

Login-AzureRmAccount

SNAGHTML314938ca

Once the login is successful then you will be able to see the below information.

image

2. Copy paste the below mentioned script and and changed the names as you required under the Variables.

ResourceGroup    - Give the resource group name. Define the Resource Group Name/s
Location                - Give the correct location name where you going to host you services. E.g. Australia East, UK South
VmName                - Server Names                                         
SubnetName          -  Subnet Name
NamevNET             - Virtual Network name.
Namemypublicdns- Public DNS Name.
NameNetworkSecurityGroupRuleRDP  - Network Security Group Rule name. Here you can add the additional ACLs and the script is used to enable only the RDP port. Later you need to add the IP restriction.
NameNetworkSecurityGroup – Network Security Group Name.
NameVNic               - Virtual Network name.
VMSize                     - The Size of the VM. This will need to select carefully with the requirement
AddressPrefix         - The  Address prefix need to be change under Subnet configuration and the Virtual Network Section.

PowerShell Script

-----------------------------------------------------------------------------------------------------------------

# Variables for common values

$resourceGroup = "AAA-Production3"

$location = "West US 2"

$vmName = "AAA-Prod-SVR1"

$SubnetName = "AAA-PROD-SUBNET01"

$NamevNET = "AAA-PROD-VNET"

$Namepublicdns = "AAA-PROD-ADF01-IP01"

$NameNetworkSecurityGroupRuleRDP = 'Default-allow-rdp'

$NameNetworkSecurityGroup = 'AAA-SVR1-NSG'

$NameVNic = "AAA-PROD-VNIC01"

$VMSize = 'Standard_D1_v2'

# Create user object

$cred = Get-Credential -Message "Enter a username and password for the virtual machine."

# Create a resource group

New-AzureRmResourceGroup -Name $resourceGroup -Location $location

# Create a subnet configuration

$subnetConfig = New-AzureRmVirtualNetworkSubnetConfig -Name $SubnetName -AddressPrefix 10.50.1.0/24

# Create a virtual network

$vnet = New-AzureRmVirtualNetwork -ResourceGroupName $resourceGroup -Location $location `

-Name $NamevNET -AddressPrefix 10.50.1.0/24 -Subnet $subnetConfig

# Create a public IP address and specify a DNS name

$pip = New-AzureRmPublicIpAddress -ResourceGroupName $resourceGroup -Location $location `

-Name "$Namepublicdns$(Get-Random)" -AllocationMethod Static -IdleTimeoutInMinutes 4

# Create an inbound network security group rule for port 3389

$nsgRuleRDP = New-AzureRmNetworkSecurityRuleConfig -Name $NameNetworkSecurityGroupRuleRDP -Protocol Tcp `

-Direction Inbound -Priority 1000 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * `

-DestinationPortRange 3389 -Access Allow

# Create a network security group

$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $resourceGroup -Location $location `

-Name $NameNetworkSecurityGroup -SecurityRules $nsgRuleRDP

# Create a virtual network card and associate with public IP address and NSG

$nic = New-AzureRmNetworkInterface -Name $NameVNic -ResourceGroupName $resourceGroup -Location $location `

-SubnetId $vnet.Subnets[0].Id -PublicIpAddressId $pip.Id -NetworkSecurityGroupId $nsg.Id

# Create a virtual machine configuration

$vmConfig = New-AzureRmVMConfig -VMName $vmName -VMSize $VMSize | `

Set-AzureRmVMOperatingSystem -Windows -ComputerName $vmName -Credential $cred | `

Set-AzureRmVMSourceImage -PublisherName MicrosoftWindowsServer -Offer WindowsServer -Skus 2016-Datacenter -Version latest | `

Add-AzureRmVMNetworkInterface -Id $nic.Id

# Create a virtual machine

New-AzureRmVM -ResourceGroupName $resourceGroup -Location $location -VM $vmConfig

----------------------------------------------------------------------------------------------------

Same script can be download here

Azure Error - This.Client.SubscriptionId' cannot be null


If you receive this error when you try to remove your existing resources from your Tenent, Then you have to check the Azure subscription status.

Error will say something like,

Remove-AzureRmResourceGroup : 'this.Client.SubscriptionId' cannot be null.
At line:1 char:1
+ Remove-AzureRmResourceGroup -name QlikSense
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     + CategoryInfo          : CloseError: (:) [Remove-AzureRmResourceGroup], ValidationException
     + FullyQualifiedErrorId : Microsoft.Azure.Commands.Resources.RemoveAzureResourceGroupCmdlet

As I mentioned in the above this error will trigger when you try to remove the resources by using the PowerShell commands.

To verify you can run below mentioned command,

Get-AzureRmContext

image

image

If you check this in the Azure portal, you will see,

image

To resolve this issue you can set the Azure subscription manually by running         Select-AzureRmSubscription  command or remove the Resource groups by login into the Azure portal.

I preferred the second option as it worked for me few times.

Friday, June 15, 2018

Data Protection Resources - Microsoft cloud services

The detail about the  GDPR Mapping to Microsoft Controls can be found in this Whitepaper.

Information about how Microsoft cloud services protect your data, and how you can manage cloud data security and compliance for your organization.

* Office 365 GDPR control mapping 5.24.18

* Dynamics 365 GDPR control mapping 5.24.18

* Professional Services GDPR control mapping 5.24.18

* Azure GDPR control mapping 5.24.18

* Office 365 - Audited Controls NIST 800_53A Rev 4

* Office 365 - Audited Controls ISO 27018:2014

* Office 365 - Audited Controls ISO 27001:2013


More details regarding the Pen Test and Security Assessments, Compliance guides and Audited controls can be found by clicking here.

Tuesday, June 12, 2018

How to add a Manage Disk into Azure VM

If you need to add a new data disk into your existing Azure server then you can follow the below steps to add a new disk into that environment.

Mainly there are two ways of doing that,

1. Create the required disk fist and then ad into the server.

2. Under the Server settings, go into the Disk and then create the required Disk from there itself.

Steps here are for first option and to create that,

1. Go into all service > search for disk.

image

2. Click on add and button and give a name for the disk. Then select the correct Resource group and the location.

3. Account type needs to be select as per the requirement and source can be select “None”.

- Need to be very careful with selecting the size of the Disk. The pricing details can be find here.

image

- Once the validation complete, click on create.

4.  Then go into Virtual Machine > Settings> Disk

And add the disk from there.

image

image

- After completing that log into the server and format and add the disc by go into the Disk Manager.




Wednesday, June 6, 2018

How to deploy Highly available virtual Machines in Microsoft Azure.

If you have an concern about the hosted VM availability and the reliability then you can select this option to reduce the risk which is involve with that.

This solution is is supported through the Azure Availability set and that ensure that the VMs you deploy on Azure are distributed across multiple isolated hardware nodes in a cluster.If you are implementing this then if there is any failures with the Azure Hardware or the software then that will be impact only to the subset of the VM and the total solution will remaining without any downtime.

To configure this first you need to create your availability set and then need to add the VMs into that while crating the VMs.

There are two ways that you can create this,

* When creating the Virtual Machine under settings you can find the Availability Set selection and there itself can create.

* Create Availability Set first and then add that in to the VM while creating the Azure Virtual machine.

1. First go into the portal and search for Availability Set. Click on that.

image


2. Next click on ad and give the required information.


image

There you can see that fault domain and the update domains are listed,

Fault Domain : When you put VMs in to an availability set, Azure guarantees to spread them across Fault Domains and Update Domains. A Fault Domain (FD) is essentially a rack of servers. It consumes subsystems like network, power, cooling etc. So 2 VMs in the same availability set means Azure will provision them in to 2 different racks so that if say, the network or the power failed, only one rack would be affected.

image

Update Domain :  Sometimes you need to update your app, or Microsoft needs to update the host on which your VM(s) are running. Note that with IaaS VMs, Microsoft does not automatically update your VMs. You have complete control (and responsibility) over that. But say if a serious security vulnerability is identified and a patch created. It’s in Microosft’s interest to get that applied to the host underneath your VM as soon as possible. So how is that done without taking your service offline? Update Domains. It’s similar to the FD methods, only this time, instead of an accidental failure, there is a purposeful move to take down one (or more) of your servers. So to make sure your service doesn’t go offline because of an update, it will walk through your update domains one after the other.


3. Click Yes on the User Manage Disk

4. Adding Virtual machines into the Availability set

- Start creating the VM and under Settings, you can find the Availability Set.

- Click on the Availability set and the created availability set can be found there.

- Select the created availability set.

image


5. Same job run add the next servers also into the Availability set.

6. Go into Availability Set and verify the status

image


Note : The availability set can only be configured when creating a virtual machine. You must recreate the virtual machine to move it in or out of an availability set

Sunday, June 3, 2018

Azure Strategy and Implementation Guide from Microsoft


Learn the building blocks of  Microsoft Azure governance. Download the Azure Strategy and Implementation guide now.

Key areas covered are,

  • General architectures that incorporate security, identity, and cloud design principles.
  • DevOps and how it fits with cloud technologies. 
  • Integrating, planning, and managing cloud resources. 
  • Microsoft Azure governance.

  • image


    You can download this on http://msft.social/LSdVE9 location.