KeithMayer.com

Be an Early Expert in Hybrid Cloud - Microsoft Azure, Windows Server 2012 R2, Hyper-V and System Center 2012 R2

KeithMayer.com

  • TechNet Radio: (Part 2) Open Source + Microsoft Azure - Implementing MySQL databases in the Cloud

    Keith Mayer and Tommy Patterson are back for part 2 of their series on “ Open Source + Azure ” and today they show us how to implement MySQL databases inside Linux VMs on Azure. [ 2:06 ] Besides MySQL on Azure IaaS, what other options are available to me? [ 11:55 ] DEMO Quick Create and Azure Virtual Network [ 17:35 ] DEMO Creating a Storage account [ 26:54 ] DEMO How to configure MySQL in a Linux VM on Azure [ 38:10 ] DEMO How to make MySQL highly available on Azure __________________________...
  • Step-by-Step: Encrypting Data Volumes in the Azure Cloud with Windows Server 2012 R2, PowerShell and BitLocker

    The Microsoft Azure cloud platform has supported at-rest encryption of Windows Server VM data volumes via BitLocker for some time now, but I’ve found that there’s often a desire to completely automate the BitLocker configuration as part of virtual machine provisioning and startup tasks.

    Read this article ...

    In this article, I’ll walk through the PowerShell steps to automate the provisioning of BitLocker and unlocking BitLocker-protected data disks as part of a virtual machine’s startup tasks.

  • Resizing Data Disks in the Cloud on Microsoft Azure with Windows PowerShell

    Resizing existing Azure VM data disks just got a whole lot easier with the introduction of an enhanced Update-AzureDisk PowerShell cmdlet in the latest version of the Azure PowerShell module.

    Read this article ...

    In this article, I’ll step through the process of using this new cmdlet to increase the size of an existing data disk on an Azure virtual machine.

  • TechNet Radio: (Part 1) Open Source + Azure: Building Linux in the Cloud

    Keith Mayer and Tommy Patterson kick off a new series today on “ Open Source + Azure ” and in part 1 they cover the building blocks and how to for Linux in the Cloud with Microsoft Azure. [ 2:44 ] Open Source and Microsoft? How does that work? [ 8:11 ] Why should someone pick Azure for their Open Source solutions? [ 15:55 ] Let’s chat about Azure and Linux and how they play nicely together [ 22:00 ] DEMO Provisioning and Managing Linux and Azure Check out the Quick Start Guide: Building Linux...
  • TechNet Radio: (Part 18) Building Your Hybrid Cloud - Automated Provisioning for Linux in the Cloud with Microsoft Azure

    Next up in our ongoing series to “ Build a Hybrid Cloud” Keith Mayer and Andy Syrewicze look at automated provisioning for Linux in the cloud with Microsoft Azure. Tune in as they explore the various ways in which you can automate workloads for Linux in Azure by using either Azure Automation , PowerShell DSC for Linux , XPlat CLI for Azure , Docker , Chef or Puppet (just to name a few). [ 2:05 ] What are some of the tools you can use to automate Linux workloads in Azure? [ 10:10] DEMO: Getting started...
  • TechNet Radio: (Part 17) Building Your Hybrid Cloud - End-to-End IaaS Workload Provisioning in the Cloud with Azure Automation and PowerShell DSC

    Keith Mayer welcomes special guest Tommy Patterson to the series as they discuss end-to-end IaaS workload provisioning in the Cloud with Azure Automation and PowerShell DSC. Tune in as they break down automation into 3 main categories of tasks (managing and orchestrating the overall process, provisioning cloud fabric resources, and provisioning workloads, like operating systems and applications) and then go into in-depth demos showing how you can do this via Azure Automation and PowerShell DSC. ...
  • TechNet Radio: (Part 2) Supporting a Mobile First World - Identity Management with Azure Active Directory

    In part 2 of our Enterprise Device Management series, Jennelle Crothers and Keith Mayer discuss the importance of Identity Management and how Azure Active Directory applies to this Mobile-First, Cloud-First world. [ 1:25 ] What is Azure Active Directory? [ 6:59 ] DEMO: Creating a New Azure Active Directory tenant [ 13:10 ] DEMO: Adding applications to Azure AD [ 21:00 ] DEMO: Azure Active Directory Connect [ 33:01 ] DEMO: Azure Multi-Factor Authentication __________________________ Experience Microsoft's...
  • Automating Azure Autoscale Rules via PowerShell and REST API

    Azure Autoscale helps us align utilization of active cloud services to the volume of users and requests currently hitting an application.  As such, Autoscale helps us avoid overprovisioned scenarios where we'd otherwise be paying for excess resources that may not be needed all the time.

    When using Autoscale, the Azure cloud platform can dynamically scale-out/scale-in application instances based on defined schedules or in response to CPU utilization or volume of requests waiting on an Azure Queue, which is useful when designing an application that leverages a Queue-centric Work Pattern.  As part of the Autoscale configuration, you can customize minimum instances, maximum instances, scheduled times and thresholds to optimize scaling behavior for your unique application load patterns.

    Learn more! Watch Module 4, Virtual Machines in this MVA Hybrid Cloud Jump Start course

    Read this article ...

    We can manually configure Azure Autoscale using the Azure Management Portal, but in this article we'll walk through automating our Autoscale configuration as part of an overall scripted process for provisioning new workloads on the Azure cloud platform ...

  • Partner Tech Night - What's New in Microsoft Azure for Infrastructure and Development Partners - Deck and Resources

    Thank you for attending our recent Partner Tech Night in Columbus OH on What's New in Microsoft Azure for Infrastructure and Development Partners. In this article, I've included a copy of our session deck and additional next step resources ...

  • Early Experts Study Guide for Microsoft Specialist Certification Exam 70-534, Architecting Microsoft Azure Solutions

    Read this article ...

    This exam study guide is intended as a study reference tool to assist experienced architects with preparing for Microsoft Specialist certification via Exam 70-534, Architecting Microsoft Azure Solutions.

    Exam 70-534 is one of three exams that can be successfully passed to complete Microsoft Specialist certification on Microsoft Azure. Other exams in this Microsoft Specialist series include:

    Only one exam listed above (70-532 or 70-533 or 70-534) needs to be passed to attain Microsoft Specialist certification on Microsoft Azure.

    This exam guide presents the target exam objectives within each of the above objective domains in a checklist format to provide an easy method for experienced exam candidates to quickly self-assess their general exam preparedness and also provide specific study resources to help candidates address knowledge gap areas prior to attempting this exam. These are the same study resources that I personally used to prepare for Exams 70-534, 70-533 and 70-532 myself, so I’ve already taken time to proof and review each and every resource ...

  • Leveraging the Azure Service Management REST API with Azure Active Directory and PowerShell / List Azure Administrators

    The Azure Service Management REST API can be a great compliment to the Azure PowerShell module when automating certain Azure cloud tasks for which there's not yet a defined set of PowerShell cmdlets.  In previous articles, we've leveraged this API for specific scenarios, such as:

    However, in each of our previous articles, we've used management certificates to authenticate to our Azure subscription when calling the Azure Service Management REST API. Azure Active Directory is being used by many organizations for centralized authentication to Azure via the Azure Management Portal, Azure PowerShell using the Add-AzureAccount cmdlet, and to other cloud-based applications (over 2,400 third-party apps as of the date of this article).  This prompted me to consider leveraging Azure AD for Azure API authentication as an alternative to management certificates.

    , Read this article ...

    In this article, we'll step through the process of authenticating to the Azure Service Management REST API using Azure Active Directory via PowerShell.  Leveraging these capabilities together gives us a consistent authentication and scripting experience, along with the extensibility that the Azure API provides.

    Along the way, we'll also show a useful example for keeping track of the administrators and co-administrators for your Azure subscription.

  • Extending SQL Server 2014 AlwaysOn Resource Groups with Storage Spaces on Microsoft Azure

    The new Azure Preview Portal makes it super-easy to configure a highly available SQL Server 2014 AlwaysOn Availability Group cluster with a new Azure Resource Group Template.  After completing 4 fields of information and clicking a single Create button, a complete cluster environment including an Azure Storage Account, Virtual Network, Active Directory Domain Controllers and SQL Server 2014 AlwaysOn cluster will be automatically configured.  Of course, if you wish to customize any of the options, you're given the ability to do that too - but that's a few extra clicks! ;-)

    When the cluster provisioning process is completed, your new cluster will look like this:

    Read this article ...

    However, when attempting to add additional storage to your new cluster, you'll likely encounter some warning messages that may challenge you.  In this article, we'll leverage a bit of PowerShell to sidestep those warnings and continue on our way towards expanding storage capacity and throughput for our AlwaysOn Availability Groups cluster.

  • TechNet Radio: (Part 16) Building Your Hybrid Cloud - Migrating Applications to Microsoft Azure from Hyper-V, VMware, Amazon AWS & Physical Servers

    Keith Mayer and Andy Syrewicze are back for Part 16 in our “ Build a Hybrid Cloud ” series and in today’s episode they focus on how you can migrate your existing server workloads from Hyper-V, VMware and Amazon AWS to Microsoft Azure using the Microsoft Migration Accelerator for Azure tool. [ 6:45 ] You mentioned the “Microsoft Migration Accelerator” … what is that? [ 8:10 ] How does the MMA help with migrating large datasets to the cloud? [ 13:05 ] DEMO: Microsoft Migration Accelerator Read the...
  • Diagnose Azure Virtual Network VPN connectivity issues with PowerShell

    Azure Virtual Network Gateways provide a great solution for quickly building secure cross-premises network connectivity for a Hybrid Cloud via IPsec site-to-site VPN tunnels. However, VPN tunnels can sometimes be a bit tricky to configure with certain on-premises VPN gateways.  When the VPN tunnel isn't able to connect between Azure and your on-premises gateway device due to configuration or networking issues, you'll see a broken connection displayed in the Azure Management Portal for that Virtual Network Gateway.

    Read this article ...
    Azure Virtual Network - Disconnected

    Until recently, the only options for diagnosing VPN connection problems were to either troubleshoot via logs from the on-premises VPN gateway, or open an Azure support ticket for assistance with troubleshooting from the Azure side of this VPN tunnel. With the latest Azure PowerShell module, we now have the ability to directly troubleshoot VPN connections from Azure with three new PowerShell cmdlets: Start-AzureVNetGatewayDiagnostics, Stop-AzureVnetGatewayDiagnostics, and Get-AzureVNetGatewayDiagnostics.

    In this article, we'll step through leveraging these new Azure PowerShell cmdlets to diagnose a site-to-site VPN gateway connection issue.

  • Step-by-Step: Revoking and Reinstating Client VPN Certificates for Azure Point-to-Site VPNs

    Microsoft Azure provides Point-to-Site VPN (aka. Client VPN) connectivity for secure remote access by development and operations teams to cloud-based workloads that are provisioned on an Azure Virtual Network.  Azure Point-to-Site VPN connectivity uses SSTP as a firewall-friendly tunneling protocol and certificates for mutual authentication of each client connection.

    Read this article ...

    You can find more details on configuring Azure Point-to-Site VPNs at the following link location:

    When discussing Azure Point-to-Site VPN connectivity, one of the questions I frequently hear is ...

    Great! But ... how do I disable a Point-to-Site VPN user when they're leaving my organization?

    Azure Point-to-Site VPNs use certificates for user authentication and authorization, so we can simply revoke a user's certificate to disable their Point-to-Site VPN access.  In this article, we'll step through the process of revoking and reinstating user certificates for Azure Point-to-Site VPNs by using the Azure PowerShell module and the Azure Service Management REST API.

  • Quick Tip: List Current Client Connections on Azure Point-to-Site VPN with PowerShell and REST API

    Microsoft Azure provides secure access to cloud-based VMs for developers and IT operations teams via Point-to-Site VPN (aka. Client VPN) connectivity.  This solution uses SSTP (Secure Socket Tunneling Protocol) to provide a secure, firewall-friendly solution that uses the native VPN client built-in with Windows 7 and later.  In a future article, we'll also look at a cross-platform Client VPN connectivity option to Azure for Linux and Mac OS X clients.

    After configuring Point-to-Site VPN connectivity in Azure, it's pretty easy to see the overall connection status on the Virtual Networks Dashboard page of the Azure Management Portal, as shown below.

    Read this article ...

    Azure Management Portal: Virtual Network Dashboard page

    BUT ... what if we want to see the details of each individual client IP address that is currently connected to the VPN? Luckily, with a bit a PowerShell and the Azure Service Management REST API, we can fetch those details as well! In this article, we'll show you how ...

  • Step-by-Step: Automated Provisioning for Linux in the Cloud with Microsoft Azure, XPlat CLI, JSON and Node.js ( Part 2 )

    There's lots of tools that can be leveraged for automating Linux workloads on Microsoft Azure, including Azure Automation, PowerShell DSC for Linux, VM Agent Custom Scripts, Cloud-Init, XPlat CLI for Azure, Vagrant, Docker and third-party tools such as Chef and Puppet.  Azure provides a wide variety of automation options so that you can choose the tools with which you're most familiar and, in some cases, may already have an existing investment.

    Read this article ...

    In Part 1 of this two-part article series, we stepped through the process for getting our Linux admin workstation setup for Azure cloud automation using the XPlat-CLI and Cloud-Init.

    This article is Part 2 of this series. In this article, we'll leverage these tools for automatically provisioning an end-to-end highly available Linux server farm environment, including storage, networking, load-balancing, virtual machines and application workloads.  As we proceed through this article, we'll be build a Linux shell script that implements this provisioning logic.

  • Step-by-Step: Automated Provisioning for Linux in the Cloud with Microsoft Azure, XPlat CLI, JSON and Node.js ( Part 1 )

    Since previously publishing the Quick Start Guide for Building Highly Available Linux Servers in the Cloud on Microsoft Azure, several people have asked me about ways in which Linux workload provisioning can be automated with Azure.

    Read this article ...

    There's lots of tools that can be leveraged for automating Linux workloads on Microsoft Azure, including Azure Automation, PowerShell DSC for Linux, VM Agent Custom Scripts, Cloud-Init, XPlat CLI for Azure, Vagrant, Docker and third-party tools such as Chef and Puppet.  The Azure team provides a wide variety of automation options so that you can choose the tools with which you're most familiar and, in some cases, may already have an existing investment.

    This article is part 1 of a two-part series.  In this article, we'll step through the process for getting our Linux admin workstation setup for Azure cloud automation using the XPlat-CLI for Azure and Cloud-Init

    In part 2 of this series, we'll leverage these tools for automatically provisioning a highly available Linux server farm environment using the scenario outlined in the Quick Start Guide referenced above.

  • TechNet Radio: (Part 15) Building Your Hybrid Cloud - Getting Started with Automating the Hybrid Cloud using PowerShell

    In part 15 of our “ Building a Hybrid Cloud ” series, Keith Mayer and Andy Syrewicze show us to get started automating our hybrid cloud environment using PowerShell. Tune in for this great overview session on why IT Pros should think about automating their processes and how they can get started with the Microsoft Azure VM Agent Custom Script extensions, Azure PowerShell Module and the Azure Pack. [ 1:45 ] Why Automate? [ 7:23 ] DEMO: Microsoft Azure VM Agent Custom Script Extensions Azure PowerShell...
  • Quick Tip: List all Static IPs on an Azure Virtual Network using PowerShell

    We can assign static internal IP addresses for Azure Virtual Machines on a Virtual Network using either PowerShell or the new Azure Preview Portal. This is a useful capability for provisioning VM workloads that may require fixed IP address assignments, such as DNS servers.

    image
    Provisioning a VM with a Static internal IP address using Azure Preview Portal

    Question: After provisioning a set of VM's with static internal IP addresses, how can I display a list of all VMs with static addresses in my subscription?

    Answer: You can list all Azure VM's configured with static internal IP addresses in your Azure subscription with the following one-line PowerShell code snippet that leverages the Azure PowerShell Module.

    Get-AzureVM | Select-Object -Property Name, @{Name='StaticIP';Expression={(Get-AzureStaticVNetIP -VM $_ ).IPAddress}}

  • Deck and Resources: SQL Server Options in the Cloud with Microsoft Azure

    Thanks for attending my presentation today at the Columbus SQLPASS User Group chapter on SQL Server Options in the Cloud with Microsoft Azure.

    Read this article ...

    We discussed various hybrid cloud options for leveraging Microsoft Azure as part of a SQL Server deployment, including the following scenarios:

    • Off-site cloud backups for databases and logs
    • Disaster recovery of on-premises databases
    • Production quality cloud-based Dev & Test environments
    • Extending on-premises applications to the cloud
    • Migration of existing applications to the cloud
    • Cloud-designed business and SaaS applications

    In this article, I've included a downloadable copy of our session deck along with a list of additional resources to help you continue your evaluation of these key scenarios ...

  • TechNet Radio: (Part 14) Building Your Hybrid Cloud - Disaster Recovery to the Cloud with Azure Site Recovery

    In part 14 of our “ Building a Hybrid Cloud ” series, Keith Mayer and Andy Syrewicze walk us through a discussion around the importance of disaster recovery as well as demo how you can implement this in Azure Site Recovery. the steps of the importance of disaster recovery. [ 3:15 ] What is Azure Site Recovery? [ 5:00 ] DEMO: Implementing Azure Site Recovery __________________________ Experience Microsoft's latest products with these FREE downloads! Build Your Lab! Download Windows Server 2012...
  • Quick Tip: Listing all IaaS VMs or PaaS Roles on an Azure Virtual Network via PowerShell

    When managing Microsoft Azure Virtual Networks via the Azure Management Portal, we can easily see a list of IaaS Virtual Machines and/or PaaS web/worker roles that are connected to a particular virtual network, as shown below.

    image
    List of resources connected to Azure Virtual Network via Management Portal

    Question: How can I determine this same type of list when using PowerShell to manage my Azure subscription?

    Answer: Virtual networks are bound to Azure cloud service deployments for IaaS Virtual Machines and PaaS web/worker roles. Use the following PowerShell code snippet to display the list of cloud services, roles and instances that are connected to a particular Azure Virtual Network.

    (Get-AzureService |
        Get-AzureDeployment |
        Where-Object `
             -Property VNetName `
             -EQ "enter-vnet-name") |
        %{
             Get-AzureRole `
                 -ServiceName $_.ServiceName `
                 -InstanceDetails |
             Select-Object `
                  -Property ServiceName,
                            InstanceName,
                            RoleName,
                            IPAddress
         }

  • Scripts-to-Tools: Automate Health Monitoring Alert Rules in the Cloud with PowerShell and the Azure Service Management REST API

    After successfully provisioning new IaaS virtual machines or PaaS cloud services in Microsoft Azure, the focus often turns to workload monitoring for ensuring the continued health of the solutions we've deployed. Microsoft Azure includes native monitoring and email alerting capabilities for deployed workloads, and you can certainly extend monitoring to more granular levels with additional tools, such as Azure Automation, Application Insights, System Center 2012 R2 Operations Manager, or other 3rd party tools like New Relic.

    Read this article ...

    However, manually configuring monitoring alert rules for a large number of workloads can take a lot of time. Unfortunately, the Azure PowerShell module doesn't currently provide direct scripting support to automate alert rule definition, BUT ... the Azure Service Management REST API does provide this capability, and we can easily leverage that API via PowerShell with a bit of creativity!

    In this article, we'll step through the process of creating our own PowerShell function, named New-AzureAlert, to help us automate the provisioning of new Azure monitoring alert rules using the Azure Service Management REST API.

  • End-to-End IaaS Workload Provisioning in the Cloud with Azure Automation and PowerShell DSC ( Part 2 )

    This article is Part 2 of a two-part series on automating the end-to-end provisioning process for IaaS workloads running on the Microsoft Azure cloud platform.  This process includes orchestration of all tasks, provisioning cloud fabric resources, and configuring operating system and application workloads running inside Azure VMs. The end goal of this effort is to provide accelerated "push-button" delivery of highly available, load-balanced cloud applications.

    Read this article ...

    In Part 1 of this series, I provided an example of leveraging Azure Automation runbooks and PowerShell Workflows in a concerted approach to fully automate all aspects of deploying new load-balanced VM's on the Microsoft Azure cloud platform. If you haven't yet completed Part 1 of this series, be sure to go do that now, and then come back here when finished to continue on to the Part 2 steps below.

    In this article, I'll provide an example of a working PowerShell DSC Configuration that can be used with Azure Automation runbooks to customize the configuration of operating system and web application components running inside each VM as part of the provisioning process. When we're all done, we'll be able to invoke one runbook to deploy everything needed to bring our web application online: VMs, load-balancing, OS configuration, and Web application content.

About the Author ...

Keith Mayer is a Senior Technical Architect at Microsoft, focused on helping ISV partners leverage the Azure cloud platform. Keith has over 20 years of experience as a technical leader of complex IT projects, in diverse roles, such as Network Engineer, IT Manager, Technical Instructor and Consultant. He has consulted and trained thousands of customers and partners worldwide on design of enterprise technology solutions.

Keith is currently certified on several Microsoft technologies, including Azure, Private Cloud, System Center, Hyper-V, Windows, Windows Server, SharePoint, SQL Server and Exchange. He also holds other industry certifications from VMware, IBM, Cisco, Citrix, HP, CheckPoint, CompTIA and Interwoven.

You can contact Keith online at http://aka.ms/AskKeith.