Kevin Remde's IT Pro Weblog

  • TechNet Radio: Design Considerations for Mobile Device Management

    In today's world where being highly connected and highly mobile are more important than ever, device choice and being mobile while still being productive are big concerns for any business IT organization.  In this TechNet Radio interview, I chat with Yuri Diogenes and Robert Mazzoli as we explore the world of Mobile Device Management and what design considerations you should think about when architecting your strategy for a Mobile first, Cloud first environment.

     

     

     

    • [3:00] Tell us about the Mobile Device Management Design Considerations Guide and who its intended for?
    • [3:54] Mobile Device Management can be an overwhelming topic. Would it be safe to say that some IT organizations don't even really know where to begin?
    • [5:53]  Say I work for a small business and I want to do Mobile Device Management and I don't have a huge budget – what are some of my options?
    • [7:56]  Once my organization has the problem set well defined, what's the next step?
    • [12:50] Is there anything else that my business needs to consider?
    • [14:55] As a companion to the MDM Design Considerations Guide, I understand that your team has put together another pretty useful (and definitely colorful) resource. What's that?
    Check out the  Mobile Device Management Design Considerations Guide
    Download the Enterprise Mobility Poster here

    MVA

    __________________________

    If you're interested in learning more about the products or solutions discussed in this episode, click on any of the below links for free, in-depth information:

    Websites & Blogs:

    Videos:

     Follow the conversation @MS_ITPro
     Follow @KevinRemde on Twitter
     Become a Fan @ facebook.com/MicrosoftITPro
     Like Kevin's Full of IT Facebook page
     Subscribe to our podcast via iTunes, Stitcher, or RSS

  • This just in: More Updates to Azure Backup

    The Azure Blog just posted some exciting news about improvements and updates to Azure Backup, specifically around the backup and retention of Azure Virtual Machines (VMs).

    “Oh yeah?  How can they make it any better?”

    Well, for starters.. How would you like to be able to retain a backup of a Virtual Machine for up to 99 years?

    “That’s crazy.”

    But it’s possible now.  And, you can even backup that virtual machine along with up to 16 attached data disks. 

    Back to retention options, you now have more flexible weekly, monthly, and yearly settings; very much like what was already available for using Azure Backup for backing up local file system (Server or Client) data.

    Example backup retention settings for retaining up to 99 years

    They’ve also improved reporting and monitoring or control of VM backup jobs.  Downloadable summary reports on information on backup storage size are just a couple of examples.

    For the full details and many more links to more useful information and resources, check out the Azure Team Blog article: Azure Backup update – New features in IaaS VM backup support

    And if you’re in-or-near one of these cities on these dates…

    …make sure you come to our TechNet on Tour event, where we’ll be providing more details on how to use Azure for Disaster Recovery, including a great Hands-on-Lab that works specifically with Azure Backup of a VM.

    TechNet on Tour

  • Windows 10: What/Where the Deployment Tools Are

    Windows 10 Enterprise Evaluation

    It’s been nearly a month since Windows 10 became publically available to all, so I’m sure all of you IT Pros who read my blog have been installing (and hopefully enjoying) Windows 10 on your personal machines, while at the same time beginning to think about how you’re going to support a rollout to your business users.  (Or not.  But if you’re not, you should.)

    “Yes!  But are there any updated tools or kits to support us in our planning, assessments, and deployments?”

    I’m glad you asked.  Just a few days ago, for example, the new version of the Microsoft Deployment Toolkit, or MDT.  This is “Microsoft Deployment Toolkit (MDT) 2013 Update 1”. Details of this release can be found in the announcement that was posted on the Microsoft Deployment Toolkit Team Blog.

    “But Kevin, the download page for the MDT says that it requires a ‘Windows Assessment and Deployment Kit (ADK) for Windows 10’.  What is that?”

    As the title implies, the Windows ADK is multiple tools to assist in assessing upgradability, and tools to support tasks such as image capturing and applying, or modifying operating system images.  Put simply, the MDT leverages several of the tools that are in the Windows ADK, so those updated versions need to be there as well.

    The full list of downloads for kits and tools is here: “Download kits and tools for Windows 10”.  Buried towards the bottom of that page is a link to “what’s new in the Windows ADK for Windows 10”, as well as the link to “download the Windows ADK for Windows 10”.

    ---

    Have you used the tools?  Are you rolling out Windows 10?  Don’t hesitate to share your experiences, ask your questions, or throw in your anonymous rants in the comments.  Smile

  • Video: Deploy an Application with Azure Resource Manager Templates

    In this video (which complements the documentation found at https://azure.microsoft.com/en-us/documentation/articles/resource-group-template-deploy/) I walk you through the process of deploying an application with Azure Resource Manager Templates. 

     

  • Deploying and Managing Windows 10 - My Interview with Brad Anderson

    Deploying and Managing Windows 10. It seems like a pretty straightforward and important topic, don’t you think?  Smile 
    I welcome back Brad Anderson to the show as we discuss how businesses and IT organizations can take advantage of the free training resources, in-depth guidance, deployment and management tools that are available starting August 18th  @ http://aka.ms/DeployWin10.

     

    • [2:00] Is Windows 10 a big deal?
    • [3:19] “Windows-as-a-Service” …How is Windows 10 being delivered as-a-service? How is that different?
    • [5:04] In general, how are we recommending that businesses roll out or move to Windows 10?
    • [9:51]  Let’s talk about identity management and security on Windows 10. What’s new and how will it impact businesses?
    • [14:22] What's coming in Windows 10 to support mobile device management, and what tools will I want to use to support that?
    • [21:00] There are other device and MDM products out there. Are they going to be sufficient in managing Windows 10?
    • [24:51] Where can our viewers go for more information on how to deploy and manage Windows 10?

    Win10-EMS

    __________________________

    Experience Microsoft's latest products with these FREE downloads!
     Build Your Lab! Download  Windows Server 2012 R2System Center 2012 R2 and  Hyper-V Server 2012 R2 and get the best virtualization platform and private cloud management solution on the market. Try it FREE now!

     Don't Have a Lab? Build Your Lab in the Cloud with Microsoft Azure Virtual Machines. Try Windows Azure for free with no cost or obligations, and use any OS, language, database or tool. FREE Download

    __________________________

    ms_banner_998x175%20(1)


    If you're interested in learning more about the products or solutions discussed in this episode, click on any of the below links for free, in-depth information:

    Websites & Blogs:

     Follow the conversation @MS_ITPro
     Follow @KevinRemde

     Become a Fan @ facebook.com/MicrosoftITPro
     Follow Kevin's Full of IT on Facebook

     Subscribe to our podcast via iTunes, Stitcher, or RSS

  • Azure Site Recovery (ASR) now available in all US Azure Datacenter Regions

    This just in…

    Today, Microsoft has increased the number of datacenter regions that will support Azure Site Recovery.  Datacenter regions added:

    • Central US
    • East US2
    • North Central US, and
    • South Central US

    “Cool.. but what is Azure Site Recovery?”

    Ah.. in case you, like my friend here, don’t know; Azure Site Recovery is Microsoft’s “Disaster Recovery as-a-Service” (DRaaS) offering.  Think of it as a way to set up machines and services in Azure that are off but being kept up-to-date, plus the orchestration (in the form of a Recovery Plan) to automate planned or unplanned failover.  Your source machines could be hosted on physical boxes, virtualized (Hyper-V or VMware), or even in AWS or other Azure regions.. but keeping a copy of your machines up-to-date in the Azure cloud… just-in-case.

    For more information on Azure Site Recovery, visit the Getting Started with DRaaS.

    And for the official announcement about the new regions, check this Azure Blog announcement.

  • Breaking News: RSAT for Windows 10 now available!

    RSAT for Windows 10

    This just in..

    The Remote Server Administration Tools (RSAT) that will run on and support remotely managing Windows Server (including the latest Windows Server 2016 Technical Preview) are now generally available for download.

    You can find the download HERE

    NOTE: Make sure you read the system requirements!  These tools only run on Windows 10 Professional and Windows 10 Enterprise.  So don’t go trying to do any fancy-schmancy server administrating from your Windows 10 Home installation.

    UPDATE: Those of you who may have installed this and not seen the tools actually installed... Watch your language.  Smile  This release is for English (United States) only.  Yes, I wish it would give you a big error and message about "wrong language version" or somesuch, but apparently it just appears to succeed without so much as a beep.

    From http://www.microsoft.com/en-us/download/details.aspx?id=45520:

    Remote Server Administration Tools for Windows 10 is available only in English (United States) for this release. If you are running Windows 10 in a language that is not English (United States), be sure that you have installed the English (United States) language pack before you install Remote Server Administration Tools. To install the language pack, on the Start screen, click Settings. Click Time and language, click Region and language, and then click Add a language. Click English, and then select English (United States). When you are finished, close the Settings dialog box.

    BIG thanks to Michael Niehaus and Heike Ritter for providing the solution. 

  • TechNet On Tour: Disaster Recovery using Azure

    To follow up on my post of a couple of days ago, I thought I’d share this awesome introductory video discussing our up-coming September/October US events…

    Have you signed up yet?  GO HERE to select your city and date: http://aka.ms/TechNetTour

    Hope to see you there!

  • Find an Azure VM image using the Azure CLI or PowerShell

    Navigating and Selecting Azure Virtual Machine images with PowerShell and the Azure CLIRecently my team has been fortunate enough to be able to contribute to and augment the online Microsoft Azure documentation through the creation of video demonstrations.  My first two contributions can be found on this page:

    Navigating and Selecting Azure Virtual Machine images with PowerShell and the Azure CLI

    Of course, I need to brag specifically on the videos by embedding them here.  Smile

     

    Navigating and Selecting Azure Virtual Machine images with the Azure CLI

     

    Navigating and Selecting Azure Virtual Machine images with PowerShell

  • Azure for Disaster Recovery: The US Tour

    TechNet Tour

    We Technical Evangelists are at it again!  This September and October, we will visit 10 cities to talk about using Microsoft Azure as part of your disaster recovery plan.

    Attendees will receive a free Microsoft Azure pass and the opportunity to complete several disaster recovery related labs during the course of the workshop.

    9/1 - Seattle, WA
    9/3 - San Francisco, CA
    9/22 - Houston, TX
    9/29 - Charlotte, NC
    9/30 - Malvern, PA
    10/6 - Indianapolis, IN
    10/7 - Tampa, FL
    10/8 - New York, NY
    10/14 - Irvine, CA
    10/16 - Dallas, TX

    See the FULL LIST HERE!  Register now to join in!

    (And if you’re in Houston, Dallas, or NYC, you’ll get to see yours truly!)

  • (Part 3) End of Support for Windows Server 2003 - How Small to Midsized Businesses can Benefit by moving to Windows Server 2012 R2

    Concluding our 3 part End of Support for Windows Server 2003 series, Eric Mills and I highlight  some of the key concerns small to midsize businesses need to be aware of if they are still running Windows Server 2003 in their environment.

     

    Ready to make the move? Get Windows Server 2012 R2 now!

    __________________________

    Experience Microsoft's latest products with these FREE downloads!
     Build Your Lab! Download  Windows Server 2012 R2System Center 2012 R2 and  Hyper-V Server 2012 R2 and get the best virtualization platform and private cloud management solution on the market. Try it FREE now!

     Don't Have a Lab? Build Your Lab in the Cloud with Microsoft Azure Virtual Machines. Try Windows Azure for free with no cost or obligations, and use any OS, language, database or tool. FREE Download

    __________________________

    ms_banner_998x175%20(1)
    If you're interested in learning more about the products or solutions discussed in this episode, click on any of the below links for free, in-depth information:

    Websites & Blogs:

    Videos:

     Follow the conversation @MS_ITPro
     Become a Fan @ facebook.com/KevinRemdeisFullofIT
     Become a Fan @ facebook.com/MicrosoftITPro
     Subscribe to our podcast via iTunes, Stitcher, or RSS

  • (Part 2) End of Support for Windows Server 2003 - Migrating from Windows Server 2003

    In Part 2 of our End of Support for Windows Server 2003 series, I welcome Rick Claus to the show.  We discuss various planning and migration tools that are available to help your move from Server 2003.

    Ready to make the move? Get Windows Server 2012 R2 now!

    __________________________

    Experience Microsoft's latest products with these FREE downloads!
     Build Your Lab! Download  Windows Server 2012 R2System Center 2012 R2 and  Hyper-V Server 2012 R2 and get the best virtualization platform and private cloud management solution on the market. Try it FREE now!

     Don't Have a Lab? Build Your Lab in the Cloud with Microsoft Azure Virtual Machines. Try Windows Azure for free with no cost or obligations, and use any OS, language, database or tool. FREE Download

    __________________________

    ms_banner_998x175%20(1)
    If you're interested in learning more about the products or solutions discussed in this episode, click on any of the below links for free, in-depth information:

    Websites & Blogs:

    Videos:

     Follow the conversation @MS_ITPro
     Become a Fan @ facebook.com/KevinRemdeisFullofIT
     Become a Fan @ facebook.com/MicrosoftITPro
     Subscribe to our podcast via iTunes, Stitcher, or RSS

  • TechNet Radio: (Part 1) End of Support for Windows Server 2003 - Why Migrate?

    Eric Mills and yours truly kick off a new 3 part series today as we discuss the upcoming End of Support for Windows Server 2003.  Tune in for part 1 as we discuss the reasons why you should migrate now to a supported operating system before its too late.

     

    Ready to make the move? Get Windows Server 2012 R2 now!

    __________________________

    Experience Microsoft's latest products with these FREE downloads!
     Build Your Lab! Download  Windows Server 2012 R2System Center 2012 R2 and  Hyper-V Server 2012 R2 and get the best virtualization platform and private cloud management solution on the market. Try it FREE now!

     Don't Have a Lab? Build Your Lab in the Cloud with Microsoft Azure Virtual Machines. Try Windows Azure for free with no cost or obligations, and use any OS, language, database or tool. FREE Download

    __________________________

    ms_banner_998x175%20(1)
    If you're interested in learning more about the products or solutions discussed in this episode, click on any of the below links for free, in-depth information:

    Websites & Blogs:

    Videos:

     Follow the conversation @MS_ITPro

     Become a Fan @ facebook.com/MicrosoftITPro
     Become a Fan @ facebook.com/KevinRemdeisFullofIT
     Subscribe to our podcast via iTunes, Stitcher, or RSS

  • New Microsoft Virtual Academy Course - Microsoft Azure Fundamentals: Virtual Machines

    MVA Course

    Bob Tabor (an MVP who I recently learned a lot of C# from) has created a multi-module course for Microsoft Virtual Academy entitled Microsoft Azure Fundamentals: Virtual Machines.  This is definitely worth a look, as the number of modules (35) and depth of topics really look to be more quality and in-depth than the title implies. 

    The course is made up of “Understanding…” modules, “How do I…” modules, and “Tours of…” the various App Services and Data Services available in Microsoft Azure.

    Click the photo above to go directly to the course.

  • If you’re in the area of Saint Louis and can get away from work on May 19, 2015…

    IT Camp!We’re hosting another of our IT Camps on Microsoft Azure and how to extend your datacenter into the cloud.  It’s a free, full-day of learning, including hands-on-labs and great resources for further investigation.

    Go to http://aka.ms/AzureITCampMO for details and to register.  (Hurry.. space is limited!)

    PS - We’ll also have a drawing for someone to win a $100 Microsoft Online Store gift card.  Smile

  • Backup/Recover Your Files to/from Azure Storage (Hybrid Cloud for IT Pros - Part 4)

    The following article is part 4 of our many-part series, “Hybrid Cloud for IT Pros”.  Click HERE often for the ever-growing full list of articles in this series.

    Step-By-Step found here.At my IT Camp events, when discussing this topic, I’ll often ask my IT Pro friends in attendance the following questions; usually with the following results:

    “How many of you have played with Windows Server Backup, the built-in file backup and recovery utility?”
    About 50%-75% of the hands go up.

    “How many of you are using Windows Server Backup as your main server file-system backup tool?”
    Maybe one or two hands go up.  And we all laugh.I’m not surprised!  It’s a very simple tool, and maybe didn’t do all we need for things such as long-term archiving and off-site storage.. so we went with other value-add providers.  But still, if you want to simply create a backup schedule and save multiple recovery points, Windows Server backup is still a nice solution. 

    Wouldn’t it be great if there were a way to take that simple capability and, rather than storing backups to another local storage device, we stored directly into the cheap and always-available cloud storage that is Microsoft Azure

    “Yeah!  I’d love that!”

    Your wish: GRANTED.

    Azure Backup is Microsoft’s Windows Server Backup – cloud-ified.  At the heart of it it involves an Azure subscription, a storage account, a credential to allow the service to trust the server (or client), and an agent installed on your local server (or client). 

    “Kevin.. you keep saying ‘(or client)’.  Are you saying that this Azure Backup can also backup files from Windows Client operating systems?”

    That’s right!  A recent update to this capability was to allow the backup not only of all supported server operating systems (Server 2008 R2 and newer), but also of client operating systems from Windows 7 through Windows 10

    “Very cool!  But how do I set it up?”

    Here is my very own Step-by-Step guide, just for you: Step-by-Step: Windows Azure Backup

  • Lab 6 (Optional): An Ubuntu Linux VM in Azure (Jan-June 2015 Azure Hybrid Cloud IT Camps)

    This post contains Lab 6 of the 5 labs created for our current set of US DX IT Camps.  Yeah.. this is one I just added for good measure.

    The complete set of labs are listed here:

    Optional Lab 6

    Create a new Ubuntu Linux VM using the gallery

    In this task, you will create a new Ubuntu Linux VM, and then configure it to be managed via Remote Desktop. The remote desktop phase will take some time, so you will verify it later.
    Perform the following tasks in the Azure management portal.

    1.                In the Azure management portal, click NEW.

    2.                Click COMPUTE, click VIRTUAL MACHINE, and then click FROM GALLERY.

    3.                In Choose an Image, click UBUNTU, click Ubuntu Server 14.04 LTS, and then click the Next arrow.

    4.                Create a new virtual machine using the values in the following table, and then click the Next arrow.

    Property 
    Value 
    DNS NAME
    Linux01
    TIER
    Standard
    SIZE
    A3
    USER NAME
    AzureUser
    AUTHENTICATION
    Select only PROVIDE A PASSWORD
    NEW PASSWORD and CONFIRM
    Passw0rd!

     

    5.                On the Virtual machine configuration page, in CLOUD SERVICE, select itcservice<ID>.

    6.                In STORAGE ACCOUNT select itsstore<ID>.

    7.                In ENDPOINTS, in ENTER OR SELECT A VALUE, select REMOTE DESKTOP, and then click the Next arrow.

    8.                Click the Complete icon.

    a.      The virtual machine will take a few minutes to create. Depending on the load this may take between 5 and 25 minutes. 

    b.      Wait for the new virtual machine to finish before proceeding.

    Connect to the new Linux VM using SSH and RDP

    In this task, you will use a Secure Shell (SSH) connection to manage Linux01 and install both the desktop and RDP protocol server. This step can take upwards of 30 minutes due to installation times. You can choose to wait, or start the installation, move on, and then complete this step at a later time.
    Perform the following tasks on your admin workstation.

    1.                On your local workstation you’ll need some files from our AzureManagement.zip file. 

    a.      Using Internet Explorer, download and extract https://itcmaster.blob.core.windows.net/fy15q3/AzureManagement.zip to your create an \AzureManagement folder (either at the root of C:\, or on your desktop).

    b.      NOTE: The above URL is Case Sensitive!

    2.                In \AzureManagement, double-click PuTTY.exe.

    3.                In Host Name (or IP address), type ITCService<ID>.cloudapp.net, and then click Open.

    a.      <ID> is your unique id.

    4.                In the PuTTY Security Alert dialog box, click Yes.

    5.                Log on as AzureUser using Passw0rd! as the password.

    a.      You are low logged on to your new Linux VM using SSH.

    6.                Type the following commands, pressing ENTER after each one. This set of commands will add a desktop and enable RDP. Confirm each command as needed.

    sudo apt-get update
    sudo apt-get install Ubuntu-desktop

    a.      Enter Y when prompted.

    b.      This process will take up to 30 minutes or longer. You can allow this to run in the background and come back later. This VM will not be used again.

    sudo apt-get install xrdp
    sudo /etc/init.d/xrdp start

    c.      This last command ensures the xRPD server is started, as it does not always automatically start.

    7.                Now you should be able to go back to the Azure portal, select your Linux01 virtual machine, and connect to it using RDP.

     
  • Step-by-Step: Windows Azure Backup

    Azure Backup “is a simple and reliable data protection solution which enables customers to back up their on-premises data to Microsoft Azure.” 

    Remember Windows Server Backup?  Well, like that perennial utility, this one backs up from or restores items to your Windows File System. 

    “But this one backs up to or restores from Azure?”

    Bingo.  And as of December, 2014 it also supports backup and restore of files on Windows Client (7, 8, 8.1 and on up) operating systems.

    Here’s what we’ll do in this Step-by-Step guide:

    • Configure the Backup Vault
    • Download the Vault Credentials
    • Download and Install the Backup Agent
    • Register the Server
    • Configure the Backup Schedule
    • Backup Now 
    • Navigate the Recovery Vault
    • Restore a Deleted File

    Remember: If you just want to try this out without purchasing or using an existing Azure subscription, you can easily set up a free trial.

     

    Configure the Backup Vault

    Note that, to start, you might want to be doing these steps from the server or workstation that you want to configure for backing up files.  You’ll be downloading credentials and agent, installing the agent, and registering the machine against your Azure subscription, all from that server or workstation, so you may as well start these steps from that machine.

    Open an browser, and to to your Azure Subscription (http://manage.windowsazure.com).  On the left-hand column you can scroll down to find Recovery Services.

    image

    Select Recovery Services, and click New (the “+ mark) at the bottom left of your browser.  This will contextually place you into the New / Data Services / Recovery Services area.

    Select Backup Vault, and then Quick Create.

    image

    Your only two things to configure here are to give your vault a useful name, and to choose where in the world you want to have it stored. 
    Note: You may notice that not all of our data center regions support hosting backup vaults.  The list of regions may change over time.

    Click Create Vault, and after about 10-15 seconds you’ll have your new backup vault ready to use.

    image

    By clicking on the name, you’ll enter into your vault’s quick start page.

    image

     

    Download the Vault Credentials

    In the first versions of Azure Backup, establishing the trust between the vault and the server to be backed up required generating and installing a certificate, exporting it, and uploading it to the vault.  More recently, however, we’ve made it very easy for you.  You’ll simply download the vault credentials from within your account, and that file will be used to establish the trusted connection; either for initially registering the server or workstation, or to recover items to a new machine.

    On the quick start page, click Download vault credentials.  You will be prompted to open or save a file of type .VaultCredentials. 

    image

    Save it somewhere you’ll remember, on your machine to be backed up.
    Note: Treat this file with care.  It’s a file that you don’t want to let get into the wrong hands.

    Download and Install the Backup Agent

    On the quick start page, click the link to download the backup agent that you require. 

    image
    Notice that the same agent you can use to natively backup a workstation or server’s files is also the one used by System Center Data Protection Manager (SCDPM), which also can backup to or restore from Azure.

    Save the MARAgentInstaller.exe, and then run it later.  Or simply run it at this point if you’re already on the machine you want to backup files from.

    image

    I choose to run it from right here.  You will have some very basic configuration choices when you install the agent.

    image

    For my needs, I’m going to just take the defaults, and don’t have any special proxy to get me to/from the Internet. 
    Notice that the agent installation will also install any required components (.NET Framework  4.5) or software (Windows PowerShell) that might be missing.

    image

    When the installation is done, you can either close the installer or “proceed” to the “registration”.  I’m going to proceed.

    image

     

    Register the Server

    When you do that (or when you open the agent for the first time), you’ll be asked to provide the vault credentials file.

    image

    Browse to and select the file you saved earlier, then click Next.

    On the Encryption Setting page, you’ll either generate, or enter your own Passphrase.

    image

    I choose to have the tool generate a long passphrase for me, and I’ll just save it to my desktop folder for now.

    When I click Finish, the tool registers this “server” (I’m actually running this on my Surface Pro 3 running Windows 10 preview) with my backup vault.

    image

    And when it successfully completes, I see this:

    image

    Leaving the “Launch Microsoft Recovery Services Agent” checkmark checked and clicking Close will launch me into the recovery agent.

    image

    Note the options in the Actions pane on the right.  We’ve already registered the server, but as the little alert in the main pane reminds us, we haven’t yet scheduled anything to backup.  So let’s do that now.

    Schedule your Backups

    I have a folder full of very important stuff.  For this demonstration, it’s right on my C:\ drive in the “Very Important Stuff” folder, with an important file called An Important File.txt

    image

    In the Microsoft Azure Backup tool, in the Actions pane, I will click on Schedule Backup.

    Clicking Next on the Getting Started page brings me to the Select Items to Backup page. 

    image

    This is what I use to add, browse to, and select folders or items to backup.  Notice that I could also use this to exclude certain files by file types.

    I’ve selected the C:\Very Important Stuff folder, which is all I need to backup for now.  Click Next.

    On the Specify Backup Schedule page, notice that I can choose to do my backups daily at a certain time, or weekly, being able to select the days and times to perform the backup. 

    image

    I’ll just do my backup daily at 4:30am.  Click Next.

    On the Select Retention Policy page, we have some pretty flexible options for retaining our backed-up data for longer periods of time.  In my case, not every daily backup needs to be saved for several years, but maybe just the backup that I take the Saturday of the last week of March, which I want to save for 10 years. 

    image

    Click Next

    On the Choose Initial Backup Type page, I can choose to do my first backup of my files automatically over the Internet, or in an “offline” way, automating the pull of the first set of data from an existing Azure storage location.  For our simple sample, we’ll just do our first backup over the Internet.  Click Next

    And on the Confirmation page, I verify that all is as it should be.  Clicking Finish creates my backup schedule.

     

    Backup Now

    Note: You haven’t yet launched any backup!  If I left it all now, the next backup would happen based on my schedule.  But I’m going to click the “Back Up Now” option in the Actions pane.

    image

    On the resulting Confirmation page, I click Back Up.  And then I can click Close at any time, because the job has been launched and will run for you in the background – even if you close the Microsoft Azure Backup console.

    But I’ll leave the console open and watch the status of my job change…

    image

    …and in fairly short order (because this was a pretty small backup), I see this…

    image

    And I’m quite relieved that my very important stuff is now safely tucked away in my cloud recovery services backup vault.

     

    Navigate the Backup Vault

    Back in your Azure subscription and in the Recovery Services section, let’s look into my SampleBackupVault and see what we can see there…

    On the DASHBOARD tab, I can see that I have one “server” registered, and currently 0 GB currently protected.  (It was a pretty small file, so I’m not surprised that it didn’t register here.)

    image

    On the REGISTERED ITEMS tab, I can see my one machine of type “Windows server” currently listed and registered.

    image

    Notice that this is also where I could delete any old or no-longer-needed server registrations.

    On the PROTECTED ITEMS tab I can see some basic information about what I’ve protected; a file folder currently with only one recovery point available.

    image

    It also shows what the most recent recovery point and time are.

     

    Restore a Deleted File

    Oh no!  Someone deleted my file!  (Hint: It was me.)

    image

    No worries!  Go back into the Microsoft Azure Backup console and click Recover Data in the Actions pane.

    image

    On the Getting Started page, notice that I can specify if I’m currently on the machine where the backup was originally taken (and therefore is already registered with the Backup Vault), or if I’m on a new machine that doesn’t yet have the vault credentials – in which case I’d be given the opportunity to point to a downloaded .VaultCredentials file. 

    image

    Since I’m on the machine where the backup was taken, I’ll just click Next.

    On the Select Recovery Mode page, I can choose to either Browse for my files, or search for them. 

    image

    I would pick search if I knew there were a very large list to go through.  But in my case, it’s just one file, so I’ll just browse.  Click Next.

    On the Select Volume and Date page, you use the drop-down to pick the volume from which your backup was taken, and then you’re presented with a calendar with some dates in bold representing points in time when you’ve completed past backups. 

    image

    In our sample, I’ve only done the one backup, so that’s the only point I can recover to.  I’ll select it, and click Next.

    On the Select Items to Recover page, I can browse to my Very Important Stuff folder and see the files that were backed up from it. 

    image

    I’m happy to see that my important file is there, so I’ll select it and click Next.

    On the Specify Recovery Options page, I have some choices about whether or not I want to restore to the original location, or how to handle duplicates.  I can even choose to restore (or not) the Access Control List (ACL – the security permissions) that were associated with the original file. 

    image

    I’ll leave these defaults and click Next.

    I verify that all looks good on the Confirmation page, and click Recover.  The recovery starts, and I can close this window because the recovery job is now running for me.

    Back in the Microsoft Azure Backup console I can see that my recovery job has completed successfully…

    image

    …and.. Hooray!  My file is back!

    image

    So.. that’s about it! 

    ---

    What do you think?  Go ahead and share your comments / questions / concerns / rants in the blog comments.

  • Active Directory Domain Controllers in Azure? You bet! (Hybrid Cloud for IT Pros - Part 3)

    The following article is part 3 of our many-part series, “Hybrid Cloud for IT Pros”.  Click HERE often for the ever-growing full list of articles in this series.

    Active Directory Domain Services

    “Hey Kevin, I’d like to take advantage of putting application servers up in a virtual network in Azure.  But I need a domain controller for my application to work.  Can I put one in my virtual network?”

    Absolutely!  There’s no reason you can’t build a server, install AD Domain Services, and have it either as the new domain controller in a new forest, or as another domain controller in an existing forest – provided you can get to the other domain controllers through Site-to-Site VPN Gateway or ExpressRoute

    As a matter of fact, in our current set of content for our US DX IT Camps happening across the country, our Hands-on-Labs have our guests using their own (or a trial) Azure subscription to create a network and then populate it with a Domain Controller (among other machines).  If you want to try out just building a Domain Controller on a virtual network in Azure, I suggest you run through at least the first two of our labs:

    If you don’t already have an Azure subscription, sign up for a FREE TRIAL HERE and give the labs a try. 

    ---

    Finding our series useful?  I hope so!  Feel free to share or ask anything you’d like in the comments.

  • Lab Appendix (Jan-June 2015 Azure Hybrid Cloud IT Camps)

    This post contains the appendix information for the hands-on-labs created for our current set of US DX IT Camps.

    The complete set of labs are listed here:

    Appendix

    Install Active Directory on DC01 using PowerShell (from inside the VM)

    In this task, you will use Windows PowerShell to install and configure Active Directory on DC01. To perform this task, you will use Windows PowerShell ISE as an Administrator.

    To connect an RDP session to your DC01virtual machine:

    1. In the Azure management portal, click VIRTUAL MACHINES, click DC01, and then click Dashboard. On the bottom bar, click CONNECT, and then click Open. Click Connect.
    2. When prompted, log on as sysadmin using Passw0rd! as the password. Click yes.

    From within your RDP session to DC01:

    1. Open a web browser on DC01 to Browse to https://itcmaster.blob.core.windows.net/fy15q3/ADProvisionScriptv2.txt
      NOTE: The above URL is Case Sensitive!
    2. Click on the text then press CTRL-A to select all text – Then Click CTRL-C to copy it to your clipboard.
      NOTE: you can just click OK to any security warnings you get
    3. On DC01, Click Start – type Windows PowerShell ISE, Right click on “Windows PowerShell ISE” and select Run as administrator.
      NOTE: you must run this elevated! Select Yes on the User Access Control Popup.
    4. From PowerShell ISE menu select FileNew – Click on line 1 of Untitled1.ps1 and then press CTRL-V to paste in the script.
    5. Press CTRL-A to select all of the script and then press F8 to run the selected script.
      DC01 will automatically restart to finish installing AD.
      BE PATIENT! This process takes several minutes.
    6. After the restart, reconnect an RDP session to DC01 and confirm AD and DNS are running on DC01 (Server Manager should list Active Directory tools)
    7. From Server Manager / Tools, you should be able to open DNS and other Active Directory tools such as AD Users and Computers)

    ---

    Connect your PowerShell to Azure

    Before you can manage virtual machines from PowerShell on your local administration station you need to download the tools.

    clip_image002

    1. In your Azure portal; click the arrow next to Azure in the upper left corner of the portal, and select downloads. You can also get to download directly by navigating to http://azure.microsoft.com/en-us/downloads/
    2. Scroll down to Command-line tools section and under Windows PowerShell, click Install
    3. When prompted click run and follow the installation prompts
    4. After installation is complete, in your Start Screen or Start Menu locate Microsoft Azure PowerShell and launch it.
    5. You will now need to connect Microsoft Azure PowerShell to your Azure subscription. In your PowerShell session type the following command:
      1. Add-AzureAccount  (Press ENTER)
    6. Enter your Azure Subscriber ID and Password.
      NOTE: If you do not know your SubscriberID: Login to the Azure portal http://manage.windowsazure.com click on your email address in the upper right corner, Click View My Bill. This will list all subscriptions for the current logged in user. Click on the subscription you want to use, then scroll down so see your Subscription ID listed on the right.
    7. You are now ready to use Azure Cmdlets against your subscription.
  • Lab 5: Building Application Workloads – Deploy Data Access App (Jan-June 2015 Azure Hybrid Cloud IT Camps)

    This post contains Lab 5 of the 5 labs created for our current set of US DX IT Camps.

    The complete set of labs are listed here:

    Lab 5: Building Application Workloads – Deploy Data Access App

    Configure endpoints for WEBFE01

    In this task, you will configure the required public endpoint mappings for WEBFE01.

    Perform the following tasks in the Azure management portal.

    1. In the Azure management portal, click in VIRTUAL MACHINES.
    2. Click WEBFE01, and then click ENDPOINTS.
    3. Click ADD.
    4. In ADD ENDPOINT, click the Next arrow.
    5. In Name, select HTTP, and then click the Completed button.
    6. You will have to wait for the endpoint to be created then continue
    7. Click ADD.
    8. In ADD ENDPOINT, click the Next arrow.
    9. In Name, select HTTPS, and then click the Completed button.
    10. You will have to wait for the endpoint to be created then continue
    11. Click ADD.
    12. In ADD ENDPOINT, click the Next arrow.
    13. In NAME, type Custom5000.
    14. In PUBLIC PORT and PRIVATE PORT, type 5000, and then click the Completed button.
    15. You will have to wait for the endpoint to be created then continue
    16. Click ADD.
    17. In ADD ENDPOINT, click the Next arrow.
    18. In NAME, type Custom5001.
    19. In PUBLIC PORT and PRIVATE PORT, type 5001, and then click the Completed button.
    20. Click Dismiss Completed in Azure Portal after all are done

    Configure firewall ports for WEBFE01

    Next, you must enable WEBFE01 to communicate internally within the service. While general IP connectivity is provided by DHCP, both servers are workgroup members and have the public firewall profile enabled. In this task you will open firewall ports and enable PING traffic on WEBFE01.

    Perform the following tasks in an RDP connection to WEBFE01.

    1. In your RDP session to WEBFE01, open Server Manager.
    2. Click Local Server.
    3. Next to Windows Firewall, click Public: On.
    4. In Windows Firewall, click Advanced settings.
    5. In Windows Firewall with Advanced Security, click Inbound Rules, and then click New Rule.
    6. In Rule Type, click Port, and then click Next.
    7. In Specific local ports, type 80, 443, 5000, 5001, and then click Next.
    8. On the Action page, click Next.
    9. On the Profile page, click Next.
    10. In Name, type Allow WebApp, and then click Finish.
    11. In Windows Firewall with Advanced Security, click Inbound Rules, and then click New Rule.
    12. In Rule Type, click Custom, and then click Next.
    13. On the Program page, click Next. (All programs should be selected)
    14. On the Protocol and Ports page, in Protocol type, select ICMPv4, and then click Next.
    15. On the Scope page, click Next.
    16. 16. On the Action page, click Next.
    17. On the Profile page, click Next.
    18. In Name, type Allow PING, and then click Finish.
    19. Disconnect from the RDP session.

    Remotely enable Internet Information Services on WEBFE01 using Windows PowerShell

    In this task, you will use Windows PowerShell remoting to install Internet Information Services on WEBFE01. To perform this task, you will use standard Windows PowerShell remoting and administration commands; however, you must first install the Windows PowerShell remoting self-signed certificate installed in your WEBFE01VM. This is because Windows PowerShell remoting relies on HTTPS connections by default.

    Establish an RDP session to your SQL01Server:

    1. In the Azure management portal, click VIRTUAL MACHINES, click SQL01, and then click Dashboard. On the bottom bar, click CONNECT, and then click Open. Click Connect.
    2. When prompted, log on as sysadmin using Passw0rd! as the password.
    3. Click yes.

    From within your RDP session on SQL01:

    1. Click on the Folder on the task bar to open Computer. Double-Click Data (C:) Click Home | New Folder type AzureManagement press Enter. You can then close the computer window and the Server Manager window to continue.
    2. Open Internet Explorer on SQL01.
    3. You need to Add sites to your trusted sites.
    1. Start – Click Internet Explorer – Click Tools (Gear in upper right corner) – Internet OptionsSecurity Tab – Trusted SitesSites
    2. Type: https://itcmaster.blob.core.windows.net then click Add
    3. Type: https://manage.windowsazure.com then click Add
    4. Close - OK
    • Using Internet Explorer, download and extract https://itcmaster.blob.core.windows.net/fy15q3/AzureManagement.zip to your SQL01 server in the C:\AzureMangement Folder
      NOTE: The above URL is Case Sensitive!
      NOTE:: You can just click OK to any security warnings you get
    • Download https://itcmaster.blob.core.windows.net/fy15q3/AzureManagement.zip by typing the URL into the address bar on your SQL01 server. Click Save as then save to C:\AzureMangement Folder
    • Using File Explorer open the c:\AzureManagement folder, right-click on the AzureManagement.zip file; select Extract All. Change the path to C:\ then click Extract. Close “Local Disk (C:) window. You should have a window up still that is showing you C:\AzureManagement\
    • On SQL01, in Server Manager, on the Tools menu, click Windows PowerShell ISE.On the View menu, click Show Scripting pane.

    Install the Azure PowerShell Extensions on SQL01:

    1. Run the C:\AzureManagement\WindowsAzurePowerShell.3f.3f.3fnew.exe file to install Azure Powershell Extentions
    • Click Install
    • Click I Accept
    • Click Finish
    • Click Exit

    Open Windows PowerShell ISE as Administrator.

    • Start – Type PowerShell ISE, Right-Click Windows PowerShell ISE – Click Run as Administrator

    We now need to enable Azure PowerShell commands by clicking the run pane (bottom) type the “Import-Module Azure” command then press <ENTER>

    Import-Module Azure

    1. From the File menu choose File Open, and open the script file
      C:\AzureManagement\Remote PowerShell Script Configuration.ps1.
    2. Select/Highlight the script lines under Part 1, and then press F8 to execute the selected lines.
    3. In the presented web page, log on using your Microsoft Azure account, and then download the PublishSettings file that is presented.
    4. Save the PublishSettings file in the C:\AzureManagement\ folder on the computer.
    5. In the script file, in part 2, replace the text ##Your Script File Path Here## with the full path to your downloaded file, such as
      “C:\AzureManagement\Free Trial-6-4-2014-credentials.publishsettings”.
      NOTE: If there are spaces in your file name, you will have to wrap the path and filename in quotes (“) as shown in the example
    6. Highlight the script under Part 2, and then press F8
    1. You should see basic information on your subscription in the output.
    • Highlight the script under Part 3, and then press F8. When prompted, type your unique ID.
      You will now have installed the certificate used by the WEBFE01 VM, which will enable remote Windows PowerShell access.
    • In the Windows PowerShell command area, type the following command, and then press ENTER. Replace <ID> with your unique identifier.
    1. Get-AzureVM –Name WEBFE01 –ServiceName ITCService<ID> | Get-AzureEndPoint | Select Name, Port | FT –AutoSize
    • You are now presented with the list of ports that are open on WEBFE01. Using the output of the command above, identify the port used for Windows PowerShell.
    • In Windows PowerShell (or in the PowerShell window of ISE), type the following command, and then press ENTER. Replace <ID> with your unique identifier. Replace <PORT> with the Windows PowerShell port from the previous command output.
    1. Enter-PSSession –ComputerName ITCService<ID>.cloudapp.net –Port <PORT> -Credential sysadmin –UseSSL
    • In the Password dialog box, type Passw0rd!, and then click OK.
      Note: if you changed the username and password when you created the machine, you will have to use the username and password you used to create the machine.
    • In Windows PowerShell, type Hostname, and then press ENTER.
    1. Notice that you are now in a Windows PowerShell session on your WEBFE01 VM from SQL01.
    • In Windows PowerShell, type the following command, and then press ENTER. This will install a full IIS server on WEBFE01.
    1. Get-WindowsFeature Web-Server | Add-WindowsFeature –IncludeAllSubfeature
    • Wait for the command to complete before proceeding. BE PATIENT. It takes several minutes.
    • In Windows PowerShell, type the following command, and then press ENTER. This will restart IIS
    1. Iisreset
    • Wait for the command to complete before proceeding.
    • On your Local Laptop, using Internet Explorer, navigate to http://itcservice<ID>.cloudapp.net where <ID> is your unique identifier.
      You have now connected to your running web server and are ready to hand off this environment for installation of your company’s software.
      If you cannot connect, wait 2 mins and try the IISReset again. if that still does not work, check to make sure your firewall parts and endpoints were not skipped or configured incorrectly.

    Deploy and test the Contoso Data Access sample site

    In this task, you will deploy a sample site. The sample web site simulates the types of tasks the Contoso production application performs, and will prove that the Azure infrastructure meets the base technical requirements of the production system.

    Perform the following tasks in RDP sessions to WEBFE01.

    1. Switch to the RDP session for WEBFE01.
    2. Using File Explorer, navigate to c:\inetpub\wwwroot.
    3. Delete all files and folders in this folder.
    4. Using File Explorer, navigate to Navigate to C:\AzureMangement\Website.
    5. Copy all Files and folders from C:\AzureMangement\Website to C:\inetpub\wwwroot.
      The global.asax file should be directly in the C:\inetpub\wwwroot folder, not a subfolder.
    6. Open the Web.Config file in Notepad, and then locate the <connectionStrings> … </connnectionStrings> section.
      Edit the section so that it reads as follows:

    <connectionStrings>

    <add name="AdventureWorksConnection" connectionString="data source=SQL01;initial catalog=test;user id=DataManagementApp;
    password=Passw0rd!;multipleactiveresultsets=True;application name=EntityFramework" providerName="System.Data.SqlClient" />

    </connectionStrings>

    1. On your Local workstation, using Internet Explorer, navigate to http://itcservice<id>.cloudapp.net.
      NOTE: You may have to refresh your browser.
    2. Under Data Management Login, type 12345, and then click Login.
    3. Click Product Listings.
      Be patient. It takes several seconds to spin up the web services and the SQL database the first time.
      The result set indicates the web application is communicating with the hosted SQL database correctly.

    clip_image002

    Congratulations! Play around with the various portions of the web site, and verify that you have full SQL Server connectivity.

    When you’re done with the labs, don’t forget to shut down your virtual machines from within the Azure Portal, so that you’re not using up compute/hour $$’s.

  • Lab 4: Building Application & SQL Workloads (Jan-June 2015 Azure Hybrid Cloud IT Camps)

    This post contains Lab 3 of the 5 labs created for our current set of US DX IT Camps.

    The complete set of labs are listed here:

    Lab 4: Building Application & SQL Workloads

    Create a new web server virtual machine from the Microsoft Azure management portal

    In this section you will create a new virtual machine to host the web application. You can create this VM using quick create; however, that will not enable you to specify the service or storage, and will create separate storage and services for this VM. You will use the gallery option to ensure you can specify the storage and services for the machine.

    Perform the following tasks in the Azure management portal:

    1. Click VIRTUAL MACHINES located on the left menu of the Azure management portal.
    2. Click +New to CREATE A VIRTUAL MACHINE.
    3. Click COMPUTE, click VIRTUAL MACHINE, and then click FROM GALLERY.
    4. In Choose an Image, click Windows Server 2012 R2 Datacenter, and then click the Next arrow.
    5. Create a new virtual machine using the values in the following table, and then click the Next arrow.

    Property

    Value

    VIRTUAL MACHINE NAME

    WEBFE01

    TIER

    Standard

    SIZE

    A2

    NEW USER NAME

    SysAdmin

    NEW PASSWORD and CONFIRM

    Passw0rd!

    1. On the Virtual machine configuration page, in CLOUD SERVICE, select itcservice<ID>.
    2. In STORAGE ACCOUNT, select itcstore<ID>.
    3. In REGION/AFFINITY GROUP/VIRTUAL NETWORK, verifity ITC-VNet is selected
    4. In VIRTUAL NETWORK SUBNETS verify that AD-Production (192.168.10.0)/24 is selected.
    5. Click the Next arrow.
    6. On the Virtual machine configuration page, under Security Extensions, check Microsoft Antimalware.
    7. Click the Complete icon.

    Configure SQL Server System Defaults

    While the web server is being created, let’s go setup some defaults for SQL Server. You would never want to store SQL Data on the system drive, so the first thing we will do is add an additional disk that will be used for holding the SQL Server Data. We will create a single simple drive but you could create multiple drives and use storage spaces as an alternative. See the Lab Appendixfor details.

    Perform the following tasks in the Azure management portal.

    1. In the Azure management portal, click VIRTUAL MACHINES
    2. Click SQL01. Click Dashboard. On the virtual machine Dashboard page for SQL01, click the Attach button (chain icon) located on the bottom navigation toolbar and select Attach Empty Disk.  Complete the following fields on the Attach an empty disk to the virtual machine form:
    • File Name: sql01-sql01data
    • Size: 50 GB
    • Host Cache Preference: None

    clip_image002

    Click the Check Mark button to createand attach the new virtual hard disk to virtual machine.

    Now let’s connect a remote desktop session to SQL01

    1. On the SQL01 virtual machine Dashboard tab, click the Connect button located on the bottom toolbar (far left icon) and click the Open button to launch a Remote Desktop Connection to the console of this virtual machine. Click Use another account to login at the console of your virtual machine with the local credentials defined above. Follow the prompts to continue connecting
    2. Click No on the Networks Prompt to connect to other devices.

    Now from the Remote Desktop console of SQL01 we’ll create a new partition on the additional data disk attached above and format this partition as a new F: NTFS volume. After formatting this new volume, you’ll create following folders:

    • F:\MSSQL
    • F:\MSSQL\DATA
    • F:\MSSQL\LOGS 
    • F:\MSSQL\BACKUP

    Once inside Server Manager, go to Tools (upper right corner menu) then select Computer Management.

    1. Inside Computer Management select Disk Management. An “Initialize Disk” window will pop up, make sure the new disk is selected and click OK.
    2. Right click unallocated space on Disk 2 and select “New Simple Volume…” Click Next: then Next for the Specify Volume Size. The drive letter should be preconfigured to “F”, click Next:
    3. Change the Volume Label to DATA and click Next: Click Finish.
      NOTE: If you get a Microsoft Windows popup asking you if you want to format, you can just close it (we are already formatting the disk). Once you see the new F: drive in the upper volume window you can close the computer management window and continue.
    4. Click on the Folder on the task bar to open Computer. Double-Click Data (F:) Click Home | New Folder type MSSQL press Enter. Press Enter again to drill down to the MSSQL folder then repeat the process to create the remaining folders (DATA; LOGS; BACKUP) You can then close the computer window and the Server Manager window to continue.
    5. Open SQL Server Management Studio from the Start Screen and update default folder locations to the F: volume.
      Tip! On the Windows Start Screen, you can quickly find the application tile for SQL Server Management Studio beginning to type the name of this application to automatically search for matching tiles.
    • Click Start – Type SQL Server 2014 Management
    • Right Click SQL Server 2014 Management Studio and select “Pin to Start
    • Click SQL Server 2014 Management Studio on the start screen to launch the application.
    • Connect to the SQL Server default instance using your Windows Account by clicking Connect on the Connect to Server window.

    Now, you will update the database’s default locations for DATA, LOGS and BACKUP folders.

    1. To do this, right click on your SQL Server instance Name SQL01 (upper left corner) and select Properties.
    clip_image004

    2. Select Database Settingsfrom the left side pane.

    3. Locate the Database default locations section and update the default values for each path to point to the new folder paths created above. Click OK
    clip_image006

    4. Right-Click SQL01 and select Restart; In the popup that asks Are you Sure, select Yes. if you go back into properties; you should see the change took place.

    Close SQL Server Management Studio.

     

    Import and configure the testing database on SQL01

    In this task, you will import the testing database provided by your development team. You will then create a user account that will be used by the web front end to access the data in the database.

    Perform the following tasks from within an RDP connection to SQL01.

    1. First you will need to disable IE Enhanced Security mode.
    1. Open Server Manager, and then select Local Server.
    2. Click the hyperlink labeled On next to IE Enhanced Security Configuration.
    3. In the dialog box, select Off for Administrators.
    4. Click OK.
    • In SQL01, use Internet Explorer In the Security popup, select Don’t use recommended settings for now then click OK; Navigate to http://1drv.ms/1qFeJ2g.
    • Right Click each of the AdventureWorks files. Select Download., Save As to store them in F:\MSSQL\Data.
    • You should have already created the F:\MSSQL\Data folder.

    In SQL01, open SQL Management Studio.

    1. Click Connect.
    2. In SQL Management Studio, click New Query (on the toolbar).
    3. In the Query Editor, type the following query, and then press CTRL+E.(or click Execute button)
      Create Database Test on (filename = 'F:\MSSQL\Data\adventureworks_data.mdf'), (filename = 'F:\MSSQL\Data\adventureworks_log.ldf') for attach\
    4. Expand Databases, and then verify you have a new database named Test. (If you do not see it, Right Click on Databases, select Refresh)
    5. In SQL Management Studio, right-click SQL01, and then click Properties.
    6. In Server Properties, click Security.
    7. Under Server authentication, click SQL Server and Windows Authentication mode, and then click OK.
    8. In the dialog box, click OK.
    9. Right-click SQL01, and then click Restart.
    10. In the dialog box, click Yes.
    1. Wait for the restart to complete.
    • Under SQL01, expand Security, and then click Logins.
    • Right-click Logins, and then click New Login.
    • In Login name, type DataManagementApp.
    • Click SQL Server authentication.
    • In Password and Confirm password, type Passw0rd!
    • Uncheck User must change password at next login.
    • Click User Mapping.
    • Check the database Test, and then in the Database role membership area, check DB_datareader and DB_Owner.
    • Click Script at the top of the dialog to see what the Powershell would be to create the user and set permissions. It will be displayed in a tab behind the dialog.
    • Click OK.

    Configure firewall ports for SQL01

    Next, you must enable WEBFE01and SQL01 to communicate internally within the service. While general IP connectivity is provided by DHCP, both servers are workgroup members and have the public firewall profile enabled. You will enable SQL Server traffic and PING traffic inbound on SQL01.

    Perform the following tasks in an RDP connection to SQL01.

    In your RDP session to SQL01, open Server Manager:

    1. Click Local Server.
    2. Next to Windows Firewall, click Public: On.
    3. In Windows Firewall, click Advanced settings.
    4. In Windows Firewall with Advanced Security, click Inbound Rules, and then click New Rule.
    5. In Rule Type, click Port, and then click Next.
    6. In Specific local ports, type 1433, and then click Next.
    7. On the Action page, click Next.
    8. On the Profile page, click Next.
    9. In Name, type Allow SQL 1433, and then click Finish.
    10. In Windows Firewall with Advanced Security, click Inbound Rules, and then click New Rule.
    11. In Rule Type, click Custom, and then click Next.
    12. On the Program page, click Next. (All programs should be selected)
    13. On the Protocol and Ports page, in Protocol type, select ICMPv4, and then click Next.
    14. On the Scope page, click Next.
    15. On the Action page, click Next.
    16. On the Profile page, click Next.
    17. In Name, type PING, and then click Finish.
    18. Disconnect from the SQL01 RDP session.

    Confirm Connectivity to SQL01 From WEBFE01

    Next, let’s make sure we can successfully connect to SQL01from our Web Server.

    Perform the following tasks from within an RDP connection on WEBFE01

    1. In the Azure management portal, click VIRTUAL MACHINES, click WEBFE01, and then click Dashboard.
    2. On the bottom bar, click CONNECT, and then click Open.
    3. Click Connect.
    1. When prompted, log on as sysadmin using Passw0rd! as the password.
    2. Click yes.
    • In Server Manager, Click Local Server – turn off IE Enhanced Security Configuration
    • In Server Manager, on the Tools menu, click Windows PowerShell ISE.
    • On the View menu, click Show Scripting pane.
    • In the Command pane, type PING SQL01, and then press ENTER.
    • The ping results indicate you can connect to SQL01 using the internal network provided by your service which contains the VMs.
    • Click on the Folder on the task bar to open Computer. Double-Click Data (C:) Click Home | New Folder type AzureManagement press Enter
    • Open a web browser Start – Internet Explorer. “Don’t use recommended settings” (for now) click OK
    • You need to Add the site https://itcmaster.blob.core.windows.net to your trusted sites. In Internet Explorer – Click Tools (Gear in upper right corner) – Internet OptionsSecurity Tab – Trusted SitesSites – Type: https://itcmaster.blob.core.windows.net then click AddClose - OK
    • NOTE: you can just click OK to any security warnings you get
    • Download https://itcmaster.blob.core.windows.net/fy15q3/AzureManagement.zip by typing the URL into the address bar on your WEBFE01 server. Click Save as then save to C:\AzureMangement Folder
      NOTE: The above URL is Case Sensitive!
    • Using File Explorer Open the c:\AzureManagement folder, right-click on the AzreManagement.zip file; select Extract All Change the path to C:\ then click Extract
      Close “Local Disk (C:) window. You should have a window up still that is showing you C:\AzureManagement\
    • Open with notepad and copy the contents of the C:\AzureManagement\Test Database Connectivity.txt (Test Database Connectivity) file to your clipboard, and then on WEBFE01, in Windows PowerShell ISE paste in the Script pane.
    1. NOTE: If you changed the computer name, username or password you will have to change the script to change the defaults at the top of the script
    • Click the play button, or press F5 to run the script.

    The output of the script is a small set of system data which indicates you can communicate with the SQL Server instance on SQL01.

    clip_image008

  • Lab 3: Working with Identity (Jan-June 2015 Azure Hybrid Cloud IT Camps)

    This post contains Lab 3 of the 5 labs created for our current set of US DX IT Camps.

    The complete set of labs are listed here:

    Lab 3: Working with Identity

    Azure Active Directory is a service that provides identity and access management capabilities in the cloud. In much the same way that Active Directory is a service made available to customers through the Windows Server operating system for on-premises identity management, Azure Active Directory (Azure AD) is a service that is made available through Azure for cloud-based identity management. Azure AD can be used as a standalone cloud directory for your organization, but you can also integrate existing on-premises Active Directory with Azure AD. Some of the features of integration include directory sync, password sync and single sign-on, which further extend the reach of your existing on-premises identities into the cloud for an improved admin and end user experience.

    Create a new Azure Active Directory environment

    In this task, you will create a new Azure Active Directory tenant.

    Perform the following tasks in the Azure management portal.

    1. In the Azure management portal, click ACTIVE DIRECTORY.
    2. Click NEW, click APP SERVICES, click ACTIVE DIRECTORY, click DIRECTORY, and then click CUSTOM CREATE.
    3. clip_image002
    4. In NAME, type Contoso-AZ-Directory.
    5. In DOMAIN NAME, type AzureCONTOSO<ID> (where <ID> is your unique ID from the earlier labs).
    6. In COUNTRY OR REGION, select UNITED STATES, and then click the Complete icon.
    1. If you are not in the United States, select it anyway to ensure the consistency of the lab steps.

    clip_image004

    Create an Azure Active Directory Administrator account

    In this task, you will create a user account to serve as the administrator of your Azure Active Directory service.

    Perform the following tasks in the Azure management portal.

     

    1. In the Azure management portal, click ACTIVE DIRECTORY, and then click Contoso-AZ-Directory.
    2. Under Contoso-AZ-Directory, click USERS, located on the top menu.
    3. In the bottom bar, click ADD USER.
    4. In USER NAME, type AADAdmin, and then click the Next arrow.
    5. clip_image006
    6. In FIRST NAME, type AAD, and then in Last Name, type Admin.
    7. In DISPLAY NAME, type AADAdmin.
    8. In ROLE, select Global Administrator.
    9. In ALTERNATE EMAIL ADDRESS, type any valid e-mail address you have access to, and then click the Next arrow.
    10. clip_image008
    11. Under Get temporary password, click create.
    12. clip_image010
    13. MAKE NOTE of this password as you will need it later.
    14. Click the Complete icon.
    1. Note the USER NAME value of the user; you will need this later.
    2. The USERNAME value will be based on the account you used to manage Microsoft Azure.

    Set a password for your admin account

    In this task, you will perform an initial logon to set the password for the admin account.

    Perform the following tasks on your localworkstation:

     

    1. Close out of all web browser sessions. Using Internet Explorer, navigate to manage.windowsazure.com.
    2. Log in as AADAdmin using the Unique <ID> and password you noted previously. i.e. AADAdmin@AzureContoso<ID>.onmicrosoft.com
    1. You will need to use the username value you noted earlier.
    2. You may need to sign out first.
    • When prompted, change the password to Passw0rd! and then click Update password and sign in.
    1. You will see a message “No subscriptions found.” This is expected. The user is not permitted to manage subscription level details.
    • clip_image012
    • Close Internet Explorer.

    Configure and test the AADSync Service

    In this task, you will configure Windows Server 2012 R2 and create a new user to test your synchronization when you enable DirSync, and then perform an initial sync to populate your Azure Active Directory service with copies of your local user accounts.

    To connect to DC01using RDP:

    1. Close all web browsing sessions then reopen Internet Explorer and navigate to http://Manage.WindowsAzure.com.
    2. Log in with your Microsoft account used in the previous labs, not the new AD administrator account from the previous section.
    3. On the left menu of the Azure management portal, click VIRTUAL MACHINES.
    4. Next to DC01, click the DC01 computer name to open the Virtual Machine Quick Start or Dashboard.
    5. Click the DASHBOARD tab.
    6. On the bar at the bottom, click CONNECT, and then click Open.
    7. Click Connect.
    8. When prompted, log on as sysadmin (or sysadmin@contosoazure.com) using Passw0rd! as the password.
    9. Click yes.

    You are now logged on to your virtual machine.

    1. Open Server Manager and click Local Server on the left hand navigation pain.
    2. Click on IE Enhanced Security Configuration and click on.
    3. In the Security Configuration screen, click off for both administrators and users. This is just for testing in this lab.
    4. Click OK.
    5. clip_image014
    6. In Server Manager click tools and select Active Directory Users and Computers
    7. Right click on ContosAzure.com and select New -> Organizational Unit
    8. In the name type AADUsers and click OK
    9. clip_image016
    10. Right click on AADUsers and select New User
    11. In name user your unique <ID> from earlier followed by sync for the logon name for example MHSync. Click Next
    12. clip_image018
    13. On the password screen enter a password, Passw0rd! and check the box Password never expires. Click Next.
    14. clip_image020
    15. Review the new user and click Finish.
    16. Still on DC01: Using Internet Explorer, navigate to http://Azure.Microsoft.com
    17. Log in as your subscription user, not the user you just created
    18. In the Azure management portal, scroll to and click on ACTIVE DIRECTORY.
    19. Click Contoso-AZ-Directory, and then click the Directory Integration tab.
    20. Next to DIRECTORY SYNC, click Activated.
    21. Click Save, and then click Yes
    1. Wait for the job to complete before proceeding.
    • clip_image022
    • Using Server Manager – Add Feature .Net Framework 3.5 and 4.5
      NOTE: .Net Framework may take about 5 minutes or longer to install.
    • Open Internet Explorer and go to http://aka.ms/azureadsync to download the Microsoft Azure Active Directory Sync Services
    • Click download
    • Save the tool to your desktop.
    • On the desktop, right click on the MicrosoftAzureADConnectionTool and select Run As Administrator. This will launch the installation.
    • Check the I agree to the terms and click Install
    • clip_image024

      NOTE:
      dirSync may take about 10 minutes or longer to install.
    • In User name, type AADAdmin@AzureContoso<ID>.onmicrosoft.com, replacing <ID> with the unique ID for your domain name.
    • In Password, type Passw0rd! and then click Next.
    • In the Forest type in ContosoAzure.com
    • In User name, type contosoazure\sysadmin.
    • In Password, type Passw0rd! and then click Add Forest
    • Click Next.
    • clip_image026
    • On User Matching, leave the defaults and click Next
    • On optional features select Password synchronization and click Next
    • On the Configure screen review the options and click Configure.
    • When configuration has completed review the screen, verify Synchronize now is selected and then click Finish.
    • clip_image028
    • Switch to your Azure management portal, and then click ACTIVE DIRECTORY.
    • Click the Domain that synchronized, and then click the Users tab and look for the user you created earlier.  You should eventually see the user you created in Active Directory on DC01 now having been synchronized to your Azure Active Directory.

    Implementing Multi-Factor Authentication

    Multi-factor or two-factor authentication is a method of authentication that requires the use of more than one verification method and adds a critical second layer of security to user sign-ins and transactions. It works by requiring any two or more of the following verification methods:

    • Something you know (typically a password)
    • Something you have (a trusted device that is not easily duplicated, like a phone)
    • Something you are (biometrics)

    The security of multi-factor authentication lies in its layered approach. Compromising multiple authentication factors presents a significant challenge for attackers. Even if an attacker manages to learn the user's password, it is useless without also having possession of the trusted device. Conversely, if the user happens to lose the device, the finder of that device won't be able to use it unless he or she also knows the user's password. Azure Multi-Factor Authentication is the multi-factor authentication service that requires users to also verify sign-ins using a mobile app, phone call or text message. It is available to use with Azure Active Directory, to secure on-premise resources with the Azure Multi-Factor Authentication Server, and with custom applications and directories using the SDK.

    In this task, you will configure Multi-Factor Authentication (MFA) with Microsoft Azure. To complete this module fully, you need to have a phone which can send and receive text messages or calls. You will configure this lab to use your phone as a second authentication factor this is done via replying to a system-generated text or voice message.

    We will start by enabling the MFA service:

    1. Using Internet Explorer on your local workstation, navigate to manage.windowsazure.com
    2. Log on using your tenant account. 
    3. In the Azure portal, on the column, scroll down and click ACTIVE DIRECTORY
    4. Click MULTI-FACTOR AUTH PROVIDERS, and then click CREATE A NEW MULTI-FACTOR AUTHENTICATION PROVIDER
    5. In NAME, type Contoso-MFA, ensure the correct subscription is selected (If you have multiple subscriptions tied to your live ID).
    6. For directory select Contoso-AZ-Directory and then click CREATE.

    o clip_image030

    Testing Multi-Factor Authentication

    In this task, you will test multi-factor authentication. Ensure you have the phone readily available as you will have a limited time to receive and reply to the text message generated by Microsoft Azure.

    Perform this task on your local machine.

    1. In the Microsoft Azure active directory portal click directory and click Contoso-AZ-Directory.
    2. On the top bar click the Configure tab
    3. Under the multi-factor authentication section click Manage Service Settings
    4. clip_image032
    5. If prompted enter your tenant credentials
    6. In multi-factor authentication click the users tab on the top navigation bar.
    7. Select the user you created earlier on DC01 and click Enable under quick steps
    8. clip_image034
    9. On the information screen, review the message and click enable multi-factor auth.
    10. Click Close
    11. Completely close Internet Explorer (all tabs), re-open IE, and navigate to http://aka.ms/MFASetup Note: If you are signed in, sign out to continue
    12. On the Sign in screen, type in the username and password you created earlier and click sign in.
    13. Since this is the first time the user has logged in you will need to configure MFA, click Set it up now
    14. Fill in your contact information (phone number of your mobile phone), select the Call me radio button, and click Contact me
    15. clip_image036
    16. Answer your phone when it rings, and listen to the instructions. Press # to finish the authentication process. On the Additional security verification click Done.
    17. Your sign-in process will continue and you will be called again. Answer your call and type # to finish the logon process.
  • Lab 2: Building Workloads (Jan-June 2015 Azure Hybrid Cloud IT Camps)

    This post contains Lab 2 of the 5 labs created for our current set of US DX IT Camps.

    The complete set of labs are listed here:

    Lab 2: Building Workloads

    Azure virtual machines give you the flexibility of virtualization without spending the time and money to buy and maintain the hardware that hosts the virtual machine. However, you do need to maintain the virtual machine -- configuring, patching, and maintaining the operating system and any other software that runs on the virtual machine. In this lab you are going to deploy 2 virtual machines into Azure for the two workloads of identity and database. You will create these two virtual machines:

    • A Domain Controller (DC01)
    • A SQL Server (SQL01)

    Deploy a domain controller in Microsoft Azure

    In this task, you will deploy a new virtual machine(VM) to function as a domain controller in your newly created virtual network created in Lab01. As you provision the virtual machine you will leverage a custom script extension which contains PowerShell code to install Active Directory as a part of the provisioning process. Custom Script Extensions can automatically download scripts and files from Azure Storage and launch a PowerShell script on the virtual machine. These scripts can be used to install additional software components, and in this lab it will install Active Directory Domain Services and create the ContosoAzure.com forest. Like the any other VM extensions, Custom Script Extensions can be added during VM creation or after the VM has been running. During the last portion of the lab you will also configure the AD service as the DNS server for the virtual network you created in Lab 1, and you’ll assign it a static IP Address (Technically speaking this is a DHCP reservation in the subnet but it will be referred to as a static IP pretty much everywhere in Azure documentation.)

    Perform the following tasks in the Azure management portal:

    1. In the left column, find and select VIRTUAL MACHINES
    2. Click NEW (Plus “+” Sign) located at the bottom of the Azure management portal
    3. Click COMPUTE, click VIRTUAL MACHINE, and then click FROM GALLERY.
    4. In Choose an Image, click Windows Server 2012 R2 Datacenter, and then click the Next arrow.

    clip_image002

    clip_image004

    1. Create a new virtual machine using the values in the following table.  Please note: You can user your own username and password, just make sure to remember it!

    Property

    Value

    VIRTUAL MACHINE NAME

    DC01

    TIER

    Standard

    SIZE

    A1

    USER NAME

    SysAdmin

    NEW PASSWORD and CONFIRM

    Passw0rd!

    1. Click the Next arrow
    2. On the Virtual machine configuration page, in CLOUD SERVICE, select itcservice<ID>. (from Lab 1)
    1.  ITC-VNet will be automatically selected. If you do not have ITC-VNet available, you likely have the ITC-VNet in a different datacenter region. Go back and check the region to make sure it’s the same.
    • In STORAGE ACCOUNT, select itcstore<ID>  (from Lab 1)
    1. If your storage account is not in the list, you may have to cancel out of this wizard, wait a few minutes for it to finish building, and try again.
    • In REGION/AFFINITY GROUP/VIRTUAL NETWORK, verify that ITC-VNet is selected.
    • In VIRTUAL NETWORK SUBNETS, select AD-Production-Static (192.168.11.0)/24, and then click the Next arrow.

    clip_image006

    1. In a separate browser tab, browse to and download http://ITProGuru.com/downloads/ADProvisionScriptv2.txt to your local machine. 
    1. Make sure you click on File>Save As.. and save it as ADProvisionScriptv2.ps1. Make a note of where you put it. It will be needed for the next step.
    • Back on the Virtual machine configuration page, under Configuration Extensions, check Custom Script.
    • Click FROM LOCAL, navigate to the ADProvisionScriptv2.ps1 file you download above click Open
    • In the Arguments field type the following (including quotation marks, the password can change to match the one you gave in step 5 if you did not use the lab’s recommended password):

    "ContosoAzure.com" "Passw0rd!"

    clip_image008

    (FYI - This is just assigning the Safe Mode Admin password)

    1. On the Virtual machine configuration page, under Security Extensions, check Microsoft Antimalware.
    2. Click the Complete icon.
    1. The virtual machine will take several minutes to create. Depending on the load this may take between 5 and 25 minutes. 
    2. You will return to complete the rest of the DC networking configuration at the end of the lab
    • NOTE: If you already started the install and missed the Execute Script part, or if later you notice that it did not get AD installed, see the appendix for instructions for using PowerShell from within DC01 to add and configure Active Directory.

    Explore the virtual machines and connect via RDP

    Now that the virtual machine is created, you want to log on and verify that it looks, feels, and behaves just like any server on your network.

    Perform the following tasks in the Azure management portal:

    1. On the left menu of the Azure management portal, scroll to and click VIRTUAL MACHINES.
    2. To the right of DC01, click the DNS Name to open the Service dashboard.
    3. Click the DASHBOARD tab.
    1. You can review information about the running virtual machines, as well as view the current health.
    • Click the MONITOR tab.
    1. You can view performance and data statistics.
    • Click the INSTANCES tab.
    1. Note that DC01 is currently the only instance in this cloud service.
    • Click DC01 to open the virtual machine information.
    • Click the DASHBOARD tab.
    1. You can review information about the virtual machines, as well as view the current health.
    • Click the MONITOR tab.
    1. You can view performance and data statistics.
    • Click the ENDPOINTS tab.
    1. You can configure published endpoints, which are similar to firewall rules, to allow applications to access services running on the VM.
    • Click the CONFIGURE tab.
    1. You can modify the properties of the virtual machine. You can also configure monitoring from multiple locations to ensure your endpoint is operational.
    • Click the DASHBOARD tab.
    • On the bar at the bottom, click CONNECT, and then click Open.
    • Click Connect.
    • When prompted, log on as sysadmin using Passw0rd! as the password. (Substitute the username and password you used during VM Creation if different than the lab recommendations.)
    1. Note: If you have trouble connecting as sysadmin, try sysadmin@ContosoAzure.com.
    • Click Yes.
    1. You are now logged on to your newly created virtual machine.
    • Click No when prompted to enable discovery of devices.

    Migrate DC01 to the designated static IP subnet

    Your DC01 is currently assigned to the AD-Production-Static subnet. But this doesn’t actually assign it a static address that might not someday change. In this task, you will configure a static IP address using the new Azure Preview Portal.

    You could accomplish what we’re about to do in two separate ways – the new Azure Preview Portal, or through PowerShell. For our Lab, we’re going to use the new portal, and then show you how it could be done using PowerShell.

    While the new portal offers some great enhancements to managing Azure. It is still in preview, and this task will give you a glimpse into the new portal.

    1. In the Azure management portal, click on your Account ID e-mail address in the upper right hand corner and click on Switch to new portal. Notice a new tab automatically opens
    2. clip_image010
    3. If prompted for your credentials, enter your ID and password to enter the new portal
    4. On the left hand toolbar in the portal click Browse and scroll to and select Virtual machines
    5. clip_image012
    6. In the Virtual machine list select DC01
    7. In the DC01 journey pane select SETTINGS
    8. clip_image014
    9. In the SETTINGS options select IP addresses
    10. In the IP addresses journey, note that the Private IP address is set to Dynamic. Select Static.
    11. Your IP address is probably something like 192.168.11.4, which is the first available address in our AD-Production-Static subnet. Change this to 192.168.11.100
    12. Save up above.

    clip_image016

    You may now close the new preview portal tab.

     

    DC01 designated static IP – Using PowerShell

    NOTE: This is just informational! If you’ve used the new portal to assign the static IP address, you don’t need to do these PowerShell steps!

    If you were to do this using PowerShell, you will need to make sure you have installed the Microsoft Azure PowerShell cmdlets and connect it (or authenticate) to your subscription. You can read the Install PowerShell Toolsappendix section for more information.

    1. Open Azure PowerShell.
    2. To test the pending static IP for availability, type the following command (on one line), and then press ENTER
    1. Test-AzureStaticVNetIP –VnetName ITC-VNet –IPAddress 192.168.11.100
    • The output of True indicates this address is available. An output of false indicates the address is assigned, and will also provide a list of available IP addresses.
    • To migrate the VM, type the following command (all on one line) and then press ENTER. Replace <ID> with your unique ID.
    1. Get-AzureVM -Name DC01 -ServiceName itcservice<ID> | Set-AzureSubnet -SubnetNames AD-Production-Static | Update-AzureVM 
    • To verify the VM has been migrated, type the following command, and then press ENTER. Replace <ID> with your unique ID.
    1. Get-AzureVM -Name DC01 –ServiceName itcservice<ID>
    • Note the value of IPAddress and PowerState. The VM should have a new IP address on your new subnet, and be starting.
    • To assign the desired static IP, type the following command (on one line), and then press ENTER. Replace <ID> with your unique ID.
    1. Get-AzureVM -Name DC01 –ServiceName itcservice<ID> | Set-AzureStaticVNetIP –IPAddress 192.168.11.100 | Update-AzureVM
    • To verify the VM has been configured, type the following command, and then press ENTER. Replace <ID> with your unique ID.
    1. Get-AzureVM -Name DC01 –ServiceName itcservice<ID>
    • Note the value of IPAddress and PowerState. The VM should have the assigned static IP on your new subnet, and be starting.

    Before proceeding to the next step you may need to wait for the last operation to complete. Assigning a new IP address forces the VM to restart.

     

    Create a new database server VM from the Microsoft Azure management portal

    In this task, you will create the database server to run the database portion of our application. This will be a SQL Server Enterprise 2014 virtual machine.  You will leverage one of the many virtual machine images that are located in the virtual machine gallery. Images are used in Azure to provide a new virtual machine with an operating system. An image might also have one or more data disks. Images are available from several sources:

    • Azure offers a gallery of images -- recent versions of Windows Server and several distributions of the Linux operating system. Some images also contain applications, such as SQL Server. MSDN Benefit and MSDN Pay-as-You-Go subscribers have access to additional images.
    • The open source community offers images through VM Depot.
    • You can store your own images in Azure, by either capturing an existing Azure virtual machine for use as an image or uploading an image.

    Perform the following tasks in the non-preview Azure management portal.

    1. Click NEW (“+”), located at the bottom of the Azure management portal.
    2. Click COMPUTE, click VIRTUAL MACHINE, and then click FROM GALLERY.
    3. In Choose an Image, click SQL Server, and find and select SQL Server 2014 RTM Enterprise. Click the Next arrow.
    4. Create a new virtual machine using the values in the following table, and then click the Next arrow.

    Property

    Value

    VIRTUAL MACHINE NAME

    SQL01

    TIER

    Standard

    SIZE

    A3

    NEW USER NAME

    SysAdmin

    NEW PASSWORD and CONFIRM

    Passw0rd!

    1. On the Virtual machine configuration page, in CLOUD SERVICE DNS NAME, select itcservice<ID> (where <ID> is your unique ID).
    2. In STORAGE ACCOUNT, select itcstore<ID>
    3. In REGION/AFFINITY GROUP/VIRTUAL NETWORK, select ITC-VNet.
    4. In VIRTUAL NETWORK SUBNETS verify that AD-Production (192.168.10.0)/24 is selected.
    5. In STORAGE ACCOUNT Select itcstore<ID>

    clip_image018

    1. Then click the Next arrow. 
    2. On the Virtual machine configuration page, under Security Extensions, check Microsoft Antimalware.
    3. Click the Complete icon.
    1. The virtual machine will take a several minutes to create. Depending on the load this may take between 15 and 35 minutes. 
    2. You will return to complete the rest of the SQL configuration in an up-coming lab.

     

    Assign a new DNS server and subnet for the virtual network

    In this task you will create a new DNS server entry. This entry will be assigned to all computers using DHCP on their next restart, since all VMs use DHCP in Azure, even the ones with “static IPs” as these are technically just DHCP reservations on the virtual network. Azure provides automatic routing between subnets on the same virtual network, but automatic name resolution only when machines are in the same Cloud Service.  Though we won’t be doing so in these labs, if we were to add new VMs to the domain, they would have entries in DNS, so that it wouldn’t matter what cloud service they were in. They’d have name resolution through DNS on the Domain Controller.

    URGENT NOTE: Please confirm that the creation of the domain is complete on DC01 BEFORE changing DNS. You can do this by looking in Server Manger on DC01. AD DS and DNS should both be listed in the left NAV. If you do not, name resolution will fail

    Perform the following tasks in the non-preview Azure management portal.

    1. In the Azure management portal, click NETWORKS.
    2. Click ITC-VNet
    3. Click CONFIGURE.
    4. In dns servers, type DC01, and then in IP ADDRESS, type 192.168.11.100.
    5. Click Save.
  • Lab 1: Building the Foundation (Jan-June 2015 Azure Hybrid Cloud IT Camps)

    This post contains Lab 1 of the 5 labs created for our current set of US DX IT Camps.

    The complete set of labs are listed here:

    In this first lab you will create the core building blocks for your Azure services:

    • Virtual Network
    • Storage
    • Cloud Service

    The services mentioned above are the core tenants that provide a foundation for your applications, virtual machines and hybrid connectivity in Azure. Having this well thought out provides a great architecture for all of your cloud services.

    Login to the Azure Portal

    Perform the following tasks:

    1. Open a browser and navigate to http://Manage.WindowsAzure.com.
    2. Click PORTAL located at the top of the Microsoft Azure site.
    3. Log in using your Microsoft Azure credentials for your Microsoft Azure subscription.
      1. If this is your first time logging into your Azure management portal, close the WINDOWS AZURE TOUR.

    Create a new virtual network and subnets for objects

    First, you will create a Microsoft Azure network object and corresponding subnets. Azure Virtual Network lets you provision and manage networks in Azure and, optionally, link them via secured VPN tunnels with your on-premises IT infrastructure to create hybrid and cross-premises solutions. With virtual networks, IT administrators can control network topology, including configuration of DNS and IP address ranges.
    You can use a virtual network to:

    • Create a dedicated private cloud-only virtual network
    • Securely extend your data center
    • Enable hybrid cloud scenarios

    With the virtual network you are creating will provide IP addresses assigned to objects and virtual machines you create in other labs that will be associated with this virtual network. You will also leverage subnets to help organize your IP addresses as well.

    Perform the following tasks in the Azure management portal.

    1. In the Azure management portal (in the leftmost column), scroll to and click NETWORKS.
    2. Click NEW (Plus “+” Sign) located at the bottom left
    3. Select CUSTOM CREATE.
    4. In NAME, type ITC-VNet and then in LOCATION, select your closest location. Click the Next arrow.
      1. Important: Remember this location choice. You will use the same location for all options in all labs
    5. Leave all DNS setting blank, and then click the Next arrow.
      1. his network will initially use Azure’s built-in DNS.
    6. In STARTING IP, type 192.168.0.0.
    7. In CIDR (ADDRESS COUNT), select /16.
    8. Under SUBNETS, highlight Subnet-1, and then rename it to AD-Production.
    9. Under STARTING IP, type 192.168.10.0.
    10. Under CIDR (ADDRESS COUNT) select /24.
    11. clip_image002
    12. Under SUBNETS, click add subnet.
    13. Name this second subnet AD-Production-Static.
    14. Set the STARTING IP to 192.168.11.0.
    15. Set the CIDR (ADDRESS COUNT) to /24.
    16. Click the Complete icon (Check Mark at the lower right).

    Create a new storage account from the Azure management portal

    Microsoft Azure Storage is a massively scalable, highly available, and elastic cloud storage solution that empowers developers and IT professionals to build large-scale modern applications. Azure Storage is accessible from anywhere in the world, from any type of application, whether it’s running in the cloud, on the desktop, on an on-premises server, or on a mobile or tablet device. In this lab, you will create a storage account to contain all objects for your Azure services. Your VHDs, which you will create in lab 2 for your Azure virtual machines, will be stored in this storage account.

    Perform the following tasks in the Azure management portal:

    1. In the leftmost column, scroll to and click STORAGE.
    2. Click NEW (“+”), located at the bottom of the Azure management portal.
    3. Make sure STORAGE is highlighted and click QUICK CREATE
    4. In URL, type itcstore<Unique ID (can use your initials)> For example:
      itcstoredan01
      Note: Your storage account name must be all lowercase
    5. In LOCATION/AFFINITY GROUP, select your chosen datacenter region.
      Note: Same as your network location earlier
    6. clip_image004
    7. In REPLICATION, select Locally Redundant
    8. Click CREATE STORAGE ACCOUNT.

    Create a new service from the Microsoft Azure management portal

    By creating a cloud service, you can deploy a multi-tier application in Azure, defining multiple roles to distribute processing and allow flexible scaling of your application. A cloud service consists of one or more web roles and/or worker roles, each with its own application files and configuration. Azure Websites and Virtual Machines also enable web applications on Azure. The main advantage of cloud services is the ability to support more complex multi-tier architectures. In this section you will create a new service to contain your virtual machines. By assigning your new VMs to this service, they will be able to communicate internally.

    Perform the following tasks in the Azure management portal:

    1. In the leftmost column, scroll to and click CLOUD SERVICES.
    2. Click NEW (“+”) located at the bottom of the Azure management portal
    3. Make sure CLOUD SERVICE is highlighted and click QUICK CREATE.
    4. In URL, type ITCservice<ID>
      Using your unique ID – for example
      ITCservicemh01 =
    5. In REGION OR AFFINITY GROUP, select your chosen datacenter region.
      Note: Must be the same region as your network and storage accounts.
    6. clip_image006
    7. Click CREATE CLOUD SERVICE.

    End of Lab 1: Building the Foundation