Vol. 20, #46 - November 16, 2015 - Issue #1056
Azure VM gotchas
- Editor's Corner
- Azure VM gotchas
- Send us your feedback
- Recommended for Learning
- Microsoft Virtual Academy
- Registration is Open for Cloud Admin CON 2015
- Quote of the Week
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
- This Week's Tips
- Security - Monitoring for malicious IP addresses
- Microsoft Azure - Use PowerShell to easily RDP into a VM
- Office 365 - Setting up SSO with AD FS
- Events Calendar
- North America
- Tech Briefing
- Microsoft Azure
- Recommended TechGenix Articles
- Recommended articles from websites in TechGenix Network
- Other Articles of Interest
- VMware vCenter appliance or Windows install? Which one to use?
- Why a DevOps team is so important—Especially when it comes to the cloud
- The fall of Citrix? Or the Dell takeover?
- The pros and cons of Tech Field Day
- WServerNews FAVE Links
- Microsoft Small Basic
- WServerNews - Product of the Week
- Deep Packet Inspection for Quality of Experience Monitoring
- SAVE THIS NEWSLETTER so you can refer back to it later for helpful tips, tools and resources!
- SEND YOUR FEEDBACK to [email protected] if you have any comments or suggestions!
This week's newsletter is all about the gotchas of building cloud solutions in Microsoft Azure. We welcome Sharon Bennett, Partner Technology Strategist with Microsoft Canada, who has contributed the guest editorial for this issue of WServerNews.
Naturally we can't use the word "gotcha" in the title of our newsletter without providing you with the link to this classic Dilbert comic about how airlines make their money:
Ask Our Readers: WServerNews has almost 100,000 subscribers worldwide. That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at [email protected]
And now on to our guest editorial by Sharon Bennett...
Azure VM gotchas
In my role at Microsoft, via an agency, I have come across the same hiccups that Microsoft partners have when it comes to Azure virtual machines. As IT pros, we all adore Azure virtual machines! We can spin up a virtual machine in 7 minutes (and just a little longer for SQL); we can delete them when we are done with them; and the licensing is included when using one of the Azure templates. What could be simpler? And maybe that is the root of the problem: it is simple. We get ourselves into trouble because we just spin the virtual machine up and start running with it, without consideration of best practices and what I like to call "gotchas". Here is a list of the most common ones I have come across:
1. Not securing Azure virtual machines -- Unfortunately, I see this one much too often, especially considering that requires so little time and energy. Just because the virtual machine is in the cloud does not mean we can forget about hardening it.
- Endpoints -- By default, when a virtual machine is created, Remote Desktop and PowerShell ports are opened to help you manage the virtual machine. Remove any unnecessary ports and only add ports when required. For more information see the Azure documentation article "How to set up endpoints to a virtual machine" [EDITOR'S NOTE: See the Tech Briefing section of this newsletter for links to Azure documentation and blog posts that provide additional information for some of the topics covered in Sharon's guest editorial.]
- Access Control Lists -- Add an ACL to the endpoint, further restricting access. For more information see the post titled "Step-By-Step: Setting up Network Access Control Lists (ACLs) in Azure" on the CanITPro blog.
- Strong usernames and passwords -- We are all guilty of forgoing strong usernames and passwords, but doing so is your first line of defense.
2. Assuming your virtual machine will always be available -- One of the biggest advantages of virtual machines is that you do not have to worry about the underlying infrastructure, Microsoft does. But the host machines must still be maintained, and outages will occur. Hard drives die, network cards fail, hypervisors need to be patched . . . everything that we have to deal with on premise occurs in the Microsoft datacenter. You do not have to deal with it yourself, but while the Microsoft team does, you may experience an unplanned outage. In order to keep your virtual machine up and running and meet the SLA, you must have 2 virtual machines in an availability set. For additional details and instructions on how to setup high availability see Azure article "Manage the Availability of virtual machines".
3. Incorrectly deploying virtual machines to an availability set -- As I mentioned in the previous point, Microsoft always recommends deploying virtual machines in an availability set to avoid downtime, but this is only in the case of multiple virtual machines. When a scheduled outage is planned, the administrator is always informed of it. However, if your virtual machines are in an availability set, then the outage occurs without notification. If you put your single virtual machine in an availability set you will NOT be notified of any planned outages, therefore you will be unware when your system will be down. The general rule of thumb is to NOT include single virtual machines in an availability set.
4. Putting data where it shouldn't be -- Due to the recent Microsoft warning, I have seen this gotcha much less, but it still happens. After creating your virtual machine, you will see a 70+ GB D: drive. In an on-premise environment we use this space to store data, however, when doing so in Azure, your system reboots due to maintenance (see point 2) and all your data is gone. Unfortunately, this was not widely known as a problem until recently. Microsoft has since put a text file on D: drive warning that data stored on its space could result in data loss.
Figure 1: Data loss warning (text file).
Your new procedure, after reading this, is to attach a data disk to every virtual machine for all data. This protects you if your virtual machine fails or if you need to move your virtual machine to another network. For more information see the Azure article "Attach a data disk to a Windows virtual machine created with the classic deployment model".
5. Lack of planning -- Moving your infrastructure into Azure is a familiar task, but all too often we get ahead of ourselves and forget about the bigger picture. When implementing a solution in Azure, we have to plan the design just as we do on-premise. In some cases, we need to pay a little more attention to the planning.
- Virtual machine placement -- Moving virtual machines between virtual networks is not an easy task. Take the time to plan which virtual machines will be in which virtual networks prior to deploying. If you do need to move a virtual machine between virtual networks, Pierre Roman has a detailed article here.
- Adding hosts -- If you do not plan for virtual machine growth, you may find that your subnets will not accommodate the increased number of hosts, and you will need to delete your subnets, modify the subnet that is not large enough, and then re-create the subsequent subnets. A full list of VNet FAQ's can found here.
- Virtual machines: size matters -- Here is one gotcha that will come back to haunt you. Cloud is scalable, right? That's why we put our virtual machines there; we can scale them as needed. For the most part, that's true, unless you created your initial virtual machine too small! When creating a virtual machine, create it to the maximum it may need to be scaled in the future, then scale it back if necessary once it is up and running. This way you are ensured that your resources are available when the need to scale up arises. For more information about virtual machine sizing see Azure documentation "Sizes for virtual machines".
6. Setting a static IP -- In the on-premise world, once a server is up and running, we assign a static IP to it. If you do this with an Azure virtual machine, you will lose connectivity to it. If you have to assign a static IP to a virtual machine, this must be done via PowerShell, as of October 2015. For details on how to do this, see the Azure article on Set-AzureStaticVNetIP.
7. Not backing up data and/or virtual machines -- This is another one of those items that we just assume is taken care of for us. When you create your storage account to associate with your virtual machine, you can choose local or geo-redundant storage. Local means that 3 copies of your data are housed in the same datacenter, and geo maintains 6 copies in 2 datacenters in a secondary region. This is replicated data and does not protect you from deleted, corrupted, or previous versions of it. The best practise is to backup of your data, the same as we do on-premise. Azure Backup can back up your files and folders as well as your Azure virtual machines. Instructions on how to back your Azure virtual machines can be found in the Azure article "Backup Azure virtual machines".
As we continue the transition to cloud options, there will always be things to watch out for, but as cloud computing matures, watching out for these common gotchas will save you hours of time, and more importantly, frustration.
About Sharon Bennett
Sharon Bennett is a Partner Technology Strategist with Microsoft Canada, focusing on Azure in the SMB community. She brings over 20 years of IT experience from a variety of roles, including running her own business as an IT Partner and Microsoft VAR. Sharon is a Microsoft Small Business Specialist, former MCT and holds several Microsoft certifications. Sharon is also a teacher and active member of her local community.
You can follow Sharon on Twitter (@bennettbuisness)
You can also find her on LinkedIn:
Send us your feedback
Got feedback about anything in this issue of WServerNews? Email us at [email protected]
Recommended for Learning
This week we have a bunch of videos and blog posts on Microsoft Azure you may want to check out:
AzureCon On-Demand Videos
AzureCon ON-Demand videos on Channel 9:
AzureCon Keynote Announcements: India Regions, GPU Support, IoT Suite, Container Service, and Security Center
Scott Guthrie's AzureCon Announcement:
Zero to Continuous Deployment of Dockerized App for Dev-Test in Azure
This video walks through a recent scenario in which we helped a customer optimize their IT processes with DevOps practices and bring their vision to life:
Azure IoT Suite now available
Now available to purchase, the Azure IoT Suite offers preconfigured solutions built on Microsoft's cloud platform.:
Microsoft Virtual Academy
Building Recommendation Systems in Azure
Machine Learning or Data Science are one of today's hottest buzzwords. The scenarios in which Machine Learning can be applied are diverse and can range from predicting football scores to personalised recommendations in online shops to predictive maintenance in manufacturing. In this Microsoft Virtual Academy course I will go through various options on how to build recommendation systems using Microsoft Azure Machine Learning, and thus going beyond just finding the products in retail that are in high demand:
Building Linux-Based Solutions on Azure
Do you run an open-source infrastructure? Want a public cloud solution that fits your environment? Watch Senior Technical Evangelist Rick Claus and four engineers from the Azure Compute team, as they show you how easy and efficient it is to build Linux-based solutions on Microsoft Azure. (In fact, 20 percent of virtual machines that run on Azure run Linux!)
Support Corner: Accessing Azure AD Portal from Office 365
Office 365 Support Corner is an ongoing series of on-demand courses which cover leading Office 365 support issues. Join us for this session, designed for administrators who want to access more advanced options for managing their identities in Office 365:
Registration is Open for Cloud Admin CON 2015
Cloud Admin CON is a cost-effective, convenient opportunity for busy System Administrators and IT Managers to stay up to date on the most recent industry trends and vendor solutions and build their network of IT experts and vendors. Individual focus sessions are scheduled to run consecutively, allowing you to attend all sessions, or selectively choose only those you wish to attend. A sample of what you can expect to learn includes:
- How to extend applications securely to mixed public/hybrid clouds
- Securely scale out private cloud environments
- Protect users and data with the use of 3rd party cloud apps
- Protect complex cross-border regulatory environments and data sharing.
Date and Time: Thursday, November 19, 2015 11am EST | 8am PST | 4pm BST
Quote of the Week
"You can measure a programmer's perspective by noting his attitude on the continuing viability of FORTRAN." -- Alan Perlis
Until next week,
Note to subscribers: If for some reason you don't receive your weekly issue of this newsletter, please notify us at [email protected] and we'll try to troubleshoot things from our end.
Do you protect your Hyper-V & VMware VMs against data loss? Altaro VM Backup is a hassle-free and affordably priced virtual machine backup solution. Don’t miss out, grab your free copy now!
Your infrastructure is dynamic. Your monitoring system should be, too. Datadog scales effortlessly with your infrastructure to capture metrics from new servers or containers as they come online
AeroAdmin is free remote desktop software for remote desktop connection over Internet:
File Encoding Checker is a GUI tool that allows you to validate the text encoding of one or more files:
EaseUS Todo Backup Free lets you create copies of your files, partitions, disks and even the whole operating system:
GOT ADMIN TOOLS or other software/hardware you'd like to recommend? Email us at [email protected]
GOT TIPS you'd like to share with other readers? Email us at [email protected]
Security - Monitoring for malicious IP addresses
The System Center Operations Manager Engineering Blog has a post titled "Find out if your servers are talking to a Malicious IP address with Operations Management Suite" that walks you through the process of making sure your servers aren't communicating with any malicious IP addresses:
Microsoft Azure - Use PowerShell to easily RDP into a VM
PoSh Chap, a blog of musings on the splendour of PowerShell, has a post titled "One-Liner: Launch Azure VM RDP Connection from PowerShell" that demonstrates how much easier it is to manage VMs in Azure using PowerShell instead of using the Azure Management Console:
Office 365 - Setting up SSO with AD FS
The Canadian IT Pro Connection blog is always full of useful stuff for IT pros. The post titled "Step-By-Step: Setting up AD FS and Enabling Single Sign-On to Office 365" by Microsoft MVP Kelsey Epps is just another of the many examples of great content you'll find on this blog:
Kelsey also previously contributed content for a short series of articles titled "Office 365 Migration Considerations" that were published in my section on WindowsNetworking.com. Here are the links to these articles:
Convergence on April 4-7, 2016 in New Orleans USA
2016 Microsoft Worldwide Partner Conference on July 10-14, 2016 in Toronto Canada
Ignite on September 26-30, 2016 in Atlanta USA
Convergence 2015 EMEA on Nov 30 - Dec 2, 2015 in Barcelona Spain
Add Your Event
PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 100,000 subscribers about? Contact [email protected]
Below are links to Azure documentation and blog posts that provide additional information for some of the topics covered in Sharon's guest editorial in this issue:
How to set up endpoints to a virtual machine (Microsoft Azure)
Step-By-Step: Setting up Network Access Control Lists (ACLs) in Azure (CanITPro blog)
Manage the availability of virtual machines (Microsoft Azure)
Attach a data disk to a Windows virtual machine created with the classic deployment model (Microsoft Azure)
Sizes for virtual machines (Microsoft Azure)
Set-AzureStaticVNetIP (Microsoft Azure)
Backup Azure virtual machines (Microsoft Azure)
Cloud Storage Decision Making
Importing a Virtual Machine into Amazon EC2 (Part 7)
Creating Layer 3 Outside Access in Cisco ACI
Hybrid Network Infrastructure in Microsoft Azure (Part 9)
Microsoft Ignites a new Focus on Security (Part 7)
VMware vCenter appliance or Windows install? Which one to use?
When deciding whether or not to use the virtual appliance version of vCenter, you need to take into consideration both the very specific advantages and limitations because using a simple Windows install might just be all you need. Find out which one you should be using.
Why a DevOps team is so important—Especially when it comes to the cloud
Since DevOps teams have the ability to configure applications for new software and understand how to interface it with legacy systems, they are often able to streamline an application’s move to the cloud. Discover how you can take advantage of this new role.
The fall of Citrix? Or the Dell takeover?
In the wake of Dell closing off a deal to buy EMC, rumors have speculated around Citrix slowly getting sold off bit by bit—that or eventually merging with Dell, who seems to be taking over. Regardless, this creates a concerning thought for Citrix users regarding their legacy technology investments. Explore more about Citrix VDI Investments.
The pros and cons of Tech Field Day
Tech Field Day allows delegates the opportunities to voice their unbiased opinions on any given product. While this is sure to stir the pot for vendors as products are scrutinized left and right, it can also create a huge boost in sales. Find out more about this risky day that vendors can’t avoid.
This Week's Links We Like. Tips, Hints And Fun Stuff
GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at [email protected]
This week we have something a bit different as a diversion from your usual fire-fighting routine at work. Have you heard about Microsoft Small Basic? It's a simplified version of Microsoft's programming language Visual Basic, suitable for kids and beginners (or bored IT pros). Small Basic is currently in version 1.2 and you can find out more and get it here:
There's also an active blog about Small Basic that is spearheaded by Ed Price:
And there's even a discussion forum on MSDN for Small Basic so you can ask others questions when you get stuck programming:
Why not try out Small Basic today and waste some time programming instead of watching TV or surfing the net? Better yet, show it to your kids and get them turned with learning how to program computers. Who knows, maybe your son or daughter might grow up and become the next Bill Gates? (yikes!)
WServerNews - Editors
Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.
Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.