Skip to main content

Posts

Showing posts from 2016

Windows Server 2016 - Introducing Nano Server

This is the first blog post on the series that I am planning to write on Windows Server 2016 and its exciting new features. Lets start with the cool Nano Server!! Nano server comes with the smallest OS foot print possible, which significantly reduces the management overhead and is keenly focused on cloud based deployment model. It is quite different from the existing OS flavors of Windows Server that we are familiar with. To start with Nano Server is headless, ie it doesn't provide any local logon capabilities. You can only manage it remotely using tools like powershell remoting ,wmi, winRM etc. Even the version of PowerShell that is shipped with NanoServer is a stripped down core edition. That means not all features will be available in this version of NanoServer. It is built on a reduced footprint version of .Net core, that means you may not be able to run all C# commands on PowerShell Core.Also it supports only 64 bit applications. You cannot promote a Nano Server as Active d

Security in the cloud - Disk encryption in Azure

Security in the cloud is a priority for every organization planning to adopt public cloud for mission critical applications. In Azure, these security concerns are addressed at different layers starting from the platform layer up to the VM OS layer. This picture shows an overview of the different layers of security in Azure     Any traffic directed to your applications hosted in Azure will first hit the platform's native DDOS protection mechanism. If a DOS attack is happening a specific IP is targeted, the DDOS protection mechanism will blackhole the traffic and the endpoint will be brought down. Thereby the surrounding resources will be protected. If you have resiliency built in, you can bring up another endpoint and ensure that your service is available At the next layer you have endpoints, ie traffic will be received only at the designated endpoints in case of classic model, or as defined in NSGs in case of ARM model. The VMs can be placed in different virtual

#MyAzureLabs: DRaaS using Azure: Test your DR strategy

This is Part 2 of my blog post on DRaaS using Azure. You can view first part of the blog here In first part, we discussed how to protect your on-prem physical servers using Azure Site Recovery services. Having a DR strategy and enabling protection is not always enough. You should ensure that your DR strategy will work as expected when a disaster strikes. In case of usual DR solutions, it is not always possible to test the DR strategy without downtimes. However, Azure Site Recovery provides you with an option to test your DR strategy and keep it well oiled and battle ready!! Test failover to the rescue..  Lets see how we can do a test failover of on-prem physical services to Azure. Select the vault where your replicated data resides. Select the settings, and choose the replicated items. Select the option "Test failover" Select the settings of the test failover. The failover direction will be automatically selected, ie from on-prem to Azure. You can select the reco

#MyAzureLabs : Azure Point to site VPN configuration for existing Vnet

Azure Point-to-Site enables VPN connectivity from client machines to Azure Vnet. This is especially useful for mobile users,  who could be travelling and is not connected to your office network. There is a very good documentation available on how to configure Point 2 site VPN for a new Vnet, both for classic and new portal . It  can be found here : https://azure.microsoft.com/en-in/documentation/articles/vpn-gateway-point-to-site-create/ What if  you already have a Vnet in Azure with resources connected to it ? In this blog, I will elaborate on how to enable Point-to-Site VPN for an existing Vnet . It is documented based on the testing done in new portal. The Vnet was already existing, and a VPN gateway was created from the new portal using the graphical interface and connected to the Vnet. For the remaining steps, PowerShell was used. 1. Create VPN gateway . Go to new portal->Virtual network gateway and create new. You will have to select the Vnet for which you want to create

The cloud has got your back(up): A primer on Azure Backup

 Azure backup offers a comprehensive cloud based  hybrid backup solution that enables backup of not only your Azure VMs, but your files, folders, applications etc both on prem and in Azure. This solution can be used to replace your chunky on-prem backup solutions,  tape drives , backup tapes and the likes. In this blog, I will give a brief overview of the Azure backup service, its advantages and scenarios that it can cater to currently Service highlights: Azure backup is offered as a complete backup as a service offering. Lets take a look at few highlights of the service Cost effective You need not own any backup infrastructure, say services , tools and devices to use this service. You can directly subscribe to the service and pay based on your usage. There are no additional compute charges involved in the service. You pay a fixed charge for each protected instance, and also for the storage that you consume in the cloud for storing your backup data. The egress traffic for rest

Azure VM migration using PowerShell

Microsoft recommends usage of ARM for all new deployments in Azure. All new developments/features/services will be available in ARM going forward.  But  there are lot of services that are yet to be migrated to ARM. What if one of the services that you want to use is not currently available in ARM and you have already set up rest of your environment in ARM?  In such a scenario, you can always set up a site to site VPN between the classic V1 VNET and the ARM VNET. This process is also well documented: https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-arm-asm-s2s-howto/   That being the case,  what if we want to test the interoperability of services and you want to move few already set up VMS in ARM to classic? I know that it is not a very common scenario. Also it is not a recommended approach for production deployment, ARM is definitely the way to go. However, for enabling that test run you might very badly want to do before taking the plunge, we will loo

Azure automation:Using Graphical runbooks

Azure automation can be an Azure administrator's best friend and can  ease up your day to day administration work. There are three options available in Azure automation- Graphical runbooks, PowerShell Work flow and Powershell based runbooks   If you want to play around with Azure automation and want to quickly automate some daily mundane tasks, graphical runbooks are the easiest to start with . You can find many templates in the runbooks gallery in Azure that can easily get the job done easily  for you. Lets start with the basics. One of the common tasks that needs to be done is to start or stop VM at a scheduled time, say for eg: your Dev/Test machines that should be shutdown after office hours. The runbooks for this are readily available in the gallery. In this blogpost we will focus on a graphical runbook available in the gallery that can be used to start or stop VMs at a scheduled time.                    Schedule automated start and stop of VMS using graphical runboo