Skip to main content


Showing posts from 2013

Windows Azure: Powershell script to update instance type in .csdef file

Here is a simple PowerShell script to change your azure instance type in .csdef file. You need to run this from your code repository and enter the instance type ie "small", ExtraSmall","Medium" etc when prompted $allCsDefFiles = Get-ChildItem -Recurse -filter *.csdef | ForEach-Object -Process {$_.FullName} $newvmsize = Read-Host 'Enter the instance type' foreach ($thisCsDefFile in $allCsDefFiles) {     [xml]$thisCsDefXml = Get-Content $thisCsDefFile $root = $thisCsDefXml.get_DocumentElement(); If (!$root.WebRole.vmsize) { Write-Host "No webrole found in $($ " } else     {     $root.WebRole.vmsize = $newvmsize $thisCsDefXml.Save($thisCsDefFile) Write-host "Webrole size of $($ changed to $($root.WebRole.vmsize)"     } If (!$root.Workerrole.vmsize) { Write-Host "No Workerrole found in $($ " } else     { $root.Workerrole.vmsize = $newvmsize $thisCsDefXml.

Virtual fibre channel in Hyper V

Virtual fibre channel option in Hyper V allows the connection to pass through from physical  fibre channel HBA to virtual fibre channel HBA, and still have the flexibilities like live migration. Pre-requisites: VM should be running Windows Server 2008, 2008 R2 or Windows Server 2012 Supported physical HBA with N_Port Virtualization(NPIV) enabled in the HBA. This can be enabled using any management utility provided by the SAN manufacturer. If you need to enable live migration, each host should be having two physical HBAs and each HBA should have two World Wide Names(WWN). WWN is used to established connectivity to FC storage.When you perform migration, the second node can use the second WWN to connect to the storage and then the first node can release its connection. Thereby the storage connectivity is maintained during live migration Configuring virtual fibre channel is a two step process Step 1: Create a Virtual SAN in the Hyper-V host First you need to click on Virtual

Hyper V Server 2012 remote management from Windows 8

Now that we have had  a look at how to do the Installation and initial configuration of Hyper V Server 2012 in my previous blog post , lets start on the management part. In this blog, I will explain how to manage your Hyper V installation from a Windows 8 machine Remote management: Since Hyper V Server 2012 server core machine, you may want to manage it remotely using the familiar GUIs and MMC consoles. You can do so remotely, but before that you need to set the firewall rules to allow that.In the command prompt windows of the server, get a poweshell prompt by typing in "powershell". Now you can execute the following powershell command Enable-NetFirewallRule -DisplayGroup * Note: I used this command since it is my test network, you may want to lockdown the firewall rules a bit if in case of production network Inorder to connect to the Hyper V server using MMC from my PC, I had to run the following command in the PC command prompt cmdkey /add:<ServerNam

Hyper V Server 2012 installation on VMware Workstation 8

Having heard a lot about the latest free virtualization from Microsoft, Hyper-V server 2012 , I coudnt resist giving it a whirl.. After all, it is not daily that Microsoft comes out with "free" offerings ;) Let us admit it..Ever since the advent of virtualization, we have few physical servers lying around.All of them have joined the virtualization bandwagon. My case was no different, so I decided to try out  Hyper-V server 2012 as a virtual machine in VMware Workstation 8 installed in my PC. Installation preparation: Few things to be taken care before you start the actual installation 1)Download the Hyper V Server 2012 ISO from Microsoft site: 2)VMware workstation 8 does not have Server 2012 in the Windows OS list.Hence you need to select the option "Windows Server 2008 R2 x64" when you create the Virtual machine 3) There is a small tweak to the Processor settings that should be d

Windows server 2012: where is my start button??

If you have been using Windows Server OS for a while, the one thing that will strike you most when you login to a Windows server 2012 is that there is no start button!!.. What??..How am I going to manage it?? Microsoft feels that you really dont need a start button, since you can do almost everything from your server  manager or even remotely from your desktop. After all the initial configurations are done, you could also do away with the GUI and go back to server core option.(In server 2012, there is an option to add and remove GUI). So does that mean, you need to learn to live without a start button. Actually no, the start button is very much there .Lets start looking for it. Option 1: There is "charms" bar on the side of your deskop, where you will find a "start" option. You can use the "Windows +C" shortcut to pop out the charms bar Option 2: There is a hidden "start area"in  the bottom left corner of your desktop

Windows Server 2012 Editions & hardware requirements.

This article gives a brief about the various editions of Windows server 2012 available: If you are purchasing or downloading the ISO, there are only two editions of Windows server 2012 available . They are   Windows Server 2012 Standard Edition   Windows Server 2012 Datacenter Edition As opposed to windows server 2008,  there is functionally no difference between both editions, ie clustering, hyper v etc possible in both. Also there is no hardware limitations between the editions. Only difference is in the virtualization rights. While standard edition licenses upto 2 vituial instances , Datacenter provides license for unlimited virtual instances. There are other flavors of the OS that are available through OEM. Given below are the details : Windows Server 2012 Foundation server  Windows Server 2012 Essentials  Windows storage Server 2012 workgroup Windows storage Server 2012 standard Windows Multipoint Server 2012 Standard Windows Multipoint Server 2012 P

DNS Round Robin

DNS Round Robin and NLB are two configurations that can be used to ensure application availability in scenarios where there are no shared storages in use. They are usedful for applications which handle one time requests and need not be handled by a singler server throughout the session. This article aims at explaining the basics of DNS Round Robin technique DNS Round Robin: Here the load-balancing act happens at the Name resolution stage. There will be multiple entries in the DNS server for a host name , pointing to application server IPs across which the load should be balanced. For eg: there will be n number of IP addresses associated with a host name . When the first client request a name resolution, the first IP from the list is returned.When a second client request a name resolution, the next IP is returned. Thus we can ensure that the incoming requests for a particular application is equally distributed among the available application servers. An additional option named ne

Windows server 2003 to 2008: upgrade considerations

If you are planning to upgrade from Windows server 2003 to 2008, here are some guidelines..  The normal boot-from-CD procedure doesnt work for the upgrade.You will have to start the upgrade process from within the windows server 2003 You can upgrade to an equalent or higher edition of windows server 2008 ie you can upgrade from from windows server 2003 standard edition to server 2008 standard or Enterprise edition, but you cannot upgrade from 2003 Enterprise edition to 2008 standard edition However the upgrade options are slightly different in case of Web or datacenter Edition. You can only upgrade from Windows server 2003 web Edition to Windows server 2008 Web edition. Same with Datacenter Edition The final condition is that Windows server 2003 Service pack 1 should be installed if you want to upgrade to server 2008.This means that if you have Windows server 2003 R2, the upgrade is possible without any further service pack installation The following upgrade paths are possib

Understanding different editions of Windows server 2008

It is important to understand the various 'flavors' or Editions of Windows server 2008 before you start planning the deployment of same in your infrastructure. Given below is a brief description of the various versions and scenarios Standard Edition: This edition is ideally suited for the role of DC, File and print server, DNS,DHCP & application server in medium-small sized buisiness. Basically all your infrastructure network requirements can be met by this edition.It also supports Network load balancing clusters Processing Power maximums:   4 GB RAM, & 4 Processors in SMP configuration(32-bit(x86) version) 32 Gb RAM & 4 processors in SML configuration(64-bit(x64)version) Limitation: Cannot be used in failover clustering or installation of enterprise edition features like AD federation services. Though it spoorts Hyper-V, it will bundle windows license for only one VM.Hence it is not an ideal choice for large scale virtualization Enterprise

Azure SQl administration: useful commands

Command to create a new Db as a backup/clone of existing DB: Connect to the master DB and  execute the following command: CREATE DATABASE <newDBname> AS COPY OF <name of DB to be backed up>; Eg: CREATE DATABASE DB2 AS COPY OF DB1 One important thing  to note is that the actual Db copy wouldn't be completed even if the command complete successfully. Inorder to check the status of the copying , you can use the following command SELECT name, state, state_desc FROM sys.databases WHERE name = 'Databasenew' The value of  State_desc column in the output will be  'online' when the copying is completed and DB is ready for use.The status will be shown as 'copying' when the DB copy is in progress Rename database: Again you need to connect to the masterDB and execute the following query USE master; GO ALTER DATABASE <DB name> Modify Name = <new DB name> ; GO Rename Table: If you need to rename a table in a DB, use the f

Securing Windows Azure SQL using service accounts

When you create an SQL server in Windows Azure,you need to create an administrator username and password . This will be the super user account for that server, using which you can carry out any operation in any databases of the databases. That means you can also delete or rename databases using this account.Hence you need to be very careful if you are planning to use this credentials in your application to access the Azure SQL database. Creating service accounts for SQL is a safe option to restrict access to you database , and also to avoid use of the super admin account.You could create service accounts and add them to appropriate SQL roles which has required permissions in the database, say read, write, execute etc..Lets see how to achieve this: First create  an SQL login after connecting to the Master DB. Note that you would need your super admin account for connecting to the master DB.           CREATE LOGIN  <ServiceAccountname>  WITH password=' <passwo

Windows Azure architecture and workflow

So,you just need your .cspkg and .cscfg file to do a deployment to Azure. When the deployment is complete, the instances are spinned up, application is up and running and during the whole process you didn't have to move a finger!!! That is what we call PAAS magic. But what actually happens in the background, lets find out.. Red Dog Front End(RDFE) : When you interact with the Azure platform through management portal or Visual Studio, you are actually talking to the API called RDFE .The request are passed on by the RDFE to Fabric Front end(FFE) layer Fabric Front End(FFE) : It receives the request from RDFE and  converts them to Azure fabric commands which are then passed on to what we call Azure Fabric Controller. FFE decides on the location of the VM based on inputs such as affinity group and Geo Location, and also based on the Fabric inputs such as machine availability Azure Fabric controller : This is considered to be the kernel of the Cloud OS, simply because it manages

SSL cert considerations in Windows Azure

If your windows Azure application is using an SSl certficate, you need to configure it in both your service definition file and .cscfg file. The whole process is explained clearly in the following Microsoft article: Here, I am going to discuss about few considerations while configuring SSL. As you can see from the above Link, the certificate should be defined in the csdef file     <Certificates>         <Certificate name="SampleCertificate"                       storeLocation="LocalMachine"                       storeName="CA" />     </Certificates> The store can be either 'LocalMachine' or 'CurrentUser'. And the storenames can be one of the following - My ,  Root ,  CA ,  Trust ,  Disallowed ,  TrustedPeople ,  TrustedPublisher , AuthRoot , and  AddressBook . You can also create your custom store name, which in case the store will be cre

Net use : System error 67 has occured

While trying to map a sharepoint location using net use command,the following error was thrown. System error 67 has occurred. The network name cannot be found. Command used was : net use m: https://<sharepointurl>  /user: domain\user   <password> Solution: This can happen if the "desktop experience" feature is not installed in Windows server 2008 R2. Install the feature from server manager, restart the server  and it will sort the issue.

Windows Azure administration: Useful resources

Here are some useful links for Windows Azure administrators Windows Azure service dashboard: This dashboard gives a general overview of the Azure services across the world. You will get a region wise status of various service offerings , say Compute, Storage, Active directory etc. If Microsoft has detected any issues with any of its datacenters you will find it here. The data is refreshed every 10 mins. Also there is an option to view the historic data as well. This would be one of the first places to check if you feel that Azure is not behaving as expected. Azure powershell cmdlet reference: If you are an automation enthusiast and would like to automate your Azure management chores, Azure powershell cmdlets opens a world of opportunities. Of  course you need to install them first. Please refer my blogpost here for getting started. The link abo

vMotion : Introduction

vMotion is the process of moving running virtual machines from one ESXi host to another.The disk files are not migrated(they stay in the shared storage), only the VMs memory and CPU processing moves from one server to another. In fact if you ping the VM while it is moving, you may at the most loose at most one or two ping packets. vMotion happens in three stages: -vCenter server verifies that teh VM is in a stable state -VM state is copied over to the destinatiom. State includes the memory, registers and network connections -VM is resumed in the destination host vMotion can happen due to any of the following reasons: - Balance the load on ESXi hosts using DRS -When the VMs are being moved off from a host so that the host can be shutdown by DPM(distributed power management) -You need to intsall patches using update manager or do a hardware maintenance, the VMs are migrated using vMotion and host is put into maintenance mose vMotion requirements: -You will need vSphere E

VMware : Linked Clones

The Linked clones concept is similar to the normal VM cloning process, but with a storage saving twist ;) When we create a linked clone, a new VM is created from a base VM , at the same state. This clone with use the base VM's hard disk for all read operations, however all writes to the disk ie any change to the data from the original disk is written on  a new disk. This is very similar to the concept of snapshots where the original VMDK is read only and all subsequent writes are done to a delta disk. The main advantage of using Linked clone is to avoid deduplication of data. You can have n number of VMs created from the base virtual machine, but the base disk remains the same. This will considerably reduce the disk space usage, especially in cases like web server farms with multiple servers

Azure IAAS : Enable RDP to Load balanced VMs in a cloud service

I faced a confusing situation recently, where I had to enable RDP to two VMs in the same cloud service using endpoints included in a load balanced set. A load balanced set was created for the RDP port 3389 and both VMs were included in the set. However, if we select the invidual VMs from the management portal-> click connect, you will get the following error message "An external endpoint to the Remote Desktop port(3389) must first be added to the role" That was pretty confusing, since the port is already defined in the load balanced set  !! . After playing around for a bit, I found out that I was doing it all wrong !!.. The load balancer set works from a cloud service perspective. So the RDP load balanced set along with the other load balanced ports are defined for the cloud service. That means I can actually RDP  by providing the cloud service name, and it will land me on one of the VMs in the cloud service. From the VM, you can rdp to any other VM in the

VMware NSX: An introduction

After server and desktop virtualization, VMware is now focusing on network virtualization. Essentially the company has been focusing so far on the 'compute' market for Virtualization and now it has started working on a similar product for Network. Lets admit it, Networks take more time to provision. With virtualization coming in, the creation of Servers, desktops etc now takes minutes when compared to hours/days/weeks situation in the pre-virtualization era. But if we have a new network requirement for the VMs, it can be sorted to an extend using vSwitch. What if the requirement goes beyond that? Say a router /firewall/VPN that should be used by the VM. Of course, we should get in touch with the networking guys and it could take some time for the stuff to get sorted out With NSX, Vmware aims to address this bottle neck. The idea is to provision,backup and manage networks similar to how you manage your VMs now. There will be logical switches,routers, firewalls and VPNs.You

SSL Web server cert analysis

Came to know about this site from a colleague of mine today This is quite useful if you want to do a deep analysis of any SSL web server in the internet. It provides details about the cert used, cetifiction paths, protocols etc..

Set Network ACLs using Windows Azure Powershell Commands

In the latest update of Azure PowerShell commandlets, there is an option to set network ACLS for VM end points. Using this option, you can Allow/block access to an endpoint based on the IP address range Maximum of 50 ACL rules are possible per VM Lower numbered rules take precedence over higher number rules If you create a permit ACL, all other IP ranges are blocked. Similarly, if you define a Deny rule, All other Ips are permitted  If no ACLs are defined, it is permit all by default Steps for setting a permit ACL for a particular IP is given below. Before executing the same, make sure that you have set the subscriptions correctly as per my previous post. Create a new acl object $acl=New-AzureAclConfig Create the permit rule and add it to the acl Set-AzureAclConfig -AddRule -ACL $acl -Order 50 -Action Permit -RemoteSubnet "" -Description "Test-ACL confguration" Here I am explicitly permitting access from a public IP

Back to basics : Networking - Part 2

IPV6 Basics: IPV6 uses 32 bit address space whereas IPV6 uses 128 bit address space Represented by eight groups of hexadecimal quadrants and uses Classless Interdomain Routing(CIDR) First 48 bits of the address are the network prefix, next 16 characters are subnet ID and last 64 characters are interface identifiers There are three kinds of IPV6 addresses  are Unicast,Multicast and Anycast Unicast : Identifies a single interface, equalent to IPV4 address of a machine Multicast : Identifier for Multiple network interfaces. Commonly used for sending signals to a given group of systems or for braodcasting videos to multiple computers etc Anycast : The pacaket is delivered to the nearest(in terms of routing) device IPV6 does not have broadcast messages Unicast and Anycast addresses have the following scopes: Link-local : Scope is local link(ie nodes on same subnet).Prefix for link-local addresses is FE80::/64 Site-Local: Scope is organization ie private site addressing.Prefix

Managing Windows Azure using Powershell commandlets

Inorder to start managing your Azure subscriptions using Powershell commandlets, first you need to install the Windows Powershell from here Open the Azure PowerShell windows from Start-> all programs->Windows Azure->Windows Azure Powershell Inorder to manage a subscription, you will have to import the management certificate for the same . You can use the below commands for the same $cert = new-object System.Security.Cryptography.X509Certificates.X509Certificate2 $Filepath ="D:\certs\managementcert.pfx" --> Provide the path to your management cert here $password='Password' --> Give your certificate password here $cert.Import($Filepath,$password,'Exportable,PersistKeySet')   -->At this point the variable $cert will have your management certificate loaded Now you need to import your subscription id & subscription name. You can get the value from the management portal->Settings $subscriptionId = '1935b212-1179-4231-

Windows Azure fault domain and upgrade domain

Fault Domain: In simple words, fault domain can be considered as a single point of failure. For eg:, servers hosted in a rack in a data center can be considered as a fault domain, because power failure to the rack will bring down all the servers in it. During deployment time, the instances in a role are assigned to different fault domains, to provide fault tolerance (only when there are multiple fault domains) Upgrade Domain:  This concept is applicable during a deployment upgrade.Each upgrade domain can be considered as a logical unit of deployment. During an application upgrade, it is carried out on a per upgrade domain basis, ie the instances in the first upgrade domain are stopped, upgraded  , brought back to service, followed by the the second upgrade domain. Thsi ensures that the application is accessible during the upgrade process though with reduced capacity

Windows Azure storage concepts

You can create a storage accounts in windows Azure and provide your applications access to the tables, Blobs and queues in it. The maximum capacity of data for storage accounts is 200TB, if it was created after June 8th 2012 and 100 TB if created before that. Geo redundant Storage(GRS): Replicates the storage to a secondary, geographically separate location. Data is replicated asynchronously to the secondary location in the background. If there is any failure in primary location, storage will failover to the secondary location Locally redundant Storage(LRS) : For any storage, the data is replicated three times within the same datacentre. All Windows Azure storages are locally redundant Affinity group: It is a geographical grouping of cloud deployments and storage accounts.By grouping the services used by your application in a affinity group in  a particular geographical location, you can improve your service performance Storage account endpoints: Highest namespace for accessi

Windows Azure host and guest OS updates

Windows Azure host OS is the root partition, which is responsible for creating child partitions to execute Windows Azure services and guest OS. The host OS is updated atleast once in a quarter to keep the environment secure. Updating the Host OS means that the VMs hosted in it should be shutdown and then restarted. While the upgrade is done, Azure ensures that the VMs in different update domains are not down simultaneously thereby affecting the availability of hosted applications. An optimal order of updating the servers are identified first before proceeding with the upgrade. Windows Azure guest OS runs on the VMS that host your applications in Azure. The OS is updated periodically when each time a new update is released. You can choose to get this done automatically or manually upgrade it at a chosen period.Microsoft recommends automatic OS updates, so that known security vulnerabilities are taken care of and you application will run on an up-to-date environment. Inorder to con

Configuring Diagnostics for Windows Azure cloud service

Steps for configuring the Windows Azure diagnostics are as follows: Import the Diagnostics module in the csdef file     <Imports>       <Import moduleName="Diagnostics" />     </Imports> The option for tracing and debugging can be included in the Windows Azure application code Custom performance counters can be created for web and worker roles using powershell scripts in startup tasks. You can collect data from the existing performance counters as well Store dignostics data in an Azure storage, since the collected data is only cached and hence does not perisist. The diagnostics storage can be defined in the cscfg file using the following settings <Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="DefaultEndpointsProtocol=https;AccountName= storagename ;AccountKey= storageaccesskey " /> Replace the storagename and storageaccesskey using the name and access key of your diagn

Input and Internal Endpoints in Windows Azure

Azure cloud services had two types of environments- Production and Staging. The production environment will have  permanent DNS name associated with it and it resolves to a Single Public Virtual IP. The DNS name of Staging environment will keep changing and it will also resolve to a Public VIP. Intput endpoints are defined for enabling external connections to the Public VIP of the cloud service. HTTP,HTTPS or TCP  protocol can be used for connection. The ports , protocols and certificates to be used for the connection can be defined in the csdef file in the <Endpoints> configuration session. Sample given below     <Endpoints>       <InputEndpoint name="httpsin" protocol="https" port="443" certificate="SSL" />       <InputEndpoint name="httpin" protocol="http" port="80" />     </Endpoints> Each defined endpoint must listen on a unique port A hosted service can have upto maxi

Configure RDP for Windows Azure cloud service instance

 In order to RDP to a windows azure cloud instances execute the steps given below: Generate an encryption certificate and upload to the respective cloud service. This certificate is used to encrypt the RDP communication Encrypt the RDP password using teh certificate thumbprint. You can use the csencrypt command line utility available with the Windows Azure SDk to encrypt the password- Ref: Import the RemoteAccess and RemoteForwarder modules in the csdef file     <Imports>       <Import moduleName="RemoteAccess" />       <Import moduleName="RemoteForwarder" />     </Imports> Update the Remote desktop connection configuration values in the cscfg file. The settings are <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.Enabled" value="true " /> <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountUser

Windows Azure cloud services - Roles and config files

Windows Azure cloud service, is in simple terms an application designed to be hosted in a Cloud with a configuration file that defines how the service should be run. Two files decide the settings for the cloud service - Service definition  file(.csdef) & Service configuration file (.cscfg) Service definition file: This file defines the settings that will be sued for configuring a cloud service. It defines the following settings Sites - Definition of websites or applications hosted in IIS7 InputEndPoints - End points used for contacting the cloud service InternalEndPoints - Endpoints for role instances to talk to each other Configuration Settings - Settings specific for a role Certificates - Defines certificates used by a role Local Resources - Details of local storage, this will be a reserved directory in the file system of the virtual machine in which a role is running Imports - Defines the modules to be imported for a role. For eg: to enable the RDP connection