background preloader

Azure

Facebook Twitter

Microsoft Azure How Subscription Administrators & Directory Administrators Differ | James Evans - EduTech's Blog. If you are new to Microsoft Azure you may find that sometimes it’s some what difficult to determine the security boundaries in terms of the administrative roles that are provided, or maybe you sign-up for azure using a Microsoft Account and you find that maybe not all of your administrators see the Windows Azure Active Directory, or maybe not all of your administrators are able to access your Microsoft Azure Subscription. I hope that this article helps explain the security boundaries of the administrative roles, better understanding of the roles so you can ensure that you adopt the best security implementation for you in order to protect your business and more. An Azure account determines how Azure usage is reported and who the Account Administrator is. Subscriptions help you organize access to cloud service resources.

They also help you control how resource usage is reported, billed, and paid for. Accounts and subscriptions are created at the Azure Account Center. Scenario Resolution. How to deploy a SSTP VPN in Azure - Computethis. Are you looking for a way to create a secure VPN connection, which allows clients to connect to a server in Azure. Well, you could just create a client SSTP VPN connection to a server in Azure that runs RRAS. -This scenario explains how non-AD joined machines authenticates them self, using a self-signed machine certificate. Under the Azure ACL list – Open port 443 (TCP) in order to allow SSTP traffic. Add the Remote Access and Web Server (IIS) under server roles.

Add DirectAccess and VPN (RAS). Add Routing. Click the open the Getting Started Wizard. Click Deploy VPN Only Under Routing and Remote Access, right click server name and click Configure and Enable Routing and Remote Access. Select Custom configuration Click Start services Start SelfSSL - Now we need to create a certificate in order to authenticate users. Go to the following link and install the package. When done click SelfSSL and type: selfssl.exe /N:cn=servername.cloudapp.net /V:3650. How to Deploy SSTP and L2TP VPN in Windows Azure (Windows Server 2012) | Lighthouse. Now, Windows Azure is more and more popular in our business.

In the meantime, we all know we can deploy Virtual Network in Windows Azure. However, deploying Windows Azure Virtual Network is a quite annoying thing. So we can use Windows Server 2012 RRAS roles to provide VPN. Following the steps to implement it. Create SSL Certificate. As SSTP is a VPN based on HTTPS, so we need to create a SSL certificate. Firstly, open IIS manager, choose the Server (RoccosVPN) – Server Certificates. Figure 1 – Server Certificate Figure 2 – Export Certificate Click left bottom button NEW, choose COMPUTE – VIRTUAL MACHINE – QUICK CREATE, filling DNS NAME, USER NAME and NEW PASSWORD in the text box. Figure 3 – Create VM For deploying SSTP VPN, first of all, we should enable TCP 443 port for our VM. Figure 4 – Azure Endpoint And then, connect to this VM using RDP. Click Server Manager – Add roles and features. then it pops out a window. Figure 5 – Add Roles It pops out a window. Figure 6 – Getting Started Wizard.

Azure Automation in Depth: Runbook Authoring. Thursday, July 3, 2014 Joe LevyProgram Manager, Azure Automation Update 1/8/2016: For the latest info on authoring runbooks in Azure Automation, see this blog post. Introduction Thanks to the new Automation service of Microsoft Azure, DevOps are now able to automate their repetitive, time-consuming, and error-prone tasks that span systems and processes to decrease time to value for their Azure operations. The way Azure Automation is able to provide this value is through a concept called runbooks – PowerShell Workflows that contain the logic to automate your IT and business processes. The Runbook Lifecycle Before discussing the runbook creation and editing features Azure Automation provides, let’s talk about how to manage runbooks so that you or your colleagues don’t accidently run a work-in-progress runbook in production.

Concurrent Editing Now you may be asking yourself “But Joe, what if someone else tries to edit my draft runbook while I’m working on it!” Runbook Authoring Features Summary. High-Available File Share in Windows Azure using DFS - Carsten Lemm. Windows Azure Storage provides a scalable, reliable and highly available service to manage relational as well as unstructured data in the cloud. In order to access your data you can either leverage the Storage REST API directly or use one of the available abstractions on top of it (e.g. the Management Portal, PowerShell Cmdlets, .NET Libraries, 3rd Party Tools, etc.).

Windows Azure Blob Storage can be used to store binary data. Many existing applications have requirements in terms of accessing data on network shares using the SMB protocol in Windows. When migrating these applications to Windows Azure one option is to change the file access code to the native REST interface of Blob Storage. In order to achieve this in Windows Azure, the first solution coming to mind is running a dedicated Windows Server IaaS Virtual Machine (VM) configured with File Services to provide an SMB share to the application. The picture below shows the general architecture of the solution: Register DNS Servers. How to Setup Windows Azure (Server 2012) as an SSTP and L2TP VPN Provider - NoTime. ---------- windows.azure.com1. Create new Windows Server VM using "Quick Create"2.

The DNS name, username and password will be used to connect to the VPN3. A0 or A1 VM (starts at around $10/month or free with an MSDN subscription, no charge for stopped VM, billed by the minute)4. Create TCP endpoint at port 4435. Connect using Remote Desktop (RDP) through the Dashboard---------- Server Role1. Click on Server Manager -> Manage -> "Add Roles and Features"2. DISCLAIMER: This solution is provided "AS IS," without any warranty or representation of any kind. How To Create a Self-Signed Certificate -- Redmondmag.com. Windows Server How-To How To Create a Self-Signed Certificate Using the MakeCert utility of the Windows SDK will allow for you to issue your own self-signed certs. Over the last few months I have run into more and more organizations that are extending their on-premises network to the cloud through Microsoft Azure. Quite naturally doing so requires secure communications between your network and Azure.

In order to do so, Azure makes extensive use of certificates. In a production environment it's always a good idea to use a certificate that was purchased from a well-known enterprise certificate authority. A self-signed certificate is something that you can make yourself for free, but self-signed certificates aren't trusted the way that commercial certificates are. The MakeCert utility is a part of the Windows SDK (download it here). Once the Windows Software Development Kit and the MakeCert utility have been installed, you can move forward with making a self-signed certificate. How to: Manage vault certificates in Windows Azure Backup - Knowledge eXchange. Windows Azure Recovery Services encompasses a set of Windows Azure vaults that help to protect your organization from data loss, and aid in continuity of operations.

Vaults are used to store and protect information that is specified as part of your recovery services configuration. If you are using Windows Azure Backup you will create backup vaults to store protected items from the servers you register for your organization.If you are using Windows Azure Hyper-V Recovery Manager you will create Hyper-V Recovery Manager vaults to orchestrate failover and recovery for virtual machines managed by System Center 2012 — Virtual Machine Manager (VMM).

You configure and store information about registered VMM servers, protected clouds, networks, and virtual machines enabled for protection in a source location; and about VMM servers, clouds, networks, and virtual machines that are used for failover and recovery in a target location. Use the following procedures to perform these actions.

Mick's Breeze Blogs - Biztalk/Sharepoint/... - Azure: Getting started with Azure Backup Services. Recently Microsoft added Backup Services (Preview) in which you can invoke the cloud as part of your backup strategy, whether it be offsite secondaries etc. You may have heard of Microsoft’s StorSimple which involved dropping a 2RU or 4RU Hardware device into a customer’s rack in a Datacenter somewhere which is no easy feat. The reason why I’m liking the Azure Backup Services approach is that it’s a software based solution. Storage costs for Backups are cheaper and this is a feasible approach for backups. The other cool thing is that – if I need fast access to my backups in the cloud, then I can spin up a ‘configured’ VM in Azure (access to the same Backup Vault) and access the backups.

No need to copy them down on premise first. Let’s get Cracking The elements that make this Azure Backup Services work are: 1. 2. 3. 1. 1. Login to the Azure Portal (activate the Backup Services Preview feature if you haven’t done so already) and select Recovery Services 2. 3. 3. This should go smoothly. 4. 5. Backup Overview | dpBestflow. What's a backup? The purpose of a backup is to make sure that your digital data can survive any of the hazards that await. In principle, this is a straightforward process. Copy all of your files to some other device(s), keep the backup somewhere safe, and use it to restore the data in the event of a problem. If you are a one-computer user and everything you want to preserve can fit on one hard drive, it can be nearly as simple as this.

For many of the readers, however, things are not so simple. Let's outline the tools used in backups to see how we can put it all together safely and efficiently. Primary vs. It may sound obvious, but you can't create a good backup strategy until you know what you're backing up. At each stage of an image's lifecycle, you need to know which is the primary copy of the data. The 3-2-1 Rule The simplest way to remember how to back up your images safely is to use the 3-2-1 rule. *While 3-2-1 storage is the ideal arrangement, it's not always possible. Threats Viruses. Handling Azure PowerShell with multiple Azure Subscriptions | SharePoint and other geeky stuff. The other day I was trying to create an Azure WebSite for a client, I ran the commands, everything was successful.

However when I went to the client Azure tenant, there was no sign of the web site! But I could hit the URL, which proved the site existed. I was dreading creating a Microsoft Support call, but as it was near the end of the day I went home. Deal with it in the morning. It turns out, It doesn’t matter if you are logged into your Azure Website. It doesn’t matter if you’ve just added the new account to Azure PowerShell. It doesn’t matter if you’ve not used your old Azure Tenant in a while. It Does matter what Azure PowerShell has as your Default, or Current Subscription at the time of calling your Azure cmdlets. What do I mean? Well before I explain Current/Default Subscription, let’s get those who have never used PowerShell Azure with their Azure account set up. Open your Azure PowerShell windowType press enter.You will be asked to sign into your Azure account.

If you now type. The Cloud Backup Management Pack | Operations Manager. By John Joyner Microsoft has released a simple management pack for Windows Server Backup, available at However, if you are using the Windows Server Backup to Azure service, also known as Cloud Backup, you will discover an official management pack for this is not yet available. OpsMgr is the single pane of glass for your enterprise backup and disaster recovery (DR) components. In addition to the Windows Server Backup management pack, there are relevant Microsoft management packs for System Center Data Protection Manager (DPM), Virtual Machine Manager (VMM), Hyper-V, Exchange Server, SQL Server, and Azure.

The OpsMgr Unleashed team is pleased to publish an additional simple management pack to cover Cloud Backup. Details on the Management Pack The management pack discovers servers with the Azure Backup Agent installed by the presence of the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Azure Backup. Enable PowerShell Remoting. <span class="big">Please enable Javascript, because you won't see all of the content. </span> Although it’s much easier to set up Windows PowerShell remoting in an Active Directory domain, you can also implement PowerShell remoting in a workgroup.

In this blog post, I’ll show you how both procedures work, step by step. Back to the PowerShell tutorial As you probably know, Windows PowerShell version 3 greatly enhanced remoting capabilities in the product. A somewhat little-known fact is that the PowerShell commands that use the –ComputerName parameter don’t use true PowerShell remoting at all; instead, this parameter employs use of legacy DCOM and RPC calls. In this blog post, I’m going to teach you how to enable “true” PowerShell remoting, by which I mean one-to-one and one-to-many Windows PowerShell remoting that uses the industry standard WS-Management protocols. How does remoting work? Get-Process –ComputerName pc1, pc2, pc3 Invoke-Command –name pc1, pc2, pc3 –ScriptBlock {Get-Process} Setting Static IP Addresses in a Virtual Network | Michael Washam. A Virtual Network in Microsoft Azure provides you the ability to predict which IP address your virtual machine will have at boot time and as long as the virtual machine is not re-provisioned that IP address will remain the same.

To illustrate I’ll walk through a few examples using this virtual network configuration as an example. If I provision a new virtual machine vnetvm1 in the DemoVNET and in the Apps subnet: I know that IF it is the only virtual machine in the subnet it will automatically boot up with 10.0.0.4. Virtual machines provisioned in a VNET are always allocated the first available IP address in the subnet with the first 4 addresses. In this case the IP addresses .0 – .3 are reserved. So if I boot up a second virtual machine in the same subnet the IP address will be 10.0.0.5 and so on..

Persistent IP Addresses As long as the virtual machines are only shut down from within the virtual machines themselves they will maintain this IP address. The Solution? Removing a Static VNET IP. Ready for this? "Implementing Microsoft Azure Infrastructure Solutions" Exam 70-533 - Tangent Thoughts. Please bookmark and share this easy URL :) aka.ms/certification/70-533 Were you at Ignite? If not, here is my recorded session! Exam Prep Session for Exam 70-533: Implementing Microsoft Azure Infrastructure Solutions Want the slides with all the links too?

Get them here... Ignite_70-533_Grimes_Full_Slides.pptx Earlier in 2015, I had the pleasure of being a guest speaker on the Azure Podcast, talking about Azure Certifications. After thinking about many of the things I said in the podcast, I thought I would start to share some of the many resources with the general public, that I share internally.

As we get closer to Ignite, I will update this post with many more resources, but wanted to get the first couple of big rocks out there, in case you didn't already know? First, sign up for the exam here to the Podcast above once published. This event was made for this exam! This is one document on the Azure site that is really a GEM. Windows Azure™ and X509 Certificates - Practical Development. Start and Stop Azure VMs with Azure PowerShell | Beyond The Corner Office. Microsoft Azure Training Courses. Azureblog.nl | Voor innovatieve bedrijven met robuuste cloud oplossingen.