Azure


How to backup QNAP NAS data to Microsoft Azure storage

It’s very easy to backup all your data on your QNAP NAS to the public Cloud from Azure. In this blogpost I’m describing all the necessary steps.

Create A Storage account

First make sure you have an active Azure account with a subscription. You can easily sign up for a one month free trial period. Go to portal.azure.com and create a Storage account. Go to the big plus, and select Storage/Storage account.

qnap_azure_03

Ok, let’s create a storage account :

qnap_azure_04

Give it a name, Storage v1 is alright. Local redundancy is cheaper then Global Redundancy. ¬†Default performance is more then enough, choose your subscription and give your new resourcegroup a fancy name ūüôā

It takes a couple of seconds for this account to be created. Now go to your storage account and copy the Access Keys (Toegangssleutels in Dutch), You will need that later on.

qnap_azure_05

Ok… step 2

Download the Azure Storage APP

Go to your QNAP interface and download the QNAP Azure Storage APP.

qnap_azure_01

(Choose App Center)

qnap_azure_02

Choose Backup / Sync and then Azure Storage

After downloading & installing, open the App:

qnap_azure_06

Go to Account, to configure your Storage Account.

qnap_azure_07

The first name can be anything, the second name is the name of your storage account (without the UPN..) and the last is the secret key your copied earlier. Make sure you select the SSL option.

You now can create a new Backup Job. It’s very easily and doesn’t need any explanation. The App has all the necessary options you wish for :

qnap_azure_08

Take notice : it’s recommended to encrypt all your data on Azure. So that no one has access to your data. Even when they have access to your storage account! Don’t forget your password, no one else can recover it!

qnap_azure_09

You can tune these options when you wish.

It can take some time when you back-up your entire NAS to Azure. It’s recommended create multiple tasks. A task for each folder.

Costs

Wat about pricing? Check out the costs here : https://azure.microsoft.com/nl-nl/pricing/details/backup/

In my case I use 2 TB for approx ‚ā¨ 40 monthly.


XenApp and XenDesktop on Azure Cost Calculator

Recently I build a XenApp environment on Azure for demo purposes. I used –>¬†this¬†<– website helping me calculating the costs.

Citrix op Azure Costs 01.png

This website (running on Azure :-)) makes it easy to calculate the costs of your XenApp/XenDesktop environment on Azure.

Citrix op Azure Costs 02

 

You can provide the locations, working Hours, Workloads and number of users (and their profiles). It automatically loads the costs of Azure  (so no outdated data!) for Comput, Storage and Network.


How to Create a Site-to-Site VPN between Azure and your home environment using pfSense

I’m moving more and more of my whitebox environment towards Azure. But some parts are still running in my home environment. So I would like to create a Site-to-site VPN between my office @home and Azure. Because an Express Route would be slightly overkill I decided to build an Site 2 Site VPN.

Some information about my test environment @home. I’m running a Hypervisor in a seperate tenant with only 2 virtual machines : pfSense and a Windows 10 virtual machine.

Let me take you through the steps of creating a Site2Site VPN, hold on!

  • First make sure that you have a proper working pfSense (2 NIC) instance running.
  • You will need at least one public IP address (IPV4), so you probably need a business internet line because consumer internet lines don’t often have static public IP addresses. You need to configure IP Addresses, not DNS names, so DynDNS is no option I’m afraid.
  • For testing purposes it’s easy to have a Windows 10 client standing by

Ok, let’s go! First download and install pfSense and the Windows 10 VM. My pfSense virtual machine has 2 network adapters, One WAN (Bridged mode) and one Custom (VMNet 10). The Windows 10 is in the same custome mode (VMNet 10) and is running in a separate subnet (192.168.1.X). Make sure that the LAN interface of pfSense is running the DHCP service.

site2site01

Log on to the Windows 10 virtual machine and check if you have internet Access :

site2site02

Check! (great website btw :-)) We have internet access!

Now login to Azure, select your subscription and check create a Virtual Network. In my situation I already had a virtual network (the network I would like to connect to). I only had to make an adjustment.

In my virtual network (@Azure) the following resources are running :

site2site03

As you can see my network is using the 10.0.0.0 subnet. It was created using the /24 mask but I had to change that to /23. So now my virtual Network is running the 10.0.0.0/23 subnet. You can also create a new virtual network to connect to. For this example let’s use the following information :

site2site04

In my environment I’m using the same IP addresses. You can choose your own name(s). Now go to the virtual network you’re running or just have created and go to subnets. Click +Gateway subnet.

site2site05

Add the following information :

site2site06

Now we are going to create a new Virtual Network Gateway :

site2site07

Use the following information :

site2site08

Give it a new, use VPN/Route-based. Choose Basic for SKU (is enough, can be upscaled later). Create a new public IP for your VPN and select the subscription and resource group. Choose to create and wait approx 30 min.

Now we must create a Local Network Gateway :

site2site09

You can choose your own name, make sure to use your public IP address of the WAN Adapter of pfSense. Choose to create your local network gateway. This can take approx 45 minutes.

Now go to the local network gateway you have just created and go to connections.

site2site10

Give it a name, a think about a very long & secure Pre Shared Key. Remember this. You will need it later on!

site2site11

Ok…. #Azure #work #done… now fire up the pfSense interface :

Go to VPN/IPSec. Click on Add P1 at bottom right. This is the first phase of the IPsec tunnel negotiation. Fill out these values and make sure that you replace it with your specific IP. You can find your Azure Public IP here :

site2site12

Ok, you will need these neccessary info for Phase 1:

site2site13

For Phase 1 Proposal (Authentication) use the values and I hope you still know your shared private key ūüôā :

site2site14

For Phase 1 Proposal (Algorithms) use the values :

site2site15

Use these Advanced options :

site2site16

Now go to VPN / IPsec / Tunnels

site2site17

Expand Show Phase 2 Entries and Click Add P2 :

site2site18

Use the following information (General Information) :

site2site19

Use the following information (proposal) :

site2site20

Leave the Advanced configuration default :

site2site21

site2site22

Now let’s open pfSense a bit, let’s allow the firewall IPsec traffic. In orde to do that, from the main menu go to Firewall, Rules and then click on the IPsec sub-menu.

site2site24

Ok, now we are done! Great job… but let’s test it first! Go to the Windows 10 test VM. In Azure I opened RDP and Ping for testing purposes.

site2site23

As you can see from my internal network @home I can ping and RDP to the INTERNAL (!) IP Address of my Azure resources. Job well done!


My review of the Azure app (Android)

A couple of days while I was driving to the beach I noticed a problem with one of my machines running on Azure. Ofcourse I didn’t bring my laptop, so I first tried the Azure App in real life. I was very pleased. You can’t always predict what will happen or when, but you can be prepared. That’s where the recently updated, Azure mobile app comes in. Stay connected to your Azure resources – anytime, anywhere.

Using the App it’s possible to :

  • Check status and critical metrics of your Azure resources
  • Get notifications and alerts about important health issues
  • Performance simple operations to resolve common issues
  • Run powerful Azure Cloud Shell scripts in the App

You can take the power of Azure with you on your mobile phone/tablet!

AzureApp01AzureApp02AzureApp03

After downloading the App from the store, it was very easy to get it up and running (support for MFA).

Azure App

In my case I tested the Android version, but there is a iOS version also. Normally I don’t prefer working on my phone or tablet but just using my laptop or desktop but sometimes it’s very handy to be able to quickly restart a VM for example. Or see the load (metrics) of some of your services. Even be able to receive notifications is very handy!

The Azure app puts every subscription from every service in your pocket. Scroll through all your resources and resource groups, search by name, or filter by resource to find the resource you need.

AzureApp04AzureApp05AzureApp06

Each resource includes the following information (when applicable):

  • Status
  • Number of errors in the past week
  • Important properties (Essentials)
  • Key usage metrics
  • Related resources
  • All resource properties

AzureApp08AzureApp09AzureApp10

For those of you with a lot of subscriptions and resources, scrolling and filtering – on your mobile device! – might get a little tedious. Save swipes and taps by adding the resources you want to keep a close eye on to your favorites list. Just open the resource, tap the star, and go! The next time you open the app, you will start on the favorites tab to help get you to your resources faster than ever.

AzureApp11

Perhaps the most important aspect of building your business in the cloud is the confidence and knowledge that everything’s up and running and your customers aren’t impacted by unexpected events. With the Azure app at hand, you’ll never need to guess. Just open the Notifications tab for a personalized list of Azure health alerts and important metrics that you’re monitoring for your resources.

If any of your resources in the selected subscription have been impacted by an Azure health event over the last week, you’ll see the details listed on the¬†Notifications¬†tab. Every health alert includes:

  • Status
  • Link to the impacted subscription
  • Latest communication details
  • Tracking ID unique to the event
  • List of impacted locations
  • List of impacted services
  • Brief history of the status over the past week

AzureApp12AzureApp13

You’ll also find your custom resource metric alert rules in the list. Each metric alert includes:

  • Status (activated or resolved)
  • Link to the related resource
  • Description of the alert rule, if specified
  • Brief history of the status over the last week

In addition to getting metric alerts on the¬†Notifications¬†tab, you’ll also be notified about these alerts when you visit resource details. Just tap the notification to open the details.

AzureApp14AzureApp15

Many services offer simple commands to help you resolve common issues for your resources from the Azure app:

  • Suspend and resume¬†Analysis Services¬†servers
  • Open the¬†API Management¬†portal in the browser
  • Start, stop, and restart¬†App Service¬†web apps and deployment slots
  • Start and stop¬†App Service¬†environments
  • Restart all¬†App Service¬†web apps in a plan or environment
  • Open¬†App Service¬†web apps and deployment slots in the browser
  • Start and stop¬†Content Delivery Network¬†endpoints
  • Start, stop, and swap¬†cloud service¬†slots
  • Open the¬†HDInsight¬†portal in the browser
  • Open¬†Log Analytics¬†workspaces in the Operations Management Suite app
  • Enable and disable¬†Logic App¬†workflows
  • Enable and disable¬†Scheduler¬†job collections
  • Start and stop¬†Stream Analytics¬†jobs
  • Start, stop, and restart¬†virtual machines
  • Connect to Windows¬†virtual machines¬†using the RDP app
  • Start, stop, and restart¬†virtual machine scale set¬†instances
  • Open¬†Visual Studio Team Services¬†accounts in the browser

Of course, many more are on the way. As a companion app for mobile workers, the Azure app doesn’t include every feature in the Azure portal, but as you can see it provides great flexibility while using your phone or tablet.

I think the Azure App is a need to have for every Azure administrator! Just download the app in the appstore and let me know what your thank about the app!


Azure VM easy patchmanagement

In my Azure test environment I’m running several Windows and Linux servers. In this blog post I describe an easy and effective way to patch them. It only takes you a minute of configuring!

Azure_Updates01

On a freshly installed Windows Server 2016 without patching there were 4 available updates (Azure template) :

Azure_Updates02

I’ve created a new Update Deployment (go to the second tab) :

Azure_Updates03

(Specify which type of updates you wish to deploy. Tip: create multiple deployment for different kind of updates)

Azure_Updates04

Azure_Updates05

In my case I install all availables updates every day at 05:00 PM. (test environment :-))

Just 2 b sure I’ve checked the status of Windows Updates inside the VM :

Azure_Updates06

Azure_Updates07

As you can see it’s very easy to update your VM’s (this works for Linux too!) running on Azure (Stack).


How to convert OVA to VHDX for Hyper-V 2

If you have found yourself in a scenario where you would like to use Hyper-V as a test environment for your virtual machines, but you are using VMware ESXi Server,Citrix XenServer or VirtualBox then this tutorial is for you.

Required software

  • Microsoft Virtual Machine Converter 3.0 available¬†here.
  • WinRar (or any tool you prefer to extract .tar files)
  • Your OVA export unzipped into a folder.

Preparations

  • Download and install Microsoft Virtual Machine Converter 3.0.

An OVA file is simply a tar archive file containing the OVF directory. First you rename the .ova file to a .tar extension. Now you can use WinRAR and extract the .vmdk files within to get the virtual machines disks. VMDK is an open format used by VMware and other vendors.

Convert The Image

Next we will need to convert our VMware Image in order for Hyper-V to run it. This can be done using Powershell:

Copy you .VHDX to the folder containing you Hyper-V virtual machine.¬† When creating your new virtual machine, you must ensure you select ‚ÄúGeneration 1‚ÄĚ when choosing the generation of the virtual machine :


How to troubleshoot your Linux VM running on Microsoft Azure

Many people are running Linux in a virtual machine on Azure. But what if a Linux virtual machine refuses to start?

Go to the Azure portal and open the virtual machine properties. First check out the CPU, network and disk utilization. Is CPU constantly peaking at 100%? Then you know that you must investigate that first. You see absolutely no utilization at all? Then your virtual machine might be down or doing nothing at all. When your virtual machine is slowly but online, maybe you have choosen the wrong virtual machine type and do you require more resources.

Ok… let’s choose the troubleshoot option. (The screendumps are from the dutch Azure website)

When you choose the troubleshoot option, you see the current resource status. A green sign means that there should be no problems with the Azure platform resources you are running on. In my case I see a green sign, so that’s a good! You also see the latest issues and activities. Did someone recently restart your virtual machine? You should see a notice of that. Remember how important it is to take security in mind. Are you and your co-workers all using the same account? Then it can be difficult to identify who rebooted the server.

You also see most common issues regarding your type of virtual machine. Just click on a problem and Microsoft gives you advice. You directly have the option to check for the tips that Microsoft gives you.

Console session

Most system administrators first instinct is to check the console screen. Unfortunately there is no live console screen which you can use. So you can’t monitor the boot process (and see the errors occurring) realtime. But there are ways to monitor it with a alternative method. Let’s go to the first option and click the first link:

After you’ve selected the first option you notice the follow screen:

You notice the latest boot process. You can scroll down this window. Notice the options to download the logfile, and to take a screendump and download it. You can’t see a live screen of the console but you’re able to download a screendump of the console. Not ideally but it can provide you with some interesting info.

Reset password

Sometimes there is a problem with your password.  Maybe you forgot your password!? You can use CLI or Powershell to change it.  You can find more info here and here. When you have full access to azure and the virtual machine you can reset your root password without knowing the current password.

Check for a pending reboot

Maybe some actions required a reboot and for that reason some services are not running. Check if the file /var/run/reboot-required exists or not. If it exists then you first have to reboot your Linux virtual machine before further troubleshooting.

Restart your virtual machine

There could be a resource problem or a hanging process. Choose to restart your virtual machine. Click on restart virtual machine to restart it. Use the console and boot information mentioned earlier to check the progress.

Reset the SSH connection creds

Sometimes there could be an issue with your SSH keys. Choose this option to recreate your SSH keys. (Option 4)

Migrate your Virtual machine to another host

You have the option the migrate (move) your virtual machine to another host. Sometimes there could be a problem with a specific region or host Use this option to make sure that this doesn’t apply to you.

Consider the use of premium storage

Check your number of IO’s. Do you have a application which requires a lot of IO? Consider the use of premium storage. Microsoft Azure Premium Storage delivers high-performance, low-latency disk support for virtual machines running I/O-intensive workloads. VM disks that use Premium Storage store data on solid state drives. You can migrate your application’s VM disk to Azure Premium Storage to take advantage of the speed and performance of these disks. But be aware of the costs! If your disks does not require high IOPS, you can limit costs by maintaining it in Standard Storage, which stores virtual machine disk data on Hard Disk Drives insteads of SSD’s. More info here.

Revert or fallback to your latest snapshot/backup

Sometimes it’s easier not to troubleshoot but to restore your latest backup and/or snapshot. Especially if you have a working (and tested!) backup and are able to restore

Conclusion

Microsoft provides more and more support for Linux virtual machines. The not real time console session is a bummer but Microsoft offers a lot of tips for you to take a clooser look at. I hope that this post will provide you with a good place to start your investigation. Make sure you have a working (and tested!) back-up plan in order. Everyone needs a restore or one point or another. ūüôā Microsoft also provides support plans, costs are $ 250 monthly with a minimum term of 6 months. You can always fallback on Microsoft’s Linux team which has advanced knowledge but for a price..


File level restore on Azure

Making backups of virtual machines running on Azure using snapshot technology is a nice feature. But sometimes you don’t want to revert the whole snapshot but only want to restore a single file. Now this is possible. It uses the same backup/Snapshot technology you probably are already using.

Azure_file_level_restore_1

Open the virtual machine properties in the all resources tab. Choose the Back-up option.

Azure_file_level_restore_2

Go to the file level restore option. (more/upper right)

Azure_file_level_restore_3

Select the back-up set containing the file(s) you wish to restore. Then choose to download the script. Upload that script to your Virtual Machine. (winscp, copy/paste into nano/vi or any other way you choose to). It takes approx. 1 minute to generate and download the script.

Execute the script using bash <filename.sh>. First time the VM adds support for the iSCSI service which is required for mounting the back-upset. Choose Y for installation the iSCSI drivers and wait a few seconds. You see that entire back-upset is mounted. Now you can copy all the necessary files you need.

After you are ready, go to the Azure portal and choose to unmount the back-upset. Now you are all finished!


Powershell: Start using PowerShell using PowerShell Command Builder

Microsoft TechNet site has a great site that enables you to build your own cmdlets using a web drag and drop interface.

There is support for :

image

Let’s try Office 365 :

image

You notice the drag and drop interface. First select the verb, for example Get. Click get and the send arrow. Now choose a Noun, for example Msol User:

image

After selecting the Verb and Noun you notice the other extra options. Fill them in when needed. Now hit the Copy to Clipboard button to copy the PowerShell command to your Clipboard and start using PowerShell to manage your Office 365.

You can find the site here.


Office 365 Powershell: Delegate Calender rights 1

Use the following steps to delegate (Calender) rights to a specific user.

The first step is to specify your (administrator) credentials:

Then create the session:

Now import the Office 365 session using the following command:

Use the following command to delegate the calender from user1 to specified user2:

SNAGHTMLb41a829

Et voilà! The calender rights are set.