Azure


How to rename your Azure subscriptions (tip)

When you have – like me – multiple Azure subscriptions and they all have the same subscription name (something like Visual Studio Enterprise ‚Äď MPN for example ) it can be difficult to separate them.

I advice you to rename your subcriptions and give them a clear name to identify them.

This is how you can do that :

2019-06-08 09_59_37-Microsoft Edge.png

Go to your subscriptions pane in the Azure Portal and select your Azure subscription. Click overview and there you find the Rename button. Just choose to rename your subscription and after 10 minutes or so your Subscription has a new name!


How to add a data disk to your Azure Linux VM the right way

In this blogpost I shall describe how you add an extra data disk to your Linux VM running on Azure.

Step 1 Add a new disk to your Linux VM using the Azure Portal

2019-06-08 07_55_11-Microsoft Edge.png

Choose Add data disk to add an extra data disk and choose create data disk.

2019-06-08 07_57_12-Microsoft Edge.png

For demo purposes I quickly entered a default 20 GiB HD, nothing fancy ūüôā

Don’t forget to save your changes!

2019-06-08 07_58_27-Microsoft Edge.png

Step 2 Connect to your VM using SSH or use the Serial console on your VM Pane in the Azure Portal

2019-06-08 07_53_04-Microsoft Edge.png

Use the following command to find all your data drives :

You see all your drives and the newly created drive

2019-06-08 08_00_53-Microsoft Edge.png

Here,¬†sdc¬†is the newly added disk. Let’s continue.

Now we have to partition the added disk using the following command :

Use the n command to add a new partition. In this example, we also choose p for a primary partition and accept the rest of the default values. The output will be similar to the following example:

2019-06-08 08_04_33-Microsoft Edge.png

Now we are going to write a partition (format) the newly added disk using the following command :

2019-06-08 08_06_03-Microsoft Edge.png

Now we are going to mount the formatted drive using the following commands :

2019-06-08 08_07_45-Microsoft Edge.png

You see your newly created disk :

2019-06-08 08_08_55-Microsoft Edge.png

To ensure that the drive is remounted automatically after a reboot, it must be added to the¬†/etc/fstab¬†file.¬†Herefore I’m going to¬†use the blkid utility:

2019-06-08 08_10_11-VMLIN01 - Serial console - Microsoft Azure ‚Äé- Microsoft Edge.png

Now copy the UUID :

2019-06-08 08_11_15-VMLIN01 - Serial console - Microsoft Azure ‚Äé- Microsoft Edge.png

Now we are going to add the UUID to the /etc/fstab. You can use VI or (like I prefer to use) nano.

The format is als follows :

UUID=<YourUUID> /<YourMountPoint> ext4 defaults,nofail 1 2

In my case it looks as follows :

2019-06-08 08_13_41-Microsoft Edge.png

Ok, let’s reboot the VM and check if the drive still exists..

2019-06-08 08_15_22-Microsoft Edge.png

Use the following command to check

As you can see the /MyDataDrive is still available after reboot.


How to rename an Azure VM using Powershell

Recently I deployed some VMs on Azure. There was a small change to the naming convention afterwards so I wanted to rename the created VMs. This is how you can do this

After a couple of minutes (depending on the size of the VM) the newly created server with the old disks, NIC etc. is created. Currently this script doesn’t support renaming the NIC, disks to your naming convention. So they have the exact same name as before. When you assigned you NIC, disk etc a custom name you will see the old naming convention. Currently I’m working on it. ūüôā


How to encrypt (and decrypt) your Azure VM disks after deployment

This is how you can encrypt your Azure virtual machine disks :

You can find your keyvault Resource ID here :
 
Keyvault resource ID
The reason that I used the Resource id instead of the keyvault name is that now it’s possible for the keyvault to be part of another resourcegroup.
 
Use the following command to decrypt your VM :
 

SMTP Relay on Azure using SendGrid

In this blogpost I’m going to explain how you can still be able to send SMTP from your IaaS server running on Azure. As you might already know since Nov 15th of 2017 it’s no longer always possible to send SMTP on port 25 (I dig into that later).

In that case Microsoft recommends that Azure customers employ authenticated SMTP relay services (typically connected via TCP port 587 or 443, but often support other ports too) to send e-mail from Azure VMs or from Azure App Services.  These services specialize in sender reputation to minimize the possibility 3rd party e-mail providers will reject the message.

Such SMTP relay services include but are not limited to SendGrid.  It is also possible you have a secure SMTP relay service running on premises that can be used. Use of these e-mail delivery services is in no way restricted in Azure regardless of subscription type.

Enterprise Agreement Customers

For Enterprise Agreement Azure customers, there is no change in the technical ability to send e-mail without using an authenticated relay.  Both new and existing Enterprise Agreement customers will be able to attempt outbound e-mail delivery from Azure VMs directly to external e-mail providers with no restrictions from the Azure platform.  While Microsoft cannot guarantee e-mail providers will accept inbound e-mail from any given customer, delivery attempts will not be blocked by the Azure platform for VMs in Enterprise Agreement subscriptions.  Customers will have to work directly with e-mail providers to resolve any message delivery or SPAM filtering issues with the specific provider.

Pay-As-You-Go Customers

For customers who signed up before November 15th, 2017 using the Pay-As-You-Go or Microsoft Partner Network subscription offers, there will be no change in the technical ability to attempt outbound e-mail delivery.  Customers will continue to be able to attempt outbound e-mail delivery from Azure VMs in these subscriptions directly to external e-mail providers with no restrictions from the Azure platform.  Again, Microsoft cannot guarantee e-mail providers will accept inbound e-mail from any given customer and customers will have to work directly with e-mail providers to resolve any message delivery or SPAM filtering issues with the specific provider.

For Pay-As-You-Go or Microsoft Partner Network subscriptions created¬†after¬†November 15, 2017, there will be technical restrictions blocking e-mail sent directly from VMs in these subscriptions.¬† Customers that need the ability to send e-mail from Azure VMs directly to external e-mail providers (not using an authenticated SMTP relay) can make a request to remove the restriction.¬† Requests will be reviewed and approved at Microsoft‚Äôs discretion and will be only granted after additional anti-fraud checks are performed.¬† To make a request, open a support case with the issue type Technical –> Virtual Network –> Connectivity –> Cannot send e-mail (SMTP/Port 25).¬† Be sure to add details about why your deployment needs to send mail directly to mail providers instead of going through an authenticated relay.

Once a Pay-As-You-Go or Microsoft Partner Network subscription gets exempted, VMs in that subscription only will be exempted going forward.  Microsoft reserves the right to revoke this exemption, should we determine a violation of our terms of service has occurred.

MSDN, Azure Pass, Azure in Open, Education, BizSpark, and Free Trial Customers

Customers who create MSDN, Azure Pass, Azure in Open, Education, BizSpark, and Free Trial subscriptions after November 15, 2017 will have technical restrictions blocking e-mail sent from VMs in these subscriptions directly to e-mail providers to prevent abuse.  No requests to remove the restriction can be made as they will not be granted.

Customers using these subscription types are encouraged to use SMTP relay services as outlined above.

Cloud Service Provider (CSP)

Customers that are consuming Azure resources via Cloud Service Provider (CSP) can create a support case with their Cloud Service Provider (CSP) of choice and request the CSP to create an unblock case on their behalf if a secure SMTP relay cannot be used.

SendGrid

SendGrid is a cloud-based email service that provides reliable transactional email delivery, scalability and real-time analytics along with flexible API’s that make custom intergation easy. Ideal for Azure!

First Step Configure your network security group (NSG)

You must allow your VM to send mail through port 587 (of 25). Therefore it’s a small task to allow that :

  1. Go to the networking pane of your Virtual Machine
  2. And choose to add an outbound port rule

NSG Port 587

Second step… create a SendGrid Account

Azure customers can unlock 25.000 (!) free emails each month. These 25.000 free monthly emails will give you access to advanced reporting and analytics and all API’s (Web, SMTP, Event, Parse and more).

Add the SendGrid Resource to your Azure account

  1. Sign in to the Azure portal.
  2. In the menu on the left, click Create a resource.

opdracht-balk-nieuw

3. Click Add-ons and then SendGrid Email Delivery.

sendgrid-opslaan

  1. Complete the signup form and select Create.
  2. sendgrid-maken
  3. Enter a Name to identify your SendGrid service in your Azure settings. Names must be between 1 and 100 characters in length and contain only alphanumeric characters, dashes, dots, and underscores. The name must be unique in your list of subscribed Azure Store Items.
  4. Enter and confirm your Password.
  5. Choose your Subscription.
  6. Create a new Resource group or use an existing one.
  7. In the Pricing tier section select the SendGrid plan you want to sign up for.sendgrid-prijzen
  8. Enter a Promotion Code if you have one.
  9. Enter your Contact Information.
  10. Review and accept the Legal terms.
  11. After confirming your purchase you will see a Deployment Succeeded pop-up and you will see your account listed in the All resources section.

    alle-resources
    After you have completed your purchase and clicked the Manage button to initiate the email verification process, you will receive an email from SendGrid asking you to verify your account. If you do not receive this email, or have problems verifying your account, please see this FAQ.

    beheren

    You can only send up to 100 emails/day until you have verified your account.

    To modify your subscription plan or see the SendGrid contact settings, click the name of your SendGrid service to open the SendGrid Marketplace dashboard.

    instellingen

    To send an email using SendGrid, you must supply your API Key.

To find your SendGrid API Key

  1. Click Manage.beheren
  2. In your SendGrid dashboard, select Settings and then API Keys in the menu on the left.API-sleutels
  3. Click the Create API Key.
  4. algemene-api-sleutel
  5. At a minimum, provide the Name of this key and provide full access to Mail Send and select Save.toegang
  6. Your API will be displayed at this point one time. Please be sure to store it safely.

To find your SendGrid credentials

  1. Click the key icon to find your Username.sleutel
  2. The password is the one you chose at setup. You can select Change password or Reset password to make any changes.

To manage your email deliverability settings, click the Manage button. This will redirect to your SendGrid dashboard.

beheren

You automatically will be logged on to the SendGrid page :

SendGrid Interface

Now go to settings, API keys to create an API key for SMTP relay. The API key is the password you need to authenticate. The SMTP server address is smtp.sendgrid.net:587 and the user is called apikey.

(Use these settings in your mailserver)


Script to update all Azure Powershell Modules

Use this script to update all your Azure Powershell Modules to their latest versions.


How to backup QNAP NAS data to Microsoft Azure storage

It’s very easy to backup all your data on your QNAP NAS to the public Cloud from Azure. In this blogpost I’m describing all the necessary steps.

Create A Storage account

First make sure you have an active Azure account with a subscription. You can easily sign up for a one month free trial period. Go to portal.azure.com and create a Storage account. Go to the big plus, and select Storage/Storage account.

qnap_azure_03

Ok, let’s create a storage account :

qnap_azure_04

Give it a name, Storage v1 is alright. Local redundancy is cheaper then Global Redundancy. ¬†Default performance is more then enough, choose your subscription and give your new resourcegroup a fancy name ūüôā

It takes a couple of seconds for this account to be created. Now go to your storage account and copy the Access Keys (Toegangssleutels in Dutch), You will need that later on.

qnap_azure_05

Ok… step 2

Download the Azure Storage APP

Go to your QNAP interface and download the QNAP Azure Storage APP.

qnap_azure_01

(Choose App Center)

qnap_azure_02

Choose Backup / Sync and then Azure Storage

After downloading & installing, open the App:

qnap_azure_06

Go to Account, to configure your Storage Account.

qnap_azure_07

The first name can be anything, the second name is the name of your storage account (without the UPN..) and the last is the secret key your copied earlier. Make sure you select the SSL option.

You now can create a new Backup Job. It’s very easily and doesn’t need any explanation. The App has all the necessary options you wish for :

qnap_azure_08

Take notice : it’s recommended to encrypt all your data on Azure. So that no one has access to your data. Even when they have access to your storage account! Don’t forget your password, no one else can recover it!

qnap_azure_09

You can tune these options when you wish.

It can take some time when you back-up your entire NAS to Azure. It’s recommended create multiple tasks. A task for each folder.

Costs

Wat about pricing? Check out the costs here : https://azure.microsoft.com/nl-nl/pricing/details/backup/

In my case I use 2 TB for approx ‚ā¨ 40 monthly.


XenApp and XenDesktop on Azure Cost Calculator

Recently I build a XenApp environment on Azure for demo purposes. I used –>¬†this¬†<– website helping me calculating the costs.

Citrix op Azure Costs 01.png

This website (running on Azure :-)) makes it easy to calculate the costs of your XenApp/XenDesktop environment on Azure.

Citrix op Azure Costs 02

 

You can provide the locations, working Hours, Workloads and number of users (and their profiles). It automatically loads the costs of Azure  (so no outdated data!) for Comput, Storage and Network.


How to Create a Site-to-Site VPN between Azure and your home environment using pfSense

I’m moving more and more of my whitebox environment towards Azure. But some parts are still running in my home environment. So I would like to create a Site-to-site VPN between my office @home and Azure. Because an Express Route would be slightly overkill I decided to build an Site 2 Site VPN.

Some information about my test environment @home. I’m running a Hypervisor in a seperate tenant with only 2 virtual machines : pfSense and a Windows 10 virtual machine.

Let me take you through the steps of creating a Site2Site VPN, hold on!

  • First make sure that you have a proper working pfSense (2 NIC) instance running.
  • You will need at least one public IP address (IPV4), so you probably need a business internet line because consumer internet lines don’t often have static public IP addresses. You need to configure IP Addresses, not DNS names, so DynDNS is no option I’m afraid.
  • For testing purposes it’s easy to have a Windows 10 client standing by

Ok, let’s go! First download and install pfSense and the Windows 10 VM. My pfSense virtual machine has 2 network adapters, One WAN (Bridged mode) and one Custom (VMNet 10). The Windows 10 is in the same custome mode (VMNet 10) and is running in a separate subnet (192.168.1.X). Make sure that the LAN interface of pfSense is running the DHCP service.

site2site01

Log on to the Windows 10 virtual machine and check if you have internet Access :

site2site02

Check! (great website btw :-)) We have internet access!

Now login to Azure, select your subscription and check create a Virtual Network. In my situation I already had a virtual network (the network I would like to connect to). I only had to make an adjustment.

In my virtual network (@Azure) the following resources are running :

site2site03

As you can see my network is using the 10.0.0.0 subnet. It was created using the /24 mask but I had to change that to /23. So now my virtual Network is running the 10.0.0.0/23 subnet. You can also create a new virtual network to connect to. For this example let’s use the following information :

site2site04

In my environment I’m using the same IP addresses. You can choose your own name(s). Now go to the virtual network you’re running or just have created and go to subnets. Click +Gateway subnet.

site2site05

Add the following information :

site2site06

Now we are going to create a new Virtual Network Gateway :

site2site07

Use the following information :

site2site08

Give it a new, use VPN/Route-based. Choose Basic for SKU (is enough, can be upscaled later). Create a new public IP for your VPN and select the subscription and resource group. Choose to create and wait approx 30 min.

Now we must create a Local Network Gateway :

site2site09

You can choose your own name, make sure to use your public IP address of the WAN Adapter of pfSense. Choose to create your local network gateway. This can take approx 45 minutes.

Now go to the local network gateway you have just created and go to connections.

site2site10

Give it a name, a think about a very long & secure Pre Shared Key. Remember this. You will need it later on!

site2site11

Ok…. #Azure #work #done… now fire up the pfSense interface :

Go to VPN/IPSec. Click on Add P1 at bottom right. This is the first phase of the IPsec tunnel negotiation. Fill out these values and make sure that you replace it with your specific IP. You can find your Azure Public IP here :

site2site12

Ok, you will need these neccessary info for Phase 1:

site2site13

For Phase 1 Proposal (Authentication) use the values and I hope you still know your shared private key ūüôā :

site2site14

For Phase 1 Proposal (Algorithms) use the values :

site2site15

Use these Advanced options :

site2site16

Now go to VPN / IPsec / Tunnels

site2site17

Expand Show Phase 2 Entries and Click Add P2 :

site2site18

Use the following information (General Information) :

site2site19

Use the following information (proposal) :

site2site20

Leave the Advanced configuration default :

site2site21

site2site22

Now let’s open pfSense a bit, let’s allow the firewall IPsec traffic. In orde to do that, from the main menu go to Firewall, Rules and then click on the IPsec sub-menu.

site2site24

Ok, now we are done! Great job… but let’s test it first! Go to the Windows 10 test VM. In Azure I opened RDP and Ping for testing purposes.

site2site23

As you can see from my internal network @home I can ping and RDP to the INTERNAL (!) IP Address of my Azure resources. Job well done!


My review of the Azure app (Android)

A couple of days while I was driving to the beach I noticed a problem with one of my machines running on Azure. Ofcourse I didn’t bring my laptop, so I first tried the Azure App in real life. I was very pleased. You can’t always predict what will happen or when, but you can be prepared. That’s where the recently updated, Azure mobile app comes in. Stay connected to your Azure resources – anytime, anywhere.

Using the App it’s possible to :

  • Check status and critical metrics of your Azure resources
  • Get notifications and alerts about important health issues
  • Performance simple operations to resolve common issues
  • Run powerful Azure Cloud Shell scripts in the App

You can take the power of Azure with you on your mobile phone/tablet!

AzureApp01AzureApp02AzureApp03

After downloading the App from the store, it was very easy to get it up and running (support for MFA).

Azure App

In my case I tested the Android version, but there is a iOS version also. Normally I don’t prefer working on my phone or tablet but just using my laptop or desktop but sometimes it’s very handy to be able to quickly restart a VM for example. Or see the load (metrics) of some of your services. Even be able to receive notifications is very handy!

The Azure app puts every subscription from every service in your pocket. Scroll through all your resources and resource groups, search by name, or filter by resource to find the resource you need.

AzureApp04AzureApp05AzureApp06

Each resource includes the following information (when applicable):

  • Status
  • Number of errors in the past week
  • Important properties (Essentials)
  • Key usage metrics
  • Related resources
  • All resource properties

AzureApp08AzureApp09AzureApp10

For those of you with a lot of subscriptions and resources, scrolling and filtering – on your mobile device! – might get a little tedious. Save swipes and taps by adding the resources you want to keep a close eye on to your favorites list. Just open the resource, tap the star, and go! The next time you open the app, you will start on the favorites tab to help get you to your resources faster than ever.

AzureApp11

Perhaps the most important aspect of building your business in the cloud is the confidence and knowledge that everything’s up and running and your customers aren’t impacted by unexpected events. With the Azure app at hand, you’ll never need to guess. Just open the Notifications tab for a personalized list of Azure health alerts and important metrics that you’re monitoring for your resources.

If any of your resources in the selected subscription have been impacted by an Azure health event over the last week, you’ll see the details listed on the¬†Notifications¬†tab. Every health alert includes:

  • Status
  • Link to the impacted subscription
  • Latest communication details
  • Tracking ID unique to the event
  • List of impacted locations
  • List of impacted services
  • Brief history of the status over the past week

AzureApp12AzureApp13

You’ll also find your custom resource metric alert rules in the list. Each metric alert includes:

  • Status (activated or resolved)
  • Link to the related resource
  • Description of the alert rule, if specified
  • Brief history of the status over the last week

In addition to getting metric alerts on the¬†Notifications¬†tab, you’ll also be notified about these alerts when you visit resource details. Just tap the notification to open the details.

AzureApp14AzureApp15

Many services offer simple commands to help you resolve common issues for your resources from the Azure app:

  • Suspend and resume¬†Analysis Services¬†servers
  • Open the¬†API Management¬†portal in the browser
  • Start, stop, and restart¬†App Service¬†web apps and deployment slots
  • Start and stop¬†App Service¬†environments
  • Restart all¬†App Service¬†web apps in a plan or environment
  • Open¬†App Service¬†web apps and deployment slots in the browser
  • Start and stop¬†Content Delivery Network¬†endpoints
  • Start, stop, and swap¬†cloud service¬†slots
  • Open the¬†HDInsight¬†portal in the browser
  • Open¬†Log Analytics¬†workspaces in the Operations Management Suite app
  • Enable and disable¬†Logic App¬†workflows
  • Enable and disable¬†Scheduler¬†job collections
  • Start and stop¬†Stream Analytics¬†jobs
  • Start, stop, and restart¬†virtual machines
  • Connect to Windows¬†virtual machines¬†using the RDP app
  • Start, stop, and restart¬†virtual machine scale set¬†instances
  • Open¬†Visual Studio Team Services¬†accounts in the browser

Of course, many more are on the way. As a companion app for mobile workers, the Azure app doesn’t include every feature in the Azure portal, but as you can see it provides great flexibility while using your phone or tablet.

I think the Azure App is a need to have for every Azure administrator! Just download the app in the appstore and let me know what your thank about the app!