Microsoft

Azure storage accounts provide a namespace in which to store data objects. These objects could be blobs, file, tables, queues and virtual machine disks. This post focuses on the pieces necessary to create a new storage account for use within Azure Resource Manager portal. Setup To setup a storage account go to the Azure Resource Manager Portal, select storage accounts and then click the “Add” button. From there you’ll have some familiar settings that will need to be filled out such as a unique name for the account, a subscription to use for billing, a resource group for management, and a location for the region to be used. The rest of this article explains the additional settings shown in the screenshot below. ...

Unless you’re starting up a company from scratch, you probably won’t host all of your workloads in a public cloud like Microsoft Azure. If you’re building a hybrid cloud, you probably want to have network connectivity between the two clouds and that means a VPN. Microsoft Azure uses a Virtual Network Gateway to provide this connectivity. NOTE: As of the writing of this blog post, Microsoft has two portals that can be used to provide cloud resources. The Classic portal and the Azure Resource Manager portal. This post focuses on setting up a VPN tunnel using the new Azure Resource Manager portal. ...

An Azure network security group is your one stop shop for access control lists. Azure NSGs are how you will block or allow traffic from entering or exiting your subnets or individual virtual machines. In the new Azure Resource Manager Portal NSGs are applied to either a subnet or a virtual NIC of a virtual machine, and not the entire machine itself. NOTE: At the time of this post, Azure has a pair of Azure portals, including the classic portal where NSGs are applied to a virtual machine, or the Resource Manager Portal where NSGs are applied to a VNic of a virtual machine. ...

Setting up networks in Microsoft Azure is pretty simple task, but care should be taken when deciding how the address space will be carved out. To get started lets cover a couple of concepts about how Azure handles networking. To start we have the idea of a “VNet” which is the IP space that will be assigned to smaller subnets. These VNets are isolated from each other and the outside world. If you want your VNet to communicate with another VNet or your on-premises networks, you’ll need to setup a VPN tunnel. You might be wondering, how do you do any segmentation between servers without having to setup a VPN then? The answer there is using subnets. Multiple subnets can be created inside of a VNet and security groups can be added to them so that they only allow certain traffic, sort of like a firewall does. ...

An Azure resource group is a way for you to, you guessed it, group a set of resources together. This is a useful capability in a public cloud so that you can manage permissions, set alerts, built deployment templates and audit logs on a subset of resources. Resource groups can contain, virtual machines, gateways, VNets, VPNs and about any other resource Azure can deploy. Most items that you create will need to belong to a resource group but an item can only belong to a single resource group at a time. Resources can be moved from one resource group to another. ...

Azure is a great reservoir of resources that your organization can use to deploy applications upon and the cloud is focused around pooling resources together. However, organizations need to be able to split resources up based on cost centers. The development team will be using resources for building new apps, as well as maybe an e-commerce team for production uses. Subscriptions allow for a single Azure instance to separate these costs, and bill to different teams. ...

The cloud doesn’t need to be a total shift to the way you manage your infrastructure. Sure, it has many differences, but you don’t have to redo everything just to provision cloud workloads. One thing you’ll probably want to do is connect your Active Directory Domain to your cloud provider so that you can continue to administer one group of users. Face it, you’re not going to create a user account in AD, then one in Amazon and then another one in Azure. You want to be able to manage one account and have it affect everything. Microsoft Azure allows you to extend your on-prem domain to the Azure portal. This post focuses on the AD Connector and doing a sync. ...

After a long day of working with Microsoft’s IPAM feature, I found that it might be possible to deploy my virtual servers with a static IP Address without going to look up an IP from an Excel spreadsheet or some other log. OK, let’s address the elephant in the room first. I know that there is this thing called DHCP and that I can already automatically assign an IP addresss, but with that solution, my IP Address could change from time to time. Typically, I create a DHCP Scope for servers that I’m just testing out, or need some dummy VMs with IP Addresses. This way I don’t have to worry about looking up stuff before deploying a VM that I’m going to destroy again shortly afterwards. I also use DHCP for PC’s, where I almost never care about the IP Address. ...

Microsoft Dynamic Access Control is a new way to deploy access rules to your file shares. For many moons now, System Administrators have had a tedious task of managing tens, hundreds, or thousands of security groups to control how files are accessed. Groups of users have always needed to maintain different sets of security rules to prevent people from accessing confidential files. Human Resources obviously doesn’t want people outside their department to have access to personnel files, separate office locations may not want to share data with other offices in the same domain, and countries or cities might have different restrictions about sharing files with each other. ...

In part 1 of the series we covered some generalities about Microsoft Dynamic Access Control and a few steps needed to prepare the domain and file servers. Now let’s look at creating claims. A claim is a user, device or resource property. A user in Active Directory will have properties such as Location, Department, manager, etc. Each of these properties is a claim but for any actions to be utilized by Direct Access, they have to be defined. ...