Microsoft on The IT Hollow

Azure Scale Sets

Mon, 03 Oct 2016 14:10:32 +0000

Azure scale sets are a way to horizontally increase or decrease resources for your applications. Wouldn’t it be nice to provision a pair of web servers behind a load balancer, and then add a third or fourth web server once the load hit 75% of capacity? Even better, when the load on those web servers settles down, they could be removed to save you money? This is what an Azure scale set does. Think of the great uses for this; seasonal demand for a shopping site, event promotions that cause a short spike in traffic, or even end of the month data processing tasks could automatically scale out to meet the demand and then scale in to save money when not needed.

Get Started with Azure Automation

Mon, 19 Sep 2016 14:15:50 +0000

Microsoft Azure has a neat way to store and run code right from within Microsoft Azure called “Azure Automation”. If you’re familiar with Amazon’s Lambda service, Azure Automation is similar in many ways. The main difference is that in Azure, we’re working with PowerShell code instead of Python or Node.js.

Create An Azure Automation Account

To get started, the first thing that we need to do is to setup an Azure Automation Account. In your Azure instance, browse for “Automation Accounts” and then click Add. Give the account a name and a subscription that the PowerShell commands should run under. As with any Azure objects, select a resource group or create your own and then select a location. The last setting is to decide whether or not the account with be an “Azure Run As” account. If you select “Yes” then the account will have access to other Azure Resources within your instance. For our examples, this account should be a “run as” account.

Microsoft Azure Portals

Mon, 12 Sep 2016 14:05:06 +0000

If you’re getting started with Microsoft Azure, you may feel confused about where things are located. One of the reasons for this confusion is the current use of multiple portals. It’s hard enough to learn how subscriptions work, how to access the resources through PowerShell and all of those new concepts without having to navigate different sites. This post should shed some light on what the portals are and how they’re used.

Azure Cloud Services

Wed, 07 Sep 2016 14:00:55 +0000

Azure provides a Platform-as-a-Service offering called a “Cloud Service.” Instead of managing every part of a virtual machine (the middle-wear and the application) it might be desirable to only worry about the application that is being deployed. An Azure cloud service allows you to just focus on the app, but does give you access to the underlying virtual machine if you need to use it.

So what makes up an Azure Cloud Service? There are two main types of virtual machines that are deployed through a cloud service; web roles and worker roles. Web roles are Windows servers with IIS installed and ready to use on them. Worker roles are Windows servers without IIS installed. In addition to the Windows instances that will be deployed, a cloud service also includes a load balancer that will automatically load balance the web roles, and an IP Address will be assigned to the load balancer. One thing to note is that the web server roles have an agent installed on them as well so that the load balancer can determine if the server is working correctly and if it needs to remove a server from the load balancer.

Azure Network Interfaces

Tue, 06 Sep 2016 14:05:44 +0000

Azure allows you to manage network interfaces as an object that can be decoupled from the virtual machine. This is important to note, because when you delete your virtual machine, the Network Interface will still be in the Azure Portal. This NIC and all of it’s settings will still exist for reuse if you wish. This would include keeping the Public IP Address that is associated with it, subnets, and Network Security Groups.

Deploying Virtual Machines in Microsoft Azure

Tue, 23 Aug 2016 14:01:28 +0000

Congratulations! If you’ve made it this far in the Microsoft Azure Series, you’re finally ready to start deploying virtual machines in Microsoft Azure. Let’s face it, the whole series has led up to this post because most of you are probably looking at getting started in Azure with the virtual machine. It’s familiar and can house applications, databases, data or whatever you’ve been housing in in your on premises data center. If you’re trying to benchmark Azure with you’re own data center apps, virtual machines are probably where you’ll spend your time. As you learn more about the the platform, Azure’s PaaS offerings might be more heavily used to prevent you from having to manage those pesky operating systems but for now we’re focusing on the VM.

Install PowerShell on Mac

Mon, 22 Aug 2016 14:10:58 +0000

It’s a weird thing to say, but we can install PowerShell on Mac after the announcement from Microsoft that PowerShell will be available for both Macintosh and Linux. It’s pretty easy to accomplish but having a great scripting language like PowerShell available for Mac is really cool and deserves a blog post. I mean, now I don’t even need to fire up my Windows virtual machine just to run PowerShell!

To get started, download the OSX .pkg file from the github page: https://github.com/PowerShell/PowerShell/releases/

Get Started with Azure PowerShell

Mon, 15 Aug 2016 14:35:02 +0000

Microsoft Azure has its own command line that can be used to script installs, export and import configurations and query your portal for information. Being a Microsoft solution, this command line is accessed through PowerShell.

Install Azure PowerShell

Using PowerShell with Microsoft Azure is pretty simple to get up and going. The first step to getting started is to install the Azure PowerShell modules. Open up your PowerShell console and run both “Install-Module AzureRM” and then “Install-Module Azure”.

Azure Storage Accounts

Thu, 11 Aug 2016 14:05:47 +0000

Azure storage accounts provide a namespace in which to store data objects. These objects could be blobs, file, tables, queues and virtual machine disks. This post focuses on the pieces necessary to create a new storage account for use within Azure Resource Manager portal.

Setup

To setup a storage account go to the Azure Resource Manager Portal, select storage accounts and then click the “Add” button. From there you’ll have some familiar settings that will need to be filled out such as a unique name for the account, a subscription to use for billing, a resource group for management, and a location for the region to be used. The rest of this article explains the additional settings shown in the screenshot below.

Create Azure VPN Connection

Mon, 08 Aug 2016 14:05:37 +0000

Unless you’re starting up a company from scratch, you probably won’t host all of your workloads in a public cloud like Microsoft Azure. If you’re building a hybrid cloud, you probably want to have network connectivity between the two clouds and that means a VPN. Microsoft Azure uses a Virtual Network Gateway to provide this connectivity.

NOTE: As of the writing of this blog post, Microsoft has two portals that can be used to provide cloud resources. The Classic portal and the Azure Resource Manager portal. This post focuses on setting up a VPN tunnel using the new Azure Resource Manager portal.

Azure Network Security Groups

Wed, 03 Aug 2016 14:05:32 +0000

An Azure network security group is your one stop shop for access control lists. Azure NSGs are how you will block or allow traffic from entering or exiting your subnets or individual virtual machines. In the new Azure Resource Manager Portal NSGs are applied to either a subnet or a virtual NIC of a virtual machine, and not the entire machine itself.

NOTE: At the time of this post, Azure has a pair of Azure portals, including the classic portal where NSGs are applied to a virtual machine, or the Resource Manager Portal where NSGs are applied to a VNic of a virtual machine.

Setup Azure Networks

Mon, 01 Aug 2016 14:05:16 +0000

Setting up networks in Microsoft Azure is pretty simple task, but care should be taken when deciding how the address space will be carved out. To get started lets cover a couple of concepts about how Azure handles networking. To start we have the idea of a “VNet” which is the IP space that will be assigned to smaller subnets. These VNets are isolated from each other and the outside world. If you want your VNet to communicate with another VNet or your on-premises networks, you’ll need to setup a VPN tunnel. You might be wondering, how do you do any segmentation between servers without having to setup a VPN then? The answer there is using subnets. Multiple subnets can be created inside of a VNet and security groups can be added to them so that they only allow certain traffic, sort of like a firewall does.

Guide to Getting Started with Azure

Mon, 18 Jul 2016 15:01:24 +0000

Following the posts in order, this guide should help you to understand and get familiar with Microsoft Azure. This is a guide to getting started with Azure that you can build upon to deploy your own public cloud environment.

Azure Accounts and Subscriptions

Azure Active Directory Integration

Azure Resource Groups

Setup Azure Networks

Azure Network Security Groups

Create Azure VPN Connection

Azure Storage Accounts

Setup Azure PowerShell

Azure Virtual Machine Deployment

Azure Network Interfaces

Azure Cloud Services

Azure Scale Sets

Understanding the Multiple Azure Portals

Using Azure Automation

Microsoft Azure Official Links

Azure Resource Manager Portal - https://portal.azure.com Azure Classic Portal - http://manage.windowsazure.com Microsoft Azure Documentation and Resources - https://azure.microsoft.com

Azure Resource Groups

Mon, 18 Jul 2016 14:05:36 +0000

An Azure resource group is a way for you to, you guessed it, group a set of resources together. This is a useful capability in a public cloud so that you can manage permissions, set alerts, built deployment templates and audit logs on a subset of resources. Resource groups can contain, virtual machines, gateways, VNets, VPNs and about any other resource Azure can deploy.

Most items that you create will need to belong to a resource group but an item can only belong to a single resource group at a time. Resources can be moved from one resource group to another.

Azure Subscriptions

Mon, 11 Jul 2016 14:12:30 +0000

Azure is a great reservoir of resources that your organization can use to deploy applications upon and the cloud is focused around pooling resources together. However, organizations need to be able to split resources up based on cost centers. The development team will be using resources for building new apps, as well as maybe an e-commerce team for production uses. Subscriptions allow for a single Azure instance to separate these costs, and bill to different teams.

Microsoft Dynamic Access Control (Part 1)

Mon, 28 Apr 2014 13:05:45 +0000

Microsoft Dynamic Access Control is a new way to deploy access rules to your file shares. For many moons now, System Administrators have had a tedious task of managing tens, hundreds, or thousands of security groups to control how files are accessed.

Groups of users have always needed to maintain different sets of security rules to prevent people from accessing confidential files. Human Resources obviously doesn’t want people outside their department to have access to personnel files, separate office locations may not want to share data with other offices in the same domain, and countries or cities might have different restrictions about sharing files with each other.

Microsoft Dynamic Access Control (Part 2 - Claims)

Mon, 28 Apr 2014 13:04:52 +0000

In part 1 of the series we covered some generalities about Microsoft Dynamic Access Control and a few steps needed to prepare the domain and file servers. Now let’s look at creating claims.

A claim is a user, device or resource property. A user in Active Directory will have properties such as Location, Department, manager, etc. Each of these properties is a claim but for any actions to be utilized by Direct Access, they have to be defined.

Microsoft Dynamic Access Control (Part 3 – Resource Properties)

Mon, 28 Apr 2014 13:03:00 +0000

So far we’ve covered:

In this post we’ll look at Resource Properties.

Resource Properties

A resource property is a claim that describes the characteristics of an object in the file system. A claim is a descriptor of a user or a device whereas a resource property is a characteristic of a file or folder.

As an example, we have a folder with HIPPA related information in it. A description can be added to this folder to indicate that it has Protected Health Information (PHI) contained in that folder. This PHI description is a resource property.

Microsoft Dynamic Access Control (Part 4 – Rules and Policies)

Mon, 28 Apr 2014 13:01:47 +0000

We’ve discussed Initial configuration steps, Claims, and Resource Properties and we’re starting to see the power of Microsoft’s Dynamic Access Control, but we need a better way to manage these and that’s why we’ve come to “Rules and Policies”.

A Central Access Rule can be used to take claims such as users in a department and match them up with permissions on a filefolder with specific resource properties. This is where the real power comes into play because now we don’t have to go through and map these for each individual file. We’re setting a general policy for the entire organization all at once.

Microsoft Dynamic Access Control (Part 5 - Auto Classification)

Mon, 28 Apr 2014 13:00:33 +0000

In the first four parts of the Dynamic Access Control Series we covered Initial Configurations, Claims, Resource Properties and Rules Policies. These are working great in our environment but we still have to go through and manage the classification tags. Wouldn’t it be easier to have some files automatically tagged with a certain resource classification?

Enter File Server Resource Manager to the rescue!

Classification Rules

From within File Server Resource Manager (FSRM) go to Classification Rules and choose to “Create Classification Rule…”

Microsoft IPAM (IP Address Management)

Tue, 04 Feb 2014 13:30:12 +0000

Microsoft IPAM (IP Address Management) is a feature that was released in Windows Server 2012 to help administrators manage decentralized DHCP and DNS Servers. Previously administrators may have needed to use spreadsheets to keep track of DHCP Scopes, IP Addresses DNS Names etc but with IPAM installed, a single server can refresh all of this data and put it in a single, always up to date place.

Deployment Guidelines

There are a few things you should know before installing IPAM.

Is Microsoft Direct Access the new VPN?

Wed, 22 Jan 2014 15:43:00 +0000

Mobility is no longer a challenge to traditional IT environments, it’s the standard. Users work from home to save office space, need to be connected during sales trips and are consistently not in the corporate office connected to the local area network (LAN). Combine this demand for a mobile workforce with the ever increasing security requirements put forth such as HIPPA and PCI-DSS etc make this a significant hurdle for IT departments. Microsoft Direct Access may be a solution that eases this hardship.

Microsoft Offline Domain Join

Mon, 20 Jan 2014 14:13:13 +0000

These days, companies are dealing more with mobility, than ever before. IT infrastructure is now spread out in the cloud, and users may be working from the road, remote offices or from home. This is making it more difficult to manage a secure IT Infrastructure.

Microsoft is taking steps to allow IT Administrators to start controlling machines even when they aren’t connected to a corporate infrastructure. Microsoft Offline Domain Join was released as a new feature with Windows Server 2008 R2. This feature allows a machine that is not directly connected to a network with Active Directory, to be joined anyway.

Microsoft's Resilient File System (ReFS)

Mon, 13 Jan 2014 14:30:52 +0000

Microsoft has a new file system designed to increase data integrity, scalability and availability called the Resilient File System (ReFS). This file system has leveraged many of the NTFS file system goodies and expanded them to make it more scalable and prevent corruptions. ReFS was released with Server 2012 and at the moment is designed for use with file shares. It cannot be used as a boot volume at the present time, but this file system seems poised to replace NTFS down the road.

Microsoft Storage Spaces

Mon, 06 Jan 2014 14:15:25 +0000

Microsoft Storage Spaces feature used to handle data redundancy, scalability and performance. Storage Spaces takes a set of Just a Bunch of Disks (JBOD) and pairs them together to allow for; either failures of a disk, gaining the performance of multiple spindles, or gaining the space of multiple disks. Traditionally this has all been handled by creating a Redundant Array of Independent Disks (RAID) group. Some examples of RAID would be:

Striping (RAID 0)
Mirroring (RAID 1)
Parity (RAID 5 or 6)

Storage Spaces create a similar type of RAID Group but then throw a virtual disk on top of them so that multiple types of stripes can be used on the same disks. For example, three physical disks can be put into a storage space. From there, three separate types of VDISKs can be created, Mirrored, Spanned and Parity can then be placed on the same set of disks with no issue. The diagram below shows an example.

Active Directory Snapshot

Mon, 16 Dec 2013 14:15:11 +0000

Active Directory (AD) is the base of most enterprise level infrastructures and has been for some time. We have become accustomed to seeing this structure and depending on it. But AD has been a thorn in our side since virtualization has become popular due to the inability to take snapshots. This is no longer the case if your shop is running Windows Server 2012 with Active Directory.

With the release of Active Directory 2012, Microsoft has added a new object called the VM GenerationID that allows us to snapshot AD Servers.

Windows Server 2012 as a Storage Device for vSphere Home Lab

Tue, 24 Sep 2013 13:30:39 +0000

If you’ve got a some hardware lying around for your lab, Windows Server 2012 may be a great solution for a home storage device. You can now do both block (iSCSI) and NAS (NFS) on the same server, as well as having an OS to install some management apps on it. In my lab, I use this management server to run Veeam for my backups, PRTG network monitor for bandwidth tracking, as well as using this server for both iSCSI targets and NFS mounts.

Windows Server 2012 Server Groups

Mon, 20 May 2013 13:12:29 +0000

One of the new features in the latest version of Windows Server is the ability to create server groups. When you open the server manager you’ll see some server group options on the dashboard. You can add other servers to manage, or create a new group. Also, pay attention to the “Roles and Server Groups” section at the bottom of the screen which shows some of the server groups that were already set up.

Microsoft Exchange 2010 to Exchange 2013 Transition (part 1)

Mon, 29 Apr 2013 12:03:44 +0000

Microsoft has made the Exchange 2013 transition from Exchange 2010 a bit easier than it was in the past. This article should help to explain the process.

Prerequisites

Before you begin with this endeavor:

Make sure that your Exchange 2010 infrastructure has been patched to Exchange Service Pack 3, this includes Edge transport servers, Client Access Servers, Hub Transport Servers and Mailbox Servers. This service pack is required for the coexistence period with Exchange 2013 as noted in the Exchange Team’s Blog.
Say goodbye to Exchange 2003. You can not have Exchange 2003 in your organization any longer.
Check your DNS Server and Event logs for errors. It’s unlikely that you had DNS errors before an upgrade that you didn’t already know about but it’s certainly worth taking a look just to check. A few minutes of discovery is well worth not having hours of troubleshooting afterwards.
Plan your Exchange 2013 infrastructure. This article only explains the transition steps, but you should research and understand what your infrastructure should look like before you start a migration. Do you have multiple sites that need High Availability? Do you need multiple Exchange servers in a Database Availability Group? Do you need to separate your Client Access Server from your Mailbox Server for performance or management reasons, or can you put them on the same box? How many different Mailbox databases should you have? These are important design considerations.

Licensing

There are two flavors of Exchange 2013. Standard allows for up to five mailbox databases, and Enterprise allows for up to 50.

Microsoft Exchange 2010 to Exchange 2013 Transition (part 2)

Mon, 29 Apr 2013 12:02:47 +0000

Microsoft Exchange 2010 to Exchange 2013 Transition part 1 Microsoft Exchange 2010 to Exchange 2013 Transition part 3 Microsoft Exchange 2010 to Exchange 2013 Transition part 4

I assume you’ve reached this page because you finished ready part 1 and are now ready to dive into your newly installed Exchange 2013 server.

Microsoft Exchange 2010 to Exchange 2013 Transition (part 3)

Mon, 29 Apr 2013 12:01:45 +0000

Microsoft Exchange 2010 to Exchange 2013 Transition part 1 Microsoft Exchange 2010 to Exchange 2013 Transition part 2 Microsoft Exchange 2010 to Exchange 2013 Transition part 4

Migrate Mailboxes

You’re ready to migrate your mailboxes! Go to the Recipient link, mailbox category and choose the mailbox(es) you want to migrate. I’ll be migrating Ferb@hollow.lab to the new servers. Click “To another database” action on the lower right hand side of the menu.

Microsoft Exchange 2010 to Exchange 2013 Transition (part 4)

Mon, 29 Apr 2013 12:00:57 +0000

Microsoft Exchange 2010 to Exchange 2013 Transition Part 1 Microsoft Exchange 2010 to Exchange 2013 Transition Part 2 Microsoft Exchange 2010 to Exchange 2013 Transition Part 3

I want to take a second to explain that this series of posts on how to migrate to Exchange 2013 didn’t come without it’s share of difficulties.

NLB in vSphere (Unicast or Multicast)?

Tue, 08 May 2012 18:37:56 +0000

Suppose you have multiple virtual machines that you would like to distribute load across that are housed inside of your virtual environment. How do we go about setting up Network Load Balancing so that it will still work with things like DRS and VMotion?

Switch Refresher

In most networks we have switches that listen for MAC addresses and store them in their MAC Address Table for future use. If a switch receives a request and it knows which port the destination MAC address is associated with, it will forward that request out the single port. If a switch doesn’t know which port a MAC Address is associated with, it will basically send that frame out all of it’s ports (known as flooding) so that the destination can hopefully still receive it. This is why we’ve moved away from hubs and moved towards switches. Hubs will flood everything because they don’t keep track of the MAC Addresses. You can see how this extra traffic on the network is unwanted.