Tag Archives: Azure

Managing Azure using PowerShell

As already (briefly) mentioned in my previous blog post you better use PowerShell for more complex management tasks, when creating multiple similar resources and when you want to perform repetitive tasks that are prone to error in the GUI.

PowerShell was developed in the early 2000’s and created as a common management interface for all Microsoft operating systems and applications. By default, each Windows machine is configured with PowerShell, which can be used for managing that particular machine (or similar machines in the same network). For applications it’s different, each application (both Microsoft, but 3rd party as well) comes with its own PowerShell module. There are PowerShell modules for Active Directory, for Exchange server, for SharePoint server etc. Sometimes it’s an addition to the installed PowerShell module (like Azure), sometimes it’s installed as a separate PowerShell module like the Exchange Management Shell (Exchange PowerShell) or Azure Active Directory PowerShell.

Installing Azure PowerShell is relatively easy. You can use the Web Platform Installer (found on https://www.microsoft.com/web/downloads/platform.aspx) or you can use the following PowerShell commands in a PowerShell window with elevated privileges:

Install-Module AzureRM
Install-Module Azure

The latter is used to import the classic PowerShell module, similar to the classic portal as discussed in my previous blog post.

To import the Azure Resource Management module into the existing PowerShell execute the following commands:

Set-ExecutionPolicy Unrestricted
Import-Module AzureRm

That’s enough to install the Azure PowerShell modules on your machine. You can login to Azure using the following command:

Login-AzureRmAccount

A pop-up will appear to enter your credentials, and when authenticated you have a connection with Microsoft Azure. Enter the Get-AzureRMResourceGroup to see the Resource Groups in use in your environment:

image

The cool thing about PowerShell is that you can work with variables. For example, you can store the credentials in a variable called $Cred. Execute the following command in PowerShell:

$Cred = Get-Credentials <your tenant admin account>
Login-AzureRMAccount -Credential $Cred

For retrieving the credentials a small pop-up box is presented where you have to enter the administrator password.

Note. This works with a regular school or workaccount, but this does not work with a Microsoft account (i.e. Hotmail, Outlook or Live account).

Certificate based authentication

Using a username and password is not convenient when working with scripts, since scripts should have the possibility to run completely unattended. To overcome this you can use certificate based authentication. You install an Azure certificate on your workstation or server, and this certificate is used to authenticate the session.

When working with certificate based authentication there’s a difference between Azure Service Manager (the classic way) and the Azure Resource Manager mode. In ASM you have to generate and import the certificate using the Get-PublishSettingsFile and the Import-PublishSettingsFile, while in ARM you have to request the certificate and create an application and service principal to use the certificate.

I’ll get back on certificate based authentication in a future blogpost.

Managing Azure using the Azure Portal

One of the ways to manage your Azure environment is using the Azure Portal. Most services and configuration options are available in the Azure Portal, which is accessible through https://portal.azure.com. When logging on to the portal you’ll see the dashboard, which should look something like this:

image

On the left you’ll see the hub menu, this is the main navigation to all services available in Azure. The dashboard contains several shortcuts, and when creating new resources, you can pin these to the dashboard for easy navigation. In the screenshot above you see a Virtual Machine pinned to the dashboard.

When you click on a menu item, for example Virtual Machines the VM resources are shown in a so called blade. A blade contains information of a resource, and when you click on a resource its details are shown in an additional blade on the right.

image

When you click on a VM in this example another pane is opened with information and configuration options for this Virtual Machine:

image

This way you can easily browse through all the resources.

Resource Groups

Resources are grouped together in Resource Groups. Resource Groups are a logical grouping of resources for management purposes. Resource Groups are defined in a region, for example West Europe or East US. Resources are located in only one Resource Group and cannot be a member of multiple Resource Groups. However, a resource can access resources in another Resource Group, or can be accessed by resources located in another Resource Group.

If you click on Resource Groups in the Hub Menu and click on a Resource Group (RG_Holland in this example) a new blade is opened with options for this Resource Group, and the various resources in this Resource Group. In the following screenshot you’ll see all resources (comes with only one Virtual Machine) in the RG_Holland Resource Group.

image

Service limits

One question that often arises is “are there certain limits in Azure?” especially when designing new Azure environment. Yes, there are service limits, and these are described in the Microsoft document “Azure subscription and service limits, quotas, and constraints” which can be found at https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits.

For example, the default limit for ‘Virtual Machines per availability set’ is 200. When looking at networking, the default limit for Virtual Networks is 50, the maximum limit for Virtual Networks is 1000. If you hit the limit of 50 Virtual Networks you can log a call at Microsoft and request the limit to be raised to a higher value.

Classic Portal

You’ll see the term ‘classic model’ and ‘classic portal’ at various places. This is the original model that Microsoft used when they started with Azure. In 2014 Microsoft introduced the Resource Model for Azure, and almost all services have now been decommissioned from the classic model, or migrated to the Resource Model.

There’s also a classic portal, which can be found at https://manage.windowsazure.com.

image

Microsoft is still working at decommissioning services from the classic model, and where needed a warning message is shown when a certain service is decommissioned.

Azure Active Directory Portal

Another Portal I’d like to point out is the recently introduced Azure Active Directory Portal, which can be found at https://aad.portal.azure.com.

The Azure Active Directory admin center as it’s called looks very much like the regular Azure Portal, besides that it’s focused on Azure Active Directory and related services.

image

Summary

In this blog post I’ve shown you the three portals that are available in Microsoft Azure. The classic portal is being decommissioned, and use of the classic model is not recommended. Instead, the resource model that was introduced in 2014 should be used.

With this resource model come Resource Groups, and resources are logically grouped into Resource Groups, just for management purposes (and nothing else).

Recovery Vault cannot be deleted

During a demo I created a Recovery Vault in Azure, and in Azure SQL I created a long-term retention policy. After the demo I deleted the Azure SQL instance and tried to remove the Recovery Vault. No luck, and I got the following error message:

Vault ‘databasebackupvault’ cannot be deleted as there are existing resources within the vault. Please delete any replicated items, registered servers, Hyper-V sites (Used for Site Recovery), policy associations for System Center VMM clouds (Used for Site Recovery) and then delete the vault.

image

After removing the backup items from the Recovery Vault I tried to remove the Recovery Vault again (the Vault was really empty), but still no luck. Waiting over the weekend didn’t solve it either, there was nothing in the Recovery Vault, but still no deletion.

image

Also Azure PowerShell was not willing to remove the Recovery Vault:

image

It turns out that the long-term retention from Azure SQL was still in the Recovery Vault, and you cannot see this anywhere. The only way to check this, and remove this is by using Azure PowerShell using the following script:

$RecoveryVault = Get-AzureRmRecoveryServicesVault
Set-AzureRmRecoveryServicesVaultContext -Vault $RecoveryVault

$Containers = Get-AzureRmRecoveryServicesBackupContainer -ContainerType AzureSQL -FriendlyName $RecoveryVault.Name
ForEach ($Container in $Containers) {
  $Items = Get-AzureRmRecoveryServicesBackupItem -container $Container -WorkloadType AzureSQLDatabase
  ForEach ($Item in $Items) {
    Disable-AzureRmRecoveryServicesBackupProtection -item $Item -RemoveRecoveryPoints -ea SilentlyContinue
  }
  Unregister-AzureRmRecoveryServicesBackupContainer -Container $container
}
Remove-AzureRmRecoveryServicesVault -Vault $RecoveryVault

When running this script you get a warning message if you really want to remove this, and if yes the Recovery Vault is finally removed.

image

Introduction to Azure – Microsoft Public Cloud

Azure is Microsoft’s public cloud platform for IaaS (Infrastructure as a Service) and PaaS (Platform as a Service) Solutions. Microsoft also has a SaaS (Software as a Service) public cloud platform, this is known as Office 365.

What makes a platform a cloud platform? The “National Institute of Standards and Technology” or NIST has defined the characteristics of a cloud platform. The characteristics of a cloud platform are:

  • On-demand self-service.
  • Broad network access.
  • Resource pooling.
  • Rapid elasticity.
  • Measured service.

There are also multiple cloud platforms:

  • Public cloud platform – This is a cloud platform where all resources are shared between multiple customers. The platform is separated into different so called ‘tenants’. Customers in one tenant are totally unaware of customers in other tenants on the same platform. A cloud platform is typically found on the Internet.
  • Private cloud platform – This is a dedicated cloud platform, built for a specific customer. It has the same characteristics as a public cloud form. It can be found on the Internet, on-premises or in a datacenter, but connected using VPN networks.
  • Hybrid cloud platform – This is a combination of a public and a private cloud platform.

image

I’ve written an article about private clouds for Red Gate and contains some more information regarding clouds and cloud characteristics. You can find this article on the Red Gate site at https://www.red-gate.com/simple-talk/cloud/cloud-development/private-cloud-what-is-it-and-why-do-you-need-it/

Also interesting to note are the XaaS solutions:

  • SaaS – Software as a Service. Office 365 is the Microsoft SaaS solution. You have a subscription to a complete solution, for example an email service (Exchange Online) or a document management solution (SharePoint Online, OneDrive for Business) or a collaboration solution (Skype for Business). You only have to take care about the user accounts, all infrastructure and platform is managed by Microsoft. A SaaS solution is easy to manage, but doesn’t offer too much flexibility.
  • IaaS – Infrastructure as a Service. In a IaaS solution Microsoft is offering for example Virtual Machines (VM) and these VMs can have different operating systems, for example Windows Server 2012 R2, Windows Server 2016 or a Linux OS. You are responsible for the configuring and managing the servers, including the applications installed on the servers. IaaS offers a lot of flexibility, but automatically includes complexity and responsibility.
  • Paas – Platform as a Service. In a PaaS solution Microsoft is offering solutions like Azure SQL, Web Apps or Cloud Services. For example, when you have an Azure SQL solution, you can define your own SQL Server and Database, but Microsoft is responsible for the SQL Server application, provisioning, management etc. You only have a SQL Database according to predefined requirements. In the Azure Cloud services, you have a front-end back-end infrastructure, where you can create your own application, including business logic (in the back-end) or connections to (Azure) databases. Depending on the solution you’ve configured it can come with more (or less) complexity and flexibility.

image

There are more ‘as a Service’ solutions. I’ve seen hosting customers offering their own backup solutions as ‘Backup as a Service’, or ‘Database as a Service’. It’s up to your own offering when you are a (Microsoft) hosting partner.

Azure Services

Microsoft Azure consists of several ‘containers’, each consisting of their own service, as can be seen in the following picture:

image

There can be dependencies between various services. For example, when creating an Azure Virtual Machine, you also need a Virtual Network and Storage. Maybe you want to backup your VMs and you need Azure Backup, or integrate your environment with Azure Active Directory.

A quick note on Azure Active Directory. This is the underlying directory for all Office 365 services. If you have an Office 365 tenant, all users and groups are automatically created in Azure Active Directory. This is the same directory as being used in your Azure tenant, so if you logon to your Azure environment using your Office 365 admin credentials you’ll see all Office 365 users when selecting Azure AD in the Azure Portal.

Azure Datacenters

Azure is hosted in multiple datacenters across the world. At the moment of writing there are 42 datacenters worldwide. You can see these datacenter on the following website: https://azure.microsoft.com/en-us/regions/

Using the ‘Explore products per region’ you can do a deep diver per region, and check which services are available in that region.

image

Datacenters are tied together in a ‘datacenter pair’. For example, Datacenter pairing occurs between West Europe (in The Netherlands) and North Europe (Ireland). If data is stored in one location (West Europe) and you need to store it in another location for resiliency, it is automatically stored in North Europe. This way data is not automatically replicated outside the political region (i.e. Europe). If you want, or if there’s a need, you can still configure geo-replication to another datacenter in the world, for example from West Europe to East US, but that’s a manual configuration and never occurs automatically.

Managing Azure

Azure can be managed using different solutions, but the two most often used are the Azure Portal and Azure PowerShell.

The Azure Portal is easy, just navigate to https://portal.azure.com and login using your tenant administrator credentials. You’ll see something like this:

image

In the Azure Portal you can configure most solutions and options, and I’ll discuss various of these in upcoming blog post.

The second option is to use Azure PowerShell. This can be installed using the Web Platform Installer (https://www.microsoft.com/web/downloads/platform.aspx) or by executing the following commands in a PowerShell window (with elevated privileges):

Install-Module AzureRM
Install-Module Azure
Set-ExecutionPolicy Unrestricted
Import-Module AzureRm

Once imported you can login using the following command:

Login-AzureRmAccount

and start managing your Azure environment using PowerShell. Again, this will also be covered in upcoming blogpost.

Summary

Azure is Microsoft’s public cloud solution for IaaS and PaaS solutions. Azure is hosted in datacenters worldwide, and by nature offers high availability, resiliency etc. to create scalable and available solutions.

Azure can be managed by the Azure Portal and by Azure PowerShell. The first one is easy to use, the second one offer a lot more flexibility, scripting options and automating solutions. This is extremely important when creating larger environment that need to be consistent.

In my upcoming blog’s I’ll show you more about the Azure Portal, Azure PowerShell, Virtual Machines, Storage and Virtual Networking.