Thank you for attending our recent Partner Tech Night in Columbus OH on What's New in Microsoft Azure for Infrastructure and Development Partners. In this article, I've included a copy of our session deck and additional next step resources ...
This exam study guide is intended as a study reference tool to assist experienced architects with preparing for Microsoft Specialist certification via Exam 70-534, Architecting Microsoft Azure Solutions.
Exam 70-534 is one of three exams that can be successfully passed to complete Microsoft Specialist certification on Microsoft Azure. Other exams in this Microsoft Specialist series include:
Only one exam listed above (70-532 or 70-533 or 70-534) needs to be passed to attain Microsoft Specialist certification on Microsoft Azure.
This exam guide presents the target exam objectives within each of the above objective domains in a checklist format to provide an easy method for experienced exam candidates to quickly self-assess their general exam preparedness and also provide specific study resources to help candidates address knowledge gap areas prior to attempting this exam. These are the same study resources that I am personally using to prepare for Exam 70-534 myself, so I’ve already taken time to proof and review each and every resource ...
The Azure Service Management REST API can be a great compliment to the Azure PowerShell module when automating certain Azure cloud tasks for which there's not yet a defined set of PowerShell cmdlets. In previous articles, we've leveraged this API for specific scenarios, such as:
However, in each of our previous articles, we've used management certificates to authenticate to our Azure subscription when calling the Azure Service Management REST API. Azure Active Directory is being used by many organizations for centralized authentication to Azure via the Azure Management Portal, Azure PowerShell using the Add-AzureAccount cmdlet, and to other cloud-based applications (over 2,400 third-party apps as of the date of this article). This prompted me to consider leveraging Azure AD for Azure API authentication as an alternative to management certificates.
,
In this article, we'll step through the process of authenticating to the Azure Service Management REST API using Azure Active Directory via PowerShell. Leveraging these capabilities together gives us a consistent authentication and scripting experience, along with the extensibility that the Azure API provides.
Along the way, we'll also show a useful example for keeping track of the administrators and co-administrators for your Azure subscription.
The new Azure Preview Portal makes it super-easy to configure a highly available SQL Server 2014 AlwaysOn Availability Group cluster with a new Azure Resource Group Template. After completing 4 fields of information and clicking a single Create button, a complete cluster environment including an Azure Storage Account, Virtual Network, Active Directory Domain Controllers and SQL Server 2014 AlwaysOn cluster will be automatically configured. Of course, if you wish to customize any of the options, you're given the ability to do that too - but that's a few extra clicks! ;-)
When the cluster provisioning process is completed, your new cluster will look like this:
However, when attempting to add additional storage to your new cluster, you'll likely encounter some warning messages that may challenge you. In this article, we'll leverage a bit of PowerShell to sidestep those warnings and continue on our way towards expanding storage capacity and throughput for our AlwaysOn Availability Groups cluster.
Azure Virtual Network Gateways provide a great solution for quickly building secure cross-premises network connectivity for a Hybrid Cloud via IPsec site-to-site VPN tunnels. However, VPN tunnels can sometimes be a bit tricky to configure with certain on-premises VPN gateways. When the VPN tunnel isn't able to connect between Azure and your on-premises gateway device due to configuration or networking issues, you'll see a broken connection displayed in the Azure Management Portal for that Virtual Network Gateway.
Azure Virtual Network - Disconnected
Until recently, the only options for diagnosing VPN connection problems were to either troubleshoot via logs from the on-premises VPN gateway, or open an Azure support ticket for assistance with troubleshooting from the Azure side of this VPN tunnel. With the latest Azure PowerShell module, we now have the ability to directly troubleshoot VPN connections from Azure with three new PowerShell cmdlets: Start-AzureVNetGatewayDiagnostics, Stop-AzureVnetGatewayDiagnostics, and Get-AzureVNetGatewayDiagnostics.
In this article, we'll step through leveraging these new Azure PowerShell cmdlets to diagnose a site-to-site VPN gateway connection issue.
Microsoft Azure provides Point-to-Site VPN (aka. Client VPN) connectivity for secure remote access by development and operations teams to cloud-based workloads that are provisioned on an Azure Virtual Network. Azure Point-to-Site VPN connectivity uses SSTP as a firewall-friendly tunneling protocol and certificates for mutual authentication of each client connection.
You can find more details on configuring Azure Point-to-Site VPNs at the following link location:
When discussing Azure Point-to-Site VPN connectivity, one of the questions I frequently hear is ...
Great! But ... how do I disable a Point-to-Site VPN user when they're leaving my organization?
Azure Point-to-Site VPNs use certificates for user authentication and authorization, so we can simply revoke a user's certificate to disable their Point-to-Site VPN access. In this article, we'll step through the process of revoking and reinstating user certificates for Azure Point-to-Site VPNs by using the Azure PowerShell module and the Azure Service Management REST API.
Microsoft Azure provides secure access to cloud-based VMs for developers and IT operations teams via Point-to-Site VPN (aka. Client VPN) connectivity. This solution uses SSTP (Secure Socket Tunneling Protocol) to provide a secure, firewall-friendly solution that uses the native VPN client built-in with Windows 7 and later. In a future article, we'll also look at a cross-platform Client VPN connectivity option to Azure for Linux and Mac OS X clients.
After configuring Point-to-Site VPN connectivity in Azure, it's pretty easy to see the overall connection status on the Virtual Networks Dashboard page of the Azure Management Portal, as shown below.
Azure Management Portal: Virtual Network Dashboard page
BUT ... what if we want to see the details of each individual client IP address that is currently connected to the VPN? Luckily, with a bit a PowerShell and the Azure Service Management REST API, we can fetch those details as well! In this article, we'll show you how ...
There's lots of tools that can be leveraged for automating Linux workloads on Microsoft Azure, including Azure Automation, PowerShell DSC for Linux, VM Agent Custom Scripts, Cloud-Init, XPlat CLI for Azure, Vagrant, Docker and third-party tools such as Chef and Puppet. Azure provides a wide variety of automation options so that you can choose the tools with which you're most familiar and, in some cases, may already have an existing investment.
In Part 1 of this two-part article series, we stepped through the process for getting our Linux admin workstation setup for Azure cloud automation using the XPlat-CLI and Cloud-Init.
This article is Part 2 of this series. In this article, we'll leverage these tools for automatically provisioning an end-to-end highly available Linux server farm environment, including storage, networking, load-balancing, virtual machines and application workloads. As we proceed through this article, we'll be build a Linux shell script that implements this provisioning logic.
Since previously publishing the Quick Start Guide for Building Highly Available Linux Servers in the Cloud on Microsoft Azure, several people have asked me about ways in which Linux workload provisioning can be automated with Azure.
There's lots of tools that can be leveraged for automating Linux workloads on Microsoft Azure, including Azure Automation, PowerShell DSC for Linux, VM Agent Custom Scripts, Cloud-Init, XPlat CLI for Azure, Vagrant, Docker and third-party tools such as Chef and Puppet. The Azure team provides a wide variety of automation options so that you can choose the tools with which you're most familiar and, in some cases, may already have an existing investment.
This article is part 1 of a two-part series. In this article, we'll step through the process for getting our Linux admin workstation setup for Azure cloud automation using the XPlat-CLI for Azure and Cloud-Init.
In part 2 of this series, we'll leverage these tools for automatically provisioning a highly available Linux server farm environment using the scenario outlined in the Quick Start Guide referenced above.
We can assign static internal IP addresses for Azure Virtual Machines on a Virtual Network using either PowerShell or the new Azure Preview Portal. This is a useful capability for provisioning VM workloads that may require fixed IP address assignments, such as DNS servers.
Provisioning a VM with a Static internal IP address using Azure Preview Portal
Question: After provisioning a set of VM's with static internal IP addresses, how can I display a list of all VMs with static addresses in my subscription?
Answer: You can list all Azure VM's configured with static internal IP addresses in your Azure subscription with the following one-line PowerShell code snippet that leverages the Azure PowerShell Module.
Get-AzureVM | Select-Object -Property Name, @{Name='StaticIP';Expression={(Get-AzureStaticVNetIP -VM $_ ).IPAddress}}
Thanks for attending my presentation today at the Columbus SQLPASS User Group chapter on SQL Server Options in the Cloud with Microsoft Azure.
We discussed various hybrid cloud options for leveraging Microsoft Azure as part of a SQL Server deployment, including the following scenarios:
In this article, I've included a downloadable copy of our session deck along with a list of additional resources to help you continue your evaluation of these key scenarios ...
When managing Microsoft Azure Virtual Networks via the Azure Management Portal, we can easily see a list of IaaS Virtual Machines and/or PaaS web/worker roles that are connected to a particular virtual network, as shown below.
List of resources connected to Azure Virtual Network via Management Portal
Question: How can I determine this same type of list when using PowerShell to manage my Azure subscription?
Answer: Virtual networks are bound to Azure cloud service deployments for IaaS Virtual Machines and PaaS web/worker roles. Use the following PowerShell code snippet to display the list of cloud services, roles and instances that are connected to a particular Azure Virtual Network.
(Get-AzureService | Get-AzureDeployment | Where-Object ` -Property VNetName ` -EQ "enter-vnet-name") | %{ Get-AzureRole ` -ServiceName $_.ServiceName ` -InstanceDetails | Select-Object ` -Property ServiceName, InstanceName, RoleName, IPAddress }
After successfully provisioning new IaaS virtual machines or PaaS cloud services in Microsoft Azure, the focus often turns to workload monitoring for ensuring the continued health of the solutions we've deployed. Microsoft Azure includes native monitoring and email alerting capabilities for deployed workloads, and you can certainly extend monitoring to more granular levels with additional tools, such as Azure Automation, Application Insights, System Center 2012 R2 Operations Manager, or other 3rd party tools like New Relic.
However, manually configuring monitoring alert rules for a large number of workloads can take a lot of time. Unfortunately, the Azure PowerShell module doesn't currently provide direct scripting support to automate alert rule definition, BUT ... the Azure Service Management REST API does provide this capability, and we can easily leverage that API via PowerShell with a bit of creativity!
In this article, we'll step through the process of creating our own PowerShell function, named New-AzureAlert, to help us automate the provisioning of new Azure monitoring alert rules using the Azure Service Management REST API.
This article is Part 2 of a two-part series on automating the end-to-end provisioning process for IaaS workloads running on the Microsoft Azure cloud platform. This process includes orchestration of all tasks, provisioning cloud fabric resources, and configuring operating system and application workloads running inside Azure VMs. The end goal of this effort is to provide accelerated "push-button" delivery of highly available, load-balanced cloud applications.
In Part 1 of this series, I provided an example of leveraging Azure Automation runbooks and PowerShell Workflows in a concerted approach to fully automate all aspects of deploying new load-balanced VM's on the Microsoft Azure cloud platform. If you haven't yet completed Part 1 of this series, be sure to go do that now, and then come back here when finished to continue on to the Part 2 steps below.
In this article, I'll provide an example of a working PowerShell DSC Configuration that can be used with Azure Automation runbooks to customize the configuration of operating system and web application components running inside each VM as part of the provisioning process. When we're all done, we'll be able to invoke one runbook to deploy everything needed to bring our web application online: VMs, load-balancing, OS configuration, and Web application content.
In prior articles, we've discussed Azure Automation, Azure VM Agent extensions and PowerShell Desired State Configuration(DSC) as individual tools and approaches for automated workload provisioning. I'm frequently asked about how these tools can be used together to orchestrate end-to-end provisioning of cloud workloads, including fabric, OS and application components.
This article is part 1 of a two-part series.
In this article, I'll provide an example of leveraging Azure Automation runbooks and PowerShell Workflows in a concerted approach to fully automate all aspects of provisioning new IaaS workloads on the Microsoft Azure cloud platform.
In part 2 of this series, I'll provide an example of a working PowerShell DSC Configuration that can be used with Azure Automation runbooks to customize the configuration of operating system and application components running inside each VM as part of the provisioning process.
Thank you to those who attended my talk at CloudDevelop 2014 on Disaster Recovery to the Cloud with Azure Site Recovery today. We had some great discussions on disaster recovery planning scenarios! I'm providing a copy of the deck we used for our session, as well as a set of additional resources that may be helpful when planning your disaster recovery approach with Azure Site Recovery.
Download a copy of this deck for offline review.
Continue your learning with these additional study materials ...
- Keith
Thank you to those who attended my webcast event on Open Source + Microsoft Azure last week. It was a great opportunity to discuss and demonstrate the broad support that's available on the Azure cloud platform for Open Source software solutions! In this article, I'm providing a copy of the deck we used for our session, as well as a set of additional resources that may be helpful in your continued learning and preparation around Open Source scenarios with Azure.
Continue your learning with these additional hands-on study materials ...
Thank you to those who attended my IT Camp event on Modernizing Your Infrastructure with Hybrid Cloud today in Chicago IL. I certainly enjoyed discussing cloud migration scenarios with everyone! In this article, I'm providing a copy of the deck we used for our sessions today, as well as a set of additional resources that may be helpful in your continued learning and preparation around Hybrid Cloud scenarios.
Continue your learning on Hybrid Cloud with these additional hands-on study materials ...
See you in the clouds!
A short time ago, I assisted an organization with defining a process for migrating web applications and data running on Ubuntu Linux virtual machines to the Microsoft Azure cloud platform from Amazon AWS.
In this article, I’m documenting the general steps we used in an attempt to help other organizations that may be planning a similar migration approach ...
I’m frequently asked about templates, stencils and shapes that are available for documenting the architecture of cloud-based solutions on Microsoft Azure, Azure Pack and Office 365. Using the tools described in this article, you can quickly build professional architecture diagrams for cloud scenarios. These tools are also useful when creating presentation decks, training materials, whitepapers and infographics.
Linux is certainly a first-class workload on the Microsoft Azure cloud platform, and it's super-easy to get started with Linux + Azure to build a highly available and scalable solution in just a few minutes.
To help jump-start your skills on the steps for building Linux server solutions with Azure, I've prepared a Quick Start Guide that you can download, follow, and share with others in your community ...
Keith Mayer is a Senior Technical Architect at Microsoft, focused on helping ISV partners leverage the Azure cloud platform. Keith has over 20 years of experience as a technical leader of complex IT projects, in diverse roles, such as Network Engineer, IT Manager, Technical Instructor and Consultant. He has consulted and trained thousands of customers and partners worldwide on design of enterprise technology solutions.
Keith is currently certified on several Microsoft technologies, including Azure, Private Cloud, System Center, Hyper-V, Windows, Windows Server, SharePoint, SQL Server and Exchange. He also holds other industry certifications from VMware, IBM, Cisco, Citrix, HP, CheckPoint, CompTIA and Interwoven.
You can contact Keith online at http://aka.ms/AskKeith.