Microsoft Azure Infrastructure as a Service Iaa S

Microsoft Azure: Infrastructure as a Service (Iaa. S)

Module 5: Managing Virtual Machines (VMs) from Windows Power. Shell

Introduction Management mechanisms

Microsoft Azure Resource Group • • • Resource Groups exist within a subscription A resource group can be secured via Role Based Access Control Resource groups are created via the Portal https: //portal. azure. com or through RM Power. Shell cmdlets Security boundary for administration of individual or group resources Unit of billing

Azure Resource Manager API (ARMAPI) – ARM The Azure Resource Manager API provides programmatic access to much of the functionality available through the Management Portal https: //portal. azure. com. The ARMAPI is a REST API. All API operations are performed over SSL and mutually authenticated using Azure Active Directory The subscription ID forms part of the URI for every call made to the ARMAPI https: //management. azure. com/subscriptions/<subscription. Id>/resource. Gr oups/<resource. Group. Name>/. . .

Module 5: Power. Shell Azure Resource Management

Logging in to Azure Login-Azure. Rm. Account • With no parameters, will ask you to login, then will automatically select first Azure subscription it finds • With –Subscription. Name or –Subscription. Id parameter, will ask you to log in, then select specific subscription • Use –Credential if you already have credentials file Before executing any other ‘RM’ commands, you need to first log in

How do I create an Azure Credential? • An Azure Credential will allow you run a Power. Shell script without a login prompt • Does not use an. X 509 Certificate (although you can) • Uses an Azure Service Principal for an Azure AD Application • You don’t need to write a physical application, you just need to register an application name in Azure AD • You must use an organizational account as the service principal identity, Microsoft accounts will not work (ie @Hotmail. com). https: //azure. microsoft. com/en-in/documentation/articles/resource-group-authenticate-service-principal/

Retrieving your Azure Subscription Get-Azure. Rm. Subscription | Select Subscription. Name, Subscription. Id • • • Returns all subscriptions related to previous Login-Azure. RMAccount command Provides subscription name and ID With –Subscription. Name or –Subscription. Id parameter, will return information about this particular subscription Generally used to gather list of subscriptions or a particular subscription

Selecting your Azure Subscription Select-Azure. Rm. Subscription • With –Subscription. Name or –Subscription. Id parameter, will select this subscription into the running Power. Shell session Generally used to gather list of subscriptions or a particular subscription

Creating a new Resource Group An empty resource group New-Azure. Rm. Resource. Group –Name $resource. Group. Nametion –Location $location A resource group from a custom template New-Azure. Rm. Resource. Group –Name $Resource. Group. Name –Location $Location -Template. File ‘. Contoso. Hosting. json’ -Deployment. Name $deployment. Name -Template. Parameter. File ‘. Contoso. Hosting. Parms. json’ Creating a new ARM Storage account An new locally redundant ARM storage account New-Azure. Rm. Storage. Account -Resource. Group. Name $resource. Group. Name -Name $storage. Acct. Name Type Standard_LRS -Location $location

Creating a Virtual Network

Create IL Public IP address and NIC Create a new instance level public IP address

VM image retrieval Image identification (example) • • • Publisher - Microsoft. Windows. Server Offer - Windows. Server SKU – 2012 -R 2 -Datacenter Version – 4. 0. 201506 Location – westus Power. Shell • • • $publisher = Get-Azure. Rm. VMImage. Publisher –Location $location $offer = Get-Azure. Rm. VMImage. Offer –Location $location –Publisher. Name $publisher $sku = Get-Azure. Rm. VMImage. Sku –Location $location –Publisher. Name $publisher –Offer $offer $image. Name = Get-Azure. Rm. VMImage –Location $location –Offer $offer –Publisher. Name $publisher –SKUs $sku Save-Azure. Rm. VMImage

General Output of Get-Azure. Rm. VMImage… Windows SQL Get-Azure. Rm. VMImage. Publisher • Microsoft. Windows. Server Get-Azure. Rm. VMImage. Publisher • Microsoft. SQLServer Get-Azure. Rm. VMImage. Offer • Windows. Server Get-Azure. Rm. VMImage. Offer • SQL 2008 R 2 SP 3 -WS 2008 R 2 SP 1 • SQL 2012 SP 2 -WS 2012 R 2 • SQL 2014 -WS 2012 R 2 • SQL 2014 SP 1 -WS 2012 R 2 • SQL 2016 CTP 2 -WS 2012 R 2 Get-Azure. Rm. VMImage. SKU • 2008 -R 2 -SP 1 • 2012 -Datacenter • 2012 -R 2 -Datacenter • 2016 -Technical-Preview-3 -with. Containers • Windows-Server-Technical-Preview Get-Azure. Rm. VMImage. SKU (SQL 2012 SP 2 WS 2012 R 2) • Enterprise-Optimized-for-DW • Enterprise-Optimized-for-OLTP • Standard • Web

Configuring a VM prior to creation

Deploying a VM

Complete Command for VM configuration

Create a Static Public IP address New-Azure. Rm. Public. Ip. Address Options Get information about IP address • • Public static IP addresses, 20 per subscription Public dynamic IP addresses, 60 per subscription Public front end IP per load balancer ~ 5 Private front end IP per load balancer ~ 1

Create a Static Private IP New-Azure. Rm. VMNetwork. Interface Options • ARM VMs are associated with NICs • NICs are connected to a subnet • You do not need to specify ‘Static’ to have a static IP address, that is the default when you specify -Private. Ip. Address

Configuring Load Balancing (example) # establish load balancer configuration using pre-recreated public IP address $fe. Ip. Config = New-Azure. Rm. Load. Balancer. Frontend. Ip. Config -Name "FEIP" ` -Public. Ip. Address $vip # establish a NAT rule to allow RDP access $inbound. NATRule 1 = New-Azure. Rm. Load. Balancer. Inbound. Nat. Rule. Config -Name "RDP 1" ` -Frontend. Ip. Configuration $fe. Ip. Config ` -Protocol TCP -Frontend. Port 3441 -Backend. Port 3389 # establish the backend pool configuration $be. Address. Pool = New-Azure. Rm. Load. Balancer. Backend. Address. Pool. Config -Name "LBBE" # establish a health probe $health. Probe = New-Azure. Rm. Load. Balancer. Probe. Config -Name "Health. Probe" ` -Request. Path "Health. Probe. aspx" -Protocol http -Port 80 ` -Interval. In. Seconds 15 -Probe. Count 2 # establish a load balancer rule for Http access $lbrule = New-Azure. Rm. Load. Balancer. Rule. Config -Name "HTTP" ` -Frontend. Ip. Configuration $fe. Ip. Config 1 -Backend. Address. Pool $be. Address. Pool ` -Probe $health. Probe -Protocol Tcp -Frontend. Port 80 -Backend. Port 80 # Configure the load balancer $alb = New-Azure. Rm. Load. Balancer -Resource. Group. Name "Some. Resource. Group" ` -Name "ALB" -Location "westus" -Frontend. Ip. Configuration $fe. Ip. Config ` -Inbound. Nat. Rule $inbound. NATRule 1 ` -Load. Balancing. Rule $lbrule -Backend. Address. Pool $be. Address. Pool ` -Probe $health. Probe

User Defined Routes New-Azure. Rm. Route. Table Options Add a Route to a Route Table Apply to Subnet Set-Azure. Rm. Virtual. Network. Subnet. Config -Virtual. Network $vnet -Name $subnet. Name -Address. Prefix $subnet. Address. Prefix -Route. Table. Id $my. Table. Id | Set-Azure. Rm. Virtual. Network View Applied Routes

Demo: ARM Power. Shell Script

Power. Shell Progression …

Power. Shell Desired State Configuration (DSC)… • Simplifies configuration • Prevents configuration drift • Flexible deployment options • Enables continuous deployment Development Test Production

DSC Leveraged Traditional Scripts Dependen Int en Configuration cy Resoluti on Intent g in l d an t g n i g g Lo Rep & DSC Engine (local config mgr) H r o Err eata Reboot ble Auto Resilien mat ion Technology Specific cy Dependency Resolution Logging & Error Handling Reboot Resiliency Repeatable Automation Resources Technology Specific

DSC Terminology • Configuration – this is a new Power. Shell keyword used to collect a block of configuration information for the VM • Node – this is the name of the target computer, which can be a variable • Resource – DSC comes with a set of built in system configuration resources that will be deployed to the VM for configuration • MOF file - DSC tells the target nodes what configuration they should have by sending a MOF file with that information to each node, where the Local Configuration Manager implements the desired configuration • Local Configuration Manager (LCM)– DSC engine that runs on all target nodes. Calls configuration resources that are included in the configuration script • DSC Pull Server – LCM on node performs compliance check and if necessary pulls script from another server

Simplify Configuration Setup a Web Server

Configuration Drift with standard scripts Traditional Script

Configuration Drift with DSC Dsc Configuration

Components Pull Push Model & Phases Authoring Phase (May include imperative as well as declarative code) Staging Phase - Fully declarative configuration representation using DMTF standard MOF instances - Configuration is calculated for all nodes Power. Shell 3 rd party languages and tools Configuration Staging Pull Server (Contains. Area DSC data and Modules) (Contains DSC data) “Make it So” Phase (Declarative configuration is reified through imperative providers. ) Local Configuration Store Parser and Dispatcher Resources When authoring in Power. Shell: • Declarative syntax extensions • Schema-driven Intellisense • Schema validation (early-binding) Resources implement changes: • Monotonic • Imperative • Idempotent

DSC Decouples … Configuration Intent DSC Engine Dependency Resolution Logging & Error Handling Reboot Resiliency Repeatable Automation Resources Technology Specific Intent WHAT : Structural Configuration Stays same irrespective of the environment WHERE : Environmental Configuration Changes as system goes through different env. Dev Test Production Make It So HOW : DSC Resources Do the heavy lifting in an idempotent way

DSC Enables … Configuration as Code Dev. Ops Cloud Scale • Conflict detection • Single source, multiple environments • Composable, common components • Common toolset for Dev & Ops • Apply Dev practices to Ops • Continuous deployment • Reduce complexity from within • On-demand system creation and tear down

Troubleshooting DSC • Locating the DSC Event logs o Operation Log – contains all error messages and is used to identify problems o Analytic Log – shows a higher volume of events and can be used to identify where a problem occurred o Debug Log - contains logs that can help you understand how the errors occurred

Troubleshooting DSC (con’t) • Locating the log files – located at C: Windows. AzureLogsPluginsMicrosoft. Power. Shell. DSCdscversion#

Demo DSC Log Files

Module 5: Power. Shell Classic

What Can You Do with Azure Power. Shell? Automation • Query, manage and configure VMs across multiple subscriptions, cloud services, and storage accounts. Provision Fully Configured VMs • • Domain-joined Storage and networking configured Virtual Networking • Completely configure virtual networks from a script

Getting Subscription Information Use Add-Azure. Account to import subscription information into the Power. Shell session window Automatically pulls in all subscription information and configures one of the subscriptions as the default subscription. You can change this by calling Get-Azure. Subscription and then Select-Azure. Subscription Allows non-interactive mode by using the –Credentials parameter

Subscription Management Subscription Settings Persisted C: UsersuserApp. DataRoamingMicrosoft Azure Powershell Subscription Example <Subscription name="somesub 1"> <Subscription. Id>13 d 83 b 03 -6 d 06 -4770 -943 c-3 d 46766 c 3 a 35</Subscription. Id> <Thumbprint>2 AC 8112 B 34 CC 840 A 30 B 9 C 2716 AE 840 D 5 DC 107510</Thumbprint> <Service. Endpoint>https: //management. core. windows. net/</Service. Endpoint> </Subscription>

Manual Subscription Configuration Associate Certificate and Subscription ID $cert = Get-Item cert: Current. UserMyCERTTHUMBPRINT Set-Azure. Subscription 'mysub' -Certificate $cert -Subscription. ID $id

Switching Between Subscription Settings Multiple Subscription Support Get-Azure. Subscription | foreach { Select-Azure. Subscription $_. Subscription. Name # Perform Management Operation Against Each Subscription }

Setting the Current Storage Account Returns Storage Account Get-Azure. Storage. Account | Select Storage. Account. Name *returns only the storage account(s) in the currently selected subscription Sets the Current Storage Account Set-Azure. Subscription 'somesub 1' -Current. Storage. Account 'mystorage‘

Getting Subscription Information Use Get-Azure. Publish. Settings. File and Import-Azure. Publish. Settings. File to import downloaded Publish Profile (. publishsettings) https: //azure. microsoft. com/en-in/downloads/publishing-profile-overview/ Automatically configures: • • Classic Subscription ID Certificate Service Endpoint Subscription Name

Information Needed to Create a VM Image Name Get-Azure. VMImage | select Image. Name Disk Name Get-Azure. Disk | select Disk. Name Get Image name ~ latest WS 2012 R 2 Data Center Location Get-Azure. Location Classic

Virtual Machine Management Quick VM Provisioning Mode Supports VM creation in a single cmdlet (New-Azure. Quick. VM) Advanced Provisioning Configuration Mode Provision with: Endpoints, Data Disks Configure: Cache settings for OS/Data Disks and Subnet Names Create Multiple Pre-Defined VMs in a Batch New-Azure. VM -VMs $vm 1, $vm 2, $vm 3 Classic

Simple VM Creation • First VM in a new Cloud Service (-Location parameter used) • New VM in an existing Cloud Service (-Location parameter not used) • Creating a Linux VM in an existing Cloud Service Classic

Configuring VM at Provisioning • Create a Configuration Object with New-Azure. VMConfig • Modify with Add-* cmdlets • Add with New-Azure. VM Classic

VM Batch Creation • Create multiple configured VMs and pass them to New-Azure. VM Classic

VM Batch Creation - Using an Array • Create multiple configured VMs and pass them to New-Azure. VM Classic

Common Settings Name The name of the VM Availability. Set. Name The availability set (used for high availability) Instance. Size A 0 – A 11, D 1 – 4, D 11 – D 14, G 1 – G 5 + ‘S’ Series machines Classic

Windows Provisioning Options Add-Azure. Provisioning. Config Options -Windows –Admin. User. Name $admin. Name -Password $pwd -Windows. Domain -Password $pwd -Domain $dom, -Join. Domain $fqdn, -Domain. User $dom. User -Domain. Password $dom. Pwd -Machine. Object. OU $ou -Disable. Automatic. Updates -No. RDPEndpoint, -Time. Zone, Certificates Classic

Setting a Static Internal IP New-Azure. VMConfig Options • • • Cloud Service already exists (vnetsvc) in a virtual network Virtual network has a subdomain named ‘App. Subnet’ Subnet address range must be within the –IPAddress range If a machine in the subnet already has this address, you will receive an error when you run Set-Azure. Static. VNet. IP If all machines in the subnet are shut down and you restart this VM first, it will go grab the static IP address listed above Classic

Setting an Instance Level Public IP Address for a VM New-Azure. VMConfig Options Get information about VM • Instance level IP address is public and is PER VM • Does not replace the VIP of the Cloud Service that contains the VM • 5 instance level IP addresses allowed, per subscription Classic

Setting a Reserved Public IP Address New-Azure. Reserved. IP Options New-Azure. VMConfig Options Get-Azure. Reserved. IP • Note that the –Reserved. IPName does not refer to an IP address • The Cloud Service with VMs can not already exist, they need to be created new via Power. Shell • To retrieve the reserved address information for confirmation of the IP address, use Get-Azure. Reserved. IP Classic

Configuring Azure Load Balancing (ILB) Add-Azure. Internal. Load. Balancer Options Add-Azure. Endpoint Options Get-Azure. Service • • Classic The virtual network that contains the Cloud Service and VM must be a regional level network A Static internal IP address can also be requested (optional) Default, None or Custom load balance probes can be specified Get-Azure. Service confirms the load balanced IP address to use for incoming traffic

User Defined Routes New-Azure. Route. Table Options Add a Route to a route table View Applied Routes Classic

RDP Changes Updating RDP Username/Password Get-Azure. VM –Service. Name $cloud. Svc. Name –Name $vm. Name | Set-Azure. VMAccess. Extension – User. Name $admin. Username –Password $admin. Password | Update-Azure. VM Fixing RDP Issues Get-Azure. VM –Service. Name $cloud. Svc. Name –Name $vm. Name | Set-Azure. VMAccess. Extension | Update-Azure. VM Classic

Linux Provisioning Options Add-Azure. Provisioning. Config Options Linux -Linux. User $user -Password $pwd -Disable. SSH , -No. SSHEndpoint -SSHKey. Pairs, -SSHPublic. Keys installed from certificates deployed in cloud service Classic

Deploying into a Virtual Network Virtual Machine Settings Set Subnet on VM with Set-Azure. Subnet Deployment Settings Set Virtual Network -VNet. Name Set DNS Servers - New-Azure. Dns and -DNSSettings Classic

Provisioning into a Virtual Network and Active Directory $dom = 'contoso' $jdom = 'contoso. com' $on. Prem. DNS = New-Azure. Dns -IPAddress '192. 168. 1. 4' -Name 'On. Prem. DNS' $cloud. DNS = New-Azure. Dns -IPAddress '10. 1. 1. 4' -Name 'Cloud. DNS' $computer. OU = $advmou = 'OU=Azure. VMs, DC=contoso, DC=com‘ New-Azure. VMConfig -Name 'myvm 1' -Instance. Size 'Small' -Image. Name $img | Add-Azure. Provisioning. Config -Windows. Domain –Admin. User. Name $admin. Name -Password $pwd -Domain $dom ` -Domain. User. Name $dom. User -Domain. Password $dpwd -Join. Domain $jdom ` -Machine. Object. OU 'Azure. VMs' | Set-Azure. Subnet -Subnet. Names 'App. Subnet' | New-Azure. VM –Service. Name $svc -Affinity. Group 'adag' ` -VNet. Name 'ADVNet' -Dns. Settings $on. Prem. DNS, $cloud. DNS Classic

VM Storage Data Disks Add/Remove data disks at boot or while running Create a blank data disk or attach an existing disk Modify Cache Settings of OS Disk or Data Disk Modifying OS Disk while running requires reboot Classic

Data Disk Creation • Creating a new VM with a Data Disk New-Azure. VMConfig -Name 'myvm 1' -Instance. Size 'Small' -Image. Name $img | Add-Azure. Provisioning. Config -Windows -Admin. User. Name $admin. Name -Password $pwd | Add-Azure. Data. Disk -Create. New -Disk. Size. In. GB 10 -Disk. Label 'myddisk' -LUN 0 | New-Azure. VM -Service. Name $cloud. Svc. Name • Add a new Data Disk to an existing VM Get-Azure. VM -Service. Name 'myvm 1' | Add-Azure. Data. Disk -Create. New -Disk. Size. In. GB 10 -Disk. Label 'myddisk' -LUN 1 | Update-Azure. VM Classic

Modifying Cache Settings • Set host caching on an OS Disk during provisioning (if no service exists) New-Azure. Service –Service. Name $svc –Location $location $my. VM = New-Azure. VMConfig -Name 'myvm 1' -Instance. Size 'Small' -Image. Name $img | Add-Azure. Provisioning. Config -Windows -Admin. User. Name $admin. Name -Password $pwd Set-Azure. OSDisk -Host. Caching 'Read. Only‘ –VM $my. VM New-Azure. VM -Service. Name $cloud. Svc. Name –VMs $my. VM • Set host caching on an existing Data Disk in a running VM Get-Azure. VM -Service. Name $cloud. Svc. Name -Name 'myvm 1' | Set-Azure. Data. Disk -Host. Caching 'Read. Write' -LUN 0 | Update-Azure. VM Classic

Configuring Endpoints • Add endpoints at creation New-Azure. VMConfig -Name 'myvm 1' -Instance. Size 'Small' -Image. Name $img | Add-Azure. Provisioning. Config -Windows -Admin. User. Name $admin. Name -Password $pwd | Add-Azure. Endpoint -Local. Port 80 -Public. Port 80 -Name http -Protocol tcp | Add-Azure. Endpoint -Local. Port 443 -Public. Port 443 -Name https -Protocol tcp | New-Azure. VM -Service. Description $cloud. Svc. Name • Modify endpoints at runtime Get-Azure. VM -Service. Name $cloud. Svc. Name -Name 'myvm 1‘ | Add-Azure. Endpoint -Local. Port 53 -Public. Port 53 -Name dns -Protocol udp | Remove-Azure. Endpoint -Name https | Update-Azure. VM -Service. Description $cloud. Svc. Name Classic

Disk and Image Repository Get-Azure. VMImage # Return all Get-Azure. VMImage | Where { $_. Category -eq 'Microsoft' } # Return Microsoft Get-Azure. VMImage | Where { $_. Category -eq 'User' } # Return Custom Get-Azure. VMImage | Where { $_. Category -eq 'Partner' } # Return Partner Images Get-Azure. VMImage | Where { $_. OS -eq 'Windows' } # Return only Windows OS images Remove-Azure. VMImage -Image. Name 'myimg' -Delete. VHD # Delete image and storage Add-Azure. VMImage -OS 'Windows' -Image. Name 'My. Win. Image' -Media. Location 'http: //storageaccount/vhds/winimage. vhd' # Add Existing VM Image from Storage Get-Azure. Disk # Return all Get-Azure. Disk | Where { $_. Attached. To -eq $null } # Return all not attached to a VM Get-Azure. Disk | Where { $_. OS -eq $null } # Return only data disks Get-Azure. Disk | Where { $_. OS -eq 'Windows' } # Return only Windows OS disks Remove-Azure. Disk -Disk. Name 'mydisk' -Delete. VHD # Delete disk and storage Add-Azure. Disk -OS 'Windows' -Disk. Name 'My. Win. Disk' -Media. Location 'http: //storageaccount/vhds/winosdisk. vhd‘ # Add Existing OS Disk from Storage Add-Azure. Disk -Disk. Name 'My. Data. Disk' -Media. Location 'http: //storageaccount/vhds/datadisk. vhd‘ # Add Existing Data Disk from Storage Classic

Virtual Network Operations • View and set virtual network configuration Get-Azure. VNet. Config | Select -Expand XMLConfiguration Set-Azure. VNet. Config -Configuration. Path 'c: NetworkMy. Net. CFG. xml' • Start and stop virtual network gateway Set-Azure. VNet. Gateway -Disconnect -VNet. Name 'My. VNet' -Local. Network. Site. Name 'My. Site' Set-Azure. VNet. Gateway -Connect -VNet. Name 'My. VNet' -Local. Network. Site. Name 'My. Site' • View virtual network status Get-Azure. VNet. Connection -VNet. Name 'My. VNet' Classic