MICROSOFT AZURE GUIDE
Summary by Damian Ndunda © 2020
TABLE OF CONTENTS
AZURE CONTENT DELIVERY NETWORK (CDN) 8
Azure Right Management Services (RMS): 12
CHAPTER: MICROSOFT AZURE INTRODUCTION.. 14
1 THE AZURE/OFFICE 365 CONNECTION.. 14
2 SECURITY, COMPLIANCE, AND PRIVACY. 14
Using Existing Resources across the Organization. 16
Adhering to an Evolving Security Development Life Cycle. 16
Previewing New Security Features. 16
Certifications and Industry Standards. 17
SIGNING UP FOR AZURE WITH A MICROSOFT ACCOUNT. 22
DETERMINING YOUR AZURE ACCOUNT NAME. 24
CREATING AN AZURE ACCOUNT FROM AN EXISTING OFFICE 365 TENANT. 26
Multiple Azure Subscriptions. 30
SETTING UP MULTIPLE AZURE SUBSCRIPTIONS. 30
Accessing the Azure Pricing Calculator. 37
Using the Azure Pricing Calculator. 40
1 AZURE POWERSHELL JUMP-START. 44
2 UPCOMING CHANGES IN AZURE POWERSHELL. 47
3 GETTING AZURE READY FOR POWERSHELL. 48
Authentication Using a Certificate. 48
Authentication Using the Azure Active Directory. 50
CHAPTER: VIRTUAL MACHINES DEPLOYMENT AND MANAGEMENT. 53
1 BASIC OPERATIONS: AZURE VIRTUAL MACHINE. 53
2 AZURE VIRTUAL MACHINE (VM) PROVISIONING.. 55
Provisioning a New Azure VM: Quick Configuration. 55
While in the ARM module, the Get-AzureVMImage cmdlet has the following parameters: 55
Provisioning a New Azure VM: Advanced Configuration. 58
3 CONFIGURING VIRTUAL MACHINE ENDPOINTS. 60
4 VIRTUAL MACHINES LOAD BALANCING.. 62
Configuring NLB Using Endpoints. 62
5 WORKING WITH VIRTUAL MACHINE DATA DISKS. 63
Attaching an Empty Data Disk. 64
Attaching an Existing Data Disk. 65
Importing a Data Disk from a Different Location. 66
6 MOVING ON-PREMISES VM TO AZURE. 67
Creating a VM Image from an Existing VM... 69
Creating a VM Image from a VHD.. 69
Using the Update-AzureVMImage cmdlet, you are able to update the following properties: 70
8 GENERATING AN AZURE VM RDP FILE. 70
9 EXPORTING AND IMPORTING AZURE VIRTUAL MACHINES. 71
How Does the VM Extension Work?. 74
Installing and Enabling a VM Agent 75
Working with VM Extensions. 75
CHAPTER: VIRTUAL NETWORKING CONFIGURATION.. 78
1 VIRTUAL NETWORK CATEGORIES. 78
Cross-Premises VNet supports three types of network connectivity. 78
2 CREATING AN AZURE VIRTUAL NETWORK. 79
3 WORKING WITH NETWORK SECURITY GROUPS. 84
4 USER DEFINED ROUTES (UDR) 86
5 AZURE VIRTUAL NETWORK GATEWAY. 87
Configuring an Azure Site-to-Site VPN.. 87
Azure Traffic Manager supports three routing methods: 90
Creating an Azure Traffic Manager. 90
Creating a Traffic Manager Profile. 90
Use the New-AzureTrafficManagerProfile cmdlet with the following parameters: 91
Add a Traffic Manager Endpoint 93
Modifying Azure Traffic Manager Profile Settings. 95
Creating an Azure DNS Zone. 99
Creating Azure DNS Record Sets and Records. 101
Updating an Existing Record Set 103
Removing DNS Zone, Record Set, and Record. 103
CHAPTER: UNDERSTANDING AZURE STORAGE AND DATABASES. 105
1 AZURE STORAGE SERVICES: TERMS AND CONCEPTS. 105
Locally Redundant Storage. 107
CREATING AN AZURE STORAGE ACCOUNT. 107
Core Concepts Of Azure Blob Storage: 113
2 AZURE STORAGE ANALYTICS. 115
3 AZURE IMPORT/EXPORT SERVICE. 115
CREATING AND USING AN AZURE SQL DATABASE. 115
FOREWORD
Microsoft Azure (formerly Windows Azure) is Microsoft’s cloud platform—you could say Microsoft’s implementation for cloud computing—that provides both Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). Azure is the platform to build, deploy, deliver, and manage robust, secure, and scalable applications and services, not only using Microsoft’s technologies, but other vendors’ tools, operating systems, and programming languages as well
AZURE REGIONS
http://azure.microsoft.com/en-us/regions/#services
Microsoft Azure regional locations map
AZURE CONTENT DELIVERY NETWORK (CDN)
CDNs are a nodes—you can call them datacenters or servers—that are distributed globally to cache static content (such as images, videos, audios, etc.) to the closest geographical physical location of your end users. CDNs are not a replacement for regions but something to compliment them.
Table lists the Azure Content Delivery Network nodes and their locations.
Table . Azure CDN Node Locations
Node |
Region Location |
US East |
Atlanta, Miami, New York, Washington DC, Philadelphia |
US West |
Los Angeles, San Jose,
Seattle |
US South Central |
Dallas |
Europe North |
Copenhagen, Helsinki, Stockholm, Vienna, Warsaw |
Europe West |
Amsterdam, Frankfurt,
Milan, London, Madrid, Paris |
Japan East |
Tokyo |
Japan West |
Osaka |
Keep
track of azure CDN point of presence (pop) locations at
https://azure.microsoft.com/en-us/documentation/articles/cdn-pop-locations/
AZURE SERVICES
Microsoft Azure has over 60 services. Services include infrastructure services (such as virtual machines, web sites, and mobile services), data services (such as SQL Database, HDInsight, and backup recovery), application services (such as media services, notification hubs, Active Directory, and Visual Studio Online), and network services (such as Virtual Network, ExpressRoute, and Traffic Manager).
Microsoft Azure services architecture
Azure services at http://azure.microsoft.com/en-us/services/.
COMPUTE
The following are Azure services for hosting different workloads that require computing power (CPU and memory) in the back end to operate:
Virtual Machines:
Azure offers on-demand virtual machine (VM) provisioning via a group of predefined VM images and different hardware specifications (CPU and memory). The VM images gallery contains Microsoft images such as Windows, SharePoint, and SQL Server, as well as non-Microsoft images such as Linux and Oracle. You can also build your own virtual machine image.
Mobile Services:
Mobile services allow you to build a scalable and secure back end (storage, push notifications, and user authentications) for your mobile applications. Mobile services come with SDK that supports Windows Phone, iOS, and Android.
Web Apps:
Azure web apps is a service that allows you to host and deploy dynamic, flexible, and scalable web sites on Azure without the hassle of managing the infrastructure underneath.
Cloud Services:
Azure allows you to build and deploy multitier web applications that have one or more web roles. As with web sites, Azure maintains the infrastructure and service scalability on your behalf.
RemoteApp:
Azure RemoteApp enables you to publish a Windows Server application and deliver it virtually and seamlessly to end users, without installing it physically on their devices but with the same local experience. These devices include Windows, Windows Phone, Android, iOS, and Mac OS X.
NETWORKING
Virtual Network:
Azure allows you to create virtual networks so that you can isolate different workloads. It supports site-to-site virtual private networks (VPNs) so that you can securely extend your datacenter to the cloud, and point-to-site VPNs to allow your users to securely access your cloud resources and services.
ExpressRoute:
ExpressRoute is another service to connect your on-premises servers to cloud-hosted services via a direct secure private connection rather than using a public connection over the Internet, as with the VPN scenario for example. ExpressRoute is more secure, reliable, and faster than a normal Internet connection.
Traffic Manager:
Traffic Manager allows you to load balance incoming traffic across multiple cloud services, whether they are running in the same or different datacenters. Traffic Manager has three load balancing methods: failover, performance, and round robin.
STORAGE AND DATA
Storage:
It is a geo-redundant solution and highly scalable, with up to 500GB per single storage account. Moreover, its usage is not limited to Azure services but is also accessible to any application—even on-premises—through a set of REST APIs.
HDInsight:
HDInsight is the Microsoft implementation for the Apache Hadoop on the cloud, or to make it simple, it is Microsoft’s Big Data.
SQL Database:
Azure provides the SQL Database as one of its PaaS services. This is SQL Server on the cloud, but as in many other cloud services, you handle only your data and Microsoft take cares of the infrastructure, patching, upgrades, backup, high availability, and all other related operational tasks.
BACKUP AND RECOVERY
Backup:
Azure provides cloud backup services that you can use to back up your on-premises data to Azure cloud storage by using PowerShell or familiar tools like System Center Data Protection Manager (DPM).
Site Recovery:
Azure Site Recovery (ASR) is a service that allows you to automatically protect your private clouds—including applications and virtual machines—by replicating and recovering different workloads to the disaster recovery site (according to a set of predefined rules and conditions).
StorSimple:
StorSimple is Microsoft’s hybrid cloud storage that’s tightly integrated with Azure to provide and support data-tiering, archiving, and disaster recovery scenarios.
IDENTITY AND ACCESS
Allows you to secure and control access to Azure resources and services, as well as protect content, intellectual property, and sensitive data.
Azure Active Directory:
Azure Active Directory is a directory service for cloud-based applications that allows access and control for users, groups, applications, resources, and so forth.
Azure Right Management Services (RMS):
Azure RMS is the cloud-based version of the Windows Server RMS that is used mainly to prevent data leakage and unauthorized access to important files and information.
APPLICATIONS
Azure applications cannot be used individually without other services such virtual machines, web sites, or cloud services
Azure Resource Manager:
Azure Resource Manager allows you to create reusable deployment templates to simplify the deployment of complex applications. In this template, you identify and describe the resources used in the service (such as web application, SQL Database, or Windows virtual machine) so that you can deploy them as a one logical unit, instead of dealing with each resource individually.
Azure Automation:
Azure Automation is an engine that allows you to automate the processes of creating, deploying, and maintaining Azure resources through PowerShell workflows (runbooks). You can use one of the existing workflows in the gallery or simply build your own.
Overview of azure services and features. http://azure.microsoft.com/en-us/documentation/infographics/azure/.
With cloud platforms like Azure, there are no limits but endless possibilities
CHAPTER: MICROSOFT AZURE INTRODUCTION
Copeland et al
Microsoft Azure is an overarching brand name for Microsoft’s cloud-computing services. It involves lowering operating costs, increasing agility, developing better disaster recovery (DR) strategies, accessing unlimited storage, and foregoing responsibility for future hardware refreshes.
1 THE AZURE/OFFICE 365 CONNECTION
In 2011, Microsoft rebranded Business Productivity Online Standard Suite (BPOS) to Office 365. Office 365 is a software as a service (SaaS) offering that provides customers with access to Microsoft’s top productivity tools without having to implement and maintain significant on-premises infrastructure. Office 365 delivers Exchange Online to provide turnkey e-mail services, SharePoint Online to provide collaboration capabilities, Lync Online for instant messaging (IM) and virtual meeting spaces, and Office Pro Plus for productivity tools for desktop and mobile users.
Azure is most recognized for its IaaS offering. Examples of Azure IaaS offerings include Azure virtual machines and virtual networks, Azure storage solutions, and Azure recovery services. However, Azure is most often mistaken to be only an IaaS, when in fact it has a large portfolio of PaaS offerings. Examples of its PaaS offerings include Azure SQL Database, Azure websites, Azure Content Delivery Network (CDN), Azure BizTalk Services, and Azure Mobile Services.
2 SECURITY, COMPLIANCE, AND PRIVACY
For Office 365, Microsoft introduced the concept of a Trust Center. A Trust Center is Microsoft’s one-stop shop on the Web for all things related to security, compliance, certifications, SLA metrics, and privacy.
Microsoft Azure Trust Center (http://azure.microsoft.com/en-us/support/trust-center)
Addressing Security
Using Existing Resources across the Organization
By relying on the combined experiences of the Digital Crimes Unit , the Malware Protection Center, and Microsoft Research, and with visibility to security threats on a global scale through services such as Windows Update, Xbox Live, and Office 365, Microsoft is in a great position to have early knowledge to address threats.
Adhering to an Evolving Security Development Life Cycle
Microsoft aggressively patches its cloud-computing platform and has been following a disciplined Security Development Life Cycle (SDL) that was introduced in 2004 to develop more secure code.
Machine Learning
Machine learning is based on complex algorithms developed by Microsoft Research, and it serves three purposes:
§ It is used as the technology that drives consumer services like Xbox, Bing, and Cortana.
§ As an Azure service, it allows customers to use it to mine data.
§ It is used as the technology that mines data and logs to identify threats.
Previewing New Security Features
Another practice adopted by Microsoft is involvement of the user community Preview of new user password security features in Azure Active Directory Premium
Penetration Testing
It
includes a white hat feature that allows customers to conduct their own
penetration testing.
https://security-forms.azure.com/penetration-testing/terms.
Certifications and Industry Standards
Industry recognized certifications have been obtained for Azure, including the following:
· ISO 27001/27002
· SOC 1/SSAE 16/ISAE 3402 and SOC 2
· Cloud Security Alliance CCM
· PCI DSS Level 1
Azure is also certified by international standards because it is a global service.
Prominent industry-specific certifications are also applicable to Azure, such as these:
· HIPAA
· Food and Drug Administration 21 CFR Part 11
· FERPA
The
full list of certifications for the Azure platform is located at the Microsoft
Azure Trust Center:
http://azure.microsoft.com/en-us/support/trust-center/compliance.
Microsoft Azure Government
http://azure.microsoft.com/en-us/features/gov/.
Azure Government is significantly different from other cloud services providers because it specifically addresses technical and mandatory regulatory requirements, such as
§ FedRAMP
§ FISMA
§ FBI Criminal Justice Information Systems (CJIS)
Privacy
Microsoft draws a clear line separating consumer services from enterprise services, with Azure falling in the latter category where no customer data is mined, sold, or shared with marketers or third-party partners. Microsoft also promotes privacy by making sure it is transparent about how information is managed.
http://azure.microsoft.com/en-us/support/trust-center/privacy
Download t he “privacy in the Cloud” whitepaper from http://go.microsoft.com/?linkid=9694913&clcid=0x409.
3 WHY MICROSOFT AZURE?
The ability to use economies of scale to drive down the costs associated with IT operations. It also allows any organization to achieve a high degree of availability and resiliency at a truly geo-redundant level. Furthermore, the highly elastic nature of cloud computing provides customers with the ability not only to scale up in real time, but also to scale down when services are not needed, ultimately paying only for utilization.
Cloud computing provides all the attributes to maximize the efficiency of IT operations from a financial standpoint as well as from a service-delivery standpoint. With the added benefit of being fully integrated into the Office 365 SaaS offering
4 THE AZURE PORTAL
The
Portal, is the web management interface for all Azure resources.
https://manage.windowsazure.com. Or http://portal.azure.com.
Azure Portal interface
The new Azure Portal interface
5 HOW AZURE IS LICENSED
Two Azure terms: Azure account and Azure subscription.
Azure Accounts
As the name implies, an Azure account is the first step to acquiring Azure services. The Azure account requires a unique identity known as the Microsoft Azure account name. This name uniquely identifies a particular customer, and there is usually a one-to-one relationship between the customer entity and the account name. There are three ways to set up an Azure account:
Ø By creating a new Microsoft account or use an existing Microsoft account
Ø Via an Enterprise Agreement (EA)
Ø Via an existing Office 365 tenant
Creating an Azure Account
You can use a Microsoft account, formerly known as a Microsoft Live ID, to create a new Azure account.
SIGNING UP FOR AZURE WITH A MICROSOFT ACCOUNT
1.
Go to https://account.windowsazure.com/signup.
2. Sign in with a Microsoft account.
3. Sign up for the free 30-day trial. Figure shows the Sign up form, which
requires a credit card for verification purposes only. You use the same credit
card to pay for Azure after the trial.
Windows Azure pay-as-you-go 30-day free trial signup
4.
After you enter a phone number for mobile verification, click Send text
Message.
5. Enter the verification code, and click Verify Code.
6. Once the code is verified, you are prompted for a credit card number for
verification purposes.
7. After the credit card number has been verified, click the check-mark button
to create the Azure account.
DETERMINING YOUR AZURE ACCOUNT NAME
1.
Log in to the Azure portal at http://manage.windowsazure.com if you are not already logged in.
2. In the menu on the left, scroll down and select Active Director, as shown.
The Active Directory menu option in the Azure Portal
3.
A single default directory should be listed, as shown. Click the arrow next to
the directory’s name.
4. Click Domains on the top menu, as shown
Finding your Azure account name in the Portal
5. As you can see in the figure, the Domain name column shows your Azure account name, which has a .onmicrosoft.com extension: for example, myazureaccount.onmicrosoft.com. Take note of your Azure account name, because you need to reference it whenever you interact with Microsoft or a Microsoft Certified Cloud partner.
If your organization already has an Office 365 subscription, you can create an Azure account based on the same tenant name as your Office 365 subscription.
CREATING AN AZURE ACCOUNT FROM AN EXISTING OFFICE 365 TENANT
1.
Go to https://account.windowsazure.com/signup.
2. Click Sign in With Your organizational Account, as shown
Signing up for Azure with an organizational account
3.
Log in with your office 365 tenant administrator account.
4. An Azure account is associated with your office 365 tenant; the Azure
account name is the same as your office 365 tenant name. You are then prompted
to add a subscription, as shown. Click Sign up for Windows Azure.
Adding a subscription to a new Azure account
5. You are prompted to select a subscription, as shown. Select a subscription type, and follow the instructions to purchase the subscription. Upon completion, the subscription is added to your Azure account. Take note of the different types of subscriptions.
List of available types of Azure subscriptions
Azure Subscriptions
There are primarily three types of utilization models in Azure:
v Azure pay-as-you-go via credit card
v Azure monetary commitment
v Azure Client Access Licenses (CALs)
The pay-as-you-go option via credit card, as the name implies, allows services such as Azure VMs to be charged to a credit card on a monthly basis. Azure monetary commitment is designed for large enterprises to pay for Azure services on an annual basis.
Examples of Azure services that rely on the CAL model are Azure Active Directory (AAD) Premium and the Enterprise Mobility Suite (EMS). To use such services, a customer pays only for the required licenses. All Azure license-based services are subscriptions, and they are usually priced per user or instance per month.
Multiple Azure Subscriptions
Azure’s ability to support multiple subscriptions per Azure account makes it easier to do separate billing
SETTING UP MULTIPLE AZURE SUBSCRIPTIONS
You need to on-board the Human resources department and the Marketing department to Azure:
1.
Log in to your Azure portal at https://manage.windowsazure.com.
2. Click your login name in the top-right corner, and select View My Bill from
the drop-down menu, as shown
Viewing your bill from the Azure Portal
3. On the Account page, on the Subscriptions tab, you see all the Azure subscriptions associated with the Azure account. Click the Add Subscription option, as shown.
Adding an Azure subscription
4.
On the next screen, select a pay-as-you-go subscription, and follow the
instructions to add it to the Azure account.
5. Repeat steps 3 and 4 to add another pay-as-you-go subscription. After you
are done, you should see two pay-as-you-go subscriptions on the Account page,
similar to what is shown
Multiple Azure subscriptions in one Azure account
6.
Select the first pay-as-you-go subscription.
7. On the details page for the Azure subscription, take note of the available information
and options, and then click edit Subscription Details, as shown.
Editing Azure subscription details
8. Type Human Resources Consumption (Pay-As-You-Go method) in the Subscription name box, as shown, and then click the check-mark button.
Changing the subscription name
9.
Repeat steps 6–8 for the second pay-as-you-go subscription, and name it Marketing
Department (Pay-As-You-Go method).
10. When you are done, you should see two different subscriptions against which
Azure services can consume. thanks to the subscription name changes, you can
easily identify which subscription to use when creating Azure resources.
Renamed Azure subscription descriptions
Consider putting the billing method as part of the Azure subscription’s description.
The subscription filter is located in your Azure Portal
6 SCOPING AZURE
Under the pay-as-you-go model, you want to forecast your charges. Under the monetary commitment model, you need to know how much to commit for the upcoming year.
Accessing the Azure Pricing Calculator
http://azure.microsoft.com/en-us/pricing/calculator.
Access it from the Portal by following these steps:
1.
Log in to the Portal at https://manage.windowsazure.com.
2. Expand the Microsoft Azure menu by clicking the chevron next to the
Microsoft Azure logo at top left, as shown in Figure 1-16.
Expanding the Microsoft Azure menu
3. Select Pricing from the expanded menu, as shown
Using the Azure Pricing Calculator
Use the sliders next to an Azure resource to determine the number of units that you require.
1.
Access the Azure pricing Calculator at: http://azure.microsoft.com/en-us/pricing/calculator
or via the
portal.
2. Click the Virtual Machines box.
3. Hover over the question mark to get help on the resource type, as shown
Getting help and information on an Azure resource
4.
Select A0, A1, A2, and A3 VMs, and note the number of cores and RAM for each
VM.
5. Click the Standard tab to get more VM options, and read the description of
the difference between a standard VM and a basic one.
6. Use the slider to select the number of instances of the VM that you require,
and note the hourly rate for that VM, as shown
Selecting the number of units of D2 VMs
Note the option to display the full calculator. This option combines all Azure resources on a single page. When you are done selecting all the different Azure resources you need and their quantities, the calculator provides you with a total cost.
CHAPTER: AZURE POWERSHELL
Talaat S. (2015)
PowerShell is a great automation tool. It is a complete automation platform with a scripting language, a workflows engine, Desired State Configuration (DSC), and so many other features. Also, PowerShell is used in Microsoft and non-Microsoft products. For example, VMware—one of Microsoft’s biggest competitors—uses PowerShell to automate and manage VMware vSphere through the PowerShell management interface known as PowerCLI.
Azure PowerShell is a module that comes as part of the Azure SDK. This module has a set of cmdlets that allow you to manage, deploy, and automate different aspects and workloads on Azure. The Azure Desired Stated Configuration (DSC) extension for virtual machines (VMs) is a configuration management platform built in the Windows operating system to define how the Windows OS should be configured in your environment.
1 AZURE POWERSHELL JUMP-START
It
requires PowerShell 3.0 or later, .NET Framework 4.5, and an Azure subscription
http://azure.microsoft.com/en-us/downloads/
Azure PowerShell module download
Azure components installed with Azure PowerShell
Azure
PowerShell is an open source project available on GitHub.
https://github.com/Azure/azure-powershell.
To update the Azure PowerShell module, launch the Microsoft Web Platform Installer utility
Microsoft Azure PowerShell update in WebPI utility
he Microsoft azure powerShell shortcut refers to this path: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure.
Also, you can launch either the PowerShell console or the PowerShell ISE to import the Azure module by using the Import-Module cmdlet.
PS C:\> Import-Module Azure
You can also keep track of the module’s version by using the Get-Module cmdlet.
PS
C:\> Get-Module Azure | Select Version
To retrieve all the available cmdlets in the module, use the Get-Command cmdlet
with the –Module parameter, and count them using the Count method.
PS
C:\> Get-Command -Module Azure –Type Cmdlet
PS C:\> (Get-Command -Module Azure –Type Cmdlet).Count
Starting in version 4.0, PowerShell supports m
CHAPTER: VIRTUAL NETWORKING CONFIGURATION
Talaat S. (2015)
An Azure virtual network (a.k.a. VNet) is a network overlay that can be configured for Azure VMs andother services to either connect them or isolate them.
1 VIRTUAL NETWORK CATEGORIES
Azure has three types of virtual networks: No VNet, Cloud-only VNet, and Cross-Premises VNet.
No VNet:
This is the network configuration for Azure services. You don’t have to assign a virtual network to a service, and all the services remain isolated. For example, if you create a couple of virtual machines without choosing a virtual network, those virtual machines will still operate and have valid IP addresses, but they won’t be able to communicate with each other.
Cloud-only VNet:
This is the virtual network you create for services hosted on Azure to connect them as if they are physically connected.
Cross-Premises VNet:
This type of virtual network configuration is used to connect different networks. It could be used for extending the on-premises network to Azure, or even connecting two Azure virtual networks. The latter scenario is known as VNet-to-VNet.
Cross-Premises VNet is similar to Cloud-only VNet, but it has a virtual network gateway to allow communication back and forth with other networks.
Cross-Premises VNet supports three types of network connectivity.
Site-to-Site:
Site-to-Site VPN allows the local VPN device to communicate directly and securely with an Azure virtual network gateway. Once the connection is established, both local and Azure resources can communicate as if they are located in the same network.
Point-to-Site:
Point-to-Site VPN allows individual client devices to access an Azure virtual network. It’s similar to using VPN to access a corporate network when you are at home or traveling.
ExpressRoute:
ExpressRoute allows you to have a direct secure private connection between an on-premises datacenter and an Azure datacenter without using a public Internet network. This means that you have a more secure and reliable connection with lower latency and faster speed than normal Internet connectivity; but keep in mind that this is also more expensive.
2 CREATING AN AZURE VIRTUAL NETWORK
To create a virtual network via PowerShell, use the Set-AzureVNetConfig cmdlet along with the -ConfigurationPath parameter. The -ConfigurationPath parameter specifies the path of the network configuration file. The network configuration file is an XML-based file that ends with the .netcfg file extension and contains information about the Azure virtual network. The following XML code is an example of an Azure virtual network configuration file. The code in the example creates a virtual network called CloudVNet with a 10.0.0.0/8 address space, and a Subnet-1 subnet with an address space of 10.0.0.0/26; it also has a DNS server called CloudDNS with an IP address of 10.0.0.4.
<?xml
version="1.0" encoding="utf-8"?>
<NetworkConfiguration xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://schemas.microsoft.com/ServiceHosting/2011/07/NetworkConfiguration">
<VirtualNetworkConfiguration>
<Dns>
<DnsServers>
<DnsServer name="CloudDNS" IPAddress="10.0.0.4" />
</DnsServers>
</Dns>
<VirtualNetworkSites>
<VirtualNetworkSite name="CloudVNet" Location="West
US">
<AddressSpace>
<AddressPrefix>10.0.0.0/8</AddressPrefix>
</AddressSpace>
<Subnets>
<Subnet name="Subnet-1">
<AddressPrefix>10.0.0.0/26</AddressPrefix>
</Subnet>
</Subnets>
<DnsServersRef>
<DnsServerRef name="CloudDNS" />
</DnsServersRef>
</VirtualNetworkSite>
</VirtualNetworkSites>
</VirtualNetworkConfiguration>
</NetworkConfiguration>
So, going back to creating a virtual network using PowerShell, save the previous XML code to a file with an .netcfg extension and pass it to the Set-AzureVNetConfig cmdlet, as follows.
#Creating Azure VNet (ASM)
Set-AzureVNetConfig -ConfigurationPath C:\Azure\VNet.netcfg
OperationDescription
OperationId OperationStatus
-------------------- ----------- ---------------
Set-AzureVNetConfig c20acb46-4c61-9c91-a410-7402a6d09bf3 Succeeded
Configure more options by adding more XML tags. For example, if you want to add a virtual network gateway, use the <Gateway></Gateway> tag. If the virtual network is point-to-site cross-premises, then use the
<VPNClientAddressPool> </VPNClientAddressPool> tag within the gateway tag, as follows.
<VirtualNetworkSite>
<Gateway>
<VPNClientAddressPool>
<AddressPrefix>172.16.0.0/24</AddressPrefix>
</VPNClientAddressPool>
</Gateway>
</VirtualNetworkSite>
Read more about the Azure virtual network configuration schema and the network configuration elements in the MSDN article at https://msdn.microsoft.com/en-us/library/azure/jj157100.aspx.
Use the Get-AzureVNetConfig cmdlet to export the configuration of the existing VNet and customize this file.
#Exporting
Azure VNET Configuration (ASM)
Get-AzureVNetConfig -ExportToFile C:\Azure\VNets\
Using the Get-AzureVNetConfig along with the -ExportToFile parameter, you are able to export the virtual network configuration to the .netcfg file, which can be used later to restore the network in case of accidental changes, or even to replicate the same virtual network configuration with your DR-site.
use the New-AzureVirtualNetwork cmdlet, which is part of the ARM module.
#Creating
Azure vNET (ARM)
Switch-AzureMode AzureResourceManager
New-AzureVirtualNetwork -ResourceGroupName "DevTestRG" -Location "West Europe" –Name "DevTestvNET" -AddressPrefix "10.0.0.0/16" -DnsServer "10.0.0.4
You just created an Azure virtual network called DevTestvNET; its address prefix is 10.0.0.0/16 and it is located in the West Europe region. To add a network subnet to this virtual network, use the Add-AzureVirtua lNetworkSubnetConfig cmdlet.
#Adding
subnet to Azure virtual network (ARM)
$vNET = Get-AzureVirtualNetwork -ResourceGroupName "DevTestRG" -Name
"DevTestvNET"
$vNET | Add-AzureVirtualNetworkSubnetConfig -Name "subnet-1"
-AddressPrefix "10.0.0.0/24" | Set-AzureVirtualNetwork
CHAPTER: UNDERSTANDING AZURE STORAGE AND DATABASES
1 AZURE STORAGE SERVICES: TERMS AND CONCEPTS
v Azure Storage accounts: An Azure Storage account must be used to create blobs, tables, queues, or file storage services.
v BLOB (binary large object) storage: Blobs are generally used to store files accessed via a browser using the HTTP/HTTPS GET and POST methods.
v SQL databases: A SQL database is a type of storage used for structured data. But instead of managing a SQL server, Azure SQL Database is an alternative for consuming the database without having to manage the SQL server that is providing the service. This is different from consuming SQL Server as an IaaS, because in the latter scenario, you still need to manage and maintain the SQL Servers in IaaS.
v Queues: As the name implies, a queue provides messaging and communication between different applications. Queue storage provides such a mechanism without having to maintain a separate messaging bus.
v Tables: Azure Table Storage is a NoSQL key-value store that is useful for applications that must store large amounts of non-relational data without schemas. This is different from Azure databases in that table storage does not provide any way to represent relationships between data. It is a low-cost way to provide a fault-tolerant store for structured data that may not require the complexities of a relational database. https://msdn.microsoft.com/library/azure/jj553018.aspx.
v File storage: File storage provides the ability to access files via standard SMB 2.1.
v Hybrid storage (StorSimple): Microsoft acquired StorSimple, which is a storage solution that deploys on-premises 2U devices that use cloud storage for overflow, backup, and archiving capabilities. The StorSimple device is an ISCSI unit with SSDs and traditional drives for fast, low-latency access to frequently used files.
Types of Azure storage
Azure Storage Account
Premium Storage
Azure Storage is generally provisioned on enterprise-class spinning hard drives. For higher performance, Azure offers Premium Storage. Premium Storage is provisioned on SSDs. As a result, Premium Storage delivers high-performance, low-latency disk support for I/O intensive workloads.
Locally Redundant Storage
Locally redundant storage (LRS), which is the base-level redundancy for storage, ensures that hardware is provisioned on three separate replicas in the same datacenter. This guarantees that no localized hardware failure results from an interruption in data services.
Georedundant Storage
Georedundant storage (GRS) takes LRS storage in one datacenter and replicates it to LRS in another datacenter that is more than 500 miles away. This ensures true georedundancy. Thus if an entire datacenter becomes unavailable, there is no interruption to data services because the second datacenter can continue providing services. Technically, GRS has six replicas of the data (LRS × 2)
CREATING AN AZURE STORAGE ACCOUNT
Premium storage is only offered as an Lrs option and only supports page blobs, whereas non-premium storage provides Lrs and grs options and supports block and page blobs as well as tables and queues.
1.
Go to the new azure Management portal at https://portal.azure.com
2. Click
new, select data + storage, and then select storage, as shown
3. Provide a name for the azure storage account, and then click the pricing tier option, as shown.
Creating an Azure Storage account
Selecting the Azure Storage account type via the Pricing Tier option
4. Click View all at upper right to see all available azure storage accounts, also shown.
5. Click select to choose the pricing tier. note the different types of accounts. For example, premium storage is only available in Lrs and only supports page blobs with a 99.9% sLa, as shown. After selecting the type of account, click Create to create the azure storage account.
Characteristics of the different Azure Storage accounts
Queue Storage
Queues are used primarily for messaging between services and applications. Azure Queue is part of the Azure Storage family of services and uses REST-based protocols such as GET and PUT to transfer messages. Azure provides two types of queue methods: Azure queues and service bus queues. Although both methods are messaging services, they have different features and capacities in terms of message size, maximum queue size, and message time-to-live (TTL).
Visit
https://azure.microsoft.com/en-us/documentation/articles/service-bus-azure-and-service-bus-queues-compared-contrasted.
find a detailed discussion of Azure Queue storage at http://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-how-to-use-queues.
File Storage
Azure File storage offers shared storage for applications using the standard Server Message Block (SMB) 2.1 protocol. Azure VMs and cloud services can share file data across application components via mounted shares, and on-premises applications can access file data in a share via the Azure File storage API. Azure VMs can connect to Azure Storage by simply mounting the file storage as a shared drive via the SMB protocol. Multiple clients can access the file storage via SMB simultaneously.
Blob Storage
Azure Blob storage is designed for storing unstructured data, such as data from backups, rich content such as images and streaming video or audio, text, or binary data. It is designed to be accessed over the HTTP or HTTPS protocol, which makes it ideal for anywhere access over the Internet.
Although azure blob storage is usually accessed via a UrL using the http/https protocol, you can also access the contents via a number of apis/sdKs that the azure team has created. these include .net, Java, php, ruby, and python. For comprehensive documentation on using these sdKs/apis, visit http://azure.microsoft.com/en-us/documentation.
Core Concepts Of Azure Blob Storage:
Ø There are two types of blobs:
i. Block blob: Comprises data blocks that are identified by their unique block ID. Blocks can be of different sizes, with a maximum of 4 MB per block. There is a maximum size of 200 GB for block blobs. As such, block blobs are ideal for large, efficient uploads; hence their use in backups. Files of up to 64 MB can be written in single-write operations.
ii. Page blob: As the name implies, essentially a collection of 512-byte page files.A page blob can grow to a maximum size of 1 TB.
Ø You may define a blob as a block or page blob at the time of creation, but once it has been created, the blob type cannot be changed.
Ø All blobs reflect committed changes immediately.
Ø Blobs can be duplicated in a snapshot.
Ø To limit the risk of a blob being unintentionally overwritten, you can lease it for exclusive write access. When you do so, a lease ID is generated. Henceforth, any write requests that do not include the current or correct lease ID are not allowed to modify the blob’s existing contents.
Ø Management of Azure Blob storage is done through an Azure Storage account, covered in the next section of this chapter.
Ø Azure Blob storage must reside in containers, which are groupings of Azure blobs. Containers can have unlimited blobs; likewise, Azure Storage accounts can contain an unlimited number of containers.
Ø Blobs are addressable using the following URL format: http://<storage account>. blob.core.windows.net/<container>/<blob>.
Ø Azure Blob components and access via HTTPS URL
Azure Storage Explorer is a graphical user interface (GUI) application that provides user-friendly access to Azure Blob storage. You can download the Azure Storage Explorer at http://azurestorageexplorer.codeplex.com.
Azure storage performance metrics, such as iops and disk bandwidth, for the various VM sizes are available on the azure documentation site: https://azure.microsoft.com/en-us/documentation/articles/storage-premium-storage-preview-Portal.
2 AZURE STORAGE ANALYTICS
Azure Storage Analytics logs the access and actions of users accessing Azure Storage: for example, users storing content in Azure. Azure Storage Analytics then analyzes the logs to provide metrics data for a storage account. To use Azure Storage Analytics, you must enable it individually for each service. You do so from the Azure Management Portal
You can also enable Storage Analytics programmatically via the REST API or the client library. The aggregated data is stored in a well-known blob (for logging) and in well-known tables (for metrics), which may be accessed using the Azure Table service APIs or through the Azure Management Portal. Storage Analytics has a 20 TB limit on the amount of stored data that is independent of the total limit for your storage account. Storage Analytics logs detail information about successful and failed requests. This information can be used to monitor individual requests and to diagnose issues with a storage service.
All logs are stored in block blobs in a container named $logs, which is automatically created when Storage Analytics is enabled for a storage account. The $logs container is located in the blob namespace of the storage account, such as http://<accountname>.blob.core.windows.net/$logs. This container cannot be deleted once Storage Analytics has been enabled, although its contents can be deleted.
3 AZURE IMPORT/EXPORT SERVICE
The Azure Import/Export service allows you to transfer data to and from Azure by shipping hard disk drives.
4 AZURE SQL DATABASE
Azure SQL Database is a relational database-as-a-service type of storage for structured data.
Azure table storage, visit https://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-how-to-use-tables.
CREATING AND USING AN AZURE SQL DATABASE
1.
Go to the new azure Management portal at https://portal.azure.com.
2. Click new, select data + storage, and then select SQL database, as shown in
3. Provide a friendly name for the sQL database. if your organization has multiple subscriptions, it is a good practice to change the subscription with which this sQL database is associated before making any other changes. at the bottom of the list, click subscription to select the correct subscription for this database, as shown
Create a new Azure SQL database from the Portal
Selecting the correct subscription
4.
select the pricing tier menu, and choose the database type you wish to deploy.
For this exercise, we selected basic (5 dtUs), which has a maximum size of 2
gb.
5. select server, and then click Create a new server, as shown. Provide
information for the server name, server admin login password, and datacenter
region where the database should be created. Click oK when you have finished
configuring the database server, and then click Create to have azure create the
database.
Configuring the database server
6.
You are returned to the home page of the portal. the status and progress of
creating the new database are displayed on one of the tiles.
7. When the database has been created, you should automatically be directed to
the sQL database configuration screen, as shown. You can also get to the
configuration screen by selecting the database from the browse all menu option.
note that the status of the database is online, and therefore it is ready for
use.
Viewing the database properties
8. as shown, click settings to review and configure additional settings for the database, such as auditing and georeplication. this exercise does not go through all of these settings, because they are self-explanatory.
Configuring additional database settings
by default, the firewall settings for this database server would not allow you to connect to it directly from your client. in order to configure firewall settings so that you can connect to the database, click the server name and then select show Firewall settings, as shown.
Configuring the database server firewall settings
10. The client ip address of the machine you are using to access this configuration should be detected. You have the option to add this ip to allow access by clicking add Client ip; you can also specify ranges of ip addresses. Click add Client ip, as shown. the ip address should be added to the access list.
Adding the client IP address to the access list
11. Click save to save the settings. the portal says it may take up to five minutes for the settings to take effect, but it should happen immediately. if you have added the ip address to the access list and saved the settings but are still unable to connect to the database directly, wait a few minutes and then try again.
It is important to save your firewall settings. You can now connect to the database to create tables and add data. Like any database, you can access it via a database-management tool like sQL server Management or Visual studio, or programmatically via database connection strings.
12. From the sQL database menu, click show database Connection strings, as shown. notice that there are four connections strings from which to choose, depending on what type of application you are developing. there is also a handy clipboard option that allows you to copy the connection string.
Azure SQL Database connection strings
13. Click open in Visual studio, as shown in Figure 7-14. then select the option that is most applicable to your scenario. if you already have Visual studio installed, you may need to get the latest update so that Visual studio can connect to an azure sQL database. otherwise, you will get an error message that says Visual studio does not recognize the database type. if you do not have Visual studio, select one of the other options in order to connect to an azure sQL database.
14.
Launch Visual studio.
15. Click tools from the menu, and select Connect to database, as shown
Download Visual Studio updates.
Connecting to a database from Visual Studio
16. select Microsoft sQL server as the data source, and uncheck always Use this selection, as shown. Click Continue.
Selecting a data source in Visual Studio
17. From the azure Management portal, copy the server name, as shown
Copying the Azure SQL database server name
18. paste the server name into the Visual studio add Connection dialog box, select Use sQL server authentication, and provide the required credentials, as shown in
Testing the database connection
19.
Click test Connection to confirm that a successful connection to the database
can be made, as also shown.
20. Click oK to close the dialog box indicating that the test connection
succeeded.
21. Click oK again to close the add Connection window.
22. a new database connection is now established. if you expand data
Connections, you should see the azure SQL database server, as shown. expand it,
right-click tables, and select add new table.
Creating a new table in an Azure SQL database
5 STORSIMPLE
StorSimple is a hybrid on-premises and cloud storage solution. It consists of a 2U rackmount appliance that has SSDs, hard drives, and the ability to use Azure as a storage source.
Rear schematic of a StorSimple 8100 series storage appliance
The idea behind StorSimple is the need for high-speed, low-latency access to frequently used data— hence the local storage on the appliance.
Once the device has reached 95% of capacity, as the data ages out even more, the content is moved to Azure storage. If the file is accessed after it has been moved to Azure storage, it is “promoted” back into the on-premises local StorSimple SSDs, and the aging process starts over. This entire process is transparent to the administrator and end user.
How StorSimple’s aging process for files works
A StorSimple-specific storage account known as the StorSimple Manager is used to configure StorSimple. The StorSimple Manager is an extension of the Azure Management Portal.
Enabling the StorSimple Manager
http://azure.microsoft.com/en-us/documentation/services/storsimple.
StorSimple 8000 appliances provide automatic compression and de-duplication, so there is nothing for an administrator to configure with respect to these capabilities. The appliances have 10 GB Ethernet connections and come in two versions:
StorSimple 8100:
Provides 15 TB to 40 TB of storage on the appliance, depending on the level of compression achieved. The SSD on the 8100 is 800 GB in size. The maximum available storage that an 8100 appliance can handle, including Azure storage, is 200 TB.
StorSimple 8600:
Provides 40 TB to 100 TB of storage on the appliance, depending on the level of compression achieved. The SSD on the 8600 is 2 TB in size. The maximum available storage that an 8600 appliance can handle, including Azure storage, is 500 TB.
INDEX
A
Azure Resource Manager (ARM).............................................................................. 55
Azure Service Management (ASM).......................................................................... 55
Azure Storage accounts........................................................................................... 105
Azure virtual network (a.k.a. VNet).......................................................................... 78
B
BLOB (binary large object)...................................................................................... 105
Blob Storage............................................................................................................ 113
Block blob................................................................................................................ 113
Business Productivity Online Standard Suite (BPOS)............................................... 14
C
Cloud-only VNet........................................................................................................ 78
containers................................................................................................................ 114
CONTENT DELIVERY NETWORK (CDN)....................................................................... 8
Cross-Premises VNet................................................................................................ 78
E
ExpressRoute............................................................................................................. 79
F
File storage............................................................................................................. 105
File Storage............................................................................................................. 112
G
Georedundant storage (GRS).................................................................................. 107
H
Hybrid storage (StorSimple).................................................................................... 105
L
Locally redundant storage (LRS),............................................................................ 107
Lync Online................................................................................................................ 14
N
NAT (network address translation).......................................................................... 88
No VNet..................................................................................................................... 78
O
Office 365.................................................................................................................. 14
Office Pro Plus........................................................................................................... 14
P
Page blob................................................................................................................. 113
Point-to-Site.............................................................................................................. 79
Q
Queues.................................................................................................................... 105
R
Routing and Remote Access Service (RRAS)............................................................ 88
S
SharePoint Online..................................................................................................... 14
Site-to-Site................................................................................................................ 78
SQL databases......................................................................................................... 105
StorSimple............................................................................................................... 135
StorSimple 8000...................................................................................................... 137
StorSimple 8100...................................................................................................... 138
StorSimple 8600...................................................................................................... 138
StorSimple Manager................................................................................................ 136
T
Tables...................................................................................................................... 105
Trust Center............................................................................................................... 14
U
user defined routes (UDR)........................................................................................ 86
REFERENCES
Copeland M, Soh J, Puca A, Manning M, Gollob D (2015) Microsoft Azure: Planning, Deploying, and Managing Your Data Center in the Cloud, Apress Media, California USA
Talaat S. (2015) Pro PowerShell for Microsoft Azure, Apress Media, California USA
Other Books
MICROSOFT_AZURE_ESSENTIALS
Azure for architects
Azure for Architects - Third Edition
Azure Linux Doc
Azure_Developer_Guide_eBook
MICROSOFT_PRESS_EBOOK_AZURE_WEB_APPS_FOR_DEVELOPERS_PDF
Home/ Info/ Products/ Price list/ PC Buyers Guide/ Technology Videos/ Venus Project/ Contact
Copyright BICT Solutions