Docker client in Windows

Microsoft loves open source and I for one a Linux fan. Last month Microsoft has announced a partnership with Docker Inc to include Windows containers in vNext Windows server editions. Also Microsoft Azure supports Linux VMs running Azure configured with Docker containers.

The limitation to use a Linux client machine or boot2docker program on Windows to access Docker containers has been removed. Microsoft has introduced a CLI for Windows which can directly access same. It’s a actually a docker program running under windows command line.

For more information on how to build the Docker CLI in windows please refer below articles.

References

  1. Building Docker CLI in Windows
  2. Docker Private Registry in Azure

Azure Service Outage | Not the end of the world

My worst nightmare came alive. Microsoft had an worldwide outage earlier today which affected all data centers except the new Australian ones. This had a huge impact on third party web sites that is hosted on Azure including their very own Office 365 & Xbox Live services.

According to Microsoft this has been resolved now. But we see user reports from Europe says that issue with hosted VMs and Application Insights are intermittently visible.

Security specialist have verified that there has not been any attempt of security tampering in Azure. Microsoft hasn’t made an official statement yet explaining the root cause.

This is not the first time an issue of this scale happened for any cloud provider. Amazon & Google have faced the same situation before and it’s not like everyday you face this kind of trouble. For Azure’s sake it has been almost a year since a similar issue has happened.

If anybody want latest updates of this issue, please follow Azure Service Health Page for more information.

Update

A full explanation and RCA by Jazon Zander Azure CVP can be found here. Apparently there was a bug in a patch update they have made for the Azure storage.

Alert Management Intelligence Pack | Azure Operational Insights

Alert Management Intelligence Pack brings your on-premise SCOM alerts to Azure Operational Insights. This pack allows you to analyze your SCOM alerts in more granular level by providing below key scenarios on the fly.

  • Number of Alerts raised during a specific time frame
  • Top alert sources with active alerts for a specific time frame
  • Top alerts (Active, Critical & Warning) during a specific time frame
  • Detailed alert search

Let’s see how we can add this Intelligence Pack.

  1. Login to Azure Ops Insight Portal and click Add Intelligence Packs.Alert Management IP Ops Insight 1
  2. Select the Alert Management Intelligence Pack.Alert Management IP Ops Insight 2
  3. Click Add from the gallery.Alert Management IP Ops Insight 3

Don’t expect the alerts to hit Ops Insight Portal instantaneously. It will take some time to gather the data and as usual I will give it 24 hours to settle in.

Alert Management IP Ops Insight 4My IP looks blank at the moment but let me explain what each of these tiles mean.

  • Tile 1 – Active Alerts which are in Critical state
  • Tile 2 – Active Alerts which are in Warning state
  • Tile 3 – Which servers have active alerts for the past 24 hours
  • Tile 4 – Active alerts summary

You can use the Common Alert Queries tile to build your own queries to search for specific alerts.

Alert Management IP Ops Insight 5The minimum frequency for a search is 6 hours. Beyond that you can select a custom date range as well. There are number of filters available to narrow down the search.

Also you can use the search dialog box to,

  • Save a search – Star with + sign
  • Use a saved search – Star
  • Use recent search items – Clock

If you haven’t signed up for Azure Ops Insights yet you can request an account (public preview) from here.

Features missing in Azure AD Premium Trial

I have come across a strange issue with Azure AD recently. When I requested a Azure Active Directory Premium Trial and assigned licenses for the users, some of the features were missing in the Configure tab of my directory.

What was missing?

  • Customized Branding Page
  • Self Service Password Reset
  • Notifications

Scenario

I have two directories in my tenant. I have requested the AAD Premium Trial through my Office 365 directory.

AAD Premium Missing Features

What went wrong?

If you request AAD premium through any other directory than your default directory, the Azure tenant administrator (Microsoft Account) would not have a license assigned by default. When you add another directory this account by default becomes an administrator of that new directory.

In order to enable the features you need to have a license for that account if you have logged into Azure using same.

Solution

  • You can manually assign a license to the global administrator to resolve this issue.
  • Make sure you request your trial through the default subscription. If you need you can change this to the directory you want.

Looks like a simple issue but it can cost a day’s worth for troubleshooting.

Tech Update | AWS System Manager for SCVMM

Wouldn’t it be painful just to use the web browser to manage your resources in Amazon EC2 cloud? How about managing them from VMM? That’s not going to be a problem anymore according to amazon.

Recently Amazon introduced AWS System Manager an add-on that can be installed on SCVMM 2012 SP1 onwards. This will let you to manage your EC2 Windows Instances from VMM console.

Basically you can start,stop, restart your AMIs from this tool. If you require remote access you can even RDP into same.

You can download this tool from here. Most importantly it’s FREE.

More updates from Microsoft Azure

We had a basket full of new features from Microsoft Azure within last two weeks and as Azure Consultant it’s becoming harder for me to even close my eyes knowing that something new will be there in the morning. Today I thought of sharing a glimpse of two cool additions to Microsoft Cloud which enhances IT PRO productivity.

PowerShell Support for Azure Site Recovery

This is a much awaited update. As of today Azure Site Recovery can be fully implemented using PowerShell. Imagine you want to generate an html report on your last failover. Using Get-AzureSiteRecoveryJob cmdlet for an instance you can write a nice script to achieve this.

For a full reference of available Azure Site Recovery PowerShell cmdlets refer this TechNet article. Note that all these cmdlets are only available in Azure PowerShell October 2014 package so it’s time you update your binaries.

Network Security Groups

Network Security Groups are now GA which provides you to create more granular control in your VM networks such as implementing DMZs and Network Segmentation. Ideally if you are hosting a 3-Tier application in Azure and wants to implement strict  traffic filtering in each tier this is the ideal solution for you.

Currently you can leverage this only via PowerShell or REST APIs. Also there are few limitations that you should consider in Network Security groups. But yet again the platform is evolving and Azure Team is working very hard to overcome any obstacles.

For a complete reference of the new feature refer the announcement in Azure Blog.

Cloud security with Microsoft Antimalware

For those who were not too sure about moving into the cloud thinking that your VMs won’t be protected from security threats do not need to worry about with Microsoft Cloud. During TechEd Europe 2014 Microsoft has introduced Microsoft Antimalware, a cloud based security solution for your Azure tenants.

Microsoft Antimalware uses the same engine behind Microsoft Security Essentials and Forefront EndPoint Protection & Windows Defender. Some say that these not so great products but guess what? I’ve seen a POC where it caught 99% of security threats in a customer environment that was designed for security testing where all the other vendors were not able to get that far.

It’s actually a Security-as-a-Service products which will run real time and download all the heuristics and definitions directly from the cloud. And most importantly user interaction required is minimal in this as it would be running in background and intelligently protecting your workloads against security threats.

Lets see what is required to use Antimalware in Azure.

  • Windows Server 2008 R2 or higher OS. Windows Server 2008 & Server Technical Preview is not yet supported.
  • VM Agent – You can enable VM agent at the time on VM creation or enable it later.
  • Latest Microsoft Azure PowerShell SDK Tools which contains the PowerShell cmdlets for Antimalware should be installed.
  • Azure Storage account for antimalware event collection.

How it works

  1. By default this extension is installed in Cloud Services but has been disabled. You can enable it using PowerShell. Please refer here for complete reference of PowerShell cmdlets for Antimalware.
  2. For VMs you can install this via Azure Portal as below or use the PowerShell cmdlets.Microsoft Antimalware VM
  3. Use Visual Studio Server Explorer for Azure for installing in VMs
  4.  Antimalware service management APIs- both VMs & Cloud services.

So remember to use Microsoft Antimalware for Azure workloads from now on if you are not too sure about the security that Microsoft has in place already.

Azure Operational Insights | Agent Installation Explained

Microsoft has announced the all new Azure Operational Insights, the successor to System Center Advisor. It is an online service that allows you to collect statistics from your servers in your data center, analyze them and take proactive actions against any compliance issues. Apart from that Operational Insights allows you to keep you servers inline with change tracking and configuration management.

Today I’m going to discuss how do you connect your environment to Ops Insights. Actually there are two methods to achieve this.

  1. Connecting via SCOM Management server – You’ll need SCOM 2012 SP1/R2 server that is deployed in your environment for this. In this approach you’ll be collecting data from SCOM server by connecting to System Center Advisor service.
  2. Connecting to servers directly – We are going to discuss how do we enable direct connection to Ops Insights in this tutorial.

Prerequisites

  • An active Azure Operational Insights Subscription. You can request one free from here as it’s in public limited preview yet.
  • Microsoft Account/Organizational Account – This is required for signing up with Ops Insights subscription.
  • .NET Framework 3.5 should be installed in the server for enabling intelliTrace Logs. This is a PowerShell Interface to collect advanced application diagnostics data.

Installing Operational Insights Agent

  1. Download the Ops Insight Agent from here or you can sign into your Ops Insight Account and download the agent from there as below.Azure Operational Insights Installation 1
  2. Run the setup file on the server which you need to on board. Make sure that you have opened TCP Port 5723 for the agent communication.Azure Operational Insights Installation 2
  3. Accept the EULA and select the agent install location.Azure Operational Insights Installation 3 Azure Operational Insights Installation 4
  4. In the next screen select Connect the agent to Microsoft Azure Operational Insights option.Azure Operational Insights Installation 5
  5. Provide the Workspace ID & Key in the next screen. These values can be found on Ops Insights portal > Overview > Usage > Direct Server Configuration (Refer Step 1)Azure Operational Insights Installation 6
  6. Select whether you want to configure Windows update to automatically update the agent. I’ll leave that with default NO.Azure Operational Insights Installation 7
  7. Click Install and wait for the Installation to complete.Azure Operational Insights Installation 8Azure Operational Insights Installation 9
  8. Additionally you can change the agent setting through Control Panel > System and Security > Microsoft Monitoring AgentAzure Operational Insights Installation 10Keep in mind as a regular SCOM agent setup your server won’t be visible at once in the Ops Insights portal so give it some time at least 24 hours. Once your servers are connected you can configure Intelligent Packs to analyze your environment.

IIS Web site migration with Azure Website Migration Assistant

As I promised in my last post today we are going to migrate a simple IIS hosted web site to Azure websites.  Note that this tool only supports IIS 6.0 and higher versions.

For this demonstration I have used a standalone Azure VM with a static webpage. I admit that below website is ugly but it serves the purpose.

Azure Website Migration Assistant 17

Setting up Azure Websites Migration Assistant

  1. Navigate to https://www.movemetothecloud.net from your client PC or the IIS server itself.
  2. Click Dedicated IIS Server and then and then Install Tool. This will launch a Click-once Installation. based on my past experience with Click-once I strongly recommend you to use Internet Explorer. Also you can Download for offline use to install in another Server/PC. Note that there is an additional option to Upload an existing migration report which is described later.Azure Website Migration Assistant 1Azure Website Migration Assistant 2
  3. Click yes to Install Web Deploy.Azure Website Migration Assistant 3
  4. In the next screen it will check for all  the dependencies required for the migration. If required it will install the missing components.Azure Website Migration Assistant 4
  5. Choose Migrate sites and databases on the local server to azure option and click Continue, if your are running the tool inside your IIS server. If not select the second option and provide the administrative credentials.Azure Website Migration Assistant 5
  6. It will check for the websites and their relevant dependencies and will allow you to choose which websites you want to migrate. In my scenario I have a simple web page in Default web site so I selected same. Azure Website Migration Assistant 6
  7. It will generate a migration readiness report containing all the configuration information of your IIS instance and dependencies. You can click Upload to continue or Save it locally and upload at a later time. (Refer step 2)Azure Website Migration Assistant 7
  8. Azure will perform a readiness analysis based on the report you uploaded and reports if any errors are found. Click Begin Migration to continue.Azure Website Migration Assistant 8
  9. You will be prompted to provide your Azure credentials here. Azure Website Migration Assistant 10
  10. Select your Tenant, Subscription and the respective region that you want to deploy this website/s and click Start Migration.Azure Website Migration Assistant 11
  11. In the Migration screen it will allow you to customize site level and global settings for the migration such as website names, databases, database sizes etc… Since my IIS server is also an Azure VM I have provided it a name and changed the Site Mode to Free to avoid unwanted credit consumption. Click Create to begin the migration. Azure Website Migration Assistant 12 Azure Website Migration Assistant 13
  12. Migration Assistant will perform the actual migration and once migrated click Publish to publish your site to Azure. Also at the end of the migration if there is any error occurred it will immediately revert the migration and let you to report the error directly to Azure Team via e-mail.Azure Website Migration Assistant 14 Azure Website Migration Assistant 15Azure Website Migration Assistant 16
  13. There were no errors in my migration so the new site looks like below.Azure Website Migration Assistant 18
  14. Additionally if you look at your Azure Portal you can see the new website is running and you and further customize the site as you would do for a regular Azure website. (i.e scale up)Azure Website Migration Assistant 19