Microsoft Azure: Infrastructure as a Service (IaaS)

Slides:



Advertisements
Similar presentations
Managing Windows Azure Virtual Machines from PowerShell
Advertisements

Automating and Managing Windows Azure Solutions with Powershell
Service Manager for MSPs
Linux on Windows Azure Andreas Wasita.
Name Title Microsoft Windows Azure: Migrating Web Applications.
Name Title Microsoft Deploying SharePoint Farms on Windows Azure Virtual Machines.
Migrating Applications to Windows Azure Virtual Machines Michael Washam Senior Technical Evangelist Microsoft Corporation.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
Damian Leibaschoff Support Escalation Engineer Microsoft Becky Ochs Program Manager Microsoft.
Windows Azure Virtual Machines Noam King Azure Lead –Middle East & Africa Microsoft EPG.
Windows Azure Migrating Applications and Workloads Speaker Title Organization.
IT Professionals 03 | Managing Windows Azure Virtual Machines from PowerShell David Tesar | Microsoft Technical Evangelist David Aiken | Microsoft Group.
1/27/2018 5:13 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Reporting Services 2012 Data Alerts
Building AD-SQL-APP Server on AZURE
Building ARM IaaS Application Environment
TechReady 16 5/10/2018 Day 2, Session 4 Reaching the Summit: ITIL-integrated Self-Service in the Hybrid Cloud © 2013 Microsoft Corporation. All rights.
Microsoft Azure Deployment Planning Services
Deploying SharePoint Farms on Windows Azure Virtual Machines
Virtual desktops in the cloud: Experiences from the field
Citrix Reference Architecture on Microsoft Azure
Deployment Planning Services
Developing Hybrid Apps on Microsoft Azure Stack
6/17/2018 5:54 AM OSP322 Getting the best of both worlds, making the most of SharePoint hybrid search solutions Shyam Narayan Microsoft © 2013 Microsoft.
Migrating your IaaS infrastructure from ASM to ARM without downtime
Infrastructure Provisioning Kenon Owens Sr
Microsoft Azure Deployment Planning Services
Building Applications with Windows Azure and SQL Azure
Configuration Management with Azure Automation DSC
Windows Azure Pack : Express Installation
Design and Implement Cloud Data Platform Solutions
RMS Architecture EMS Partner Bootcamp TechReady 18 9/17/2018
Microsoft Azure Deployment Planning Services
Azure Primed Randy Pagels Sr. Developer Technology Specialist
Build /21/2018 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.
11/11/2018 Desktop Virtualization Corey Hynes Kyle Rosenthal President Technical Lead HynesITe Inc Spider Consulting @windowspcguy.
Windows PowerShell Remoting: Definitely NOT Just for Servers
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
持續的產出Windows Azure 雲端服務
Extending Enterprise Networks to Windows Azure
Обзор Windows Azure Connect
TechEd /21/2018 5:20 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
TechEd /23/ :44 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
Microsoft Virtual Academy
ARM and Compliance Vishwas Lele & Jason McNutt
Manage Your Enterprise from a Single Seat: Windows PowerShell Remoting
Microsoft Virtual Academy
Microsoft Virtual Academy
M318.
System Center Application Management
Create IaaS SQL Server Test Premise Environment in Azure Cloud
Office 365 Development.
MDC-B203 Deploying Applications in Microsoft System Center Virtual Machine Manager Using Services John Messec Program Manager Microsoft.
Upgrading Your Private Cloud with Windows Server 2012 R2
Microsoft Virtual Academy
TechEd /23/2019 9:23 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
M6: Advanced Identity Management topics for Office 365
Service Template Creation from the Ground Up
Service Template Creation from the Ground Up
A - E Cloud Enterprise Symbols
Microsoft Virtual Academy
Day 2, Session 2 Connecting System Center to the Public Cloud
Server Management and Automation Windows Server 2012 R2
Microsoft Virtual Academy
SCCM in hybrid world Predrag Jelesijević Microsoft 7/6/ :17 AM
Making Windows Azure Relevant to IT Professionals
Microsoft Virtual Academy
Microsoft Virtual Academy
VNet and Cross-Premises Connectivity
Presentation transcript:

Microsoft Azure: Infrastructure as a Service (IaaS)

Module 5: Managing Virtual Machines (VMs) from Windows PowerShell

Introduction Management mechanisms

Microsoft Azure Resource Group Resource Groups exist within a subscription A resource group can be secured via Role Based Access Control Resource groups are created via the Portal https://portal.azure.com or through RM PowerShell cmdlets Security boundary for administration of individual or group resources Unit of billing

Azure Resource Manager API (ARMAPI) – ARM The Azure Resource Manager API provides programmatic access to much of the functionality available through the Management Portal https://portal.azure.com . The ARMAPI is a REST API. All API operations are performed over SSL and mutually authenticated using Azure Active Directory The subscription ID forms part of the URI for every call made to the ARMAPI https://management.azure.com/subscriptions/<subscriptionId>/resourceGr oups/<resourceGroupName>/... Azure Resource Manager API (ARMAPI) – ARM The subscription ID forms part of the URI, which is in line with the fact that the Subscription in the security boundary for the administration of the resources. Introduce the two ways to manage Azure services. ARM supports modern deployment practices. It is designed to be extensible to all current and future services. An IT Pro rarely, if ever, will use the API directly, although all other Azure tools do use the API. So, the programmatic aspect of this is not really relevant, but as of the ARM API, how the VMs are accessed has completely changed because of the different API. NOTES

Module 5: PowerShell Azure Resource Management

Logging in to Azure Login-AzureRmAccount With no parameters, will ask you to login, then will automatically select first Azure subscription it finds With –SubscriptionName or –SubscriptionId parameter, will ask you to log in, then select specific subscription Use –Credential if you already have credentials file Before executing any other ‘RM’ commands, you need to first log in Slide Objectives Explain how to use Login-AzureRMAccount. This is the ARM replacement for Add-AzureAccount. Login-AzureRMAccount will only load the first subscription it finds into the running instance of PowerShell, unlike Add-AzureAccount, which loads all subscriptions. Notes

How do I create an Azure Credential? An Azure Credential will allow you run a PowerShell script without a login prompt Does not use an .X509 Certificate (although you can) Uses an Azure Service Principal for an Azure AD Application You don’t need to write a physical application, you just need to register an application name in Azure AD You must use an organizational account as the service principal identity, Microsoft accounts will not work (ie @Hotmail.com). https://azure.microsoft.com/en-in/documentation/articles/resource-group-authenticate-service-principal/ https://azure.microsoft.com/en-in/documentation/articles/resource-group-authenticate-service- principal/

Retrieving your Azure Subscription Get-AzureRmSubscription | Select SubscriptionName, SubscriptionId Returns all subscriptions related to previous Login-AzureRMAccount command Provides subscription name and ID With –SubscriptionName or –SubscriptionId parameter, will return information about this particular subscription Generally used to gather list of subscriptions or a particular subscription Get-AzureRmSubscription does the same thing as Add-AzureAccount used to do. I pulls down all subscription information related to a login and loads it in to the running PowerShell instance. Login-AzureRMAccount does not pull down subscription information.

Selecting your Azure Subscription Select-AzureRmSubscription With –SubscriptionName or –SubscriptionId parameter, will select this subscription into the running PowerShell session Generally used to gather list of subscriptions or a particular subscription After you login and get the subscription, you can select from one of the subscriptions that Get- AzureRMSubscription loaded up. Alternatively, if you know the name or subscriptionId, you don’t have to call Get-AzureRMSubscription

Creating a new Resource Group An empty resource group New-AzureRmResourceGroup –Name $resourceGroupNametion –Location $location A resource group from a custom template New-AzureRmResourceGroup –Name $ResourceGroupName –Location $Location -TemplateFile ‘.\ContosoHosting.json’ -DeploymentName $deploymentName -TemplateParameterFile ‘.\ContosoHostingParms.json’ Generally, the first steps with doing anything in ARM, is that you need a resource group. Then, you need to create a ARM storage account to start storing VMs in Creating a new ARM Storage account An new locally redundant ARM storage account New-AzureRmStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAcctName - Type Standard_LRS -Location $location

Creating a Virtual Network 9/19/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. Creating a Virtual Network Configure a Subnet to put the VM in $subnet = New-AzureRmVirtualNetworkSubnetConfig -Name $subnetName ` -AddressPrefix "10.0.64.0/24" Create the Virtual Network to put the subnet in $vnet = New-AzureRmVirtualNetwork -Name $vnetName ` -ResourceGroupName $resourceGroupName ` -Location $location ` -AddressPrefix "10.0.0.0/16" -Subnet $subnet Confirm Subnet configuration $subnet = Get-AzureRmVirtualNetworkSubnetConfig ` -Name $subnetName -VirtualNetwork $vnet Next few slides show parts of the PowerShell for a single VM with a ILPIP -AllocationMethod could have been dynamic -DomainNameLabel will end up as $testname.westus.cloudapp.azure.com

Create IL Public IP address and NIC 9/19/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. Create IL Public IP address and NIC Create a new instance level public IP address $pip = New-AzureRmPublicIpAddress ` -ResourceGroupName $resourceGroupName ` -Name $vipName -Location $location ` -AllocationMethod Dynamic ` -DomainNameLabel $domainLabel Create a new Network Interface $nic = New-AzureRmNetworkInterface ` -ResourceGroupName $resourceGroupName ` -Name "nic1" -Subnet $subnet ` -Location $location -PublicIpAddress $pip ` -PrivateIpAddress "10.0.64.4" Next 3 slides show parts of the PowerShell for a single VM with a ILPIP -AllocationMethod could have been dynamic -DomainNameLabel will end up as $testname.westus.cloudapp.azure.com

VM image retrieval Image identification (example) PowerShell 9/19/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. VM image retrieval Image identification (example) Publisher - MicrosoftWindowsServer Offer - WindowsServer SKU – 2012-R2-Datacenter Version – 4.0.201506 Location – westus PowerShell $publisher = Get-AzureRmVMImagePublisher –Location $location $offer = Get-AzureRmVMImageOffer –Location $location –PublisherName $publisher $sku = Get-AzureRmVMImageSku –Location $location –PublisherName $publisher –Offer $offer $imageName = Get-AzureRmVMImage –Location $location –Offer $offer –PublisherName $publisher –SKUs $sku Save-AzureRmVMImage This slide focuses on the new way you have to go about getting a VM image. Get-AzureVMImagePublisher – get the available publishers Get-AzureVMImageOffer – get the available offers from a publisher Get-AzureVMImageSku – get the SKUs for a publisher and offer Get-AzureVMImage – get the image for a specific SKU Save-AzureVMImage – save a custom image Notice how everything points to the data center because each data center may contain different machines and capabilities

General Output of Get-AzureRmVMImage… Windows SQL Get-AzureRmVMImagePublisher MicrosoftWindowsServer MicrosoftSQLServer Get-AzureRmVMImageOffer WindowsServer SQL2008R2SP3-WS2008R2SP1 SQL2012SP2-WS2012 SQL2012SP2-WS2012R2 SQL2014-WS2012R2 SQL2014SP1-WS2012R2 SQL2016CTP2-WS2012R2 Get-AzureRmVMImageSKU 2008-R2-SP1 2012-Datacenter 2012-R2-Datacenter 2016-Technical-Preview-3-with-Containers Windows-Server-Technical-Preview Get-AzureRmVMImageSKU (SQL2012SP2-WS2012R2) Enterprise Enterprise-Optimized-for-DW Enterprise-Optimized-for-OLTP Standard Web The first thing people are going to ask is ‘how will I know where to get this information from’. This chart will be very handy because they will be able to reference it when they start building their own machines instead of having to run the PS to find the information.

Configuring a VM prior to creation 9/19/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. Configuring a VM prior to creation Setup a new VM configuration $vmConfig = New-AzureRmVMConfig –VMName $vmName ` -VMSize $vmSize | Set the Operating System Parameters Set-AzureRmVMOperatingSystem -Windows ` -ComputerName $vmName -Credential $cred ` -ProvisionVMAgent -EnableAutoUpdate | Set the VM Image Source location Set-AzureRmVMSourceImage ` -PublisherName $publisher -Offer $offer ` -Skus $sku -Version $version | Note that the commands on this slide and the next are one large command. Also note the –Credential parameter for the Set-AzureRmVMOperatingSystem command. You can no longer just enter username and password like in Classic

Deploying a VM Setup OS Disk caching parameters (optional) © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. 9/19/2018 Deploying a VM Setup OS Disk caching parameters (optional) Set-AzureRmVMOSDisk -Name $vmName ` -VhdUri $vhdUri -Caching ReadWrite ` -CreateOption fromImage | Add the network interace to the VM configuration Add-AzureRmVMNetworkInterface -Id $nic.Id Create the new VM New-AzureRmVM -ResourceGroupName $resourceGroupName` -Location $location -VM $vmConfig -Name $vmName

Complete Command for VM configuration $vmConfig = New-AzureRmVMConfig –VMName $vmName -VMSize "Standard_D1" | Set-AzureRmVMOperatingSystem -Windows -ComputerName $vmName -Credential $cred -ProvisionVMAgent -EnableAutoUpdate | Set-AzureRmVMSourceImage -PublisherName $publisher -Offer $offer -Skus $sku -Version "4.0.201506" | Set-AzureRmVMOSDisk -Name $diskName -VhdUri $osDiskUri -Caching ReadWrite -CreateOption fromImage | Add-AzureRmVMNetworkInterface -Id $nic.Id New-AzureRmVM -ResourceGroupName $resourceGroupName -Location $location -VM $vmConfig -Name $vmName

Create a Static Public IP address New-AzureRmPublicIpAddress Options $vip = New-AzureRmPublicIpAddress -ResourceGroupName $resourceGroupName -Name "VIP1" -Location $location -AllocationMethod Static -DomainNameLabel $domainName Name – the name to be applied to the VIP Allocation method – static or dynamic, depends on if you want a reserved IP address DomainNameLabel – provides a DNS name like ‘contoso.eastus.cloudapp.azure.com Get information about IP address Get-AzureRMPublicIPAddress –Name ‘VIP1’ –ResourceGroupName $resourceGroupName Public static IP addresses, 20 per subscription Public dynamic IP addresses, 60 per subscription Public front end IP per load balancer ~ 5 Private front end IP per load balancer ~ 1 Note: The certificates must already be installed in the cloud service. You can find an example at http://michaelwasham.com/2012/08/23/deploying-certificates-with-windows-azure-virtual-machines-and-powershell/

Create a Static Private IP New-AzureRmVMNetworkInterface Options $nic1 = New-AzureRmNetworkInterface -ResourceGroupName $resourceGroupName ` -Name "nic1" -Subnet $subnet -Location $location -PrivateIpAddress '10.0.0.54' ` -LoadBalancerInboundNatRule $alb.InboundNatRules[0] ` -LoadBalancerBackendAddressPool $alb.BackendAddressPools[0] ARM VMs are associated with NICs NICs are connected to a subnet You do not need to specify ‘Static’ to have a static IP address, that is the default when you specify -PrivateIpAddress Note: The certificates must already be installed in the cloud service. You can find an example at http://michaelwasham.com/2012/08/23/deploying-certificates-with-windows-azure-virtual-machines-and-powershell/

Configuring Load Balancing (example) # establish load balancer configuration using pre-recreated public IP address $feIpConfig = New-AzureRmLoadBalancerFrontendIpConfig -Name "FEIP" `    -PublicIpAddress $vip # establish a NAT rule to allow RDP access $inboundNATRule1 = New-AzureRmLoadBalancerInboundNatRuleConfig -Name "RDP1" `    -FrontendIpConfiguration $feIpConfig `    -Protocol TCP -FrontendPort 3441 -BackendPort 3389 # establish the backend pool configuration $beAddressPool = New-AzureRmLoadBalancerBackendAddressPoolConfig -Name "LBBE" # establish a health probe $healthProbe = New-AzureRmLoadBalancerProbeConfig -Name "HealthProbe" `    -RequestPath "HealthProbe.aspx" -Protocol http -Port 80 `    -IntervalInSeconds 15 -ProbeCount 2 # establish a load balancer rule for Http access  $lbrule = New-AzureRmLoadBalancerRuleConfig -Name "HTTP" `    -FrontendIpConfiguration $feIpConfig1 -BackendAddressPool $beAddressPool `    -Probe $healthProbe -Protocol Tcp -FrontendPort 80 -BackendPort 80 # Configure the load balancer  $alb = New-AzureRmLoadBalancer -ResourceGroupName "SomeResourceGroup" `    -Name "ALB" -Location "westus" -FrontendIpConfiguration $feIpConfig `    -InboundNatRule $inboundNATRule1 `    -LoadBalancingRule $lbrule -BackendAddressPool $beAddressPool `    -Probe $healthProbe The purpose of this slide is to show the steps necessary to setup an Azure Load Balancer. With slight modifications, it could also be an internal (or private) load balancer

User Defined Routes New-AzureRmRouteTable Options $myTable = New-AzureRmRouteTable –Name FrontEndSubnetRouteTable –Location ‘West US’ –ResourceGroupName $resourceGroupName Add a Route to a Route Table $myTable | Add-AzureRmRouteConfig –Name FirewallRoute –AddressPrefix 10.2.0.0/16 –NextHopType VirtualAppliance –NetHopIpAddress 10.1.1.10 | Set-AzureRmRouteTable Apply to Subnet Set-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name $subnetName -AddressPrefix $subnet.AddressPrefix -RouteTableId $myTable.Id | Set-AzureRmVirtualNetwork View Applied Routes Get-AzureRmRouteTable -ResourceGroupName $rgName -Name $routeTableName https://azure.microsoft.com/en-in/documentation/articles/virtual-networks-udr-overview/ (this like will show classic cmdlets, but the process is the same)

Demo: ARM PowerShell Script Demo Script: In the Demos folder, open the LoadBalancedVM_V2 folder and PS script with PowerShell ISE For more information about deploying DCs in Azure, see: New forest: http://www.windowsazure.com/en-us/manage/services/networking/active-directory-forest/ Replica DC: http://www.windowsazure.com/en-us/manage/services/networking/replica-domain-controller/

PowerShell Progression … DSC Overview http://technet.microsoft.com/en-us/library/dn249912.aspx PowerShell blog - http://blogs.msdn.com/b/powershell/archive/2014/04/03/configuring-an-azure- vm-using-powershell-dsc.aspx Azure DSC - http://blogs.msdn.com/b/powershell/archive/2014/08/07/introducing-the-azure- powershell-dsc-desired-state-configuration-extension.aspx Azure DSC video - http://www.youtube.com/watch?v=Az8pmHt-EbA http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/DCIM-B324#fbid=

PowerShell Desired State Configuration (DSC)… 9/19/2018 Simplifies configuration Prevents configuration drift Flexible deployment options Enables continuous deployment Development Test Production Click – simplifies the configuration of VMs that are in Azure Click – prevents configuration drift, slight changes could have happened and no one knows what has changed. With DSC, the same script can be reapplied – more in later slides Click – Flexible deployment options – various deployment options, you have multiple ways to do things, on-premises, in the cloud, or having machines configure themselves by running scripts, or injection into VM at creation time Click – allows people to do continuous deployment. As a dev, move dev box config and move to production etc © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

DSC Leveraged Traditional Scripts Configuration Intent 9/19/2018 DSC Leveraged Configuration Intent Traditional Scripts Dependency Resolution Intent DSC Engine (local config mgr) Dependency Resolution Logging & Error Handling Reboot Resiliency Repeatable Automation Logging & Error Handling Reboot Resiliency Most companies have already invested in PowerShell and have lots of scripts available, therefore they don’t understand the value of DSC because it is just PowerShell Simple representation, (on left), unless you are author, you don’t know what the scripts are doing because people rarely comment their PS well enough Click – with DSC, when you write the script for the configuration you have to expose the intent of what you are doing, meaning, what do you want installed on the machine Click – Then you pull in the technology specific resources that would be used. These Reusable components are bundled with the package sent to the machine along with the configuration, that shows the intent of resources Click – Then in the middle there is the DSC engine which takes care of all the things listed – this is called the Local Configuration Manager Repeatable Automation Resources Technology Specific Technology Specific © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

DSC Terminology Configuration – this is a new PowerShell keyword used to collect a block of configuration information for the VM Node – this is the name of the target computer, which can be a variable Resource – DSC comes with a set of built in system configuration resources that will be deployed to the VM for configuration MOF file - DSC tells the target nodes what configuration they should have by sending a MOF file with that information to each node, where the Local Configuration Manager implements the desired configuration Local Configuration Manager (LCM)– DSC engine that runs on all target nodes. Calls configuration resources that are included in the configuration script DSC Pull Server – LCM on node performs compliance check and if necessary pulls script from another server Getting started with DSC http://technet.microsoft.com/en-us/library/dn249918.aspx MOF File - DSC tells the target nodes what configuration they should have by sending a MOF file with that information to each node, where the Local Configuration Manager implements the desired configuration. Because this file contains the details of the configuration, it’s important to keep it secure. To do this, you can set the Local Configuration Manager to check the credentials of a user. This topic describes how to transmit those credentials securely to the target node by encrypting them with certificates Local Configuration Manager is the Windows PowerShell Desired State Configuration (DSC) engine. It runs on all target nodes, and it is responsible for calling the configuration resources that are included in a DSC configuration script. This topic lists the properties of Local Configuration Manager and describes how you can modify the Local Configuration Manager settings on a target node. http://technet.microsoft.com/en-us/library/dn249922.aspx Windows PowerShell Desired State Configuration (DSC) offers two ways to let target nodes know what configuration they should have. In “push” mode (the default), you have to transmit configuration files to each target node yourself, keeping track of which configurations go with which nodes. In “pull” mode, the Local Configuration Manager (LCM) target node (a pull client, if so configured) performs a compliance check on the configuration of the node. If the client is configured as desired, nothing happens. If not, the LCM requests the pull server for the current configuration. If it finds a configuration marked for itself (and the configuration passes validation checks) the configuration is transmitted to the pull client, where the LCM executes it. If the configuration requires resources that the pull client is missing, they get downloaded as well. http://technet.microsoft.com/en-us/library/dn249913.aspx

Simplify Configuration Setup a Web Server Follow the steps in the demo document located at .\M4-Management\Demos\DSCWebServerDeploy in the document DSCWebServerDeploy.docx

Configuration Drift with standard scripts 9/19/2018 Configuration Drift with standard scripts Traditional Script Traditional Script Traditional Script Traditional Script Traditional Script Traditional Script Traditional Script Traditional Script This slide represents a scenario where the IT team has deployed standard PS scripts out to an environment. Somewhere along the way, a configuration gets changed on may be just one or two machines, meaning the configuration file that was deployed to the machine gets changed or someone physically changed the machine and now it is different than when originally configured. Typically, you aren’t going to know that something went wrong and therefore there is no correction.. You would have to hardcode a way to get it to detect a problem and then re-run the script, after somehow getting the right script from the source. In order to correct this via PowerShell, you would have to re-deploy the scripts to the incorrectly setup machines again and run the script again. © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Configuration Drift with DSC 9/19/2018 Dsc Configuration Dsc Configuration Dsc Configuration Dsc Configuration Dsc Configuration Dsc Configuration As compared to the previous slide, for DSC, you have the ability to push the configuration to the machines and there is a DSC engine (Local Configuration Manager) (WMI hosted process, not a service) that runs on each node that can be configured to re-run the script at intervals etc. This makes it so that if the machine falls outside of the configured range, the next time the script runs it will reset the machine. Configuration stays on the node. The big difference is the configuration stays on these nodes. 3 different options: Run once – and then do nothing Run and log if it is in the desired state Run, log and fix the desired state © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Configuration Staging Area Push Model Pull Model Components & Phases “Make it So” Phase (Declarative configuration is reified through imperative providers.) Staging Phase Fully declarative configuration representation using DMTF standard MOF instances Configuration is calculated for all nodes Authoring Phase (May include imperative as well as declarative code) Local Configuration Store PowerShell Configuration Staging Area (Contains DSC data) Pull Server (Contains DSC data and Modules) Parser and Dispatcher 3rd party languages and tools Click – Talk about different components of DSC. Authoring is in PS. You typically don’t need to have the latest version of PowerShell although it is suggested. Just need to generate MOF file. 3rd party utilities can also generate a MOF file Click – The staging phase is the MOF file itself. Creates an ILL (intermediate language) file. When you are pushing the configuration out to a machine, you have one MOF file per machine that you are going to be sending the configuration out to. Click – The configuration phase is where the MOF files get deployed out to the machines. This includes the resources required, the DSC engine etc. The MOF file gets enacted during this phase. Click – There is also a push model, you generate the MOF on the local system, you then run a PS script that then pushes the MOF file out to the target node. The MOF file gets received by the DSC engine and enacts it. You do need to have all resources available on the node in order for a successful run. Click – In the Pull model it is just about the same type of flow. Generate the MOF on the local machine, push the MOF up to a central repository and then the DSC engine, after you tell it to, goes up to the central repository , pulls the MOF down and then enacts it. Allows you to put a configuration up in a central location where all nodes can go get it. Also, in the Pull model, if the node discovers that it needs resources that don’t exist on the node, it will go back to the central repository to get the resources. You have to tell the node that it is in pull server mode and then it periodically goes out and pulls down the info. You can now say ‘pull now’ Resources When authoring in PowerShell: Declarative syntax extensions Schema-driven Intellisense Schema validation (early-binding) Resources implement changes: Monotonic Imperative Idempotent

DSC Decouples … Intent WHAT : Structural Configuration 9/19/2018 DSC Decouples … Configuration Intent Intent WHAT : Structural Configuration Stays same irrespective of the environment WHERE : Environmental Configuration Changes as system goes through different env. Dev  Test  Production DSC Engine Dependency Resolution Logging & Error Handling Reboot Resiliency Repeatable Automation Click – As we have discussed in previous slides, there is the configuration that is the ‘intent’ of what the user wants, then we have the resources that will be used to do the work (the actions) and then we have the engine that does the work by using the resources and the configuration. Click – You can combine the resources and engine into ‘how’ something will be done. When it comes to the intent, this can be separated into two pieces: What – here is the structure that I want the machines to have, they need to be web servers etc. Where do I want this configuration to take place, dev, production? What are the names of the machines and web sites? This is changing information and allows moving from one environment to another. Make It So HOW : DSC Resources Do the heavy lifting in an idempotent way Resources Technology Specific © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

DSC Enables … Configuration as Code DevOps Cloud Scale Conflict detection Single source, multiple environments Composable, common components Configuration as Code Common toolset for Dev & Ops Apply Dev practices to Ops Continuous deployment DevOps Reduce complexity from within On-demand system creation and tear down Cloud Scale Click – A customer can start by writing configuration files, these are ILL files. During configuration, you can detect any sort of conflict between environments, deploy the same configuration to multiple environments. Composable means that you can reuse configuration scripts that you write. You could have a configuration that sets up a domain controller and another that is for SQL, and ties these two together. Click – DevOps – You can have a common toolset for development and production purposes. Click – you can also configure many machines, even at Cloud scale, by applying the configuration to it.

Troubleshooting DSC Locating the DSC Event logs Operation Log – contains all error messages and is used to identify problems Analytic Log – shows a higher volume of events and can be used to identify where a problem occurred Debug Log - contains logs that can help you understand how the errors occurred http://technet.microsoft.com/en-us/library/dn249926.aspx On the Azure VM, you should be able to find the event logs at the location show in the screenshot. You will still have to enable the analytic and debug logs though

Troubleshooting DSC (con’t) Locating the log files – located at C:\WindowsAzure\Logs\Plugins\Microsoft.PowerShell.DSC\dscversion# The bottom sub-directory will change depending on the version number of DSC

Demo DSC Log Files For this optional demo, RDP into the machine you created in the previous steps and show where the log files are. Also take a look at what’s inside the log files.

Module 5: PowerShell Classic

What Can You Do with Azure PowerShell? Automation Query, manage and configure VMs across multiple subscriptions, cloud services, and storage accounts. Provision Fully Configured VMs Domain-joined Storage and networking configured Virtual Networking Completely configure virtual networks from a script

Getting Subscription Information Use Add-AzureAccount to import subscription information into the PowerShell session window Automatically pulls in all subscription information and configures one of the subscriptions as the default subscription. You can change this by calling Get-AzureSubscription and then Select-AzureSubscription Allows non-interactive mode by using the –Credentials parameter Slide Objectives Explain how to use Add-AzureAccount Notes This command will prompt you to sign in with your Azure credentials then will import all subscription information. Non-interactive login support for Microsoft Organizational account with Add-AzureAccount - Credential

Subscription Management Subscription Settings Persisted C:\Users\user\AppData\Roaming\Microsoft Azure Powershell Subscription Example <Subscription name="somesub1"> <SubscriptionId>13d83b03-6d06-4770-943c-3d46766c3a35</SubscriptionId> <Thumbprint>2AC8112B34CC840A30B9C2716AE840D5DC107510</Thumbprint> <ServiceEndpoint>https://management.core.windows.net/</ServiceEndpoint> </Subscription> [EDITOR] TWB_Trevor: Should this be “protected folders” or “system folders”? Slide Objectives Explain where subscription settings are persisted. To see the AppData directory, you have to un-hide protected folders. Notes The subscription XML file supports multiple subscriptions. You can use a single Windows PowerShell session to perform administrative tasks on Virtual Machines (VMs) and services across all of your configured subscriptions. [EDITOR] TWB_Trevor: Is it acceptable to use first person in the content? Here, the information can be read in two ways: as speaking points for the trainer, or as an anecdote from the author. If it the former, first person should be ok. If it is the latter, first person should be removed. Also, kindly validate the edits made to the note against the original content. Note: I have seen situations in which, when you run Windows PowerShell, it occasionally continues to use old certificate thumbprints. I had to delete the subscription management file so that it would be recreated correctly.

Manual Subscription Configuration Associate Certificate and Subscription ID $cert = Get-Item cert:\CurrentUser\My\CERTTHUMBPRINT Set-AzureSubscription 'mysub' -Certificate $cert -SubscriptionID $id Notes Use this method if you want to specify a certificate that you have created manually.

Switching Between Subscription Settings Multiple Subscription Support Get-AzureSubscription | foreach { Select-AzureSubscription $_.SubscriptionName # Perform Management Operation Against Each Subscription } Slide Objectives Explain how to switch contexts when scripting against multiple subscriptions. Notes Get-AzureSubscription returns all configured subscriptions. Select-AzureSubscription sets the current subscription. This is important because when you are deploying VMs, you need to select the right subscription. Often if you do not select a subscription, you could receive an exception when the script runs, because the certificate you are using may not be a part of the subscription.

Setting the Current Storage Account Returns Storage Account Get-AzureStorageAccount | Select StorageAccountName *returns only the storage account(s) in the currently selected subscription Sets the Current Storage Account Set-AzureSubscription 'somesub1' -CurrentStorageAccount 'mystorage‘ Slide Objectives Explain how to set the current storage account that the cmdlets will use. Notes Certain cmdlets like New-AzureVM or New-AzureQuickVM require that the user specify the storage account to use. Since each subscription can contain multiple storage accounts, the property name to set is CurrentStorageAccount. This allows you to easily change the storage account for different operations.

Getting Subscription Information Use Get-AzurePublishSettingsFile and Import-AzurePublishSettingsFile to import downloaded Publish Profile (.publishsettings) https://azure.microsoft.com/en-in/downloads/publishing-profile-overview/ Automatically configures: Subscription ID Certificate Service Endpoint Subscription Name Slide Objectives Explain how to download the Azure publishsettings file and import the file into the PowerShell session. The .publishsettings file contains the following: Your subscription information The service endpoint Subscription name Certificate Once you have downloaded the .publishsettings file, you can use the Import- AzurePublishSettingsFile cmdlet to install the certificate and configure your Windows PowerShell environment. Most often, to get this to work, you need to be logged in to Microsoft Azure. This is because when you run Get-AzurePublishSettingsFile, Internet Explorer will appear and prompt you to download the file. Classic

Information Needed to Create a VM Image Name Get-AzureVMImage | select ImageName Disk Name Get-AzureDisk | select DiskName Get Image name ~ latest WS2012R2 $imageName = (Get-AzureVMImage | Where { $_.ImageFamily -eq "Windows Server 2012 R2 Datacenter" } | sort PublishedDate -Descending | Select-Object -First 1).ImageName Data Center Location Get-AzureLocation Notes To create a VM, you need to start with either an image or a disk and specify where to place the VM.  Classic

Virtual Machine Management Quick VM Provisioning Mode Supports VM creation in a single cmdlet (New-AzureQuickVM) Advanced Provisioning Configuration Mode Provision with: Endpoints, Data Disks Configure: Cache settings for OS/Data Disks and Subnet Names Create Multiple Pre-Defined VMs in a Batch New-AzureVM -VMs $vm1, $vm2, $vm3 Classic

Simple VM Creation First VM in a new Cloud Service (-Location parameter used) New VM in an existing Cloud Service (-Location parameter not used) Creating a Linux VM in an existing Cloud Service New-AzureQuickVM -Windows -ServiceName $svc -Name $vm1 -ImageName $wimg -Location $location -Password $pwd –AdminUserName $adminName New-AzureQuickVM -Windows -ServiceName $svc -Name $vm2 -ImageName $wimg –AdminUserName $adminName Password $pwd Slide Objectives Use examples to explain a key component of using the cmdlets. Notes When you use the -Location or - AffinityGroup switches, the cmdlets will attempt to create a new cloud service to deploy the VM to. If you do not specify either, the cmdlets assume that the cloud service exists in the current subscription. New-AzureQuickVM -Linux -ServiceName $svc -Name $vm3 -ImageName $limg -LinuxUser $lu -Password $pwd Classic

Configuring VM at Provisioning Create a Configuration Object with New-AzureVMConfig Modify with Add-* cmdlets Add with New-AzureVM New-AzureVMConfig -Name $vm1 -InstanceSize Medium -ImageName $img | Add-AzureProvisioningConfig -Windows -AdminUserName $adminName -Password $pwd | Add-AzureDataDisk -CreateNew -DiskLabel 'data' -DiskSizeInGB 10 -LUN 0 | Add-AzureEndpoint -Name 'web' -PublicPort 80 -LocalPort 80 -Protocol tcp | New-AzureVM -ServiceName $newSvc -Location $location Slide Objectives Understand how you can configure various settings in a batch using Windows PowerShell. Notes New-AzureVMConfig and New-AzureVM allow the batched creation of a VM. New-AzureVMConfig returns a configuration object that is passed to other cmdlets to modify via the Windows PowerShell pipeline. Finally, it is passed to New-AzureVM. The cmdlet creates the VM with all of the configuration settings specified. [EDITOR] TWB_Trevor: It seems odd to use “finally” here, given that this is not a long process – or, at least, has not been described in great detail. Kindly consider removing it, or replacing it with something that clarifies context. Classic

VM Batch Creation Create multiple configured VMs and pass them to New-AzureVM $vm1 = New-AzureVMConfig -Name 'myvm1' -InstanceSize 'Small' -ImageName $img | Add-AzureProvisioningConfig -Windows –AdminUserName $adminName -Password $pwd $vm2 = New-AzureVMConfig -Name 'myvm1' -InstanceSize 'Small' -ImageName $img | Add-AzureProvisioningConfig -Windows –AdminUserName $adminName -Password $pwd $vm3 = New-AzureVMConfig -Name 'myvm1' -InstanceSize 'Small' -ImageName $img | Add-AzureProvisioningConfig -Windows –AdminUserName $adminName -Password $pwd New-AzureVM -CreateService -ServiceName $cloudSvcName -VMs $vm1,$vm2,$vm3 -Location $dc Notes It is also possible to create multiple configuration objects for multiple VMs and pass them to the New-AzureVM cmdlet as an array. Classic

VM Batch Creation - Using an Array Create multiple configured VMs and pass them to New-AzureVM $vmcount = 5 $vms = @() for($i = 0; $i -lt 5; $i++) { $vmn = 'myvm' + $i $vms += New-AzureVMConfig -Name $vmn -InstanceSize 'Small' -ImageName $img | Add-AzureProvisioningConfig -Windows –AdminUserName $adminName -Password $pwd | Add-AzureDataDisk -CreateNew -DiskLabel 'data' -DiskSizeInGB 10 -LUN 0 | Add-AzureDataDisk -CreateNew -DiskLabel 'logs' -DiskSizeInGB 10 -LUN 1 } New-AzureVM -ServiceName $cloudSvcName -VMs $vms -Location $dc Notes Another example of batch VM creation is using an array or loop to create multiple VMs. Classic

Common Settings Name AvailabilitySetName InstanceSize Classic The name of the VM AvailabilitySetName The availability set (used for high availability) Notes Explain other common settings used to provision a VM. InstanceSize A0 – A11, D1 – 4, D11 – D14, G1 – G5 + ‘S’ Series machines Classic

Windows Provisioning Options Add-AzureProvisioningConfig Options -Windows –AdminUserName $adminName -Password $pwd -WindowsDomain -Password $pwd -Domain $dom, -JoinDomain $fqdn, -DomainUser $domUser -DomainPassword $domPwd -MachineObjectOU $ou -DisableAutomaticUpdates -NoRDPEndpoint, -TimeZone, Certificates Slide Objectives Understand the two parameter sets that the Add-AzureProvisioningConfig cmdlet supports for Windows. Notes The -Windows parameter allows only the password of the VM to be set when it is booted up The -WindowsDomain parameter allows you to specify all of the settings necessary to have the VM join the domain on boot. This scenario only works in a virtual network environment, in which the DNS specified knows how to have the VM find the domain controller The -DisableAutomaticUpdates parameter allows automatic updates to be disabled by default. Available to both parameter sets The -NoRDPEndpoint does not create the RDP endpoint upon VM creation. You can add the RDP endpoint later through Windows PowerShell or the Portal The -TimeZone parameter allows you to specify the time zone that the VM will follow after it is provisioned The -Certificates parameter allows you to automatically install certificates on the VM after it is provisioned Classic Note: The certificates must already be installed in the cloud service. You can find an example at http://michaelwasham.com/2012/08/23/deploying-certificates-with-windows-azure-virtual-machines-and-powershell/

Setting a Static Internal IP New-AzureVMConfig Options New-AzureVMConfig -Name “myNewVM” -InstanceSize "Small" -ImageName $imageName | Add-AzureProvisioningConfig -Windows -AdminUsername $user -Password $pwd | Set-AzureSubnet -SubnetNames "AppSubnet" | Set-AzureStaticVNetIP -IPAddress "10.0.0.15" | New-AzureVM -ServiceName "vnetsvc" Slide Objectives Understand how to set a machine up so that it has a static IP address Notes In this scenario, the Cloud Service already exists (vnetsvc) in a virtual network The Virtual network has a subnet named ‘AppSubnet’ Subnet address range must be within the –IPAddress range If a machine in the subnet already has this address, you will receive an error when you run Set- AzureStaticVNetIP If all machines in the subnet are shut down and you restart this VM first, it will go grab the static IP address listed above Cloud Service already exists (vnetsvc) in a virtual network Virtual network has a subdomain named ‘AppSubnet’ Subnet address range must be within the –IPAddress range If a machine in the subnet already has this address, you will receive an error when you run Set-AzureStaticVNetIP If all machines in the subnet are shut down and you restart this VM first, it will go grab the static IP address listed above Classic Note: The certificates must already be installed in the cloud service. You can find an example at http://michaelwasham.com/2012/08/23/deploying-certificates-with-windows-azure-virtual-machines-and-powershell/

Setting an Instance Level Public IP Address for a VM New-AzureVMConfig Options New-AzureVMConfig -Name "WebAppVM" -InstanceSize Small -ImageName $imageName | Add-AzureProvisioningConfig -Windows -AdminUsername $username -Password $password | Set-PublicIP -PublicIPName "ftpip“ | New-AzureVM -ServiceName “MyWebAppService" -ReservedIPName "MyWebSiteIP" -Location “East US“ Get information about VM Get-AzureRole -ServiceName FTPInAzure -Slot Production -InstanceDetails https://azure.microsoft.com/en-in/documentation/articles/virtual-networks-instance-level- public-ip/ Pricing http://azure.microsoft.com/en-us/pricing/details/ip-addresses/ Slide Objectives Understand how to reserve an instance level IP address per VM Notes Instance level IP address is public and is PER VM Does not replace the VIP of the Cloud Service that contains the VM For preview release, only 2 VMs allowed Instance level IP address is public and is PER VM Does not replace the VIP of the Cloud Service that contains the VM 5 instance level IP addresses allowed, per subscription Classic Note: The certificates must already be installed in the cloud service. You can find an example at http://michaelwasham.com/2012/08/23/deploying-certificates-with-windows-azure-virtual-machines-and-powershell/

Setting a Reserved Public IP Address New-AzureReservedIP Options New-AzureReservedIP – ReservedIPName “MyWebsiteIP” –Label “WebsiteIP” –Location “East US” New-AzureVMConfig Options New-AzureVMConfig -Name "WebAppVM" -InstanceSize Small -ImageName $imageName | Add-AzureProvisioningConfig -Windows -AdminUsername $username -Password $password | New-AzureVM -ServiceName “MyWebAppService" -ReservedIPName "MyWebSiteIP" -Location “East US“ Get-AzureReservedIP Get-AzureReservedIP – ReservedIPName “MyWebsiteIP” http://azure.microsoft.com/blog/2014/05/14/reserved-ip-addresses/ Slide Objectives Understand how to reserve a public IP address Notes In this scenario, the Cloud Service already exists (vnetsvc) in a virtual network The Virtual network has a subnet named ‘AppSubnet’ Subnet address range must be within the –IPAddress range If a machine in the subnet already has this address, you will receive an error when you run Set- AzureStaticVNetIP If all machines in the subnet are shut down and you restart this VM first, it will go grab the static IP address listed above Note that the –ReservedIPName does not refer to an IP address The Cloud Service with VMs can not already exist, they need to be created new via PowerShell To retrieve the reserved address information for confirmation of the IP address, use Get-AzureReservedIP Classic Note: The certificates must already be installed in the cloud service. You can find an example at http://michaelwasham.com/2012/08/23/deploying-certificates-with-windows-azure-virtual-machines-and-powershell/

Configuring Azure Load Balancing (ILB) Add-AzureInternalLoadBalancer Options Add-AzureInternalLoadBalancer -ServiceName $svc -InternalLoadBalancerName $ilb –SubnetName $subnet –StaticVNetIPAddress $IP Add-AzureEndpoint Options Get-AzureVM –ServiceName $svc –Name $vmname | Add-AzureEndpoint -Name $epname -Protocol $prot -LocalPort $locport -PublicPort $pubport –DefaultProbe -InternalLoadBalancerName $ilb -LBSetName $exILBSet | Update-AzureVM Get-AzureService Get-AzureService -ServiceName $svc | Get-AzureInternalLoadBalancer http://azure.microsoft.com/blog/2014/05/14/reserved-ip-addresses/ Slide Objectives Understand how to reserve a public IP address Notes In this scenario, the Cloud Service already exists (vnetsvc) in a virtual network The Virtual network has a subnet named ‘AppSubnet’ Subnet address range must be within the –IPAddress range If a machine in the subnet already has this address, you will receive an error when you run Set- AzureStaticVNetIP If all machines in the subnet are shut down and you restart this VM first, it will go grab the static IP address listed above The virtual network that contains the Cloud Service and VM must be a regional level network A Static internal IP address can also be requested (optional) Default, None or Custom load balance probes can be specified Get-AzureService confirms the load balanced IP address to use for incoming traffic Classic Note: The certificates must already be installed in the cloud service. You can find an example at http://michaelwasham.com/2012/08/23/deploying-certificates-with-windows-azure-virtual-machines-and-powershell/

User Defined Routes New-AzureRouteTable Options New-AzureRouteTable –Name FrontEndSubnetRouteTable –Location ‘West US’ –Label “Route table for front end subnet” Add a Route to a route table Get-AzureRouteTable FrontEndSubnetRouteTable | Set-AzureRoute –RouteName FirewallRoute –AddressPrefix 10.2.0.0/16 –NextHopType VirtualAppliance –NetHopIpAddress 10.1.1.10 View Applied Routes Get-AzureVM –Name FWAppliance1 –ServiceName ProductionVMs | Get-AzureEffectiveRouteTable https://azure.microsoft.com/en-in/documentation/articles/virtual-networks-udr-overview/ Classic

RDP Changes Updating RDP Username/Password Fixing RDP Issues Classic Get-AzureVM –ServiceName $cloudSvcName –Name $vmName | Set-AzureVMAccessExtension –UserName $adminUsername –Password $adminPassword | Update-AzureVM Fixing RDP Issues Get-AzureVM –ServiceName $cloudSvcName –Name $vmName | Set-AzureVMAccessExtension | Update-AzureVM Classic

Linux Provisioning Options Add-AzureProvisioningConfig Options Linux -LinuxUser $user -Password $pwd -DisableSSH , -NoSSHEndpoint -SSHKeyPairs, -SSHPublicKeys installed from certificates deployed in cloud service Slide Objectives Understand the parameter set that the Add-AzureProvisioningConfig cmdlet supports for Linux. Notes The Linux parameter set: Requires that you specify the user name Allows you to disable SSH on the Linux VM or not add the SSH endpoint. Allows you to deploy SSH certificates as long as they are already in the cloud service Classic

Deploying into a Virtual Network Virtual Machine Settings Set Subnet on VM with Set-AzureSubnet Deployment Settings Set Virtual Network -VNetName Set DNS Servers - New-AzureDns and -DNSSettings Slide Objective Understand the settings that are involved in deploying to a Virtual Network. Notes When configuring the VM, you must specify the subnet using the Set-AzureSubnet cmdlet. You can only specify the virtual network and DNS settings for a cloud service during the creation of the first VM. If you add a second VM to the cloud service, it will inherit the networking settings. Classic

Provisioning into a Virtual Network and Active Directory $dom = 'contoso' $jdom = 'contoso.com' $onPremDNS = New-AzureDns -IPAddress '192.168.1.4' -Name 'OnPremDNS' $cloudDNS = New-AzureDns -IPAddress '10.1.1.4' -Name 'CloudDNS' $computerOU = $advmou = 'OU=AzureVMs,DC=contoso,DC=com‘ New-AzureVMConfig -Name 'myvm1' -InstanceSize 'Small' -ImageName $img | Add-AzureProvisioningConfig -WindowsDomain –AdminUserName $adminName -Password $pwd -Domain $dom ` -DomainUserName $domUser -DomainPassword $dpwd -JoinDomain $jdom ` -MachineObjectOU 'AzureVMs' | Set-AzureSubnet -SubnetNames 'AppSubnet' | New-AzureVM –ServiceName $svc -AffinityGroup 'adag' ` -VNetName 'ADVNet' -DnsSettings $onPremDNS, $cloudDNS Slide Objectives In this example we are specifying two AD/DNS servers: One that exists in our on-premises environment A DC that exists in the cloud Notes You can pass the DNS names when calling New-AzureVM. You also need the virtual network that establishes the hybrid connectivity. Classic

VM Storage Data Disks Modify Cache Settings of OS Disk or Data Disk Add/Remove data disks at boot or while running Create a blank data disk or attach an existing disk Modify Cache Settings of OS Disk or Data Disk Modifying OS Disk while running requires reboot Slide Objectives Explain storage options. Classic

Data Disk Creation Creating a new VM with a Data Disk Add a new Data Disk to an existing VM New-AzureVMConfig -Name 'myvm1' -InstanceSize 'Small' -ImageName $img | Add-AzureProvisioningConfig -Windows -AdminUserName $adminName -Password $pwd | Add-AzureDataDisk -CreateNew -DiskSizeInGB 10 -DiskLabel 'myddisk' -LUN 0 | New-AzureVM -ServiceName $cloudSvcName Get-AzureVM -ServiceName 'myvm1' | Add-AzureDataDisk -CreateNew -DiskSizeInGB 10 -DiskLabel 'myddisk' -LUN 1 | Update-AzureVM Slide Objectives Show examples of storage configuration. Notes The first example creates a new VM with a 10GB disk attached. The second example gets an existing VM, adds a 10GB disk to it, and updates it live. [EDITOR] TWB_Trevor: Should “adds” here be changed to “attaches”? Classic

Modifying Cache Settings Set host caching on an OS Disk during provisioning Set host caching on an existing Data Disk in a running VM (if no service exists) New-AzureService –ServiceName $svc –Location $location $myVM = New-AzureVMConfig -Name 'myvm1' -InstanceSize 'Small' -ImageName $img | Add-AzureProvisioningConfig -Windows -AdminUserName $adminName -Password $pwd Set-AzureOSDisk -HostCaching 'ReadOnly‘ –VM $myVM New-AzureVM -ServiceName $cloudSvcName –VMs $myVM Get-AzureVM -ServiceName $cloudSvcName -Name 'myvm1' | Set-AzureDataDisk -HostCaching 'ReadWrite' -LUN 0 | Update-AzureVM Slide Objectives Explain disk caching defaults and how to modify them. Notes By default: OS disks have read/write caching enabled Data disks have no caching You can use Set-AzureOSDisk or Set-AzureDataDisk to modify these settings at runtime. Set- AzureOSDisk requires a reboot. Classic

Configuring Endpoints Add endpoints at creation Modify endpoints at runtime New-AzureVMConfig -Name 'myvm1' -InstanceSize 'Small' -ImageName $img | Add-AzureProvisioningConfig -Windows -AdminUserName $adminName -Password $pwd | Add-AzureEndpoint -LocalPort 80 -PublicPort 80 -Name http -Protocol tcp | Add-AzureEndpoint -LocalPort 443 -PublicPort 443 -Name https -Protocol tcp | New-AzureVM -ServiceDescription $cloudSvcName Get-AzureVM -ServiceName $cloudSvcName -Name 'myvm1‘ | Add-AzureEndpoint -LocalPort 53 -PublicPort 53 -Name dns -Protocol udp | Remove-AzureEndpoint -Name https | Update-AzureVM -ServiceDescription $cloudSvcName Slide Objectives Demonstrate how to configure network endpoints on a VM. Classic

Disk and Image Repository OS Images Get-AzureVMImage # Return all Get-AzureVMImage | Where { $_.Category -eq 'Microsoft' } # Return Microsoft Get-AzureVMImage | Where { $_.Category -eq 'User' } # Return Custom Get-AzureVMImage | Where { $_.Category -eq 'Partner' } # Return Partner Images Get-AzureVMImage | Where { $_.OS -eq 'Windows' } # Return only Windows OS images Remove-AzureVMImage -ImageName 'myimg' -DeleteVHD # Delete image and storage Add-AzureVMImage -OS 'Windows' -ImageName 'MyWinImage' -MediaLocation 'http://storageaccount/vhds/winimage.vhd' # Add Existing VM Image from Storage Disks Get-AzureDisk # Return all Get-AzureDisk | Where { $_.AttachedTo -eq $null } # Return all not attached to a VM Get-AzureDisk | Where { $_.OS -eq $null } # Return only data disks Get-AzureDisk | Where { $_.OS -eq 'Windows' } # Return only Windows OS disks Remove-AzureDisk -DiskName 'mydisk' -DeleteVHD # Delete disk and storage Add-AzureDisk -OS 'Windows' -DiskName 'MyWinDisk' -MediaLocation 'http://storageaccount/vhds/winosdisk.vhd‘ # Add Existing OS Disk from Storage Add-AzureDisk -DiskName 'MyDataDisk' -MediaLocation 'http://storageaccount/vhds/datadisk.vhd‘ # Add Existing Data Disk from Storage Microsoft, Partner and User OS Disks or Data Disks Slide Objectives Discuss examples of how to filter output from the disk and image repository. Classic

Virtual Network Operations View and set virtual network configuration Start and stop virtual network gateway View virtual network status Get-AzureVNetConfig | Select -Expand XMLConfiguration Set-AzureVNetConfig -ConfigurationPath 'c:\Network\MyNetCFG.xml' Set-AzureVNetGateway -Disconnect -VNetName 'MyVNet' -LocalNetworkSiteName 'MySite' Set-AzureVNetGateway -Connect -VNetName 'MyVNet' Slide Objectives Explain the operations allowed from Windows PowerShell for updating and modifying virtual network settings. Get-AzureVNetConnection -VNetName 'MyVNet' Classic