Azure PowerShell for documenting VNETs

During a recent conversation I had with one of my customers I was asked if there was a way to export VNet settings from their Azure US Government subscription.  Of course PowerShell provides us the answer, however, it is not a simple single command.  

There is one command which allows you to export out all subscription VNETs along with their subnets and gateway information to an XML file.  There is another set of commands that enables you to query and navigate XML data in PowerShell.  Finally there is a command for getting network security group (NSG) information that is assigned to a subnet.

By combining all of these commands together into a structured script you can get a very good picture of your VNET configurations across your subscription.   I have built a sample script which you can download from here.

The script is for demonstration purposes only and comes with no support.  Do not utilize the script for production purposes without fully reviewing and understanding the code.   The script only looks at NSGs which are associated to subnets.  Currently Azure US Government only supports the ASM deployment model.  This script was designed to only work with that model and therefore may not be useful to people running workloads in Azure commercial under ARM.

Using Azure AD Domain Services with Azure Government VMs

Azure Active Directory Domain Services lets you join Azure virtual machines to a domain without the need to deploy domain controllers. Users sign in to these virtual machines using their corporate Active Directory credentials and access resources seamlessly. To more securely administer domain-joined virtual machines, use Group Policy—an easy, familiar way to apply and enforce security baselines on all of your Azure virtual machines.

Before I go too far I want to be clear on this one point:  Azure AD Domain Services is  NOT available in Azure US Government today.   With that being said, it is possible to join Azure Virtual Machines in Azure Government to Azure Active Directory Domain Services hosted in Azure Commercial.    This means that customers who are already using Azure Active Directory as part of an Office 365 deployment can extend it to provide domain services to VMs in both Azure Commercial and Azure Government.

I am not going to go into all of the details to setup Azure Active Directory Domain Services (AAD DS) in Azure commercial.  There is great documentation available that already provides all of the information to get started.

Once you have AAD DS setup and associated with a virtual network (VNet) in Azure commercial you can extend it into Azure Government with a simple VNet to VNet connection.   Below are a few points to be aware of when setting this up:

  • AAD DS is only available in Azure commercial.  Today AAD DS is in a preview status which does not include a SLA.
  • VNets that are connected must have IP Address spaces that do not overlap.
  • You must add the AAD DS DNS IP addresses to all of the VNets, in both commercial and government, which will provide AAD DS features to virtual machines in the VNet.
  • I have not tested this with an ARM VNet in Azure commercial and an ASM (classic) VNet in Azure Government.  Based on this article it appears that establishing a VNet to VNet connection across the ARM and ASM should be possible.

To summarize, AAD DS enables organizations to quickly deploy domain joined virtual machines into Azure without having to deploy additional domain controllers in the cloud.   Currently AAD DS is in preview and does not have a SLA.   When architecting your solutions there may be situations where having full domain controllers in Azure will make more sense than using AAD DS.   Always ensure you are using an architecture that fits the solution instead of trying to fit a solution into a specific architecture.

 

 

StorSimple Virtual Array Failover Demo

In a previous post I  showed how you could create a Virtual StorSimple Array in Microsoft Azure Commercial which allows you to get started with hybrid storage.  Recently the Virtual StorSimple Array was made available in the Microsoft Azure US Government regions.   I thought that a great way to help people utilize StorSimple would be to show how simple it is to use the Virtual Array in a disaster recovery scenario.   In the video below I demonstrate how to prepare a secondary StorSimple Virtual Array and then perform a failover from the primary device to the backup device.

Azure Simple File Share

In my role at Microsoft I am working with State and Local Government customers.  My job is to help them understand and better utilize Microsoft Azure cloud services.  Recently I have had several conversations with my customers regarding a need to easily share files with the public.  These files might be government datasets, crime statics, or results of FOIA requests.  No matter what the content, the customers are concerned about the impact hosting such a solution internally would have on their infrastructure.  Sometimes these files are seldom downloaded, but other times a news story or other interest might cause massive downloads from locations all over the globe.

Sure there are lots of file sharing solutions out there.  OneDrive, Box, DropBox, just to name a few.   The problems with these solutions is that you have limited control over how the files are presented to the user and limited access to reporting.  Several of my customers have asked how Azure might help them with providing files at a large scale, enabling them to generate logging details, and to reduce risks of large download spikes.

Thinking over the requirements, I came up with several possible solutions.   The simplest involved setting up one or more virtual machines in Azure that would run IIS with directory browsing enabled.   This would work, but there is no branding options and the customer still has to manage and patch the virtual machines.

Another option  which is similar to the previous one is to utilize an Azure Web App with directory browsing enabled.  This would be just like the prior option with VMs  but the customer wouldn’t have to manage or patch the underlying system.  Unfortunately even with the largest Azure Web App size we are limited to 500GB of storage and the lack of branding is still an issue.

After looking at several other options I decided to create a quick simple .NET application that would utilize an Azure Web App along with an Azure Storage Account for public file sharing.   This would enable me to brand the site, store up to 500TB of data, and generate any necessary logging needed.   I call this demonstration solution Azure Simple File Share.

I have tested the application by loading just over 10,000 files into an Azure Storage account and I have been very impressed so far at the speed of rendering the file and folder structures.

If you would like to see the application in action, jump on over to: http://asfs.azurewebsites.net/

If you would like to learn more about how the application works or to grab a copy of the source code, head over to GitHub: https://github.com/mphacker/AzureSFS

If you build a production solution off of this, let me know!  I would love to see this in action in the real world.  If you make updates and would like to contribute code back, contact me using the comments section below.

Important note:  This application is not endorsed or supported by Microsoft.  No official support is provided by me or anyone else.  The application has not been code reviewed for security and/or nasty bugs.  If you choose to utilize this demonstration application or any of it’s source code, you are on your own.  Smile

Azure VidMan Source

A while back I made a post detailing a  demonstration web application I created for Azure Media Services called Azure VidMan.   At that time I released the source code via a zip file.  

Since then I have been working to fix some issues and move from an IaaS model to fully PaaS model.   Some of the updates include:

  • Added the ability for an administrator to start a live broadcast using the Azure Media Capture Windows Phone app.
  • Modifications so there isn’t a dependency on a full install of SQL Server.  This enables the application to run in a fully PaaS model.
  • Created an Azure PowerShell script to automatically deploy Azure VidMan in an Azure US Government subscription.
  • CSS updates to improve UI when on a mobile device.

Today I am glad to announce that I have moved the application to GitHub where you can download the latest code.

Future updates to the code will include adding additional PaaS features such as utilizing Azure Keyvault for holding the database connection string.  I will also be working on a more generic install script to work across all Azure regions.

Remember this is a demonstration application only and may contain bugs or security holes.  Do not use this in a production environment.

New Environments Added to Azure PowerShell

In the 1.1.0 version of the Azure PowerShell tools new environments have been added to make it easier for using Azure US Government, Azure China, or Azure Commercial environments.   Previously in order to use either Azure US Government or Azure China you had to manually set Azure environment variables in order for the standard Azure PowerShell cmdlets to work.  An example of this is shown in a prior blog post I wrote on how to connect PowerShell to Azure US Government.

Now the following Azure Environment definitions are available by default with Azure PowerShell:

  • AzureCloud:  Azure Commercial
  • AzureChinaCloud:   Azure China
  • AzureUSGovernment: Azure US Government

With the new Azure PowerShell tools you can easily switch between environments using the following cmdlet:  Set-AzureEnvironment

Now if we wish to connect to the Azure US Government cloud we would utilize the following cmdlet:

  1. Add-AzureAccount –Environment “AzureUSGovernment”

You can then select your Azure Subscription using Select-AzureSubscription and then begin exectuing other Azure PowerShell cmdlets.

With this new addition to the Azure PowerShell tools, connecting to and using Azure US Government or Azure China is a lot easier.

StorSimple On-Premises Virtual Array Preview

Getting started with hybrid storage is now a lot easier with the recent preview release of the StorSimple on-premises virtual array.  Now small or medium businesses have a very affordable option for meeting their on-premises storage needs. This new virtual appliance is also great for larger organizations that want to explore hybrid storage.

This virtual appliance can be run in any on-premises datacenter that has either Hyper-V or VMWare hosts available. A single on-premises StorSimple virtual array can manage up to 20TB of hybrid storage. There is a requirement that at least 10% of the overall storage is on-premises. The host must also provide 4 cores and 8GB of RAM to the virtual appliance.

Today I have posted a quick introduction video that shows how you could quickly get started with an on-premises StorSimple virtual array.

 

For more information on Azure preview services, including the StorSimple virtual array, visit the Microsft Azure services preview site.

Speaker & Video APIs from Microsoft Project Oxford

In a previous post I provided source code on how to utilize Microsoft Azure Media Services.  The code, although basic, provided a great introduction on how to build out a solution utilizing Azure Media Services in either the Microsoft Azure Commercial regions or the Microsoft Azure US Government regions.

Today, Microsoft has announced the availability of the Speaker & Video APIs from Microsoft Project Oxford.  The Video APIs makes it easy to analyze and automatically edit video using Microsoft video processing algorithms to detect and track faces in video, detect when motion has occurred in videos with stationary backgrounds, and smooths and stabilize videos.  With the new Speaker APIs you can use voice for another form of authention or for speaker identification.   By utilizing these new APIs you could extend your Azure Media Services solution to provide even more value with your existing  or new video assets.

Check out the announcement over on the Machine Learning Blog, or jump right over to Project Oxford and sign up to test out these features.

Technology Blog