Virtual Machine Scale Sets
- Create thousands of identical virtual machines in minutes
- Quickly scale your big compute and big data applications
- Rely on integrated load balancing and autoscaling
- Attach additional data disks as per your application requirement
- Deploy virtual machines and updates at scale
- Support Linux or Windows images and extensions
- Run Cassandra, Cloudera, Hadoop, MongoDB, and Mesos
- Deploy across availability zones to protect against datacenter failures
Virtual Machine Scale Sets allow you to deploy and manage sets of identical auto scaling virtual machines. You are able to auto scale the virtual machines manually or by using certain metrics as in CPU usage,memory usage or network traffic.
When creating virtual machine scale sets via the Azure Portal a load balancer is created in order to spread inbound requests across the available virtual machines. This in turn allows you to distribute your application across multiple instances for high redundancy.
On creation you are able to add operating system disk images and virtual machine sizes:
Virtual machines scale sets provide the following features:
- Easy to create and manage multiple VM's
- Provides high availability and application resiliency
- Allows your application to automatically scale as resource demand changes
- Works at large scale
Further detailed information on Microsoft Azure documentation:
Detailed technical guide on creating virtual machine scale sets via the Azure Portal:
Virtual Machine Scale Sets:
Architecting Azure Solutions 70-535
The 70-535 replaces the older 70-534 exam and is an elective to the MCSE Cloud Platform and Infrastructure certification track. Along with another one of the 532, 533, 473 or 475 exams this will also earn you the MCSA Cloud Platform certification.
First things first if you have not had any recent Microsoft Cloud exam exposure you are in for quite a difficult journey as these new certifications are very tough and require a lot of dedication. These exams are difficult and require extensive in-depth Azure experience.
With regards to the 70-535, the course content was revised after the 70-534 exam was retired at the end of 2017. Anyone studying on that path needs to check the new official exam guide to verify the latest material. There have been a lot of additions as per the latest product implementations in Azure. I will link the exam guide article at the bottom of this post.
The following course content is currently covered on the 70-535:
Each of these sections are very in depth and go into a lot of detail. Please note that you will require extensive experience in all of these areas before attempting the exam. The best way to do this is by gaining Access to Azure and labbing out all of the work. Practical experience, deep understanding and real world experience is vital for this exam. Azure does offer a free account with $200 credit as well as student access options to get this practical knowledge.
To sum up all resources that I used while training and studying for this exam, I have put together some links below to all free training documentation, free training videos as well as useful links that can be used. Honestly using all of the resources below, getting free Azure access and reading the relevant documentation will assist hugely with this exam.
This link is a great place to start and a great resource that puts all of the course content into a well structured flow of resources based on course content and I highly recommend this:
Please find further invaluable links to free training resources and videos:
This is really a challenging exam and please take your time in preparation. There are also some articles on this blog with some resources related to this exam so they would be worth a read even if it's just an overview of some of the content. And yes I did thankfully pass! :)
Globally distributed Azure #CosmosDB
The application solutions best suited for Cosmos DB are: web, mobile, gaming and IoT that needs to handle a massive amount of data, reads and writes at a global scale with near-real response times. These applications will benefit from guaranteed high availability, high throughput, low latency and tunable consistency. Cosmos DB is a NoSQL database.
Azure Cosmos DB has various API's for accessing and querying data: SQL API, Mongodb API, Cassandra API, Graph (Gremlin) API, Table API.The data model Cosmos DB is built on is: atom-record sequence (ARS) which supports multiple data models including document graph, key-value table and column-family data models.
A great preview feature of Cosmos DB is that you can try it for free for up to 7 days without having an Azure subscription or any credit card details which is a nice touch. This is great for creating and testing between the following API and data models: SQL, MongoDB, Table and Graph. https://azure.microsoft.com/en-gb/try/cosmosdb/
If you already have an Azure subscription, Azure Cosmos DB can be launched easily from the Azure portal and to create a DB is literally a one click solution, there is no infrastructure configurations required at all, you only need to select which API you require & create:
Further detailed information and resources:
Azure Application Gateway Introduction
The Azure Application Gateway also provides the following features: http load balancing, cookie based session affinity, SSL offload, end to end SSL, URL based content routing, multi-site routing, websocket support, health monitoring, SSL policy and ciphers, request redirect, multi-tenant back-end support and advanced diagnostics.
As mentioned above, the Azure Application Gateway is used for layer 7 load balancing. Using Traffic Manager to distribute the traffic to various application gateway services which in turn provide layer 7 load balancing. There are three different types of load balancers in Azure: Azure Load Balancer - Layer 4 traffic distribution, Application Gateway - Layer 7 load balancing and Traffic Manger which uses DNS to direct traffic distribution to endpoints based on an end user location. Traffic Manager can be used in conjunction with Application Gateway:
Further detailed information can be viewed at: https://docs.microsoft.com/en-gb/azure/application-gateway/application-gateway-introduction
Azure Security Center Playbooks Introduction
Azure Security Centre is a great tool in order to manage your hybrid cloud security health. As I have previously written its a tool that can be used to monitor both Azure infrastructure as well as on-premises machines with a central monitoring dashboard. Please feel read to read the other blog post in the Azure Security Centre series. http://www.ruckcloud.ml/2018/02/using-azure-security-center-for.html
Today I will be writing about a specific feature of the Azure Security Centre called Security Playbooks. Security Playbooks are alert triggered procedures that run within Azure Security Center. When a specific alert is is triggered a playbook will run that will automate a response to that specific alert. This can help orchestrate as well as speed up security alert management.
Security Playbooks are based on Azure Logic Apps. What this gives us is the ability to use security templates based in Azure Logic Apps which you can edit or create and then trigger these with Security Centre.
What are Azure Logic apps?
Azure Logic Apps help to simplify and implement scale-able integrations and workflows in the cloud. Please see further info at the end of this post.
Creating a Security Playbook
Please see the below steps in order to create a Security Playbook in the Azure portal:
1. Select Security Centre - Playbooks (preview) - Add Playbook
4. Click on the newly created logic app which will launch the logic app designer:
5. Click blank logic app:
7. Add an action to run and click save:
8. After this has been completed, the playbook can be run from Security Center "Playbooks"
Please read further on Azure Logic Apps: https://docs.microsoft.com/en-gb/rest/api/logic/
Using Azure Security Center for monitoring
You are able to apply policies and also locate and fix vulnerabilities before they can be exploited. What is also great is that you are able to leverage advanced analytics to detect and mitigate attacks on your infrastructure using the Advanced Threat Protection module.
In this article I will go about explaining the basics of this service, from locating where to find it to some basic overviews of the monitoring dashboard and some of the remediation features. As with all my articles they can be read by the first time Azure user all the way up to a seasoned pro who may be interested in learning about a new product.
The Azure Security Centre is simply launched from within the Azure portal:
Once you have opened the portal, it will display your monitoring dashboard with alerts:
This dashboard will contain your security related overview, prevention and detection. Please note that you will require an additional 60 day trial to view the Advanced Threat Detection. the Advanced Threat Detection is an advanced feature that can be used to automatically locate and resolve security issues based on the Azure Security Centre intelligence.
Recommendations
When monitoring the dashboard you can scroll through and check the recommendations that can be implemented to better secure your current workload, these are arranged into a high and medium severity. When opening these they will provide instructions on how to resolve and implement better security practises onto your cloud or on-premise workloads.
As per the the above recommendation I have located that I am not using a Network Security Group (NSG) on a specific virtual network. I can then click through the blades in order to find more information on this specific issue and resolve it directly from within the portal. As per the below I can directly enable the required NSG through the next portal steps:
Prevention
Under the prevention tab you will see additional alerts generated based on your infrastructure. These tabs will contain compute, networking, storage & data and applications.
In my example I have a few alerts across compute and networking. When clicking on the compute tab I am given the following recommendations with regards to my virtual machines:
From within this tab I can continue through to obtain further information as in this case I have not installed the endpoint protection on the virtual machine (this is used to scan for malware threats) as well as having missing disk encryption on the virtual machine disks. Within the following windows you will receive further information and directions for resolving these issues. This allows you to become proactive with regards to security issues.
Within networking, storage and data similar issues are reported with further information on the threats and directions on how to resolve them. This is incredibly useful and provides a great overview of your Azure infrastructure security and gives great direction on resolving any issues that may have been located.
One other point that I haven't mentioned is that you can also install the Azure Security Centre monitoring agent on on-premises machines which create a fully hybrid cloud security monitoring overview. Its also great as you can have all security information for cloud and on-premises in one place (dashboard) for monitoring and reporting. A Log Analytics work space is required to on-board non-Azure computers to Security Centre:
There are a lot more functions that can be enabled within Azure Security Centre and I have only touched on the basics in this article. Please feel free to look further into Advanced Threat Detection which contains great threat intelligence and security alerting functions.
Further information can be found here: https://azure.microsoft.com/en-gb/services/security-center/ and documentation here: https://azure.microsoft.com/en-us/documentation/services/security-center/
Using Azure Site Recovery with Managed Disks
Today I will be elaborating on that article slightly to explain a new feature that was announced last week around being able to protect Azure VM's using managed disks.
What are managed disks?
Managed disks are basically VM level disks that are managed and controlled by Azure. What this means is that when you are creating a new VM you are given an option of using an existing storage account and creating a normal disk in this location or the option of selecting a managed disk. A managed disk simplifies overall storage management and is also more reliable as its managed by Azure and will have better high availability during planned or unplanned maintenance. This can really help with making your life easier!
What is Azure Site Recovery?
As mentioned in the previous article Azure Site Recovery is used to be able to provide a business continuity disaster recovery (BC/DR) service for your IaaS VM's in Azure or on premises. ASR can also be used to migrate your on premises VM's into Azure. For further information on configuring this to protect an indivudual VM's please view the full article here: http://www.ruckcloud.ml/2018/02/using-azure-site-recovery-to-replicate.html
The new feature announced is implemented within the disaster recovery (preview) section and relates to your selections for setting up protection. You now have the option to select managed disks for replication. What this means is that you can select the manage disks that you would like to migrate to the secondary region, thus creating a fail-over copy. This also means that you will not need to select a storage account to migrate unless you still have VM's that may be located in them. Below is an image from Microsoft depicting this:
As you can see from this image, you now have the following options:
Source Managed Disk - Your original primary location VM managed disk
Replica Managed Disk - Your new replica managed disk location for protection
Replica Managed Disk Type - The type of managed disk that was initially selected
So in order to sum up this service, the advantage that this gives us is that any VM's with managed disks can easily be replicated to a secondary region through the Azure Site Recovery (preview) service without the need of managing multiple storage accounts within the target location in order to manage all of your replicated virtual machines.
Please read the official Microsoft blog post on the subject for further detailed information:
Using Azure Site Recovery to replicate a VM
Today I will be writing about Microsoft Azure's Azure Site Recovery (ASR) service. This is really an incredible service that makes running your own DR replicated "secondary site" easy and cost effective.
The Microsoft Azure ASR service is a cloud based business continuity and disaster recovery (BC/DR) service. It can be used for a whole bunch of different scenarios, as in copying on premises virtual machines (VM's) into Azure within a hybrid cloud model which can then be used in a full scale DR replication situation, permanently migrating on premises Hyper-V and VMware VM's into Azure and also for protecting current Azure VM's by replicating them to other regions. These options could also be used together depending on your architecture and individual requirements. Please view the official Microsoft Documentation for in depth required information.
In today's blog post I will be writing about the option of simply protecting your current VM's running in Azure as this is a good way to initially start using and learning the service. Please note that there are also various options for setting this up for a large number of VM's, but the below guide is just for a single VM running within Azure. For any further information the Azure documentation linked at the bottom of this article a great place to start!
As of writing this feature is still listed as under preview within the Azure portal.
1. Login in to the Azure portal:
2. Select an existing VM and then click on the "Disaster recovery (preview)" tab:
3. Next you will need to specify the region that you would like to replicate to, as well as some further information, as in your existing resource group, availability sets and virtual network. Some of these settings will auto populate depending on the location of the current region of the selected VM, as in this case "West Europe":
4. The next information required is related to storage, you will need to check or adjust the initial storage location (if not managed disks which aren't being referenced in this article - this particular VM is using an existing storage location), as well as setup a new or existing recovery services vault which will be used for the replication. A recovery services vault is a storage "backup" location in which your VM will be copied and stored. You can also select a new or existing resource group as well as replication policy. If you leave these as defaults new resources will be automatically created for you:
5. Once you have completed the above steps you will see a graphic displaying the available replication regions:
6. if all looks good click "Enable replication" and that's it, replication will begin! :)
Once completed you can check the replication status within the same "Disaster Recovery (preview tab)" above.
You are also able to delete the replication and adjust other settings if required.
Source: https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-quickstart
Configuring backups on VM creation in Azure
In this blog post I will be detailing how to enable virtual machine (VM) level backups during VM creation in Azure. This is a great function as it enables you to automatically create backups of your VM's directly within the Azure portal while creating a new VM.
You can also use the same basic steps below in order to create backups on your existing VM's by selecting the VM and Backup tab on your existing VM's within the Azure portal.
1. Log into the Azure portal and select New - Windows Server 2016 VM (or any other version that you are requiring). Select your relevant basic settings and continue:
2. Select the size of the VM that you would like to create and continue:
3. Under the backup tab, select "Enabled". You can now specify your new or existing "recovery services" or backup vault. This will be a storage location for your VM level backups. You will also be able to select an existing or new resource group:
4. The next step is to configure the backup policy itself, this can be done by selecting "Backup policy" and creating your policy based on your individual or compliance needs.
5. After this has been done you can complete the new VM wizard and your new VM will be provisioned in Azure. Your VM backups will automatically start running based on your policy.
Please note: The steps 3 & 4 can also be completed on an existing VM in order to create an automatic backup procedure. A recovery services vault will also be required for storage.
Once you have completed these steps your backups will be handled by Azure and recovery points will become available under the backup and restore tab of the individual VM's. You can use this to perform point in time restores of your VM's in any backup restore scenarios.
I hope that you have found this article interesting and can enable this on your next VM build!
Source: Please read the official Microsoft documentation for further information:
Why using availability sets is critical in Azure
Yesterday we learnt that using availability sets are more than just a recommended best practise in Microsoft Azure. As Microsoft had scheduled maintenance updates for the Spectre/Meltdown vulnerability for January 10th these were suddenly scrambled into action due to the public announcement of the issue, and updates automatically completed from January 3rd into January 4th without any advance warning.
These updates were obviously critically required and absolutely the right decision from Microsoft but it did also create issues for customers that had production servers rebooted during business hours. Of course these issues did not impact customers that were already utilising availability sets within their infrastructure for high availability.
Availability sets consist of update domains that two or more virtual machines (VM's) are connected to when originally provisioned. These update domains are updated and rebooted at different times thus preventing downtime across VM's that have been provisioned in them creating a high availability redundancy across your applications.
This is useful in the three scenarios - unplanned hardware maintenance events, an unexpected downtime or a planned maintenance event. Each VM in an availability set is placed in an update domain (UD) and a fault domain (FD). A fault domain is used for shared power and network at the rack level. Please read about this more in further detail in the official documentation linked at the bottom of this article.
Microsoft also recommends utilising managed disks when provisioning new VM's in availability sets (or in general) as this creates better availability of disks by isolating them using different storage clusters, as well as creating less overhead management of storage accounts associated to various VM's that you are provisioning.
It is also a good idea to add VM's of different application tiers into their own availability sets as this creates better redundancy for your applications. For example you can place front end web servers in one availability set and back end database servers into a separate availability set. This creates a situation that you will have one server from each tier online at the same time preventing downtime to your application.
To sum it up availability sets need to be thought about and addressed in planning of your architecture and should really be implemented for any business critical VM's or applications in order to prevent any downtime as some experienced yesterday.
Subscribe to:
Posts (Atom)
