Azure and Azurestack alternative RDP port for VM

I have been exploring a bit with both Azure and Azurestack and when you onboard your VMยดs to Log Analytics and the security center you soon get noticed about 100s of drilions attempts to log on to your mashine if you have made it available through RDP. Although there now is a way to take care of this in a better way using the Security Center JIT Access giving a timespan for opening the port and also limiting to certain IP/networks! Some times an JIT access is not what you can live with but an alternative port could be utilized then the following can be applied.

A recent update to the Azure portal have now surfaced where you get the option to dowload the RDP file with an alternative port instead of the standard 3389, that does not

  1. set the NSG to allow for the new port
  2. set the VMยดs internal RDP service to respond to it

So to get the possibility to connect to the virtual machine we need to update the NSG and also reconfigure the virtual machine to actually listen on the new rdp port

First I add a row on the NSG

and then i utilize the custom script extension and change the listener on the virtual machine for RDP

Azurestack:

If I am utilizing an AzureStack all above can be achieved but in the portal the connect button will be greyed out so you can still connect to it but you need to manually enter the public IP and custom port:

 


Speaking at the Microsoft Tech Summit Stockholm 17-18 April

If you are working with Azure and want to learn more there is an opportunity to go to a conference in April that is free of charge and in the center of Stockholm!

I will do a session there in the MVP theater:

Making real world Infrastructure as code in Azure, or how to make an MSP-dinosaur survive in the cloud

It’s incredibly fast change in today’s IT delivery, and for a service provider, it’s about embracing the new or risking the latest T-Rex. In this session we review how to automate and create standardized solutions in Azure where management and monitoring are included as a service. Interaction with customers through Microsoft Teams and Bots that speeds up change cases and provides quick feedback! 24/7 you can know status and costs as well as order new services that automatically end up under NOC when it reaches production status.

I hope I will see you there!

Speaking at Microsoft Ignite

I have got the opportunity to speak at Ignite again, this will be my third year I will do a session on this gigantic conference!

I have a Community Theater Session where I would love to have you as a guest if you will also be there and have some time for this topic!

“Using a PowerShell release pipeline for a real-world service provider delivery in Microsoft Azure”

Delivering managed services for a service provider can be cumbersome and often the quality and reliability is not first priority. Utilizing PowerShell and Desired State Configuration makes it repetitive, versionable, and testable! In this real-world case we have implemented a release pipeline to make sure that PowerShell scripts, modules, and dsc configurations are tested before put into production use in Azure Automation.

here you can find it in the session catalog

It is scheduled on Tuesday 4:05-4:25

Windows Server 2016 “Core” in Azure with a [small disk]

As it is known we should use Windows Server 2016 foremost and as often as it is possible and try to not use with a “Desktop Experience”ย unless it is really necessary! Of course it makes total sense if you are deploying a RDS solution but if you deploy a AD DC and file servers then naaaee….

In Azure it is not just called Windows Server 2016 and searching in the marketplace you can see that there the name core is the denominator

And it kind of make sense that the Server without GUI can and should use the Small disk option that is to be used with the new managed disks so you have to dig a bit deeper and search for small and then you find those:

Deploying with CLI or powershell with a template need the right SKU to get the core :

Unfortunately Azure have the core as a name but should instead use the “Desktop Experience” on the other one instead so it was consistent with the install of regular OS deployments in a datacenters..

And the system drive is 30 GB large

happy deploying!

 


Preview of Azure Site Recovery in the new Azure Portal

Finally the Azure Site Recovery service can be reached from the new Azure Portal and the ARM way of doing things! It has been possible to use ASR with PowerShell and the new ARM way for some months but only for a subset of the site recovery services (VMM/Hyper-V).

Screen Shot 2016-04-05 at 14.33.31

Not a day to soon! I have a customer that we have engaged in the CSP program and as that is based on the new, the old ASR was not possible to use with that subscription and use another subscription just for ASR sucks..

As you can see on the following screendump I go into the “Getting Started” to select scenario and then follow the guide to complete and in the case with physical and VMware I need to install a process/configuration server on-premise.

Screen Shot 2016-04-05 at 14.39.29

Once installed on a Windows 2012 R2 server I connect it to the ASR with the registration file,

Screen Shot 2016-04-04 at 14.00.08

One thing to think about using this service is that the process server will if you do not go in and configure the bandwidth settings eat all available internet capacity as my customer so nicely explained…

Configure this to something that works for both you and the company, and with the enhanced ASR where you do not need additional servers in Azure you find this setting in the backup properties.

Screen Shot 2016-04-04 at 23.00.05

It is quite easy to start and protecting your workloads and remember that the first 30 days are free ๐Ÿ™‚

 

Finally the AzureStack TP1 bits have arrived!

Yesterday the AzureStack TP1 PoC files was released and now you can play around and create your own Azure. Now I just need a decent hardware to run this!

If you have some issues with the requirements my friend Daniel have made a blog about how you can try to install it with less memory!

Shown below is the diagram of the PoC setup and here you can see all the different roles included for your Azure on premises ๐Ÿ™‚

image1

On this pageย you can read more about it and learn how to deploy it to your environment!

Managing Azure workloads with Chef and PowerShell DSC at TechDays

pic-devops-kungfu

Last week at TechDays me self and Fredrik Nilsson had a session about managing your workloads in Azure with Chef and PowerShell DSC. Despite the fact that we had the same timeslot as Arwidmark, Nystrom and Ben Armstrong our room was quite full of kung fu interested geeks ๐Ÿ˜‰

Here is the presentation so you can find the links and info:

Screen Shot 2015-10-26 at 10.34.23

TechDaysChefAzure

For you guys that did not have the opportunity to be there, a recording will be available although it is in Swedish…

New Azure Backup Server (Disk to Disk to Cloud)

As you might have noticed a “new” backup solution has arrived and that for the Azure Backup, if you check your backup vault in the azure portal you can see that the new option for “Application Workloads” have appeared.

Screen Shot 2015-10-06 at 15.48.36

Downloading and installing it shows that it has traces of the DPM server:

Screen Shot 2015-10-06 at 14.43.46

And it can be installed on a windows 2012 R2, although you need the .Net 3.5 for the SQL 2014 instance (I know it is crazy!). The SQL 2014 license is included in the setup but can only be used for the Azure Backup Server.

Screen Shot 2015-10-06 at 14.51.13

So with some PowerShell and an Internet connection I add the .Net 3.5 and can continue installing…

Screen Shot 2015-10-06 at 14.57.27

ย In the installation wizard you add your backup recovery vault from Azure and then when it is installed you will have to install agents on the instances you want to protect. You can install this server in a VM or on a physical box, you will need some storage attached to cope with the backups that will be stored locally before they are lifted to the cloud.

When it comes to licensing I have not found anything else than the documentation on Azure and that says the price for protected instance and that makes this really interesting if you do not have System Center and want to start utilizing a backup solution that can protect Hyper-V, Exchange, SQL etc this becomes a viable solution!

Screen Shot 2015-10-07 at 08.49.01

Also if you are looking at the Microsoft Operational Management Suite where backup is a part of, this new feature makes it even more compelling to start utilizing the suite when not already using System Center.

Customized Dashboards in Microsoft OMS with interesting info

I have been doing some digging in Microsoft Operations Management Suite and the Log analytics part and as you might know there is a “My Dashboards” view where you can save customized log searches as widgets.

Initially I have created two searches that is highly interesting to have for a better control of the environment. The first gives a threshold and highlights the value if there are more than 0 computers missing security updates. The second also have a threshold of 0 but this only for the latest 24 hours and shows how many accounts that have been added to the domain admins security group……

Screen Shot 2015-09-23 at 16.30.58

So here you can see the different log searches and how you can customize depending on how and what data you want to present and highlight.

If you did not know it there is a free tier with up to 500 MB logs/ day and 7 days retention for the Log Analytics so start using it today!