Microsoft Azure – Data Import & Export Job ”; Previous Next This is very useful service for the clients in case a large amount of data cannot be accessed over the network from their storage account. Azure gives an option to its clients that they can put their data on a hard drive and ship them to Azure datacenters. That data is then uploaded to their storage account. Similarly, if data is needed to be downloaded by the client that is not viable to do over the network, they can ship an empty hard drive to the datacenter and Azure team will copy the data to that drive and ship it back to the client. In both cases, the data is encrypted. Data Export Job Let’s assume you have a large amount data in your Azure storage account and you want a copy of that data. Create an Export Job In this process, you will be given a shipping address, to where the empty hard drives needs to be shipped. Step 1 − Login to Azure management portal and select the ‘Storage’ from the left panel. Step 2 − Select the storage account. Step 3 − Click ‘Import/Export’ from the top menu. Step 4 − Create ‘Export Job’. The following screen will pop up. Step 5 − On clicking the next arrow, you will see the following screen, where you will have to provide your contact and shipping details. Step 6 − In the next screen, you will have to select the Blob Data you want to export. You can specify the path or choose to export all blob data from the storage account. Step 7 − Enter a name for job in lower case letters. Address you can see here is the address where the hard drives is to be shipped. This address is based on the location of my storage account. Step 8 − In the next step, you will have to provide the shipping details of the hard drive for delivery to datacenter and return to your location. Step 9 − Click next and you are done. Hard Drives to Be Shipped In order to determine how many hard drives you need for the Blob data, you will have to use Microsoft Azure Import/Export Tool. You will have to download and install this tool on your machine. Only 3.5 inch SATA hard drive I/II are up to 6TB supported. Ship the Hard Drives You need to ship the hard drives to the shipping address obtained while creating the export job. Then you need to come back to the management portal to enter the tracking number, in case you chose to provide the tracking number after shipping in the screen above. Decrypt the Data You will have to enter the decryption key before reading the data on hard drives. You can get the decryption key from your management portal by selecting the job name. Data Import Job If you want to store the large amount of data to your storage account, you can do so by saving it on the hard drive and shipping it to the datacenter. Prepare the Hard Drives You will have to use Microsoft Azure Import/Export Tool to prepare the hard drives. As mentioned in earlier section, the only 3.5 inches SATA hard drives are supported for this purpose. This process will create a drive journal file that you will need while creating the import job in management portal. The journal file will be saved on your computer. Create Import job Step 1 − Login into the management portal and go to the storage account. Step 2 − Select ‘import/export’ at the bottom of the screen. Step 3 − Select ‘Create Import Job’. Step 4 − Check the checkbox and click Next. Step 5 − In the next screen, provide the contact details of the return shipping address. Enter the details and click Next. Step 6 − Upload the Drive Journal File that was created while preparing the hard drive. Step 7 − Enter the name for import job. Step 8 − Enter the shipping details for the delivery of hard drives to the datacenter and return to your location. Ship the Hard Drives to the Datacenter Ship the hard drive to the address obtained while creating import job in the management portal. Enter the shipping tracking number for the job in the management portal in order to complete the job. Print Page Previous Next Advertisements ”;
Category: microsoft Azure
Microsoft Azure – Create a Group ”; Previous Next In this section, we are creating a group. The user who creates the group is the owner of the group and he can add or delete members in the group. Since we granted permissions to users to create their own group in the previous step, any user in this directory can create and manage a group. Step 1 − Go to the Access Panel by visiting myapps.microsoft.com Step 2 − Login to your azure Account. Step 3 − At the top, you will see ‘Groups’. Click on it to create a new group. Step 4 − Choose ‘My groups/All’ from the dropdown at the top. Step 5 − Click on ‘Create new Group’. Step 6 − The following screen will pop up. Enter the name and description of the group. Step 7 − You can let all users to join the group or choose them to ask for the group owner’s approval before joining the group. I have chosen the first option in which approval of the owner is required. This means users who want to join the group other than users added, will have to ask for approval. Step 8 − Choose the desired option and click ‘Create’. Step 9 − Come back to the ‘Groups’ page. To add members to the group, select the group. In this case, let’s select ‘Developers Group’. Step 10 − Click ‘Add Members’. Step 11 − The following pop-up will list all the users in the directory. You can add the members by clicking on their name. Step 12 − You can add/delete member, edit group’s description, and delete group on this page. Also you can make someone else the owner of this group. If someone wants to join the group, he will ask for the owner’s approval. The owner will get a notification and will see the request in ‘approvals’ tab of the access panel as shown in the image above. Also, if someone has requested to join a group that is owned by someone else, he will see his requests here. Print Page Previous Next Advertisements ”;
Microsoft Azure – Health Monitoring ”; Previous Next Continuous health monitoring is one of the features of Azure Site Recovery. You don’t have to subscribe to this feature exclusively. In the previous chapter, we saw how Azure Site Recovery can be configured for different scenarios. Once all the configurations are done, the Hyper-V recovery manager monitors the health of the protected resource instances continuously. It is done by Hyper-V recovery manager remotely from Azure. This procedure consists of collecting the metadata of virtual machines which is used for recovery. What is happening in Azure Site Recovery is, the metadata is continuously collected for recovery purpose. Every time when data is transferred as a function of continuous health monitoring, it is always encrypted, thus it is safe and secure. The data is replicated at the secondary site. The secondary site is made available in case of failover. In order to ensure that everything is working fine, test failover can be carried out. Planned and unplanned failovers are two circumstances in which the secondary site is to be made available. The planned failover is usually done for testing, maintenance, etc. while unplanned failover happens when a disaster occurs. No matter what kind of failover, the virtual machines on the primary site are continuously monitored and the metadata is collected. Thus, continuous health monitoring is a feature that keeps the data at the secondary site always available. In addition to the back-up and orchestrated recovery, Azure Site Recovery continuously monitors the health of all its resource instances. Print Page Previous Next Advertisements ”;
Microsoft Azure – Point-to-Site Connectivity ”; Previous Next In the last chapter, we saw how an endpoint can be created to access a virtual machine; this is quite a tedious task. If a virtual machine in virtual network needs to be connected with on-premise machine, the point-to-site connectivity is needed. Point-to-site connectivity makes it very productive to work with remote virtual machines. Basically, a machine on-premise is connected to virtual network using point-to-site connectivity. However, we can connect up to 128 on-premise machines to virtual network in Azure. The access to the virtual network in cloud is granted through a certificate. The certificate has to be installed on each local machine that needs to be connected to the virtual network. Enabling Point-to-Site Connectivity on Existing Virtual Network If you have already created a virtual network in Azure, you can access it in management portal. Step 1 − Log in to Azure management portal. Step 2 − Click on ‘Networks’ in the left panel and select the network you want to work with. Step 3 − Click on ‘Configure’ as shown in the following image. Step 4 − Check the ‘Configure Point-to-site connectivity’ checkbox. It will allow you to enter the starting IP and CIDR. Step 5 − Scroll down and click ‘add gateway subnet’. Step 6 − Enter the Gateway subnet and click ‘Save’. Message shown in the following screen will pop up. Step 7 − Click Yes and a point-to-site connectivity is done. You will need a certificate to access your virtual network. Create a New Virtual Network with Point-to-site Connectivity Step 1 − Click New → Network Services → Virtual Network → Custom Create. Step 2 − Enter Network’s name, select location and click on Next. Step 3 − On the next screen, Select ‘Configure a point-to-site VPN’ and click next. Step 4 − You can select or enter starting IP and select CIDR. Step 5 − Enter Subnet and click ‘Add Gateway Subnet’ as done earlier and enter the required information. Step 6 − Point-to-Site connectivity is done. Step 7 − Click on the name of the network, as it is ‘MyNet’ in the above image. Step 8 − Click on ‘Dashboard’ as shown in the following screen. You will see that the gateway is not created yet. For it to happen, you will have to generate a certificate first. Generate Certificates The point-to-site VPN supports only self-signed certificate. Create a Certificate Step 1 − Go to the link msdn.microsoft.com or google ‘windows SDK for 8.1’. Then go to msdn link or the version of Windows for which you want the tool. Step 2 − Download the encircled file as shown in the following image. It will be saved as .exe file named sdksetup on your machine. Step 3 − Run the file. While running the installation wizard, when you reach the following screen uncheck the encircled part. By default they are checked. Step 4 − After installation is complete, run Command Prompt as Administrator on your computer. Step 5 − Enter the following commands one by one for creating root certificate cd C:Program Files (x86)Windows Kits8.1binx64 makecert -sky exchange -r -n “CN=MyNet” -pe -a sha1 -len 2048 -ss My First command will change the directory in command prompt. In the above command change the highlighted part to the name of your network. Step 6 − Next enter the following command for creating client certificate. makecert -n “CN=MyNetClient” -pe -sky exchange -m 96 -ss My -in “MyNet” -is my -a sha1 Step 7 − Look for ‘mmc’ on your computer and run it. Step 8 − Click ‘File’ and ‘Add/Remove Snap-in’. Step 9 − In the screen that pops up, click ‘Certificate’ and then on ‘add’. Step 10 − Select ‘My User Account’ and click on ‘Finish’. Step 11 − Expand ‘Current User’ in the left panel, then ‘Personal’ and then ‘Certificates’. You can see the certificates here. Step 12 − Right click on certificate and click ‘All Tasks’ and then ‘Export’. Step 13 − Follow the wizard. You will have to name the certificate and select a location to save it. Upload the Certificate Step 1 − Login to Azure management portal. Step 2 − Go to the network and click ‘Certificate’ and then click ‘Upload Root Certificate’. Step 3 − Click browse and select the location of the certificate you just created. Download the Client VPN Package Client VPN Package will connect you to the network. Step 1 − Go to network’s dashboard in azure management portal. Step 2 − Scroll down and locate the following options at the right side of the screen. Step 3 − Select the suitable option and download it. You will see a similar file on your computer. Run and install it. Step 4 − When you’ll install it, Windows might try to prevent it. Choose ‘Run Anyway’ if this happens. Step 5 − Go to ‘Networks’ on your machine and you will see a VPN connection available as shown in the following image. Step 6 − Click on that network as in this example ‘MyNet’ and connect. You will be connected to the network. Print Page Previous Next Advertisements ”;
Microsoft Azure – Site-to-Site Connectivity ”; Previous Next Most organizations already have a network on their premises and would want to connect it to Windows Azure rather than putting everything on cloud. It is also called hybrid network connectivity. It is connecting virtual net in Azure to on-premises network. Setting up a site-to-site connectivity network is quite easy for someone who knows the basics of networking like IPs, subnetting and default gateways. The things that are required before configuring the network in this case are − A VPN device that can be configured. Externally facing IP address for that VPN device. Creating a Site-to-Site Connectivity Network Step 1 − Select New → Network Services → Virtual Network → Custom Create Step 2 − Enter the name of the network and select the region. Step 3 − Enter the DNS name for name resolution if you want, otherwise you can leave it empty if you want it to be automatically done by Azure. Step 4 − Check the ‘Configure site-to-site VPN’ option. Step 5 − Enter the details of your VPN device in the address space as shown in the following image. Step 6 − Enter the details of your virtual network in the address space. Step 7 − After entering the subnets, enter the gateway subnet for your virtual network. Step 8 − Click next and the network is created. Step 9 − Select the network and go to its ‘Dashboard’. You will have to create a gateway for it. Step 10 − Click ‘Create Gateway’ at the bottom of the screen. Once gateway is created ‘Gateway IP address’ is displayed on the following screen. You can configure the VPN device now using the information. Site-to-site connectivity is faster than the point-to-site connectivity. It makes transferring of data easier. You just need a shared key to access the network. Unlike point-to-site connectivity, you don’t have to install certificates on each machine you want to connect with the virtual machine. In fact, the same shared key works for each machine. Print Page Previous Next Advertisements ”;
Microsoft Azure – Security
Microsoft Azure – Security ”; Previous Next Security is about managing the access of users to the organization’s applications, platforms and portals. Active directory is used to manage the database of users in a protected manner. The same kind of service is provided by Windows Azure to keep the users and their password safe. Active directory is a feature that lets you create users, manage their roles, grant access and delete them. Creating an Active Directory Step 1 − Sign in to Azure Management Portal. Step 2 − Click ‘New’ and then click ‘App Services’. Step 3 − Click ‘Active Directory’ and then ‘Directory’. Step 4 − Click ‘Custom Create’. Step 5 − Enter the details and you are done. In the following image, ‘tutpoint’ is the domain name. Enter a domain name which is a temporary DNS. Once its directory is created, you can map it to your own domain. Mapping a Custom Domain Since you have provided a temporary domain name, when creating a directory in Windows Azure, you can map it to your own domain using this functionality. Step 1 − Click on the directory name in the list of your directory. Step 2 − Click on ‘Domains’ from the top menu items. Step 3 − Click ‘Add a Custom Domain’. Step 4 − In the screen that pops up, enter the details. You can choose for ‘single sign in option’ if needed. Creating Users Step 1 − Click on ‘Add User’ button at the bottom of the screen. Step 2 − The following screen pops up. You can create a new user or link an existing Microsoft account. You can even import a user from other directory in Azure. Let’s choose ‘Create a new user’ here. Step 3 − Enter the user name in the following screen. Step 4 − Enter other details and choose the role for the user. Step 5 − Click next arrow and it will create a user for your application and give you a temporary password which can be changed by the user. Integrating with Azure Active Directory Step 1 − Locate and click ‘Application’ at top of screen. Step 2 − Click on ‘Add’ displayed at the bottom of the screen. A pop up shown in the following image will be seen on the screen. Step 3 − If you click the first option, it will take you to the following screen. You can enter the name of the application and follow the wizard. Step 4 − Similarly, if you choose the second option in ‘What do you want to do’ pop up, it will let you choose an application from the gallery as shown in the following screen. Integrating On-Premise Active Directory Azure active directory lets you run an active directory in cloud and also lets you connect it to your on-premise active directory. Basically, it will replicate your user database residing on your on-premise machine in cloud. It will also automatically synchronize whenever changes are made on-premise. Click on the ‘Directory Integration’ from the top menu. An on-premise directory can be connected using the three steps as shown in the following image. Reports This is a very useful feature of Active Directory as it shows different reports such as number of times a user is signing in, or signing in from an unknown device can be seen here. Print Page Previous Next Advertisements ”;
Microsoft Azure – Fabric Controller ”; Previous Next Fabric Controller is a significant part of Windows Azure architecture. When thinking of the components or services provided by Windows Azure, we wonder how all this works and what is happening in clouds. It seems very complex from our end. Let us look into the physical architecture of these services to have a better understanding of Fabric Controller. Inside the datacenter, there are many machines or servers aggregated by a switch. We can say that fabric controller is a brain of the azure service that analyses the processes and makes decisions. Fabrics are group of machines in Microsoft’s datacenter which are aggregated by a switch. The group of these machines is called cluster. Each cluster is managed and owned by a fabric controller. They are replicated along with these machines. It manages everything inside those machines, for e.g., load balancers, switches, etc. Each machine has a fabric agent running inside it and fabric controller can communicate with each fabric agent. When selecting a virtual machine offered by Windows Azure services, there are five options to choose from. The configuration is as follows − Memory CPU Instance Storage Extra Small 768 MB Single core 1.0 GHz 20 GB Small 1.75 GB Single core 1.6 GHz 225 GB Medium 3.5 GB Dual core 1.6 GHz 490 GB Large 7 GB Four core 1.6 GHz 1,000 GB Extra Large 14 GB Eight core 1.6 GHz 2,040 GB When a user chooses one of the virtual machine, the operating system, patch updates and software updates are performed by fabric controller. It decides where the new application should run which is one of the most important functions of Fabric Controller. It also selects the physical server to optimize hardware utilization. When a new application is published in Azure, an application configuration file written in XML is also attached. The fabric controller reads those files in Microsoft datacenter and makes the setting accordingly. In addition to managing the allocation of resources to a specific application, it also monitors the health of compute and storage services. It also makes the failure recoveries for a system. Imagine a situation where four instances of web role are running, and one of them dies. The fabric controller will initiate a new instance to replace the dead one immediately. Similarly, in case any virtual machine fails, a new one is assigned by the fabric controller. It also resets the load balancers after assigning the new machine, so that it points to the new machine instantaneously. Thus, all the intelligent tasks are performed by the Fabric Controller in Windows Azure architecture. Print Page Previous Next Advertisements ”;
Microsoft Azure – Personalize Access ”; Previous Next We have two portals to access and manage our Azure service by logging in to our Azure account. Azure management portal has some issues with responsiveness, thus a second portal named preview portal was designed. The preview portal was launched later to improve the user experience on tablets and mobile devices. Clients, who are managing their services through Azure portal, often come here and Azure team has provisioned the personalization of the look of Azure preview portal. Users can choose the color and features to be displayed on the dashboard, which makes it easy for them to navigate through the services in the portal. Let us see what can be personalized in Azure preview portal. You can directly login to the preview portal by visiting https://portal.azure.com/ and using your Azure account or you can switch to it from Azure management portal. Azure team keeps making little changes but the overall concept remains the same. So when you try to customize your portal, it might look a little different but the basic features will remain the same. Step 1 − Login to Azure management portal. Step 2 − Switch to Azure preview portal by clicking on your photo and choosing ‘Switch to Azure Preview Portal’. Step 3 − You will see the following screen which is the dashboard of your Azure account. The tiles in the middle of the screen are some of the common tasks performed by Azure preview portal. To personalize these tiles click the ‘Settings Icon’ encircled. Step 4 − It will take you to the following screen. You can maximize the screen by clicking on the button encircled. You can choose from the available themes which will change the background color of the screen. On the same screen, you can choose to show/hide the command labels that display the name of the command. Similarly, you can enable/disable the animations. Step 5 − If you scroll down, you will see an option to change the language. Step 6 − You can also change the size of the tile. You can make it bigger or smaller. For example, on the following screen if you want my resource groups bigger − Right-click on the tile and choose customize. Alternatively, choose ‘customize’ from the top strip of the tile. It will appear when you hoover your cursor over it. Choose the size of the tile. Click ‘Done’ on the top of the screen. Step 7 − You can also customize your dashboard by moving the tiles as per your choice. You just have to drag and drop the tile to a different location on the screen. Step 8 − You can pin any of your resources to the dashboard. Go to the resource. Right-click on it or click the three dots. Click on the ‘Pin to Dashboard’. When you come back to the dashboard by clicking on the ‘Microsoft Azure’ at the top left corner, you will see the resource there as shown in following image. Print Page Previous Next Advertisements ”;
Microsoft Azure – Create Virtual Network ”; Previous Next You can create virtual network on cloud or you can also connect to the on-premise local network to the cloud network in Windows Azure. This tutorial will first explain how to create a cloud only network. Creating a Virtual Network in Clouds Only Step 1 − Login in to Azure Management Portal. Step 2 − Click on ‘New’ at the bottom left corner. Step 3 − Click on ‘Network Services’ and then ‘Virtual Network’. Step 4 − Click on ‘Quick Create’. Step 5 − Enter the name and leave all other fields as they are except location. You don’t need to specify anything in this case since everything will be decided by Azure itself. Step 6 − Click on ‘Create a Virtual Network’ and it is done. Creating a Virtual Network in Cloud Only (Advanced Settings) Step 1 − Click on ‘custom create’ instead of ‘quick create’ when creating a new virtual network and the following screen will appear. Step 2 − Enter the name of the ‘Network’ and choose a location. You will see that it will draw an image at the bottom. DNS Server Name is optional to enter as we are creating a cloud only network. Also, leave the options ‘Point to Site connectivity’ and ‘Site to Site connectivity’ as they are. The subsequent chapters will have a demo on configuration of these two options. Step 3 − Click next and leave the default values on the following screen. Step 4 − Click the next arrow and a virtual network is created. You can add DNS servers and local network even after creating a virtual network. Print Page Previous Next Advertisements ”;
Microsoft Azure – Endpoint Configuration ”; Previous Next When creating a virtual machine, we come across a part where endpoints can be configured. The two default endpoints enabled while creating a virtual machine are Remote Desktop and PowerShell. What actually is an endpoint? Virtual machine on same cloud can communicate to each other automatically. But in case we need them to communicate with our own computer, we will need an endpoint configured to make it happen. It is basically accessing the virtual machine through a port. An endpoint provides remote access to the services running on virtual machine. It has a public and private port that needs to be specified while creating an endpoint. Additionally, an endpoint can be accessed securely by activating Access Control Lists (ACL). In the following section, it is demonstrated how a new endpoint can be configured for virtual machine that’s already been created. However, it can also be done in the same way as creating a new one on configuration part of wizard. Step 1 − Click on Virtual Machine in your Azure Management portal. Step 2 − Click on ‘Endpoint’ and then Click on ‘Add’. Step 3 − Select ‘Add a Stand-Alone Endpoint’ as shown in the following image. Step 4 − Select the name from dropdown. Alternatively, you can enter a custom name. Here let’s select Http from options. It will assign unused ports automatically. Or you can enter it manually. Step 5 − If you tick ‘Create a Load Balanced Set’, it will allow distributing the load across virtual machines. Let’s leave it unchecked here because it can be configured later, if needed. Step 6 − The ‘Enable Direct Server Return’ is checked when SQL server’s ‘Always On’ feature is required, so let’s leave it unchecked. Step 7 − Click on Next arrow. Access Control of Endpoint We can grant or deny the access of services to an individual host or network. If nothing is specified, the endpoint can be accessed from any host and network. Step 1 − Select ‘Manage ACL’ as shown in the following image. Step 2 − Enter access description. Step 3 − Enter Subnet Mask. Step 4 − Click on Next and it’s done. Print Page Previous Next Advertisements ”;