Robert Smit MVP Blog

This #SysAdmin Day, WIN with #Altaro and win an #Amazon voucher Leave a comment

Posted August 10, 2020 by Robert Smit [MVP] in Altaro

Tagged with sponsor

Proud and honored to announce that, I have been reawarded (12th time) as Microsoft Most Valuable Professional (MVP) in the Microsoft Azure Category #MVPBuzz #Azure #Microsoft 2 comments

As Yesterday was the renewal day 1^st of July and waiting for THE email and waiting and the MVP website was slow and down all the MVP’s are checking the status. As I did not see any email till 18:00 thought well I need to go and do some stuff Lets see this tomorrow.

and there it is at 18:10 the email with the proof. Got my 12th MVP Award.

I Would thank the Community as I could not do this without you, this get me the inspiration on the blog Items and during the events with the AMA sessions.

For me, being awarded as a Microsoft MVP is a great honor. This award is a marvelous acknowledgment for all my activities.

I started as a MVP for “Clustering” in 2009 which then a small team of 4 MVP’s It was a very exiting time to be part of that group among great personalities! Today, I’m doing mostly projects around Microsoft Azure and Windows Modern Workplace, so I’m really proud and happy that my community contributions ended up in a renewal for Azure.

Congrats to all new and renewed MVP colleagues! #MVPBuzz @MVPAward

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google : Robert Smit MVP profile

Posted July 2, 2020 by Robert Smit [MVP] in MVP Award

Tagged with Azure, MVP

Step by Step Azure NAT Gateway – Static Outbound Public IP address #ANG #NAT #WVD #Azure #Security #Cloud #MVPBuzz #AzOps #ITPRO #VirtualNetworks #PowerShell Leave a comment

There a several ways on using an external IP in Azure, What method to use is up to you. Remember there is no good or wrong but only different opinions or insights on how to use it.

Public IP addresses allow Internet resources to communicate inbound to Azure resources. Public IP addresses also enable Azure resources to communicate outbound to Internet and public-facing Azure services with an IP address assigned to the resource. The address is dedicated to the resource, until it is unassigned by you. If a public IP address is not assigned to a resource, the resource can still communicate outbound to the Internet, but Azure dynamically assigns an available IP address that is not dedicated to the resource.

Some of the resources you can associate a public IP address resource with are:

Virtual machine network interfaces
Internet-facing load balancers
VPN gateways
Application gateways
Azure Firewall
NAT Gateway

Matching SKUs must be used for load balancer and public IP resources. You can’t have a mixture of basic SKU resources and standard SKU resources. You can’t attach standalone virtual machines, virtual machines in an availability set resource, or a virtual machine scale set resources to both SKUs simultaneously.

Virtual Network NAT (network address translation) simplifies outbound-only Internet connectivity for virtual networks. When configured on a subnet, all outbound connectivity uses your specified static public IP addresses. Outbound connectivity is possible without load balancer or public IP addresses directly attached to virtual machines. NAT is fully managed and highly resilient.

So this is only for the Outbound connection. why not use the Resource group IP this is also “static” ? using this IP means that al VM’s must be in the same resource group and when the resource group changed the IP is also changing.

NAT is compatible with standard SKU public IP address resources or public IP prefix resources or a combination of both. You can use a public IP prefix directly or distribute the public IP addresses of the prefix across multiple NAT gateway resources. NAT will groom all traffic to the range of IP addresses of the prefix. Any IP whitelisting of your deployments is now easy.

So How to implement this. a step by step guide. GUI and powershell Looking at my demo setup, There are 2 vm’s both in a different Resource group.

Setting up the NAT gateway is done by 3 tabs to fill in the name and what vnet to use

We add a new NAT gateway.

We create a new resource group and choose NAT gateway name.

The Timeout we leave this on 4 min for now.

We configure an external IP and with a standard SKU. Basic is not supported.

the next step is choose the External outbound IP pool minimal is 2 and max is 256. this is not needed but only if you want to have a pool of External IP’s else it just go the one external ip

you can select max 2 prefixes

Configure which subnets of a virtual network should use this NAT gateway. Subnets with Basic load balancers or virtual machines that are using a Basic public IP are not compatible and cannot be used.
Note: While you do not have to complete this step to create a NAT gateway, the NAT gateway will not be functional until you have added at least one subnet. You can also add and reconfigure which subnets are included after creating the NAT gateway.

in the last step we tag the NAT gateway to a subnet. When checking the VM’s on this subnet for the outbound IP ( remember the VM does not need a public IP on the network card)

Here I have 2 VM’s getting both an IP from the prefix

If there is only a small prefix then both machines will get the same external outbound IP

With this time flow it recycles the External IP, depending on the scope and usage.

So in just a few steps you can use a useful gateway for all your outbound traffic.

Building this in Powershell is also easy. I use a semi automatic script as I want to choose my network. but you can change this to a fixed network if you want.

remember this will need the az.network latest module. in the old modules there is no get-AzNatGateway command. without this the posh is not working.

First we have some parameters

# Set the variables for the NAT Gateway.
$rg = ‘rg-rsm-natgw001’
$Location = ‘Westeurope’
$sku = ‘Standard’
$PublicIpname = ‘pup-rsm-natgw001’
$Publicprefixname = ‘pxp-rsm-natgw001’
$NatGatewayname=’gwn-rsm-natgateway001′

#create Rsource group
New-AzResourceGroup -Name $rg -Location $Location

First we make some external IP and or a range.

#create Standard SKUP public IP
$publicIP = New-AzPublicIpAddress -Name $PublicIpname -ResourceGroupName $rg -AllocationMethod Static -Location $Location -Sku $sku
$publicIP | Select-Object Name, ResourceGroupName, IpAddress, IdleTimeoutInMinutes, ProvisioningState

With the Zone attribute you can create zone redundancy, but this is not needed for this resource.

#create IP prefix ( how many IP’s are needed)
$publicIPPrefix = New-AzPublicIpPrefix -Name $Publicprefixname -ResourceGroupName $rg -Location $Location -PrefixLength 29

$publicIPPrefix | Select-Object Name, IPPrefix, PrefixLength, ProvisioningState

You can skip this if you want only one external IP.

Next is creating the gateway.

#Create NAT gateway
$natGateway = New-AzNatGateway -Name $NatGatewayname -ResourceGroupName $rg -PublicIpAddress $publicIP -PublicIpPrefix $publicIPPrefix -Location $Location -Sku $sku -IdleTimeoutInMinutes 4
$natGateway | Select-Object Name, ResourceGroupName, IdleTimeoutInMinutes , SKuText | Format-table -autosize –wrap

Now that the Gateway is created we can add a subnet to this. I used a point an click so that I can choose the network and subnet. but you can also use a variable to do this.

$virtualNetwork = Get-AzVirtualNetwork | Out-GridView -PassThru -Title "Pick the vnet that will be used for the NAT gateway"

$NATSubnet = Get-AzVirtualNetworkSubnetConfig -VirtualNetwork $virtualNetwork | Out-GridView -PassThru -Title "Pick the Subnet that will be used for the NAT gateway"

$NATSubnet.NatGateway = $natGateway
$virtualNetwork | Set-AzVirtualNetwork

The network is chosen and the subnet is selected.

In the Azure portal you can see the result.

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google : Robert Smit MVP profile

Posted June 2, 2020 by Robert Smit [MVP] in Azure

Tagged with Azure, Windows 10, WVD

Update all AZ. Azure Powershell Modules #PowerShell #Azure #Script #modules Leave a comment

If you do a lot with Azure and PowerShell you may noticed that the latest module is important. as functions may not be there or properties are not listed correctly.

There are plenty of scripts around on how to update these modules.

With the Get-InstalledModule you will get a list of the modules on your system

When doing get module with the –listAvailable you will see all the versions

Get-Module -Name az.* -ListAvailable

here is the powershell code Like I said before there are tons of the same scripts around on github or blog post. So don’t invent the wheel again reuse and modify to your needs

Get-Module -Name az.* -ListAvailable |
Where-Object -Property Name -ne ‘Az.’ |
ForEach-Object {
    $currentVersion = [Version] $_.Version
    $newVersion = [Version] (Find-Module -Name $_.Name).Version
    if ($newVersion -gt $currentVersion) {
      Write-Host -Object "Updating $_ Module from $currentVersion to $newVersion"
      Update-Module -Name $_.Name -RequiredVersion $newVersion -Force
      Uninstall-Module -Name $_.Name -RequiredVersion $currentVersion -Force
    }
}

Running this can tike some time as you can see In this case I have a lot of old and new modules and these are being updated to the latest versions

When updating this I had some PowerShell windows still open and got some errors, you can also do this by hand.

For sample – Install-Module -Name Az.Accounts -RequiredVersion 1.8.0 –Force

Hope this helps you to a better Azure PowerShell experience.

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google : Robert Smit MVP profile

Posted May 27, 2020 by Robert Smit [MVP] in Azure

Tagged with Azure, Powershell

Starting With Azure Tags: What do my resources Costs .#Azure #Cost #Tags #Cloud #Governance #WiMVP #Mvpbuzz Leave a comment

When starting With Azure The Costs are important. If you have created a lot of resources you might want to know who owns the resources or what is the purpose of this resource.

Resource management: Your IT teams will need to quickly locate resources associated with specific workloads, environments, ownership groups, or other important information. Organizing resources is critical to assigning organizational roles and access permissions for resource management.

Tagging resources is the way to find the resource and keep it with the purpose that you used it for. but over time things may change or added.

There are tons of reasons why you should use Tagging

Cost management and optimization
Cloud accounting models
ROI calculations
Cost tracking
Budgets
Alerts
Recurring spend tracking and reporting
Post-implementation optimizations
Cost-optimization tactics
Operations management
Security
Governance and regulatory compliance
Automation
Workload optimization

That way items in your resource groups may be un tagged. You can set policys for this but when there is some wild resource you might wan to check it first be for tagging.

As you can see the TAG’s are not applied to all the resources.

When you check the cost on the tag or on the resource group you will see different numbers. For adding the tag to all resources in the Resource group We use a PowerShell line.

First we connect to the Azure subscription or use the CLI

Connect-AzAccount
Login-AzAccount
Get-AzSubscription
Select-AzSubscription -Subscription "Microsoft Azure”

We select the resource group.

$RG = "rsmvprsg01"

When we check that resource group it has a tag. So there is no need to set an tag unless you want to set an extra tag to the resources.

Now We are setting the tag to all the resources that are in the resource group. Get-azresourcegroup and set the TAG.

$group = Get-AzResourceGroup -Name $rg
Get-AzResource -ResourceGroupName $group.ResourceGroupName | ForEach-Object {Set-AzResource -ResourceId $_.ResourceId -Tag $group.Tags -Force }

When looking in the Billing you might not see this directly

Drilling down on the resource you can see it is set.

If you did not had set the Tags then you need to define a tag first.

#Force Tags to all resources
#set tag no pre defined
Set-AzResourceGroup -Name $rg -Tag @{ env="Robert Smit"; RSM="ClusterMVP" }

Define what each tag should be used to identify. Tag name : The exact term used for the tag, e.g. “Application” , “Department” , “Project”
Values: List all potential values for each tag name, e.g. “finance”, “website” , “name”
Tag names can have up to 512 characters, values can have up to 256
These characters aren’t supported with tags: < > % & / ?

$group = Get-AzResourceGroup -Name $rg
Get-AzResource -ResourceGroupName $group.ResourceGroupName | ForEach-Object {Set-AzResource -ResourceId $_.ResourceId -Tag $group.Tags -Force }