This #SysAdmin Day, WIN with #Altaro and win an #Amazon voucher   Leave a comment

 

This SysAdmin Day, WIN with Altaro!

clip_image002

SysAdmin Day has arrived, and with it, gratitude for all the unsung heroes that 2020 has needed. Your hard work has made it possible for all of us to keep going, despite all challenges thrown our way. Now it is Altaro’s turn to thank YOU.

If you are an Office 365, Hyper-V or VMware user, celebrate with Altaro. Just sign up for a 30-day free trial of either Altaro VM Backup or Altaro Office 365 Backup – it’s your choice!

What can you win?

• Receive a €/£/$20 Amazon voucher when you use your trial of Altaro Office 365 Backup or Altaro VM Backup

• Get the chance to also win one of their Grand Prizes by sharing your greatest 2020 victory with Altaro in an up to 60-seconds video.

What are you waiting for? Sign up now!

Posted August 10, 2020 by Robert Smit [MVP] in Altaro

Tagged with

Proud and honored to announce that, I have been reawarded (12th time) as Microsoft Most Valuable Professional (MVP) in the Microsoft Azure Category #MVPBuzz #Azure #Microsoft   2 comments

As Yesterday was the renewal day 1st of July and waiting for THE email and waiting and the MVP website was slow and down all the MVP’s are checking the status. As I did not see any email till 18:00 thought well I need to go and do some stuff Lets see this tomorrow.

and there it is at 18:10 the email with the proof. Got my 12th MVP Award.

I Would thank the Community as I could not do this without you, this get me the inspiration on the blog Items and during the events with the AMA sessions.

image

For me, being awarded as a Microsoft MVP is a great honor. This award is a marvelous acknowledgment for all my activities.

I started as a MVP for “Clustering” in 2009 which then a small team of 4 MVP’s  It was a very exiting time to be part of that group among great personalities! Today, I’m doing mostly projects around Microsoft Azure and Windows Modern Workplace, so I’m really proud and happy that my community contributions ended up in a renewal for Azure.

 

Congrats to all new and renewed MVP colleagues!  #MVPBuzz @MVPAward

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

Posted July 2, 2020 by Robert Smit [MVP] in MVP Award

Tagged with ,

Step by Step Azure NAT Gateway – Static Outbound Public IP address #ANG #NAT #WVD #Azure #Security #Cloud #MVPBuzz #AzOps #ITPRO #VirtualNetworks #PowerShell   Leave a comment

There a several ways on using an external IP in Azure, What method to use is up to you. Remember there is no good or wrong but only different opinions or insights on how to use it.

Public IP addresses allow Internet resources to communicate inbound to Azure resources. Public IP addresses also enable Azure resources to communicate outbound to Internet and public-facing Azure services with an IP address assigned to the resource. The address is dedicated to the resource, until it is unassigned by you. If a public IP address is not assigned to a resource, the resource can still communicate outbound to the Internet, but Azure dynamically assigns an available IP address that is not dedicated to the resource.

Some of the resources you can associate a public IP address resource with are:

  • Virtual machine network interfaces
  • Internet-facing load balancers
  • VPN gateways
  • Application gateways
  • Azure Firewall
  • NAT Gateway

Matching SKUs must be used for load balancer and public IP resources. You can’t have a mixture of basic SKU resources and standard SKU resources. You can’t attach standalone virtual machines, virtual machines in an availability set resource, or a virtual machine scale set resources to both SKUs simultaneously.

Virtual Network NAT (network address translation) simplifies outbound-only Internet connectivity for virtual networks. When configured on a subnet, all outbound connectivity uses your specified static public IP addresses. Outbound connectivity is possible without load balancer or public IP addresses directly attached to virtual machines. NAT is fully managed and highly resilient.

image

So this is only for the Outbound connection. why not use the Resource group IP this is also “static” ? using this IP means that al VM’s must be in the same resource group and when the resource group changed the IP is also changing.

image

NAT is compatible with standard SKU public IP address resources or public IP prefix resources or a combination of both. You can use a public IP prefix directly or distribute the public IP addresses of the prefix across multiple NAT gateway resources. NAT will groom all traffic to the range of IP addresses of the prefix. Any IP whitelisting of your deployments is now easy.

So How to implement this. a step by step guide. GUI and powershell Looking at my demo setup, There are 2 vm’s both in a different Resource group.

Setting up the NAT gateway is done by 3 tabs to fill in the name and what vnet to use

https://robertsmit.wordpress.com/

We add a new NAT gateway.

image

We create a new resource group and choose NAT gateway name.

The Timeout we leave this on 4 min for now.

image

We configure an external IP and with a standard SKU. Basic is not supported.

image

the next step is choose the External outbound IP pool minimal is 2 and max is 256. this is not needed but only if you want to have a pool of External IP’s else it just go the one external ip

image

you can select max 2 prefixes

image

Configure which subnets of a virtual network should use this NAT gateway. Subnets with Basic load balancers or virtual machines that are using a Basic public IP are not compatible and cannot be used.
Note: While you do not have to complete this step to create a NAT gateway, the NAT gateway will not be functional until you have added at least one subnet. You can also add and reconfigure which subnets are included after creating the NAT gateway.

image

in the last step we tag the NAT gateway to a subnet. When checking the VM’s on this subnet for the outbound IP ( remember the VM does not need a public IP on the network card)

image

Here I have 2 VM’s getting both an IP from the prefix

imageimage

If there is only a small prefix then both machines will get the same external outbound IP

imageimage

With this time flow it recycles the External IP, depending on the scope and usage.

image

So in just a few steps you can use a useful gateway for all your outbound traffic.

Building this in Powershell is also easy. I use a semi automatic script as I want to choose my network. but you can change this to a fixed network if you want.

remember this will need the az.network latest module. in the old modules there is no get-AzNatGateway command. without this the posh is not working.

First we have some parameters

# Set the variables for the NAT Gateway.
$rg = ‘rg-rsm-natgw001’
$Location = ‘Westeurope’
$sku = ‘Standard’
$PublicIpname = ‘pup-rsm-natgw001’
$Publicprefixname = ‘pxp-rsm-natgw001’
$NatGatewayname=’gwn-rsm-natgateway001′

#create Rsource group
New-AzResourceGroup -Name $rg -Location $Location 

image

First we make some external IP and or a range.

#create Standard SKUP public IP
$publicIP = New-AzPublicIpAddress -Name $PublicIpname -ResourceGroupName $rg -AllocationMethod Static -Location $Location -Sku $sku
$publicIP | Select-Object Name, ResourceGroupName, IpAddress, IdleTimeoutInMinutes, ProvisioningState

https://robertsmit.wordpress.com

With the Zone attribute you can create zone redundancy, but this is not needed for this resource.

#create  IP prefix ( how many IP’s are needed)
$publicIPPrefix = New-AzPublicIpPrefix -Name $Publicprefixname -ResourceGroupName $rg -Location $Location -PrefixLength 29

$publicIPPrefix | Select-Object Name, IPPrefix, PrefixLength, ProvisioningState

image

You can skip this if you want only one external IP.

Next is creating the gateway.


#Create NAT gateway
$natGateway = New-AzNatGateway -Name $NatGatewayname -ResourceGroupName $rg -PublicIpAddress $publicIP -PublicIpPrefix $publicIPPrefix -Location $Location -Sku $sku -IdleTimeoutInMinutes 4
$natGateway  | Select-Object Name, ResourceGroupName, IdleTimeoutInMinutes , SKuText | Format-table -autosize –wrap

image

Now that the Gateway is created we can add a subnet to this. I used a point an click so that I can choose the network and subnet. but you can also use a variable to do this.

$virtualNetwork = Get-AzVirtualNetwork | Out-GridView -PassThru -Title "Pick the vnet that will be used for the NAT gateway"

https://robertsmit.wordpress.com

$NATSubnet = Get-AzVirtualNetworkSubnetConfig -VirtualNetwork $virtualNetwork | Out-GridView -PassThru -Title "Pick the Subnet that will be used for the NAT gateway"

image

$NATSubnet.NatGateway = $natGateway
$virtualNetwork | Set-AzVirtualNetwork

The network is chosen and the subnet is selected.

In the Azure portal you can see the result.

https://robertsmit.wordpress.com

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

 

Posted June 2, 2020 by Robert Smit [MVP] in Azure

Tagged with , ,

Update all AZ. Azure Powershell Modules #PowerShell #Azure #Script #modules   Leave a comment

If you do a lot with Azure and PowerShell you may noticed that the latest module is important. as functions may not be there or properties are not listed correctly.

There are plenty of scripts around on how to update these modules. 

With the  Get-InstalledModule you will get a list of the modules on your system

image

When doing get module with the –listAvailable you will see all the versions

Get-Module -Name az.* -ListAvailable

image

here is the powershell code Like I said before there are tons of the same scripts around on github or blog post. So don’t invent the wheel again reuse and modify to your needs

Get-Module -Name az.* -ListAvailable |
  Where-Object -Property Name -ne ‘Az.’ |
  ForEach-Object {
    $currentVersion = [Version] $_.Version
    $newVersion = [Version] (Find-Module -Name $_.Name).Version
    if ($newVersion -gt $currentVersion) {
      Write-Host -Object "Updating $_ Module from $currentVersion to $newVersion"
      Update-Module -Name $_.Name -RequiredVersion $newVersion -Force
      Uninstall-Module -Name $_.Name -RequiredVersion $currentVersion -Force
    }
  }

Running this can tike some time as you can see In this case I have a lot of old and new modules and these are being updated to the latest versions

image

When updating this I had some PowerShell windows still open and got some errors, you can also do this by hand.

For sample  – Install-Module -Name Az.Accounts -RequiredVersion 1.8.0 –Force

image

Hope this helps you to a better Azure PowerShell experience. 

 

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

Posted May 27, 2020 by Robert Smit [MVP] in Azure

Tagged with ,

Starting With Azure Tags: What do my resources Costs .#Azure #Cost #Tags #Cloud #Governance #WiMVP #Mvpbuzz   Leave a comment

When starting With Azure The Costs are important. If you have created a lot of resources you might want to know who owns the resources or what is the purpose of this resource.

Resource management: Your IT teams will need to quickly locate resources associated with specific workloads, environments, ownership groups, or other important information. Organizing resources is critical to assigning organizational roles and access permissions for resource management.

Azure Tags: What do my resources Costs. #Azure #Cost #Tags #Cloud #governance

Tagging resources  is the way to find the resource and keep it with the purpose that you used it for. but over time things may change or added.

There are tons of reasons why you should use Tagging

  • Cost management and optimization
  • Cloud accounting models
  • ROI calculations
  • Cost tracking
  • Budgets
  • Alerts
  • Recurring spend tracking and reporting
  • Post-implementation optimizations
  • Cost-optimization tactics
  • Operations management
  • Security
  • Governance and regulatory compliance
  • Automation
  • Workload optimization

Azure Tags: What do my resources Costs. #Azure #Cost #Tags #Cloud #governance

That way items in your resource groups may be un tagged. You can set policys for this but when there is some wild resource you might wan to check it first be for tagging.

Azure Tags: What do my resources Costs. #Azure #Cost #Tags #Cloud #governance

As you can see the TAG’s are not applied to all the resources.

Azure Tags: What do my resources Costs. #Azure #Cost #Tags #Cloud #governance

When you check the cost on the tag or on the resource group you will see different numbers. For adding the tag to all resources in the Resource group We use a PowerShell line.

First we connect to the Azure subscription or use the CLI

Connect-AzAccount
Login-AzAccount
Get-AzSubscription
Select-AzSubscription -Subscription "Microsoft Azure”

We select the resource group.

$RG = "rsmvprsg01"

When we check that resource group it has a tag. So there is no need to set an tag unless you want to set an extra tag to the resources.

image

Now We are setting the tag to all the resources that are in the resource group. Get-azresourcegroup and set the TAG.

$group = Get-AzResourceGroup -Name $rg
Get-AzResource -ResourceGroupName $group.ResourceGroupName | ForEach-Object {Set-AzResource -ResourceId $_.ResourceId -Tag $group.Tags -Force }

 

Azure Tags: What do my resources Costs. #Azure #Cost #Tags #Cloud #governance

When looking in the Billing you might not see this directly

image

Drilling down on the resource you can see it is set.

image

If you did not had set the Tags then you need to define a tag first.

#Force Tags to all resources
#set tag no pre defined
Set-AzResourceGroup -Name $rg -Tag @{ env="Robert Smit"; RSM="ClusterMVP" }

Azure Tags: What do my resources Costs. #Azure #Cost #Tags #Cloud #governance

  • Define what each tag should be used to identify.  Tag name : The exact term used for the tag, e.g. “Application” , “Department” , “Project”
    Values:  List all potential values for each tag name, e.g. “finance”, “website” , “name”
  • Tag names can have up to 512 characters, values can have up to 256
  • These characters aren’t supported with tags: < > % & / ?

$group = Get-AzResourceGroup -Name $rg
Get-AzResource -ResourceGroupName $group.ResourceGroupName | ForEach-Object {Set-AzResource -ResourceId $_.ResourceId -Tag $group.Tags -Force }

Azure Tags: What do my resources Costs. #Azure #Cost #Tags #Cloud #governance

And you can do this also with the Azure CLI

Open the CLI in the Azure portal

image

I’ll use the same settings

env="Robert Smit"; RSM="ClusterMVP"

 

az tag create –name Env

az tag add-value –name Env –value "Robert Smit”

 

Azure Tags: What do my resources Costs. #Azure #Cost #Tags #Cloud #governance

 

Now that the Tags are created we can add them to a resource group

 

az group update -n rsmdemo01–set tags.Env="Robert Smit" tags.MVP=ClusterMVP

 

image

Is sett two tags but you can set just one or multiple.

Enforce tagging rules with Azure policies can done easily as there are many examples here https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-policies

Assign policies for tag compliance

The Link will take you to the Github repository https://github.com/Azure/azure-policy 

image

 

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

Posted May 19, 2020 by Robert Smit [MVP] in Azure

Tagged with ,

  • Twitter

  • RSS Azure and Microsoft Windows Server Blog

  • %d bloggers like this: