Author Archive

Step by Step Azure Network watcher #Azure #ANW #Network #Cloud #diagnose #troubleshooting   Leave a comment

 

Network Watcher is a regional service that enables you to monitor and diagnose conditions at a network scenario level in, to, and from Azure. Network diagnostic and visualization tools available with Network Watcher help you understand, diagnose, and gain insights to your network in Azure. Use Network Watcher, a service that enables you to monitor and diagnose conditions at a network scenario level.

Network Watcher currently has the following capabilities:

  • Topology – Provides a network level view showing the various interconnections and associations between network resources in a resource group.
  • Variable Packet capture – Captures packet data in and out of a virtual machine. Advanced filtering options and fine-tuned controls such as being able to set time and size limitations provide versatility. The packet data can be stored in a blob store or on the local disk in .cap format.
  • IP flow verify – Checks if a packet is allowed or denied based on flow information 5-tuple packet parameters (Destination IP, Source IP, Destination Port, Source Port, and Protocol). If the packet is denied by a security group, the rule and group that denied the packet is returned.
  • Next hop – Determines the next hop for packets being routed in the Azure Network Fabric, enabling you to diagnose any misconfigured user-defined routes.
  • Security group view – Gets the effective and applied security rules that are applied on a VM.
  • NSG Flow logging – Flow logs for Network Security Groups enable you to capture logs related to traffic that are allowed or denied by the security rules in the group. The flow is defined by a 5-tuple information – Source IP, Destination IP, Source Port, Destination Port and Protocol.
  • Virtual Network Gateway and Connection troubleshooting – Provides the ability to troubleshoot Virtual Network Gateways and Connections.
  • Network subscription limits – Enables you to view network resource usage against limits.
  • Configuring Diagnostics Log – Provides a single pane to enable or disable Diagnostics logs for network resources in a resource group.
  • Connectivity (Preview) – Verifies the possibility of establishing a direct TCP connection from a virtual machine to a given endpoint.

 

Lets start with creating the Network Watcher.

Open Powershell  :

Login-AzureRmAccount

Register-AzureRmProviderFeature -FeatureName AllowNetworkWatcher -ProviderNamespace Microsoft.Network

Get-AzureRmProviderFeature -FeatureName AllowNetworkWatcher -ProviderNamespace  Microsoft.Network

 

Go to the https://portal.azure.com

https://robertsmit.wordpress.com/

As you can see I have several with status disabled and one with partially enabled

image

Enabling the Network Watcher is easy just do a right click on the 3 dots and enable this for all regions or just one, or set this as a default.

 

image

image

Now that we enabled the Network Watcher We create a separate Storage Account for this, as all the logging goes to this storage account. We don’t want to place log files all over the subscription.

image

Our just run a PowerShell command to do this. I use a own resource group for this

New-AzureRmResourceGroup -Name "rsg-netwatcher01" -Location "westeurope"
New-AzureRmStorageAccount -ResourceGroupName "rsg-netwatcher01" -Location "westeurope" -Name "stnetwatcher01" -SkuName Standard_LRS

 

Topology – Provides a network level view showing the various interconnections and associations between network resources in a resource group.

TO view the topology from your network could be very handy- Remember this is only ARM so no ASM

image

and yes the pictures getting large

image

This is all the basic stuff IP flow verify is the more interesting part.

 

IP flow verify

IP flow verify checks if a packet is allowed or denied to or from a virtual machine based on 5-tuple information. This information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen, this feature helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.

IP flow verify targets a network interface of a virtual machine. Traffic flow is then verified based on the configured settings to or from that network interface. This capability is useful in confirming if a rule in a Network Security Group is blocking ingress or egress traffic to or from a virtual machine.

Remember If you have multiple regions you must enable Network Watcher in all regions.

image

The flow is easy the Source Machine and Port number and the destination Machine and Port number. as this is all in the same subnet but If you are running this in more complex networks then this could be very useful.

 

Checking the Security Groups all settings in just one overview that is also very handy when troubleshooting.

image

So all thing in the Network Watcher is nice but one this that is always a pain is troubleshoot the VPN connections and get the log files etc.

In the Network Watcher there is an option on troubleshoot the VPN connection

Network Watcher – VPN Diagnostics

This is also the place where the storage container is needed. Just select the Virtual network gateway and add the Storageaccount with the Start Troubleshooting. This could take a few Minutes to complete!

imageimage image

When the trace is done there is a Zipfile GatewayTenantWorker_IN_0.zip placed in the folder with a date folder structure so no overwrite of the file.

In the Zip file are 2 files unless you have issues.

image

Connectivity State : Connected
Remote Tunnel Endpoint :
Ingress Bytes (since last connected) : 202242292718 B
Egress Bytes (Since last connected) : 2435917732003 B
Connected Since : 8/15/2017 9:41:08 AM

In the connection stats you can see the traffic between the VPN connection.

When you have issues with the VPN connection then there will be more files in the zip file. Beside the ConnectionStats.txt and the CPUStat.txt, we got IKEErrors.txt, Scrubbed-wfpdiag.txt, wfpdiag.txt.sum and wfpdiag.xml.

The IKEErrors.txt and Scrubbed-wpfdiag.txt will get you the most detail about the error of the VPN connection

 

Pricing details

There are no charges to use Network Watcher today. On October 1, 2017, the pricing model below goes into effect.

Feature Monthly allotment Overage charge
Network Logs Ingested 5 GB €0.422 per GB
Network Diagnostic Tools 1,000 checks €0.844 per 1,000 checks
 
  • Network logs are stored within a storage account and have a retention policy that can be set from one day to 365 days. If a retention policy is not set, the logs are maintained forever. Corresponding charges will apply for storage, Log Analytics, and event hubs respectively.
  • Network Watcher Diagnostic Tools and Topology features are billed for the number of Network Diagnostic checks initiated via Azure Portal, PowerShell, CLI, or Rest.

As the Cost are minimal and easy to use so enable this today.

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl

Bing Me : http://tinyurl.com/j6ny39w

LMGTFY : http://lmgtfy.com/?q=robert+smit+mvp+blog

Posted August 16, 2017 by Robert Smit [MVP] in Azure

Tagged with

How to: Resize virtual machines in #Azure With #Powershell Multiple or Single virtual machines   Leave a comment

With the new VM sizes in Azure you may want to change the Size as you get more VM for less money. but remember the VM will restart! so better fi

RDSTWEAKERS.COM

But changing the VM by hand is a time consuming  job So Powershell could be very handy in this case. you can change the Vm size easily with a one-liner

So first we need to login into the azure Subscription.

Login-AzureRmAccount

If you have multiple Subscriptions you need to select the right subscription.

$subscrip=Get-AzureRmSubscription | Out-GridView -OutputMode Single -Title ‘Please select a Azure Subscription.’
Select-AzureRmSubscription -TenantId  $subscrip.TenantId

Get-AzureRmVM

image

 

$vm = Get-AzureRmVM -VMName MVPCB10 -ResourceGroupName RSG-VNET
$vm.HardwareProfile.VmSize = "Standard_D2_v3"
Update-AzureRmVM -VM $vm -ResourceGroupName RSG-VNET

Ok this seems nice but I have 50 VM’s that I like to change

#set new Size to VM
1..5 | % {
$vm = Get-AzureRmVM -ResourceGroupName RSG-VNET -VMName MVPCB1$_
$vm.HardwareProfile.VmSize = "Standard_D13_v2_Promo"
Update-AzureRmVM -VM $vm -ResourceGroupName RSG-VNET

}

Better But if you used random names then the above will not really help you in quick size changing. The next step would be selecting all the VM that needs to be changed and selecting a Size for changing. That sounds great but how to start ?

With the Out-GridView you can do great things. to bad that the price is not available in this.

image

 

The script would be like this :

 

$VMList = Get-AzureRmVm | Out-GridView -OutputMode Multiple -Title ‘Please select an Azure Virtual Machine to resize.’;
$TargetSize = Get-AzureRmVmSize -Location westeurope | Out-GridView -OutputMode Single -Title ‘Please select a target Azure Virtual Machine size.’;
foreach ($VM in $VMList) {
  Write-output "Resizing Microsoft Azure Virtual Machine" $VM.Name "in Resource Group" $VM.ResourceGroupName "to size" $TargetSize
 
  Update-AzureRmVm -VM $VM -ResourceGroupName $VM.ResourceGroupName -Verbose
}
Get-AzureRmVm

After this the VM’s are all changed in a other Size.

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl

Bing Me : http://tinyurl.com/j6ny39w

LMGTFY : http://lmgtfy.com/?q=robert+smit+mvp+blog

https://rdstweakers.com

Posted July 18, 2017 by Robert Smit [MVP] in Azure

Tagged with

Azure Site Recovery between #Azure regions #IaaS not for Managed Disks and Server 2016 #Cloud #Winserv #legacy   Leave a comment

You can migrate Azure VMs between regions using Site Recovery. In other words, you can replicate the Azure VMs and fail them over to another region. In this blog we set up a Recovery Services vault, deploy an Azure configuration server to manage replication, add it to the vault, and specify replication settings. Enable replication for the machines you want to migrate, and run a quick test failover. Then you run an unplanned failover with the Complete Migration option. Seems easy and it is all in Azure. In my other blog post I’ll covered the other ASR scenarios .

https://robertsmit.wordpress.com/2017/02/07/replicate-hyper-v-virtual-machines-to-azure-using-azure-site-recovery-asr-bcdr-winserv-cloud-msoms/

https://robertsmit.wordpress.com/2014/08/27/azure-site-recovery-service-asrs-hyper-v-to-azure-recovery-mvpbuzz/

https://robertsmit.wordpress.com/?s=ASR

But an Important lesson always look for “Is my System Supported “

Support for Azure to Azure replicated machine OS versions

The below support is applicable for any workload running on the mentioned OS.

Windows
  • 64-bit Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2008 R2 with at least SP1
Linux
  • Red Hat Enterprise Linux 6.7, 6.8, 7.1, 7.2, 7.3
  • CentOS 6.5, 6.6, 6.7, 6.8, 7.0, 7.1, 7.2, 7.3
  • Oracle Enterprise Linux 6.4, 6.5 running either the Red Hat compatible kernel or Unbreakable Enterprise Kernel Release 3 (UEK3)
  • SUSE Linux Enterprise Server 11 SP3

 

Lets build this configuration

First we go to the Recovery service and create a new vault.

image

image Place this vault where every you want.

image the Next step is creating a Site Recovery configuration and choose the VM’s that need protection.

imageimageimage

As we are using Azure as a Base we don’t need any infrastructure preparations. It is just an easy Click. Unless….

image

The First step is selecting the Source Resource Group and Region

image

The Second step is picking the VM’s to protect. And as Microsoft is hamering on “use Managed disks” Well there is an little Issue.

 image

Ok that is an Issue can’t move this VM’s to an other Region. But it is a preview so plenty of time to fix this. Or is it to Soon for Managed disk ? Well that’s an other discussion and maybe a new Blog post about Managed disks – What Not to do.

image

After We select the VM to Protect and the Portal pops up a suggested configuration but you can change this in the customize settings

image

I leave this all to default

imageimage

But the Retention Policy need to change but this is all up to you.

imageimage

After this the system does a validated and then you can Enable the Replication. And then we wait.

But What ? an Error eh everything looks ok. Lets check the Error log in Azure

 

imageimage

ARM debug yes check been there done that.

image

code": "151021", "message": "Site recovery extension does not support the Windows operating system running on the virtual machine."

Is there something Wrong with My Server ? I could It is a DC and I never logon to this locally Let me check the Server.

 

imageimage

It is Running and the Agent is healthy Ah but I need to change My password could this be the Issue ?

 

imageimage

Still Let me dive a bit deeper in the Azure Logging I checked the Replication Policy In the Portal.

image

image

But wait there is more a web link As I did not Read the Requirements for Azure to Azure Replication.

https://aka.ms/a2a-os-support-matrix

Support for replicated machine OS versions

The below support is applicable for any workload running on the mentioned OS.

Windows
  • 64-bit Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2008 R2 with at least SP1

So no Windows Server 2016 so far the Replication from and to Azure. All my servers are 2016 and I’m not going Back.  just need to wait for the next preview update.

 https://aka.ms/a2a-os-support-matrix

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl

Bing Me : http://tinyurl.com/j6ny39w

LMGTFY : http://lmgtfy.com/?q=robert+smit+mvp+blog

Posted June 5, 2017 by Robert Smit [MVP] in Azure Site Recovery

Tagged with

How to start with Azure Cloud Shell The beginning #Azure #ACS #shell #Storage   Leave a comment

Microsoft just released the Azure Cloud Shell option in the Azure Portal. here is a quick step by step on how to use this and how to add this with storage explorer when creating a storage account.

Azure CLI 2.0 is optimized for managing and administering Azure resources from the command line, and for building automation scripts that work against the Azure Resource Manager

https://docs.microsoft.com/en-us/cli/azure/install-azure-cli

Azure Cloud Shell

Azure

a LRS storage account is created on your behalf with an Azure file share containing a default 5-GB disk image.

This disk image is used to sync and persist your $Home directory. Regular storage costs apply. Three resources will be created on your behalf:

  • Resource Group named: cloud-shell-storage-<region>
  • Storage Account named: cs-uniqueGuid
  • File Share named: cs-<user>-<domain>-com-uniqueGuid

image

imageimage

So that’s it. To easy? 

As the default help shows you with  az account list you get a list off your azure subscriptions

Azure Cloud Shell

For selecting the right subscription when creating resources 

  • az account set –subscription "MVP-platforms"

Remember using options use – and not like in powershell –

Now creating a Resource group in the selected Subscription

  • az group create –name clustermvp –location westus

image

So very handy on quick creating items in the shell, Still I prefer PowerShell but that’s my thing and I see the options of this and It is a nice new feature.

Quick on creating a new storage account and get the right connection

create a new storage account

  • az storage account create  –resource-group clustermvp –location westus –name clustermvp –sku Standard_LRS –kind Storage

image
 
Now you need to get the connection string to use

az storage account show-connection-string –resource-group clustermvp –name clustermvp

image

Copy the connection string for usage in storage explorer or other usage.

image

Using the connection string in storage explorer

 

imageimage

Fully working string.

image

If you want to know more about the Azure CLI check the docs site on azure CLI

https://docs.microsoft.com/en-us/cli/azure/install-azure-cli

 

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl

Bing Me : http://tinyurl.com/j6ny39w

LMGTFY : http://lmgtfy.com/?q=robert+smit+mvp+blog

Posted May 14, 2017 by Robert Smit [MVP] in Azure

Tagged with

Install System Center Configuration Manager version 1702/1704 #SCCM #Sysctr   Leave a comment

In the past 6 months I haven’t done much with SCCM only sideways jobs but with all the new features in the Preview Branch SCCM will survive the Cloud. as it moves more and more to the cloud and integrates with it. As I build a fresh lab environment with all the latest updates and previews. As I broke my previous lab environment ( FUBAR – Fucked up beyond all repair) So Becarefull when you upgrade your machine make backup/ snapshots. Or just start over. this could be a learn full process also you may want to get things faster easier and before you know it you spend weeks on everything except on the SCCM blog post.

https://robertsmit.wordpress.com/

Well as I did take my time to write this blog post there is already a new version the 1704 for the Technical Preview Branch of System Center Configuration Manager. The installation process is the same. For more info about the 1704 build checkout the two links below,

https://docs.microsoft.com/en-us/sccm/core/get-started/capabilities-in-technical-preview-1704

https://docs.microsoft.com/en-us/sccm/core/get-started/technical-preview

New features in the 1704 version are:

  • Improvements to operating system deployment
  • Reload boot images with current Windows PE version
  • Configure Android apps with app configuration policies
  • Add child task sequences to a task sequence
  • Hardware inventory collects Secure Boot information

New features in the 1702 version are:

  • Azure Active Directory Domain Services support – You can install a ConfigMgr site on an Azure virtual machine that is connected to Azure Active Directory Domain Services, and use the site to manage other Azure virtual machines connected to the same domain.
  • Improvements for in-console search – Based on User Voice feedback, we have added several improvements to in-console search, including searching by Object Path, preservation of search text and preservation of your decision to search sub-nodes.
  • Windows Update for Business integration – You can now implement Windows Update for Business assessment results as part of Conditional Access compliance policy conditional rules.
  • Customize high-risk deployment warning – You can now customize the Software Center warning when running a high-risk deployment, such as a task sequence to install a new operating system. The default string regarding data may not apply in scenarios like in-place upgrade.
  • Close executable files at the deadline when they would block application installation – If executable files are listed on the Install Behavior tab for a deployment type and the application is deployed to a collection as required, then a more intrusive notification experience is provided to inform the user, and the specified executable files will be closed automatically at the deadline.

This release also includes the following improvements for customers using System Center Configuration Manager connected with Microsoft Intune to manage mobile devices:

  • Non-Compliant Apps Compliance Settings – Add iOS and Android applications to a non-compliant apps rule in a compliance policy to trigger conditional access if the devices have those applications installed.
  • PFX Certificate Creation and Distribution and S/MIME Support – Admins can create and deploy PFX certificates to users.  These certificates can then be used for S/MIME encryption and decryption by devices that the user has enrolled.
  • Android for Work Support – You can now manage Android for Work devices. This enables you to enroll devices, approve and deploy apps, and configure policies for Android for Work devices.

Update 1702 for Technical Preview Branch is available in the Configuration Manager console. For new installations please use the 1610 baseline version of Configuration Manager Technical and upgrade from this.

imageimage

To get the Updates go to the cloud services  and check for updates. this could take a whale.

 

imageimageimageimage

But when the Update is arrived you can update the SCCM version. I choose for the test first and do later the Update. Just to make sure I don’t wreck the SCCM server directly. and as always in SCCM there are plenty of log files. 

 

imageimage

As showing the Progress in the GUI you can check every step. So installing this is just easy and I did first the prereqs check and then when installing there is no point off doing the check again therefor there is a little checkbox.

image

image 

As you can see I can select the options but If you can’t no problem you can do this later. just go to the Hierarchy Setting Properties, under General, check the box “Consent to use Pre-Release features“. Furthermore once you decide to use these features and enable it, you cannot undo the changes. So if you have decided to use these features, check the box, click Apply and OK. And every preview is only valid for 90 days so once updated you need to go with the updates every time.

image

imageimage

I don’t have a preview collection everything is already test so start the installation.

imageimageimage

The installation is taking some time so don’t worry it things are going that fast.

image

When opening the console again the console does his upgrade to the new version.

image  imageimage

After this the new Version is installed and ready for testing. But for this testing you may need to install some other updates than SCCM what about the ADK version for the new Windows 10 deployments ?

image

While upgrading do the Update from the ADK also Download Windows ADK for Windows 10 Version 1703

What’s new in ADK kits and tools

Windows Configuration Designer

Previously known as Windows Imaging and Configuration Designer (ICD), the tool for creating provisioning packages is renamed Windows Configuration Designer. Windows Configuration Designer in Windows 10, version 1703, includes several new wizards to make it easier to create provisioning packages.

And even this simple installation It has some prereq’s to to.
image

To see the newest unattended settings, go to Changed answer file settings for Windows 10 for desktop editions.

 

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl

Bing Me : http://tinyurl.com/j6ny39w

LMGTFY : http://lmgtfy.com/?q=robert+smit+mvp+blog

Posted May 7, 2017 by Robert Smit [MVP] in System Center

Tagged with

Xenapp Essentials the replacement of Azure Remote App ? or #NoGo #ARA #Citrix #CXE #Cloud #RemoteApp   1 comment

Well it is here it took some time but now you can start testing with the Xenapp Essentials. Is it any good and Can I use it for production. Well I was a little disappointed  I was charged upfront and the VM image I used was not usable because the Xenapp Essentials can’t handle Azure managed disks, As azure is pushing use managed disk. is Citrix Xenapp Essentials not capable of using managed disk. therefore I had to rebuild a new Image. The look and feel is the same as in Azure RemoteApp the nice thing is you can change sizing and scaling and to save money a time schedule. But for testing in a MSDN subscription I hate the upfront billing and Citrix did not tell this.

But why not build a RDS farm in Azure ? will show this in a the post below and using a Profile Cluster in Azure is also supported.

https://technet.microsoft.com/en-us/windows-server-docs/compute/remote-desktop-services/rds-storage-spaces-direct-deployment

For those who are unfamiliar with Azure Remote App check my blog post below.

https://robertsmit.wordpress.com/2014/06/20/microsoft-azure-hybrid-deployment-of-remoteapp-step-by-step-azure-microsoft-remoteapp-mvpbuzz-rds-hrdaas/

In this part I show you how to set things up. there are multiple ways and each has is own choices. Citrix is delivering a default Image and this is a Windows 2012 Image, well I’m not going for a default image but a custom. this need some work. This will be a log blog post and tons of pictures in it, As I tried to do step by step but some items you just need to know in Azure. Else it is gonna be a real long blog. But If you need more info on any item just ping me.

Well first I thought lets do this and writ a quick blog on hoe great this is. The amount off steps it took to get thing running is more than I expected. but it is not a bad thing. But be prepared it takes time!

The interesting part is should I use the Same Image or is there an easy migration path. Well it all depends as most things in IT.

The Deployment Xenapp Essentials workflow in just 7 tiles you are done. but some tiles takes several other little steps.

localized image

Do you want to stay on Windows server 2012R2 ? Well I don’t think so but there are good reasons to migrate as is but will this work. As this blog post is just on how to setup the Citrix Xenapp Essentials, the next post would be this integration and migration

As the Citrix Xenapp Essentials is in the Azure market place we also need a Citrix Account.

You can easily create a new Citrix Cloud by going to the following site: https://onboarding.cloud.com

there are a couple of questions and then you are ready to use the account.

imageimage

In case you have an issue with your account just open a support ticket and the Citrix Support will fix your issue quickly.

So In the Azure portal you can add the Citrix to the menu and go from there.

image

image

You can only manage from here and not add any this, so go to the Azure Marketplace (click NEW or  +)  do a Citrix search.

image

Select the Citrix XenApp Essentials

image

Do Create. and pick a name for the resource and use or create a resource group.

image

Give it a name and create or use an existing Resource Group.

image

As things are default you can change it and read the Text. Default it creates 25 users  Cost Estimate : $456.25 per month

Well for my demo I don’t need 25 users In need just 1.

image

Oh the minimum usage is 25 Ok then I need 25 users.

Pricing

$12.00 per user per month for XenApp Essentials Service, including Citrix NetScaler Gateway Service for secure access and 1 GB data transfer per user per month.

Users added today will be charged at the a prorated rate of $11.60 for the remainder of the current month. This amount will be charged immediately.

$6.25 per user per month for Microsoft Remote Access fee to use XenApp Essentials Service without purchasing a separate RDS CAL for this workload. Contact your Microsoft representative to bring your own RDS CAL.

Users added today will be charged at the a prorated rate of $6.04 for the remainder of the current month. This amount will be charged immediately.

You can purchase additional 25 GB Data Transfer Add-on. The cost is $12.00 per add-on per month

When you add users and data transfer add-on to the service, the new charges apply immediately. You can change the number of users and data transfer add-on each month. Your subscription renews automatically at the end of each month unless canceled.

image

Well the deployment took 6 seconds. that is the Place holder and not the VM’s self An order may take up to 4 hours to provision your service.

image

Shown from the Azure Portal

image

Visit Citrix Cloud to simplify the provisioning, on-going management and monitoring of Windows apps hosted on Azure. Here in the Azure portal, purchase additional seats and data transfer add-ons on-demand to meet the needs of a dynamic workforce.

Manage through Citrix Cloud

An order may take up to 4 hours to provision your service, and you will receive an email from the Citrix Cloud when your service is ready. If you do not receive an email within this time, please contact Citrix Support

Log into the XA Essentials Portal https://essentials.apps.cloud.com/

image

If you need more users you can add them in Azure.

Log into the XA Essentials Portal https://essentials.apps.cloud.com/

imageimage

image

An order may take up to 4 hours to provision your service, and you will receive an email from the Citrix Cloud when your service is ready. If you do not receive an email within this time, please contact Citrix Support

In almost 4 hours I got the email  image

image

Your Citrix product has been shipped via electronic delivery on April 01, 2017, to the email specified on your
purchase order.
Your Citrix order is completely fulfilled. All items on your purchase order have been shipped to the requested
address.

image 

Depending on your other Citrix product you choose the Xenapp Service.

image

There are 3 steps needed Linking the Subscription and upload a master Image and last create your catalog.

 

image image

The Microsoft login dialog box us prompting for credentials . You mus use an account that has admin privileges to your Azure Subscription.

Remember : If your user account is not working. the Account MUST be an Azure AD Account.

image

image

Next step is creating the XA Essentials Catalog. In these steps the Image will be mounted ,AD connections ,Network,Applications.

A important step with full of options. To setup XA Essentials you need:

  • Azure Subscription
  • Resource Group’s for Cloud connector,Images,etc but you can also use just one Resource Group
  • Domain Controller with Active Directory Domain Services and DNS
  • Virtual Network configured for domain usage
  • A Subnet with free IP addresses

Click Create Catalog.

image    image

Select the Network and the Resource group

image 

As I need some extra resources for creating Image I’ll use Extra Storage accounts

Image Requirements

Use the following requirements to create a custom image:

  • Create the image by using Azure Resource Manager.
  • Configure the image to use standard (not premium) storage.
  • Select Windows Server 2012 R2 or later.
  • Install and configure your apps
  • Install the Server OS VDA. You can download the VDA by using the Downloads link on the navigation bar.
  • Shut down the virtual machine and note the VHD location. Do not Sysprep the image.

And DON’T use Managed Storage accounts for a Custom Image in Xenapp Essentials Can’t use this in the Citrix Images #Fail.

and a good thing there is a brake on my Azure credits. Not for the blog. Seems Citrix is charging upfront. another Failure #Fail but this is only on my MSDN subscription. at this point I can’t finish my blog post #GRRRRR

image

So but the nice thing are picking my machine type like an G5 just for fun or needed.

image

Using a default VM as a D2 and for a default of 25 users. Think again and see your Perf resources right now. the cost will be at least the double for 25 users.

image

image

Scale settings For my Current Costumers we had a custom script in place for Automatic Scaling of Remote Desktop Session Hosts in Azure Virtual Machines

https://gallery.technet.microsoft.com/scriptcenter/Automatic-Scaling-of-9b4f5e76/view/Discussions

but in Citrix it is all there Currently it is maximized to 200 users but If I build more collections I can scale up even in the test environment

yes there are flaws in it but it is a replacement for ARA. second building this could take up some time but as you already paid for a month that renewing every month! 

the pricing is as described on the citrix site

xa-essentials-faq

Requires 25 user minimum. Includes NetScaler Gateway Service with 1 GB Data transfer per user per month.  Additional NetScaler Gateway Service 25 GB Data transfer Add-on available for $12 per pack per month
Available from Azure Marketplace when purchasing XenApp Essentials. Please consult your Microsoft representative to bring your own RDS CAL.

 

So there are now a couple options build a RDS farm in Azure good for large Company’s  or who are in need of more flexibility or using Citrix XenApp essentials and will microsoft come with an replacement for Azure remote App, when checking my blog post I see a huge hit on Azure RDS. the Citrix solution isn’t that cheap and has a minimum of 25 users. but building it you self it could be done on 1 server but the price will be more than $486 but who wants to run >2 users on a D2. when using SaaS applications or other Webbase stuff the 3 Gb memory and 14% or more CPU usage is not uncommon

image

Cheap No use full yes and an Azure Remote App Replacement yes Perfect absolutely NOT

In my next post I will do a dive deep into some configuration issues. see this like Azure RDS vs CXE.

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl

Bing Me : http://tinyurl.com/j6ny39w

LMGTFY : http://lmgtfy.com/?q=robert+smit+mvp+blog

Posted April 4, 2017 by Robert Smit [MVP] in Windows Server 2016, Xenapp Essentials

Tagged with

Connect System Center Configuration Manager to OMS sync device collection data #MSOMS #sysctr #Azure #ARM   Leave a comment

When using System Center Configuration Manager current branch Build 1610, you can extend it to OMS and you don’t need the OMS portal or the Classic portal. All from the Azure Resource Manager portal.

When opening the SCCM Manager it maybe that the OMS Connector option is not available, This connector is currently in preview and therefore you need to enable this option by hand. All the SCCM servers need to have a OMS Agent (at least the service connection point site system role Server)

image image

In the Option can be enabled in Consent to Use Pre-Release Features.

Navigate to the Administration workspace in your Config Manager console, expand Site Configuration and select Sites.

Click on the Hierarchy Settings tab at the top of your screen.

select the General tab, and read the disclaimer under the Consent to use Pre-Release features.

After that You need to enable the feature in update and servicing. Right Click and turn it on.

image

Close and open the Management console and the option is there.

image

But before we can use this we need to configure the Web Api in Azure Resource Manager.

Logon to the Azure Portal and go the the Azure Active Directory and check the App registrations and ADD a new APP
image

Create a New APP Pick a name and Sign-on URL  as we are not using the url it does not Mather what name it is.

image

When created we can change some properties like a Custom Logo

image

Placing a custom logo is not needed but it looks nice when you search the app Winking smile

image

Next Step is creating a KEY for the APP SCCM is using this key to connect to OMS.

image image

Just choose a Name and a valid certificate expire date and a value and check save else the key is not saved.

Now to give the application the proper permissions in OMS we need to give the APP rights on the Resource Group where OMS based.

imageimage

Go to the OMS resource group and pick Access Control IAM and add a new USER.

Select the Contributor Role and add this to the Just create application.

image

Now the Azure part is ready the next step is Creating the Connector in SCCM.

image

In the Cloud Services open the OMS connection Click on “Create connection to Operations Management Suite”

image

Now you’ll need to enter the details of your Azure AD tenant (The name) and the Client ID and Key from the Azure AD Application created previously then click Verify to ensure the details are correct and finally click Next.

The Tenant is your Tenant azure Account.

the Application ID is the Client ID

and the Client Secret is the Key that you created.

image 

If you are using the Classic portal you should use the Client ID

imageimage

With this we are almost ready just pick the groups that you want to populated in the OMS site.

imageimageimage

Selecting the Groups and you are ready. In the OMS site you can see the SCCM option connected.

image

It could take some time to connect to all the groups. and only Groups with an agent are connected to azure so empty groups will not be used or seen in OMS. the connector runs every 6 hours so just wait.

Type=ComputerGroup (GroupSource=”SCCM”) | measure count() by Group

Type=ComputerGroup GroupSource=SCCM

image

As I just set this up I did not have any results. and this is also the option for a Part 2 SCCM with OMS. But with the results you can create a custom dashboard to show the status.

image

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl

Bing Me : http://tinyurl.com/j6ny39w

LMGTFY : http://lmgtfy.com/?q=robert+smit+mvp+blog

Posted March 27, 2017 by Robert Smit [MVP] in OMS

Tagged with

  • Twitter

  • %d bloggers like this: