Archive for the ‘Azure’ Tag

How to change Azure Public IP SKU upgrade Basic to Standard #Azure #IP #SKU #Blog   Leave a comment

Azure public IP addresses now support the ability to be upgraded from Basic to Standard SKU.  Additionally, any Basic Public Load Balancer can now be upgraded to a Standard Public Load Balancer, while retaining the same public IP address.  So what could be the reason to change the SKU.

First the Difference and the price between Standard and basic

Standard

Standard SKU public IP addresses:

  • Always use static allocation method.
  • Have an adjustable inbound originated flow idle timeout of 4-30 minutes, with a default of 4 minutes, and fixed outbound originated flow idle timeout of 4 minutes.
  • Secure by default and closed to inbound traffic. Allow list inbound traffic with a network security group.
  • Assigned to network interfaces, standard public load balancers, or Application Gateways. For more information about Standard load balancer, see Azure Standard Load Balancer.
  • Can be zone-redundant (advertized from all 3 zones) or zonal (can be created zonal and guaranteed in a specific availability zone). To learn more about availability zones, see Availability zones overview and Standard Load Balancer and Availability Zones. Zone redundant IPs can only be created in regions where 3 availability zones are live. IPs created before zones are live will not be zone redundant.
  • Can be used as anycast frontend IPs for cross-region load balancers (preview functionality).

Cost of single IP Sample

How to change Azure Public IP SKU upgrade Basic to Standard #Azure #IP #SKU #Blog

Basic

All public IP addresses created before the introduction of SKUs are Basic SKU public IP addresses.

With the introduction of SKUs, specify which SKU you would like the public IP address to be.

Basic SKU addresses:

  • Assigned with the static or dynamic allocation method.
  • Have an adjustable inbound originated flow idle timeout of 4-30 minutes, with a default of 4 minutes, and fixed outbound originated flow idle timeout of 4 minutes.
  • Are open by default. Network security groups are recommended but optional for restricting inbound or outbound traffic.
  • Assigned to any Azure resource that can be assigned a public IP address, such as:
    • Network interfaces
    • VPN Gateways
    • Application Gateways
    • Public load balancers
  • Don’t support Availability Zone scenarios. Use Standard SKU public IP for Availability Zone scenarios. To learn more about availability zones, see Availability zones overview and Standard Load Balancer and Availability Zones.

Cost of single IP Sample

How to change Azure Public IP SKU upgrade Basic to Standard #Azure #IP #SKU #Blog

With this Standard seems to have more and better options but is 1 euro more expensive So you could think Always use standard But A public IP address is assigned to the VPN Gateway to enable communication with the remote network. You can only assign a dynamic basic public IP address to a VPN gateway.

So it really depends on what you want to use, suppose you start with basic and need standard you can change this now with PowerShell or cli but not in the GUI

Limitations

  • In order to upgrade a Basic Public IP, it cannot be associated with any Azure resource. Please review this page for more information on how to disassociate public IPs. Similarly, in order to migrate a Reserved IP, it cannot be associated with any Cloud Service. Please review this page for more information on how to disassociate reserved IPs.
  • Public IPs upgraded from Basic to Standard SKU will continue to have no availability zones and therefore cannot be associated with an Azure resource that is either zone-redundant or zonal. Note this only applies to regions that offer availability zones.
  • You cannot downgrade from Standard to Basic.

How to change Azure Public IP SKU upgrade Basic to Standard #Azure #IP #SKU #Blog

In my fresh created IP called demo We change this to a standard IP address

Using the portal to run some powershell commands.

## Variables for the command ##
$rg =”rg-demo-weu-01”
$name = “demo”
$newsku = ‘Standard’
$pubIP = Get-AzPublicIpAddress -name $name -ResourceGroupName $rg

basic resource group and IP address name

How to change Azure Public IP SKU upgrade Basic to Standard #Azure #IP #SKU #Blog

 

## This section is only needed if the Basic IP is not already set to Static ##
$pubIP.PublicIpAllocationMethod = ‘Static’
Set-AzPublicIpAddress -PublicIpAddress $pubIP

image

 

## This section is for conversion to Standard ##
$pubIP.Sku.Name = $newsku
Set-AzPublicIpAddress -PublicIpAddress $pubIP

 

How to change Azure Public IP SKU upgrade Basic to Standard #Azure #IP #SKU #Blog

Fixed IP address SKU changed from Basic to Standard.  Remember there is no option to undo this.

 

Now testing with an used IP and connected to an VM. ( this VM is currently deallocated) as these changes can only be done offline.

How to change Azure Public IP SKU upgrade Basic to Standard #Azure #IP #SKU #Blog

With this the resource changed from basic to Standard.

How to change Azure Public IP SKU upgrade Basic to Standard #Azure #IP #SKU #Blog

 

Try to undo this then the following message is there

Set-AzPublicIpAddress -PublicIpAddress $pubIP

Set-AzPublicIpAddress: Sku property is set at creation time and cannot be changed from Standard to Basic on resource update for resource

 

Changing the SKU is a nice option, that way you can keep the IP and lift the needed options with zero downtime.

 

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

Posted January 15, 2021 by Robert Smit [MVP] in Azure

Tagged with

Azure Migration Services – Easy Cloud Migration Services #Azure #Cloud #ASR #Migrate #azops #VMware #Database   2 comments

This blog post is a bit long sorry for this tons of screen shots to give you more detail. This is all based on Hyper-v but the same steps are there for Vmware! I could have create two blog post one based on the Assessment and one on the Replication. but now you have all the details together.

Azure Migrate is there for sometime this tool makes your life easier when you want to migrate to Azure. This can migrate Vmware or Hyper-v to Azure. The process is similar as the Azure Site Recovery Process but this is only for Disaster. In the old days it is used also for migration but the Azure Migrate is much more flexible. placing VM’s on the existing network or on a different one.  New functions are released every month . https://docs.microsoft.com/en-us/azure/migrate/whats-new

For this Blog I used a Hyper-v Server and some VM’s that are migrated to an existing network in Azure. I also used 2 methods one with the Azure Migrate: Server Assessment and Azure Migrate: Server Migration  the big difference is with the Azure Migrate: Server Migration there is just a cut over no upfront assessment it creates a replica and place this in Azure.

In most of the initial migrations Customers want lift and shift. This is a method if you want to move quickly to Azure. better is to do a Server Assessment before the migration or rebuild the server on a new OS if needed.

Step 1 is in the Azure portal type Azure Migrate and check the assess and migrate.

image

I create a new Project for this and create a new resource group. and I choose also the geo location.

image

Based on hyper-V we download the Exported VM from the Azure portal and import this VM into the Hyper-v server.

image

select the right platform. The migration process for VMware is similar than the Hyper-V VM once the VM is connected to the portal.

imageimage

We select the Hyper-v VM   in the preparation we choose to download the 9GB Migration Appliance.

image

image

When doing this on a Migration Server directly you get a warning that IE is not supported anymore.  I used Edge chromium instead. As the connections with IE failed, So a better Browser is needed.  Get Edge https://www.microsoft.com/en-us/edge?form=MA13DE&OCID=MA13DE

Importing the VM with the Hyper-v Wizard is an easy and quick step use the Hyper-v manager to import the VM

image

Then start the VM and the EULA is displaying and it is also the start of the migration Wizard.

image

Remember to use a different browser than IE. Currently IE is in the Migration server.  Get Edge https://www.microsoft.com/en-us/edge?form=MA13DE&OCID=MA13DE

image

We start the Migration Configuration Wizard – Remember not use IE

image

image

With the basic configuration steps we start connecting the Migration server to the Hyper-v server.

image

In this connection wizard we select the just created Migration project in the Azure portal. ( if you have multiple the select the right one as this is been connected to this hyper-v server)

image

If you have trouble to register the server Check your DNS / user account / Browser / WMI ( in a standalone site could this be an issue)

image

These credentials will connect to my Server. not the VM’s

image

You can use FQDN or the IP to connect to the Hyper-V server.

image

I changed the DNS to get some common errors.

image

Setting the DNS correctly These are common errors and often seen in standalone configurations.

image

This can take some time as mentioned below.

image

After the registration we can follow the steps in the Azure Portal.

image

We let this run for some time and come back later… and we move to the Database migration.

We do a different step. As the migrate tool is not showing you all the pieces

Setting up the Database Migrate. is in the same steps. but in the Azure migration blade some screens are only found in the resource groups.

Setup the Database migration project.

image

In this I choose the Preview option things may change when it is GA. But lets see how it works.

image

When this is done, I noticed that the download is not always starting https://www.microsoft.com/en-us/download/details.aspx?id=53595

image

image

When the project is created you can see the Database overview but see the real config you need to go to the resource group.

image

The fun part here is I created first the screenshots and add later the text but doing this I had a hard time on finding the configured items as not all components are in the migration blade. So back to the resource group there I find the hints.

image

The Azure Database Migration Service can be opened from the resource group as shown above.

The Discovery

When the discovery is done, then we can start with the fun part.

image

Here my 33 VM’s are scanned and all without an Agent.

image

Now that the Hyper-v Host is completely scanned we can start with the assessment of the VM’s

image

First we create some profiles on region and size that the VM’s will get.

image

This can be changed if needed

image

We create some Scan profiles and target location, I used the Dv4 machine types with no temp disks.

image

These machines are indexed and now I pick 2 for an assessment. and place them into a group

image

When this is ready we can see the scan results. estimated price details and the VM SKU choice

image

For best result you can install an agent to get more in-depth information

image

When the machine is not connected to an OMS workspace (Azure log analytics ) not all the info can be displayed as the service dependency’s

image

Add the VM to a new Workspace or to an Excising one Configure the right steps. I add a new Workspace for the Migration as this data can be removed after the migration SO I don’t want it in my current workspace.

image

Once the Agent is reporting to the workspace and you run a new assessment a Service map can be displayed.

imageimage

Nice dashboard on the Cost and migration status, after this it is easy to migrate to Azure or you may need to do some extra work to migrate this server to Azure.

Azure Replication Migration

When Looking in the portal We can also create a Different Migration direct replication the lift and shift method. This uses the ASR tooling but with a difference here you can choose on what network the VM must land.

image

Installing the ASR agent on the Hyper-v Server.

image

image

Don’t forget to Finalize your registration ! this can be done after the Agent installation

image

Installing the ASR agent

imageimageimageimage

Now that the Agent is installed we need to register this to Azure. Make sure You have downloaded the Credential file

image

Load the Cred file into the Agent and finishes the installation

imageimage

Now we can start the Replication of the VM’s

image

important here to finish de registration I was forgotten this so the replication did not work.

image

imageimage

I choose a demo VM that Can be migrated to Azure.

The Migration

imageimage

Pick hyper-v or Vmware depending what you using.

imageimage

I pick a VM

image

Selecting the resource group and Network where the VM lands. This is great now you can place the VM direct in the right spot.

imageimage

My VM name is “windows” we these names are not allowed in Azure and are protected names. therefor I need to rename the VM

imageimage

The replication is started and we do a Test migration.

imageimageimageimage

image

There are no issues SO we start the test migration from the Azure blade.

image

image

imageimage

Now that the failover is successful we do the cutover and run the VM in Azure. Similar as in ASR but there is no replication back.

image

In the Azure portal we can see the machine is running, login into the machine and check everything runs smoothly.

image

The VM is migrated Lift and shift. and placed on a selected network.

image

The replication is set to normalimage

image

Now that the VM is migrated and running we can remove this from the Hyper-v server. as the machine is not deleted on-premises.

Download this e-book to learn about Azure Migrate, Microsoft’s central hub of tools for cloud migration. In this e-book, we’ll cover:

  • What is Azure Migrate
  • How Azure Migrate can help your migration journey
  • Running a datacenter discovery and assessment
  • Migrating your infrastructure, applications, and data
  • Additional learning resources

Download

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

Posted September 21, 2020 by Robert Smit [MVP] in Azure

Tagged with ,

Starting with FIDO2 security keys With Azure Active Directory #Trustkey #pointblank #fido #Azure #Security #AAD   3 comments

Received a great FIDO2 Test kit from the vendor PointBlank Security / TrustKey Solutions https://www.trustkeysolutions.com/  https://www.pointblank.de/en/

As FIDO2 is the new hot item in the security world, let see if it is that easy to implement and to use. I’m not going into the depth specs of the keys but more as a user view. easy to use and setup is this key to use by anyone.

for all the Azure AD login this is usable when the Microsoft authentication challenge is the say for Windows virtual desktop (WVD) you can use this.

https://www.pointblank.de/en/ https://www.trustkeysolutions.com

I have a USB key and a USB-C type key.

FIDO2image

I use my Computer with the normal USB for this so the Trustkey G310 model

FIDO2

Setting the Key en use it is simple I configured the Azure Active directory did some easy settings add the Key to my profile and ready.

First we Enable FIDO2 security key in the Azure AD this is been configured from the Azure Portal.

Azure Active directory <> Security

FIDO2 

Next we go to authentication methods.

image

Here we can change the authentication type for all users of for a select of users.

image

When this is done you can set the fido option in your profile. If this is your own account then in the top of the azure portal you can go directly to your user account . or go to https://myaccount.microsoft.com/

 image

Go to Security info

image

Here you can do add a method

image

Adding the Security key or if you want to used the phone the method is similar.

imageimage

Now that we have chosen the FIDO2 Security Key we can configure this with a PIN.

imageimageimage

Choose a proper Pin and use the Key. Now everything is set and ready to use.

Whenever you are challenged to login with the Microsoft Azure AD account you can make the choice on using the USB key. You can also make this dedicated

So for samples we go to  Browse to https://myprofile.microsoft.com use an in private session or different browser to make sure you test this right.

image

image

select sign in with a security key

FIDO2image

When entering the PIN and touching the USB you will be granted to login when it was successful you will see the page else it will prompt you again.

image 

All this is perfect usable to login into your WVD portal

https://rdweb.wvd.microsoft.com/webclient/index.html

image FIDO2

 

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

Posted August 18, 2020 by Robert Smit [MVP] in Azure

Tagged with ,

Proud and honored to announce that, I have been reawarded (12th time) as Microsoft Most Valuable Professional (MVP) in the Microsoft Azure Category #MVPBuzz #Azure #Microsoft   2 comments

As Yesterday was the renewal day 1st of July and waiting for THE email and waiting and the MVP website was slow and down all the MVP’s are checking the status. As I did not see any email till 18:00 thought well I need to go and do some stuff Lets see this tomorrow.

and there it is at 18:10 the email with the proof. Got my 12th MVP Award.

I Would thank the Community as I could not do this without you, this get me the inspiration on the blog Items and during the events with the AMA sessions.

image

For me, being awarded as a Microsoft MVP is a great honor. This award is a marvelous acknowledgment for all my activities.

I started as a MVP for “Clustering” in 2009 which then a small team of 4 MVP’s  It was a very exiting time to be part of that group among great personalities! Today, I’m doing mostly projects around Microsoft Azure and Windows Modern Workplace, so I’m really proud and happy that my community contributions ended up in a renewal for Azure.

 

Congrats to all new and renewed MVP colleagues!  #MVPBuzz @MVPAward

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

Posted July 2, 2020 by Robert Smit [MVP] in MVP Award

Tagged with ,

Step by Step Azure NAT Gateway – Static Outbound Public IP address #ANG #NAT #WVD #Azure #Security #Cloud #MVPBuzz #AzOps #ITPRO #VirtualNetworks #PowerShell   Leave a comment

There a several ways on using an external IP in Azure, What method to use is up to you. Remember there is no good or wrong but only different opinions or insights on how to use it.

Public IP addresses allow Internet resources to communicate inbound to Azure resources. Public IP addresses also enable Azure resources to communicate outbound to Internet and public-facing Azure services with an IP address assigned to the resource. The address is dedicated to the resource, until it is unassigned by you. If a public IP address is not assigned to a resource, the resource can still communicate outbound to the Internet, but Azure dynamically assigns an available IP address that is not dedicated to the resource.

Some of the resources you can associate a public IP address resource with are:

  • Virtual machine network interfaces
  • Internet-facing load balancers
  • VPN gateways
  • Application gateways
  • Azure Firewall
  • NAT Gateway

Matching SKUs must be used for load balancer and public IP resources. You can’t have a mixture of basic SKU resources and standard SKU resources. You can’t attach standalone virtual machines, virtual machines in an availability set resource, or a virtual machine scale set resources to both SKUs simultaneously.

Virtual Network NAT (network address translation) simplifies outbound-only Internet connectivity for virtual networks. When configured on a subnet, all outbound connectivity uses your specified static public IP addresses. Outbound connectivity is possible without load balancer or public IP addresses directly attached to virtual machines. NAT is fully managed and highly resilient.

image

So this is only for the Outbound connection. why not use the Resource group IP this is also “static” ? using this IP means that al VM’s must be in the same resource group and when the resource group changed the IP is also changing.

image

NAT is compatible with standard SKU public IP address resources or public IP prefix resources or a combination of both. You can use a public IP prefix directly or distribute the public IP addresses of the prefix across multiple NAT gateway resources. NAT will groom all traffic to the range of IP addresses of the prefix. Any IP whitelisting of your deployments is now easy.

So How to implement this. a step by step guide. GUI and powershell Looking at my demo setup, There are 2 vm’s both in a different Resource group.

Setting up the NAT gateway is done by 3 tabs to fill in the name and what vnet to use

https://robertsmit.wordpress.com/

We add a new NAT gateway.

image

We create a new resource group and choose NAT gateway name.

The Timeout we leave this on 4 min for now.

image

We configure an external IP and with a standard SKU. Basic is not supported.

image

the next step is choose the External outbound IP pool minimal is 2 and max is 256. this is not needed but only if you want to have a pool of External IP’s else it just go the one external ip

image

you can select max 2 prefixes

image

Configure which subnets of a virtual network should use this NAT gateway. Subnets with Basic load balancers or virtual machines that are using a Basic public IP are not compatible and cannot be used.
Note: While you do not have to complete this step to create a NAT gateway, the NAT gateway will not be functional until you have added at least one subnet. You can also add and reconfigure which subnets are included after creating the NAT gateway.

image

in the last step we tag the NAT gateway to a subnet. When checking the VM’s on this subnet for the outbound IP ( remember the VM does not need a public IP on the network card)

image

Here I have 2 VM’s getting both an IP from the prefix

imageimage

If there is only a small prefix then both machines will get the same external outbound IP

imageimage

With this time flow it recycles the External IP, depending on the scope and usage.

image

So in just a few steps you can use a useful gateway for all your outbound traffic.

Building this in Powershell is also easy. I use a semi automatic script as I want to choose my network. but you can change this to a fixed network if you want.

remember this will need the az.network latest module. in the old modules there is no get-AzNatGateway command. without this the posh is not working.

First we have some parameters

# Set the variables for the NAT Gateway.
$rg = ‘rg-rsm-natgw001’
$Location = ‘Westeurope’
$sku = ‘Standard’
$PublicIpname = ‘pup-rsm-natgw001’
$Publicprefixname = ‘pxp-rsm-natgw001’
$NatGatewayname=’gwn-rsm-natgateway001′

#create Rsource group
New-AzResourceGroup -Name $rg -Location $Location 

image

First we make some external IP and or a range.

#create Standard SKUP public IP
$publicIP = New-AzPublicIpAddress -Name $PublicIpname -ResourceGroupName $rg -AllocationMethod Static -Location $Location -Sku $sku
$publicIP | Select-Object Name, ResourceGroupName, IpAddress, IdleTimeoutInMinutes, ProvisioningState

https://robertsmit.wordpress.com

With the Zone attribute you can create zone redundancy, but this is not needed for this resource.

#create  IP prefix ( how many IP’s are needed)
$publicIPPrefix = New-AzPublicIpPrefix -Name $Publicprefixname -ResourceGroupName $rg -Location $Location -PrefixLength 29

$publicIPPrefix | Select-Object Name, IPPrefix, PrefixLength, ProvisioningState

image

You can skip this if you want only one external IP.

Next is creating the gateway.


#Create NAT gateway
$natGateway = New-AzNatGateway -Name $NatGatewayname -ResourceGroupName $rg -PublicIpAddress $publicIP -PublicIpPrefix $publicIPPrefix -Location $Location -Sku $sku -IdleTimeoutInMinutes 4
$natGateway  | Select-Object Name, ResourceGroupName, IdleTimeoutInMinutes , SKuText | Format-table -autosize –wrap

image

Now that the Gateway is created we can add a subnet to this. I used a point an click so that I can choose the network and subnet. but you can also use a variable to do this.

$virtualNetwork = Get-AzVirtualNetwork | Out-GridView -PassThru -Title "Pick the vnet that will be used for the NAT gateway"

https://robertsmit.wordpress.com

$NATSubnet = Get-AzVirtualNetworkSubnetConfig -VirtualNetwork $virtualNetwork | Out-GridView -PassThru -Title "Pick the Subnet that will be used for the NAT gateway"

image

$NATSubnet.NatGateway = $natGateway
$virtualNetwork | Set-AzVirtualNetwork

The network is chosen and the subnet is selected.

In the Azure portal you can see the result.

https://robertsmit.wordpress.com

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

 

Posted June 2, 2020 by Robert Smit [MVP] in Azure

Tagged with , ,

  • Twitter

  • RSS Azure and Microsoft Windows Server Blog

  • %d bloggers like this: