cloudopszone.com https://cloudopszone.com Cloud Operators Zone Sat, 24 Oct 2020 11:38:35 +0000 en-US hourly 1 https://cloudopszone.com/wp-content/uploads/2018/09/cropped-Cloudopszone-32x32.png cloudopszone.com https://cloudopszone.com 32 32 178448807 Azure Logic Apps: Start & Deallocate Azure VM during Off-hours https://cloudopszone.com/azure-logic-apps-start-deallocate-azure-vm-during-off-hours/ Mon, 19 Oct 2020 13:32:32 +0000 https://cloudopszone.com/?p=4072 Reading Time: 3 minutes In this post, I will present an Azure Logic App solution to Start and Deallocate an Azure VM. Prerequisites A valid Azure subscription Azure Compute APIs Configure build-in roles to the Azure VM Enable the Logic Apps System assigned managed identity* * The image above shows how you can enable the managed identity on the […]

The post Azure Logic Apps: Start & Deallocate Azure VM during Off-hours appeared first on cloudopszone.com.

]]>
Reading Time: 3 minutes

In this post, I will present an Azure Logic App solution to Start and Deallocate an Azure VM.

Prerequisites

  • A valid Azure subscription
  • Azure Compute APIs
  • Configure build-in roles to the Azure VM
  • Enable the Logic Apps System assigned managed identity*

* The image above shows how you can enable the managed identity on the logic app.

The solution

The solution includes two logic apps, one to starting the Azure VM and another to deallocate it.

Let us see now how you can deploy this solution by following the steps below.

Start-on an Azure VM

Step 1. Add a Recurrence trigger

At first step add a Recurrence trigger to start the VM every day at 9:00 in the morning.

Step 2. Add an HTTP POST action

Next, you add an HTTP POST action using the Azure REST API. This URI would be triggered, by the Logic App and the VM will start on.

Tip: To complete the URI POST request you need to know three values : subscriptionId, resourceGroupName, vmName

https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/virtualMachines/{vmName}/start?api-version=2020-06-01

After you complete the HTTP POST URI, with the correct value parameters, change the Authentication type to Managed Identity and then save the Logic App.

The Result (Start On  Azure VM)

The image below shows the final flow with the two steps (Recurrence trigger and HTTP action).

 

Deallocate an Azure VM

Step 1. Add a Recurrence trigger

At first step add a Recurrence trigger to start the VM every day at 17:00 in the evening.

Step 2. Add an HTTP POST action

Next, you add an HTTP POST action using the Azure REST API. This URI would be triggered, by the Logic App and the VM will start on.

Tip: To complete the URI POST request you need to know three values : subscriptionId, resourceGroupName, vmName

https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/virtualMachines/{vmName}/deallocate?api-version=2020-06-01

After you complete the HTTP POST URI, with the correct value parameters, change the Authentication type to Managed Identity and then save the Logic App.

The Result (Deallocate Azure VM)

The image below shows the final flow with the two steps (Recurrence trigger and HTTP action).

The post Azure Logic Apps: Start & Deallocate Azure VM during Off-hours appeared first on cloudopszone.com.

]]>
4072
AIP (Azure Information Protection) : Troubleshooting Known Error Messages https://cloudopszone.com/aip-azure-information-protection-troubleshooting-known-error-messages/ Sun, 27 Sep 2020 11:00:19 +0000 https://cloudopszone.com/?p=4049 Reading Time: 2 minutes In this post, I would like to show how you can troubleshoot AIP (Azure Information Protection) known error messages.   The Problem Sometimes while configuring the AIP you may encounter several of issues, two of the most well know are : Error Message 01 Error Message 02   Important: This post is about  Azure Information […]

The post AIP (Azure Information Protection) : Troubleshooting Known Error Messages appeared first on cloudopszone.com.

]]>
Reading Time: 2 minutes

In this post, I would like to show how you can troubleshoot AIP (Azure Information Protection) known error messages.

 

The Problem

Sometimes while configuring the AIP you may encounter several of issues, two of the most well know are :

Error Message 01 Error Message 02

 

Important: This post is about  Azure Information Protection unified labelling client (AzInfoProtection_UL) and not the  Azure Information Protection client (classic) which be deprecated as of 31/03/2021.

 

Let’s start troubleshooting

Below you can see a few solutions that you need to try in order to fix the problem.

Solution 01: Uninstall and reinstall the AIP client

To completely remove the Azure Information Protection client you need to follow the steps below:

Step 1. Sign out of all office Apps

Step 2. Open the Apps & features and select to Uninstall the Azure Information Protection Client

Step 3. Backup Windows Registry and then delete the key {HKEY_CURRENT_USER\Software\Microsoft\MSIP}

Step 4. Delete the folder C:\Users\{my user name}\AppData\Local\Microsoft\MSIP

Step 5. Remove Windows credentials from windows credential manager.

Step 6. Restart computer

Step 7. Download and Install the Azure Information Protection client. You can do it by following the User Guide.

 

Solution 02 : Check for any security group configured to AIP policy

If the first solution didn’t work for your issue, then you can try the second. In this case, you need to check if there is any security group configured to AIP policy, and this could be the reason that you are not able to apply labels to emails and documents.

You can find the security group by running the following PowerShell commands.

# Install aipservice  module

Install-Module -name aipservice

# Connect to AIP service

connect-aipservice

# Get AIP Service Status

Get-aipservice

# Check the AIP Policy and Identify the security group

get-Aipserviceonboardingcontrolpolicy

get-msolgroup -objectid {id}

 

Solution 03 : The last solution most times solve the problem.

By following the steps bellow you will remove your credentials from the Windows Credential Manager and reset your MS365 Apps activation state.

Step 1. Sign out of all MS Office Apps

Step 2. Remove Windows credentials from windows credential manager.

Step 3. Execute the commands below in an elevated Windows Command Prompt.

Microsoft Windows [Version 10.0.19041.508]
(c) 2020 Microsoft Corporation. All rights reserved.C:\Users\<my username>cd C:\Program Files\Microsoft Office\Office16C:\Program Files\Microsoft Office\Office16>cscript ospp.vbs /dstatusMicrosoft (R) Windows Script Host Version 5.812
Copyright (C) Microsoft Corporation. All rights reserved.—Processing————————–
—————————————
PRODUCT ID: #####-#####-######-#####
SKU ID: ########-####-####-####-############
—–C:\Program Files\Microsoft Office\Office16>cscript ospp.vbs /unpkey:#####

 

 

Step 4. Sign-in to MS365 Applications

 

See Also

The post AIP (Azure Information Protection) : Troubleshooting Known Error Messages appeared first on cloudopszone.com.

]]>
4049
Azure Automation: Scale-Down VM Size https://cloudopszone.com/azure-automation-scale-down-vm-size/ Mon, 14 Sep 2020 14:22:22 +0000 https://cloudopszone.com/?p=3969 Reading Time: 5 minutes The Azure cloud offers a lot of services to make our daily work easier. In this post, we will read about an ordinary reflection for IT/DevOps departments, and to build our solution we use Logic Apps and Automation Account services. Case The main case is to automatically scale-down the VM size in a case an […]

The post Azure Automation: Scale-Down VM Size appeared first on cloudopszone.com.

]]>
Reading Time: 5 minutes

The Azure cloud offers a lot of services to make our daily work easier. In this post, we will read about an ordinary reflection for IT/DevOps departments, and to build our solution we use Logic Apps and Automation Account services.

Case

The main case is to automatically scale-down the VM size in a case an employee deployed a costly VM instance.

Prerequisites

  • A valid Azure Subscription
  • Register at the subscription the Resource Provider “Microsoft.EventGrid”

The Deployments

For the demo purposes, we will deploy Azure Logic Apps and an Azure Automation Account.

To begin with, from the left-hand sidebar, click All Services, type Automation in the search box and select Automation Accounts.

Select +Add or Create automation account, to begin

On the Add Automation Account form, type a unique Name for the automation account, select a valid subscription and a Resource group, the location should be the same where the resource group created and then click Create.

Create the Run book

The Automation account has been created, and the next step is to create the Runbook. To do this from the left-hand side bar we select Process AutomationRunbooks+ Create a runbook.

param
(
    [Parameter(Mandatory = $true)]
    [string]$ResourceGroupName
)
$connectionName = “AzureRunAsConnection”
try
{
    # Get the connection “AzureRunAsConnection “
    $servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
    “Logging in to Azure…”
   Connect-AzAccount `
        -ServicePrincipal `
        -TenantId $servicePrincipalConnection.TenantId `
        -ApplicationId $servicePrincipalConnection.ApplicationId `
        -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
catch {
    if (!$servicePrincipalConnection)
    {
        $ErrorMessage = “Connection $connectionName not found.”
        throw $ErrorMessage
    } else{
        Write-Error -Message $_.Exception
        throw $_.Exception
    }
}
# Get Virtual Machine Name and Size To Proceed With The Checks
#$ResourceGroupName = “AzureAutomationRG”
$VMName = (Get-AzVM -ResourceGroupName $ResourceGroupName).Name
$VMSize = (Get-AzVM -ResourceGroupName $ResourceGroupName).HardwareProfile
# If the size of the VM is not Standard_F4s,then resize the size to Standard_F4s.
if ($VMSize -eq “Standard_F4s”){
write-host “VM is allready a Standard_F4s”}
else {
$vm = Get-AzVM -ResourceGroupName $ResourceGroupName -VMName $VMName
$vm.HardwareProfile.VmSize = “Standard_F4s”
Update-AzVM -VM $vm -ResourceGroupName $ResourceGroupName
write-host The Virtual Machine $vm has been resized to “Standard_F4s”
}

 

Create A Blank Logic App

From the left-hand main blade select Create a resource, search for Logic App and then click Create.

Next, type the useful information (Subscription, Resource Group, Logic App name, Location) about the Logic App and then type Review + Create

After the Logic App deployment finish, we start to build the flow on the Logic App designer.

Add the Event Grid Trigger

To begin with, select to create a Blank Logic App.

In the search box type “Event Grid” and select the trigger “When a resource event occurs” to start the logic app flow building.

First, we signed in the trigger with Azure credentials, and provide all the necessary fields as the image below shows.

At the next actions, we will initialize four different variables (Subject, Virtual Machine Name, Resource Group, Resource).

Repeat the step above also for the other three variables.

After we added actions to initialize the variables we add a Parse JSON action

{
    “items”: {
        “properties”: {
            “data”: {
                “properties”: {
                    “authorization”: {
                        “properties”: {
                            “action”: {
                                “type”: “string”
                            },
                            “evidence”: {
                                “properties”: {
                                    “role”: {
                                        “type”: “string”
                                    }
                                },
                                “type”: “object”
                            },
                            “scope”: {
                                “type”: “string”
                            }
                        },
                        “type”: “object”
                    },
                    “claims”: {
                        “properties”: {
                            “aio”: {
                                “type”: “string”
                            },
                            “appid”: {
                                “type”: “string”
                            },
                            “appidacr”: {
                                “type”: “string”
                            },
                            “aud”: {
                                “type”: “string”
                            },
                            “exp”: {
                                “type”: “string”
                            },
                            “groups”: {
                                “type”: “string”
                            },
                            “http://schemas.microsoft.com/claims/authnclassreference”: {
                                “type”: “string”
                            },
                            “http://schemas.microsoft.com/claims/authnmethodsreferences”: {
                                “type”: “string”
                            },
                            “http://schemas.microsoft.com/identity/claims/objectidentifier”: {
                                “type”: “string”
                            },
                            “http://schemas.microsoft.com/identity/claims/scope”: {
                                “type”: “string”
                            },
                            “http://schemas.microsoft.com/identity/claims/tenantid”: {
                                “type”: “string”
                            },
                            “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname”: {
                                “type”: “string”
                            },
                            “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name”: {
                                “type”: “string”
                            },
                            “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier”: {
                                “type”: “string”
                            },
                            “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname”: {
                                “type”: “string”
                            },
                            “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn”: {
                                “type”: “string”
                            },
                            “iat”: {
                                “type”: “string”
                            },
                            “ipaddr”: {
                                “type”: “string”
                            },
                            “iss”: {
                                “type”: “string”
                            },
                            “name”: {
                                “type”: “string”
                            },
                            “nbf”: {
                                “type”: “string”
                            },
                            “puid”: {
                                “type”: “string”
                            },
                            “rh”: {
                                “type”: “string”
                            },
                            “uti”: {
                                “type”: “string”
                            },
                            “ver”: {
                                “type”: “string”
                            },
                            “wids”: {
                                “type”: “string”
                            }
                        },
                        “type”: “object”
                    },
                    “correlationId”: {
                        “type”: “string”
                    },
                    “operationName”: {
                        “type”: “string”
                    },
                    “resourceProvider”: {
                        “type”: “string”
                    },
                    “resourceUri”: {
                        “type”: “string”
                    },
                    “status”: {
                        “type”: “string”
                    },
                    “subscriptionId”: {
                        “type”: “string”
                    },
                    “tenantId”: {
                        “type”: “string”
                    }
                },
                “type”: “object”
            },
            “dataVersion”: {
                “type”: “string”
            },
            “eventTime”: {
                “type”: “string”
            },
            “eventType”: {
                “type”: “string”
            },
            “id”: {
                “type”: “string”
            },
            “metadataVersion”: {
                “type”: “string”
            },
            “subject”: {
                “type”: “string”
            },
            “topic”: {
                “type”: “string”
            }
        },
        “required”: [
            “subject”,
            “eventType”,
            “id”,
            “data”,
            “dataVersion”,
            “metadataVersion”,
            “eventTime”,
            “topic”
        ],
        “type”: “object”
    },
    “type”: “array”
}

Add a For each Action with variables

The next action in the flow is to add a “For each” action and within it to add the next actions. Specifically the first action we add into the “For each” is the “Set variable” action

 

Add a Compose Action

Add a compose action to separate the string to separate values.

Subject Variable Value: /subscriptions/a3c3e263-f1bc-42ad-ae5b-8860641336c8/resourceGroups/DemoScaleDownVmRG/providers/Microsoft.Compute/virtualMachines/demovm

To achieve this, we need to write a simple expression using the split function, as the image below shows.

split(variables(‘Subject’),’/’)

The result after the Logic App run would be the below

[
  “”,
  “subscriptions”,
  “a3c3e263-f1bc-42ad-ae5b-8860641336c8”,
  “resourceGroups”,
  “DemoScaleDownVmRG”,
  “providers”,
  “Microsoft.Compute”,
  “virtualMachines”,
  “demovm”
]

Now that successful split into several parts can proceed with the rest variables.

For the “Resource” variable we type the expression,

outputs(‘Compose_Variable_Subject’)[7]

to get the “Virtual Machine Name” type the expression,

outputs(‘Compose_Variable_Subject’)[8]

and final, the last variable “Resource Group” type,

outputs(‘Compose_Variable_Subject’)[4]

Add A Switch Action

From the action list select to add a Switch

Add an Automation Account Create job action

Last but not least step we add the automation account “Create job” action, this would execute the job with the PowerShell script we created in the Automation Account step.

In the end, the deployment should be like the one in the image below.

 

Test the Logic App Workflow

The video file below shows how the workflow works. We have deployed a new Azure VM with “Standard_D16as_v4” size, and after the workflow successful run the size of the virtual machines changed to “Standard_F4s”.

 

See Also

The post Azure Automation: Scale-Down VM Size appeared first on cloudopszone.com.

]]>
3969
Intro to Azure Security Center https://cloudopszone.com/intro-to-azure-security-center/ Sun, 30 Aug 2020 12:03:13 +0000 https://cloudopszone.com/?p=3937 Reading Time: 2 minutes This post is the first part of a of series about Azure Security Center Introduction In this post series, we will talk about one of the most important services on Azure, the Azure Security Center. Throughout this post, we will read what Azure Security Center is, what are the licensing tiers, how we can enable […]

The post Intro to Azure Security Center appeared first on cloudopszone.com.

]]>
Reading Time: 2 minutes

This post is the first part of a of series about Azure Security Center

Introduction

In this post series, we will talk about one of the most important services on Azure, the Azure Security Center. Throughout this post, we will read what Azure Security Center is, what are the licensing tiers, how we can enable and use the security functionalities that it offers.

Azure Security Center is a unified monitor security management platform across our cloud, on-premises and hybrid workloads. We can achieve this security for our workloads by using security policies, advanced analytics reports, security alerts, threat prevention, JIT access, etc.

Licensing Tiers

Azure Security Center has two tier offerings:

  • Free: The Free tier is by default enable to all Azure Subscriptions and it provides security assessment, policy and recommendations.
  • Standard: The Standard tier provides more security functionalities, like regulatory compliance, Just in time VM access, threat protection for PaaS and IaaS, adaptive application controls.

In the table below we can see what  Standard tier provides in contrast to Free.

Functionality Free Standard
Continuous assessment and security recommendations Yes Yes
Azure Secure Score Yes Yes
Adaptive application Controls and network hardening No Yes
Threat protection for supported PaaS services No Yes
Regulatory compliance dashboard and reports No Yes
Threat protection for Azure VMs and non-Azure  servers (including Server EDR) No Yes
Just in time  VM Access No Yes
Microsoft Defender ATP for Servers No Yes

Licensing Costs

Resource Type Standard Tier
Virtual Machine Server/hour
App Services App Service/hour
SQL Database Server/hour
Storage €0.018/Server/hour
IoT Devices – by device €0.0009/month
IoT Devices – by messages €0.169/25K transactions
Azure Kubernetes Services vCore/hour
Azure Container Registry Per image
Key Vaults 10K transactions

For more details please check this document.

Supported environments

Azure Security Center supports the following Cloud and Hybrid environments:

  • Only Azure
  • Azure and on-premises
  • Azure and other clouds
  • Azure, other clouds, and on-premises

Azure Security Center Modules Overview

POLICY & COMPLIANCE

RESOURCE SECURITY HYGIENE

ADVANCED CLOUD DEFENSE

 

The post Intro to Azure Security Center appeared first on cloudopszone.com.

]]>
3937
Azure Compute: Start, Stop , And Restart Multiple VMs https://cloudopszone.com/azure-compute-start-stop-restart-delete-multiple-vms/ Tue, 28 Jul 2020 13:25:39 +0000 https://cloudopszone.com/?p=3920 Reading Time: < 1 minute There are many times where we need to massively do operations on Azure VM’s, in this post we would talk how we can Start, Stop, and Restart VM’s via Azure Portal or Azure PowerShell.   Start, Stop VM’s via Azure Portal Start, Stop VM’s via Azure Cloud Shell Please check below the Azure PowerShell scripts […]

The post Azure Compute: Start, Stop , And Restart Multiple VMs appeared first on cloudopszone.com.

]]>
Reading Time: < 1 minute

There are many times where we need to massively do operations on Azure VM’s, in this post we would talk how we can Start, Stop, and Restart VM’s via Azure Portal or Azure PowerShell.

 

Start, Stop VM’s via Azure Portal

Start, Stop VM’s via Azure Cloud Shell

Please check below the Azure PowerShell scripts to Start, Stop, and Restart massive Virtual Machines.

#Start Azure VMs

$ResourceGroupName = “MyVMRG”

Get-AzVM -ResourceGroupName $ResourceGroupName | Select Name | ForEach-Object {

Start-AzVM -ResourceGroupName $ResourceGroupName -Name $_.Name

}


#Stop Azure VMs

Get-AzVM -ResourceGroupName $ResourceGroupName | Select Name | ForEach-Object {

Stop-AzVM -ResourceGroupName $ResourceGroupName -Name $_.Name

}


#Restart Azure VMs

Get-AzVM -ResourceGroupName $ResourceGroupName | Select Name | ForEach-Object {

Restart-AzVM -ResourceGroupName $ResourceGroupName -Name $_.Name

}

 

Useful Links

The post Azure Compute: Start, Stop , And Restart Multiple VMs appeared first on cloudopszone.com.

]]>
3920
Azure Service Bus Explorer On Azure Portal (Preview) https://cloudopszone.com/azure-service-bus-explorer-on-azure-portal-preview/ Fri, 26 Jun 2020 19:59:57 +0000 https://cloudopszone.com/?p=3879 Reading Time: 3 minutes Since I started using Azure Service Bus service, I used Azure Service Bus Explorer mostly for testing purposes and troubleshooting, and always I had on my mind the idea Microsoft to integrate that tool on the Azure Portal. And finally, when I first heard at the MVP Virtual Summit that this tool would be available […]

The post Azure Service Bus Explorer On Azure Portal (Preview) appeared first on cloudopszone.com.

]]>
Reading Time: 3 minutes

Since I started using Azure Service Bus service, I used Azure Service Bus Explorer mostly for testing purposes and troubleshooting, and always I had on my mind the idea Microsoft to integrate that tool on the Azure Portal. And finally, when I first heard at the MVP Virtual Summit that this tool would be available via the Azure Portal, I was very happy.

In this post today I will try to talk about this new feature which at the time I wrote this post is on Preview and not GA.

What the Service Bus Explorer supports

  • Topics
    • ‘Send’ to a topic.
  • Subscriptions
    • ‘Peek’ from a subscription on a topic. You can peek up to 32 messages at a time.
    • ‘Receive’ from a subscription. This is a destructive receive (just like in queues).
    • ‘Peek’ from the DeadLetter subscription. You can also peek messages from the deadletter sub-entity of the subscription.
    • ‘Receive’ from the DeadLetter subscription. You can also receive messages from the deadletter sub-entity of the subscription.
  • Queues
    • ‘Send’ to a queue
    • ‘Receive’ from a queue. This is a destructive receive.
    • ‘Peek’ from a queue. Up to 32 messages can be peeked at a time.
    • ‘Receive’ from DeadLetterQueue. You can also receive from the deadletter sub-queue of the queue.
    • ‘Peek’ from the DeadLetterQueue. You can also peek from the deadletter sub-queue of the queue.

How it work

For this demo purposes, I have already deployed a service bus with a queue (Queue_01).

The first thing that you need to know is that Service Bus Explorer (preview) is not accessible on the Service Bus main settings but from the queue or topic settings.

Example 01: Send a test message

As first example you will see how you can send Json message to the service bus queue.

Select Content Type (Application/Json), type your message in Json format and then click Send.

 

Example 02: Receive the test message

At the second example we read how to receive the test message, it’s quite simple because you just need to select between “queue” or “DeadLetter” and click Receive.

Now in case, we want to read the message received, we can click the received message and on the right form, the message appears.

Example 03: Peek the test message

If you want to peek the message, then you just click the peek, and you can read the message from a form on the right, as the image below shows.

 

Useful Links

The post Azure Service Bus Explorer On Azure Portal (Preview) appeared first on cloudopszone.com.

]]>
3879
Azure Automation: Update Azure PowerShell Modules https://cloudopszone.com/azure-automation-update-azure-powershell-modules/ Sat, 06 Jun 2020 15:11:41 +0000 https://cloudopszone.com/?p=3864 Reading Time: 3 minutes The Problem When we try to update Automation Account Azure Modules we are getting the message that the update feature has been deprecated. The Solution We can update the Automation Account Azure Modules by following the next steps. Step 1. Download AzureAutomation-Account-Modules-Update First, we must download the Azure Automation Account Modules Update from GitHub  . Step 2. Create […]

The post Azure Automation: Update Azure PowerShell Modules appeared first on cloudopszone.com.

]]>
Reading Time: 3 minutes

The Problem

When we try to update Automation Account Azure Modules we are getting the message that the update feature has been deprecated.

The Solution

We can update the Automation Account Azure Modules by following the next steps.

Step 1. Download AzureAutomation-Account-Modules-Update

First, we must download the Azure Automation Account Modules Update from GitHub  .

Step 2. Create Automation Account And Import Runbook

Next, we have to create a new automation account and import the runbook [Update-AutomationAzureModulesForAccount.ps1].

Step 3. Publish the Runbook

On the 3rd step, we Publish the Runbook.

Click Yes on the informational message.

Step 4. Start the Runbook

Select Start  to open the Parameters form,

fill in the RESOURCEGROUPNAME and AUTOMATIONACCOUNTNAME parameters and click OK to begin.

The Result

The script has successfully executed as we can see below the output results.

Logging in to Azure (AzureCloud)...
Environments                                                                                                           
------------                                                                                                           
{[AzureChinaCloud, AzureChinaCloud], [AzureCloud, AzureCloud], [AzureGermanCloud, AzureGermanCloud], [AzureUSGovernme...
Importing Array of modules : AzureRM.Profile
Module : AzureRM.Profile is already present with version 5.8.3. Skipping Import
Checking import Status for module : AzureRM.Profile
Successfully imported module : AzureRM.Profile
Importing Array of modules : Azure.Storage AzureRM.Automation AzureRM.Compute AzureRM.Profile AzureRM.Resources AzureRM.Sql
Module : Azure.Storage is already present with version 4.6.1. Skipping Import
Module : AzureRM.Automation is already present with version 6.1.1. Skipping Import
Module : AzureRM.Compute is already present with version 5.9.1. Skipping Import
Module : AzureRM.Profile is already present with version 5.8.3. Skipping Import
Module : AzureRM.Resources is already present with version 6.7.3. Skipping Import
Module : AzureRM.Sql is already present with version 4.12.1. Skipping Import
Checking import Status for module : Azure.Storage
Successfully imported module : Azure.Storage
Checking import Status for module : AzureRM.Automation
Successfully imported module : AzureRM.Automation
Checking import Status for module : AzureRM.Compute
Successfully imported module : AzureRM.Compute
Checking import Status for module : AzureRM.Profile
Successfully imported module : AzureRM.Profile
Checking import Status for module : AzureRM.Resources
Successfully imported module : AzureRM.Resources
Checking import Status for module : AzureRM.Sql
Successfully imported module : AzureRM.Sql
Importing Array of modules : Azure AzureRM.Storage
Module : Azure is already present with version 5.3.0. Skipping Import
Module : AzureRM.Storage is already present with version 5.2.0. Skipping Import
Checking import Status for module : Azure
Successfully imported module : Azure
Checking import Status for module : AzureRM.Storage
Successfully imported module : AzureRM.Storage

The post Azure Automation: Update Azure PowerShell Modules appeared first on cloudopszone.com.

]]>
3864
Delete Vault Error Message: Vault cannot be deleted as there existing resources within the vault https://cloudopszone.com/delete-vault-error-message-vault-cannot-be-deleted-as-there-existing-resources-within-the-vault/ Sun, 24 May 2020 15:14:05 +0000 https://cloudopszone.com/?p=3834 Reading Time: 2 minutes Introduction In this article, you will read how you can deal with one of the Azure Recovery Service error messages. Problem: When you trying to delete an Azure Recovery Vault instance perhaps you will see the following error message. Solution First, you need to disable soft delete To do this you must follow the steps […]

The post Delete Vault Error Message: Vault cannot be deleted as there existing resources within the vault appeared first on cloudopszone.com.

]]>
Reading Time: 2 minutes

Introduction

In this article, you will read how you can deal with one of the Azure Recovery Service error messages.

Problem:

When you trying to delete an Azure Recovery Vault instance perhaps you will see the following error message.

Solution

First, you need to disable soft delete

To do this you must follow the steps below:

Open the Azure portal, go to your recovery vault, and then go to Settings -> Properties.

In the properties pane, select Security Settings -> Update.

Finally in the security settings pane, under Soft Delete, select Disable.

The next you need to do is to Undelete all restore points for the backup item e.g a Virtual Machine.

In the Azure Portal, go to Protected items -> Backup items, and from the top pane select Delete backup data.

The backup will stop and start to delete the backup data.

Lastly, you select to delete the Recovery Services vault

And a few minutes later the Recovery Services vault was deleted.

Useful Links

 

The post Delete Vault Error Message: Vault cannot be deleted as there existing resources within the vault appeared first on cloudopszone.com.

]]>
3834
Azure: Talk about Private Links https://cloudopszone.com/azure-talk-about-private-links/ Fri, 01 May 2020 09:27:16 +0000 https://cloudopszone.com/?p=3752 Reading Time: 4 minutes In this post, we will see a new Azure service called Azure Private Link this service, comes to be added to all the others offered by Microsoft to us to have a secure endpoint. Before Azure Private Link service appears in the Azure Portal there was another one called Azure Private Endpoint service and below […]

The post Azure: Talk about Private Links appeared first on cloudopszone.com.

]]>
Reading Time: 4 minutes

In this post, we will see a new Azure service called Azure Private Link this service, comes to be added to all the others offered by Microsoft to us to have a secure endpoint. Before Azure Private Link service appears in the Azure Portal there was another one called Azure Private Endpoint service and below we will also read about the differences between them and which of them feets better to our scenarios.

Private Link Key Benefits

Azure Private Link service offers some beneficial features, these are:

  • Secure access to Azure PaaS services via a Private IP
  • Access Azure PaaS services from on-premises over VPN, Express Route, and peered VNet’s using private endpoints.
  • Ability to communicate private services between different regions.
  • Enable Azure Private Link service for custom services, by placing this service behind an Azure Load Balancer.
  • Data are protected from leakage risks because the private endpoint is mapped to a specific resource (e.g. Azure storage blob but not a table, files, and queue) keeping all the other resources blocked.

The availability

The table below informs us about the supported services, the availability per region, and the status of the service.

Scenario Supported services Available regions Status
Private Link for customer-owned services Private Link service behind standard Azure Load Balancer All public regions GA
Private Link for Azure PaaS services Azure Storage, Azure Data Lake Storage Gen2, Azure SQL Database, Azure Synapse Analytics, Azure Cosmos DB, Azure Database for PostgreSQL(Single Server), Azure Database for MySQL, Azure Database for MariaDB, Azure Key Vault, Azure Kubernetes All public regions GA
Azure Container Registry, Azure App Configuration, Azure Event Hub, Azure Service Bus, Azure Relay All public regions GA
Azure Search, Azure Backup, Azure Event Grid, Azure Web Apps, Azure Machine Learning East US, West US 2, South Central US Preview

 

Azure Private Link vs Azure Service Endpoint

At the table below we can read what are the differences between Azure Private Link vs Azure Service Endpoint services.

Azure Private Link Azure Service Endpoint
Access to the Azure PaaS service over private IP Access to the Azure PaaS service over public IP
On-premises traffic can be achieved via VPN tunnel or Express route On-premises traffic restriction is not easily
Data exfiltration protection is built-in Data exfiltration protection is available via firewall
VNet to PaaS resource available via MS backbone VNet to PaaS resource available via MS backbone
There is no need to configure NSG Need to configure NSG

Let’s Create an Azure Private Link

The steps below explain how we can create an Azure Private Link service and how we can test to check if it works.

Step 1. Search & Create the Private Link service

In the Azure portal search bar at the top, type “Private Link“, and then select the Create button.

Select Start [Build a private connection to a service].

Step 2. Configuration of the service

01 – Tab [Basics]

At the [Basics] tab, we select a valid Azure Subscription, create or select an existing Resource group, type a valid Name for the service, select a Region and click the button Next: Resource >

02 -Tab [Resource]

At the second tab [Resource] we have to select the Resource type e.g storage Account and then we must define the Resource and the sub-resource where the private endpoint will allow access. When we complete the selections we can proceed with the wizard by selecting Next: Configuration >

03 – Tab [Configuration]

The next tab [Configuration] is about the Network configuration, at this step, we must select the Virtual network and the subnet where the endpoint will be deployed.

At this point, it would help a lot to say that it is recommended to integrate the private endpoint with a private DNS zone, in a case we have a custom DNS server then we need to add this record to the Windows VM host file.

05 – Tab [Review + create]

And at the final tab [Review + create] we just check if the validation of the deployment is passed and then click the button Create.

Step 3. Test the Private Link

On the private endpoint Overview page, we can see the FQDN for the private link with the private IP

Let’s make a quick test using the nslookup command to confirm that the private links address is this private IP.

From the VM we execute the nslookup command, and from the output, we can understand that the private link storageazprivatelink.blob.core.windows.net DNS name is registered with the private IP 10.0.2.5.

 

Something to keep in mind

Moving storage resource containing private endpoints is not supported.

See Also

General Information

How To

The post Azure: Talk about Private Links appeared first on cloudopszone.com.

]]>
3752
Global Azure Virtual 2020 Greece – Intro to Azure Service Bus https://cloudopszone.com/global-azure-virtual-2020-greece-intro-to-azure-service-bus/ Sun, 26 Apr 2020 11:52:46 +0000 https://cloudopszone.com/?p=3743 Reading Time: < 1 minute Thank you all who attended my presentation at the virtual Global Azure Greek 2020 event. Please check my video presentation on the virtual Global Azure Greek 2020 event.   My presentation about Azure Service Bus at Global Azure Greece on April 25, 2020

The post Global Azure Virtual 2020 Greece – Intro to Azure Service Bus appeared first on cloudopszone.com.

]]>
Reading Time: < 1 minute

Thank you all who attended my presentation at the virtual Global Azure Greek 2020 event.

Please check my video presentation on the virtual Global Azure Greek 2020 event.

 

My presentation about Azure Service Bus at Global Azure Greece on April 25, 2020

The post Global Azure Virtual 2020 Greece – Intro to Azure Service Bus appeared first on cloudopszone.com.

]]>
3743