Azure Networks Configuring Address Spaces, Subnets and Configuring Azure VM's with Azure Networks

Azure Networks are Network Services that can be designed and configured to support complex network infrastructure, supporting both on-premise and cloud based workloads. I have found certain Azure Virtual Network configurations easier to do from the Azure Portal, which is still in Beta/Preview mode. You can use it to configure your subscription http://portal.azure.com

Designing Azure Networks is must like designing and provisioning traditional networks, at a high level the following steps are required to define Azure Networks;

·       Create Virtual Network (which is a Network Service)

·       Assign Address Space and Subnets to Virtual Network

·       Configure Additional Subnets for the Virtual Network

All the traditional principals of TCP/IP address design are the same when designing Azure Virtual Networks. An Address Space, is usually defined as an RFC 1918 CIDR block which are

·       10.0.0.0/8

·       172.16.0.0/12

·       192.168.0.0/16

You can then define Subnets within that Address Space to separate network traffics, like you would in a traditional network. An example of how I have configured this Azure Virtual Network is

·       192.168.1.0/24 (Servers)

·       192.168.2.0/24 (DMZ)

·       192.168.3.0/24 (On-Prem)

The Subnet Mask (written in CIDR notation above) can be altered to make your Subnets bigger, or smaller. You should design out your networks on paper if you are going to change the Subnet Masks, and move to a class-less network design. This is to ensure your logical network stay contiguous.

From the Azure Portal, click New, then Networking, then Virtual Network. You must populate the Name field with something unique. Click Address Space, and then input your Address Space from the Address Space column. At this point in the Azure Virtual Network creation you only create a single subnet, in my example below I have called the Subnet "Servers" and it uses the subnet 192.168.1.0/24. Click OK to create the Virtual Network.

Return to the Azure Portal Home screen, and the newly created Azure Virtual Network will appears as a tile object, click on the tile mine is called "vNetwork-Test".

To add additional subnets to the Azure Virtual Network click Subnets.

Click Add Subnet button.

Populate the Name field, this a unique and descriptive name for the Subnet. Also set the Address Space to the Address Space you want this subnet to reside in, this example Azure Virtual Network only has one. Also enter a CIDR Block, I used 192.168.1.0/24 for my Servers subnet so 192.168.2.0/24 is the next available logical piece of network space. It would be my recommendation to design these so that overlaps and class-less networking is avoided if possible.

You can then add any of the subnets you require for your Azure subscription.

The next part is creating a new Azure Virtual Machine, and adding it to the correct Virtual Network and Subnet. This is something I believe you cannot do from the current Management Portal (please correct if you can). From the Azure Portal, click New, Compute and then select the Operating System, name the VM, and give it a username and password. Click on Optional Configuration.

From Optional Configuration click Network, then select your Azure Virtual Network, the Subnet you want the VM to be in and click OK. It's worth mentioning that once a VM has been configured inside a Virtual Network it cannot be move to another network, the only way to do it is to delete the Azure VM and retain the disks. You can then create a new VM from the old disks and connect it to a different network, I would imagine this will change at some point as Azure matures.

From the same Network pane you can also configure the VM with a static TCP/IP address within the same logical subnet that you are connecting the VM to.

An Azure Network also has a DNS Server, if you do not configure it to use a DNS Server it will  automatically point to one of the Azure hosted DNS servers. You can of course configure this to be your own DNS server(s) or even a global DNS provider.

Microsoft Azure Uploading and Configuring a Linux VHD, Configure VHD as Azure Disk and Attach to Virtual Machine

If you have existing VM’s you are running on-site, it’s possible to upload them to Azure and configure them as disks or images. Disks can be attached to VM’s which then allow you to effectively migrate your on premise VM’s to the Azure cloud. With Azure Images, you can customize operating systems with your preferred configurations, SysPrep them and then upload to Azure to provision multiple VM’s from.

You should bare the following things in mind when you are uploading existing virtual hard disks to Azure

·       Azure only supported VHD files and not VHDX files (which is likely to change)

·       Azure only supported fixed size VHD files

·       Azure Operating System disks can be a maximum of 127GB’s

·       Azure Data disks can be a maximum of 1TB

To upload VM’s to Azure you must have an Azure Storage account in place to act as a target for the VHD files. You can provision a new Storage Account by clicking New, Data Services, Storage and Quick Create. The URL you choose must be globally unique, also choose a region which is closest to your physical location. There are four options for Replication, I have chosen Geo-Redundant. With Geo-Redundant there is 6 copies of the data maintained, 3 replica’s in your current region and 3 replica’s in another region. Further information on Storage Account options can be found here

https://msdn.microsoft.com/en-us/library/azure/dn727290.aspx?f=255&MSPPError=-2147217396

Once the Storage Account has been created, now you must make an Azure PowerShell connection from your device, use the following commands with your variables to upload an already existing VHD file from the computer you have made the PowerShell connection from. The first three statements are setting variables that are then called by the Add-AzureVHD statement.

$storage = “rbetts92” $storagePath = https://$storage.blob.core.windows.net/uploads/AzureExample.vhd $sourcePath = “C:\Users\R Betts\Desktop\AzureExample.vhd” Add-AzureVHD –Destination $storagePath –LocalFilePath $sourcePath

You get a graphical representation of the VHD being uploaded to Azure, an MD5 hash is generate as a checksum to confirm the VHD is not corrupt when it reaches Azure.

When it completes you will be presented by confirmation screen with a summary of the file upload.

If you return to the Azure Management Portal, and browse to your Storage Account you should see the VHD that has just been uploaded to the Storage Account.

The next step is to change the disk type to an Azure Disk, this is different from an Azure Image, which would have to be SysPrep’d. Use the following PowerShell command to tag/label the uploaded disk as an Azure disk. The first two statements are setting variables.

$diskName = “AzureDisk” $label = “MyAzureDisk” Add-AzureDisk –DiskName $diskName –Label $label –MediaLocation $storagePath –OS Linux

Now you can create a new Azure Virtual Machine from your uploaded image, use the Create New VM wizard, but instead of clicking on a pre-define click My Disks from the list on the left hand side.

Select the new VHD and run through the wizard to provision a machine from an existing hard disk.

As this VM I uploaded is Linux and has the Azure Linux Tools installed, I click on The VM Agent that Supports the Extensions is Already Installed.

Now that the disk is attached to an Azure VM, the next step that is required is to create endpoints to allow remote connections to the machine, for example SSH etc.

Configuring Azure Traffic Manager to Load Balance Azure Websites

An Azure Traffic Manager is a Network Service that can be used to distribute incoming traffic between two "endpoints" within the Azure cloud. This is done to increase performance, improve availability or load balance Azure Websites. It can also be used by Azure VM's....

In the context of Azure Websites (or endpoints) the website instances should be provisioned in two separate regions or locations. If you are trying to load balance between two Azure websites running in the same region you will be stopped when you add the endpoints to the Traffic Manager.

Azure Website instances are only supported if they are on the Standard Web Hosting Plan Mode. This can be done using the Scale tab from the Website pane in the Management Portal.

The first step is to create a Traffic Manager, click on the New button. Then click Network Services, then Traffic Manager, then Quick Create. From here you must give your Traffic Manager a globally unique name and choose a Load Balancing Method. I have chosen Round Robin in this example, the other options are Performance and Failover. Click Create.

Scroll down from the list of Azure services and click on Traffic Manager, you will be presented by the following screen that lets you add endpoints to the Traffic Manager. Click Add Endpoints.

Choose Website from the Service Type, and tick the option to enable the Service Endpoints for the Azure Website instances. You will notice the warning that states you cannot have two website endpoints from the same region configured within the same Traffic Manager. 

By default a Traffic Manager is created with your unique name with the FQDN of trafficmanager.net so for example mine in this example is rbetts-lm.trafficmanager.net.

To have your clients connect to a DNS name from your own domain you can recreate a CNAME record to point to the Traffic Manager, for example;

CNAME weblb > rbetts-lm.trafficmanager.net.

Configuring Secure Socket Layer (SSL) for an Azure Website

When you provision a new Azure Website, you can connect to it via HTTP or HTTP/S, if you choose to connect via HTTP/S from your own domain name you will receive an SSL warning as the Common Name for your website is not in the SSL certificate. This is because the default SSL certificate is a wildcard certificate for the azurewebsites.net domain.

You can of course bind your own globally trusted SSL certificate to an Azure Website, click on you Websites, and then on the website you want to bind a certificate to. Click on the Configure option and scroll down to Certificates. Click Upload a Certificate.

The Certfificate you tryv to upload must be in the PFX format that has the associated Private Key, if you have generated a CSR your computer and then requested the SSL certificate from GoDaddy for example the CSR will hold the Private Key required. If you need guidance on how to convert a GoDaddy (or any other vendor) certificate into a PFX file, you can review this post

http://blog.ryanbetts.co.uk/2015/03/office-365-installing-and-configuring.html

When you upload the certificate you will need the corresponding password.

Scroll down to SSL Bindings, and from the drop down select your domain, please note the domain must match the Common Name configured on the certificate or the domain must be set as a Subject Alternative Name (SAN) within the certificate.

Custom SSL bindings are subject to a price increase. Click Yes.

From a new browser window you should be able to browse to the website and see that it's configured with your SSL certificate. 

Creating and Configuring a Microsoft Azure Website with a Custom Domain

Microsoft Azure offers a full PaaS (Platform as a Service) for web sites and applications. This should not be confused with Virtual Machines hosted in Azure, running the Internet Information Services (IIS) role to host websites. Microsoft Azure Websites are fully managed instances.

To create a new Azure Website instance you can use the Management Portal or PowerShell from the Azure SDK.

When you create an Azure Website you must specify a region where the instance should be provisioned, you must also give it a globally unique name.

This command outputs all the available regions to the subscription.

Get-AzureWebsiteLocation

This command checks the proposed name of your website is globally unique across Azure.

Test-AzureName –Website “Website”

The following Azure PowerShell command will create a web instance, the first two commands are to set variables that are called by the command itself.

$wsLocation = “West Europe” $wsName = “MyNewWebsite01316698339” New-AzureWebsite –Location $wsLocation –Name $wsName

When you return to the Management Portal, and click on Websites you should see the newly created website instance. To configure a Custom Domain you would normally click on Manage Domains, but it maybe greyed out for you like below.

This is because Custom Domains are not supported on the Free Trial website instances, therefore you must change the Web Hosting Plan Mode to either Basic or Standard. You can do this by click on the website, and then clicking on Scale. From here you click on the options under Web Hosting Plan Mode. Remember to Save the configuration using the Save icon.

When you return to the Websites pane, and you highlight the website the Manage Domains button should not be highlighted.

Click Manage Domains, this is where you find out what IPv4 address your new website instance is using in this example its 104.40.210.25, this is required when reconfiguring your public DNS.

You must create a couple of DNS records on your public DNS, the first can be an (A) record which is used to redirect clients connecting to your site to the Azure website, this is like a traditional website DNS name mapped to corresponding hosting IP.

The second is a CNAM record which is used by Azure to verify that you are the rightful owner of the domain you are configuring.

Your external DNS should have records configured like below;

Domain Name (ryanbetts.co.uk fort example) (A) Record > 104.40.210.25 (your Azure public IP)

awverify.domain.co.uk (CNAME) Record > awverify.websiteinstancename.azurewebsites.net

Once the external DNS configurations are in place return to the Manage Custom Domains and enter your domain under Domain Names, this will lookup DNS and verify the CNAME is in place to authenticate you. It will also associate the external domain with the Azure website.

Now if you browse to the website, using the external FQDN and the alias you should see an Azure Web Sites page, as nothing has been uploaded it will show an Error 404 on screen.

Installing Azure SDK and Creating a Session to Microsoft Azure

To configure Microsoft Azure you have two options for most things, the Management Portal and the PowerShell Cmdlets. Obviously as Azure matures the likelesshood is more complex configurations will require PowerShell.

If you are using a Windows laptop to administer Azure you must download and install the Software Development Kit (SDK), in order to make a remote PowerShell connection to your Azure tenancy.

It can be downloed from here http://azure.microsoft.com/en-gb/downloads/

Once the Azure SDK is installed (it's a Next, Next, Finish install), you must launch the Microsoft Azure PowerShell as an Administrator. I have also seen some problems with it that means the PowerShell box needs resized to make the text readable.

From the Azure PowerShell window type Add-AzureAccount and hit Enter.

You will then be prompted to enter the Global Administrator credentials for your Azure tenancy.

Once you have been authenticated and the connection has been made you will be able to use Azure PowerShell Cmdlets to configure items in your tenancy.

Upgrading VMware ESXi 5.5 to ESXi 6

Download and insert the VMware ESXi 6.0 media into the ESXi 5.5 host and boot from the disc drive, you will be presented with the following screen highlight ESXi-6.0.0-2492585-standard Installer and hit Enter.

Hit Enter at the welcome screen.

Hit F11 on the EULA screen to accept the terms.

As ESXi 5.5 was already installed on this host, the setup detected a previous installation. Highlight it and hit Enter.

In this instance, select Upgrade and hit Enter.

Review the confirmation screen and hit F11.

The upgrade process took about 3 minutes installing onto SSD disk.

The upgrade successfully completed for me hit Enter to reboot the host.